celtransformer

package
v0.31.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 5, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package celtransformer is an implementation of upstream-to-downstream identity transformations and policies using CEL scripts.

The CEL language is documented in https://github.com/google/cel-spec/blob/master/doc/langdef.md with optional extensions documented in https://github.com/google/cel-go/tree/master/ext.

Index

Constants

View Source
const (
	DefaultPolicyRejectedAuthMessage = "authentication was rejected by a configured policy"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AllowAuthenticationPolicy

type AllowAuthenticationPolicy struct {
	Expression                    string
	RejectedAuthenticationMessage string
}

AllowAuthenticationPolicy is a CEL expression that can allow the authentication to proceed by returning true. It implements CELTransformation. When the CEL expression returns false, the authentication is rejected and the RejectedAuthenticationMessage is used. When RejectedAuthenticationMessage is empty, a default message will be used for rejected authentications.

type CELTransformation

type CELTransformation interface {
	// contains filtered or unexported methods
}

CELTransformation can be compiled into an IdentityTransformation.

type CELTransformationSource

type CELTransformationSource struct {
	Expr   CELTransformation
	Consts *TransformationConstants
}

type CELTransformer

type CELTransformer struct {
	// contains filtered or unexported fields
}

CELTransformer can compile any number of transformation expression pipelines. Each compiled pipeline can be cached in memory for later thread-safe evaluation.

func NewCELTransformer

func NewCELTransformer(maxExpressionRuntime time.Duration) (*CELTransformer, error)

NewCELTransformer returns a CELTransformer. A running process should only need one instance of a CELTransformer.

func (*CELTransformer) CompileTransformation

CompileTransformation compiles a CEL-based identity transformation expression. The compiled transform can be cached in memory and executed repeatedly and in a thread-safe way. The caller must not modify the consts param struct after calling this function to allow the returned IdentityTransformation to use it as a thread-safe read-only structure.

type GroupsTransformation

type GroupsTransformation struct {
	Expression string
}

GroupsTransformation is a CEL expression that can transform a list of group names (or leave it unchanged). It implements CELTransformation.

type TransformationConstants

type TransformationConstants struct {
	// A map of variable names to their string values. If a key "x" has value "123", then it will be available
	// to CEL expressions as the variable `strConst.x` with value `"123"`.
	StringConstants map[string]string
	// A map of variable names to their string list values. If a key "x" has value []string{"123","456"},
	// then it will be available to CEL expressions as the variable `strListConst.x` with value `["123","456"]`.
	StringListConstants map[string][]string
}

TransformationConstants can be used to make more variables available to compiled CEL expressions for convenience.

type UsernameTransformation

type UsernameTransformation struct {
	Expression string
}

UsernameTransformation is a CEL expression that can transform a username (or leave it unchanged). It implements CELTransformation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL