codegen

package

v0.7.0 Latest Latest Go to latest Published: Sep 22, 2021 License: Apache-2.0 Imports: 30 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cerbos/cerbos

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func CerbosCELLib() cel.EnvOption
func GenerateRepr(p *policyv1.Policy) (*policyv1.GeneratedPolicy, error)
func MarshalProtoToRego(p proto.Message) (ast.Value, error)
func NewCustomCELTypeAdapter() ref.TypeAdapter
func NewRegoCompiler() *ast.Compiler
type CELCompileError
- func (cce *CELCompileError) Error() string
- func (cce *CELCompileError) Unwrap() error
type CELCondition
- func CELConditionFromCheckedExpr(expr *exprpb.CheckedExpr) *CELCondition
- func GenerateCELCondition(parent string, m *policyv1.Match) (*CELCondition, error)
- func (cc *CELCondition) CheckedExpr() (*exprpb.CheckedExpr, error)
- func (cc *CELCondition) Program() (cel.Program, error)
type CELHelper
- func NewCELHelper() (*CELHelper, error)
- func (ch *CELHelper) CELConditionFromCheckedExpr(expr *exprpb.CheckedExpr) *CELCondition
- func (ch *CELHelper) GenerateCELCondition(parent string, m *policyv1.Match) (*CELCondition, error)
type Error
- func (e Error) Display() string
- func (e Error) Error() string
- func (e Error) MarshalJSON() ([]byte, error)
- func (e Error) Unwrap() error
type RegoGen
- func NewRegoGen(packageName string, imports ...string) *RegoGen
- func (rg *RegoGen) AddDerivedRole(dr *policyv1.RoleDef) error
- func (rg *RegoGen) AddPrincipalRule(rule *policyv1.PrincipalRule) error
- func (rg *RegoGen) AddResourceRule(rule *policyv1.ResourceRule) error
- func (rg *RegoGen) DefaultEffectDeny()
- func (rg *RegoGen) DefaultEffectNoMatch()
- func (rg *RegoGen) EffectiveDerivedRoles(hasImports bool)
- func (rg *RegoGen) EffectsComprehension(defaultEffect string)
- func (rg *RegoGen) Generate() (*Result, error)
type Result
- func GenerateCode(p *policyv1.Policy) (*Result, error)
- func ResultFromRepr(repr *policyv1.GeneratedPolicy) (*Result, error)
- func (cgr *Result) ToRepr() (*policyv1.GeneratedPolicy, error)

Constants ¶

View Source

const (
	CELRequestIdent    = "request"
	CELResourceAbbrev  = "R"
	CELPrincipalAbbrev = "P"
)

View Source

const (
	AllowEffectIdent           = "allow"
	CELEvalIdent               = `cerbos_cel_eval`
	DenyEffectIdent            = "deny"
	EffectsIdent               = "cerbos_effects"
	EffectiveDerivedRolesIdent = "cerbos_effective_derived_roles"
	NoMatchEffectIdent         = "no_match"
)

Variables ¶

View Source

var (
	CELEvalDecl = types.NewFunction(
		types.Args(types.NewObject(nil, types.NewDynamicProperty(types.S, types.A)), types.S, types.S),
		types.B)

	CELEvalFunc = &rego.Function{
		Name: CELEvalIdent,
		Decl: CELEvalDecl,
	}
)

View Source

var ErrCodeGenFailure = errors.New("code generation error")

Functions ¶

func CerbosCELLib ¶

func CerbosCELLib() cel.EnvOption

CerbosCELLib returns the custom CEL functions provided by Cerbos.

func GenerateRepr ¶

func GenerateRepr(p *policyv1.Policy) (*policyv1.GeneratedPolicy, error)

GenerateRepr generates code for the given policy and returns the serializable representation of it.

func MarshalProtoToRego ¶

func MarshalProtoToRego(p proto.Message) (ast.Value, error)

MarshalProtoToRego converts a protobuf message into a Rego Value.

func NewCustomCELTypeAdapter ¶

func NewCustomCELTypeAdapter() ref.TypeAdapter

NewCustomCELTypeAdapter provides a CEL type adaptor than can deal with json.Number values returned by Rego.

func NewRegoCompiler ¶

func NewRegoCompiler() *ast.Compiler

Types ¶

type CELCompileError ¶

type CELCompileError struct {
	Parent string
	Issues *cel.Issues
}

CELCompileError holds CEL compilation errors.

func (*CELCompileError) Error ¶

func (cce *CELCompileError) Error() string

func (*CELCompileError) Unwrap ¶

func (cce *CELCompileError) Unwrap() error

type CELCondition ¶

type CELCondition struct {
	// contains filtered or unexported fields
}

func CELConditionFromCheckedExpr ¶

func CELConditionFromCheckedExpr(expr *exprpb.CheckedExpr) *CELCondition

func GenerateCELCondition ¶

func GenerateCELCondition(parent string, m *policyv1.Match) (*CELCondition, error)

func (*CELCondition) CheckedExpr ¶

func (cc *CELCondition) CheckedExpr() (*exprpb.CheckedExpr, error)

func (*CELCondition) Program ¶

func (cc *CELCondition) Program() (cel.Program, error)

type CELHelper ¶

type CELHelper struct {
	// contains filtered or unexported fields
}

func NewCELHelper ¶

func NewCELHelper() (*CELHelper, error)

func (*CELHelper) CELConditionFromCheckedExpr ¶

func (ch *CELHelper) CELConditionFromCheckedExpr(expr *exprpb.CheckedExpr) *CELCondition

func (*CELHelper) GenerateCELCondition ¶

func (ch *CELHelper) GenerateCELCondition(parent string, m *policyv1.Match) (*CELCondition, error)

type Error ¶

type Error struct {
	File        string
	Description string
	Err         error
}

func (Error) Display ¶

func (e Error) Display() string

func (Error) Error ¶

func (e Error) Error() string

func (Error) MarshalJSON ¶

func (e Error) MarshalJSON() ([]byte, error)

func (Error) Unwrap ¶

func (e Error) Unwrap() error

type RegoGen ¶

type RegoGen struct {
	*strings.Builder
	// contains filtered or unexported fields
}

RegoGen is a Rego code generator.

func NewRegoGen ¶

func NewRegoGen(packageName string, imports ...string) *RegoGen

func (*RegoGen) AddDerivedRole ¶

func (rg *RegoGen) AddDerivedRole(dr *policyv1.RoleDef) error

func (*RegoGen) AddPrincipalRule ¶

func (rg *RegoGen) AddPrincipalRule(rule *policyv1.PrincipalRule) error

func (*RegoGen) AddResourceRule ¶

func (rg *RegoGen) AddResourceRule(rule *policyv1.ResourceRule) error

func (*RegoGen) DefaultEffectDeny ¶

func (rg *RegoGen) DefaultEffectDeny()

func (*RegoGen) DefaultEffectNoMatch ¶

func (rg *RegoGen) DefaultEffectNoMatch()

func (*RegoGen) EffectiveDerivedRoles ¶

func (rg *RegoGen) EffectiveDerivedRoles(hasImports bool)

func (*RegoGen) EffectsComprehension ¶

func (rg *RegoGen) EffectsComprehension(defaultEffect string)

func (*RegoGen) Generate ¶

func (rg *RegoGen) Generate() (*Result, error)

type Result ¶

type Result struct {
	ModName    string
	ModID      namer.ModuleID
	Module     *ast.Module
	Conditions map[string]*CELCondition
}

func GenerateCode ¶

func GenerateCode(p *policyv1.Policy) (*Result, error)

func ResultFromRepr ¶

func ResultFromRepr(repr *policyv1.GeneratedPolicy) (*Result, error)

func (*Result) ToRepr ¶

func (cgr *Result) ToRepr() (*policyv1.GeneratedPolicy, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL