stelligent · lhitchon · Jul 15, 2018 · Jul 14, 2018 · Jul 14, 2018 · Jul 15, 2018
diff --git a/assertion/types.go b/assertion/types.go
@@ -28,6 +28,7 @@ type (
 		Message    string
 		Severity   string
 		Resource   string
+		Resources  []string
 		Category   string // default is "resource", can be "data", "provider" for Terraform
 		Conditions []Expression
 		Assertions []Expression

diff --git a/assertion/util.go b/assertion/util.go
@@ -99,6 +99,17 @@ func FilterResourcesByType(resources []Resource, resourceType string, resourceCa
 	return filtered
 }
 
+// FilterResourcesByTypes filters a list of resources that match a slice of resource types
+func FilterResourcesByTypes(resources []Resource, resourceTypes []string, resourceCategory string) []Resource {
+	filtered := make([]Resource, 0)
+	for _, resource := range resources {
+		if SliceContains(resourceTypes, resource.Type) && categoryMatches(resourceCategory, resource.Category) {
+			filtered = append(filtered, resource)
+		}
+	}
+	return filtered
+}
+
 func categoryMatches(c1, c2 string) bool {
 	if c1 == "" || c1 == "*" {
 		return true
@@ -118,3 +129,25 @@ func JSONStringify(data interface{}) (string, error) {
 func currentTime() string {
 	return time.Now().UTC().Format(time.RFC3339)
 }
+
+func SliceContains(list []string, value string) bool {
+	for _, item := range list {
+		if item == value {
+			return true
+		}
+	}
+	return false
+}
+
+// FilterResourcesForRule returns resources applicable to the given rule
+func FilterResourcesForRule(resources []Resource, rule Rule) []Resource {
+	var filteredResources []Resource
+	if rule.Resource != "" {
+		Debugf("filtering rule resources on Resource string")
+		filteredResources = FilterResourcesByType(resources, rule.Resource, rule.Category)
+	} else {
+		Debugf("filtering rule resources on Resources slice")
+		filteredResources = FilterResourcesByTypes(resources, rule.Resources, rule.Category)
+	}
+	return filteredResources
+}
diff --git a/assertion/util_test.go b/assertion/util_test.go
@@ -1,6 +1,7 @@
 package assertion
 
 import (
+	"strings"
 	"testing"
 )
 
@@ -129,3 +130,73 @@ func TestFilterShouldMatchCategoryForResources(t *testing.T) {
 		t.Errorf("FilterResourcesByType expected to match one resource")
 	}
 }
+
+func TestSliceContainsTrue(t *testing.T) {
+	test := []string{"x", "y", "z"}
+	isPresent := SliceContains(test, "x")
+	if isPresent != true {
+		t.Errorf("SliceContains expected to return true when a value is present")
+	}
+}
+
+func TestSliceContainsFalse(t *testing.T) {
+	test := []string{"x", "y", "z"}
+	isPresent := SliceContains(test, "a")
+	if isPresent != false {
+		t.Errorf("SliceContains expected to return false when a value is not present")
+	}
+}
+
+func TestFilterPluralShouldMatchMultipleResources(t *testing.T) {
+	resources := []Resource{
+		Resource{Type: "instance", Category: "resource"},
+		Resource{Type: "bucket", Category: "resource"},
+	}
+	filtered := FilterResourcesByTypes(resources, []string{"instance", "bucket"}, "resource")
+	if len(filtered) != 2 {
+		t.Errorf("FilterResourcesByTypes expected to match multiple types")
+	}
+}
+
+func TestFilterPluralShouldNotHaveUnlistedResources(t *testing.T) {
+	resources := []Resource{
+		Resource{Type: "instance", Category: "resource"},
+		Resource{Type: "bucket", Category: "resource"},
+	}
+	resourceTypes := []string{"instance"}
+	filtered := FilterResourcesByTypes(resources, resourceTypes, "resource")
+	if len(filtered) != 1 {
+		t.Errorf("FilterResourcesByTypes expected to match only %s", strings.Join(resourceTypes, ", "))
+	}
+}
+
+func TestFilterResourcesForRuleSlice(t *testing.T) {
+	resources := []Resource{
+		Resource{Type: "instance", Category: "resource"},
+		Resource{Type: "bucket", Category: "resource"},
+	}
+	rule := Rule{
+		Resources: []string{
+			"instance",
+			"bucket",
+		},
+	}
+	filtered := FilterResourcesForRule(resources, rule)
+	if len(filtered) != 2 {
+		t.Errorf("FilterResourcesForRule expected to return both resource types")
+	}
+}
+
+func TestFilterResourcesForRuleString(t *testing.T) {
+	resources := []Resource{
+		Resource{Type: "instance", Category: "resource"},
+		Resource{Type: "bucket", Category: "resource"},
+	}
+	rule := Rule{
+		Resource: "instance",
+	}
+	filtered := FilterResourcesForRule(resources, rule)
+	if len(filtered) != 1 {
+		t.Errorf("FilterResourcesForRule only expected to return one type")
+	}
+}
diff --git a/linter/resource_linter.go b/linter/resource_linter.go
@@ -23,7 +23,8 @@ func (r ResourceLinter) ValidateResources(resources []assertion.Resource, rules
 
 	for _, rule := range resolvedRules {
 		assertion.Debugf("Rule: ID: %v Message: %s\n", rule.ID, rule.Message)
-		for _, resource := range assertion.FilterResourcesByType(resources, rule.Resource, rule.Category) {
+		filteredResources := assertion.FilterResourcesForRule(resources, rule)
+		for _, resource := range filteredResources {
 			if assertion.ExcludeResource(rule, resource) {
 				assertion.Debugf("Ignoring resource %s\n", resource.ID)
 			} else {