Skip to content

Commit

Permalink
Merge pull request #501 from Kuadrant/fix/rawextension-to-str
Browse files Browse the repository at this point in the history
fix: RawExtension to string conversion

Signed-off-by: Guilherme Cassolato <[email protected]>
  • Loading branch information
guicassolato committed Nov 4, 2024
1 parent 7d07f22 commit f08e27b
Show file tree
Hide file tree
Showing 4 changed files with 78 additions and 17 deletions.
37 changes: 30 additions & 7 deletions pkg/evaluators/authorization/authzed.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,23 @@ func (a *Authzed) Call(pipeline auth.AuthPipeline, ctx gocontext.Context) (inter

authJSON := pipeline.GetAuthorizationJSON()

resource, err := authzedObjectFor(a.Resource, a.ResourceKind, authJSON)
if err != nil {
return nil, err
}
object, err := authzedObjectFor(a.Subject, a.SubjectKind, authJSON)
if err != nil {
return nil, err
}
permission := a.Permission.ResolveFor(authJSON)
permissionStr, err := json.StringifyJSON(permission)
if err != nil {
return nil, err
}
resp, err := client.CheckPermission(ctx, &authzedpb.CheckPermissionRequest{
Resource: authzedObjectFor(a.Resource, a.ResourceKind, authJSON),
Subject: &authzedpb.SubjectReference{Object: authzedObjectFor(a.Subject, a.SubjectKind, authJSON)},
Permission: fmt.Sprintf("%s", a.Permission.ResolveFor(authJSON)),
Resource: resource,
Subject: &authzedpb.SubjectReference{Object: object},
Permission: permissionStr,
})
if err != nil {
return nil, err
Expand All @@ -74,9 +87,19 @@ func (a *Authzed) Call(pipeline auth.AuthPipeline, ctx gocontext.Context) (inter
return obj, nil
}

func authzedObjectFor(name, kind json.JSONValue, authJSON string) *authzedpb.ObjectReference {
return &authzedpb.ObjectReference{
ObjectId: fmt.Sprintf("%s", name.ResolveFor(authJSON)),
ObjectType: fmt.Sprintf("%s", kind.ResolveFor(authJSON)),
func authzedObjectFor(name, kind json.JSONValue, authJSON string) (*authzedpb.ObjectReference, error) {
objectId := name.ResolveFor(authJSON)
objectIdStr, err := json.StringifyJSON(objectId)
if err != nil {
return nil, err
}
objectType := kind.ResolveFor(authJSON)
objectTypeStr, err := json.StringifyJSON(objectType)
if err != nil {
return nil, err
}
return &authzedpb.ObjectReference{
ObjectId: objectIdStr,
ObjectType: objectTypeStr,
}, nil
}
47 changes: 38 additions & 9 deletions pkg/evaluators/authorization/kubernetes_authz.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,26 +63,55 @@ func (k *KubernetesAuthz) Call(pipeline auth.AuthPipeline, ctx gocontext.Context
}

authJSON := pipeline.GetAuthorizationJSON()
jsonValueToStr := func(value json.JSONValue) string {
return fmt.Sprintf("%s", value.ResolveFor(authJSON))
jsonValueToStr := func(value json.JSONValue) (string, error) {
resolved := value.ResolveFor(authJSON)
return json.StringifyJSON(resolved)
}

user, err := jsonValueToStr(k.User)
if err != nil {
return nil, err
}
subjectAccessReview := kubeAuthz.SubjectAccessReview{
Spec: kubeAuthz.SubjectAccessReviewSpec{
User: jsonValueToStr(k.User),
User: user,
},
}

if k.ResourceAttributes != nil {
resourceAttributes := k.ResourceAttributes

namespace, err := jsonValueToStr(resourceAttributes.Namespace)
if err != nil {
return nil, err
}
group, err := jsonValueToStr(resourceAttributes.Group)
if err != nil {
return nil, err
}
resource, err := jsonValueToStr(resourceAttributes.Resource)
if err != nil {
return nil, err
}
name, err := jsonValueToStr(resourceAttributes.Name)
if err != nil {
return nil, err
}
subresource, err := jsonValueToStr(resourceAttributes.SubResource)
if err != nil {
return nil, err
}
verb, err := jsonValueToStr(resourceAttributes.Verb)
if err != nil {
return nil, err
}
subjectAccessReview.Spec.ResourceAttributes = &kubeAuthz.ResourceAttributes{
Namespace: jsonValueToStr(resourceAttributes.Namespace),
Group: jsonValueToStr(resourceAttributes.Group),
Resource: jsonValueToStr(resourceAttributes.Resource),
Name: jsonValueToStr(resourceAttributes.Name),
Subresource: jsonValueToStr(resourceAttributes.SubResource),
Verb: jsonValueToStr(resourceAttributes.Verb),
Namespace: namespace,
Group: group,
Resource: resource,
Name: name,
Subresource: subresource,
Verb: verb,
}
} else {
request := pipeline.GetHttp()
Expand Down
7 changes: 6 additions & 1 deletion pkg/evaluators/metadata/generic_http.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,12 @@ func (h *GenericHttp) buildRequest(ctx gocontext.Context, endpoint, authJSON str
}

for _, header := range h.Headers {
req.Header.Set(header.Name, fmt.Sprintf("%s", header.Value.ResolveFor(authJSON)))
headerValue := header.Value.ResolveFor(authJSON)
headerValueStr, err := json.StringifyJSON(headerValue)
if err != nil {
return nil, err
}
req.Header.Set(header.Name, headerValueStr)
}

req.Header.Set("Content-Type", contentType)
Expand Down
4 changes: 4 additions & 0 deletions pkg/json/json.go
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,10 @@ func ReplaceJSONPlaceholders(source string, jsonData string) string {
}

func StringifyJSON(data interface{}) (string, error) {
_, ok := data.(string)
if ok {
return data.(string), nil
}
if dataAsJSON, err := json.Marshal(data); err != nil {
return "", err
} else {
Expand Down

0 comments on commit f08e27b

Please sign in to comment.