ir

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package ir defines an intermediate representation (IR) for Rego.

The IR specifies an imperative execution model for Rego policies similar to a query plan in traditional databases.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Pretty

func Pretty(w io.Writer, x interface{}) error

Pretty writes a human-readable representation of an IR object to w.

func Walk

func Walk(vis Visitor, x interface{}) error

Walk invokes the visitor for nodes under x.

Types

type ArrayAppendStmt

type ArrayAppendStmt struct {
	Value Operand `json:"value"`
	Array Local   `json:"array"`

	Location
}

ArrayAppendStmt represents a dynamic append operation of a value onto an array.

type AssignIntStmt

type AssignIntStmt struct {
	Value  int64 `json:"value"`
	Target Local `json:"target"`

	Location
}

AssignIntStmt represents an assignment of an integer value to a local variable.

type AssignVarOnceStmt

type AssignVarOnceStmt struct {
	Source Operand `json:"source"`
	Target Local   `json:"target"`

	Location
}

AssignVarOnceStmt represents an assignment of one local variable to another. If the target is defined, execution aborts with a conflict error.

TODO(tsandall): is there a better name for this?

type AssignVarStmt

type AssignVarStmt struct {
	Source Operand `json:"source"`
	Target Local   `json:"target"`

	Location
}

AssignVarStmt represents an assignment of one local variable to another.

type Block

type Block struct {
	Stmts []Stmt `json:"stmts"`
}

Block represents an ordered sequence of statements to execute. Blocks are executed until a return statement is encountered, a statement is undefined, or there are no more statements. If all statements are defined but no return statement is encountered, the block is undefined.

func (*Block) MarshalJSON

func (a *Block) MarshalJSON() ([]byte, error)

func (*Block) String

func (a *Block) String() string

func (*Block) UnmarshalJSON

func (a *Block) UnmarshalJSON(bs []byte) error

type BlockStmt

type BlockStmt struct {
	Blocks []*Block `json:"blocks"`

	Location
}

BlockStmt represents a nested block. Nested blocks and break statements can be used to short-circuit execution.

func (*BlockStmt) String

func (a *BlockStmt) String() string

type Bool

type Bool bool

Bool represents a constant boolean.

func (Bool) String

func (b Bool) String() string

type BreakStmt

type BreakStmt struct {
	Index uint32 `json:"index"`

	Location
}

BreakStmt represents a jump out of the current block. The index specifies how many blocks to jump starting from zero (the current block). Execution will continue from the end of the block that is jumped to.

type BuiltinFunc

type BuiltinFunc struct {
	Name string          `json:"name"`
	Decl *types.Function `json:"decl"`
}

BuiltinFunc represents a built-in function that may be required by the policy.

type CallDynamicStmt

type CallDynamicStmt struct {
	Args   []Local   `json:"args"`
	Result Local     `json:"result"`
	Path   []Operand `json:"path"`

	Location
}

CallDynamicStmt represents an indirect (data) function call. The result should be stored in the result local.

type CallStmt

type CallStmt struct {
	Func   string    `json:"func"`
	Args   []Operand `json:"args"`
	Result Local     `json:"result"`

	Location
}

CallStmt represents a named function call. The result should be stored in the result local.

type DotStmt

type DotStmt struct {
	Source Operand `json:"source"`
	Key    Operand `json:"key"`
	Target Local   `json:"target"`

	Location
}

DotStmt represents a lookup operation on a value (e.g., array, object, etc.) The source of a DotStmt may be a scalar value in which case the statement will be undefined.

type EqualStmt

type EqualStmt struct {
	A Operand `json:"a"`
	B Operand `json:"b"`

	Location
}

EqualStmt represents an value-equality check of two local variables.

type Func

type Func struct {
	Name   string   `json:"name"`
	Params []Local  `json:"params"`
	Return Local    `json:"return"`
	Blocks []*Block `json:"blocks"`         // TODO(tsandall): should this be a plan?
	Path   []string `json:"path,omitempty"` // optional: if non-nil, include in data function tree
}

Func represents a named plan (function) that can be invoked. Functions accept one or more parameters and return a value. By convention, the input document and data documents are always passed as the first and second arguments (respectively).

func (*Func) String

func (a *Func) String() string

type Funcs

type Funcs struct {
	Funcs []*Func `json:"funcs"`
}

Funcs represents a collection of planned functions to include in the policy.

func (*Funcs) String

func (a *Funcs) String() string

type IsArrayStmt

type IsArrayStmt struct {
	Source Operand `json:"source"`

	Location
}

IsArrayStmt represents a dynamic type check on a local variable.

type IsDefinedStmt

type IsDefinedStmt struct {
	Source Local `json:"source"`

	Location
}

IsDefinedStmt represents a check of whether a local variable is defined.

type IsObjectStmt

type IsObjectStmt struct {
	Source Operand `json:"source"`

	Location
}

IsObjectStmt represents a dynamic type check on a local variable.

type IsSetStmt

type IsSetStmt struct {
	Source Operand `json:"source"`

	Location
}

IsSetStmt represents a dynamic type check on a local variable.

type IsUndefinedStmt

type IsUndefinedStmt struct {
	Source Local `json:"source"`

	Location
}

IsUndefinedStmt represents a check of whether local variable is undefined.

type LenStmt

type LenStmt struct {
	Source Operand `json:"source"`
	Target Local   `json:"target"`

	Location
}

LenStmt represents a length() operation on a local variable. The result is stored in the target local variable.

type Local

type Local int

Local represents a plan-scoped variable.

TODO(tsandall): should this be int32 for safety?

const (
	// Input is the local variable that refers to the global input document.
	Input Local = iota

	// Data is the local variable that refers to the global data document.
	Data

	// Unused is the free local variable that can be allocated in a plan.
	Unused
)

func (Local) String

func (l Local) String() string

type Location

type Location struct {
	File int `json:"file"` // filename string constant index
	Col  int `json:"col"`
	Row  int `json:"row"`
	// contains filtered or unexported fields
}

Location records the filen index, and the row and column inside that file that a statement can be connected to.

func (*Location) GetLocation

func (l *Location) GetLocation() *Location

GetLocation returns a Stmt's Location.

func (*Location) SetLocation

func (l *Location) SetLocation(index, row, col int, file, text string)

SetLocation sets the Location for a given Stmt.

type MakeArrayStmt

type MakeArrayStmt struct {
	Capacity int32 `json:"capacity"`
	Target   Local `json:"target"`

	Location
}

MakeArrayStmt constructs a local variable that refers to an array value.

type MakeNullStmt

type MakeNullStmt struct {
	Target Local `json:"target"`

	Location
}

MakeNullStmt constructs a local variable that refers to a null value.

type MakeNumberIntStmt

type MakeNumberIntStmt struct {
	Value  int64 `json:"value"`
	Target Local `json:"target"`

	Location
}

MakeNumberIntStmt constructs a local variable that refers to an integer value.

type MakeNumberRefStmt

type MakeNumberRefStmt struct {
	Index  int
	Target Local `json:"target"`

	Location
}

MakeNumberRefStmt constructs a local variable that refers to a number stored as a string.

type MakeObjectStmt

type MakeObjectStmt struct {
	Target Local `json:"target"`

	Location
}

MakeObjectStmt constructs a local variable that refers to an object value.

type MakeSetStmt

type MakeSetStmt struct {
	Target Local `json:"target"`

	Location
}

MakeSetStmt constructs a local variable that refers to a set value.

type NopStmt

type NopStmt struct {
	Location
}

NopStmt adds a nop instruction. Useful during development and debugging only.

type NotEqualStmt

type NotEqualStmt struct {
	A Operand `json:"a"`
	B Operand `json:"b"`

	Location
}

NotEqualStmt represents a != check of two local variables.

type NotStmt

type NotStmt struct {
	Block *Block `json:"block"`

	Location
}

NotStmt represents a negated statement.

type ObjectInsertOnceStmt

type ObjectInsertOnceStmt struct {
	Key    Operand `json:"key"`
	Value  Operand `json:"value"`
	Object Local   `json:"object"`

	Location
}

ObjectInsertOnceStmt represents a dynamic insert operation of a key/value pair into an object. If the key already exists and the value differs, execution aborts with a conflict error.

type ObjectInsertStmt

type ObjectInsertStmt struct {
	Key    Operand `json:"key"`
	Value  Operand `json:"value"`
	Object Local   `json:"object"`

	Location
}

ObjectInsertStmt represents a dynamic insert operation of a key/value pair into an object.

type ObjectMergeStmt

type ObjectMergeStmt struct {
	A      Local `json:"a"`
	B      Local `json:"b"`
	Target Local `json:"target"`

	Location
}

ObjectMergeStmt performs a recursive merge of two object values. If either of the locals refer to non-object values this operation will abort with a conflict error. Overlapping object keys are merged recursively.

type Operand

type Operand struct {
	Value Val `json:"value"`
}

Operand represents a value that a statement operates on.

func (*Operand) MarshalJSON

func (a *Operand) MarshalJSON() ([]byte, error)

func (*Operand) UnmarshalJSON

func (a *Operand) UnmarshalJSON(bs []byte) error

type Plan

type Plan struct {
	Name   string   `json:"name"`
	Blocks []*Block `json:"blocks"`
}

Plan represents an ordered series of blocks to execute. Plan execution stops when a return statement is reached. Blocks are executed in-order.

func (*Plan) String

func (a *Plan) String() string

type Plans

type Plans struct {
	Plans []*Plan `json:"plans"`
}

Plans represents a collection of named query plans to expose in the policy.

type Policy

type Policy struct {
	Static *Static `json:"static,omitempty"`
	Plans  *Plans  `json:"plans,omitempty"`
	Funcs  *Funcs  `json:"funcs,omitempty"`
}

Policy represents a planned policy query.

func (*Policy) String

func (a *Policy) String() string

type ResetLocalStmt

type ResetLocalStmt struct {
	Target Local `json:"target"`

	Location
}

ResetLocalStmt resets a local variable to 0.

type ResultSetAddStmt

type ResultSetAddStmt struct {
	Value Local `json:"value"`

	Location
}

ResultSetAddStmt adds a value into the result set returned by the query plan.

type ReturnLocalStmt

type ReturnLocalStmt struct {
	Source Local `json:"source"`

	Location
}

ReturnLocalStmt represents a return statement that yields a local value.

type ScanStmt

type ScanStmt struct {
	Source Local  `json:"source"`
	Key    Local  `json:"key"`
	Value  Local  `json:"value"`
	Block  *Block `json:"block"`

	Location
}

ScanStmt represents a linear scan over a composite value. The source may be a scalar in which case the block will never execute.

type SetAddStmt

type SetAddStmt struct {
	Value Operand `json:"value"`
	Set   Local   `json:"set"`

	Location
}

SetAddStmt represents a dynamic add operation of an element into a set.

type Static

type Static struct {
	Strings      []*StringConst `json:"strings,omitempty"`
	BuiltinFuncs []*BuiltinFunc `json:"builtin_funcs,omitempty"`
	Files        []*StringConst `json:"files,omitempty"`
}

Static represents a static data segment that is indexed into by the policy.

func (*Static) String

func (a *Static) String() string

type Stmt

type Stmt interface {
	// contains filtered or unexported methods
}

Stmt represents an operation (e.g., comparison, loop, dot, etc.) to execute.

type StringConst

type StringConst struct {
	Value string `json:"value"`
}

StringConst represents a string value.

type StringIndex

type StringIndex int

StringIndex represents the index into the plan's list of constant strings of a constant string.

func (StringIndex) String

func (s StringIndex) String() string

type Val

type Val interface {
	fmt.Stringer
	// contains filtered or unexported methods
}

Val represents an abstract value that statements operate on. There are currently 3 types of values:

1. Local - a local variable that can refer to any type. 2. StringIndex - a string constant that refers to a compiled string. 3. Bool - a boolean constant.

type Visitor

type Visitor interface {
	Before(x interface{})
	Visit(x interface{}) (Visitor, error)
	After(x interface{})
}

Visitor defines the interface for visiting IR nodes.

type WithStmt

type WithStmt struct {
	Local Local   `json:"local"`
	Path  []int   `json:"path"`
	Value Operand `json:"value"`
	Block *Block  `json:"block"`

	Location
}

WithStmt replaces the Local or a portion of the document referred to by the Local with the Value and executes the contained block. If the Path is non-empty, the Value is upserted into the Local. If the intermediate nodes in the Local referred to by the Path do not exist, they will be created. When the WithStmt finishes the Local is reset to it's original value.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL