From 5317a7df3be5065d380f80f623818385795cdeb5 Mon Sep 17 00:00:00 2001
From: Bruno Ferreira <bmibferreira@gmail.com>
Date: Mon, 27 Dec 2021 14:50:04 +0000
Subject: [PATCH 1/2] test: adds failing test case

---
 server/events/yaml/valid/repo_cfg_test.go | 42 +++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/server/events/yaml/valid/repo_cfg_test.go b/server/events/yaml/valid/repo_cfg_test.go
index 28cee4fc9f..56fb9c75df 100644
--- a/server/events/yaml/valid/repo_cfg_test.go
+++ b/server/events/yaml/valid/repo_cfg_test.go
@@ -164,6 +164,48 @@ func TestConfig_FindProjectsByDir(t *testing.T) {
 				},
 			},
 		},
+		{
+			description: "Always find exact matches even if the prefix is not allowed",
+			nameRegex:   ".*",
+			input: valid.RepoCfg{
+				Version: 3,
+				Projects: []valid.Project{
+					{
+						Dir:              ".",
+						Name:             String("prod_terragrunt_myproject"),
+						Workspace:        "myworkspace",
+						TerraformVersion: tfVersion,
+						Autoplan: valid.Autoplan{
+							WhenModified: []string{"**/*.tf*", "**/terragrunt.hcl"},
+							Enabled:      false,
+						},
+						ApplyRequirements: []string{"approved"},
+					},
+				},
+				Workflows: map[string]valid.Workflow{
+					"myworkflow": {
+						Name:        "myworkflow",
+						Apply:       valid.DefaultApplyStage,
+						Plan:        valid.DefaultPlanStage,
+						PolicyCheck: valid.DefaultPolicyCheckStage,
+					},
+				},
+				AllowedRegexpPrefixes: []string{"dev", "staging"},
+			},
+			expProjects: []valid.Project{
+				{
+					Dir:              ".",
+					Name:             String("prod_terragrunt_myproject"),
+					Workspace:        "myworkspace",
+					TerraformVersion: tfVersion,
+					Autoplan: valid.Autoplan{
+						WhenModified: []string{"**/*.tf*", "**/terragrunt.hcl"},
+						Enabled:      false,
+					},
+					ApplyRequirements: []string{"approved"},
+				},
+			},
+		},
 	}
 	validation.ErrorTag = "yaml"
 	for _, c := range cases {

From 52505e3ca7ffa194c6e930f613b79a6c789cdb17 Mon Sep 17 00:00:00 2001
From: Bruno Ferreira <bmibferreira@gmail.com>
Date: Mon, 27 Dec 2021 14:52:10 +0000
Subject: [PATCH 2/2] fix: return project if there's an exact match, even if
 the prefix is not on the allowed list

---
 server/events/yaml/valid/repo_cfg.go | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/server/events/yaml/valid/repo_cfg.go b/server/events/yaml/valid/repo_cfg.go
index c73b978e35..174397e1d3 100644
--- a/server/events/yaml/valid/repo_cfg.go
+++ b/server/events/yaml/valid/repo_cfg.go
@@ -4,6 +4,7 @@ package valid
 
 import (
 	"fmt"
+	"log"
 	"regexp"
 	"strings"
 
@@ -58,16 +59,19 @@ func (r RepoCfg) FindProjectByName(name string) *Project {
 // FindProjectsByName returns all projects that match with name.
 func (r RepoCfg) FindProjectsByName(name string) []Project {
 	var ps []Project
-	if isRegexAllowed(name, r.AllowedRegexpPrefixes) {
-		sanitizedName := "^" + name + "$"
-		for _, p := range r.Projects {
-			if p.Name != nil {
-				if match, _ := regexp.MatchString(sanitizedName, *p.Name); match {
-					ps = append(ps, p)
-				}
+	sanitizedName := "^" + name + "$"
+	for _, p := range r.Projects {
+		if p.Name != nil {
+			if match, _ := regexp.MatchString(sanitizedName, *p.Name); match {
+				ps = append(ps, p)
 			}
 		}
 	}
+	// If we found more than one project then we need to make sure that the regex is allowed.
+	if len(ps) > 1 && !isRegexAllowed(name, r.AllowedRegexpPrefixes) {
+		log.Printf("Found more than one project for regex %q. This regex is not on the allow list.", name)
+		return nil
+	}
 	return ps
 }