diff --git a/api/v1beta3/zz_generated.deepcopy.go b/api/v1beta3/zz_generated.deepcopy.go index f03c1935..1f89a632 100644 --- a/api/v1beta3/zz_generated.deepcopy.go +++ b/api/v1beta3/zz_generated.deepcopy.go @@ -1132,6 +1132,7 @@ func (in *PlainAuthResponseSpec) DeepCopy() *PlainAuthResponseSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PlainIdentitySpec) DeepCopyInto(out *PlainIdentitySpec) { *out = *in + out.Expression = in.Expression } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlainIdentitySpec. diff --git a/controllers/auth_config_controller.go b/controllers/auth_config_controller.go index 235125e4..e871c961 100644 --- a/controllers/auth_config_controller.go +++ b/controllers/auth_config_controller.go @@ -282,7 +282,15 @@ func (r *AuthConfigReconciler) translateAuthConfig(ctx context.Context, authConf } case api.PlainIdentityAuthentication: - translatedIdentity.Plain = &identity_evaluators.Plain{Pattern: identity.Plain.Selector} + if identity.Plain.Expression.Expression != "" { + expression, err := cel.NewStringExpression(identity.Plain.Expression.Expression) + if err != nil { + return nil, err + } + translatedIdentity.Plain = &identity_evaluators.Plain{Value: expression, Pattern: identity.Plain.Expression.Expression} + } else { + translatedIdentity.Plain = &identity_evaluators.Plain{Value: &json.JSONValue{Pattern: identity.Plain.Selector}, Pattern: identity.Plain.Selector} + } case api.AnonymousAccessAuthentication: translatedIdentity.Noop = &identity_evaluators.Noop{AuthCredentials: authCred} diff --git a/install/crd/authorino.kuadrant.io_authconfigs.yaml b/install/crd/authorino.kuadrant.io_authconfigs.yaml index 3bdfec45..83c8fb49 100644 --- a/install/crd/authorino.kuadrant.io_authconfigs.yaml +++ b/install/crd/authorino.kuadrant.io_authconfigs.yaml @@ -4782,6 +4782,8 @@ spec: Identity object extracted from the context. Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. properties: + expression: + type: string selector: description: |- Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). @@ -5179,6 +5181,8 @@ spec: - name type: object type: object + expression: + type: string headers: additionalProperties: properties: @@ -5291,11 +5295,6 @@ spec: by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. E.g. https://ext-auth-server.io/metadata?p={request.path} type: string - urlExpression: - properties: - expression: - type: string - type: object required: - url type: object @@ -5648,6 +5647,8 @@ spec: - name type: object type: object + expression: + type: string headers: additionalProperties: properties: @@ -5756,11 +5757,6 @@ spec: by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. E.g. https://ext-auth-server.io/metadata?p={request.path} type: string - urlExpression: - properties: - expression: - type: string - type: object required: - url type: object @@ -5954,6 +5950,8 @@ spec: - name type: object type: object + expression: + type: string headers: additionalProperties: properties: @@ -6062,11 +6060,6 @@ spec: by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. E.g. https://ext-auth-server.io/metadata?p={request.path} type: string - urlExpression: - properties: - expression: - type: string - type: object required: - url type: object diff --git a/install/manifests.yaml b/install/manifests.yaml index 4e5e9e17..d3772e17 100644 --- a/install/manifests.yaml +++ b/install/manifests.yaml @@ -5258,6 +5258,8 @@ spec: Identity object extracted from the context. Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. properties: + expression: + type: string selector: description: |- Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). @@ -5655,6 +5657,8 @@ spec: - name type: object type: object + expression: + type: string headers: additionalProperties: properties: @@ -5767,11 +5771,6 @@ spec: by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. E.g. https://ext-auth-server.io/metadata?p={request.path} type: string - urlExpression: - properties: - expression: - type: string - type: object required: - url type: object @@ -6124,6 +6123,8 @@ spec: - name type: object type: object + expression: + type: string headers: additionalProperties: properties: @@ -6232,11 +6233,6 @@ spec: by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. E.g. https://ext-auth-server.io/metadata?p={request.path} type: string - urlExpression: - properties: - expression: - type: string - type: object required: - url type: object @@ -6430,6 +6426,8 @@ spec: - name type: object type: object + expression: + type: string headers: additionalProperties: properties: @@ -6538,11 +6536,6 @@ spec: by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. E.g. https://ext-auth-server.io/metadata?p={request.path} type: string - urlExpression: - properties: - expression: - type: string - type: object required: - url type: object diff --git a/pkg/evaluators/identity/plain.go b/pkg/evaluators/identity/plain.go index d996d774..c6bc5ee0 100644 --- a/pkg/evaluators/identity/plain.go +++ b/pkg/evaluators/identity/plain.go @@ -7,18 +7,18 @@ import ( "net/http" "github.com/kuadrant/authorino/pkg/auth" - "github.com/kuadrant/authorino/pkg/json" + "github.com/kuadrant/authorino/pkg/expressions" envoy_auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" ) type Plain struct { + Value expressions.Value Pattern string } func (p *Plain) Call(pipeline auth.AuthPipeline, ctx context.Context) (interface{}, error) { - pattern := json.JSONValue{Pattern: p.Pattern} - if object, err := pattern.ResolveFor(pipeline.GetAuthorizationJSON()); object != nil { + if object, err := p.Value.ResolveFor(pipeline.GetAuthorizationJSON()); object != nil { return object, nil } else if err != nil { return nil, err