From a7a70fc91c70ab9ff6f95bb4fabaabb45e56e0c0 Mon Sep 17 00:00:00 2001
From: Meredith Lancaster <malancas@github.com>
Date: Thu, 31 Oct 2024 16:59:25 -0600
Subject: [PATCH] check for SAN and SANRegex

Signed-off-by: Meredith Lancaster <malancas@github.com>
---
 pkg/cmd/attestation/verification/policy.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/cmd/attestation/verification/policy.go b/pkg/cmd/attestation/verification/policy.go
index ae21dae48..6e8ce7ae4 100644
--- a/pkg/cmd/attestation/verification/policy.go
+++ b/pkg/cmd/attestation/verification/policy.go
@@ -43,5 +43,8 @@ func (c EnforcementCriteria) Valid() error {
 	if c.PredicateType == "" {
 		return fmt.Errorf("PredicateType must be set")
 	}
+	if c.SANRegex == "" && c.SAN == "" {
+		return fmt.Errorf("SANRegex or SAN must be set")
+	}
 	return nil
 }