policy

package module
v0.0.0-...-98789f3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2024 License: Apache-2.0, BSD-3-Clause Imports: 16 Imported by: 0

README

CEL Policy

The Common Expression Language (CEL) supports simple expressions: no variables, functions, or modules. However, CEL expression graphs can be composed together, allowing for reuse and development clarity which is not otherwise possible within CEL.

To address this case, we're introducing the CEL Policy format which is fully runtime compatible with CEL. All of the same performance and safety hardening guarantees which apply to CEL also apply to CEL Policy. The net effect is significantly improved authoring and testability. The YAML-based policy format is easily extensible and inspired by Kubernetes Admission Policy with CEL.

Policy Language

A policy is a named instance of a rule which consists of a set of conditional outputs and conditional sub-rules. Matches within the rule and subrules are combined and ordered according to the policy evaluation semantic. The default semantic is FIRST_MATCH. The supported top-level fields in a policy include: name, description, imports, and rule.

Rule

The rule node in a policy is the primary entry point to CEL computations. Fields above the rule are intended to simplify or support the CEL expressions within the rule block. For example, the imports list refers to a set of type names who should be imported by their simple name within the CEL expressions contained in the rule.

Variables

A rule has a single variables block. Variables are written as an ordered list. Variables may refer to another variable; however, the variable must be declared before use, i.e. be defined before it is referenced. A variable has a name and an expression.

variables:
  -   name: first_item
    expression: "1"
  -   name: list_of_items
    expression: "[variables.first_item, 2, 3, 4]"

Variables in CEL Policy are lazily evaluated and memoized as CEL is side-effect free. Only the variables which are accessed during a match condition or an output are evaluated. The use of a variable is equivalent to using the cel.bind() macro to introduce local computations within a CEL expression.

Match

A rule has a single match block. The match block should have at least one output value, though output expressions may be conditional. The default evaluation order for the sequence of matches is top-down, first-match.

rule:
  match:
    -   condition: "request.user.name.startsWith('j')"
      output: "Hi, J!"
    -   output: "Hi, " + request.user.name + "!"

In the example, the policy will alternate the decision based on the user's first name, choosing either to greet them by first initial or by full name if the name does not start with j. This is equivalent to the following CEL expression:

request.user.name.startsWith('j')
  ? "Hi, J!"
  : "Hi, " + request.user.name + "!"

For simple cases, this ternary may be simpler to write; however, as the number of cases grows the ternary becomes less and less readable and the policy format allows for simpler edits in addition to expression composition:

rule:
  variables:
    -   name: name
      expression: "request.user.name"
  match:
    -   condition: "variables.name.startsWith('j')"
      output: "Hi, J!"
    -   output: "Hi, " + variables.name + "!"

When the condition is absent it defaults to true. Since the evaluation algorithm is first-match, an output without a condition behaves like a default evaluation result if no other match conditions are satisfied.

Condition

A condition expression must type-check to a bool return type. When a condition predicate evaluates to true, either an output expression is returned or a nested rule result is returned. Using a condition with nested rule values allows for the declaration of rule blocks with local variables and reduces the complexity of condition expressions within the nested rule.

If all output expressions within a rule have associated condition predicates, then the return type of the policy is optional_type(type(output)). In other words, if the policy is evaluating true or false output expressions, but all output values are conditional, then the output type of the policy is optional_type(bool). If the nested rule does not result in an output, then the optional.none() value is returned as the overall policy result.

Taking our example from earlier, since the match is exhaustive and includes a default output, then the result type of this policy is string

rule:
  variables:
    -   name: name
      expression: "request.user.name"
  match:
    -   condition: "variables.name.startsWith('j')"
      output: "Hi, J!"
    -   output: "Hi, " + variables.name + "!"

If we remove the last output, then the result type is optional_type(string) since not all evaluation paths will result in an output.

rule:
  match:
    -   condition: "request.user.name.startsWith('j')"
      output: "Hi, J!"

For more information on optionals, see https://github.com/google/cel-spec/wiki/proposal-246 for more information about optional values within CEL.

Output

The output field is optional and is, effectively, just like any other CEL expression; however, the output expression types must all agree within the policy expression graph. An output expression may be simple, such as a bool or string value, or it may be much more complex such as a JSON-like map or a strongly-typed object like a protocol buffer message.

The following example presents a very subtle distinction between the output types with a bool or a string as the possible output type.

rule:
  match:
    -   condition: "true"
      output: "true"
    -   output: "'true'"

This configuration is invalid and will trigger a compilation error:

incompatible output types: bool not assignable to string
Imports

When constructing complex object types such as protocol buffers, imports can be useful in simplifying object construction.

As an example, let's use the following protocol buffer message definitions:

package dev.cel.example;

message ComplexDocument {
   message Section {
     string name = 1;
     string author = 2;
     google.protobuf.Timestamp created_at = 3;
     google.protobuf.Timestamp last_modified = 4;
   }
   string title = 1;
   Section sections = 2;
}

To construct an instance of a document like this within CEL, the fully qualified type names must be used:

rule:
  match:
    -   output: >
      dev.cel.example.ComplexDocument{
        title: "Example Document"
        sections: [
          dev.cel.example.ComplexDocument.Section{
            name: "Overview",
            author: "tristan@cel.dev",
            created_at: timestamp("2024-09-20T16:50:00Z")
          }
        ]
     }

Using the imports clause the policy, the type name and expression can be simplified:

imports:
  -   name: dev.cel.example.ComplexDocument
  -   name: dev.cel.example.ComplexDocument.Section

rule:
  match:
    -   output: >
      ComplexDocument{
        title: "Example Document"
        sections: [Section{
          name: "Overview",
          author: "tristan@cel.dev",
          created_at: timestamp("2024-09-20T16:50:00Z")
        }]
      }

Documentation

Overview

Package policy provides an extensible parser and compiler for composing a graph of CEL expressions into a single evaluable expression.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Compile

func Compile(env *cel.Env, p *Policy, opts ...CompilerOption) (*cel.Ast, *cel.Issues)

Compile combines the policy compilation and composition steps into a single call.

This generates a single CEL AST from a collection of policy expressions associated with a CEL environment.

Types

type CompiledMatch

type CompiledMatch struct {
	// contains filtered or unexported fields
}

CompiledMatch represents a match block which has an optional condition (true, by default) as well as an output or a nested rule (one or the other, but not both).

func (*CompiledMatch) Condition

func (m *CompiledMatch) Condition() *cel.Ast

Condition returns the compiled predicate expression which must evaluate to true before the output or subrule is entered.

func (*CompiledMatch) ConditionIsLiteral

func (m *CompiledMatch) ConditionIsLiteral(val ref.Val) bool

ConditionIsLiteral indicates whether the condition for the match is a literal with a given value.

func (*CompiledMatch) NestedRule

func (m *CompiledMatch) NestedRule() *CompiledRule

NestedRule returns the nested rule, if set.

func (*CompiledMatch) Output

func (m *CompiledMatch) Output() *OutputValue

Output returns the compiled output expression associated with the match block, if set.

func (*CompiledMatch) OutputType

func (m *CompiledMatch) OutputType() *cel.Type

OutputType returns the cel.Type associated with output expression.

func (*CompiledMatch) SourceID

func (m *CompiledMatch) SourceID() int64

SourceID returns the source identifier associated with the compiled match.

type CompiledRule

type CompiledRule struct {
	// contains filtered or unexported fields
}

CompiledRule represents the variables and match blocks associated with a rule block.

func CompileRule

func CompileRule(env *cel.Env, p *Policy, opts ...CompilerOption) (*CompiledRule, *cel.Issues)

CompileRule creates a compiled rules from the policy which contains a set of compiled variables and match statements. The compiled rule defines an expression graph, which can be composed into a single expression via the RuleComposer.Compose method.

func (*CompiledRule) HasOptionalOutput

func (r *CompiledRule) HasOptionalOutput() bool

HasOptionalOutput returns whether the rule returns a concrete or optional value. The rule may return an optional value if all match expressions under the rule are conditional.

func (*CompiledRule) ID

func (r *CompiledRule) ID() *ValueString

ID returns the expression id associated with the rule.

func (*CompiledRule) Matches

func (r *CompiledRule) Matches() []*CompiledMatch

Matches returns the list of matches associated with the rule.

func (*CompiledRule) OutputType

func (r *CompiledRule) OutputType() *cel.Type

OutputType returns the output type of the first match clause as all match clauses are validated for agreement prior to construction fo the CompiledRule.

func (*CompiledRule) SourceID

func (r *CompiledRule) SourceID() int64

SourceID returns the source metadata identifier associated with the compiled rule.

func (*CompiledRule) Variables

func (r *CompiledRule) Variables() []*CompiledVariable

Variables rturns the list of CompiledVariable values associated with the rule.

type CompiledVariable

type CompiledVariable struct {
	// contains filtered or unexported fields
}

CompiledVariable represents the variable name, expression, and associated type-check declaration.

func (*CompiledVariable) Declaration

func (v *CompiledVariable) Declaration() *decls.VariableDecl

Declaration returns the type-check declaration associated with the variable.

func (*CompiledVariable) Expr

func (v *CompiledVariable) Expr() *cel.Ast

Expr returns the compiled expression associated with the variable name.

func (*CompiledVariable) Name

func (v *CompiledVariable) Name() string

Name returns the variable name.

func (*CompiledVariable) SourceID

func (v *CompiledVariable) SourceID() int64

SourceID returns the source metadata identifier associated with the variable.

type CompilerOption

type CompilerOption func(*compiler) error

CompilerOption specifies a functional option to be applied to new RuleComposer instances.

func MaxNestedExpressions

func MaxNestedExpressions(limit int) CompilerOption

MaxNestedExpressions limits the number of variable and nested rule expressions during compilation.

Defaults to 100 if not set.

type Config

type Config struct {
	Name        string             `yaml:"name"`
	Description string             `yaml:"description"`
	Container   string             `yaml:"container"`
	Extensions  []*ExtensionConfig `yaml:"extensions"`
	Variables   []*VariableDecl    `yaml:"variables"`
	Functions   []*FunctionDecl    `yaml:"functions"`
}

Config represents a YAML serializable CEL environment configuration.

func (*Config) AsEnvOptions

func (c *Config) AsEnvOptions(baseEnv *cel.Env) ([]cel.EnvOption, error)

AsEnvOptions converts the Config value to a collection of cel environment options.

type ExtensionConfig

type ExtensionConfig struct {
	Name    string `yaml:"name"`
	Version string `yaml:"version"`
	ExtensionResolver
}

ExtensionConfig represents a YAML serializable definition of a versioned extension library reference.

func (*ExtensionConfig) AsEnvOption

func (ec *ExtensionConfig) AsEnvOption(baseEnv *cel.Env) (cel.EnvOption, error)

AsEnvOption converts an ExtensionConfig value to a CEL environment option.

type ExtensionFactory

type ExtensionFactory func(uint32) cel.EnvOption

ExtensionFactory accepts a version number and produces a CEL environment associated with the versioned extension.

type ExtensionResolver

type ExtensionResolver interface {
	// ResolveExtension returns an ExtensionFactory bound to the given name, if one exists.
	ResolveExtension(name string) (ExtensionFactory, bool)
}

ExtensionResolver provides a way to lookup ExtensionFactory instances by extension name.

type FunctionDecl

type FunctionDecl struct {
	Name      string          `yaml:"name"`
	Overloads []*OverloadDecl `yaml:"overloads"`
}

FunctionDecl represents a YAML serializable declaration of a CEL function.

func (*FunctionDecl) AsEnvOption

func (fd *FunctionDecl) AsEnvOption(baseEnv *cel.Env) (cel.EnvOption, error)

AsEnvOption converts a FunctionDecl value into a cel.EnvOption using the input environment.

type Import

type Import struct {
	// contains filtered or unexported fields
}

Import represents an imported type name which is aliased within CEL expressions.

func NewImport

func NewImport(exprID int64) *Import

NewImport creates a new typename import node

func (*Import) Name

func (i *Import) Name() ValueString

Name returns the fully qualified type name.

func (*Import) SetName

func (i *Import) SetName(name ValueString)

SetName updates the fully qualified type name for the import.

func (*Import) SourceID

func (i *Import) SourceID() int64

SourceID returns the source identifier associated with the import.

type Match

type Match struct {
	// contains filtered or unexported fields
}

Match declares a condition (defaults to true) as well as an output or a rule. Either the output or the rule field may be set, but not both.

func NewMatch

func NewMatch(exprID int64) *Match

NewMatch creates a match instance.

func (*Match) Condition

func (m *Match) Condition() ValueString

Condition returns the condition CEL expression.

func (*Match) Explanation

func (m *Match) Explanation() ValueString

Explanation returns the explanation expression, or empty expression if output is not set.

func (*Match) HasExplanation

func (m *Match) HasExplanation() bool

HasExplanation indicates whether the explanation field is set of the match.

func (*Match) HasOutput

func (m *Match) HasOutput() bool

HasOutput indicates whether the output field is set of the match.

func (*Match) HasRule

func (m *Match) HasRule() bool

HasRule indicates whether the rule field is set on a match.

func (*Match) Output

func (m *Match) Output() ValueString

Output returns the output expression, or empty expression if output is not set.

func (*Match) Rule

func (m *Match) Rule() *Rule

Rule returns the rule value, or nil if the rule is not set.

func (*Match) SetCondition

func (m *Match) SetCondition(c ValueString)

SetCondition sets the CEL condition for the match.

func (*Match) SetExplanation

func (m *Match) SetExplanation(e ValueString)

SetExplanation sets the explanation expression for the match.

func (*Match) SetOutput

func (m *Match) SetOutput(o ValueString)

SetOutput sets the output expression for the match.

func (*Match) SetRule

func (m *Match) SetRule(r *Rule)

SetRule sets the rule for the match.

type OutputValue

type OutputValue struct {
	// contains filtered or unexported fields
}

OutputValue represents the output expression associated with a match block.

func (*OutputValue) Expr

func (o *OutputValue) Expr() *cel.Ast

Expr returns the compiled expression associated with the output.

func (*OutputValue) SourceID

func (o *OutputValue) SourceID() int64

SourceID returns the expression id associated with the output expression.

type OverloadDecl

type OverloadDecl struct {
	OverloadID string      `yaml:"id"`
	Target     *TypeDecl   `yaml:"target"`
	Args       []*TypeDecl `yaml:"args"`
	Return     *TypeDecl   `yaml:"return"`
}

OverloadDecl represents a YAML serializable declaration of a CEL function overload.

func (*OverloadDecl) AsFunctionOption

func (od *OverloadDecl) AsFunctionOption(baseEnv *cel.Env) (cel.FunctionOpt, error)

AsFunctionOption converts an OverloadDecl value into a cel.FunctionOpt using the input environment.

type Parser

type Parser struct {
	TagVisitor
}

Parser parses policy files into a canonical Policy representation.

func NewParser

func NewParser(opts ...ParserOption) (*Parser, error)

NewParser creates a new Parser object with a set of functional options.

func (*Parser) Parse

func (parser *Parser) Parse(src *Source) (*Policy, *cel.Issues)

Parse generates an internal parsed policy representation from a YAML input file. The internal representation ensures that CEL expressions are tracked relative to where they occur within the file, thus making error messages relative to the whole file rather than the individual expression.

type ParserContext

type ParserContext interface {
	// NextID returns a monotonically increasing identifier for a source fragment.
	// This ID is implicitly created and tracked within the CollectMetadata method.
	NextID() int64

	// CollectMetadata records the source position information of a given YAML node, and returns
	// the id associated with the source metadata which is returned in the Policy SourceInfo object.
	CollectMetadata(*yaml.Node) int64

	// NewPolicy creates a new Policy instance with an ID associated with the YAML node.
	NewPolicy(*yaml.Node) (*Policy, int64)

	// NewRule creates a new Rule instance with an ID associated with the YAML node.
	NewRule(*yaml.Node) (*Rule, int64)

	// NewVariable creates a new Variable instance with an ID associated with the YAML node.
	NewVariable(*yaml.Node) (*Variable, int64)

	// NewMatch creates a new Match instance with an ID associated with the YAML node.
	NewMatch(*yaml.Node) (*Match, int64)

	// NewString creates a new ValueString from the YAML node.
	NewString(*yaml.Node) ValueString

	// ParsePolicy will parse the target yaml node as though it is the top-level policy.
	ParsePolicy(ParserContext, *yaml.Node) *Policy

	// ParseRule will parse the current yaml node as though it is the entry point to a rule.
	ParseRule(ParserContext, *Policy, *yaml.Node) *Rule

	// ParseMatch  will parse the current yaml node as though it is the entry point to a match.
	ParseMatch(ParserContext, *Policy, *yaml.Node) *Match

	// ParseVariable will parse the current yaml node as though it is the entry point to a variable.
	ParseVariable(ParserContext, *Policy, *yaml.Node) *Variable

	// ReportErrorAtID logs an error during parsing which is included in the issue set returned from
	// a failed parse.
	ReportErrorAtID(id int64, msg string, args ...any)
}

ParserContext declares a set of interfaces for creating and managing metadata for parsed policies.

type ParserOption

type ParserOption func(*Parser) (*Parser, error)

ParserOption is a function parser option for configuring Parser behavior.

type Policy

type Policy struct {
	// contains filtered or unexported fields
}

Policy declares a name, rule, and evaluation semantic for a given expression graph.

func NewPolicy

func NewPolicy(src *Source, info *ast.SourceInfo) *Policy

NewPolicy creates a policy object which references a policy source and source information.

func (*Policy) AddImport

func (p *Policy) AddImport(i *Import)

AddImport adds an import to the policy.

func (*Policy) GetExplanationOutputPolicy

func (p *Policy) GetExplanationOutputPolicy() *Policy

GetExplanationOutputPolicy returns a copy of the policy, except the output of each match block is replaced by the expression in the explanation field.

func (*Policy) Imports

func (p *Policy) Imports() []*Import

Imports returns the list of imports associated with the policy.

func (*Policy) Metadata

func (p *Policy) Metadata(name string) (any, bool)

Metadata returns a named metadata object if one exists within the policy.

func (*Policy) MetadataKeys

func (p *Policy) MetadataKeys() []string

MetadataKeys returns a list of metadata keys set on the policy.

func (*Policy) Name

func (p *Policy) Name() ValueString

Name returns the name of the policy.

func (*Policy) Rule

func (p *Policy) Rule() *Rule

Rule returns the rule entry point of the policy.

func (*Policy) SetMetadata

func (p *Policy) SetMetadata(name string, value any)

SetMetadata updates a named metadata key with the given value.

func (*Policy) SetName

func (p *Policy) SetName(name ValueString)

SetName configures the policy name.

func (*Policy) SetRule

func (p *Policy) SetRule(r *Rule)

SetRule configures the policy rule entry point.

func (*Policy) Source

func (p *Policy) Source() *Source

Source returns the policy file contents as a CEL source object.

func (*Policy) SourceInfo

func (p *Policy) SourceInfo() *ast.SourceInfo

SourceInfo returns the policy file metadata about expression positions.

type RelativeSource

type RelativeSource struct {
	common.Source
	// contains filtered or unexported fields
}

RelativeSource represents an embedded source element within a larger source.

func (*RelativeSource) Content

func (rel *RelativeSource) Content() string

Content returns the embedded source snippet.

func (*RelativeSource) OffsetLocation

func (rel *RelativeSource) OffsetLocation(offset int32) (common.Location, bool)

OffsetLocation returns the absolute location given the relative offset, if found.

type Rule

type Rule struct {
	// contains filtered or unexported fields
}

Rule declares a rule identifier, description, along with a set of variables and match statements.

func NewRule

func NewRule(exprID int64) *Rule

NewRule creates a Rule instance.

func (*Rule) AddMatch

func (r *Rule) AddMatch(m *Match)

AddMatch addes a Match to the rule.

func (*Rule) AddVariable

func (r *Rule) AddVariable(v *Variable)

AddVariable adds a variable to the rule.

func (*Rule) Description

func (r *Rule) Description() ValueString

Description returns the rule description if it is set.

func (*Rule) ID

func (r *Rule) ID() ValueString

ID returns the id value of the rule if it is set.

func (*Rule) Matches

func (r *Rule) Matches() []*Match

Matches returns the ordered set of Match declarations.

func (*Rule) SetDescription

func (r *Rule) SetDescription(desc ValueString)

SetDescription configures the description for the rule.

func (*Rule) SetID

func (r *Rule) SetID(id ValueString)

SetID configures the id for the rule.

func (*Rule) Variables

func (r *Rule) Variables() []*Variable

Variables returns the order set of Variable tuples.

type RuleComposer

type RuleComposer struct {
	// contains filtered or unexported fields
}

RuleComposer optimizes a set of expressions into a single expression.

func NewRuleComposer

func NewRuleComposer(env *cel.Env, p *Policy) *RuleComposer

NewRuleComposer creates a rule composer which stitches together rules within a policy into a single CEL expression.

func (*RuleComposer) Compose

func (c *RuleComposer) Compose(r *CompiledRule) (*cel.Ast, *cel.Issues)

Compose stitches together a set of expressions within a CompiledRule into a single CEL ast.

type Source

type Source struct {
	common.Source
}

Source represents the contents of a single source file.

func ByteSource

func ByteSource(contents []byte, location string) *Source

ByteSource converts a byte sequence and location description to a model.Source.

func StringSource

func StringSource(contents, location string) *Source

StringSource converts a string and location description to a model.Source.

func (*Source) Relative

func (src *Source) Relative(content string, line, col int) *RelativeSource

Relative produces a RelativeSource object for the content provided at the absolute location within the parent Source as indicated by the line and column.

type TagVisitor

type TagVisitor interface {
	// PolicyTag accepts a parser context, field id, tag name, yaml node, and parent Policy to allow for
	// continued parsing within a custom tag.
	PolicyTag(ParserContext, int64, string, *yaml.Node, *Policy)

	// RuleTag accepts a parser context, field id, tag name, yaml node, as well as the parent policy and
	// current rule to allow for continued parsing within custom tags.
	RuleTag(ParserContext, int64, string, *yaml.Node, *Policy, *Rule)

	// MatchTag accepts a parser context, field id, tag name, yaml node, as well as the parent policy and
	// current match to allow for continued parsing within custom tags.
	MatchTag(ParserContext, int64, string, *yaml.Node, *Policy, *Match)

	// VariableTag accepts a parser context, field id, tag name, yaml node, as well as the parent policy and
	// current variable to allow for continued parsing within custom tags.
	VariableTag(ParserContext, int64, string, *yaml.Node, *Policy, *Variable)
}

TagVisitor declares a set of interfaces for handling custom tags which would otherwise be unsupported within the policy, rule, match, or variable objects.

func DefaultTagVisitor

func DefaultTagVisitor() TagVisitor

DefaultTagVisitor creates a tag visitor which produces errors for any non-canonical YAML tag.

type TestCase

type TestCase struct {
	Name   string               `yaml:"name"`
	Input  map[string]TestInput `yaml:"input"`
	Output string               `yaml:"output"`
}

TestCase describes a named test scenario with a set of inputs and expected outputs.

Note, when a test requires additional functions to be provided to execute, the test harness must supply these functions.

type TestInput

type TestInput struct {
	// Value is a simple literal value.
	Value any `yaml:"value"`

	// Expr is a CEL expression based input.
	Expr string `yaml:"expr"`

	// ContextExpr is a CEL expression which is used as cel.ContextProtoVars
	ContextExpr string `yaml:"context_expr"`
}

TestInput represents an input literal value or expression.

type TestSection

type TestSection struct {
	Name  string      `yaml:"name"`
	Tests []*TestCase `yaml:"tests"`
}

TestSection describes a related set of tests associated with a behavior.

type TestSuite

type TestSuite struct {
	Description string         `yaml:"description"`
	Sections    []*TestSection `yaml:"section"`
}

TestSuite describes a set of tests divided by section.

type TypeDecl

type TypeDecl struct {
	TypeName    string      `yaml:"type_name"`
	Params      []*TypeDecl `yaml:"params"`
	IsTypeParam bool        `yaml:"is_type_param"`
}

TypeDecl represents a YAML serializable CEL type reference.

func (*TypeDecl) AsCELType

func (td *TypeDecl) AsCELType(baseEnv *cel.Env) (*cel.Type, error)

AsCELType converts the TypeDecl value to a cel.Type value using the input base environment.

All extension types referenced by name within the `TypeDecl.TypeName` field must be configured within the base CEL environment argument.

type ValueString

type ValueString struct {
	ID    int64
	Value string
}

ValueString contains an identifier corresponding to source metadata and a simple string.

type Variable

type Variable struct {
	// contains filtered or unexported fields
}

Variable is a named expression which may be referenced in subsequent expressions.

func NewVariable

func NewVariable(exprID int64) *Variable

NewVariable creates a variable instance.

func (*Variable) Expression

func (v *Variable) Expression() ValueString

Expression returns the variable expression.

func (*Variable) Name

func (v *Variable) Name() ValueString

Name returns the variable name.

func (*Variable) SetExpression

func (v *Variable) SetExpression(e ValueString)

SetExpression sets the variable expression.

func (*Variable) SetName

func (v *Variable) SetName(name ValueString)

SetName sets the variable name.

type VariableDecl

type VariableDecl struct {
	Name         string    `yaml:"name"`
	Type         *TypeDecl `yaml:"type"`
	ContextProto string    `yaml:"context_proto"`
}

VariableDecl represents a YAML serializable CEL variable declaration.

func (*VariableDecl) AsEnvOption

func (vd *VariableDecl) AsEnvOption(baseEnv *cel.Env) (cel.EnvOption, error)

AsEnvOption converts a VariableDecl type to a CEL environment option.

Note, variable definitions with differing type definitions will result in an error during the compile step.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL