Open mm-weber opened 3 months ago
Equals
where the assertion failscnquery> aws.cloudtrail.trails[2] {eventSelectors {FieldSelectors{Equals.containsNone("Data")}}}
aws.cloudtrail.trails[2]: {
eventSelectors: [
0: {
FieldSelectors: [
0: {
Equals: [
0: "Data"
]
}
1: {
Equals: [
0: "AWS::S3::Object"
]
}
]
}
1: {
FieldSelectors: [
0: {
Equals: [
0: "Management"
]
}
]
}
]
}
Field
, where you can use ==
comparison:cnquery> aws.cloudtrail.trails[2] {eventSelectors {FieldSelectors{Field == "eventCategory"}}}
aws.cloudtrail.trails[2]: {
eventSelectors: [
0: {
FieldSelectors: [
0: {
Field == "eventCategory": true
}
1: {
Field == "eventCategory": false
}
]
}
1: {
FieldSelectors: [
0: {
Field == "eventCategory": true
}
]
}
]
}
Easier to reproduce with a json file:
{
"eventSelectors": [
{
"FieldSelectors": [
{
"Equals": [
"Data"
]
},
{
"Equals": [
"AWS::S3::Object"
]
}
]
},
{
"FieldSelectors": [
{
"Equals": [
"Management"
]
}
]
}
]
}
parse.json("sample.json").params.eventSelectors { FieldSelectors { Equals } }
parse.json.params.eventSelectors: [
0: {
FieldSelectors: [
0: {
Equals: [
0: "Data"
]
}
1: {
Equals: [
0: "AWS::S3::Object"
]
}
]
}
1: {
FieldSelectors: [
0: {
Equals: [
0: "Management"
]
}
]
}
]
This is a problem with dicts.
Double-checked this too, it looks like this is a problem with both the old and new selectors:
parse.json("t").params["eventSelectors"] { _["FieldSelectors"] }
parse.json.params.eventSelectors: [
0: {
FieldSelectors: [
0: {
Equals: [
0: "Data"
]
}
1: {
Equals: [
0: "AWS::S3::Object"
]
}
]
}
1: {
FieldSelectors: [
0: {
Equals: [
0: "Management"
]
}
]
}
]
Using v8 notation to access fields below a certain level will allow for assertions. Whereas using v9/v10 notation to access fields will not yield results.
It's easy to run this test on a minikube cluster locally:
.in
-function doesn't yield anythingk8s.clusterrolebindings.where(roleRef.name == "cluster-admin") { subjects {name name.in(["system:masters"]) } }
-> Nothing is returned, but the MQL does not fail.
.in
-function)k8s.clusterrolebindings.where(roleRef['name'] == "cluster-admin") {subjects { _['name'] _['name'].in(["system:masters"]) } }
Describe the bug It seems that at a certain level it is not possible to do assertions (
.contains()
,.any()
), whereas==
still works.Example 1: for the field
Type
where you can use the comparision via==
Example 2: of the same field above not executing the assertion
.any
To Reproduce Run the above mentioned commands on a AWS cloudtrail.
Expected behavior Assertions should work, example 2 should return a
true/false
bool.Screenshots or CLI Output If applicable, add screenshots or the CLI output to help explain your problem.
Desktop (please complete the following information):
Additional context Add any other context about the problem here.