Skip to content

Commit

Permalink
PlainIdentitySpec.Value
Browse files Browse the repository at this point in the history 
Signed-off-by: Alex Snaps <[email protected]>
  • Loading branch information
@alexsnaps
alexsnaps committed Oct 15, 2024
1 parent dd7b33d commit d460102
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 34 deletions.
1 change: 1 addition & 0 deletions api/v1beta3/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 9 additions & 1 deletion controllers/auth_config_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,15 @@ func (r *AuthConfigReconciler) translateAuthConfig(ctx context.Context, authConf
}

case api.PlainIdentityAuthentication:
translatedIdentity.Plain = &identity_evaluators.Plain{Pattern: identity.Plain.Selector}
if identity.Plain.Expression.Expression != "" {
expression, err := cel.NewStringExpression(identity.Plain.Expression.Expression)
if err != nil {
return nil, err
}
translatedIdentity.Plain = &identity_evaluators.Plain{Value: expression, Pattern: identity.Plain.Expression.Expression}
} else {
translatedIdentity.Plain = &identity_evaluators.Plain{Value: &json.JSONValue{Pattern: identity.Plain.Selector}, Pattern: identity.Plain.Selector}
}

case api.AnonymousAccessAuthentication:
translatedIdentity.Noop = &identity_evaluators.Noop{AuthCredentials: authCred}
Expand Down
23 changes: 8 additions & 15 deletions install/crd/authorino.kuadrant.io_authconfigs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4782,6 +4782,8 @@ spec:
Identity object extracted from the context.
Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request.
properties:
expression:
type: string
selector:
description: |-
Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!").
Expand Down Expand Up @@ -5179,6 +5181,8 @@ spec:
- name
type: object
type: object
expression:
type: string
headers:
additionalProperties:
properties:
Expand Down Expand Up @@ -5291,11 +5295,6 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down Expand Up @@ -5648,6 +5647,8 @@ spec:
- name
type: object
type: object
expression:
type: string
headers:
additionalProperties:
properties:
Expand Down Expand Up @@ -5756,11 +5757,6 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down Expand Up @@ -5954,6 +5950,8 @@ spec:
- name
type: object
type: object
expression:
type: string
headers:
additionalProperties:
properties:
Expand Down Expand Up @@ -6062,11 +6060,6 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down
23 changes: 8 additions & 15 deletions install/manifests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5258,6 +5258,8 @@ spec:
Identity object extracted from the context.
Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request.
properties:
expression:
type: string
selector:
description: |-
Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!").
Expand Down Expand Up @@ -5655,6 +5657,8 @@ spec:
- name
type: object
type: object
expression:
type: string
headers:
additionalProperties:
properties:
Expand Down Expand Up @@ -5767,11 +5771,6 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down Expand Up @@ -6124,6 +6123,8 @@ spec:
- name
type: object
type: object
expression:
type: string
headers:
additionalProperties:
properties:
Expand Down Expand Up @@ -6232,11 +6233,6 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down Expand Up @@ -6430,6 +6426,8 @@ spec:
- name
type: object
type: object
expression:
type: string
headers:
additionalProperties:
properties:
Expand Down Expand Up @@ -6538,11 +6536,6 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down
6 changes: 3 additions & 3 deletions pkg/evaluators/identity/plain.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,18 @@ import (
"net/http"

"github.com/kuadrant/authorino/pkg/auth"
"github.com/kuadrant/authorino/pkg/json"
"github.com/kuadrant/authorino/pkg/expressions"

envoy_auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
)

type Plain struct {
Value expressions.Value
Pattern string
}

func (p *Plain) Call(pipeline auth.AuthPipeline, ctx context.Context) (interface{}, error) {
pattern := json.JSONValue{Pattern: p.Pattern}
if object, err := pattern.ResolveFor(pipeline.GetAuthorizationJSON()); object != nil {
if object, err := p.Value.ResolveFor(pipeline.GetAuthorizationJSON()); object != nil {
return object, nil
} else if err != nil {
return nil, err
Expand Down

0 comments on commit d460102

Please sign in to comment.