Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
Description of changes:
This PR addresses an issue where the guard evaluation engine was not properly handling successful != checks.
This was due to an inconsistency here where we compare sizes of lhs and rhs, and depending on which one is bigger, we use that to construct the diff (filtering for elements that are not in the other). The problem with this is when we checked to negate the clause here it was always constructed using the LHS. To fix this, we need to follow the same logic as in the previous link, except we need to invert the size check for lhs and rhs, and also ensure the operator is an Eq, and then we can construct the diff
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license
Issue #, if available:
478
Description of changes: This PR addresses an issue where the guard evaluation engine was not properly handling successful
!=checks.This was due to an inconsistency here where we compare sizes of lhs and rhs, and depending on which one is bigger, we use that to construct the diff (filtering for elements that are not in the other). The problem with this is when we checked to negate the clause here it was always constructed using the LHS. To fix this, we need to follow the same logic as in the previous link, except we need to invert the size check for lhs and rhs, and also ensure the operator is an Eq, and then we can construct the diff
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license