How to extract key1 OR key2 from an object?

[ivan-radic]

Hi all,

I can't figure out how to do a simple task.
My input looks like this:

attributes": { "request": { "http": { "headers": {
                    "x-amzn-oidc-data": some_jwt_string,
                    "authorization": some_jwt_string,
                    ...other header key:value pairs
                  } } } }

Now, input can contain ONLY ONE of: "x-amzn-oidc-data" or "authorization", and I need to extract it.
Reading documentation and googling didn't help. ChatGPT suggested something that almost worked, but not really.

So, I need a REGO function that is equivalent of this python code:

def get_token(input_):
  for key, value in input_["attributes"]["request"]["http"]["headers"].items():
    if key == "x-amzn-oidc-data":
      return value
    if key == "authorization":
      return value[7:]

Can someone help me with this?
Thanks in advance.

Best regards,
Ivan

[srenatus]

Hey Ivan,

how about this:

jwt_token := input.attributes.request.http.headers["x-amzn-oidc-data"]
jwt_token := input.attributes.request.http.headers.authorization

It's a complete rule jwt_token, and it'll either evaluate to the value of the one header, if present; or the other header, if present; or it'll be undefined.

You would run into trouble if both headers could be present, since complete rules may only evaluate to one value. If both were possible, you'd need to decide some precedence rule and encode that in your rule bodies, like

jwt_token := input.attributes.request.http.headers.authorization
jwt_token := input.attributes.request.http.headers["x-amzn-oidc-data"] if not input.attributes.request.http.headers.authorization

☝️ This would give "authorization" precedence over "x-amzn-oidc-data" (and it's using future.keywords.if). You could also do the same with an else.

[ivan-radic]

Hi Stephan,

your second suggestion is spot on.
Perfect answer! Thanks a million!

Best regards,
Ivan

[srenatus]

Let's hope chatgpt learns from this.