fix: empty header check in other blocks (#3151)

dd756ef8 · Keshav Prasad · GitHub · 6ae171b3 · dd756ef8
Unverified Commit dd756ef8 authored 3 years ago by Keshav Prasad Committed by GitHub 3 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 7 additions and 2 deletions
+7 -2
--- a/kubernetes/opa/common/common.rego
+++ b/kubernetes/opa/common/common.rego
@@ -51,10 +51,10 @@ token_roles = user_token.payload.roles {
 userid = token_userid {
    not http_request.headers["x-authenticated-for"]
 } else = token_userid {
-    http_request.headers["x-authenticated-for"] == "" # This is a temporary fix as the mobile app is sending empty headers as x-authenticated-for: ""
+    count(http_request.headers["x-authenticated-for"]) == 0 # This is a temporary fix as the mobile app is sending empty headers as x-authenticated-for: ""
 } else = for_token_userid {
    http_request.headers["x-authenticated-for"]
-    http_request.headers["x-authenticated-for"] != ""
+    count(http_request.headers["x-authenticated-for"]) > 0
 }

 acls_check(acls) = indicies {
@@ -80,9 +80,14 @@ federation_id_check {

 parent_id_check {
    http_request.headers["x-authenticated-for"]
+    count(http_request.headers["x-authenticated-for"]) > 0
    token_userid == for_token_parentid
 }

+parent_id_check {
+    count(http_request.headers["x-authenticated-for"]) == 0
+}
+
 parent_id_check {
    not http_request.headers["x-authenticated-for"]
 }