Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
I know it's halloween, but still... we should rewrite this in Ruby
Browse files Browse the repository at this point in the history
Signed-off-by: Alex Snaps <alex@wcgw.dev>
alexsnaps committed Oct 24, 2024
1 parent b445436 commit dec8538
Showing 7 changed files with 316 additions and 23 deletions.
4 changes: 2 additions & 2 deletions controllers/auth_config_controller.go
Original file line number Diff line number Diff line change
@@ -183,13 +183,13 @@ func (r *AuthConfigReconciler) translateAuthConfig(ctx context.Context, authConf
for identityCfgName, identity := range authConfigIdentityConfigs {
extendedProperties := make([]evaluators.IdentityExtension, len(identity.Defaults)+len(identity.Overrides))
for propertyName, property := range identity.Defaults {
extendedProperties = append(extendedProperties, evaluators.NewIdentityExtension(propertyName, &json.JSONValue{
extendedProperties = append(extendedProperties, evaluators.NewIdentityExtension(propertyName, json.JSONValue{
Static: property.Value,
Pattern: property.Selector,
}, false))
}
for propertyName, property := range identity.Overrides {
extendedProperties = append(extendedProperties, evaluators.NewIdentityExtension(propertyName, &json.JSONValue{
extendedProperties = append(extendedProperties, evaluators.NewIdentityExtension(propertyName, json.JSONValue{
Static: property.Value,
Pattern: property.Selector,
}, true))
146 changes: 146 additions & 0 deletions install/manifests.yaml
Original file line number Diff line number Diff line change
@@ -5254,6 +5254,80 @@ kind: ClusterRole
metadata:
name: authorino-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- delete
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorino.kuadrant.io
resources:
@@ -5274,6 +5348,12 @@ rules:
- get
- patch
- update
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
@@ -5291,3 +5371,69 @@ rules:
- get
- list
- watch
- apiGroups:
- operator.authorino.kuadrant.io
resources:
- authorinos
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- operator.authorino.kuadrant.io
resources:
- authorinos/finalizers
verbs:
- update
- apiGroups:
- operator.authorino.kuadrant.io
resources:
- authorinos/status
verbs:
- get
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
verbs:
- create
- get
- list
- update
- watch
146 changes: 146 additions & 0 deletions install/rbac/role.yaml
Original file line number Diff line number Diff line change
@@ -4,6 +4,80 @@ kind: ClusterRole
metadata:
name: manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- delete
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorino.kuadrant.io
resources:
@@ -24,6 +98,12 @@ rules:
- get
- patch
- update
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
@@ -41,3 +121,69 @@ rules:
- get
- list
- watch
- apiGroups:
- operator.authorino.kuadrant.io
resources:
- authorinos
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- operator.authorino.kuadrant.io
resources:
- authorinos/finalizers
verbs:
- update
- apiGroups:
- operator.authorino.kuadrant.io
resources:
- authorinos/status
verbs:
- get
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
verbs:
- create
- get
- list
- update
- watch
10 changes: 6 additions & 4 deletions pkg/evaluators/identity.go
Original file line number Diff line number Diff line change
@@ -199,11 +199,13 @@ func (config *IdentityConfig) ResolveExtendedProperties(pipeline auth.AuthPipeli
authJSON := pipeline.GetAuthorizationJSON()

for _, extendedProperty := range config.ExtendedProperties {
resolved, err := extendedProperty.ResolveFor(extendedIdentityObject, authJSON)
if err != nil {
return nil, err
if extendedProperty.Value != nil {
resolved, err := extendedProperty.ResolveFor(extendedIdentityObject, authJSON)
if err != nil {
return nil, err
}
extendedIdentityObject[extendedProperty.Name] = resolved
}
extendedIdentityObject[extendedProperty.Name] = resolved
}

return extendedIdentityObject, nil
5 changes: 2 additions & 3 deletions pkg/evaluators/identity_extension.go
Original file line number Diff line number Diff line change
@@ -1,15 +1,14 @@
package evaluators

import (
"github.com/kuadrant/authorino/pkg/expressions"
"github.com/kuadrant/authorino/pkg/json"
)

func NewIdentityExtension(name string, value expressions.Value, overwrite bool) IdentityExtension {
func NewIdentityExtension(name string, value json.JSONValue, overwrite bool) IdentityExtension {
return IdentityExtension{
JSONProperty: json.JSONProperty{
Name: name,
Value: value,
Value: &value,
},
Overwrite: overwrite,
}
Loading

0 comments on commit dec8538

Please sign in to comment.