alexsnaps
commented
3 days ago As part of the refactoring Value.ResolveFor would be changed to not take a JSON literal in anymore, but the WellKnownAttributes directly... so they still can be "cached" (kept around) on the call site, but the callee would now be the one to decide how to marshal that data...
type Value interface {
ResolveFor(attributes *WellKnownAttributes) (interface{}, error)
}
// where WellKnownAttributes are obtained from the AuthPipeline, just as the JSON currently is with GetAuthorizationJSON
value.ResolveFor(authPipeline.GetWellKnowAttributes())
This has become more painful because of the introduction of CEL, but
request.timeis made available as the struct that backs it:map[nanos:68000 seconds:1.730319299e+09]. With CEL having first class support it is probably expected (and documented) to be available as a properTimestamp. Even in JSON tho, it would be probably be best represented in RFC3339 format.Proposal
protojsondeals with these conversions properly. Which is already used to produce the intermediary JSON result coming back from a CEL Value, as well as feeding outWellKnownAttributesinto the interpreter.requestitself is protobuf as it comes fromenvoy/service/auth/v3'sAttributeContextwhich is autogenerated from a.proto.I'm thinking we should have our own
WellKnownAttributesspec'ed as protobuf and useprotojsonto marshal that data. With that approach, no json marshaling would actually to inject theWellKnownAttributesinto the CEL interpreter, but they would be made available as protobufMessages directly.So the proposal is to refactor all of
WellKnownAttributesinto.proto, and use that generated code to produce proper typed JSON/CEL Values. wdyt?