From 1842d3085f660d76a23b04c25874f7a6381086c1 Mon Sep 17 00:00:00 2001 From: Alex Snaps Date: Tue, 5 Nov 2024 06:26:33 -0500 Subject: [PATCH 1/2] Added strings extension to CEL interpreter Signed-off-by: Alex Snaps --- pkg/expressions/cel/expressions.go | 2 ++ pkg/expressions/cel/expressions_test.go | 6 ++++++ tests/v1beta3/authconfig.yaml | 6 +++--- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/pkg/expressions/cel/expressions.go b/pkg/expressions/cel/expressions.go index c75959fe..ca3e78da 100644 --- a/pkg/expressions/cel/expressions.go +++ b/pkg/expressions/cel/expressions.go @@ -9,6 +9,7 @@ import ( "github.com/google/cel-go/cel" "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common/types/ref" + "github.com/google/cel-go/ext" "github.com/tidwall/gjson" "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/proto" @@ -100,6 +101,7 @@ func Compile(expression string, expectedType *cel.Type, opts ...cel.EnvOption) ( decls.NewConst(RootDestinationBinding, decls.NewObjectType("google.protobuf.Struct"), nil), decls.NewConst(RootAuthBinding, decls.NewObjectType("google.protobuf.Struct"), nil), )}, opts...) + envOpts = append(envOpts, ext.Strings()) env, env_err := cel.NewEnv(envOpts...) if env_err != nil { return nil, env_err diff --git a/pkg/expressions/cel/expressions_test.go b/pkg/expressions/cel/expressions_test.go index 587ac4cd..5ae7ecbc 100644 --- a/pkg/expressions/cel/expressions_test.go +++ b/pkg/expressions/cel/expressions_test.go @@ -41,4 +41,10 @@ func TestPredicate(t *testing.T) { response, err = predicate.Matches(pipelineMock.GetAuthorizationJSON()) assert.NilError(t, err) assert.Equal(t, response, true) + + predicate, err = NewPredicate(`"GET".lowerAscii() == "get"`) + assert.NilError(t, err) + response, err = predicate.Matches("{}") + assert.NilError(t, err) + assert.Equal(t, response, true) } diff --git a/tests/v1beta3/authconfig.yaml b/tests/v1beta3/authconfig.yaml index 7e783002..499c043c 100644 --- a/tests/v1beta3/authconfig.yaml +++ b/tests/v1beta3/authconfig.yaml @@ -77,10 +77,10 @@ spec: Accept: value: application/json method: GET - url: http://ip-location.authorino.svc.cluster.local:3000/{context.request.http.headers.x-forwarded-for.@extract:{"sep":","}} + urlExpression: "http://ip-location.authorino.svc.cluster.local:3000/" + request.headers["x-forwarded-for"].split(",")[0] cache: key: - selector: request.http.headers.x-forwarded-for.@extract:{"sep":","} + expression: request.headers["x-forwarded-for"].split(",")[0] user-info: userInfo: identitySource: keycloak @@ -179,7 +179,7 @@ spec: uri: expression: request.path scope: - selector: request.http.method.@case:lower + expression: request.method.lowerAscii() signingKeyRefs: - name: wristband-signing-key algorithm: ES256 From a8465f1555d12349d32773f2467c800840be8849 Mon Sep 17 00:00:00 2001 From: Alex Snaps Date: Tue, 5 Nov 2024 06:56:26 -0500 Subject: [PATCH 2/2] Like I would know what I'm doing Signed-off-by: Alex Snaps --- tests/v1beta3/authconfig.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/v1beta3/authconfig.yaml b/tests/v1beta3/authconfig.yaml index 499c043c..206b168b 100644 --- a/tests/v1beta3/authconfig.yaml +++ b/tests/v1beta3/authconfig.yaml @@ -77,7 +77,8 @@ spec: Accept: value: application/json method: GET - urlExpression: "http://ip-location.authorino.svc.cluster.local:3000/" + request.headers["x-forwarded-for"].split(",")[0] + urlExpression: | + "http://ip-location.authorino.svc.cluster.local:3000/" + request.headers["x-forwarded-for"].split(",")[0] cache: key: expression: request.headers["x-forwarded-for"].split(",")[0]