feat(sourceNamespace): Glob Negate Support

Signed-off-by: Arthur <[email protected]>
argoproj · Jul 11, 2024 · 17e087b · 17e087b
1 parent de76937
commit 17e087b
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 5 deletions.
diff --git a/util/glob/glob.go b/util/glob/glob.go
@@ -1,15 +1,26 @@
 package glob
 
 import (
+	"strings"
+
 	"github.com/gobwas/glob"
 	log "github.com/sirupsen/logrus"
 )
 
 func Match(pattern, text string, separators ...rune) bool {
-	compiledGlob, err := glob.Compile(pattern, separators...)
-	if err != nil {
-		log.Warnf("failed to compile pattern %s due to error %v", pattern, err)
-		return false
+	if strings.HasPrefix(pattern, "!") {
+		compiledGlob, err := glob.Compile(pattern[1:], separators...)
+		if err != nil {
+			log.Warnf("failed to compile pattern %s due to error %v", pattern, err)
+			return false
+		}
+		return !compiledGlob.Match(text)
+	} else {
+		compiledGlob, err := glob.Compile(pattern, separators...)
+		if err != nil {
+			log.Warnf("failed to compile pattern %s due to error %v", pattern, err)
+			return false
+		}
+		return compiledGlob.Match(text)
 	}
-	return compiledGlob.Match(text)
 }
diff --git a/util/glob/glob_test.go b/util/glob/glob_test.go
@@ -19,6 +19,7 @@ func Test_Match(t *testing.T) {
 		{"Short glob match", "hello", "h*", true},
 		{"Glob non-match", "hello", "e*", false},
 		{"Invalid pattern", "e[[a*", "e[[a*", false},
+		{"Negate Match", "testing", "!test", true},
 	}
 
 	for _, tt := range tests {

diff --git a/util/security/application_namespaces_test.go b/util/security/application_namespaces_test.go
@@ -49,6 +49,41 @@ func Test_IsNamespaceEnabled(t *testing.T) {
 			[]string{"allowed"},
 			false,
 		},
+		{
+			"namespace is not allowed negate",
+			"disallowed",
+			"argocd",
+			[]string{"!disallowed"},
+			false,
+		},
+		{
+			"namespace is anything but defined namespace",
+			"allowed",
+			"argocd",
+			[]string{"!anythingButThis"},
+			true,
+		},
+		{
+			"namespace is anything but these namespaces",
+			"orThis",
+			"argocd",
+			[]string{"!{anythingButThis,orThis"},
+			false,
+		},
+		{
+			"nothing prefixed with test, but also match test-test",
+			"test-disallowed",
+			"argocd",
+			[]string{"!test-*", "test-test"},
+			false,
+		},
+		{
+			"nothing prefixed with test, but also match test-test",
+			"test-test",
+			"argocd",
+			[]string{"!test-*", "test-test"},
+			true,
+		},
 	}
 
 	for _, tc := range testCases {