tektoncd · tekton-robot · May 14, 2021 · May 11, 2021
diff --git a/docs/cel_expressions.md b/docs/cel_expressions.md
@@ -96,9 +96,35 @@ because there's no automatic conversion.
 
 ## cel-go extensions
 
-All the functionality from the cel-go project's [String extension](https://github.com/google/cel-go/tree/master/ext) is available in
+All the functionality from the cel-go project's [CEL extension](https://github.com/google/cel-go/tree/master/ext) is available in
 your CEL expressions.
 
+### cel-go Bytes
+
+The cel-go project function `base64.decode` returns a [CEL `Bytes`](https://github.com/google/cel-spec/blob/master/doc/langdef.md#string-and-bytes-values) value.
+
+To compare this to a string, you will need to convert it to a Bytes type:
+
+```
+base64.decode(body.b64value) == b'hello' # compare to Bytes literal
+base64.decode(body.b64value) == bytes('hello') # convert to bytes.
+```
+
+### Returning Bytes
+
+Confusingly, if you decode a base64 string with the cel-go base64 decoder, it will
+appear in the extension as a base64 encoded string, you will need to explicitly
+convert it to a CEL string.
+
+```yaml
+interceptors:
+  - cel:
+      overlays:
+        - key: base64_decoded
+          expression: "string(base64.decode(body.b64Value))"
+```
+This will correctly appear in the extension as the decoded version.
+
 ## List of extensions
 
 The body from the `http.Request` value is decoded to JSON and exposed, and the
@@ -235,7 +261,7 @@ interceptor.
   </tr>
   <tr>
     <th>
-      decodeb64
+      decodeb64 **deprecated: please use base64.decode**
     </th>
     <td>
       <pre>&lt;string&gt;.decodeb64() -> string</pre>

diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/GoogleCloudPlatform/cloud-builders/gcs-fetcher v0.0.0-20191203181535-308b93ad1f39
 	github.com/gobuffalo/envy v1.9.0 // indirect
 	github.com/golang/protobuf v1.4.3
-	github.com/google/cel-go v0.6.0
+	github.com/google/cel-go v0.7.3
 	github.com/google/go-cmp v0.5.4
 	github.com/google/go-github/v31 v31.0.0
 	github.com/google/uuid v1.2.0

diff --git a/go.sum b/go.sum
@@ -373,9 +373,9 @@ github.com/gonum/matrix v0.0.0-20181209220409-c518dec07be9/go.mod h1:0EXg4mc1CNP
 github.com/gonum/stat v0.0.0-20181125101827-41a0da705a5b/go.mod h1:Z4GIJBJO3Wa4gD4vbwQxXXZ+WHmW6E9ixmNrwvs0iZs=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/cel-go v0.6.0 h1:Li+angxmgvzlwDsPuFc1/nbqnq3gc4K/X7NrWjOADFI=
-github.com/google/cel-go v0.6.0/go.mod h1:rHS68o5G1QcUv/ubiCoZ5nT5LHxRWWfS0qMzTgv42WQ=
-github.com/google/cel-spec v0.4.0/go.mod h1:2pBM5cU4UKjbPDXBgwWkiwBsVgnxknuEJ7C5TDWwORQ=
+github.com/google/cel-go v0.7.3 h1:8v9BSN0avuGwrHFKNCjfiQ/CE6+D6sW+BDyOVoEeP6o=
+github.com/google/cel-go v0.7.3/go.mod h1:4EtyFAHT5xNr0Msu0MJjyGxPUgdr9DlcaPyzLt/kkt8=
+github.com/google/cel-spec v0.5.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -748,6 +748,7 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
+github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
@@ -764,7 +765,6 @@ github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/tektoncd/pipeline v0.20.1-0.20210203144343-1b7a37f0d21d h1:JIWiB3J5auMzmFrv/VUzLt88KmYZsrBMwSHOpHJpuEc=
 github.com/tektoncd/pipeline v0.20.1-0.20210203144343-1b7a37f0d21d/go.mod h1:GwdfGGt/5VhZL8JvJu8kFz8friKufcJ/TJkJmK6uc0U=
-github.com/tektoncd/plumbing v0.0.0-20201021153918-6b7e894737b5 h1:Y2Gd3X79zqvCd6AdiWyi/pnSewSkLxKygpvXNFXwscg=
 github.com/tektoncd/plumbing v0.0.0-20201021153918-6b7e894737b5/go.mod h1:WTWwsg91xgm+jPOKoyKVK/yRYxnVDlUYeDlypB1lDdQ=
 github.com/tektoncd/plumbing v0.0.0-20210420200944-17170d5e7bc9 h1:ZLPo8/vilaxvpdvvdd9ZgIhhQJPkHyS5GeKK8UH4/Yo=
 github.com/tektoncd/plumbing v0.0.0-20210420200944-17170d5e7bc9/go.mod h1:WTWwsg91xgm+jPOKoyKVK/yRYxnVDlUYeDlypB1lDdQ=
@@ -814,7 +814,6 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4-0.20200608061201-1901b56b9515/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5 h1:dntmOdLpSpHlVqbW5Eay97DelsZHe+55D+xC6i0dDS0=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
@@ -1186,7 +1185,6 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
@@ -1201,6 +1199,7 @@ google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200827165113-ac2560b5e952/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201211151036-40ec1c210f7a h1:GnJAhasbD8HiT8DZMvsEx3QLVy/X0icq/MGr0MqRJ2M=

diff --git a/pkg/interceptors/cel/cel.go b/pkg/interceptors/cel/cel.go
@@ -96,6 +96,7 @@ func makeCelEnv(ns string, k kubernetes.Interface) (*cel.Env, error) {
 	return cel.NewEnv(
 		Triggers(ns, k),
 		celext.Strings(),
+		celext.Encoders(),
 		cel.Declarations(
 			decls.NewVar("body", mapStrDyn),
 			decls.NewVar("header", mapStrDyn),
@@ -165,15 +166,21 @@ func (w *Interceptor) Process(ctx context.Context, r *triggersv1.InterceptorRequ
 		var b []byte
 
 		switch val.(type) {
-		case types.String:
+		// this causes types.Bytes to be rendered as a Base64 string this is
+		// because the Go JSON Encoder encodes []bytes this way, see
+		// https://golang.org/pkg/encoding/json/#Marshal
+		//
+		// An alternative might be to return " + val + " for types.Bytes to
+		// simulate the the JSON encoding.
+		case types.String, types.Bytes:
 			raw, err = val.ConvertToNative(structType)
 			if err == nil {
-				b, err = json.Marshal(raw.(*structpb.Value).GetStringValue())
+				b, err = raw.(*structpb.Value).MarshalJSON()
 			}
 		case types.Double, types.Int:
 			raw, err = val.ConvertToNative(structType)
 			if err == nil {
-				b, err = json.Marshal(raw.(*structpb.Value).GetNumberValue())
+				b, err = raw.(*structpb.Value).MarshalJSON()
 			}
 		case traits.Lister:
 			raw, err = val.ConvertToNative(listType)
@@ -212,7 +219,6 @@ func (w *Interceptor) Process(ctx context.Context, r *triggersv1.InterceptorRequ
 			extensions = []byte("{}")
 		}
 		extensions, err = sjson.SetRawBytes(extensions, u.Key, b)
-
 		if err != nil {
 			return interceptors.Failf(codes.Internal, "failed to sjson for key '%s' to '%s': %v", u.Key, val, err)
 		}
@@ -228,7 +234,6 @@ func (w *Interceptor) Process(ctx context.Context, r *triggersv1.InterceptorRequ
 	if err := json.Unmarshal(extensions, &extensionsMap); err != nil {
 		return interceptors.Failf(codes.Internal, "failed to unmarshal extensions into map: %v", err)
 	}
-
 	return &triggersv1.InterceptorResponse{
 		Continue:   true,
 		Extensions: extensionsMap,

diff --git a/pkg/interceptors/cel/cel_test.go b/pkg/interceptors/cel/cel_test.go
@@ -156,7 +156,7 @@ func TestInterceptor_Process(t *testing.T) {
 			},
 		},
 		body: json.RawMessage(`{"value":"test"}`),
-		// TODO: Fix extensions iff key contains ., use sjson to m	erge
+		// TODO: Fix extensions if key contains ., use sjson to merge
 		wantExtensions: map[string]interface{}{
 			"test": map[string]interface{}{
 				"two": "test",
@@ -259,8 +259,23 @@ func TestInterceptor_Process(t *testing.T) {
 		wantExtensions: map[string]interface{}{
 			"one": "bar",
 		},
-	},
-	}
+	}, {
+		name: "decode with cel extension to a field",
+		CEL: &triggersv1.CELInterceptor{
+			Overlays: []triggersv1.CELOverlay{
+				{Key: "value", Expression: "base64.decode(body.b64value) == b'hello'"},
+				{Key: "compare_string", Expression: "base64.decode(body.b64value) == bytes('hello')"},
+				{Key: "decoded", Expression: "base64.decode(body.b64value)"},
+				{Key: "decoded_string", Expression: "string(base64.decode(body.b64value))"},
+			},
+		},
+		body: json.RawMessage(`{"b64value":"aGVsbG8=","test":"hello"}`),
+		wantExtensions: map[string]interface{}{
+			"value":          true,
+			"compare_string": true,
+			"decoded":        "aGVsbG8=",
+			"decoded_string": "hello"},
+	}}
 	for _, tt := range tests {
 		t.Run(tt.name, func(rt *testing.T) {
 			logger := zaptest.NewLogger(t)
@@ -432,7 +447,10 @@ func TestInterceptor_Process_InvalidParams(t *testing.T) {
 }
 
 func TestExpressionEvaluation(t *testing.T) {
-	reg := types.NewRegistry()
+	reg, err := types.NewRegistry()
+	if err != nil {
+		t.Fatal(err)
+	}
 	testSHA := "ec26c3e57ca3a959ca5aad62de7213c562f8c821"
 	testRef := "refs/heads/master"
 	jsonMap := map[string]interface{}{
@@ -496,12 +514,12 @@ func TestExpressionEvaluation(t *testing.T) {
 		{
 			name: "split a string on a character",
 			expr: "body.ref.split('/')",
-			want: types.NewStringList(types.NewRegistry(), refParts),
+			want: types.NewStringList(reg, refParts),
 		},
 		{
 			name: "extract a branch from a non refs string",
 			expr: "body.value.split('/')",
-			want: types.NewStringList(types.NewRegistry(), []string{"testing"}),
+			want: types.NewStringList(reg, []string{"testing"}),
 		},
 		{
 			name: "combine split and truncate",
@@ -591,13 +609,25 @@ func TestExpressionEvaluation(t *testing.T) {
 			expr: "body.jsonArray.marshalJSON()",
 			want: types.String(`["one","two"]`),
 		},
+		{
+			name: "extension base64 decoding",
+			expr: "base64.decode(body.b64value)",
+			want: types.Bytes("example"),
+		},
+		{
+			name: "extension base64 encoding",
+			expr: "base64.encode(b'example')",
+			want: types.String("ZXhhbXBsZQ=="),
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(rt *testing.T) {
 			ctx, _ := rtesting.SetupFakeContext(rt)
 			kubeClient := fakekubeclient.Get(ctx)
 			if tt.secret != nil {
-				if _, err := kubeClient.CoreV1().Secrets(tt.secret.ObjectMeta.Namespace).Create(ctx, tt.secret, metav1.CreateOptions{}); err != nil {
+				if _, err := kubeClient.CoreV1().
+					Secrets(tt.secret.ObjectMeta.Namespace).
+					Create(ctx, tt.secret, metav1.CreateOptions{}); err != nil {
 					rt.Error(err)
 				}
 			}
@@ -615,7 +645,11 @@ func TestExpressionEvaluation(t *testing.T) {
 				rt.Errorf("error evaluating expression: %s", got)
 				return
 			}
-			if !got.Equal(tt.want).(types.Bool) {
+			v, ok := got.Equal(tt.want).(types.Bool)
+			if !ok {
+				rt.Errorf("failed to compare got %v, want %v", got, tt.want)
+			}
+			if ok && v != types.True {
 				rt.Errorf("evaluate() = %s, wantMsg %s", got, tt.want)
 			}
 		})

diff --git a/pkg/interceptors/cel/triggers.go b/pkg/interceptors/cel/triggers.go
@@ -344,7 +344,11 @@ func parseJSONString(val ref.Val) ref.Val {
 	if err != nil {
 		return types.NewErr("failed to decode '%v' in parseJSON: %w", str, err)
 	}
-	return types.NewDynamicMap(types.NewRegistry(), decodedVal)
+	r, err := types.NewRegistry()
+	if err != nil {
+		return types.NewErr("failed to create a new registry in parseJSON: %w", err)
+	}
+	return types.NewDynamicMap(r, decodedVal)
 }
 
 func parseYAMLString(val ref.Val) ref.Val {
@@ -357,7 +361,11 @@ func parseYAMLString(val ref.Val) ref.Val {
 	if err != nil {
 		return types.NewErr("failed to decode '%v' in parseYAML: %w", str, err)
 	}
-	return types.NewDynamicMap(types.NewRegistry(), decodedVal)
+	r, err := types.NewRegistry()
+	if err != nil {
+		return types.NewErr("failed to create a new registry in parseJSON: %w", err)
+	}
+	return types.NewDynamicMap(r, decodedVal)
 }
 
 func parseURLString(val ref.Val) ref.Val {
@@ -370,8 +378,11 @@ func parseURLString(val ref.Val) ref.Val {
 	if err != nil {
 		return types.NewErr("failed to decode '%v' in parseURL: %w", str, err)
 	}
-
-	return types.NewDynamicMap(types.NewRegistry(), urlToMap(parsed))
+	r, err := types.NewRegistry()
+	if err != nil {
+		return types.NewErr("failed to create a new registry in parseJSON: %w", err)
+	}
+	return types.NewDynamicMap(r, urlToMap(parsed))
 }
 
 func marshalJSON(val ref.Val) ref.Val {

diff --git a/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go b/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go
diff --git a/vendor/github.com/google/cel-go/cel/BUILD.bazel b/vendor/github.com/google/cel-go/cel/BUILD.bazel