Documentation ¶
Overview ¶
Package ir defines an intermediate representation (IR) for Rego.
The IR specifies an imperative execution model for Rego policies similar to a query plan in traditional databases.
Index ¶
- func Pretty(w io.Writer, x interface{}) error
- func Walk(vis Visitor, x interface{}) error
- type ArrayAppendStmt
- type AssignIntStmt
- type AssignVarOnceStmt
- type AssignVarStmt
- type Block
- type BlockStmt
- type Bool
- type BreakStmt
- type BuiltinFunc
- type CallDynamicStmt
- type CallStmt
- type DotStmt
- type EqualStmt
- type Func
- type Funcs
- type IsArrayStmt
- type IsDefinedStmt
- type IsObjectStmt
- type IsSetStmt
- type IsUndefinedStmt
- type LenStmt
- type Local
- type Location
- type MakeArrayStmt
- type MakeNullStmt
- type MakeNumberIntStmt
- type MakeNumberRefStmt
- type MakeObjectStmt
- type MakeSetStmt
- type NopStmt
- type NotEqualStmt
- type NotStmt
- type ObjectInsertOnceStmt
- type ObjectInsertStmt
- type ObjectMergeStmt
- type Operand
- type Plan
- type Plans
- type Policy
- type ResetLocalStmt
- type ResultSetAddStmt
- type ReturnLocalStmt
- type ScanStmt
- type SetAddStmt
- type Static
- type Stmt
- type StringConst
- type StringIndex
- type Val
- type Visitor
- type WithStmt
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ArrayAppendStmt ¶
ArrayAppendStmt represents a dynamic append operation of a value onto an array.
type AssignIntStmt ¶
AssignIntStmt represents an assignment of an integer value to a local variable.
type AssignVarOnceStmt ¶
type AssignVarOnceStmt struct { Source Operand `json:"source"` Target Local `json:"target"` Location }
AssignVarOnceStmt represents an assignment of one local variable to another. If the target is defined, execution aborts with a conflict error.
TODO(tsandall): is there a better name for this?
type AssignVarStmt ¶
AssignVarStmt represents an assignment of one local variable to another.
type Block ¶
type Block struct {
Stmts []Stmt `json:"stmts"`
}
Block represents an ordered sequence of statements to execute. Blocks are executed until a return statement is encountered, a statement is undefined, or there are no more statements. If all statements are defined but no return statement is encountered, the block is undefined.
func (*Block) MarshalJSON ¶
func (*Block) UnmarshalJSON ¶
type BlockStmt ¶
BlockStmt represents a nested block. Nested blocks and break statements can be used to short-circuit execution.
type BreakStmt ¶
BreakStmt represents a jump out of the current block. The index specifies how many blocks to jump starting from zero (the current block). Execution will continue from the end of the block that is jumped to.
type BuiltinFunc ¶
BuiltinFunc represents a built-in function that may be required by the policy.
type CallDynamicStmt ¶
type CallDynamicStmt struct { Args []Local `json:"args"` Result Local `json:"result"` Path []Operand `json:"path"` Location }
CallDynamicStmt represents an indirect (data) function call. The result should be stored in the result local.
type CallStmt ¶
type CallStmt struct { Func string `json:"func"` Args []Operand `json:"args"` Result Local `json:"result"` Location }
CallStmt represents a named function call. The result should be stored in the result local.
type DotStmt ¶
type DotStmt struct { Source Operand `json:"source"` Key Operand `json:"key"` Target Local `json:"target"` Location }
DotStmt represents a lookup operation on a value (e.g., array, object, etc.) The source of a DotStmt may be a scalar value in which case the statement will be undefined.
type Func ¶
type Func struct { Name string `json:"name"` Params []Local `json:"params"` Return Local `json:"return"` Blocks []*Block `json:"blocks"` // TODO(tsandall): should this be a plan? Path []string `json:"path,omitempty"` // optional: if non-nil, include in data function tree }
Func represents a named plan (function) that can be invoked. Functions accept one or more parameters and return a value. By convention, the input document and data documents are always passed as the first and second arguments (respectively).
type Funcs ¶
type Funcs struct {
Funcs []*Func `json:"funcs"`
}
Funcs represents a collection of planned functions to include in the policy.
type IsArrayStmt ¶
IsArrayStmt represents a dynamic type check on a local variable.
type IsDefinedStmt ¶
IsDefinedStmt represents a check of whether a local variable is defined.
type IsObjectStmt ¶
IsObjectStmt represents a dynamic type check on a local variable.
type IsUndefinedStmt ¶
IsUndefinedStmt represents a check of whether local variable is undefined.
type LenStmt ¶
LenStmt represents a length() operation on a local variable. The result is stored in the target local variable.
type Local ¶
type Local int
Local represents a plan-scoped variable.
TODO(tsandall): should this be int32 for safety?
type Location ¶
type Location struct { File int `json:"file"` // filename string constant index Col int `json:"col"` Row int `json:"row"` // contains filtered or unexported fields }
Location records the filen index, and the row and column inside that file that a statement can be connected to.
func (*Location) GetLocation ¶
GetLocation returns a Stmt's Location.
func (*Location) SetLocation ¶
SetLocation sets the Location for a given Stmt.
type MakeArrayStmt ¶
type MakeArrayStmt struct { Capacity int32 `json:"capacity"` Target Local `json:"target"` Location }
MakeArrayStmt constructs a local variable that refers to an array value.
type MakeNullStmt ¶
MakeNullStmt constructs a local variable that refers to a null value.
type MakeNumberIntStmt ¶
MakeNumberIntStmt constructs a local variable that refers to an integer value.
type MakeNumberRefStmt ¶
MakeNumberRefStmt constructs a local variable that refers to a number stored as a string.
type MakeObjectStmt ¶
MakeObjectStmt constructs a local variable that refers to an object value.
type MakeSetStmt ¶
MakeSetStmt constructs a local variable that refers to a set value.
type NopStmt ¶
type NopStmt struct {
Location
}
NopStmt adds a nop instruction. Useful during development and debugging only.
type NotEqualStmt ¶
NotEqualStmt represents a != check of two local variables.
type ObjectInsertOnceStmt ¶
type ObjectInsertOnceStmt struct { Key Operand `json:"key"` Value Operand `json:"value"` Object Local `json:"object"` Location }
ObjectInsertOnceStmt represents a dynamic insert operation of a key/value pair into an object. If the key already exists and the value differs, execution aborts with a conflict error.
type ObjectInsertStmt ¶
type ObjectInsertStmt struct { Key Operand `json:"key"` Value Operand `json:"value"` Object Local `json:"object"` Location }
ObjectInsertStmt represents a dynamic insert operation of a key/value pair into an object.
type ObjectMergeStmt ¶
type ObjectMergeStmt struct { A Local `json:"a"` B Local `json:"b"` Target Local `json:"target"` Location }
ObjectMergeStmt performs a recursive merge of two object values. If either of the locals refer to non-object values this operation will abort with a conflict error. Overlapping object keys are merged recursively.
type Operand ¶
type Operand struct {
Value Val `json:"value"`
}
Operand represents a value that a statement operates on.
func (*Operand) MarshalJSON ¶
func (*Operand) UnmarshalJSON ¶
type Plan ¶
Plan represents an ordered series of blocks to execute. Plan execution stops when a return statement is reached. Blocks are executed in-order.
type Plans ¶
type Plans struct {
Plans []*Plan `json:"plans"`
}
Plans represents a collection of named query plans to expose in the policy.
type Policy ¶
type Policy struct { Static *Static `json:"static,omitempty"` Plans *Plans `json:"plans,omitempty"` Funcs *Funcs `json:"funcs,omitempty"` }
Policy represents a planned policy query.
type ResetLocalStmt ¶
ResetLocalStmt resets a local variable to 0.
type ResultSetAddStmt ¶
ResultSetAddStmt adds a value into the result set returned by the query plan.
type ReturnLocalStmt ¶
ReturnLocalStmt represents a return statement that yields a local value.
type ScanStmt ¶
type ScanStmt struct { Source Local `json:"source"` Key Local `json:"key"` Value Local `json:"value"` Block *Block `json:"block"` Location }
ScanStmt represents a linear scan over a composite value. The source may be a scalar in which case the block will never execute.
type SetAddStmt ¶
SetAddStmt represents a dynamic add operation of an element into a set.
type Static ¶
type Static struct { Strings []*StringConst `json:"strings,omitempty"` BuiltinFuncs []*BuiltinFunc `json:"builtin_funcs,omitempty"` Files []*StringConst `json:"files,omitempty"` }
Static represents a static data segment that is indexed into by the policy.
type Stmt ¶
type Stmt interface {
// contains filtered or unexported methods
}
Stmt represents an operation (e.g., comparison, loop, dot, etc.) to execute.
type StringConst ¶
type StringConst struct {
Value string `json:"value"`
}
StringConst represents a string value.
type StringIndex ¶
type StringIndex int
StringIndex represents the index into the plan's list of constant strings of a constant string.
func (StringIndex) String ¶
func (s StringIndex) String() string
type Val ¶
Val represents an abstract value that statements operate on. There are currently 3 types of values:
1. Local - a local variable that can refer to any type. 2. StringIndex - a string constant that refers to a compiled string. 3. Bool - a boolean constant.
type Visitor ¶
type Visitor interface { Before(x interface{}) Visit(x interface{}) (Visitor, error) After(x interface{}) }
Visitor defines the interface for visiting IR nodes.
type WithStmt ¶
type WithStmt struct { Local Local `json:"local"` Path []int `json:"path"` Value Operand `json:"value"` Block *Block `json:"block"` Location }
WithStmt replaces the Local or a portion of the document referred to by the Local with the Value and executes the contained block. If the Path is non-empty, the Value is upserted into the Local. If the intermediate nodes in the Local referred to by the Path do not exist, they will be created. When the WithStmt finishes the Local is reset to it's original value.