cel

package
v0.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2024 License: Apache-2.0 Imports: 8 Imported by: 1

Documentation

Overview

Package cel contains the CEL related interfaces and structs for authentication.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CELMapper

type CELMapper struct {
	Username             ClaimsMapper
	Groups               ClaimsMapper
	UID                  ClaimsMapper
	Extra                ClaimsMapper
	ClaimValidationRules ClaimsMapper
	UserValidationRules  UserMapper
}

CELMapper is a struct that holds the compiled expressions for username, groups, uid, extra, claimValidation and userValidation

type ClaimMappingExpression

type ClaimMappingExpression struct {
	Expression string
}

ClaimMappingExpression is a CEL expression that maps a claim.

func (*ClaimMappingExpression) GetExpression

func (v *ClaimMappingExpression) GetExpression() string

GetExpression returns the CEL expression.

func (*ClaimMappingExpression) ReturnTypes

func (v *ClaimMappingExpression) ReturnTypes() []*celgo.Type

ReturnTypes returns the CEL expression return types.

type ClaimValidationCondition

type ClaimValidationCondition struct {
	Expression string
	Message    string
}

ClaimValidationCondition is a CEL expression that validates a claim.

func (*ClaimValidationCondition) GetExpression

func (v *ClaimValidationCondition) GetExpression() string

GetExpression returns the CEL expression.

func (*ClaimValidationCondition) ReturnTypes

func (v *ClaimValidationCondition) ReturnTypes() []*celgo.Type

ReturnTypes returns the CEL expression return types.

type ClaimsMapper

type ClaimsMapper interface {
	// EvalClaimMapping evaluates the given claim mapping expression and returns a EvaluationResult.
	// This is used for username, groups and uid claim mapping that contains a single expression.
	EvalClaimMapping(ctx context.Context, claims *unstructured.Unstructured) (EvaluationResult, error)
	// EvalClaimMappings evaluates the given expressions and returns a list of EvaluationResult.
	// This is used for extra claim mapping and claim validation that contains a list of expressions.
	EvalClaimMappings(ctx context.Context, claims *unstructured.Unstructured) ([]EvaluationResult, error)
}

ClaimsMapper provides a CEL expression mapper configured with the claims CEL variable.

func NewClaimsMapper

func NewClaimsMapper(compilationResults []CompilationResult) ClaimsMapper

NewClaimsMapper returns a new ClaimsMapper.

type CompilationResult

type CompilationResult struct {
	Program            celgo.Program
	AST                *celgo.Ast
	ExpressionAccessor ExpressionAccessor
}

CompilationResult represents a compiled validations expression.

type Compiler

type Compiler interface {
	CompileClaimsExpression(expressionAccessor ExpressionAccessor) (CompilationResult, error)
	CompileUserExpression(expressionAccessor ExpressionAccessor) (CompilationResult, error)
}

Compiler provides a CEL expression compiler configured with the desired authentication related CEL variables.

func NewCompiler

func NewCompiler(env *environment.EnvSet) Compiler

NewCompiler returns a new Compiler.

func NewDefaultCompiler added in v0.32.0

func NewDefaultCompiler() Compiler

NewDefaultCompiler returns a new Compiler following the default compatibility version. Note: the compiler construction depends on feature gates and the compatibility version to be initialized.

type EvaluationResult

type EvaluationResult struct {
	EvalResult         ref.Val
	ExpressionAccessor ExpressionAccessor
}

EvaluationResult contains the minimal required fields and metadata of a cel evaluation

type ExpressionAccessor

type ExpressionAccessor interface {
	GetExpression() string
	ReturnTypes() []*celgo.Type
}

ExpressionAccessor is an interface that provides access to a CEL expression.

type ExtraMappingExpression

type ExtraMappingExpression struct {
	Key        string
	Expression string
}

ExtraMappingExpression is a CEL expression that maps an extra to a list of values.

func (*ExtraMappingExpression) GetExpression

func (v *ExtraMappingExpression) GetExpression() string

GetExpression returns the CEL expression.

func (*ExtraMappingExpression) ReturnTypes

func (v *ExtraMappingExpression) ReturnTypes() []*celgo.Type

ReturnTypes returns the CEL expression return types.

type UserMapper

type UserMapper interface {
	// EvalUser evaluates the given user expressions and returns a list of EvaluationResult.
	// This is used for user validation that contains a list of expressions.
	EvalUser(ctx context.Context, userInfo *unstructured.Unstructured) ([]EvaluationResult, error)
}

UserMapper provides a CEL expression mapper configured with the user CEL variable.

func NewUserMapper

func NewUserMapper(compilationResults []CompilationResult) UserMapper

NewUserMapper returns a new UserMapper.

type UserValidationCondition

type UserValidationCondition struct {
	Expression string
	Message    string
}

UserValidationCondition is a CEL expression that validates a User.

func (*UserValidationCondition) GetExpression

func (v *UserValidationCondition) GetExpression() string

GetExpression returns the CEL expression.

func (*UserValidationCondition) ReturnTypes

func (v *UserValidationCondition) ReturnTypes() []*celgo.Type

ReturnTypes returns the CEL expression return types.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL