From 81e826272cfeda74fab004a98ce4e1b476ecf9a7 Mon Sep 17 00:00:00 2001 From: Guilherme Branco Date: Wed, 25 Sep 2024 07:33:52 -0300 Subject: [PATCH] OCM-11438 | fix: when filters are empty consider true --- pkg/aws/policies.go | 40 +++++++++++++++++++++------------------- pkg/aws/policies_test.go | 7 ++++++- 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/pkg/aws/policies.go b/pkg/aws/policies.go index 8b8cb43b4c..9e8ebf92e8 100644 --- a/pkg/aws/policies.go +++ b/pkg/aws/policies.go @@ -2111,27 +2111,29 @@ func (c *awsClient) listRoleAttachedPolicies(roleName string) ([]iamtypes.Attach } // check whether the policy contains specified tags -func doesPolicyHaveTags(c client.IamApiClient, poilcyArn *string, tagFilter map[string]string) (bool, error) { - if len(tagFilter) != 0 { - tags, err := c.ListPolicyTags(context.Background(), - &iam.ListPolicyTagsInput{ - PolicyArn: poilcyArn, - }, - ) - if err != nil { - return false, err - } - foundTagsCounter := 0 - for _, tag := range tags.Tags { - value, ok := tagFilter[aws.ToString(tag.Key)] - if ok && value == aws.ToString(tag.Value) { - foundTagsCounter++ - } - } - if foundTagsCounter == len(tagFilter) { - return true, nil +func doesPolicyHaveTags(c client.IamApiClient, policyArn *string, tagFilter map[string]string) (bool, error) { + // If there are no filters than the policy always have wanted tags + if len(tagFilter) == 0 { + return true, nil + } + tags, err := c.ListPolicyTags(context.Background(), + &iam.ListPolicyTagsInput{ + PolicyArn: policyArn, + }, + ) + if err != nil { + return false, err + } + foundTagsCounter := 0 + for _, tag := range tags.Tags { + value, ok := tagFilter[aws.ToString(tag.Key)] + if ok && value == aws.ToString(tag.Value) { + foundTagsCounter++ } } + if foundTagsCounter == len(tagFilter) { + return true, nil + } return false, nil } diff --git a/pkg/aws/policies_test.go b/pkg/aws/policies_test.go index b037b9a50c..e853da5b77 100644 --- a/pkg/aws/policies_test.go +++ b/pkg/aws/policies_test.go @@ -692,7 +692,7 @@ var _ = Describe("CheckIfROSAOperatorRole", func() { }) }) -var _ = Describe("isPolicyHasTags", func() { +var _ = Describe("doesPolicyHaveTags", func() { var ( mockIamAPI *mocks.MockIamApiClient mockCtrl *gomock.Controller @@ -807,4 +807,9 @@ var _ = Describe("isPolicyHasTags", func() { Expect(err).ToNot(HaveOccurred()) Expect(result).To(BeFalse()) }) + It("Considers the policy have the tags as the filters are empty", func() { + result, err := doesPolicyHaveTags(mockIamAPI, &testePolicyArn, nil) + Expect(err).ToNot(HaveOccurred()) + Expect(result).To(BeTrue()) + }) })