Fix dinosaur tests

Signed-off-by: Jakub Smolar <[email protected]>

testsuite/kuadrant/policy/authorization/auth_policy.py

@@ -9,12 +9,9 @@
 from testsuite.utils import asdict
 from .auth_config import AuthConfig
 from .sections import ResponseSection
-from .. import Policy
+from .. import Policy, CelPredicate
 from . import Pattern
 
-if TYPE_CHECKING:
-    from . import Rule
-
 
 class AuthPolicy(Policy, AuthConfig):
     """AuthPolicy object, it serves as Kuadrants AuthConfig"""
@@ -44,7 +41,7 @@ def create_instance(
         return cls(model, context=cluster.context)
 
     @modify
-    def add_rule(self, when: list["Rule"]):
+    def add_rule(self, when: list[CelPredicate]):
         """Add rule for the skip of entire AuthPolicy"""
         self.model.spec.setdefault("when", [])
         self.model.spec["when"].extend([asdict(x) for x in when])

testsuite/tests/singlecluster/authorino/dinosaur/conftest.py

@@ -6,6 +6,7 @@
 from openshift_client import OpenShiftPythonException
 
 from testsuite.httpx.auth import HttpxOidcClientAuth
+from testsuite.kuadrant.policy import CelPredicate
 from testsuite.oidc.keycloak import Keycloak
 from testsuite.utils import ContentType
 from testsuite.kuadrant.policy.authorization import Pattern, PatternRef, Value, ValueFrom, DenyResponse
@@ -100,21 +101,18 @@ def _resource_info(org_id, owner):
 @pytest.fixture(scope="module")
 def authorization(authorization, keycloak, terms_and_conditions, cluster_info, admin_rhsso, resource_info):
     """Creates complex Authorization Config."""
-    path_fourth_element = 'context.request.http.path.@extract:{"sep":"/","pos":4}'
-    path_third_element = 'context.request.http.path.@extract:{"sep":"/","pos":3}'
+    path_fourth_element = 'request.path.@extract:{"sep":"/","pos":4}'
     authorization.add_patterns(
         {
-            "api-route": [Pattern("context.request.http.path", "matches", "^/anything/dinosaurs_mgmt/.+")],
-            "v1-route": [Pattern(path_third_element, "eq", "v1")],
             "dinosaurs-route": [Pattern(path_fourth_element, "eq", "dinosaurs")],
-            "dinosaur-resource-route": [Pattern("context.request.http.path", "matches", "/dinosaurs/[^/]+$")],
+            "dinosaur-resource-route": [Pattern("request.path", "matches", "/dinosaurs/[^/]+$")],
             "create-dinosaur-route": [
-                Pattern("context.request.http.path", "matches", "/dinosaurs/?$"),
-                Pattern("context.request.http.method", "eq", "POST"),
+                Pattern("request.path", "matches", "/dinosaurs/?$"),
+                Pattern("request.method", "eq", "POST"),
             ],
             "metrics-federate-route": [
                 Pattern(path_fourth_element, "eq", "dinosaurs"),
-                Pattern("context.request.http.path", "matches", "/metrics/federate$"),
+                Pattern("request.path", "matches", "/metrics/federate$"),
             ],
             "service-accounts-route": [Pattern(path_fourth_element, "eq", "service_accounts")],
             "supported-instance-types-route": [Pattern(path_fourth_element, "eq", "instance_types")],
@@ -129,7 +127,12 @@ def authorization(authorization, keycloak, terms_and_conditions, cluster_info, a
             "require-org-id": [Pattern("auth.identity.org_id", "neq", "")],
         }
     )
-    authorization.add_rule([PatternRef("api-route"), PatternRef("v1-route")])
+    authorization.add_rule(
+        [
+            CelPredicate("request.path.matches('^/anything/dinosaurs_mgmt/.+')"),
+            CelPredicate("request.path.split('/')[3] == 'v1'"),
+        ]
+    )
 
     authorization.identity.clear_all()
     authorization.identity.add_oidc(