From f0890d60dd0abc0182a1cde3c436ab60936aef75 Mon Sep 17 00:00:00 2001
From: Guilherme Cassolato <guicassolato@gmail.com>
Date: Mon, 4 Nov 2024 12:08:17 +0100
Subject: [PATCH 1/3] fix: RawExtension to string conversion

Signed-off-by: Guilherme Cassolato <guicassolato@gmail.com>
---
 pkg/evaluators/authorization/authzed.go          | 16 +++++++++++++---
 pkg/evaluators/authorization/kubernetes_authz.go |  3 ++-
 pkg/evaluators/metadata/generic_http.go          |  6 +++++-
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/pkg/evaluators/authorization/authzed.go b/pkg/evaluators/authorization/authzed.go
index 5bc00ee5..933742f5 100644
--- a/pkg/evaluators/authorization/authzed.go
+++ b/pkg/evaluators/authorization/authzed.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/kuadrant/authorino/pkg/auth"
 	"github.com/kuadrant/authorino/pkg/expressions"
+	"github.com/kuadrant/authorino/pkg/json"
 	"google.golang.org/grpc"
 	insecuregrpc "google.golang.org/grpc/credentials/insecure"
 
@@ -60,10 +61,11 @@ func (a *Authzed) Call(pipeline auth.AuthPipeline, ctx gocontext.Context) (inter
 	if err != nil {
 		return nil, err
 	}
+	permissionStr, err := json.StringifyJSON(permission)
 	resp, err := client.CheckPermission(ctx, &authzedpb.CheckPermissionRequest{
 		Resource:   resource,
 		Subject:    &authzedpb.SubjectReference{Object: object},
-		Permission: fmt.Sprintf("%s", permission),
+		Permission: permissionStr,
 	})
 	if err != nil {
 		return nil, err
@@ -91,12 +93,20 @@ func authzedObjectFor(name, kind expressions.Value, authJSON string) (*authzedpb
 	if err != nil {
 		return nil, err
 	}
+	objectIdStr, err := json.StringifyJSON(objectId)
+	if err != nil {
+		return nil, err
+	}
 	objectType, err := kind.ResolveFor(authJSON)
 	if err != nil {
 		return nil, err
 	}
+	objectTypeStr, err := json.StringifyJSON(objectType)
+	if err != nil {
+		return nil, err
+	}
 	return &authzedpb.ObjectReference{
-		ObjectId:   fmt.Sprintf("%s", objectId),
-		ObjectType: fmt.Sprintf("%s", objectType),
+		ObjectId:   objectIdStr,
+		ObjectType: objectTypeStr,
 	}, nil
 }
diff --git a/pkg/evaluators/authorization/kubernetes_authz.go b/pkg/evaluators/authorization/kubernetes_authz.go
index 947327ea..de398938 100644
--- a/pkg/evaluators/authorization/kubernetes_authz.go
+++ b/pkg/evaluators/authorization/kubernetes_authz.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kuadrant/authorino/pkg/auth"
 	"github.com/kuadrant/authorino/pkg/context"
 	"github.com/kuadrant/authorino/pkg/expressions"
+	"github.com/kuadrant/authorino/pkg/json"
 	"github.com/kuadrant/authorino/pkg/log"
 
 	kubeAuthz "k8s.io/api/authorization/v1"
@@ -71,7 +72,7 @@ func (k *KubernetesAuthz) Call(pipeline auth.AuthPipeline, ctx gocontext.Context
 		if err != nil {
 			return "", err
 		}
-		return fmt.Sprintf("%s", resolved), nil
+		return json.StringifyJSON(resolved)
 	}
 
 	user, err := jsonValueToStr(k.User)
diff --git a/pkg/evaluators/metadata/generic_http.go b/pkg/evaluators/metadata/generic_http.go
index 437f21eb..f4843b7c 100644
--- a/pkg/evaluators/metadata/generic_http.go
+++ b/pkg/evaluators/metadata/generic_http.go
@@ -142,7 +142,11 @@ func (h *GenericHttp) buildRequest(ctx gocontext.Context, endpoint, authJSON str
 		if err != nil {
 			return nil, err
 		}
-		req.Header.Set(header.Name, fmt.Sprintf("%s", headerValue))
+		headerValueStr, err := json.StringifyJSON(headerValue)
+		if err != nil {
+			return nil, err
+		}
+		req.Header.Set(header.Name, headerValueStr)
 	}
 
 	req.Header.Set("Content-Type", contentType)

From ff2afd958f8592f1ece117423913c25247c3cf63 Mon Sep 17 00:00:00 2001
From: Guilherme Cassolato <guicassolato@gmail.com>
Date: Mon, 4 Nov 2024 13:29:02 +0100
Subject: [PATCH 2/3] handle conversion error for spicedb permission value

Signed-off-by: Guilherme Cassolato <guicassolato@gmail.com>
---
 pkg/evaluators/authorization/authzed.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/evaluators/authorization/authzed.go b/pkg/evaluators/authorization/authzed.go
index 933742f5..27b6af26 100644
--- a/pkg/evaluators/authorization/authzed.go
+++ b/pkg/evaluators/authorization/authzed.go
@@ -62,6 +62,9 @@ func (a *Authzed) Call(pipeline auth.AuthPipeline, ctx gocontext.Context) (inter
 		return nil, err
 	}
 	permissionStr, err := json.StringifyJSON(permission)
+	if err != nil {
+		return nil, err
+	}
 	resp, err := client.CheckPermission(ctx, &authzedpb.CheckPermissionRequest{
 		Resource:   resource,
 		Subject:    &authzedpb.SubjectReference{Object: object},

From 113717d144f6d3349be47759bf6a63b3bc782e0d Mon Sep 17 00:00:00 2001
From: Guilherme Cassolato <guicassolato@gmail.com>
Date: Mon, 4 Nov 2024 13:36:29 +0100
Subject: [PATCH 3/3] avoid unnecessary json decoding/encoding when the value
 already is a string

Signed-off-by: Guilherme Cassolato <guicassolato@gmail.com>
---
 pkg/json/json.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/json/json.go b/pkg/json/json.go
index 738b102a..e483a811 100644
--- a/pkg/json/json.go
+++ b/pkg/json/json.go
@@ -157,6 +157,10 @@ func ReplaceJSONPlaceholders(source string, jsonData string) string {
 }
 
 func StringifyJSON(data interface{}) (string, error) {
+	_, ok := data.(string)
+	if ok {
+		return data.(string), nil
+	}
 	if dataAsJSON, err := json.Marshal(data); err != nil {
 		return "", err
 	} else {