model

package
v0.26.0-alpha.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 12, 2022 License: Apache-2.0 Imports: 16 Imported by: 3

README

This directory contains a port of https://github.com/google/cel-policy-templates-go/tree/master/policy/model modified in a few ways:

  • Uses the Structural schema types
  • All template related code has been removed

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// AnyType is equivalent to the CEL 'protobuf.Any' type in that the value may have any of the
	// types supported.
	AnyType = newSimpleTypeWithMinSize("any", cel.AnyType, nil, 1)

	// BoolType is equivalent to the CEL 'bool' type.
	BoolType = newSimpleTypeWithMinSize("bool", cel.BoolType, types.False, minBoolSize)

	// BytesType is equivalent to the CEL 'bytes' type.
	BytesType = newSimpleTypeWithMinSize("bytes", cel.BytesType, types.Bytes([]byte{}), minStringSize)

	// DoubleType is equivalent to the CEL 'double' type which is a 64-bit floating point value.
	DoubleType = newSimpleTypeWithMinSize("double", cel.DoubleType, types.Double(0), minNumberSize)

	// DurationType is equivalent to the CEL 'duration' type.
	DurationType = newSimpleTypeWithMinSize("duration", cel.DurationType, types.Duration{Duration: time.Duration(0)}, minDurationSizeJSON)

	// DateType is equivalent to the CEL 'date' type.
	DateType = newSimpleTypeWithMinSize("date", cel.TimestampType, types.Timestamp{Time: time.Time{}}, dateSizeJSON)

	// DynType is the equivalent of the CEL 'dyn' concept which indicates that the type will be
	// determined at runtime rather than compile time.
	DynType = newSimpleTypeWithMinSize("dyn", cel.DynType, nil, 1)

	// IntType is equivalent to the CEL 'int' type which is a 64-bit signed int.
	IntType = newSimpleTypeWithMinSize("int", cel.IntType, types.IntZero, minNumberSize)

	// NullType is equivalent to the CEL 'null_type'.
	NullType = newSimpleTypeWithMinSize("null_type", cel.NullType, types.NullValue, 4)

	// StringType is equivalent to the CEL 'string' type which is expected to be a UTF-8 string.
	// StringType values may either be string literals or expression strings.
	StringType = newSimpleTypeWithMinSize("string", cel.StringType, types.String(""), minStringSize)

	// TimestampType corresponds to the well-known protobuf.Timestamp type supported within CEL.
	// Note that both the OpenAPI date and date-time types map onto TimestampType, so not all types
	// labeled as Timestamp will necessarily have the same MinSerializedSize.
	TimestampType = newSimpleTypeWithMinSize("timestamp", cel.TimestampType, types.Timestamp{Time: time.Time{}}, dateSizeJSON)

	// UintType is equivalent to the CEL 'uint' type.
	UintType = newSimpleTypeWithMinSize("uint", cel.UintType, types.Uint(0), 1)

	// ListType is equivalent to the CEL 'list' type.
	ListType = NewListType(AnyType, noMaxLength)

	// MapType is equivalent to the CEL 'map' type.
	MapType = NewMapType(AnyType, AnyType, noMaxLength)
)
View Source
var (
	URLObject = decls.NewObjectType("kubernetes.URL")

	URLType = cel.ObjectType("kubernetes.URL")
)

Functions

func Escape

func Escape(ident string) (string, bool)

Escape escapes ident and returns a CEL identifier (of the form '[a-zA-Z_][a-zA-Z0-9_]*'), or returns false if the ident does not match the supported input format of `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`. Escaping Rules:

  • '__' escapes to '__underscores__'
  • '.' escapes to '__dot__'
  • '-' escapes to '__dash__'
  • '/' escapes to '__slash__'
  • Identifiers that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", "import", "let", loop", "package", "namespace", "return".

func FieldTypeMap

func FieldTypeMap(path string, t *DeclType) map[string]*DeclType

FieldTypeMap constructs a map of the field and object types nested within a given type.

func MaxCardinality

func MaxCardinality(minSize int64) uint64

MaxCardinality returns the maximum number of times data conforming to the minimum size given could possibly exist in an object serialized to JSON. For cases where a schema is contained under map or array schemas of unbounded size, this can be used as an estimate as the worst case number of times data matching the schema could be repeated. Note that this only assumes a single comma between data elements, so if the schema is contained under only maps, this estimates a higher cardinality that would be possible. DeclType.MinSerializedSize is meant to be passed to this function.

func Unescape

func Unescape(escaped string) (string, bool)

Unescape unescapes an CEL identifier containing the escape sequences described in Escape, or return false if the string contains invalid escape sequences. The escaped input is expected to be a valid CEL identifier, but is not checked.

func WithTypeAndObjectMeta

func WithTypeAndObjectMeta(s *schema.Structural) *schema.Structural

WithTypeAndObjectMeta ensures the kind, apiVersion and metadata.name and metadata.generateName properties are specified, making a shallow copy of the provided schema if needed.

Types

type DeclField

type DeclField struct {
	Name     string
	Type     *DeclType
	Required bool
	// contains filtered or unexported fields
}

DeclField describes the name, ordinal, and optionality of a field declaration within a type.

func (*DeclField) DefaultValue

func (f *DeclField) DefaultValue() ref.Val

DefaultValue returns the zero value associated with the field.

func (*DeclField) EnumValues

func (f *DeclField) EnumValues() []ref.Val

EnumValues returns the set of values that this field may take.

func (*DeclField) TypeName

func (f *DeclField) TypeName() string

TypeName returns the string type name of the field.

type DeclType

type DeclType struct {
	fmt.Stringer

	// Fields contains a map of escaped CEL identifier field names to field declarations.
	Fields      map[string]*DeclField
	KeyType     *DeclType
	ElemType    *DeclType
	TypeParam   bool
	Metadata    map[string]string
	MaxElements int64
	// MinSerializedSize represents the smallest possible size in bytes that
	// the DeclType could be serialized to in JSON.
	MinSerializedSize int64
	// contains filtered or unexported fields
}

DeclType represents the universal type descriptor for OpenAPIv3 types.

func NewListType

func NewListType(elem *DeclType, maxItems int64) *DeclType

NewListType returns a parameterized list type with a specified element type.

func NewMapType

func NewMapType(key, elem *DeclType, maxProperties int64) *DeclType

NewMapType returns a parameterized map type with the given key and element types.

func NewObjectType

func NewObjectType(name string, fields map[string]*DeclField) *DeclType

NewObjectType creates an object type with a qualified name and a set of field declarations.

func SchemaDeclType

func SchemaDeclType(s *schema.Structural, isResourceRoot bool) *DeclType

SchemaDeclType converts the structural schema to a CEL declaration, or returns nil if the the structural schema should not be exposed in CEL expressions. Set isResourceRoot to true for the root of a custom resource or embedded resource.

Schemas with XPreserveUnknownFields not exposed unless they are objects. Array and "maps" schemas are not exposed if their items or additionalProperties schemas are not exposed. Object Properties are not exposed if their schema is not exposed.

The CEL declaration for objects with XPreserveUnknownFields does not expose unknown fields.

func (*DeclType) CelType

func (t *DeclType) CelType() *cel.Type

CelType returns the CEL type of this declaration.

func (*DeclType) DefaultValue

func (t *DeclType) DefaultValue() ref.Val

DefaultValue returns the CEL ref.Val representing the default value for this object type, if one exists.

func (*DeclType) ExprType

func (t *DeclType) ExprType() (*exprpb.Type, error)

ExprType returns the CEL expression type of this declaration.

func (*DeclType) FindField

func (t *DeclType) FindField(name string) (*DeclField, bool)

FindField returns the DeclField with the given name if present.

func (*DeclType) HasTrait

func (t *DeclType) HasTrait(trait int) bool

HasTrait implements the CEL ref.Type interface making this type declaration suitable for use within the CEL evaluator.

func (*DeclType) IsList

func (t *DeclType) IsList() bool

IsList returns whether the declaration is a `list` type which defines a parameterized element type, but not a parameterized key type or fields.

func (*DeclType) IsMap

func (t *DeclType) IsMap() bool

IsMap returns whether the declaration is a 'map' type which defines parameterized key and element types, but not fields.

func (*DeclType) IsObject

func (t *DeclType) IsObject() bool

IsObject returns whether the declartion is an 'object' type which defined a set of typed fields.

func (*DeclType) MaybeAssignTypeName

func (t *DeclType) MaybeAssignTypeName(name string) *DeclType

MaybeAssignTypeName attempts to set the DeclType name to a fully qualified name, if the type is of `object` type.

The DeclType must return true for `IsObject` or this assignment will error.

func (*DeclType) String

func (t *DeclType) String() string

String implements the fmt.Stringer interface method.

func (*DeclType) TypeName

func (t *DeclType) TypeName() string

TypeName returns the fully qualified type name for the DeclType.

type DynValue

type DynValue struct {
	ID          int64
	EncodeStyle EncodeStyle
	// contains filtered or unexported fields
}

DynValue is a dynamically typed value used to describe unstructured content. Whether the value has the desired type is determined by where it is used within the Instance or Template, and whether there are schemas which might enforce a more rigid type definition.

func NewDynValue

func NewDynValue(id int64, val interface{}) (*DynValue, error)

NewDynValue returns a DynValue that corresponds to a parse node id and value.

func NewEmptyDynValue

func NewEmptyDynValue() *DynValue

NewEmptyDynValue returns the zero-valued DynValue.

func (*DynValue) ConvertToNative

func (dv *DynValue) ConvertToNative(typeDesc reflect.Type) (interface{}, error)

ConvertToNative is an implementation of the CEL ref.Val method used to adapt between CEL types and Go-native types.

The default behavior of this method is to first convert to a CEL type which has a well-defined set of conversion behaviors and proxy to the CEL ConvertToNative method for the type.

func (*DynValue) DeclType

func (dv *DynValue) DeclType() *DeclType

DeclType returns the policy model type of the dyn value.

func (*DynValue) Equal

func (dv *DynValue) Equal(other ref.Val) ref.Val

Equal returns whether the dyn value is equal to a given CEL value.

func (*DynValue) ExprValue

func (dv *DynValue) ExprValue() ref.Val

ExprValue converts the DynValue into a CEL value.

func (*DynValue) SetValue

func (dv *DynValue) SetValue(value interface{}) error

SetValue updates the underlying value held by this reference.

func (*DynValue) Type

func (dv *DynValue) Type() ref.Type

Type returns the CEL type for the given value.

func (*DynValue) Value

func (dv *DynValue) Value() interface{}

Value returns the underlying value held by this reference.

type EncodeStyle

type EncodeStyle int

EncodeStyle is a hint for string encoding of parsed values.

const (
	// BlockValueStyle is the default string encoding which preserves whitespace and newlines.
	BlockValueStyle EncodeStyle = iota

	// FlowValueStyle indicates that the string is an inline representation of complex types.
	FlowValueStyle

	// FoldedValueStyle is a multiline string with whitespace and newlines trimmed to a single
	// a whitespace. Repeated newlines are replaced with a single newline rather than a single
	// whitespace.
	FoldedValueStyle

	// LiteralStyle is a multiline string that preserves newlines, but trims all other whitespace
	// to a single character.
	LiteralStyle
)

type Field

type Field struct {
	ID   int64
	Name string
	Ref  *DynValue
}

Field specifies a field name and a reference to a dynamic value.

func NewField

func NewField(id int64, name string) *Field

NewField returns a MapField instance with an empty DynValue that refers to the specified parse node id and field name.

type ListValue

type ListValue struct {
	Entries []*DynValue
	// contains filtered or unexported fields
}

ListValue contains a list of dynamically typed entries.

func NewListValue

func NewListValue() *ListValue

NewListValue returns an empty ListValue instance.

func (*ListValue) Add

func (lv *ListValue) Add(other ref.Val) ref.Val

Add concatenates two lists together to produce a new CEL list value.

func (*ListValue) Append

func (lv *ListValue) Append(entry *DynValue)

Append adds another entry into the ListValue.

func (*ListValue) Contains

func (lv *ListValue) Contains(val ref.Val) ref.Val

Contains returns whether the input `val` is equal to an element in the list.

If any pair-wise comparison between the input value and the list element is an error, the operation will return an error.

func (*ListValue) ConvertToNative

func (lv *ListValue) ConvertToNative(typeDesc reflect.Type) (interface{}, error)

ConvertToNative is an implementation of the CEL ref.Val method used to adapt between CEL types and Go-native array-like types.

func (*ListValue) ConvertToType

func (lv *ListValue) ConvertToType(t ref.Type) ref.Val

ConvertToType converts the ListValue to another CEL type.

func (*ListValue) Equal

func (lv *ListValue) Equal(other ref.Val) ref.Val

Equal returns true if two lists are of the same size, and the values at each index are also equal.

func (*ListValue) Get

func (lv *ListValue) Get(idx ref.Val) ref.Val

Get returns the value at the given index.

If the index is negative or greater than the size of the list, an error is returned.

func (*ListValue) Iterator

func (lv *ListValue) Iterator() traits.Iterator

Iterator produces a traits.Iterator suitable for use in CEL comprehension macros.

func (*ListValue) Size

func (lv *ListValue) Size() ref.Val

Size returns the number of elements in the list.

func (*ListValue) Type

func (lv *ListValue) Type() ref.Type

Type returns the CEL ref.Type for the list.

func (*ListValue) Value

func (lv *ListValue) Value() interface{}

Value returns the Go-native value.

type MapValue

type MapValue struct {
	// contains filtered or unexported fields
}

MapValue declares an object with a set of named fields whose values are dynamically typed.

func NewMapValue

func NewMapValue() *MapValue

NewMapValue returns an empty MapValue.

func (MapValue) AddField

func (sv MapValue) AddField(field *Field)

AddField appends a MapField to the MapValue and indexes the field by name.

func (*MapValue) Contains

func (m *MapValue) Contains(key ref.Val) ref.Val

Contains returns whether the given key is contained in the MapValue.

func (MapValue) ConvertToNative

func (sv MapValue) ConvertToNative(typeDesc reflect.Type) (interface{}, error)

ConvertToNative converts the MapValue type to a native go types.

func (*MapValue) ConvertToObject

func (m *MapValue) ConvertToObject(declType *DeclType) *ObjectValue

ConvertToObject produces an ObjectValue from the MapValue with the associated schema type.

The conversion is shallow and the memory shared between the Object and Map as all references to the map are expected to be replaced with the Object reference.

func (*MapValue) ConvertToType

func (m *MapValue) ConvertToType(t ref.Type) ref.Val

ConvertToType converts the MapValue to another CEL type, if possible.

func (*MapValue) Equal

func (m *MapValue) Equal(other ref.Val) ref.Val

Equal returns true if the maps are of the same size, have the same keys, and the key-values from each map are equal.

func (*MapValue) Find

func (m *MapValue) Find(name ref.Val) (ref.Val, bool)

Find returns the value for the key in the map, if found.

func (*MapValue) Get

func (m *MapValue) Get(key ref.Val) ref.Val

Get returns the value for the key in the map, or error if not found.

func (MapValue) GetField

func (sv MapValue) GetField(name string) (*Field, bool)

GetField returns a MapField by name if one exists.

func (MapValue) IsSet

func (sv MapValue) IsSet(key ref.Val) ref.Val

IsSet returns whether the given field, which is defined, has also been set.

func (*MapValue) Iterator

func (m *MapValue) Iterator() traits.Iterator

Iterator produces a traits.Iterator which walks over the map keys.

The Iterator is frequently used within comprehensions.

func (*MapValue) Size

func (m *MapValue) Size() ref.Val

Size returns the number of keys in the map.

func (*MapValue) Type

func (m *MapValue) Type() ref.Type

Type returns the CEL ref.Type for the map.

func (*MapValue) Value

func (m *MapValue) Value() interface{}

Value returns the Go-native representation of the MapValue.

type MultilineStringValue

type MultilineStringValue struct {
	Value string
	Raw   string
}

MultilineStringValue is a multiline string value which has been parsed in a way which omits whitespace as well as a raw form which preserves whitespace.

type ObjectValue

type ObjectValue struct {
	// contains filtered or unexported fields
}

ObjectValue is a struct with a custom schema type which indicates the fields and types associated with the structure.

func NewObjectValue

func NewObjectValue(sType *DeclType) *ObjectValue

NewObjectValue creates a struct value with a schema type and returns the empty ObjectValue.

func (ObjectValue) AddField

func (sv ObjectValue) AddField(field *Field)

AddField appends a MapField to the MapValue and indexes the field by name.

func (ObjectValue) ConvertToNative

func (sv ObjectValue) ConvertToNative(typeDesc reflect.Type) (interface{}, error)

ConvertToNative converts the MapValue type to a native go types.

func (*ObjectValue) ConvertToType

func (o *ObjectValue) ConvertToType(t ref.Type) ref.Val

ConvertToType is an implementation of the CEL ref.Val interface method.

func (*ObjectValue) Equal

func (o *ObjectValue) Equal(other ref.Val) ref.Val

Equal returns true if the two object types are equal and their field values are equal.

func (*ObjectValue) Get

func (o *ObjectValue) Get(name ref.Val) ref.Val

Get returns the value of the specified field.

If the field is set, its value is returned. If the field is not set, the default value for the field is returned thus allowing for safe-traversal and preserving proto-like field traversal semantics for Open API Schema backed types.

func (ObjectValue) GetField

func (sv ObjectValue) GetField(name string) (*Field, bool)

GetField returns a MapField by name if one exists.

func (ObjectValue) IsSet

func (sv ObjectValue) IsSet(key ref.Val) ref.Val

IsSet returns whether the given field, which is defined, has also been set.

func (*ObjectValue) Type

func (o *ObjectValue) Type() ref.Type

Type returns the CEL type value of the object.

func (*ObjectValue) Value

func (o *ObjectValue) Value() interface{}

Value returns the Go-native representation of the object.

type PlainTextValue

type PlainTextValue string

PlainTextValue is a text string literal which must not be treated as an expression.

type Registry

type Registry struct {
	// contains filtered or unexported fields
}

Registry defines a repository of environment, schema, template, and type definitions.

Registry instances are concurrency-safe.

func NewRegistry

func NewRegistry(stdExprEnv *cel.Env) *Registry

NewRegistry create a registry for keeping track of environments, schemas, templates, and more from a base cel.Env expression environment.

func (*Registry) FindType

func (r *Registry) FindType(name string) (*DeclType, bool)

FindType implements the Resolver interface method.

func (*Registry) SetType

func (r *Registry) SetType(name string, declType *DeclType) error

SetType registers a DeclType descriptor by its fully qualified name.

type Resolver

type Resolver interface {
	// FindType returns a DeclType instance corresponding to the given fully-qualified name, if
	// present.
	FindType(name string) (*DeclType, bool)
}

Resolver declares methods to find policy templates and related configuration objects.

type RuleTypes

type RuleTypes struct {
	ref.TypeProvider
	// contains filtered or unexported fields
}

RuleTypes extends the CEL ref.TypeProvider interface and provides an Open API Schema-based type-system.

func NewRuleTypes

func NewRuleTypes(kind string,
	declType *DeclType,
	res Resolver) (*RuleTypes, error)

NewRuleTypes returns an Open API Schema-based type-system which is CEL compatible.

func (*RuleTypes) EnvOptions

func (rt *RuleTypes) EnvOptions(tp ref.TypeProvider) ([]cel.EnvOption, error)

EnvOptions returns a set of cel.EnvOption values which includes the declaration set as well as a custom ref.TypeProvider.

Note, the standard declaration set includes 'rule' which is defined as the top-level rule-schema type if one is configured.

If the RuleTypes value is nil, an empty []cel.EnvOption set is returned.

func (*RuleTypes) FindDeclType

func (rt *RuleTypes) FindDeclType(typeName string) (*DeclType, bool)

FindDeclType returns the CPT type description which can be mapped to a CEL type.

func (*RuleTypes) FindFieldType

func (rt *RuleTypes) FindFieldType(typeName, fieldName string) (*ref.FieldType, bool)

FindFieldType returns a field type given a type name and field name, if found.

Note, the type name for an Open API Schema type is likely to be its qualified object path. If, in the future an object instance rather than a type name were provided, the field resolution might more accurately reflect the expected type model. However, in this case concessions were made to align with the existing CEL interfaces.

func (*RuleTypes) FindType

func (rt *RuleTypes) FindType(typeName string) (*exprpb.Type, bool)

FindType attempts to resolve the typeName provided from the rule's rule-schema, or if not from the embedded ref.TypeProvider.

FindType overrides the default type-finding behavior of the embedded TypeProvider.

Note, when the type name is based on the Open API Schema, the name will reflect the object path where the type definition appears.

func (*RuleTypes) NativeToValue

func (rt *RuleTypes) NativeToValue(val interface{}) ref.Val

NativeToValue is an implementation of the ref.TypeAdapater interface which supports conversion of rule values to CEL ref.Val instances.

func (*RuleTypes) TypeNames

func (rt *RuleTypes) TypeNames() []string

TypeNames returns the list of type names declared within the RuleTypes object.

type URL

type URL struct {
	*url.URL
}

URL provides a CEL representation of a URL.

func (URL) ConvertToNative

func (d URL) ConvertToNative(typeDesc reflect.Type) (interface{}, error)

ConvertToNative implements ref.Val.ConvertToNative.

func (URL) ConvertToType

func (d URL) ConvertToType(typeVal ref.Type) ref.Val

ConvertToType implements ref.Val.ConvertToType.

func (URL) Equal

func (d URL) Equal(other ref.Val) ref.Val

Equal implements ref.Val.Equal.

func (URL) Type

func (d URL) Type() ref.Type

Type implements ref.Val.Type.

func (URL) Value

func (d URL) Value() interface{}

Value implements ref.Val.Value.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL