diff --git a/pkg/expressions/cel/expressions.go b/pkg/expressions/cel/expressions.go index c75959fe..ca3e78da 100644 --- a/pkg/expressions/cel/expressions.go +++ b/pkg/expressions/cel/expressions.go @@ -9,6 +9,7 @@ import ( "github.com/google/cel-go/cel" "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common/types/ref" + "github.com/google/cel-go/ext" "github.com/tidwall/gjson" "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/proto" @@ -100,6 +101,7 @@ func Compile(expression string, expectedType *cel.Type, opts ...cel.EnvOption) ( decls.NewConst(RootDestinationBinding, decls.NewObjectType("google.protobuf.Struct"), nil), decls.NewConst(RootAuthBinding, decls.NewObjectType("google.protobuf.Struct"), nil), )}, opts...) + envOpts = append(envOpts, ext.Strings()) env, env_err := cel.NewEnv(envOpts...) if env_err != nil { return nil, env_err diff --git a/pkg/expressions/cel/expressions_test.go b/pkg/expressions/cel/expressions_test.go index 587ac4cd..5ae7ecbc 100644 --- a/pkg/expressions/cel/expressions_test.go +++ b/pkg/expressions/cel/expressions_test.go @@ -41,4 +41,10 @@ func TestPredicate(t *testing.T) { response, err = predicate.Matches(pipelineMock.GetAuthorizationJSON()) assert.NilError(t, err) assert.Equal(t, response, true) + + predicate, err = NewPredicate(`"GET".lowerAscii() == "get"`) + assert.NilError(t, err) + response, err = predicate.Matches("{}") + assert.NilError(t, err) + assert.Equal(t, response, true) } diff --git a/tests/v1beta3/authconfig.yaml b/tests/v1beta3/authconfig.yaml index 7e783002..499c043c 100644 --- a/tests/v1beta3/authconfig.yaml +++ b/tests/v1beta3/authconfig.yaml @@ -77,10 +77,10 @@ spec: Accept: value: application/json method: GET - url: http://ip-location.authorino.svc.cluster.local:3000/{context.request.http.headers.x-forwarded-for.@extract:{"sep":","}} + urlExpression: "http://ip-location.authorino.svc.cluster.local:3000/" + request.headers["x-forwarded-for"].split(",")[0] cache: key: - selector: request.http.headers.x-forwarded-for.@extract:{"sep":","} + expression: request.headers["x-forwarded-for"].split(",")[0] user-info: userInfo: identitySource: keycloak @@ -179,7 +179,7 @@ spec: uri: expression: request.path scope: - selector: request.http.method.@case:lower + expression: request.method.lowerAscii() signingKeyRefs: - name: wristband-signing-key algorithm: ES256