diff --git a/controllers/auth_config_controller.go b/controllers/auth_config_controller.go index 394aa575..a646598c 100644 --- a/controllers/auth_config_controller.go +++ b/controllers/auth_config_controller.go @@ -678,7 +678,7 @@ func valueFrom(user *api.ValueOrSelector) (expressions.Value, error) { var strValue expressions.Value var err error if user.Expression != "" { - if strValue, err = cel.NewExpression(string(user.Expression)); err != nil { + if strValue, err = cel.NewStringExpression(string(user.Expression)); err != nil { return nil, err } } else { @@ -1128,7 +1128,7 @@ func getJsonFromStaticDynamic(value *api.ValueOrSelector) (expressions.Value, er } expression := string(value.Expression) if expression != "" { - return cel.NewExpression(expression) + return cel.NewStringExpression(expression) } return &json.JSONValue{ diff --git a/pkg/expressions/cel/expressions.go b/pkg/expressions/cel/expressions.go index 18ba5728..faed595e 100644 --- a/pkg/expressions/cel/expressions.go +++ b/pkg/expressions/cel/expressions.go @@ -87,11 +87,7 @@ func (e *Expression) ResolveFor(json string) (interface{}, error) { return nil, err } - if jsonVal, err := ValueToJSON(result); err != nil { - return nil, err - } else { - return jsonVal, nil - } + return ValueToJSON(result) } func (e *StringExpression) ResolveFor(json string) (interface{}, error) { @@ -108,6 +104,7 @@ func (e *Expression) Evaluate(json string) (ref.Val, *cel.EvalDetails, error) { } func (e *Expression) EvaluateStringValue(json string) (string, error) { + fmt.Printf(" ====>>> data: %s\n", json) if result, _, err := e.Evaluate(json); err != nil { return "", err } else if !reflect.DeepEqual(result.Type(), cel.StringType) { diff --git a/tests/v1beta3/authconfig.yaml b/tests/v1beta3/authconfig.yaml index 509b93fe..b4d86c14 100644 --- a/tests/v1beta3/authconfig.yaml +++ b/tests/v1beta3/authconfig.yaml @@ -37,7 +37,7 @@ spec: jwt-rbac: value: true roles: - expression: auth.identity.realm_access.roles + expression: "has(auth.identity.realm_access) ? auth.identity.realm_access.roles : []" username: expression: "has(auth.identity.preferred_username) ? auth.identity.preferred_username : 'unknown'" oauth2-introspection: @@ -53,7 +53,7 @@ spec: jwt-rbac: value: true roles: - expression: auth.identity.realm_access.roles + expression: "has(auth.identity.realm_access) ? auth.identity.realm_access.roles : []" username: expression: "has(auth.identity.preferred_username) ? auth.identity.preferred_username : 'unknown'" cache: