add unresolved placeholders

services/policy_evaluator.go

@@ -40,6 +40,18 @@ func resolveVariables(value string, ctx *models.AuthorizationContext) string {
 	})
 }
 
+// hasUnresolvedPlaceholders checks if a string still contains placeholders that couldn't be resolved
+func hasUnresolvedPlaceholders(value string) bool {
+	re := regexp.MustCompile(`\$\{[^}]+\}`)
+	return re.MatchString(value)
+}
+
+// extractUnresolvedPlaceholders returns a list of unresolved placeholders
+func extractUnresolvedPlaceholders(value string) []string {
+	re := regexp.MustCompile(`\$\{[^}]+\}`)
+	return re.FindAllString(value, -1)
+}
+
 // compare evaluates comparison operators between actual and expected values
 // Note: "=" and "!=" are case-sensitive, while IN/CONTAINS/STARTS_WITH/ENDS_WITH are case-insensitive
 func compare(actual, expected, operator string) bool {
@@ -151,6 +163,20 @@ func evaluatePolicy(policyAttribute models.PolicyAttribute, ctx *models.Authoriz
 
 	if !satisfied {
 		fmt.Printf("  Result:   ❌ FAILED\n\n")
+
+		// Check if the failure is due to unresolved placeholders
+		if hasUnresolvedPlaceholders(expectedValue) {
+			unresolvedPlaceholders := extractUnresolvedPlaceholders(expectedValue)
+			return false, fmt.Sprintf(
+				"Policy failed: %s %s %s (actual: %s) - Missing required attributes: %v",
+				policyAttribute.AttributeName,
+				policyAttribute.Comparison,
+				expectedValue,
+				actualValue,
+				unresolvedPlaceholders,
+			)
+		}
+
 		return false, fmt.Sprintf(
 			"Policy failed: %s %s %s (actual: %s)",
 			policyAttribute.AttributeName,