Skip to content

Commit

Permalink
Merge pull request kubernetes#122975 from aramase/aramase/c/cleanup_a…
Browse files Browse the repository at this point in the history 
…uthn_validation

cleanup structured authn/authz error logic
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot committed Mar 2, 2024
2 parents 673d3c9 + c2c4f46 commit 4e8674f
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,15 +412,15 @@ func validateUserValidationRules(compiler authenticationcel.Compiler, celMapper
func compileClaimsCELExpression(compiler authenticationcel.Compiler, expression authenticationcel.ExpressionAccessor, fldPath *field.Path) (*authenticationcel.CompilationResult, *field.Error) {
compilationResult, err := compiler.CompileClaimsExpression(expression)
if err != nil {
return nil, convertCELErrorToValidationError(fldPath, expression, err)
return nil, convertCELErrorToValidationError(fldPath, expression.GetExpression(), err)
}
return &compilationResult, nil
}

func compileUserCELExpression(compiler authenticationcel.Compiler, expression authenticationcel.ExpressionAccessor, fldPath *field.Path) (*authenticationcel.CompilationResult, *field.Error) {
compilationResult, err := compiler.CompileUserExpression(expression)
if err != nil {
return nil, convertCELErrorToValidationError(fldPath, expression, err)
return nil, convertCELErrorToValidationError(fldPath, expression.GetExpression(), err)
}
return &compilationResult, nil
}
Expand Down Expand Up @@ -609,19 +609,19 @@ func compileMatchConditionsExpression(fldPath *field.Path, compiler authorizatio
}
compilationResult, err := compiler.CompileCELExpression(authzExpression)
if err != nil {
return compilationResult, convertCELErrorToValidationError(fldPath, authzExpression, err)
return compilationResult, convertCELErrorToValidationError(fldPath, authzExpression.GetExpression(), err)
}
return compilationResult, nil
}

func convertCELErrorToValidationError(fldPath *field.Path, expression authorizationcel.ExpressionAccessor, err error) *field.Error {
func convertCELErrorToValidationError(fldPath *field.Path, expression string, err error) *field.Error {
var celErr *cel.Error
if errors.As(err, &celErr) {
switch celErr.Type {
case cel.ErrorTypeRequired:
return field.Required(fldPath, celErr.Detail)
case cel.ErrorTypeInvalid:
return field.Invalid(fldPath, expression.GetExpression(), celErr.Detail)
return field.Invalid(fldPath, expression, celErr.Detail)
default:
return field.InternalError(fldPath, celErr)
}
Expand Down

0 comments on commit 4e8674f

Please sign in to comment.