Documentation ¶
Index ¶
- Constants
- Variables
- func CerbosCELLib() cel.EnvOption
- func GenerateRepr(p *policyv1.Policy) (*policyv1.GeneratedPolicy, error)
- func MarshalProtoToRego(p proto.Message) (ast.Value, error)
- func NewCustomCELTypeAdapter() ref.TypeAdapter
- func NewRegoCompiler() *ast.Compiler
- type CELCompileError
- type CELCondition
- type CELHelper
- type Error
- type RegoGen
- func (rg *RegoGen) AddDerivedRole(dr *policyv1.RoleDef) error
- func (rg *RegoGen) AddPrincipalRule(rule *policyv1.PrincipalRule) error
- func (rg *RegoGen) AddResourceRule(rule *policyv1.ResourceRule) error
- func (rg *RegoGen) DefaultEffectDeny()
- func (rg *RegoGen) DefaultEffectNoMatch()
- func (rg *RegoGen) EffectiveDerivedRoles(hasImports bool)
- func (rg *RegoGen) EffectsComprehension(defaultEffect string)
- func (rg *RegoGen) Generate() (*Result, error)
- type Result
Constants ¶
View Source
const ( CELRequestIdent = "request" CELResourceAbbrev = "R" CELPrincipalAbbrev = "P" )
View Source
const ( AllowEffectIdent = "allow" CELEvalIdent = `cerbos_cel_eval` DenyEffectIdent = "deny" EffectsIdent = "cerbos_effects" EffectiveDerivedRolesIdent = "cerbos_effective_derived_roles" NoMatchEffectIdent = "no_match" )
Variables ¶
View Source
var ( CELEvalDecl = types.NewFunction( types.Args(types.NewObject(nil, types.NewDynamicProperty(types.S, types.A)), types.S, types.S), types.B) CELEvalFunc = ®o.Function{ Name: CELEvalIdent, Decl: CELEvalDecl, } )
View Source
var ErrCodeGenFailure = errors.New("code generation error")
Functions ¶
func CerbosCELLib ¶
CerbosCELLib returns the custom CEL functions provided by Cerbos.
func GenerateRepr ¶
func GenerateRepr(p *policyv1.Policy) (*policyv1.GeneratedPolicy, error)
GenerateRepr generates code for the given policy and returns the serializable representation of it.
func MarshalProtoToRego ¶
MarshalProtoToRego converts a protobuf message into a Rego Value.
func NewCustomCELTypeAdapter ¶
func NewCustomCELTypeAdapter() ref.TypeAdapter
NewCustomCELTypeAdapter provides a CEL type adaptor than can deal with json.Number values returned by Rego.
func NewRegoCompiler ¶
Types ¶
type CELCompileError ¶
CELCompileError holds CEL compilation errors.
func (*CELCompileError) Error ¶
func (cce *CELCompileError) Error() string
func (*CELCompileError) Unwrap ¶
func (cce *CELCompileError) Unwrap() error
type CELCondition ¶
type CELCondition struct {
// contains filtered or unexported fields
}
func CELConditionFromCheckedExpr ¶
func CELConditionFromCheckedExpr(expr *exprpb.CheckedExpr) *CELCondition
func GenerateCELCondition ¶
func GenerateCELCondition(parent string, m *policyv1.Match) (*CELCondition, error)
func (*CELCondition) CheckedExpr ¶
func (cc *CELCondition) CheckedExpr() (*exprpb.CheckedExpr, error)
type CELHelper ¶
type CELHelper struct {
// contains filtered or unexported fields
}
func NewCELHelper ¶
func (*CELHelper) CELConditionFromCheckedExpr ¶
func (ch *CELHelper) CELConditionFromCheckedExpr(expr *exprpb.CheckedExpr) *CELCondition
func (*CELHelper) GenerateCELCondition ¶
type Error ¶
func (Error) MarshalJSON ¶
type RegoGen ¶
RegoGen is a Rego code generator.
func NewRegoGen ¶
func (*RegoGen) AddPrincipalRule ¶
func (rg *RegoGen) AddPrincipalRule(rule *policyv1.PrincipalRule) error
func (*RegoGen) AddResourceRule ¶
func (rg *RegoGen) AddResourceRule(rule *policyv1.ResourceRule) error
func (*RegoGen) DefaultEffectDeny ¶
func (rg *RegoGen) DefaultEffectDeny()
func (*RegoGen) DefaultEffectNoMatch ¶
func (rg *RegoGen) DefaultEffectNoMatch()
func (*RegoGen) EffectiveDerivedRoles ¶
func (*RegoGen) EffectsComprehension ¶
type Result ¶
type Result struct { ModName string ModID namer.ModuleID Module *ast.Module Conditions map[string]*CELCondition }
func ResultFromRepr ¶
func ResultFromRepr(repr *policyv1.GeneratedPolicy) (*Result, error)
Click to show internal directories.
Click to hide internal directories.