This change is needed to allow the CEL evaluation to know the type of expression when the above capabilities are used.
Since we validate that every expression evaluates to bool, using a dynamic map with this type of expression will result in an error:
kw.crypto.(...).verify().isTrusted
as the compiler does not know the type of the isTrusted key, being the map dynamic.
The expression needs now to be written as follows:
kw.crypto(...).verify().isTrusted() (note that isTrusted is now a method returning a bool)
Description
Changes the crypto and the sigstore libraries to return a type (with getter methods) as a response instead of returning a dynamic map.
This is similar to what k8s is doing here: https://github.com/kubernetes/apiextensions-apiserver/blob/61b8b9cef04286f69fa14cc33a1faaafafc0dad5/pkg/apiserver/schema/cel/library/urls.go#L105 due to: https://github.com/google/cel-go/issues/876
This change is needed to allow the CEL evaluation to know the type of expression when the above capabilities are used. Since we validate that every
expressionevaluates tobool, using a dynamic map with this type of expression will result in an error:kw.crypto.(...).verify().isTrustedas the compiler does not know the type of the
isTrustedkey, being the map dynamic.The expression needs now to be written as follows:
kw.crypto(...).verify().isTrusted()(note thatisTrustedis now a method returning a bool)