From f21c4278b7d94b9f608fc53ccfef639100af40a4 Mon Sep 17 00:00:00 2001
From: Simar <simar@linux.com>
Date: Tue, 29 Oct 2024 19:53:16 -0600
Subject: [PATCH 1/3] Revert "test(bundle): Disable canary builds"

This reverts commit b9b40904c9b0e217aa8f7238a473ca3b006bff09.
---
 scripts/verify-bundle.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/verify-bundle.go b/scripts/verify-bundle.go
index af770203..e3946c3c 100644
--- a/scripts/verify-bundle.go
+++ b/scripts/verify-bundle.go
@@ -15,7 +15,7 @@ import (
 
 var bundlePath = "bundle.tar.gz"
 var OrasPush = []string{"--artifact-type", "application/vnd.cncf.openpolicyagent.config.v1+json", fmt.Sprintf("%s:application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip", bundlePath)}
-var supportedTrivyVersions = []string{"latest"} // TODO: add more versions
+var supportedTrivyVersions = []string{"latest", "canary"} // TODO: add more versions
 
 func createRegistryContainer(ctx context.Context) (testcontainers.Container, string) {
 	reqReg := testcontainers.ContainerRequest{

From 954b9826c16d49c8d83be790278d95df85f46c4b Mon Sep 17 00:00:00 2001
From: Simar <simar@linux.com>
Date: Sat, 2 Nov 2024 00:31:12 -0600
Subject: [PATCH 2/3] update assertion

---
 scripts/verify-bundle.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/verify-bundle.go b/scripts/verify-bundle.go
index e3946c3c..7607bc94 100644
--- a/scripts/verify-bundle.go
+++ b/scripts/verify-bundle.go
@@ -137,7 +137,7 @@ func LoadAndVerifyBundle() {
 		trivyC := createTrivyContainer(ctx, trivyVersion, regIP)
 		fmt.Println(debugLogsForContainer(ctx, trivyC))
 
-		if !assertInLogs(debugLogsForContainer(ctx, trivyC), `Tests: 1 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 0)`) {
+		if !assertInLogs(debugLogsForContainer(ctx, trivyC), `Tests: 1 (SUCCESSES: 0, FAILURES: 1)`) {
 			panic("asserting Trivy logs for misconfigurations failed, check Trivy log output")
 		}
 

From 71746ccff203a455296210c30823a6235b36faa7 Mon Sep 17 00:00:00 2001
From: Nikita Pivkin <nikita.pivkin@smartforce.io>
Date: Fri, 1 Nov 2024 17:37:15 +0600
Subject: [PATCH 3/3] fix: fix metadata retrieval from iac types

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
---
 lib/cloud/metadata.rego      | 11 ++++++++++-
 lib/cloud/metadata_test.rego |  7 +++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/lib/cloud/metadata.rego b/lib/cloud/metadata.rego
index 85f68821..15fc6e67 100644
--- a/lib/cloud/metadata.rego
+++ b/lib/cloud/metadata.rego
@@ -10,9 +10,18 @@ import rego.v1
 obj_by_path(obj, path) := res if {
 	occurrences := {obj_path: child_object |
 		walk(obj, [obj_path, child_object])
-		child_object.__defsec_metadata
+		has_metadata(child_object)
 		object.subset(path, obj_path)
 	}
 
 	res := occurrences[max(object.keys(occurrences))]
 } else := obj
+
+has_metadata(obj) if obj.__defsec_metadata
+
+has_metadata(obj) if {
+	obj.fskey
+	has_key(obj, "value")
+}
+
+has_key(x, k) if _ = x[k]
diff --git a/lib/cloud/metadata_test.rego b/lib/cloud/metadata_test.rego
index f62adc38..3a0db5e9 100644
--- a/lib/cloud/metadata_test.rego
+++ b/lib/cloud/metadata_test.rego
@@ -31,4 +31,11 @@ test_obj_by_path_skip_without_metadata if {
 	metadata.obj_by_path(obj, ["foo", "baz"]) == obj
 }
 
+test_obj_by_path_happy_iac_type if {
+	bar := {"value": 1, "fskey": "somekey"}
+	obj := with_meta({"foo": with_meta({"bar": bar})})
+
+	metadata.obj_by_path(obj, ["foo", "bar"]) == bar
+}
+
 with_meta(obj) := object.union(obj, {"__defsec_metadata": {}})