in pkg/bundle/patch/executor.go [86:217]
func compileSelector(s *bundlev1.PatchSelector, values map[string]interface{}) (selector.Specification, error) {
// Check parameters
if s == nil {
return nil, fmt.Errorf("cannot process nil selector")
}
// Has matchPath selector
if s.MatchPath != nil {
switch {
case s.MatchPath.Strict != "":
// Evaluation with template engine first
value, err := engine.Render(s.MatchPath.Strict, map[string]interface{}{
"Values": values,
})
if err != nil {
return nil, fmt.Errorf("unable to evaluate template before matchPath build: %w", err)
}
// Return specification
return selector.MatchPathStrict(value), nil
case s.MatchPath.Glob != "":
// Evaluation with template engine first
value, err := engine.Render(s.MatchPath.Glob, map[string]interface{}{
"Values": values,
})
if err != nil {
return nil, fmt.Errorf("unable to evaluate template before matchPath build: %w", err)
}
// Return specification
return selector.MatchPathGlob(value)
case s.MatchPath.Regex != "":
// Evaluation with template engine first
value, err := engine.Render(s.MatchPath.Regex, map[string]interface{}{
"Values": values,
})
if err != nil {
return nil, fmt.Errorf("unable to evaluate template before matchPath build: %w", err)
}
// Return specification
return selector.MatchPathRegex(value)
default:
return nil, errors.New("no strict, glob or regexp defined for path matcher")
}
}
// Has jmesPath selector
if s.JmesPath != "" {
// Compile query
exp, err := jmespath.Compile(s.JmesPath)
if err != nil {
return nil, fmt.Errorf("unable to compile jmesPath expression `%s`: %w", s.JmesPath, err)
}
// Return specification
return selector.MatchJMESPath(exp), nil
}
// Has matchSecret selector
if s.MatchSecret != nil {
switch {
case s.MatchSecret.Strict != "":
// Evaluation with template engine first
value, err := engine.Render(s.MatchSecret.Strict, map[string]interface{}{
"Values": values,
})
if err != nil {
return nil, fmt.Errorf("unable to evaluate template before matchSecret build: %w", err)
}
// Return specification
return selector.MatchSecretStrict(value), nil
case s.MatchSecret.Glob != "":
// Evaluation with template engine first
value, err := engine.Render(s.MatchSecret.Glob, map[string]interface{}{
"Values": values,
})
if err != nil {
return nil, fmt.Errorf("unable to evaluate template before matchSecret build: %w", err)
}
// Return specification
return selector.MatchSecretGlob(value), nil
case s.MatchSecret.Regex != "":
// Evaluation with template engine first
value, err := engine.Render(s.MatchSecret.Regex, map[string]interface{}{
"Values": values,
})
if err != nil {
return nil, fmt.Errorf("unable to evaluate template before matchSecret build: %w", err)
}
// Compile regexp
re, err := regexp.Compile(value)
if err != nil {
return nil, fmt.Errorf("unable to compile matchSecret regexp `%s`: %w", s.MatchPath.Regex, err)
}
// Return specification
return selector.MatchSecretRegex(re), nil
default:
return nil, errors.New("no strict, glob or regexp defined for secret matcher")
}
}
if s.RegoFile != "" {
// Read policy file
policyFile, err := os.ReadFile(s.RegoFile)
if err != nil {
return nil, fmt.Errorf("unable to open rego policy file: %w", err)
}
// Build the specification
return selector.MatchRego(context.Background(), string(policyFile))
}
// Has rego policy
if s.Rego != "" {
// Return specification
return selector.MatchRego(context.Background(), s.Rego)
}
// Has CEL expressions
if len(s.Cel) > 0 {
// Return specification
return selector.MatchCEL(s.Cel)
}
// Fallback to default as error
return nil, fmt.Errorf("no supported selector specified")
}