Merge pull request #6861 from ZRHann/fix-sourcepolicy-exact-convert

sourcepolicy: fix exact match convert ignoring destination

sourcepolicy/engine_test.go

@@ -14,6 +14,7 @@ func TestEngineEvaluate(t *testing.T) {
 	t.Run("Deny All", testDenyAll)
 	t.Run("Allow Deny", testAllowDeny)
 	t.Run("Convert", testConvert)
+	t.Run("Convert exact", testConvertExact)
 	t.Run("Convert Deny", testConvertDeny)
 	t.Run("Allow Convert Deny", testAllowConvertDeny)
 	t.Run("Test convert loop", testConvertLoop)
@@ -380,6 +381,34 @@ func testConvert(t *testing.T) {
 	}
 }
 
+func testConvertExact(t *testing.T) {
+	src := "docker-image://docker.io/library/busybox:latest"
+	dst := "docker-image://docker.io/library/busybox@sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c"
+	op := &pb.SourceOp{
+		Identifier: src,
+	}
+
+	pol := &spb.Policy{
+		Rules: []*spb.Rule{
+			{
+				Action: spb.PolicyAction_CONVERT,
+				Selector: &spb.Selector{
+					Identifier: src,
+					MatchType:  spb.MatchType_EXACT,
+				},
+				Updates: &spb.Update{
+					Identifier: dst,
+				},
+			},
+		},
+	}
+
+	mutated, err := NewEngine([]*spb.Policy{pol}).Evaluate(t.Context(), op)
+	require.True(t, mutated)
+	require.NoError(t, err)
+	require.Equal(t, dst, op.Identifier)
+}
+
 func testAllowDeny(t *testing.T) {
 	op := &pb.SourceOp{
 		Identifier: "docker-image://docker.io/library/alpine:latest",

sourcepolicy/formatter.go

@@ -39,7 +39,7 @@ func newSelectorCache(sel *spb.Selector) *selectorCache {
 func (s *selectorCache) Format(match, format string) (string, error) {
 	switch s.MatchType {
 	case spb.MatchType_EXACT:
-		return s.Identifier, nil
+		return format, nil
 	case spb.MatchType_REGEX:
 		re, err := s.regex()
 		if err != nil {