diff --git a/lib/services/workload_identity.go b/lib/services/workload_identity.go index 3b4aa18b386a6..826ab6540b0e6 100644 --- a/lib/services/workload_identity.go +++ b/lib/services/workload_identity.go @@ -105,7 +105,7 @@ func ValidateWorkloadIdentity(s *workloadidentityv1pb.WorkloadIdentity) error { return trace.BadParameter("spec.rules.allow[%d].conditions[%d].attribute: must be non-empty", i, j) } if condition.Operator == nil { - return trace.BadParameter("spec.rules.allow[%d].conditions[%d]: at least one operator must be provided", i, j) + return trace.BadParameter("spec.rules.allow[%d].conditions[%d]: operator must be specified", i, j) } } } diff --git a/lib/services/workload_identity_test.go b/lib/services/workload_identity_test.go index 429612ed48555..27d0e1ec0261b 100644 --- a/lib/services/workload_identity_test.go +++ b/lib/services/workload_identity_test.go @@ -92,7 +92,11 @@ func TestValidateWorkloadIdentity(t *testing.T) { Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{ { Attribute: "example", - Equals: "foo", + Operator: &workloadidentityv1pb.WorkloadIdentityCondition_Eq{ + Eq: &workloadidentityv1pb.WorkloadIdentityConditionEq{ + Value: "foo", + }, + }, }, }, }, @@ -180,7 +184,11 @@ func TestValidateWorkloadIdentity(t *testing.T) { Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{ { Attribute: "", - Equals: "foo", + Operator: &workloadidentityv1pb.WorkloadIdentityCondition_Eq{ + Eq: &workloadidentityv1pb.WorkloadIdentityConditionEq{ + Value: "foo", + }, + }, }, }, }, @@ -218,7 +226,7 @@ func TestValidateWorkloadIdentity(t *testing.T) { }, }, }, - requireErr: errContains("spec.rules.allow[0].conditions[0]: exactly one operator must be specified, found 0"), + requireErr: errContains("spec.rules.allow[0].conditions[0]: operator must be specified"), }, }