cel

package
v0.27.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 13, 2023 License: Apache-2.0 Imports: 19 Imported by: 15

Documentation

Index

Constants

View Source
const (
	ObjectVarName                    = "object"
	OldObjectVarName                 = "oldObject"
	ParamsVarName                    = "params"
	RequestVarName                   = "request"
	AuthorizerVarName                = "authorizer"
	RequestResourceAuthorizerVarName = "authorizer.requestResource"
)

Variables

This section is empty.

Functions

func BuildRequestType

func BuildRequestType() *apiservercel.DeclType

BuildRequestType generates a DeclType for AdmissionRequest. This may be replaced with a utility that converts the native type definition to apiservercel.DeclType once such a utility becomes available. The 'uid' field is omitted since it is not needed for in-process admission review. The 'object' and 'oldObject' fields are omitted since they are exposed as root level CEL variables.

Types

type CompilationResult

type CompilationResult struct {
	Program            cel.Program
	Error              *apiservercel.Error
	ExpressionAccessor ExpressionAccessor
}

CompilationResult represents a compiled validations expression.

func CompileCELExpression

func CompileCELExpression(expressionAccessor ExpressionAccessor, optionalVars OptionalVariableDeclarations, perCallLimit uint64) CompilationResult

CompileCELExpression returns a compiled CEL expression. perCallLimit was added for testing purpose only. Callers should always use const PerCallLimit from k8s.io/apiserver/pkg/apis/cel/config.go as input.

type EvaluationResult

type EvaluationResult struct {
	EvalResult         ref.Val
	ExpressionAccessor ExpressionAccessor
	Elapsed            time.Duration
	Error              error
}

EvaluationResult contains the minimal required fields and metadata of a cel evaluation

type ExpressionAccessor

type ExpressionAccessor interface {
	GetExpression() string
	ReturnTypes() []*cel.Type
}

type Filter

type Filter interface {
	// ForInput converts compiled CEL-typed values into evaluated CEL-typed value.
	// runtimeCELCostBudget was added for testing purpose only. Callers should always use const RuntimeCELCostBudget from k8s.io/apiserver/pkg/apis/cel/config.go as input.
	// If cost budget is calculated, the filter should return the remaining budget.
	ForInput(ctx context.Context, versionedAttr *admission.VersionedAttributes, request *v1.AdmissionRequest, optionalVars OptionalVariableBindings, runtimeCELCostBudget int64) ([]EvaluationResult, int64, error)

	// CompilationErrors returns a list of errors from the compilation of the evaluator
	CompilationErrors() []error
}

Filter contains a function to evaluate compiled CEL-typed values It expects the inbound object to already have been converted to the version expected by the underlying CEL code (which is indicated by the match criteria of a policy definition). versionedParams may be nil.

func NewFilter

func NewFilter(compilationResults []CompilationResult) Filter

type FilterCompiler

type FilterCompiler interface {
	// Compile is used for the cel expression compilation
	// perCallLimit was added for testing purpose only. Callers should always use const PerCallLimit from k8s.io/apiserver/pkg/apis/cel/config.go as input.
	Compile(expressions []ExpressionAccessor, optionalDecls OptionalVariableDeclarations, perCallLimit uint64) Filter
}

FilterCompiler contains a function to assist with converting types and values to/from CEL-typed values.

func NewFilterCompiler

func NewFilterCompiler() FilterCompiler

type OptionalVariableBindings

type OptionalVariableBindings struct {
	// VersionedParams provides the "params" variable binding. This variable binding may
	// be set to nil even when OptionalVariableDeclarations.HashParams is set to true.
	VersionedParams runtime.Object
	// Authorizer provides the authorizer used for the "authorizer" and
	// "authorizer.requestResource" variable bindings. If the expression was compiled with
	// OptionalVariableDeclarations.HasAuthorizer set to true this must be non-nil.
	Authorizer authorizer.Authorizer
}

OptionalVariableBindings provides expression bindings for optional CEL variables.

type OptionalVariableDeclarations

type OptionalVariableDeclarations struct {
	// HasParams specifies if the "params" variable is declared.
	// The "params" variable may still be bound to "null" when declared.
	HasParams bool
	// HasAuthorizer specifies if the"authorizer" and "authorizer.requestResource"
	// variables are declared. When declared, the authorizer variables are
	// expected to be non-null.
	HasAuthorizer bool
}

OptionalVariableDeclarations declares which optional CEL variables are declared for an expression.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL