CEL

Signed-off-by: Alex Snaps <alex@wcgw.dev>
Kuadrant · Oct 30, 2024 · 4324134 · 4324134
1 parent 44052a6
commit 4324134
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 9 deletions.
diff --git a/controllers/auth_config_controller.go b/controllers/auth_config_controller.go
@@ -678,7 +678,7 @@ func valueFrom(user *api.ValueOrSelector) (expressions.Value, error) {
 	var strValue expressions.Value
 	var err error
 	if user.Expression != "" {
-		if strValue, err = cel.NewExpression(string(user.Expression)); err != nil {
+		if strValue, err = cel.NewStringExpression(string(user.Expression)); err != nil {
 			return nil, err
 		}
 	} else {
@@ -1128,7 +1128,7 @@ func getJsonFromStaticDynamic(value *api.ValueOrSelector) (expressions.Value, er
 	}
 	expression := string(value.Expression)
 	if expression != "" {
-		return cel.NewExpression(expression)
+		return cel.NewStringExpression(expression)
 	}
 
 	return &json.JSONValue{

diff --git a/pkg/expressions/cel/expressions.go b/pkg/expressions/cel/expressions.go
@@ -87,11 +87,7 @@ func (e *Expression) ResolveFor(json string) (interface{}, error) {
 		return nil, err
 	}
 
-	if jsonVal, err := ValueToJSON(result); err != nil {
-		return nil, err
-	} else {
-		return jsonVal, nil
-	}
+	return ValueToJSON(result)
 }
 
 func (e *StringExpression) ResolveFor(json string) (interface{}, error) {

diff --git a/tests/v1beta3/authconfig.yaml b/tests/v1beta3/authconfig.yaml
@@ -37,7 +37,7 @@ spec:
         jwt-rbac:
           value: true
         roles:
-          expression: auth.identity.realm_access.roles
+          expression: "has(auth.identity.realm_access) ? auth.identity.realm_access.roles : []"
         username:
           expression: "has(auth.identity.preferred_username) ? auth.identity.preferred_username : 'unknown'"
     oauth2-introspection:
@@ -53,7 +53,7 @@ spec:
         jwt-rbac:
           value: true
         roles:
-          expression: auth.identity.realm_access.roles
+          expression: "has(auth.identity.realm_access) ? auth.identity.realm_access.roles : []"
         username:
           expression: "has(auth.identity.preferred_username) ? auth.identity.preferred_username : 'unknown'"
       cache: