OCM-11438 | fix: when filters are empty consider true

openshift · Sep 25, 2024 · 81e8262 · 81e8262
1 parent e6d67f8
commit 81e8262
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 20 deletions.
diff --git a/pkg/aws/policies.go b/pkg/aws/policies.go
@@ -2111,27 +2111,29 @@ func (c *awsClient) listRoleAttachedPolicies(roleName string) ([]iamtypes.Attach
 }
 
 // check whether the policy contains specified tags
-func doesPolicyHaveTags(c client.IamApiClient, poilcyArn *string, tagFilter map[string]string) (bool, error) {
-	if len(tagFilter) != 0 {
-		tags, err := c.ListPolicyTags(context.Background(),
-			&iam.ListPolicyTagsInput{
-				PolicyArn: poilcyArn,
-			},
-		)
-		if err != nil {
-			return false, err
-		}
-		foundTagsCounter := 0
-		for _, tag := range tags.Tags {
-			value, ok := tagFilter[aws.ToString(tag.Key)]
-			if ok && value == aws.ToString(tag.Value) {
-				foundTagsCounter++
-			}
-		}
-		if foundTagsCounter == len(tagFilter) {
-			return true, nil
+func doesPolicyHaveTags(c client.IamApiClient, policyArn *string, tagFilter map[string]string) (bool, error) {
+	// If there are no filters than the policy always have wanted tags
+	if len(tagFilter) == 0 {
+		return true, nil
+	}
+	tags, err := c.ListPolicyTags(context.Background(),
+		&iam.ListPolicyTagsInput{
+			PolicyArn: policyArn,
+		},
+	)
+	if err != nil {
+		return false, err
+	}
+	foundTagsCounter := 0
+	for _, tag := range tags.Tags {
+		value, ok := tagFilter[aws.ToString(tag.Key)]
+		if ok && value == aws.ToString(tag.Value) {
+			foundTagsCounter++
 		}
 	}
+	if foundTagsCounter == len(tagFilter) {
+		return true, nil
+	}
 	return false, nil
 }
 

diff --git a/pkg/aws/policies_test.go b/pkg/aws/policies_test.go
@@ -692,7 +692,7 @@ var _ = Describe("CheckIfROSAOperatorRole", func() {
 	})
 })
 
-var _ = Describe("isPolicyHasTags", func() {
+var _ = Describe("doesPolicyHaveTags", func() {
 	var (
 		mockIamAPI *mocks.MockIamApiClient
 		mockCtrl   *gomock.Controller
@@ -807,4 +807,9 @@ var _ = Describe("isPolicyHasTags", func() {
 		Expect(err).ToNot(HaveOccurred())
 		Expect(result).To(BeFalse())
 	})
+	It("Considers the policy have the tags as the filters are empty", func() {
+		result, err := doesPolicyHaveTags(mockIamAPI, &testePolicyArn, nil)
+		Expect(err).ToNot(HaveOccurred())
+		Expect(result).To(BeTrue())
+	})
 })