patilpankaj212 · patilpankaj212 · May 21, 2021 · May 21, 2021 · May 21, 2021 · May 21, 2021
diff --git a/pkg/filters/filter-specs.go b/pkg/filters/filter-specs.go
@@ -7,16 +7,16 @@ import (
 
 // PolicyTypeFilterSpecification is policy type based Filter Spec
 type PolicyTypeFilterSpecification struct {
-	policyType string
+	policyTypes []string
 }
 
 // IsSatisfied implementation for policy type based Filter spec
 func (p PolicyTypeFilterSpecification) IsSatisfied(r *policy.RegoMetadata) bool {
-	// if policy type is not present for metadata, return true
-	if len(r.PolicyType) < 1 {
+	// if resource type is not present for metadata, return true
+	if len(r.PolicyType) < 1 || len(p.policyTypes) < 1 {
 		return true
 	}
-	return p.policyType == r.PolicyType
+	return utils.CheckPolicyType(r.PolicyType, p.policyTypes)
 }
 
 // ResourceTypeFilterSpecification is resource type based Filter Spec

diff --git a/pkg/filters/filters.go b/pkg/filters/filters.go
@@ -9,22 +9,25 @@ type RegoMetadataPreLoadFilter struct {
 	scanRules   []string
 	skipRules   []string
 	categories  []string
+	policyTypes []string
 	severity    string
 	filterSpecs []policy.FilterSpecification
 }
 
 // NewRegoMetadataPreLoadFilter is a constructor func for RegoMetadataPreLoadFilter
-func NewRegoMetadataPreLoadFilter(scanRules, skipRules, categories []string, severity string) *RegoMetadataPreLoadFilter {
+func NewRegoMetadataPreLoadFilter(scanRules, skipRules, categories, policyTypes []string, severity string) *RegoMetadataPreLoadFilter {
 	return &RegoMetadataPreLoadFilter{
-		scanRules:  scanRules,
-		skipRules:  skipRules,
-		categories: categories,
-		severity:   severity,
+		scanRules:   scanRules,
+		skipRules:   skipRules,
+		categories:  categories,
+		policyTypes: policyTypes,
+		severity:    severity,
 		// add applicable filter specs to the list
 		filterSpecs: []policy.FilterSpecification{
 			RerefenceIDsFilterSpecification{scanRules},
 			CategoryFilterSpecification{categories: categories},
 			SeverityFilterSpecification{severity: severity},
+			PolicyTypeFilterSpecification{policyTypes: policyTypes},
 		},
 	}
 }

diff --git a/pkg/filters/filters_test.go b/pkg/filters/filters_test.go
@@ -59,7 +59,7 @@ func TestRegoMetadataPreLoadFilterIsFiltered(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			r := NewRegoMetadataPreLoadFilter(nil, tt.fields.skipRules, nil, "")
+			r := NewRegoMetadataPreLoadFilter(nil, tt.fields.skipRules, nil, nil, "")
 			if got := r.IsFiltered(tt.args.regoMetadata); got != tt.want {
 				t.Errorf("RegoMetadataPreLoadFilter.IsFiltered() = %v, want %v", got, tt.want)
 			}
@@ -168,7 +168,7 @@ func TestRegoMetadataPreLoadFilterIsAllowed(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			r := NewRegoMetadataPreLoadFilter(tt.fields.scanRules, nil, tt.fields.categories, tt.fields.severity)
+			r := NewRegoMetadataPreLoadFilter(tt.fields.scanRules, nil, tt.fields.categories, nil, tt.fields.severity)
 			if got := r.IsAllowed(tt.args.regoMetadata); got != tt.want {
 				t.Errorf("RegoMetadataPreLoadFilter.IsAllowed() = %v, want %v", got, tt.want)
 			}

diff --git a/pkg/runtime/executor.go b/pkg/runtime/executor.go
@@ -35,7 +35,6 @@ type Executor struct {
 	filePath      string
 	dirPath       string
 	policyPath    []string
-	cloudType     []string
 	iacType       string
 	iacVersion    string
 	scanRules     []string
@@ -44,17 +43,18 @@ type Executor struct {
 	policyEngines []policy.Engine
 	notifiers     []notifications.Notifier
 	categories    []string
+	policyTypes   []string
 	severity      string
 	nonRecursive  bool
 }
 
 // NewExecutor creates a runtime object
-func NewExecutor(iacType, iacVersion string, cloudType []string, filePath, dirPath string, policyPath, scanRules, skipRules, categories []string, severity string, nonRecursive bool) (e *Executor, err error) {
+func NewExecutor(iacType, iacVersion string, policyTypes []string, filePath, dirPath string, policyPath, scanRules, skipRules, categories []string, severity string, nonRecursive bool) (e *Executor, err error) {
 	e = &Executor{
 		filePath:     filePath,
 		dirPath:      dirPath,
 		policyPath:   policyPath,
-		cloudType:    cloudType,
+		policyTypes:  policyTypes,
 		iacType:      iacType,
 		iacVersion:   iacVersion,
 		iacProviders: make([]iacProvider.IacProvider, 0),
@@ -83,6 +83,10 @@ func NewExecutor(iacType, iacVersion string, cloudType []string, filePath, dirPa
 		e.categories = categories
 	}
 
+	if len(policyTypes) > 0 {
+		e.policyTypes = policyTypes
+	}
+
 	// initialize executor
 	if err = e.Init(); err != nil {
 		return e, err
@@ -149,7 +153,7 @@ func (e *Executor) Init() error {
 		}
 
 		// create a new RegoMetadata pre load filter
-		preloadFilter := filters.NewRegoMetadataPreLoadFilter(e.scanRules, e.skipRules, e.categories, e.severity)
+		preloadFilter := filters.NewRegoMetadataPreLoadFilter(e.scanRules, e.skipRules, e.categories, e.policyTypes, e.severity)
 
 		// initialize the engine
 		if err := engine.Init(policyPath, preloadFilter); err != nil {