policy

package

v0.1.5 Latest Latest Go to latest Published: Mar 23, 2023 License: Apache-2.0 Imports: 9 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/cel-policy-templates-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package policy includes objects used to define, instantiate, and enforce policies.

Index ¶

func DecisionNames(selected ...string) model.DecisionSelector
func UnfinalizedDecisions(values []model.DecisionValue) model.DecisionSelector
type Engine
- func NewEngine(opts ...EngineOption) (*Engine, error)
type EngineOption
type Issues
type Selector

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecisionNames ¶

func DecisionNames(selected ...string) model.DecisionSelector

DecisionNames filters the decision set which can be produced by the engine to a specific set of named decisions.

func UnfinalizedDecisions ¶

func UnfinalizedDecisions(values []model.DecisionValue) model.DecisionSelector

UnfinalizedDecisions filters the decisions down to the set of decisions which has not yet been finalized.

Note, it is up to the caller to determine whether the policy instances have been completely evaluated as it is possible to shard the instances into different Engine instances and use the output of one evaluation as a filter into the next shard.

Types ¶

type Engine ¶

type Engine struct {
	*model.Registry
	// contains filtered or unexported fields
}

Engine evaluates context against policy instances to produce decisions.

func NewEngine ¶

func NewEngine(opts ...EngineOption) (*Engine, error)

NewEngine instantiates a policy.Engine with a set of configurable options.

Custom functions and policy instance selectors must be provided as functional options to the engine construction if either is intended to be supported within the configured templates and instances.

func (*Engine) AddInstance ¶

func (e *Engine) AddInstance(inst *model.Instance) error

AddInstance configures the engine with a given instance.

Instances are grouped together by their 'kind' field which corresponds to a template metadata.name value.

func (*Engine) CompileEnv ¶

func (e *Engine) CompileEnv(src *model.Source) (*model.Env, *Issues)

CompileEnv parses and compiles an input source into a model.Env.

func (*Engine) CompileInstance ¶

func (e *Engine) CompileInstance(src *model.Source) (*model.Instance, *Issues)

CompileInstance parses, compiles, and validates an input source into a model.Instance. Note, the template referenced in the model.Instance 'kind' field must be configured within the engine before its instances can be compiled.

func (*Engine) CompileTemplate ¶

func (e *Engine) CompileTemplate(src *model.Source) (*model.Template, *Issues)

CompileTemplate parses and compiles an input source into a model.Template.

func (*Engine) Eval ¶

func (e *Engine) Eval(vars map[string]interface{},
	selector model.DecisionSelector) ([]model.DecisionValue, error)

Eval accepts an input context and produces a set of decisions as output.

Which decisions are produced depends on the active set of policy instances and whether any rules within these policies apply to the context.

func (*Engine) EvalAll ¶

func (e *Engine) EvalAll(vars map[string]interface{}) ([]model.DecisionValue, error)

EvalAll accepts an input context and produces a set of decisions as output.

Which decisions are produced depends on the active set of policy instances and whether any rules within these policies apply to the context.

func (*Engine) SetTemplate ¶

func (e *Engine) SetTemplate(name string, tmpl *model.Template) error

SetTemplate associates a fully qualified template names with a template instance while configuring the template runtime.

type EngineOption ¶

type EngineOption func(*Engine) (*Engine, error)

EngineOption is a functional option for configuring the policy engine.

func EvaluatorDecisionLimit ¶

func EvaluatorDecisionLimit(limit int) EngineOption

EvaluatorDecisionLimit set the evaluator decision limit within a single production supported by the compilation and runtime components.

func EvaluatorProductionLimit ¶

func EvaluatorProductionLimit(limit int) EngineOption

EvaluatorProductionLimit set the evaluator production limit supported by the compilation and runtime components.

func EvaluatorTermLimit ¶

func EvaluatorTermLimit(limit int) EngineOption

EvaluatorTermLimit sets the evaluator term limit supported by the compilation and runtime components.

func RangeLimit ¶

func RangeLimit(limit int) EngineOption

RangeLimit sets the range limit supported by the compilation and runtime components.

func RuleLimit ¶

func RuleLimit(limit int) EngineOption

RuleLimit sets the rule limit within a policy instance supported by the compilation and runtime components.

func RuntimeTemplateOptions ¶

func RuntimeTemplateOptions(rtOpts ...runtime.TemplateOption) EngineOption

RuntimeTemplateOptions collects a set of runtime specific options to be configured on runtime templates.

func Selectors ¶

func Selectors(selectors ...Selector) EngineOption

Selectors is a functional option which may be configured to select a subset of policy instances which are applicable to the current evaluation context.

func StandardExprEnv ¶

func StandardExprEnv(exprEnv *cel.Env) EngineOption

StandardExprEnv configures the CEL expression environment to be used as the basis for all other environment derivations within templates.

func ValidatorProductionLimit ¶

func ValidatorProductionLimit(limit int) EngineOption

ValidatorProductionLimit set the validator production limit supported by the compilation and runtime components.

func ValidatorTermLimit ¶

func ValidatorTermLimit(limit int) EngineOption

ValidatorTermLimit sets the validator term limit supported by the compilation and runtime components.

type Issues ¶

type Issues = cel.Issues

Issues alias for simplifying the top-level interface of the engine.

type Selector ¶

type Selector func(model.Selector, interpreter.Activation) bool

Selector functions take a compiled representation of a policy instance 'selector' and the input argument set to determine whether the policy instance is applicable to the current evaluation context.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
compiler Package compiler contains a suite of tools for covering parsed representations of CEL Policy Template sources into type-checked and validated in-memory representations.	Package compiler contains a suite of tools for covering parsed representations of CEL Policy Template sources into type-checked and validated in-memory representations.
limits Package limits defines the set of operational limits which developers may configure to control the compute and memory impact of the policies they support.	Package limits defines the set of operational limits which developers may configure to control the compute and memory impact of the policies they support.
model Package model contains abstract representations of policy template and instance config objects.	Package model contains abstract representations of policy template and instance config objects.
parser Package parser defines the primary interfaces for parsing different data formats which can be represented within the CPT policy model.	Package parser defines the primary interfaces for parsing different data formats which can be represented within the CPT policy model.
yml Package yml defines tools for parsing and encoding CPT sources written in YAML.	Package yml defines tools for parsing and encoding CPT sources written in YAML.
runtime Package runtime implements the evaluation model for templates / instances.	Package runtime implements the evaluation model for templates / instances.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL