Fall back to generic env for selectors (#5379)

When an entity type does not have a specific CEL environment, fall back to the generic environment. Fix #5375
mindersec · Jan 30, 2025 · fc18f0f · fc18f0f
1 parent 09913c9
commit fc18f0f
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 26 deletions.
diff --git a/internal/controlplane/handlers_profile_test.go b/internal/controlplane/handlers_profile_test.go
@@ -240,30 +240,6 @@ func TestCreateProfile(t *testing.T) {
 			},
 			wantErr: `unsupported entity type: invalid entity type no_such_entity: unsupported entity type`,
 		},
-		{
-			name: "Selector with valid but unsupported entity",
-			profile: &minderv1.CreateProfileRequest{
-				Profile: &minderv1.Profile{
-					Name:      "test_selectors_bad_entity",
-					Alert:     proto.String("off"),
-					Remediate: proto.String("off"),
-					Repository: []*minderv1.Profile_Rule{{
-						Type: "rule_type_1",
-						Def:  &structpb.Struct{},
-					}},
-					Selection: []*minderv1.Profile_Selector{
-						{
-							// this entity is valid in the sense that it converts to an entity type but
-							// the current selelectors implementation does not support it
-							Entity:      "build_environment",
-							Selector:    "repository.name != 'stacklok/demo-repo-go'",
-							Description: "Exclude stacklok/demo-repo-go",
-						},
-					},
-				},
-			},
-			wantErr: `unsupported entity type: no environment for entity ENTITY_BUILD_ENVIRONMENTS: unsupported entity type`,
-		},
 		{
 			name: "Selector does not parse",
 			profile: &minderv1.CreateProfileRequest{

diff --git a/pkg/engine/selectors/selectors.go b/pkg/engine/selectors/selectors.go
@@ -355,11 +355,23 @@ func (e *Env) CheckSelector(sel *minderv1.Profile_Selector) error {
 func (e *Env) envForEntity(entity minderv1.Entity) (*cel.Env, error) {
 	cache, ok := e.entityEnvs[entity]
 	if !ok {
-		return nil, fmt.Errorf("no cache found for entity %v", entity)
+		// if the entity isn't in the env map, we use the generic environment
+		cache, ok = e.entityEnvs[minderv1.Entity_ENTITY_UNSPECIFIED]
+		if !ok {
+			return nil, fmt.Errorf("no cache found for entity %v", entity)
+		}
 	}
 
+	factory, ok := e.factories[entity]
+	if !ok {
+		// if the entity isn't in the factory map, we use the generic environment
+		factory, ok = e.factories[minderv1.Entity_ENTITY_UNSPECIFIED]
+		if !ok {
+			return nil, fmt.Errorf("no factory found for entity %v", entity)
+		}
+	}
 	cache.once.Do(func() {
-		cache.env, cache.err = e.factories[entity]()
+		cache.env, cache.err = factory()
 	})
 
 	return cache.env, cache.err