language

Documentation

Index

• Variables
• func CreateFunctionBindings(ctx map[string]interface{}) map[string]interface{}
• func HasRole(principal map[string]interface{}, role string) bool
• func ValidateBuiltinFunctionCall(name string, args []interface{}) error
• type BuiltinFunctions
  • func NewBuiltinFunctions(ctx map[string]interface{}) *BuiltinFunctions
  • func (b *BuiltinFunctions) DaysSince(timestamp time.Time) int64
  • func (b *BuiltinFunctions) HasAllRoles(roles []string) bool
  • func (b *BuiltinFunctions) HasAnyRole(roles []string) bool
  • func (b *BuiltinFunctions) HasRole(role string) bool
  • func (b *BuiltinFunctions) HoursSince(timestamp time.Time) int64
  • func (b *BuiltinFunctions) IPInRange(cidrs []string) bool
  • func (b *BuiltinFunctions) InOrg(orgID string) bool
  • func (b *BuiltinFunctions) InTimeRange(start, end string) bool
  • func (b *BuiltinFunctions) IsMemberOf(orgID string) bool
  • func (b *BuiltinFunctions) IsWeekday() bool
  • func (b *BuiltinFunctions) ResourceMatches(pattern string) bool
• type Parser
  • func NewParser() (*Parser, error)
  • func (p *Parser) ExpressionComplexity(ast *cel.Ast) int
  • func (p *Parser) GetFunctionHelp() map[string]string
  • func (p *Parser) Parse(expression string) (*cel.Ast, error)
  • func (p *Parser) Program(ast *cel.Ast, opts ...cel.ProgramOption) (cel.Program, error)
  • func (p *Parser) ValidateExpression(expression string) error

Variables

var ExampleExpressions = map[string]string{
	"owner_only":      `resource.owner == principal.id`,
	"admin_or_owner":  `principal.roles.exists(r, r == "admin") || resource.owner == principal.id`,
	"business_hours":  `is_weekday()`,
	"team_members":    `principal.team_id == resource.team_id`,
	"public_or_owner": `resource.visibility == "public" || resource.owner == principal.id`,
	"complex_abac":    `resource.confidentiality == "public" || (resource.confidentiality == "internal" && principal.org_id == resource.org_id) || resource.owner == principal.id`,
}

Example expressions for testing

Functions

func CreateFunctionBindings

func CreateFunctionBindings(ctx map[string]interface{}) map[string]interface{}

CreateFunctionBindings creates function bindings for CEL evaluation

func HasRole

func HasRole(principal map[string]interface{}, role string) bool

Helper function to check if a principal has a role (used by evaluator in Week 2+)

func ValidateBuiltinFunctionCall

func ValidateBuiltinFunctionCall(name string, args []interface{}) error

ValidateBuiltinFunctionCall validates a builtin function call

Types

type BuiltinFunctions

type BuiltinFunctions struct {
	// contains filtered or unexported fields
}

BuiltinFunctions provides runtime implementations of custom functions

func NewBuiltinFunctions

func NewBuiltinFunctions(ctx map[string]interface{}) *BuiltinFunctions

NewBuiltinFunctions creates a new builtin functions handler

func (*BuiltinFunctions) DaysSince

func (b *BuiltinFunctions) DaysSince(timestamp time.Time) int64

DaysSince calculates days since a timestamp

func (*BuiltinFunctions) HasAllRoles

func (b *BuiltinFunctions) HasAllRoles(roles []string) bool

HasAllRoles checks if principal has all specified roles

func (*BuiltinFunctions) HasAnyRole

func (b *BuiltinFunctions) HasAnyRole(roles []string) bool

HasAnyRole checks if principal has any of the specified roles

func (*BuiltinFunctions) HasRole

func (b *BuiltinFunctions) HasRole(role string) bool

HasRole checks if principal has a specific role

func (*BuiltinFunctions) HoursSince

func (b *BuiltinFunctions) HoursSince(timestamp time.Time) int64

HoursSince calculates hours since a timestamp

func (*BuiltinFunctions) IPInRange

func (b *BuiltinFunctions) IPInRange(cidrs []string) bool

IPInRange checks if request IP is in any of the specified CIDR ranges

func (*BuiltinFunctions) InOrg

func (b *BuiltinFunctions) InOrg(orgID string) bool

InOrg checks if resource belongs to an organization

func (*BuiltinFunctions) InTimeRange

func (b *BuiltinFunctions) InTimeRange(start, end string) bool

InTimeRange checks if current time is within specified range (UTC, 24h format)

func (*BuiltinFunctions) IsMemberOf

func (b *BuiltinFunctions) IsMemberOf(orgID string) bool

IsMemberOf checks if principal is member of an organization

func (*BuiltinFunctions) IsWeekday

func (b *BuiltinFunctions) IsWeekday() bool

IsWeekday checks if current day is Monday-Friday

func (*BuiltinFunctions) ResourceMatches

func (b *BuiltinFunctions) ResourceMatches(pattern string) bool

ResourceMatches checks if resource ID matches a wildcard pattern

type Parser

type Parser struct {
	// contains filtered or unexported fields
}

Parser handles CEL expression parsing with AuthSome-specific context

func NewParser

func NewParser() (*Parser, error)

NewParser creates a new CEL parser with AuthSome context variables and functions

func (*Parser) ExpressionComplexity

func (p *Parser) ExpressionComplexity(ast *cel.Ast) int

ExpressionComplexity estimates the complexity of an expression (operation count)

func (*Parser) GetFunctionHelp

func (p *Parser) GetFunctionHelp() map[string]string

GetFunctionHelp returns documentation for available functions

func (*Parser) Parse

func (p *Parser) Parse(expression string) (*cel.Ast, error)

Parse compiles a CEL expression and returns the AST

func (*Parser) Program

func (p *Parser) Program(ast *cel.Ast, opts ...cel.ProgramOption) (cel.Program, error)

Program creates an executable program from an AST

func (*Parser) ValidateExpression

func (p *Parser) ValidateExpression(expression string) error

ValidateExpression checks if an expression is valid without creating a full program