ast

package
v0.63.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 28, 2024 License: Apache-2.0 Imports: 35 Imported by: 591

Documentation

Overview

Package ast declares Rego syntax tree types and also includes a parser and compiler for preparing policies for execution in the policy engine.

Rego policies are defined using a relatively small set of types: modules, package and import declarations, rules, expressions, and terms. At their core, policies consist of rules that are defined by one or more expressions over documents available to the policy engine. The expressions are defined by intrinsic values (terms) such as strings, objects, variables, etc.

Rego policies are typically defined in text files and then parsed and compiled by the policy engine at runtime. The parsing stage takes the text or string representation of the policy and converts it into an abstract syntax tree (AST) that consists of the types mentioned above. The AST is organized as follows: 

Module
 |
 +--- Package (Reference)
 |
 +--- Imports
 |     |
 |     +--- Import (Term)
 |
 +--- Rules
       |
       +--- Rule
             |
             +--- Head
             |     |
             |     +--- Name (Variable)
             |     |
             |     +--- Key (Term)
             |     |
             |     +--- Value (Term)
             |
             +--- Body
                   |
                   +--- Expression (Term | Terms | Variable Declaration)

At query time, the policy engine expects policies to have been compiled. The compilation stage takes one or more modules and compiles them into a format that the policy engine supports.

nolint: deadcode // Public API.

Index

Examples

Constants

View Source 
const (
	// ParseErr indicates an unclassified parse error occurred.
	ParseErr = "rego_parse_error"

	// CompileErr indicates an unclassified compile error occurred.
	CompileErr = "rego_compile_error"

	// TypeErr indicates a type error was caught.
	TypeErr = "rego_type_error"

	// UnsafeVarErr indicates an unsafe variable was found during compilation.
	UnsafeVarErr = "rego_unsafe_var_error"

	// RecursionErr indicates recursion was found during compilation.
	RecursionErr = "rego_recursion_error"
)
View Source 
const (
	// CompleteDoc represents a document that is completely defined by the rule.
	CompleteDoc = iota

	// PartialSetDoc represents a set document that is partially defined by the rule.
	PartialSetDoc

	// PartialObjectDoc represents an object document that is partially defined by the rule.
	PartialObjectDoc
)
View Source 
const (
	SingleValue = iota
	MultiValue
)
View Source 
const CompileErrorLimitDefault = 10

CompileErrorLimitDefault is the default number errors a compiler will allow before exiting.

View Source 
const FeatureRefHeadStringPrefixes = "rule_head_ref_string_prefixes"

In the compiler, we used this to check that we're OK working with ref heads. If this isn't present, we'll fail. This is to ensure that older versions of OPA can work with policies that we're compiling -- if they don't know ref heads, they wouldn't be able to parse them.

View Source 
const FeatureRefHeads = "rule_head_refs"
View Source 
const FeatureRegoV1Import = "rego_v1_import"

Variables

View Source 
var Abs = &Builtin{
	Name:        "abs",
	Description: "Returns the number without its sign.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
		),
		types.Named("y", types.N).Description("the absolute value of `x`"),
	),
	Categories: number,
}
View Source 
var AddDate = &Builtin{
	Name:        "time.add_date",
	Description: "Returns the nanoseconds since epoch after adding years, months and days to nanoseconds. Month & day values outside their usual ranges after the operation and will be normalized - for example, October 32 would become November 1. `undefined` if the result would be outside the valid time range that can fit within an `int64`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("ns", types.N).Description("nanoseconds since the epoch"),
			types.Named("years", types.N),
			types.Named("months", types.N),
			types.Named("days", types.N),
		),
		types.Named("output", types.N).Description("nanoseconds since the epoch representing the input time, with years, months and days added"),
	),
}
View Source 
var All = &Builtin{
	Name: "all",
	Decl: types.NewFunction(
		types.Args(
			types.NewAny(
				types.NewSet(types.A),
				types.NewArray(nil, types.A),
			),
		),
		types.B,
	),
	deprecated: true,
}

All takes a list and returns true if all of the items are true. A collection of length 0 returns true.

View Source 
var And = &Builtin{
	Name:        "and",
	Infix:       "&",
	Description: "Returns the intersection of two sets.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.NewSet(types.A)),
			types.Named("y", types.NewSet(types.A)),
		),
		types.Named("z", types.NewSet(types.A)).Description("the intersection of `x` and `y`"),
	),
	Categories: sets,
}
View Source 
var Any = &Builtin{
	Name: "any",
	Decl: types.NewFunction(
		types.Args(
			types.NewAny(
				types.NewSet(types.A),
				types.NewArray(nil, types.A),
			),
		),
		types.B,
	),
	deprecated: true,
}

Any takes a collection and returns true if any of the items is true. A collection of length 0 returns false.

View Source 
var AnyPrefixMatch = &Builtin{
	Name:        "strings.any_prefix_match",
	Description: "Returns true if any of the search strings begins with any of the base strings.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("search", types.NewAny(
				types.S,
				types.NewSet(types.S),
				types.NewArray(nil, types.S),
			)).Description("search string(s)"),
			types.Named("base", types.NewAny(
				types.S,
				types.NewSet(types.S),
				types.NewArray(nil, types.S),
			)).Description("base string(s)"),
		),
		types.Named("result", types.B).Description("result of the prefix check"),
	),
	Categories: stringsCat,
}
View Source 
var AnySuffixMatch = &Builtin{
	Name:        "strings.any_suffix_match",
	Description: "Returns true if any of the search strings ends with any of the base strings.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("search", types.NewAny(
				types.S,
				types.NewSet(types.S),
				types.NewArray(nil, types.S),
			)).Description("search string(s)"),
			types.Named("base", types.NewAny(
				types.S,
				types.NewSet(types.S),
				types.NewArray(nil, types.S),
			)).Description("base string(s)"),
		),
		types.Named("result", types.B).Description("result of the suffix check"),
	),
	Categories: stringsCat,
}
View Source 
var ArrayConcat = &Builtin{
	Name:        "array.concat",
	Description: "Concatenates two arrays.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.NewArray(nil, types.A)),
			types.Named("y", types.NewArray(nil, types.A)),
		),
		types.Named("z", types.NewArray(nil, types.A)).Description("the concatenation of `x` and `y`"),
	),
}
View Source 
var ArrayReverse = &Builtin{
	Name:        "array.reverse",
	Description: "Returns the reverse of a given array.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("arr", types.NewArray(nil, types.A)).Description("the array to be reversed"),
		),
		types.Named("rev", types.NewArray(nil, types.A)).Description("an array containing the elements of `arr` in reverse order"),
	),
}
View Source 
var ArraySlice = &Builtin{
	Name:        "array.slice",
	Description: "Returns a slice of a given array. If `start` is greater or equal than `stop`, `slice` is `[]`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("arr", types.NewArray(nil, types.A)).Description("the array to be sliced"),
			types.Named("start", types.NewNumber()).Description("the start index of the returned slice; if less than zero, it's clamped to 0"),
			types.Named("stop", types.NewNumber()).Description("the stop index of the returned slice; if larger than `count(arr)`, it's clamped to `count(arr)`"),
		),
		types.Named("slice", types.NewArray(nil, types.A)).Description("the subslice of `array`, from `start` to `end`, including `arr[start]`, but excluding `arr[end]`"),
	),

} // NOTE(sr): this function really needs examples
View Source 
var Assign = &Builtin{
	Name:  "assign",
	Infix: ":=",
	Decl: types.NewFunction(
		types.Args(types.A, types.A),
		types.B,
	),
}

Assign represents the assignment (":=") operator.

View Source 
var Base64Decode = &Builtin{
	Name:        "base64.decode",
	Description: "Deserializes the base64 encoded input string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("base64 deserialization of `x`"),
	),
	Categories: encoding,
}
View Source 
var Base64Encode = &Builtin{
	Name:        "base64.encode",
	Description: "Serializes the input string into base64 encoding.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("base64 serialization of `x`"),
	),
	Categories: encoding,
}
View Source 
var Base64IsValid = &Builtin{
	Name:        "base64.is_valid",
	Description: "Verifies the input string is base64 encoded.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("result", types.B).Description("`true` if `x` is valid base64 encoded value, `false` otherwise"),
	),
	Categories: encoding,
}
View Source 
var Base64UrlDecode = &Builtin{
	Name:        "base64url.decode",
	Description: "Deserializes the base64url encoded input string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("base64url deserialization of `x`"),
	),
	Categories: encoding,
}
View Source 
var Base64UrlEncode = &Builtin{
	Name:        "base64url.encode",
	Description: "Serializes the input string into base64url encoding.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("base64url serialization of `x`"),
	),
	Categories: encoding,
}
View Source 
var Base64UrlEncodeNoPad = &Builtin{
	Name:        "base64url.encode_no_pad",
	Description: "Serializes the input string into base64url encoding without padding.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("base64url serialization of `x`"),
	),
	Categories: encoding,
}
View Source 
var BitsAnd = &Builtin{
	Name:        "bits.and",
	Description: "Returns the bitwise \"AND\" of two integers.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
			types.Named("y", types.N),
		),
		types.Named("z", types.N),
	),
}
View Source 
var BitsNegate = &Builtin{
	Name:        "bits.negate",
	Description: "Returns the bitwise negation (flip) of an integer.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
		),
		types.Named("z", types.N),
	),
}
View Source 
var BitsOr = &Builtin{
	Name:        "bits.or",
	Description: "Returns the bitwise \"OR\" of two integers.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
			types.Named("y", types.N),
		),
		types.Named("z", types.N),
	),
}
View Source 
var BitsShiftLeft = &Builtin{
	Name:        "bits.lsh",
	Description: "Returns a new integer with its bits shifted `s` bits to the left.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
			types.Named("s", types.N),
		),
		types.Named("z", types.N),
	),
}
View Source 
var BitsShiftRight = &Builtin{
	Name:        "bits.rsh",
	Description: "Returns a new integer with its bits shifted `s` bits to the right.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
			types.Named("s", types.N),
		),
		types.Named("z", types.N),
	),
}
View Source 
var BitsXOr = &Builtin{
	Name:        "bits.xor",
	Description: "Returns the bitwise \"XOR\" (exclusive-or) of two integers.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
			types.Named("y", types.N),
		),
		types.Named("z", types.N),
	),
}
View Source 
var BuiltinMap map[string]*Builtin

BuiltinMap provides a convenient mapping of built-in names to built-in definitions.

View Source 
var Builtins []*Builtin

Builtins is the registry of built-in functions supported by OPA. Call RegisterBuiltin to add a new built-in.

View Source 
var CastArray = &Builtin{
	Name: "cast_array",
	Decl: types.NewFunction(
		types.Args(types.A),
		types.NewArray(nil, types.A),
	),
	deprecated: true,
}

CastArray checks the underlying type of the input. If it is array or set, an array containing the values is returned. If it is not an array, an error is thrown.

View Source 
var CastBoolean = &Builtin{
	Name: "cast_boolean",
	Decl: types.NewFunction(
		types.Args(types.A),
		types.B,
	),
	deprecated: true,
}

CastBoolean returns input if it is a boolean; if not returns error.

View Source 
var CastNull = &Builtin{
	Name: "cast_null",
	Decl: types.NewFunction(
		types.Args(types.A),
		types.NewNull(),
	),
	deprecated: true,
}

CastNull returns null if input is null; if not returns error.

View Source 
var CastObject = &Builtin{
	Name: "cast_object",
	Decl: types.NewFunction(
		types.Args(types.A),
		types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
	),
	deprecated: true,
}

CastObject returns the given object if it is null; throws an error otherwise

View Source 
var CastSet = &Builtin{
	Name: "cast_set",
	Decl: types.NewFunction(
		types.Args(types.A),
		types.NewSet(types.A),
	),
	deprecated: true,
}

CastSet checks the underlying type of the input. If it is a set, the set is returned. If it is an array, the array is returned in set form (all duplicates removed) If neither, an error is thrown

View Source 
var CastString = &Builtin{
	Name: "cast_string",
	Decl: types.NewFunction(
		types.Args(types.A),
		types.S,
	),
	deprecated: true,
}

CastString returns input if it is a string; if not returns error. For formatting variables, see sprintf

View Source 
var Ceil = &Builtin{
	Name:        "ceil",
	Description: "Rounds the number _up_ to the nearest integer.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N).Description("the number to round"),
		),
		types.Named("y", types.N).Description("the result of rounding `x` _up_"),
	),
	Categories: number,
}
View Source 
var Clock = &Builtin{
	Name:        "time.clock",
	Description: "Returns the `[hour, minute, second]` of the day for the nanoseconds since epoch.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.NewAny(
				types.N,
				types.NewArray([]types.Type{types.N, types.S}, nil),
			)).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string"),
		),
		types.Named("output", types.NewArray([]types.Type{types.N, types.N, types.N}, nil)).
			Description("the `hour`, `minute` (0-59), and `second` (0-59) representing the time of day for the nanoseconds since epoch in the supplied timezone (or UTC)"),
	),
}
View Source 
var Concat = &Builtin{
	Name:        "concat",
	Description: "Joins a set or array of strings with a delimiter.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("delimiter", types.S),
			types.Named("collection", types.NewAny(
				types.NewSet(types.S),
				types.NewArray(nil, types.S),
			)).Description("strings to join"),
		),
		types.Named("output", types.S),
	),
	Categories: stringsCat,
}
View Source 
var Contains = &Builtin{
	Name:        "contains",
	Description: "Returns `true` if the search string is included in the base string",
	Decl: types.NewFunction(
		types.Args(
			types.Named("haystack", types.S).Description("string to search in"),
			types.Named("needle", types.S).Description("substring to look for"),
		),
		types.Named("result", types.B).Description("result of the containment check"),
	),
	Categories: stringsCat,
}
View Source 
var Count = &Builtin{
	Name:        "count",
	Description: " Count takes a collection or string and returns the number of elements (or characters) in it.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("collection", types.NewAny(
				types.NewSet(types.A),
				types.NewArray(nil, types.A),
				types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
				types.S,
			)).Description("the set/array/object/string to be counted"),
		),
		types.Named("n", types.N).Description("the count of elements, key/val pairs, or characters, respectively."),
	),
	Categories: aggregates,
}
View Source 
var CryptoHmacEqual = &Builtin{
	Name:        "crypto.hmac.equal",
	Description: "Returns a boolean representing the result of comparing two MACs for equality without leaking timing information.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("mac1", types.S).Description("mac1 to compare"),
			types.Named("mac2", types.S).Description("mac2 to compare"),
		),
		types.Named("result", types.B).Description("`true` if the MACs are equals, `false` otherwise"),
	),
}
View Source 
var CryptoHmacMd5 = &Builtin{
	Name:        "crypto.hmac.md5",
	Description: "Returns a string representing the MD5 HMAC of the input message using the input key.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("input string"),
			types.Named("key", types.S).Description("key to use"),
		),
		types.Named("y", types.S).Description("MD5-HMAC of `x`"),
	),
}
View Source 
var CryptoHmacSha1 = &Builtin{
	Name:        "crypto.hmac.sha1",
	Description: "Returns a string representing the SHA1 HMAC of the input message using the input key.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("input string"),
			types.Named("key", types.S).Description("key to use"),
		),
		types.Named("y", types.S).Description("SHA1-HMAC of `x`"),
	),
}
View Source 
var CryptoHmacSha256 = &Builtin{
	Name:        "crypto.hmac.sha256",
	Description: "Returns a string representing the SHA256 HMAC of the input message using the input key.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("input string"),
			types.Named("key", types.S).Description("key to use"),
		),
		types.Named("y", types.S).Description("SHA256-HMAC of `x`"),
	),
}
View Source 
var CryptoHmacSha512 = &Builtin{
	Name:        "crypto.hmac.sha512",
	Description: "Returns a string representing the SHA512 HMAC of the input message using the input key.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("input string"),
			types.Named("key", types.S).Description("key to use"),
		),
		types.Named("y", types.S).Description("SHA512-HMAC of `x`"),
	),
}
View Source 
var CryptoMd5 = &Builtin{
	Name:        "crypto.md5",
	Description: "Returns a string representing the input string hashed with the MD5 function",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("MD5-hash of `x`"),
	),
}
View Source 
var CryptoParsePrivateKeys = &Builtin{
	Name: "crypto.parse_private_keys",
	Description: `Returns zero or more private keys from the given encoded string containing DER certificate data.

If the input is empty, the function will return null. The input string should be a list of one or more concatenated PEM blocks. The whole input of concatenated PEM blocks can optionally be Base64 encoded.`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("keys", types.S).Description("PEM encoded data containing one or more private keys as concatenated blocks. Optionally Base64 encoded."),
		),
		types.Named("output", types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A)))).Description("parsed private keys represented as objects"),
	),
}
View Source 
var CryptoSha1 = &Builtin{
	Name:        "crypto.sha1",
	Description: "Returns a string representing the input string hashed with the SHA1 function",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("SHA1-hash of `x`"),
	),
}
View Source 
var CryptoSha256 = &Builtin{
	Name:        "crypto.sha256",
	Description: "Returns a string representing the input string hashed with the SHA256 function",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("SHA256-hash of `x`"),
	),
}
View Source 
var CryptoX509ParseAndVerifyCertificates = &Builtin{
	Name: "crypto.x509.parse_and_verify_certificates",
	Description: `Returns one or more certificates from the given string containing PEM
or base64 encoded DER certificates after verifying the supplied certificates form a complete
certificate chain back to a trusted root.

The first certificate is treated as the root and the last is treated as the leaf,
with all others being treated as intermediates.`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("certs", types.S).Description("base64 encoded DER or PEM data containing two or more certificates where the first is a root CA, the last is a leaf certificate, and all others are intermediate CAs"),
		),
		types.Named("output", types.NewArray([]types.Type{
			types.B,
			types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
		}, nil)).Description("array of `[valid, certs]`: if the input certificate chain could be verified then `valid` is `true` and `certs` is an array of X.509 certificates represented as objects; if the input certificate chain could not be verified then `valid` is `false` and `certs` is `[]`"),
	),
}
View Source 
var CryptoX509ParseAndVerifyCertificatesWithOptions = &Builtin{
	Name: "crypto.x509.parse_and_verify_certificates_with_options",
	Description: `Returns one or more certificates from the given string containing PEM
or base64 encoded DER certificates after verifying the supplied certificates form a complete
certificate chain back to a trusted root. A config option passed as the second argument can
be used to configure the validation options used.

The first certificate is treated as the root and the last is treated as the leaf,
with all others being treated as intermediates.`,

	Decl: types.NewFunction(
		types.Args(
			types.Named("certs", types.S).Description("base64 encoded DER or PEM data containing two or more certificates where the first is a root CA, the last is a leaf certificate, and all others are intermediate CAs"),
			types.Named("options", types.NewObject(
				nil,
				types.NewDynamicProperty(types.S, types.A),
			)).Description("object containing extra configs to verify the validity of certificates. `options` object supports four fields which maps to same fields in [x509.VerifyOptions struct](https://pkg.go.dev/crypto/x509#VerifyOptions). `DNSName`, `CurrentTime`: Nanoseconds since the Unix Epoch as a number, `MaxConstraintComparisons` and `KeyUsages`. `KeyUsages` is list and can have possible values as in: `\"KeyUsageAny\"`, `\"KeyUsageServerAuth\"`, `\"KeyUsageClientAuth\"`, `\"KeyUsageCodeSigning\"`, `\"KeyUsageEmailProtection\"`, `\"KeyUsageIPSECEndSystem\"`, `\"KeyUsageIPSECTunnel\"`, `\"KeyUsageIPSECUser\"`, `\"KeyUsageTimeStamping\"`, `\"KeyUsageOCSPSigning\"`, `\"KeyUsageMicrosoftServerGatedCrypto\"`, `\"KeyUsageNetscapeServerGatedCrypto\"`, `\"KeyUsageMicrosoftCommercialCodeSigning\"`, `\"KeyUsageMicrosoftKernelCodeSigning\"` "),
		),
		types.Named("output", types.NewArray([]types.Type{
			types.B,
			types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
		}, nil)).Description("array of `[valid, certs]`: if the input certificate chain could be verified then `valid` is `true` and `certs` is an array of X.509 certificates represented as objects; if the input certificate chain could not be verified then `valid` is `false` and `certs` is `[]`"),
	),
}
View Source 
var CryptoX509ParseCertificateRequest = &Builtin{
	Name:        "crypto.x509.parse_certificate_request",
	Description: "Returns a PKCS #10 certificate signing request from the given PEM-encoded PKCS#10 certificate signing request.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("csr", types.S).Description("base64 string containing either a PEM encoded or DER CSR or a string containing a PEM CSR"),
		),
		types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("X.509 CSR represented as an object"),
	),
}
View Source 
var CryptoX509ParseCertificates = &Builtin{
	Name: "crypto.x509.parse_certificates",
	Description: `Returns zero or more certificates from the given encoded string containing
DER certificate data.

If the input is empty, the function will return null. The input string should be a list of one or more
concatenated PEM blocks. The whole input of concatenated PEM blocks can optionally be Base64 encoded.`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("certs", types.S).Description("base64 encoded DER or PEM data containing one or more certificates or a PEM string of one or more certificates"),
		),
		types.Named("output", types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A)))).Description("parsed X.509 certificates represented as objects"),
	),
}
View Source 
var CryptoX509ParseKeyPair = &Builtin{
	Name:        "crypto.x509.parse_keypair",
	Description: "Returns a valid key pair",
	Decl: types.NewFunction(
		types.Args(
			types.Named("cert", types.S).Description("string containing PEM or base64 encoded DER certificates"),
			types.Named("pem", types.S).Description("string containing PEM or base64 encoded DER keys"),
		),
		types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("if key pair is valid, returns the tls.certificate(https://pkg.go.dev/crypto/tls#Certificate) as an object. If the key pair is invalid, nil and an error are returned."),
	),
}
View Source 
var CryptoX509ParseRSAPrivateKey = &Builtin{
	Name:        "crypto.x509.parse_rsa_private_key",
	Description: "Returns a JWK for signing a JWT from the given PEM-encoded RSA private key.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("pem", types.S).Description("base64 string containing a PEM encoded RSA private key"),
		),
		types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JWK as an object"),
	),
}
View Source 
var Date = &Builtin{
	Name:        "time.date",
	Description: "Returns the `[year, month, day]` for the nanoseconds since epoch.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.NewAny(
				types.N,
				types.NewArray([]types.Type{types.N, types.S}, nil),
			)).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string"),
		),
		types.Named("date", types.NewArray([]types.Type{types.N, types.N, types.N}, nil)).Description("an array of `year`, `month` (1-12), and `day` (1-31)"),
	),
}
View Source 
var DefaultBuiltins = [...]*Builtin{}/* 197 elements not displayed */

DefaultBuiltins is the registry of built-in functions supported in OPA by default. When adding a new built-in function to OPA, update this list.

View Source 
var DefaultRootDocument = VarTerm("data")

DefaultRootDocument is the default root document.

All package directives inside source files are implicitly prefixed with the DefaultRootDocument value.

View Source 
var DefaultRootRef = Ref{DefaultRootDocument}

DefaultRootRef is a reference to the root of the default document.

All refs to data in the policy engine's storage layer are prefixed with this ref.

View Source 
var Diff = &Builtin{
	Name:        "time.diff",
	Description: "Returns the difference between two unix timestamps in nanoseconds (with optional timezone strings).",
	Decl: types.NewFunction(
		types.Args(
			types.Named("ns1", types.NewAny(
				types.N,
				types.NewArray([]types.Type{types.N, types.S}, nil),
			)),
			types.Named("ns2", types.NewAny(
				types.N,
				types.NewArray([]types.Type{types.N, types.S}, nil),
			)),
		),
		types.Named("output", types.NewArray([]types.Type{types.N, types.N, types.N, types.N, types.N, types.N}, nil)).Description("difference between `ns1` and `ns2` (in their supplied timezones, if supplied, or UTC) as array of numbers: `[years, months, days, hours, minutes, seconds]`"),
	),
}
View Source 
var Divide = &Builtin{
	Name:        "div",
	Infix:       "/",
	Description: "Divides the first number by the second number.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N).Description("the dividend"),
			types.Named("y", types.N).Description("the divisor"),
		),
		types.Named("z", types.N).Description("the result of `x` divided by `y`"),
	),
	Categories: number,
}
View Source 
var EndsWith = &Builtin{
	Name:        "endswith",
	Description: "Returns true if the search string ends with the base string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("search", types.S).Description("search string"),
			types.Named("base", types.S).Description("base string"),
		),
		types.Named("result", types.B).Description("result of the suffix check"),
	),
	Categories: stringsCat,
}
View Source 
var Equal = &Builtin{
	Name:       "equal",
	Infix:      "==",
	Categories: comparison,
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
			types.Named("y", types.A),
		),
		types.Named("result", types.B).Description("true if `x` is equal to `y`; false otherwise"),
	),
}

Equal represents the "==" comparison operator.

View Source 
var Equality = &Builtin{
	Name:  "eq",
	Infix: "=",
	Decl: types.NewFunction(
		types.Args(types.A, types.A),
		types.B,
	),
}

Equality represents the "=" operator.

View Source 
var Floor = &Builtin{
	Name:        "floor",
	Description: "Rounds the number _down_ to the nearest integer.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N).Description("the number to round"),
		),
		types.Named("y", types.N).Description("the result of rounding `x` _down_"),
	),
	Categories: number,
}
View Source 
var Format = &Builtin{
	Name:        "time.format",
	Description: "Returns the formatted timestamp for the nanoseconds since epoch.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.NewAny(
				types.N,
				types.NewArray([]types.Type{types.N, types.S}, nil),
				types.NewArray([]types.Type{types.N, types.S, types.S}, nil),
			)).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string; or a three-element array of ns, timezone string and a layout string or golang defined formatting constant (see golang supported time formats)"),
		),
		types.Named("formatted timestamp", types.S).Description("the formatted timestamp represented for the nanoseconds since the epoch in the supplied timezone (or UTC)"),
	),
}
View Source 
var FormatInt = &Builtin{
	Name:        "format_int",
	Description: "Returns the string representation of the number in the given base after rounding it down to an integer value.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("number", types.N).Description("number to format"),
			types.Named("base", types.N).Description("base of number representation to use"),
		),
		types.Named("output", types.S).Description("formatted number"),
	),
	Categories: stringsCat,
}
View Source 
var FunctionArgRootDocument = VarTerm("args")

FunctionArgRootDocument names the document containing function arguments. It's only for internal usage, for referencing function arguments between the index and topdown.

View Source 
var FutureRootDocument = VarTerm("future")

FutureRootDocument names the document containing new, to-become-default, features.

View Source 
var GlobMatch = &Builtin{
	Name:        "glob.match",
	Description: "Parses and matches strings against the glob notation. Not to be confused with `regex.globs_match`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("pattern", types.S),
			types.Named("delimiters", types.NewAny(
				types.NewArray(nil, types.S),
				types.NewNull(),
			)).Description("glob pattern delimiters, e.g. `[\".\", \":\"]`, defaults to `[\".\"]` if unset. If `delimiters` is `null`, glob match without delimiter."),
			types.Named("match", types.S),
		),
		types.Named("result", types.B).Description("true if `match` can be found in `pattern` which is separated by `delimiters`"),
	),
}
View Source 
var GlobQuoteMeta = &Builtin{
	Name:        "glob.quote_meta",
	Description: "Returns a string which represents a version of the pattern where all asterisks have been escaped.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("pattern", types.S),
		),
		types.Named("output", types.S).Description("the escaped string of `pattern`"),
	),
}
View Source 
var GlobsMatch = &Builtin{
	Name: "regex.globs_match",
	Description: `Checks if the intersection of two glob-style regular expressions matches a non-empty set of non-empty strings.
The set of regex symbols is limited for this builtin: only ` + "`.`, `*`, `+`, `[`, `-`, `]` and `\\` are treated as special symbols.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("glob1", types.S),
			types.Named("glob2", types.S),
		),
		types.Named("result", types.B),
	),
}

GlobsMatch takes two strings regexp-style strings and evaluates to true if their intersection matches a non-empty set of non-empty strings. Examples:

  • "a.a." and ".b.b" -> true.
  • "[a-z]*" and [0-9]+" -> not true.
View Source 
var GraphQLIsValid = &Builtin{
	Name:        "graphql.is_valid",
	Description: "Checks that a GraphQL query is valid against a given schema. The query and/or schema can be either GraphQL strings or AST objects from the other GraphQL builtin functions.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("query", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
			types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
		),
		types.Named("output", types.B).Description("`true` if the query is valid under the given schema. `false` otherwise."),
	),
}

GraphQLIsValid returns true if a GraphQL query is valid with a given schema, and returns false for all other inputs.

View Source 
var GraphQLParse = &Builtin{
	Name:        "graphql.parse",
	Description: "Returns AST objects for a given GraphQL query and schema after validating the query against the schema. Returns undefined if errors were encountered during parsing or validation. The query and/or schema can be either GraphQL strings or AST objects from the other GraphQL builtin functions.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("query", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
			types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
		),
		types.Named("output", types.NewArray([]types.Type{
			types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
			types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
		}, nil)).Description("`output` is of the form `[query_ast, schema_ast]`. If the GraphQL query is valid given the provided schema, then `query_ast` and `schema_ast` are objects describing the ASTs for the query and schema."),
	),
}

GraphQLParse returns a pair of AST objects from parsing/validation.

View Source 
var GraphQLParseAndVerify = &Builtin{
	Name:        "graphql.parse_and_verify",
	Description: "Returns a boolean indicating success or failure alongside the parsed ASTs for a given GraphQL query and schema after validating the query against the schema. The query and/or schema can be either GraphQL strings or AST objects from the other GraphQL builtin functions.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("query", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
			types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
		),
		types.Named("output", types.NewArray([]types.Type{
			types.B,
			types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
			types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
		}, nil)).Description(" `output` is of the form `[valid, query_ast, schema_ast]`. If the query is valid given the provided schema, then `valid` is `true`, and `query_ast` and `schema_ast` are objects describing the ASTs for the GraphQL query and schema. Otherwise, `valid` is `false` and `query_ast` and `schema_ast` are `{}`."),
	),
}

GraphQLParseAndVerify returns a boolean and a pair of AST object from parsing/validation.

View Source 
var GraphQLParseQuery = &Builtin{
	Name:        "graphql.parse_query",
	Description: "Returns an AST object for a GraphQL query.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("query", types.S),
		),
		types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("AST object for the GraphQL query."),
	),
}

GraphQLParseQuery parses the input GraphQL query and returns a JSON representation of its AST.

View Source 
var GraphQLParseSchema = &Builtin{
	Name:        "graphql.parse_schema",
	Description: "Returns an AST object for a GraphQL schema.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("schema", types.S),
		),
		types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("AST object for the GraphQL schema."),
	),
}

GraphQLParseSchema parses the input GraphQL schema and returns a JSON representation of its AST.

View Source 
var GraphQLSchemaIsValid = &Builtin{
	Name:        "graphql.schema_is_valid",
	Description: "Checks that the input is a valid GraphQL schema. The schema can be either a GraphQL string or an AST object from the other GraphQL builtin functions.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
		),
		types.Named("output", types.B).Description("`true` if the schema is a valid GraphQL schema. `false` otherwise."),
	),
}

GraphQLSchemaIsValid returns true if the input is valid GraphQL schema, and returns false for all other inputs.

View Source 
var GreaterThan = &Builtin{
	Name:       "gt",
	Infix:      ">",
	Categories: comparison,
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
			types.Named("y", types.A),
		),
		types.Named("result", types.B).Description("true if `x` is greater than `y`; false otherwise"),
	),
}
View Source 
var GreaterThanEq = &Builtin{
	Name:       "gte",
	Infix:      ">=",
	Categories: comparison,
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
			types.Named("y", types.A),
		),
		types.Named("result", types.B).Description("true if `x` is greater or equal to `y`; false otherwise"),
	),
}
View Source 
var HTTPSend = &Builtin{
	Name:        "http.send",
	Description: "Returns a HTTP response to the given HTTP request.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("request", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
		),
		types.Named("response", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))),
	),
	Nondeterministic: true,
}

Marked non-deterministic because HTTP request results can be non-deterministic.

View Source 
var HexDecode = &Builtin{
	Name:        "hex.decode",
	Description: "Deserializes the hex-encoded input string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("a hex-encoded string"),
		),
		types.Named("y", types.S).Description("deseralized from `x`"),
	),
	Categories: encoding,
}
View Source 
var HexEncode = &Builtin{
	Name:        "hex.encode",
	Description: "Serializes the input string using hex-encoding.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("serialization of `x` using hex-encoding"),
	),
	Categories: encoding,
}
View Source 
var IgnoreDuringPartialEval = []*Builtin{
	RandIntn,
	UUIDRFC4122,
	JWTDecodeVerify,
	JWTEncodeSignRaw,
	JWTEncodeSign,
	NowNanos,
	HTTPSend,
	OPARuntime,
	NetLookupIPAddr,
}

Deprecated: Builtins can now be directly annotated with the Nondeterministic property, and when set to true, will be ignored for partial evaluation.

View Source 
var IndexOf = &Builtin{
	Name:        "indexof",
	Description: "Returns the index of a substring contained inside a string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("haystack", types.S).Description("string to search in"),
			types.Named("needle", types.S).Description("substring to look for"),
		),
		types.Named("output", types.N).Description("index of first occurrence, `-1` if not found"),
	),
	Categories: stringsCat,
}
View Source 
var IndexOfN = &Builtin{
	Name:        "indexof_n",
	Description: "Returns a list of all the indexes of a substring contained inside a string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("haystack", types.S).Description("string to search in"),
			types.Named("needle", types.S).Description("substring to look for"),
		),
		types.Named("output", types.NewArray(nil, types.N)).Description("all indices at which `needle` occurs in `haystack`, may be empty"),
	),
	Categories: stringsCat,
}
View Source 
var InputRootDocument = VarTerm("input")

InputRootDocument names the document containing query arguments.

View Source 
var InputRootRef = Ref{InputRootDocument}

InputRootRef is a reference to the root of the input document.

All refs to query arguments are prefixed with this ref.

View Source 
var InternalPrint = &Builtin{
	Name: "internal.print",
	Decl: types.NewFunction([]types.Type{types.NewArray(nil, types.NewSet(types.A))}, nil),
}

InternalPrint represents the internal implementation of the print() function. The compiler rewrites print() calls to refer to the internal implementation.

View Source 
var Intersection = &Builtin{
	Name:        "intersection",
	Description: "Returns the intersection of the given input sets.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("xs", types.NewSet(types.NewSet(types.A))).Description("set of sets to intersect"),
		),
		types.Named("y", types.NewSet(types.A)).Description("the intersection of all `xs` sets"),
	),
	Categories: sets,
}
View Source 
var IsArray = &Builtin{
	Name:        "is_array",
	Description: "Returns `true` if the input value is an array.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
		),
		types.Named("result", types.B).Description("`true` if `x` is an array, `false` otherwise."),
	),
	Categories: typesCat,
}
View Source 
var IsBoolean = &Builtin{
	Name:        "is_boolean",
	Description: "Returns `true` if the input value is a boolean.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
		),
		types.Named("result", types.B).Description("`true` if `x` is an boolean, `false` otherwise."),
	),
	Categories: typesCat,
}
View Source 
var IsNull = &Builtin{
	Name:        "is_null",
	Description: "Returns `true` if the input value is null.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
		),
		types.Named("result", types.B).Description("`true` if `x` is null, `false` otherwise."),
	),
	Categories: typesCat,
}
View Source 
var IsNumber = &Builtin{
	Name:        "is_number",
	Description: "Returns `true` if the input value is a number.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
		),
		types.Named("result", types.B).Description("`true` if `x` is a number, `false` otherwise."),
	),
	Categories: typesCat,
}
View Source 
var IsObject = &Builtin{
	Name:        "is_object",
	Description: "Returns true if the input value is an object",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
		),
		types.Named("result", types.B).Description("`true` if `x` is an object, `false` otherwise."),
	),
	Categories: typesCat,
}
View Source 
var IsSet = &Builtin{
	Name:        "is_set",
	Description: "Returns `true` if the input value is a set.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
		),
		types.Named("result", types.B).Description("`true` if `x` is a set, `false` otherwise."),
	),
	Categories: typesCat,
}
View Source 
var IsString = &Builtin{
	Name:        "is_string",
	Description: "Returns `true` if the input value is a string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
		),
		types.Named("result", types.B).Description("`true` if `x` is a string, `false` otherwise."),
	),
	Categories: typesCat,
}
View Source 
var JSONFilter = &Builtin{
	Name: "json.filter",
	Description: "Filters the object. " +
		"For example: `json.filter({\"a\": {\"b\": \"x\", \"c\": \"y\"}}, [\"a/b\"])` will result in `{\"a\": {\"b\": \"x\"}}`). " +
		"Paths are not filtered in-order and are deduplicated before being evaluated.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("object", types.NewObject(
				nil,
				types.NewDynamicProperty(types.A, types.A),
			)),
			types.Named("paths", types.NewAny(
				types.NewArray(
					nil,
					types.NewAny(
						types.S,
						types.NewArray(
							nil,
							types.A,
						),
					),
				),
				types.NewSet(
					types.NewAny(
						types.S,
						types.NewArray(
							nil,
							types.A,
						),
					),
				),
			)).Description("JSON string paths"),
		),
		types.Named("filtered", types.A).Description("remaining data from `object` with only keys specified in `paths`"),
	),
	Categories: objectCat,
}
View Source 
var JSONIsValid = &Builtin{
	Name:        "json.is_valid",
	Description: "Verifies the input string is a valid JSON document.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("a JSON string"),
		),
		types.Named("result", types.B).Description("`true` if `x` is valid JSON, `false` otherwise"),
	),
	Categories: encoding,
}
View Source 
var JSONMarshal = &Builtin{
	Name:        "json.marshal",
	Description: "Serializes the input term to JSON.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A).Description("the term to serialize"),
		),
		types.Named("y", types.S).Description("the JSON string representation of `x`"),
	),
	Categories: encoding,
}
View Source 
var JSONMatchSchema = &Builtin{
	Name:        "json.match_schema",
	Description: "Checks that the document matches the JSON schema.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("document", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
				Description("document to verify by schema"),
			types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
				Description("schema to verify document by"),
		),
		types.Named("output", types.NewArray([]types.Type{
			types.B,
			types.NewArray(
				nil, types.NewObject(
					[]*types.StaticProperty{
						{Key: "error", Value: types.S},
						{Key: "type", Value: types.S},
						{Key: "field", Value: types.S},
						{Key: "desc", Value: types.S},
					},
					nil,
				),
			),
		}, nil)).
			Description("`output` is of the form `[match, errors]`. If the document is valid given the schema, then `match` is `true`, and `errors` is an empty array. Otherwise, `match` is `false` and `errors` is an array of objects describing the error(s)."),
	),
	Categories: objectCat,
}

JSONMatchSchema returns empty array if the document matches the JSON schema, and returns non-empty array with error objects otherwise.

View Source 
var JSONPatch = &Builtin{
	Name: "json.patch",
	Description: "Patches an object according to RFC6902. " +
		"For example: `json.patch({\"a\": {\"foo\": 1}}, [{\"op\": \"add\", \"path\": \"/a/bar\", \"value\": 2}])` results in `{\"a\": {\"foo\": 1, \"bar\": 2}`. " +
		"The patches are applied atomically: if any of them fails, the result will be undefined. " +
		"Additionally works on sets, where a value contained in the set is considered to be its path.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("object", types.A),
			types.Named("patches", types.NewArray(
				nil,
				types.NewObject(
					[]*types.StaticProperty{
						{Key: "op", Value: types.S},
						{Key: "path", Value: types.A},
					},
					types.NewDynamicProperty(types.A, types.A),
				),
			)),
		),
		types.Named("output", types.A).Description("result obtained after consecutively applying all patch operations in `patches`"),
	),
	Categories: objectCat,
}
View Source 
var JSONRemove = &Builtin{
	Name: "json.remove",
	Description: "Removes paths from an object. " +
		"For example: `json.remove({\"a\": {\"b\": \"x\", \"c\": \"y\"}}, [\"a/b\"])` will result in `{\"a\": {\"c\": \"y\"}}`. " +
		"Paths are not removed in-order and are deduplicated before being evaluated.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("object", types.NewObject(
				nil,
				types.NewDynamicProperty(types.A, types.A),
			)),
			types.Named("paths", types.NewAny(
				types.NewArray(
					nil,
					types.NewAny(
						types.S,
						types.NewArray(
							nil,
							types.A,
						),
					),
				),
				types.NewSet(
					types.NewAny(
						types.S,
						types.NewArray(
							nil,
							types.A,
						),
					),
				),
			)).Description("JSON string paths"),
		),
		types.Named("output", types.A).Description("result of removing all keys specified in `paths`"),
	),
	Categories: objectCat,
}
View Source 
var JSONSchemaVerify = &Builtin{
	Name:        "json.verify_schema",
	Description: "Checks that the input is a valid JSON schema object. The schema can be either a JSON string or an JSON object.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
				Description("the schema to verify"),
		),
		types.Named("output", types.NewArray([]types.Type{
			types.B,
			types.NewAny(types.S, types.Null{}),
		}, nil)).
			Description("`output` is of the form `[valid, error]`. If the schema is valid, then `valid` is `true`, and `error` is `null`. Otherwise, `valid` is `false` and `error` is a string describing the error."),
	),
	Categories: objectCat,
}

JSONSchemaVerify returns empty string if the input is valid JSON schema and returns error string for all other inputs.

View Source 
var JSONUnmarshal = &Builtin{
	Name:        "json.unmarshal",
	Description: "Deserializes the input string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("a JSON string"),
		),
		types.Named("y", types.A).Description("the term deseralized from `x`"),
	),
	Categories: encoding,
}
View Source 
var JWTDecode = &Builtin{
	Name:        "io.jwt.decode",
	Description: "Decodes a JSON Web Token and outputs it as an object.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token to decode"),
		),
		types.Named("output", types.NewArray([]types.Type{
			types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
			types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
			types.S,
		}, nil)).Description("`[header, payload, sig]`, where `header` and `payload` are objects; `sig` is the hexadecimal representation of the signature on the token."),
	),
	Categories: tokensCat,
}
View Source 
var JWTDecodeVerify = &Builtin{
	Name: "io.jwt.decode_verify",
	Description: `Verifies a JWT signature under parameterized constraints and decodes the claims if it is valid.
Supports the following algorithms: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384 and PS512.`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified and whose claims are to be checked"),
			types.Named("constraints", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("claim verification constraints"),
		),
		types.Named("output", types.NewArray([]types.Type{
			types.B,
			types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
			types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
		}, nil)).Description("`[valid, header, payload]`:  if the input token is verified and meets the requirements of `constraints` then `valid` is `true`; `header` and `payload` are objects containing the JOSE header and the JWT claim set; otherwise, `valid` is `false`, `header` and `payload` are `{}`"),
	),
	Categories:       tokensCat,
	Nondeterministic: true,
}

Marked non-deterministic because it relies on time internally.

View Source 
var JWTEncodeSign = &Builtin{
	Name:        "io.jwt.encode_sign",
	Description: "Encodes and optionally signs a JSON Web Token. Inputs are taken as objects, not encoded strings (see `io.jwt.encode_sign_raw`).",
	Decl: types.NewFunction(
		types.Args(
			types.Named("headers", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JWS Protected Header"),
			types.Named("payload", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JWS Payload"),
			types.Named("key", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JSON Web Key (RFC7517)"),
		),
		types.Named("output", types.S).Description("signed JWT"),
	),
	Categories:       tokenSign,
	Nondeterministic: true,
}

Marked non-deterministic because it relies on RNG internally.

View Source 
var JWTEncodeSignRaw = &Builtin{
	Name:        "io.jwt.encode_sign_raw",
	Description: "Encodes and optionally signs a JSON Web Token.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("headers", types.S).Description("JWS Protected Header"),
			types.Named("payload", types.S).Description("JWS Payload"),
			types.Named("key", types.S).Description("JSON Web Key (RFC7517)"),
		),
		types.Named("output", types.S).Description("signed JWT"),
	),
	Categories:       tokenSign,
	Nondeterministic: true,
}

Marked non-deterministic because it relies on RNG internally.

View Source 
var JWTVerifyES256 = &Builtin{
	Name:        "io.jwt.verify_es256",
	Description: "Verifies if a ES256 JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyES384 = &Builtin{
	Name:        "io.jwt.verify_es384",
	Description: "Verifies if a ES384 JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyES512 = &Builtin{
	Name:        "io.jwt.verify_es512",
	Description: "Verifies if a ES512 JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyHS256 = &Builtin{
	Name:        "io.jwt.verify_hs256",
	Description: "Verifies if a HS256 (secret) JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("secret", types.S).Description("plain text secret used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyHS384 = &Builtin{
	Name:        "io.jwt.verify_hs384",
	Description: "Verifies if a HS384 (secret) JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("secret", types.S).Description("plain text secret used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyHS512 = &Builtin{
	Name:        "io.jwt.verify_hs512",
	Description: "Verifies if a HS512 (secret) JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("secret", types.S).Description("plain text secret used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyPS256 = &Builtin{
	Name:        "io.jwt.verify_ps256",
	Description: "Verifies if a PS256 JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyPS384 = &Builtin{
	Name:        "io.jwt.verify_ps384",
	Description: "Verifies if a PS384 JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyPS512 = &Builtin{
	Name:        "io.jwt.verify_ps512",
	Description: "Verifies if a PS512 JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyRS256 = &Builtin{
	Name:        "io.jwt.verify_rs256",
	Description: "Verifies if a RS256 JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyRS384 = &Builtin{
	Name:        "io.jwt.verify_rs384",
	Description: "Verifies if a RS384 JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var JWTVerifyRS512 = &Builtin{
	Name:        "io.jwt.verify_rs512",
	Description: "Verifies if a RS512 JWT signature is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
			types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
		),
		types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
	),
	Categories: tokensCat,
}
View Source 
var Keywords = [...]string{
	"not",
	"package",
	"import",
	"as",
	"default",
	"else",
	"with",
	"null",
	"true",
	"false",
	"some",
}

Keywords contains strings that map to language keywords.

View Source 
var LessThan = &Builtin{
	Name:       "lt",
	Infix:      "<",
	Categories: comparison,
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
			types.Named("y", types.A),
		),
		types.Named("result", types.B).Description("true if `x` is less than `y`; false otherwise"),
	),
}

LessThan represents the "<" comparison operator.

View Source 
var LessThanEq = &Builtin{
	Name:       "lte",
	Infix:      "<=",
	Categories: comparison,
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
			types.Named("y", types.A),
		),
		types.Named("result", types.B).Description("true if `x` is less than or equal to `y`; false otherwise"),
	),
}
View Source 
var Lower = &Builtin{
	Name:        "lower",
	Description: "Returns the input string but with all characters in lower-case.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("string that is converted to lower-case"),
		),
		types.Named("y", types.S).Description("lower-case of x"),
	),
	Categories: stringsCat,
}
View Source 
var Max = &Builtin{
	Name:        "max",
	Description: "Returns the maximum value in a collection.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("collection", types.NewAny(
				types.NewSet(types.A),
				types.NewArray(nil, types.A),
			)),
		),
		types.Named("n", types.A).Description("the maximum of all elements"),
	),
	Categories: aggregates,
}
View Source 
var Member = &Builtin{
	Name:  "internal.member_2",
	Infix: "in",
	Decl: types.NewFunction(
		types.Args(
			types.A,
			types.A,
		),
		types.B,
	),
}

Member represents the `in` (infix) operator.

View Source 
var MemberWithKey = &Builtin{
	Name:  "internal.member_3",
	Infix: "in",
	Decl: types.NewFunction(
		types.Args(
			types.A,
			types.A,
			types.A,
		),
		types.B,
	),
}

MemberWithKey represents the `in` (infix) operator when used with two terms on the lhs, i.e., `k, v in obj`.

View Source 
var Min = &Builtin{
	Name:        "min",
	Description: "Returns the minimum value in a collection.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("collection", types.NewAny(
				types.NewSet(types.A),
				types.NewArray(nil, types.A),
			)),
		),
		types.Named("n", types.A).Description("the minimum of all elements"),
	),
	Categories: aggregates,
}
View Source 
var Minus = &Builtin{
	Name:        "minus",
	Infix:       "-",
	Description: "Minus subtracts the second number from the first number or computes the difference between two sets.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.NewAny(types.N, types.NewSet(types.A))),
			types.Named("y", types.NewAny(types.N, types.NewSet(types.A))),
		),
		types.Named("z", types.NewAny(types.N, types.NewSet(types.A))).Description("the difference of `x` and `y`"),
	),
	Categories: category("sets", "numbers"),
}
View Source 
var Multiply = &Builtin{
	Name:        "mul",
	Infix:       "*",
	Description: "Multiplies two numbers.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
			types.Named("y", types.N),
		),
		types.Named("z", types.N).Description("the product of `x` and `y`"),
	),
	Categories: number,
}
View Source 
var NetCIDRContains = &Builtin{
	Name:        "net.cidr_contains",
	Description: "Checks if a CIDR or IP is contained within another CIDR. `output` is `true` if `cidr_or_ip` (e.g. `127.0.0.64/26` or `127.0.0.1`) is contained within `cidr` (e.g. `127.0.0.1/24`) and `false` otherwise. Supports both IPv4 and IPv6 notations.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("cidr", types.S),
			types.Named("cidr_or_ip", types.S),
		),
		types.Named("result", types.B),
	),
}
View Source 
var NetCIDRContainsMatches = &Builtin{
	Name: "net.cidr_contains_matches",
	Description: "Checks if collections of cidrs or ips are contained within another collection of cidrs and returns matches. " +
		"This function is similar to `net.cidr_contains` except it allows callers to pass collections of CIDRs or IPs as arguments and returns the matches (as opposed to a boolean result indicating a match between two CIDRs/IPs).",
	Decl: types.NewFunction(
		types.Args(
			types.Named("cidrs", netCidrContainsMatchesOperandType),
			types.Named("cidrs_or_ips", netCidrContainsMatchesOperandType),
		),
		types.Named("output", types.NewSet(types.NewArray([]types.Type{types.A, types.A}, nil))).Description("tuples identifying matches where `cidrs_or_ips` are contained within `cidrs`"),
	),
}
View Source 
var NetCIDRExpand = &Builtin{
	Name:        "net.cidr_expand",
	Description: "Expands CIDR to set of hosts  (e.g., `net.cidr_expand(\"192.168.0.0/30\")` generates 4 hosts: `{\"192.168.0.0\", \"192.168.0.1\", \"192.168.0.2\", \"192.168.0.3\"}`).",
	Decl: types.NewFunction(
		types.Args(
			types.Named("cidr", types.S),
		),
		types.Named("hosts", types.NewSet(types.S)).Description("set of IP addresses the CIDR `cidr` expands to"),
	),
}
View Source 
var NetCIDRIntersects = &Builtin{
	Name:        "net.cidr_intersects",
	Description: "Checks if a CIDR intersects with another CIDR (e.g. `192.168.0.0/16` overlaps with `192.168.1.0/24`). Supports both IPv4 and IPv6 notations.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("cidr1", types.S),
			types.Named("cidr2", types.S),
		),
		types.Named("result", types.B),
	),
}
View Source 
var NetCIDRIsValid = &Builtin{
	Name:        "net.cidr_is_valid",
	Description: "Parses an IPv4/IPv6 CIDR and returns a boolean indicating if the provided CIDR is valid.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("cidr", types.S),
		),
		types.Named("result", types.B),
	),
}
View Source 
var NetCIDRMerge = &Builtin{
	Name: "net.cidr_merge",
	Description: "Merges IP addresses and subnets into the smallest possible list of CIDRs (e.g., `net.cidr_merge([\"192.0.128.0/24\", \"192.0.129.0/24\"])` generates `{\"192.0.128.0/23\"}`." +
		`This function merges adjacent subnets where possible, those contained within others and also removes any duplicates.
Supports both IPv4 and IPv6 notations. IPv6 inputs need a prefix length (e.g. "/128").`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("addrs", types.NewAny(
				types.NewArray(nil, types.NewAny(types.S)),
				types.NewSet(types.S),
			)).Description("CIDRs or IP addresses"),
		),
		types.Named("output", types.NewSet(types.S)).Description("smallest possible set of CIDRs obtained after merging the provided list of IP addresses and subnets in `addrs`"),
	),
}
View Source 
var NetCIDROverlap = &Builtin{
	Name: "net.cidr_overlap",
	Decl: types.NewFunction(
		types.Args(
			types.S,
			types.S,
		),
		types.B,
	),
	deprecated: true,
}

NetCIDROverlap has been replaced by the `net.cidr_contains` built-in.

View Source 
var NetLookupIPAddr = &Builtin{
	Name:        "net.lookup_ip_addr",
	Description: "Returns the set of IP addresses (both v4 and v6) that the passed-in `name` resolves to using the standard name resolution mechanisms available.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("name", types.S).Description("domain name to resolve"),
		),
		types.Named("addrs", types.NewSet(types.S)).Description("IP addresses (v4 and v6) that `name` resolves to"),
	),
	Nondeterministic: true,
}

Marked non-deterministic because DNS resolution results can be non-deterministic.

View Source 
var NotEqual = &Builtin{
	Name:       "neq",
	Infix:      "!=",
	Categories: comparison,
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
			types.Named("y", types.A),
		),
		types.Named("result", types.B).Description("true if `x` is not equal to `y`; false otherwise"),
	),
}
View Source 
var NowNanos = &Builtin{
	Name:        "time.now_ns",
	Description: "Returns the current time since epoch in nanoseconds.",
	Decl: types.NewFunction(
		nil,
		types.Named("now", types.N).Description("nanoseconds since epoch"),
	),
	Nondeterministic: true,
}

Marked non-deterministic because it relies on time directly.

View Source 
var NumbersRange = &Builtin{
	Name:        "numbers.range",
	Description: "Returns an array of numbers in the given (inclusive) range. If `a==b`, then `range == [a]`; if `a > b`, then `range` is in descending order.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("a", types.N),
			types.Named("b", types.N),
		),
		types.Named("range", types.NewArray(nil, types.N)).Description("the range between `a` and `b`"),
	),
}
View Source 
var NumbersRangeStep = &Builtin{
	Name: "numbers.range_step",
	Description: `Returns an array of numbers in the given (inclusive) range incremented by a positive step.
	If "a==b", then "range == [a]"; if "a > b", then "range" is in descending order.
	If the provided "step" is less then 1, an error will be thrown.
	If "b" is not in the range of the provided "step", "b" won't be included in the result.
	`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("a", types.N),
			types.Named("b", types.N),
			types.Named("step", types.N),
		),
		types.Named("range", types.NewArray(nil, types.N)).Description("the range between `a` and `b` in `step` increments"),
	),
}
View Source 
var OPARuntime = &Builtin{
	Name:        "opa.runtime",
	Description: "Returns an object that describes the runtime environment where OPA is deployed.",
	Decl: types.NewFunction(
		nil,
		types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).
			Description("includes a `config` key if OPA was started with a configuration file; an `env` key containing the environment variables that the OPA process was started with; includes `version` and `commit` keys containing the version and build commit of OPA."),
	),
	Nondeterministic: true,
}

Marked non-deterministic because of unpredictable config/environment-dependent results.

View Source 
var ObjectFilter = &Builtin{
	Name: "object.filter",
	Description: "Filters the object by keeping only specified keys. " +
		"For example: `object.filter({\"a\": {\"b\": \"x\", \"c\": \"y\"}, \"d\": \"z\"}, [\"a\"])` will result in `{\"a\": {\"b\": \"x\", \"c\": \"y\"}}`).",
	Decl: types.NewFunction(
		types.Args(
			types.Named("object", types.NewObject(
				nil,
				types.NewDynamicProperty(types.A, types.A),
			)).Description("object to filter keys"),
			types.Named("keys", types.NewAny(
				types.NewArray(nil, types.A),
				types.NewSet(types.A),
				types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
			)),
		),
		types.Named("filtered", types.A).Description("remaining data from `object` with only keys specified in `keys`"),
	),
}
View Source 
var ObjectGet = &Builtin{
	Name: "object.get",
	Description: "Returns value of an object's key if present, otherwise a default. " +
		"If the supplied `key` is an `array`, then `object.get` will search through a nested object or array using each key in turn. " +
		"For example: `object.get({\"a\": [{ \"b\": true }]}, [\"a\", 0, \"b\"], false)` results in `true`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("object", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("object to get `key` from"),
			types.Named("key", types.A).Description("key to lookup in `object`"),
			types.Named("default", types.A).Description("default to use when lookup fails"),
		),
		types.Named("value", types.A).Description("`object[key]` if present, otherwise `default`"),
	),
}
View Source 
var ObjectKeys = &Builtin{
	Name: "object.keys",
	Description: "Returns a set of an object's keys. " +
		"For example: `object.keys({\"a\": 1, \"b\": true, \"c\": \"d\")` results in `{\"a\", \"b\", \"c\"}`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("object", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("object to get keys from"),
		),
		types.Named("value", types.NewSet(types.A)).Description("set of `object`'s keys"),
	),
}
View Source 
var ObjectRemove = &Builtin{
	Name:        "object.remove",
	Description: "Removes specified keys from an object.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("object", types.NewObject(
				nil,
				types.NewDynamicProperty(types.A, types.A),
			)).Description("object to remove keys from"),
			types.Named("keys", types.NewAny(
				types.NewArray(nil, types.A),
				types.NewSet(types.A),
				types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
			)).Description("keys to remove from x"),
		),
		types.Named("output", types.A).Description("result of removing the specified `keys` from `object`"),
	),
}
View Source 
var ObjectSubset = &Builtin{
	Name: "object.subset",
	Description: "Determines if an object `sub` is a subset of another object `super`." +
		"Object `sub` is a subset of object `super` if and only if every key in `sub` is also in `super`, " +
		"**and** for all keys which `sub` and `super` share, they have the same value. " +
		"This function works with objects, sets, arrays and a set of array and set." +
		"If both arguments are objects, then the operation is recursive, e.g. " +
		"`{\"c\": {\"x\": {10, 15, 20}}` is a subset of `{\"a\": \"b\", \"c\": {\"x\": {10, 15, 20, 25}, \"y\": \"z\"}`. " +
		"If both arguments are sets, then this function checks if every element of `sub` is a member of `super`, " +
		"but does not attempt to recurse. If both arguments are arrays, " +
		"then this function checks if `sub` appears contiguously in order within `super`, " +
		"and also does not attempt to recurse. If `super` is array and `sub` is set, " +
		"then this function checks if `super` contains every element of `sub` with no consideration of ordering, " +
		"and also does not attempt to recurse.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("super", types.NewAny(types.NewObject(
				nil,
				types.NewDynamicProperty(types.A, types.A),
			),
				types.NewSet(types.A),
				types.NewArray(nil, types.A),
			)).Description("object to test if sub is a subset of"),
			types.Named("sub", types.NewAny(types.NewObject(
				nil,
				types.NewDynamicProperty(types.A, types.A),
			),
				types.NewSet(types.A),
				types.NewArray(nil, types.A),
			)).Description("object to test if super is a superset of"),
		),
		types.Named("result", types.A).Description("`true` if `sub` is a subset of `super`"),
	),
}
View Source 
var ObjectUnion = &Builtin{
	Name: "object.union",
	Description: "Creates a new object of the asymmetric union of two objects. " +
		"For example: `object.union({\"a\": 1, \"b\": 2, \"c\": {\"d\": 3}}, {\"a\": 7, \"c\": {\"d\": 4, \"e\": 5}})` will result in `{\"a\": 7, \"b\": 2, \"c\": {\"d\": 4, \"e\": 5}}`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("a", types.NewObject(
				nil,
				types.NewDynamicProperty(types.A, types.A),
			)),
			types.Named("b", types.NewObject(
				nil,
				types.NewDynamicProperty(types.A, types.A),
			)),
		),
		types.Named("output", types.A).Description("a new object which is the result of an asymmetric recursive union of two objects where conflicts are resolved by choosing the key from the right-hand object `b`"),
	),
}
View Source 
var ObjectUnionN = &Builtin{
	Name: "object.union_n",
	Description: "Creates a new object that is the asymmetric union of all objects merged from left to right. " +
		"For example: `object.union_n([{\"a\": 1}, {\"b\": 2}, {\"a\": 3}])` will result in `{\"b\": 2, \"a\": 3}`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("objects", types.NewArray(
				nil,
				types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
			)),
		),
		types.Named("output", types.A).Description("asymmetric recursive union of all objects in `objects`, merged from left to right, where conflicts are resolved by choosing the key from the right-hand object"),
	),
}
View Source 
var Or = &Builtin{
	Name:        "or",
	Infix:       "|",
	Description: "Returns the union of two sets.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.NewSet(types.A)),
			types.Named("y", types.NewSet(types.A)),
		),
		types.Named("z", types.NewSet(types.A)).Description("the union of `x` and `y`"),
	),
	Categories: sets,
}

Or performs a union operation on sets.

View Source 
var ParseDurationNanos = &Builtin{
	Name:        "time.parse_duration_ns",
	Description: "Returns the duration in nanoseconds represented by a string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("duration", types.S).Description("a duration like \"3m\"; see the [Go `time` package documentation](https://golang.org/pkg/time/#ParseDuration) for more details"),
		),
		types.Named("ns", types.N).Description("the `duration` in nanoseconds"),
	),
}
View Source 
var ParseNanos = &Builtin{
	Name:        "time.parse_ns",
	Description: "Returns the time in nanoseconds parsed from the string in the given format. `undefined` if the result would be outside the valid time range that can fit within an `int64`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("layout", types.S).Description("format used for parsing, see the [Go `time` package documentation](https://golang.org/pkg/time/#Parse) for more details"),
			types.Named("value", types.S).Description("input to parse according to `layout`"),
		),
		types.Named("ns", types.N).Description("`value` in nanoseconds since epoch"),
	),
}
View Source 
var ParseRFC3339Nanos = &Builtin{
	Name:        "time.parse_rfc3339_ns",
	Description: "Returns the time in nanoseconds parsed from the string in RFC3339 format. `undefined` if the result would be outside the valid time range that can fit within an `int64`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("value", types.S),
		),
		types.Named("ns", types.N).Description("`value` in nanoseconds since epoch"),
	),
}
View Source 
var Plus = &Builtin{
	Name:        "plus",
	Infix:       "+",
	Description: "Plus adds two numbers together.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
			types.Named("y", types.N),
		),
		types.Named("z", types.N).Description("the sum of `x` and `y`"),
	),
	Categories: number,
}
View Source 
var Print = &Builtin{
	Name: "print",
	Decl: types.NewVariadicFunction(nil, types.A, nil),
}

Print is a special built-in function that writes zero or more operands to a message buffer. The caller controls how the buffer is displayed. The operands may be of any type. Furthermore, unlike other built-in functions, undefined operands DO NOT cause the print() function to fail during evaluation.

View Source 
var Product = &Builtin{
	Name:        "product",
	Description: "Muliplies elements of an array or set of numbers",
	Decl: types.NewFunction(
		types.Args(
			types.Named("collection", types.NewAny(
				types.NewSet(types.N),
				types.NewArray(nil, types.N),
			)),
		),
		types.Named("n", types.N).Description("the product of all elements"),
	),
	Categories: aggregates,
}
View Source 
var ProvidersAWSSignReqObj = &Builtin{
	Name:        "providers.aws.sign_req",
	Description: "Signs an HTTP request object for Amazon Web Services. Currently implements [AWS Signature Version 4 request signing](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) by the `Authorization` header method.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("request", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
			types.Named("aws_config", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
			types.Named("time_ns", types.N),
		),
		types.Named("signed_request", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))),
	),
	Categories: providersAWSCat,
}
View Source 
var RandIntn = &Builtin{
	Name:        "rand.intn",
	Description: "Returns a random integer between `0` and `n` (`n` exlusive). If `n` is `0`, then `y` is always `0`. For any given argument pair (`str`, `n`), the output will be consistent throughout a query evaluation.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("str", types.S),
			types.Named("n", types.N),
		),
		types.Named("y", types.N).Description("random integer in the range `[0, abs(n))`"),
	),
	Categories:       number,
	Nondeterministic: true,
}

RandIntn returns a random number 0 - n Marked non-deterministic because it relies on RNG internally.

View Source 
var ReachableBuiltin = &Builtin{
	Name:        "graph.reachable",
	Description: "Computes the set of reachable nodes in the graph from a set of starting nodes.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("graph", types.NewObject(
				nil,
				types.NewDynamicProperty(
					types.A,
					types.NewAny(
						types.NewSet(types.A),
						types.NewArray(nil, types.A)),
				)),
			).Description("object containing a set or array of neighboring vertices"),
			types.Named("initial", types.NewAny(types.NewSet(types.A), types.NewArray(nil, types.A))).Description("set or array of root vertices"),
		),
		types.Named("output", types.NewSet(types.A)).Description("set of vertices reachable from the `initial` vertices in the directed `graph`"),
	),
}
View Source 
var ReachablePathsBuiltin = &Builtin{
	Name:        "graph.reachable_paths",
	Description: "Computes the set of reachable paths in the graph from a set of starting nodes.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("graph", types.NewObject(
				nil,
				types.NewDynamicProperty(
					types.A,
					types.NewAny(
						types.NewSet(types.A),
						types.NewArray(nil, types.A)),
				)),
			).Description("object containing a set or array of root vertices"),
			types.Named("initial", types.NewAny(types.NewSet(types.A), types.NewArray(nil, types.A))).Description("initial paths"),
		),
		types.Named("output", types.NewSet(types.NewArray(nil, types.A))).Description("paths reachable from the `initial` vertices in the directed `graph`"),
	),
}
View Source 
var RegexFind = &Builtin{
	Name:        "regex.find_n",
	Description: "Returns the specified number of matches when matching the input against the pattern.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("pattern", types.S).Description("regular expression"),
			types.Named("value", types.S).Description("string to match"),
			types.Named("number", types.N).Description("number of matches to return, if `-1`, returns all matches"),
		),
		types.Named("output", types.NewArray(nil, types.S)).Description("collected matches"),
	),
}

RegexFind takes two strings and a number, the pattern, the value and number of match values to return, -1 means all match values.

View Source 
var RegexFindAllStringSubmatch = &Builtin{
	Name:        "regex.find_all_string_submatch_n",
	Description: "Returns all successive matches of the expression.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("pattern", types.S).Description("regular expression"),
			types.Named("value", types.S).Description("string to match"),
			types.Named("number", types.N).Description("number of matches to return; `-1` means all matches"),
		),
		types.Named("output", types.NewArray(nil, types.NewArray(nil, types.S))),
	),
}
View Source 
var RegexIsValid = &Builtin{
	Name:        "regex.is_valid",
	Description: "Checks if a string is a valid regular expression: the detailed syntax for patterns is defined by https://github.com/google/re2/wiki/Syntax.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("pattern", types.S).Description("regular expression"),
		),
		types.Named("result", types.B),
	),
}
View Source 
var RegexMatch = &Builtin{
	Name:        "regex.match",
	Description: "Matches a string against a regular expression.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("pattern", types.S).Description("regular expression"),
			types.Named("value", types.S).Description("value to match against `pattern`"),
		),
		types.Named("result", types.B),
	),
}
View Source 
var RegexMatchDeprecated = &Builtin{
	Name: "re_match",
	Decl: types.NewFunction(
		types.Args(
			types.S,
			types.S,
		),
		types.B,
	),
	deprecated: true,
}

RegexMatchDeprecated declares `re_match` which has been deprecated. Use `regex.match` instead.

View Source 
var RegexReplace = &Builtin{
	Name:        "regex.replace",
	Description: `Find and replaces the text using the regular expression pattern.`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("s", types.S).Description("string being processed"),
			types.Named("pattern", types.S).Description("regex pattern to be applied"),
			types.Named("value", types.S).Description("regex value"),
		),
		types.Named("output", types.S),
	),
}
View Source 
var RegexSplit = &Builtin{
	Name:        "regex.split",
	Description: "Splits the input string by the occurrences of the given pattern.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("pattern", types.S).Description("regular expression"),
			types.Named("value", types.S).Description("string to match"),
		),
		types.Named("output", types.NewArray(nil, types.S)).Description("the parts obtained by splitting `value`"),
	),
}
View Source 
var RegexTemplateMatch = &Builtin{
	Name:        "regex.template_match",
	Description: "Matches a string against a pattern, where there pattern may be glob-like",
	Decl: types.NewFunction(
		types.Args(
			types.Named("template", types.S).Description("template expression containing `0..n` regular expressions"),
			types.Named("value", types.S).Description("string to match"),
			types.Named("delimiter_start", types.S).Description("start delimiter of the regular expression in `template`"),
			types.Named("delimiter_end", types.S).Description("end delimiter of the regular expression in `template`"),
		),
		types.Named("result", types.B),
	),

} // TODO(sr): example:`regex.template_match("urn:foo:{.*}", "urn:foo:bar:baz", "{", "}")“ returns “true“.
View Source 
var RegoMetadataChain = &Builtin{
	Name: "rego.metadata.chain",
	Description: `Returns the chain of metadata for the active rule.
Ordered starting at the active rule, going outward to the most distant node in its package ancestry.
A chain entry is a JSON document with two members: "path", an array representing the path of the node; and "annotations", a JSON document containing the annotations declared for the node.
The first entry in the chain always points to the active rule, even if it has no declared annotations (in which case the "annotations" member is not present).`,
	Decl: types.NewFunction(
		types.Args(),
		types.Named("chain", types.NewArray(nil, types.A)).Description("each array entry represents a node in the path ancestry (chain) of the active rule that also has declared annotations"),
	),
}
View Source 
var RegoMetadataRule = &Builtin{
	Name:        "rego.metadata.rule",
	Description: "Returns annotations declared for the active rule and using the _rule_ scope.",
	Decl: types.NewFunction(
		types.Args(),
		types.Named("output", types.A).Description("\"rule\" scope annotations for this rule; empty object if no annotations exist"),
	),
}

RegoMetadataRule returns the metadata for the active rule

View Source 
var RegoParseModule = &Builtin{
	Name:        "rego.parse_module",
	Description: "Parses the input Rego string and returns an object representation of the AST.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("filename", types.S).Description("file name to attach to AST nodes' locations"),
			types.Named("rego", types.S).Description("Rego module"),
		),
		types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
	),
}
View Source 
var RegoRootDocument = VarTerm("rego")

RegoRootDocument names the document containing new, to-become-default, features in a future versioned release.

View Source 
var RegoV1CompatibleRef = Ref{VarTerm("rego"), StringTerm("v1")}
View Source 
var Rem = &Builtin{
	Name:        "rem",
	Infix:       "%",
	Description: "Returns the remainder for of `x` divided by `y`, for `y != 0`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N),
			types.Named("y", types.N),
		),
		types.Named("z", types.N).Description("the remainder"),
	),
	Categories: number,
}
View Source 
var RenderTemplate = &Builtin{
	Name: "strings.render_template",
	Description: `Renders a templated string with given template variables injected. For a given templated string and key/value mapping, values will be injected into the template where they are referenced by key.
	For examples of templating syntax, see https://pkg.go.dev/text/template`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("value", types.S).Description("a templated string"),
			types.Named("vars", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("a mapping of template variable keys to values"),
		),
		types.Named("result", types.S).Description("rendered template with template variables injected"),
	),
	Categories: stringsCat,
}
View Source 
var Replace = &Builtin{
	Name:        "replace",
	Description: "Replace replaces all instances of a sub-string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("string being processed"),
			types.Named("old", types.S).Description("substring to replace"),
			types.Named("new", types.S).Description("string to replace `old` with"),
		),
		types.Named("y", types.S).Description("string with replaced substrings"),
	),
	Categories: stringsCat,
}
View Source 
var ReplaceN = &Builtin{
	Name: "strings.replace_n",
	Description: `Replaces a string from a list of old, new string pairs.
Replacements are performed in the order they appear in the target string, without overlapping matches.
The old string comparisons are done in argument order.`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("patterns", types.NewObject(
				nil,
				types.NewDynamicProperty(
					types.S,
					types.S)),
			).Description("replacement pairs"),
			types.Named("value", types.S).Description("string to replace substring matches in"),
		),
		types.Named("output", types.S),
	),
}
View Source 
var ReservedVars = NewVarSet(
	DefaultRootDocument.Value.(Var),
	InputRootDocument.Value.(Var),
)

ReservedVars is the set of names that refer to implicitly ground vars.

View Source 
var RootDocumentNames = NewSet(
	DefaultRootDocument,
	InputRootDocument,
)

RootDocumentNames contains the names of top-level documents that can be referred to in modules and queries.

Note, the schema document is not currently implemented in the evaluator so it is not registered as a root document name (yet).

View Source 
var RootDocumentRefs = NewSet(
	NewTerm(DefaultRootRef),
	NewTerm(InputRootRef),
)

RootDocumentRefs contains the prefixes of top-level documents that all non-local references start with.

View Source 
var Round = &Builtin{
	Name:        "round",
	Description: "Rounds the number to the nearest integer.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.N).Description("the number to round"),
		),
		types.Named("y", types.N).Description("the result of rounding `x`"),
	),
	Categories: number,
}
View Source 
var SafetyCheckVisitorParams = VarVisitorParams{
	SkipRefCallHead: true,
	SkipClosures:    true,
}

SafetyCheckVisitorParams defines the AST visitor parameters to use for collecting variables during the safety check. This has to be exported because it's relied on by the copy propagation implementation in topdown.

View Source 
var SchemaRootDocument = VarTerm("schema")

SchemaRootDocument names the document containing external data schemas.

View Source 
var SchemaRootRef = Ref{SchemaRootDocument}

SchemaRootRef is a reference to the root of the schema document.

All refs to schema documents are prefixed with this ref. Note, the schema document is not currently implemented in the evaluator so it is not registered as a root document ref (yet).

View Source 
var SemVerCompare = &Builtin{
	Name:        "semver.compare",
	Description: "Compares valid SemVer formatted version strings.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("a", types.S),
			types.Named("b", types.S),
		),
		types.Named("result", types.N).Description("`-1` if `a < b`; `1` if `a > b`; `0` if `a == b`"),
	),
}
View Source 
var SemVerIsValid = &Builtin{
	Name:        "semver.is_valid",
	Description: "Validates that the input is a valid SemVer string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("vsn", types.A),
		),
		types.Named("result", types.B).Description("`true` if `vsn` is a valid SemVer; `false` otherwise"),
	),
}
View Source 
var SetDiff = &Builtin{
	Name: "set_diff",
	Decl: types.NewFunction(
		types.Args(
			types.NewSet(types.A),
			types.NewSet(types.A),
		),
		types.NewSet(types.A),
	),
	deprecated: true,
}

SetDiff has been replaced by the minus built-in.

View Source 
var Sort = &Builtin{
	Name:        "sort",
	Description: "Returns a sorted array.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("collection", types.NewAny(
				types.NewArray(nil, types.A),
				types.NewSet(types.A),
			)).Description("the array or set to be sorted"),
		),
		types.Named("n", types.NewArray(nil, types.A)).Description("the sorted array"),
	),
	Categories: aggregates,
}
View Source 
var Split = &Builtin{
	Name:        "split",
	Description: "Split returns an array containing elements of the input string split on a delimiter.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("string that is split"),
			types.Named("delimiter", types.S).Description("delimiter used for splitting"),
		),
		types.Named("ys", types.NewArray(nil, types.S)).Description("splitted parts"),
	),
	Categories: stringsCat,
}
View Source 
var Sprintf = &Builtin{
	Name:        "sprintf",
	Description: "Returns the given string, formatted.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("format", types.S).Description("string with formatting verbs"),
			types.Named("values", types.NewArray(nil, types.A)).Description("arguments to format into formatting verbs"),
		),
		types.Named("output", types.S).Description("`format` formatted by the values in `values`"),
	),
	Categories: stringsCat,
}
View Source 
var StartsWith = &Builtin{
	Name:        "startswith",
	Description: "Returns true if the search string begins with the base string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("search", types.S).Description("search string"),
			types.Named("base", types.S).Description("base string"),
		),
		types.Named("result", types.B).Description("result of the prefix check"),
	),
	Categories: stringsCat,
}
View Source 
var StringReverse = &Builtin{
	Name:        "strings.reverse",
	Description: "Reverses a given string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S),
	),
	Categories: stringsCat,
}
View Source 
var Substring = &Builtin{
	Name:        "substring",
	Description: "Returns the  portion of a string for a given `offset` and a `length`.  If `length < 0`, `output` is the remainder of the string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("value", types.S),
			types.Named("offset", types.N).Description("offset, must be positive"),
			types.Named("length", types.N).Description("length of the substring starting from `offset`"),
		),
		types.Named("output", types.S).Description("substring of `value` from `offset`, of length `length`"),
	),
	Categories: stringsCat,
}
View Source 
var Sum = &Builtin{
	Name:        "sum",
	Description: "Sums elements of an array or set of numbers.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("collection", types.NewAny(
				types.NewSet(types.N),
				types.NewArray(nil, types.N),
			)),
		),
		types.Named("n", types.N).Description("the sum of all elements"),
	),
	Categories: aggregates,
}
View Source 
var SystemDocumentKey = String("system")

SystemDocumentKey is the name of the top-level key that identifies the system document.

View Source 
var ToNumber = &Builtin{
	Name:        "to_number",
	Description: "Converts a string, bool, or number value to a number: Strings are converted to numbers using `strconv.Atoi`, Boolean `false` is converted to 0 and `true` is converted to 1.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.NewAny(
				types.N,
				types.S,
				types.B,
				types.NewNull(),
			)),
		),
		types.Named("num", types.N),
	),
	Categories: conversions,
}
View Source 
var Trace = &Builtin{
	Name:        "trace",
	Description: "Emits `note` as a `Note` event in the query explanation. Query explanations show the exact expressions evaluated by OPA during policy execution. For example, `trace(\"Hello There!\")` includes `Note \"Hello There!\"` in the query explanation. To include variables in the message, use `sprintf`. For example, `person := \"Bob\"; trace(sprintf(\"Hello There! %v\", [person]))` will emit `Note \"Hello There! Bob\"` inside of the explanation.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("note", types.S).Description("the note to include"),
		),
		types.Named("result", types.B).Description("always `true`"),
	),
	Categories: tracing,
}
View Source 
var Trim = &Builtin{
	Name:        "trim",
	Description: "Returns `value` with all leading or trailing instances of the `cutset` characters removed.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("value", types.S).Description("string to trim"),
			types.Named("cutset", types.S).Description("string of characters that are cut off"),
		),
		types.Named("output", types.S).Description("string trimmed of `cutset` characters"),
	),
	Categories: stringsCat,
}
View Source 
var TrimLeft = &Builtin{
	Name:        "trim_left",
	Description: "Returns `value` with all leading instances of the `cutset` chartacters removed.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("value", types.S).Description("string to trim"),
			types.Named("cutset", types.S).Description("string of characters that are cut off on the left"),
		),
		types.Named("output", types.S).Description("string left-trimmed of `cutset` characters"),
	),
	Categories: stringsCat,
}
View Source 
var TrimPrefix = &Builtin{
	Name:        "trim_prefix",
	Description: "Returns `value` without the prefix. If `value` doesn't start with `prefix`, it is returned unchanged.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("value", types.S).Description("string to trim"),
			types.Named("prefix", types.S).Description("prefix to cut off"),
		),
		types.Named("output", types.S).Description("string with `prefix` cut off"),
	),
	Categories: stringsCat,
}
View Source 
var TrimRight = &Builtin{
	Name:        "trim_right",
	Description: "Returns `value` with all trailing instances of the `cutset` chartacters removed.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("value", types.S).Description("string to trim"),
			types.Named("cutset", types.S).Description("string of characters that are cut off on the right"),
		),
		types.Named("output", types.S).Description("string right-trimmed of `cutset` characters"),
	),
	Categories: stringsCat,
}
View Source 
var TrimSpace = &Builtin{
	Name:        "trim_space",
	Description: "Return the given string with all leading and trailing white space removed.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("value", types.S).Description("string to trim"),
		),
		types.Named("output", types.S).Description("string leading and trailing white space cut off"),
	),
	Categories: stringsCat,
}
View Source 
var TrimSuffix = &Builtin{
	Name:        "trim_suffix",
	Description: "Returns `value` without the suffix. If `value` doesn't end with `suffix`, it is returned unchanged.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("value", types.S).Description("string to trim"),
			types.Named("suffix", types.S).Description("suffix to cut off"),
		),
		types.Named("output", types.S).Description("string with `suffix` cut off"),
	),
	Categories: stringsCat,
}
View Source 
var TypeNameBuiltin = &Builtin{
	Name:        "type_name",
	Description: "Returns the type of its input value.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
		),
		types.Named("type", types.S).Description(`one of "null", "boolean", "number", "string", "array", "object", "set"`),
	),
	Categories: typesCat,
}

TypeNameBuiltin returns the type of the input.

View Source 
var URLQueryDecode = &Builtin{
	Name:        "urlquery.decode",
	Description: "Decodes a URL-encoded input string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("URL-encoding deserialization of `x`"),
	),
	Categories: encoding,
}
View Source 
var URLQueryDecodeObject = &Builtin{
	Name:        "urlquery.decode_object",
	Description: "Decodes the given URL query string into an object.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("the query string"),
		),
		types.Named("object", types.NewObject(nil, types.NewDynamicProperty(
			types.S,
			types.NewArray(nil, types.S)))).Description("the resulting object"),
	),
	Categories: encoding,
}
View Source 
var URLQueryEncode = &Builtin{
	Name:        "urlquery.encode",
	Description: "Encodes the input string into a URL-encoded string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S),
		),
		types.Named("y", types.S).Description("URL-encoding serialization of `x`"),
	),
	Categories: encoding,
}
View Source 
var URLQueryEncodeObject = &Builtin{
	Name:        "urlquery.encode_object",
	Description: "Encodes the given object into a URL encoded query string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("object", types.NewObject(
				nil,
				types.NewDynamicProperty(
					types.S,
					types.NewAny(
						types.S,
						types.NewArray(nil, types.S),
						types.NewSet(types.S)))))),
		types.Named("y", types.S).Description("the URL-encoded serialization of `object`"),
	),
	Categories: encoding,
}
View Source 
var UUIDParse = &Builtin{
	Name:        "uuid.parse",
	Description: "Parses the string value as an UUID and returns an object with the well-defined fields of the UUID if valid.",
	Categories:  nil,
	Decl: types.NewFunction(
		types.Args(
			types.Named("uuid", types.S),
		),
		types.Named("result", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("Properties of UUID if valid (version, variant, etc). Undefined otherwise."),
	),
	Relation: false,
}
View Source 
var UUIDRFC4122 = &Builtin{
	Name:        "uuid.rfc4122",
	Description: "Returns a new UUIDv4.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("k", types.S),
		),
		types.Named("output", types.S).Description("a version 4 UUID; for any given `k`, the output will be consistent throughout a query evaluation"),
	),
	Nondeterministic: true,
}

UUIDRFC4122 returns a version 4 UUID string. Marked non-deterministic because it relies on RNG internally.

View Source 
var Union = &Builtin{
	Name:        "union",
	Description: "Returns the union of the given input sets.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("xs", types.NewSet(types.NewSet(types.A))).Description("set of sets to merge"),
		),
		types.Named("y", types.NewSet(types.A)).Description("the union of all `xs` sets"),
	),
	Categories: sets,
}
View Source 
var UnitsParse = &Builtin{
	Name: "units.parse",
	Description: `Converts strings like "10G", "5K", "4M", "1500m" and the like into a number.
This number can be a non-integer, such as 1.5, 0.22, etc. Supports standard metric decimal and
binary SI units (e.g., K, Ki, M, Mi, G, Gi etc.) m, K, M, G, T, P, and E are treated as decimal
units and Ki, Mi, Gi, Ti, Pi, and Ei are treated as binary units.

Note that 'm' and 'M' are case-sensitive, to allow distinguishing between "milli" and "mega" units respectively. Other units are case-insensitive.`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("the unit to parse"),
		),
		types.Named("y", types.N).Description("the parsed number"),
	),
}
View Source 
var UnitsParseBytes = &Builtin{
	Name: "units.parse_bytes",
	Description: `Converts strings like "10GB", "5K", "4mb" into an integer number of bytes.
Supports standard byte units (e.g., KB, KiB, etc.) KB, MB, GB, and TB are treated as decimal
units and KiB, MiB, GiB, and TiB are treated as binary units. The bytes symbol (b/B) in the
unit is optional and omitting it wil give the same result (e.g. Mi and MiB).`,
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("the byte unit to parse"),
		),
		types.Named("y", types.N).Description("the parsed number"),
	),
}
View Source 
var Upper = &Builtin{
	Name:        "upper",
	Description: "Returns the input string but with all characters in upper-case.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("string that is converted to upper-case"),
		),
		types.Named("y", types.S).Description("upper-case of x"),
	),
	Categories: stringsCat,
}
View Source 
var WalkBuiltin = &Builtin{
	Name:        "walk",
	Relation:    true,
	Description: "Generates `[path, value]` tuples for all nested documents of `x` (recursively).  Queries can use `walk` to traverse documents nested under `x`.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A),
		),
		types.Named("output", types.NewArray(
			[]types.Type{
				types.NewArray(nil, types.A),
				types.A,
			},
			nil,
		)).Description("pairs of `path` and `value`: `path` is an array representing the pointer to `value` in `x`. If `path` is assigned a wildcard (`_`), the `walk` function will skip path creation entirely for faster evaluation."),
	),
	Categories: graphs,
}
View Source 
var Weekday = &Builtin{
	Name:        "time.weekday",
	Description: "Returns the day of the week (Monday, Tuesday, ...) for the nanoseconds since epoch.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.NewAny(
				types.N,
				types.NewArray([]types.Type{types.N, types.S}, nil),
			)).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string"),
		),
		types.Named("day", types.S).Description("the weekday represented by `ns` nanoseconds since the epoch in the supplied timezone (or UTC)"),
	),
}
View Source 
var Wildcard = &Term{Value: Var("_")}

Wildcard represents the wildcard variable as defined in the language.

View Source 
var WildcardPrefix = "$"

WildcardPrefix is the special character that all wildcard variables are prefixed with when the statement they are contained in is parsed.

View Source 
var YAMLIsValid = &Builtin{
	Name:        "yaml.is_valid",
	Description: "Verifies the input string is a valid YAML document.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("a YAML string"),
		),
		types.Named("result", types.B).Description("`true` if `x` is valid YAML, `false` otherwise"),
	),
	Categories: encoding,
}

YAMLIsValid verifies the input string is a valid YAML document.

View Source 
var YAMLMarshal = &Builtin{
	Name:        "yaml.marshal",
	Description: "Serializes the input term to YAML.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.A).Description("the term to serialize"),
		),
		types.Named("y", types.S).Description("the YAML string representation of `x`"),
	),
	Categories: encoding,
}
View Source 
var YAMLUnmarshal = &Builtin{
	Name:        "yaml.unmarshal",
	Description: "Deserializes the input string.",
	Decl: types.NewFunction(
		types.Args(
			types.Named("x", types.S).Description("a YAML string"),
		),
		types.Named("y", types.A).Description("the term deseralized from `x`"),
	),
	Categories: encoding,
}

Functions

func As added in v0.14.0 

func As(v Value, x interface{}) error

As converts v into a Go native type referred to by x.

func BuildAnnotationSet added in v0.38.0 

func BuildAnnotationSet(modules []*Module) (*AnnotationSet, Errors)

func Compare added in v0.2.0 

func Compare(a, b interface{}) int

Compare returns an integer indicating whether two AST values are less than, equal to, or greater than each other.

If a is less than b, the return value is negative. If a is greater than b, the return value is positive. If a is equal to b, the return value is zero.

Different types are never equal to each other. For comparison purposes, types are sorted as follows:

nil < Null < Boolean < Number < String < Var < Ref < Array < Object < Set < ArrayComprehension < ObjectComprehension < SetComprehension < Expr < SomeDecl < With < Body < Rule < Import < Package < Module.

Arrays and Refs are equal if and only if both a and b have the same length and all corresponding elements are equal. If one element is not equal, the return value is the same as for the first differing element. If all elements are equal but a and b have different lengths, the shorter is considered less than the other.

Objects are considered equal if and only if both a and b have the same sorted (key, value) pairs and are of the same length. Other comparisons are consistent but not defined.

Sets are considered equal if and only if the symmetric difference of a and b is empty. Other comparisons are consistent but not defined.

func ContainsClosures added in v0.37.0 

func ContainsClosures(v interface{}) bool

ContainsClosures returns true if the Value v contains closures.

func ContainsComprehensions added in v0.5.8 

func ContainsComprehensions(v interface{}) bool

ContainsComprehensions returns true if the Value v contains comprehensions.

func ContainsRefs added in v0.5.8 

func ContainsRefs(v interface{}) bool

ContainsRefs returns true if the Value v contains refs.

func Copy added in v0.20.5 

func Copy(x interface{}) interface{}

Copy returns a deep copy of the AST node x. If x is not an AST node, x is returned unmodified.

func IsComprehension added in v0.5.11 

func IsComprehension(x Value) bool

IsComprehension returns true if the supplied value is a comprehension.

func IsConstant added in v0.4.9 

func IsConstant(v Value) bool

IsConstant returns true if the AST value is constant.

func IsError added in v0.4.0 

func IsError(code string, err error) bool

IsError returns true if err is an AST error with code.

func IsKeyword added in v0.2.2 

func IsKeyword(s string) bool

IsKeyword returns true if s is a language keyword.

func IsScalar added in v0.2.0 

func IsScalar(v Value) bool

IsScalar returns true if the AST value is a scalar.

func IsUnknownValueErr added in v0.9.0 

func IsUnknownValueErr(err error) bool

IsUnknownValueErr returns true if the err is an UnknownValueErr.

func IsValidImportPath added in v0.3.0 

func IsValidImportPath(v Value) (err error)

IsValidImportPath returns an error indicating if the import path is invalid. If the import path is invalid, err is nil.

func IsVarCompatibleString added in v0.58.0 

func IsVarCompatibleString(s string) bool

func JSON added in v0.4.9 

func JSON(v Value) (interface{}, error)

JSON returns the JSON representation of v. The value must not contain any refs or terms that require evaluation (e.g., vars, comprehensions, etc.)

func JSONWithOpt added in v0.27.1 

func JSONWithOpt(v Value, opt JSONOpt) (interface{}, error)

JSONWithOpt returns the JSON representation of v. The value must not contain any refs or terms that require evaluation (e.g., vars, comprehensions, etc.)

func LoadCapabilitiesVersions added in v0.40.0 

func LoadCapabilitiesVersions() ([]string, error)

LoadCapabilitiesVersions loads all capabilities versions

func MustJSON added in v0.25.0 

func MustJSON(v Value) interface{}

MustJSON returns the JSON representation of v. The value must not contain any refs or terms that require evaluation (e.g., vars, comprehensions, etc.) If the conversion fails, this function will panic. This function is mostly for test purposes.

func ParseStatements 

func ParseStatements(filename, input string) ([]Statement, []*Comment, error)

ParseStatements is deprecated. Use ParseStatementWithOpts instead.

func ParseStatementsWithOpts added in v0.28.0 

func ParseStatementsWithOpts(filename, input string, popts ParserOptions) ([]Statement, []*Comment, error)

ParseStatementsWithOpts returns a slice of parsed statements. This is the default return value from the parser.

func Pretty added in v0.7.0 

func Pretty(w io.Writer, x interface{})

Pretty writes a pretty representation of the AST rooted at x to w.

This is function is intended for debug purposes when inspecting ASTs.

func RegisterBuiltin 

func RegisterBuiltin(b *Builtin)

RegisterBuiltin adds a new built-in function to the registry.

func Transform added in v0.2.0 

func Transform(t Transformer, x interface{}) (interface{}, error)

Transform iterates the AST and calls the Transform function on the Transformer t for x before recursing.

func TransformComprehensions added in v0.5.8 

func TransformComprehensions(x interface{}, f func(interface{}) (Value, error)) (interface{}, error)

TransformComprehensions calls the functio nf on all comprehensions under x.

func TransformRefs added in v0.2.0 

func TransformRefs(x interface{}, f func(Ref) (Value, error)) (interface{}, error)

TransformRefs calls the function f on all references under x.

func TransformVars added in v0.7.0 

func TransformVars(x interface{}, f func(Var) (Value, error)) (interface{}, error)

TransformVars calls the function f on all vars under x.

func TypeName added in v0.3.0 

func TypeName(x interface{}) string

TypeName returns a human readable name for the AST element type.

func ValueToInterface added in v0.4.9 

func ValueToInterface(v Value, resolver Resolver) (interface{}, error)

ValueToInterface returns the Go representation of an AST value. The AST value should not contain any values that require evaluation (e.g., vars, comprehensions, etc.)

func Walk 

func Walk(v Visitor, x interface{})

Walk iterates the AST by calling the Visit function on the Visitor v for x before recursing. Deprecated: use GenericVisitor.Walk

func WalkBeforeAndAfter added in v0.7.0 

func WalkBeforeAndAfter(v BeforeAndAfterVisitor, x interface{})

WalkBeforeAndAfter iterates the AST by calling the Visit function on the Visitor v for x before recursing. Deprecated: use GenericVisitor.Walk

func WalkBodies added in v0.2.0 

func WalkBodies(x interface{}, f func(Body) bool)

WalkBodies calls the function f on all bodies under x. If the function f returns true, AST nodes under the last node will not be visited.

func WalkClosures 

func WalkClosures(x interface{}, f func(interface{}) bool)

WalkClosures calls the function f on all closures under x. If the function f returns true, AST nodes under the last node will not be visited.

func WalkExprs added in v0.4.9 

func WalkExprs(x interface{}, f func(*Expr) bool)

WalkExprs calls the function f on all expressions under x. If the function f returns true, AST nodes under the last node will not be visited.

func WalkNodes added in v0.9.2 

func WalkNodes(x interface{}, f func(Node) bool)

WalkNodes calls the function f on all nodes under x. If the function f returns true, AST nodes under the last node will not be visited.

func WalkRefs 

func WalkRefs(x interface{}, f func(Ref) bool)

WalkRefs calls the function f on all references under x. If the function f returns true, AST nodes under the last node will not be visited.

func WalkRules added in v0.4.10 

func WalkRules(x interface{}, f func(*Rule) bool)

WalkRules calls the function f on all rules under x. If the function f returns true, AST nodes under the last node will not be visited.

func WalkTerms added in v0.7.0 

func WalkTerms(x interface{}, f func(*Term) bool)

WalkTerms calls the function f on all terms under x. If the function f returns true, AST nodes under the last node will not be visited.

func WalkVars added in v0.2.1 

func WalkVars(x interface{}, f func(Var) bool)

WalkVars calls the function f on all vars under x. If the function f returns true, AST nodes under the last node will not be visited.

func WalkWiths added in v0.4.1 

func WalkWiths(x interface{}, f func(*With) bool)

WalkWiths calls the function f on all with modifiers under x. If the function f returns true, AST nodes under the last node will not be visited.

Types

type AnnotationSet added in v0.38.0 

type AnnotationSet struct {
	// contains filtered or unexported fields
}

func (*AnnotationSet) Chain added in v0.40.0 

func (as *AnnotationSet) Chain(rule *Rule) AnnotationsRefSet

Chain returns the chain of annotations leading up to the given rule. The returned slice is ordered as follows 0. Entries for the given rule, ordered from the METADATA block declared immediately above the rule, to the block declared farthest away (always at least one entry) 1. The 'document' scope entry, if any 2. The 'package' scope entry, if any 3. Entries for the 'subpackages' scope, if any; ordered from the closest package path to the fartest. E.g.: 'do.re.mi', 'do.re', 'do' The returned slice is guaranteed to always contain at least one entry, corresponding to the given rule.

Example

Test of example code in docs/content/annotations.md 

modules := [][]string{
	{
		"foo.rego", `# METADATA
# scope: subpackages
# organizations:
# - Acme Corp.
package foo`},
	{
		"mod", `# METADATA
# description: A couple of useful rules
package foo.bar

# METADATA
# title: My Rule P
p := 7`},
}

parsed := make([]*Module, 0, len(modules))
for _, entry := range modules {
	pm, err := ParseModuleWithOpts(entry[0], entry[1], ParserOptions{ProcessAnnotation: true})
	if err != nil {
		panic(err)
	}
	parsed = append(parsed, pm)
}

as, err := BuildAnnotationSet(parsed)
if err != nil {
	panic(err)
}

rule := parsed[1].Rules[0]

flattened := as.Chain(rule)
for _, entry := range flattened {
	fmt.Printf("%v at %v has annotations %v\n",
		entry.Path,
		entry.Location,
		entry.Annotations)
}

Output:

data.foo.bar.p at mod:7 has annotations {"scope":"rule","title":"My Rule P"}
data.foo.bar at mod:3 has annotations {"description":"A couple of useful rules","scope":"package"}
data.foo at foo.rego:5 has annotations {"organizations":["Acme Corp."],"scope":"subpackages"}

func (*AnnotationSet) Flatten added in v0.38.0 

func (as *AnnotationSet) Flatten() FlatAnnotationsRefSet

Flatten returns a flattened list view of this AnnotationSet. The returned slice is sorted, first by the annotations' target path, then by their target location

Example

Test of example code in docs/content/annotations.md 

modules := [][]string{
	{
		"foo.rego", `# METADATA
# scope: subpackages
# organizations:
# - Acme Corp.
package foo`},
	{
		"mod", `# METADATA
# description: A couple of useful rules
package foo.bar

# METADATA
# title: My Rule P
p := 7`},
}

parsed := make([]*Module, 0, len(modules))
for _, entry := range modules {
	pm, err := ParseModuleWithOpts(entry[0], entry[1], ParserOptions{ProcessAnnotation: true})
	if err != nil {
		panic(err)
	}
	parsed = append(parsed, pm)
}

as, err := BuildAnnotationSet(parsed)
if err != nil {
	panic(err)
}

flattened := as.Flatten()
for _, entry := range flattened {
	fmt.Printf("%v at %v has annotations %v\n",
		entry.Path,
		entry.Location,
		entry.Annotations)
}

Output:

data.foo at foo.rego:5 has annotations {"organizations":["Acme Corp."],"scope":"subpackages"}
data.foo.bar at mod:3 has annotations {"description":"A couple of useful rules","scope":"package"}
data.foo.bar.p at mod:7 has annotations {"scope":"rule","title":"My Rule P"}

func (*AnnotationSet) GetDocumentScope added in v0.38.0 

func (as *AnnotationSet) GetDocumentScope(path Ref) *Annotations

func (*AnnotationSet) GetPackageScope added in v0.38.0 

func (as *AnnotationSet) GetPackageScope(pkg *Package) *Annotations

func (*AnnotationSet) GetRuleScope added in v0.38.0 

func (as *AnnotationSet) GetRuleScope(r *Rule) []*Annotations

func (*AnnotationSet) GetSubpackagesScope added in v0.38.0 

func (as *AnnotationSet) GetSubpackagesScope(path Ref) []*Annotations

type Annotations added in v0.28.0 

type Annotations struct {
	Scope            string                       `json:"scope"`
	Title            string                       `json:"title,omitempty"`
	Entrypoint       bool                         `json:"entrypoint,omitempty"`
	Description      string                       `json:"description,omitempty"`
	Organizations    []string                     `json:"organizations,omitempty"`
	RelatedResources []*RelatedResourceAnnotation `json:"related_resources,omitempty"`
	Authors          []*AuthorAnnotation          `json:"authors,omitempty"`
	Schemas          []*SchemaAnnotation          `json:"schemas,omitempty"`
	Custom           map[string]interface{}       `json:"custom,omitempty"`
	Location         *Location                    `json:"location,omitempty"`
	// contains filtered or unexported fields
}

Annotations represents metadata attached to other AST nodes such as rules.

func (*Annotations) Compare added in v0.28.0 

func (a *Annotations) Compare(other *Annotations) int

Compare returns an integer indicating if a is less than, equal to, or greater than other.

func (*Annotations) Copy added in v0.28.0 

func (a *Annotations) Copy(node Node) *Annotations

Copy returns a deep copy of s.

func (*Annotations) EndLoc added in v0.49.0 

func (a *Annotations) EndLoc() *Location

EndLoc returns the location of this annotation's last comment line.

func (*Annotations) GetTargetPath added in v0.38.0 

func (a *Annotations) GetTargetPath() Ref

GetTargetPath returns the path of the node these Annotations are applied to (the target)

func (*Annotations) Loc added in v0.28.0 

func (a *Annotations) Loc() *Location

Loc returns the location of this annotation.

func (*Annotations) MarshalJSON added in v0.50.0 

func (a *Annotations) MarshalJSON() ([]byte, error)

func (*Annotations) SetLoc added in v0.28.0 

func (a *Annotations) SetLoc(l *Location)

SetLoc updates the location of this annotation.

func (*Annotations) String added in v0.28.0 

func (a *Annotations) String() string

type AnnotationsRef added in v0.38.0 

type AnnotationsRef struct {
	Path        Ref          `json:"path"` // The path of the node the annotations are applied to
	Annotations *Annotations `json:"annotations,omitempty"`
	Location    *Location    `json:"location,omitempty"` // The location of the node the annotations are applied to
	// contains filtered or unexported fields
}

func NewAnnotationsRef added in v0.40.0 

func NewAnnotationsRef(a *Annotations) *AnnotationsRef

func (*AnnotationsRef) Compare added in v0.49.0 

func (ar *AnnotationsRef) Compare(other *AnnotationsRef) int

func (*AnnotationsRef) GetPackage added in v0.38.0 

func (ar *AnnotationsRef) GetPackage() *Package

func (*AnnotationsRef) GetRule added in v0.38.0 

func (ar *AnnotationsRef) GetRule() *Rule

func (*AnnotationsRef) MarshalJSON added in v0.50.0 

func (ar *AnnotationsRef) MarshalJSON() ([]byte, error)

type AnnotationsRefSet added in v0.49.0 

type AnnotationsRefSet []*AnnotationsRef

type ArgErrDetail added in v0.4.9 

type ArgErrDetail struct {
	Have []types.Type   `json:"have"`
	Want types.FuncArgs `json:"want"`
}

ArgErrDetail represents a generic argument error.

func (*ArgErrDetail) Lines added in v0.4.9 

func (d *ArgErrDetail) Lines() []string

Lines returns the string representation of the detail.

type Args added in v0.5.0 

type Args []*Term

Args represents zero or more arguments to a rule.

func (Args) Copy added in v0.5.0 

func (a Args) Copy() Args

Copy returns a deep copy of a.

func (Args) Loc added in v0.9.2 

func (a Args) Loc() *Location

Loc returns the Location of a.

func (Args) SetLoc added in v0.9.2 

func (a Args) SetLoc(loc *Location)

SetLoc sets the location on a.

func (Args) String added in v0.5.0 

func (a Args) String() string

func (Args) Vars added in v0.5.9 

func (a Args) Vars() VarSet

Vars returns a set of vars that appear in a.

type Array 

type Array struct {
	// contains filtered or unexported fields
}

Array represents an array as defined by the language. Arrays are similar to the same types as defined by JSON with the exception that they can contain Vars and References.

func NewArray added in v0.23.0 

func NewArray(a ...*Term) *Array

NewArray creates an Array with the terms provided. The array will use the provided term slice.

func (*Array) Append added in v0.23.0 

func (arr *Array) Append(v *Term) *Array

Append appends a term to arr, returning the appended array.

func (*Array) Compare added in v0.5.0 

func (arr *Array) Compare(other Value) int

Compare compares arr to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (*Array) Copy added in v0.2.2 

func (arr *Array) Copy() *Array

Copy returns a deep copy of arr.

func (*Array) Elem added in v0.23.0 

func (arr *Array) Elem(i int) *Term

Elem returns the element i of arr.

func (*Array) Equal 

func (arr *Array) Equal(other Value) bool

Equal returns true if arr is equal to other.

func (*Array) Find added in v0.4.5 

func (arr *Array) Find(path Ref) (Value, error)

Find returns the value at the index or an out-of-range error.

func (*Array) Foreach added in v0.23.0 

func (arr *Array) Foreach(f func(*Term))

Foreach calls f on each element in arr.

func (*Array) Get added in v0.4.9 

func (arr *Array) Get(pos *Term) *Term

Get returns the element at pos or nil if not possible.

func (*Array) Hash 

func (arr *Array) Hash() int

Hash returns the hash code for the Value.

func (*Array) IsGround 

func (arr *Array) IsGround() bool

IsGround returns true if all of the Array elements are ground.

func (*Array) Iter added in v0.23.0 

func (arr *Array) Iter(f func(*Term) error) error

Iter calls f on each element in arr. If f returns an error, iteration stops and the return value is the error.

func (*Array) Len added in v0.23.0 

func (arr *Array) Len() int

Len returns the number of elements in the array.

func (*Array) MarshalJSON added in v0.3.0 

func (arr *Array) MarshalJSON() ([]byte, error)

MarshalJSON returns JSON encoded bytes representing arr.

func (*Array) Slice added in v0.23.0 

func (arr *Array) Slice(i, j int) *Array

Slice returns a slice of arr starting from i index to j. -1 indicates the end of the array. The returned value array is not a copy and any modifications to either of arrays may be reflected to the other.

func (*Array) Sorted added in v0.6.0 

func (arr *Array) Sorted() *Array

Sorted returns a new Array that contains the sorted elements of arr.

func (*Array) String 

func (arr *Array) String() string

func (*Array) Until added in v0.23.0 

func (arr *Array) Until(f func(*Term) bool) bool

Until calls f on each element in arr. If f returns true, iteration stops.

type ArrayComprehension 

type ArrayComprehension struct {
	Term *Term `json:"term"`
	Body Body  `json:"body"`
}

ArrayComprehension represents an array comprehension as defined in the language.

func (*ArrayComprehension) Compare added in v0.5.0 

func (ac *ArrayComprehension) Compare(other Value) int

Compare compares ac to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (*ArrayComprehension) Copy added in v0.2.2 

func (ac *ArrayComprehension) Copy() *ArrayComprehension

Copy returns a deep copy of ac.

func (*ArrayComprehension) Equal 

func (ac *ArrayComprehension) Equal(other Value) bool

Equal returns true if ac is equal to other.

func (*ArrayComprehension) Find added in v0.4.5 

func (ac *ArrayComprehension) Find(path Ref) (Value, error)

Find returns the current value or a not found error.

func (*ArrayComprehension) Hash 

func (ac *ArrayComprehension) Hash() int

Hash returns the hash code of the Value.

func (*ArrayComprehension) IsGround 

func (ac *ArrayComprehension) IsGround() bool

IsGround returns true if the Term and Body are ground.

func (*ArrayComprehension) String 

func (ac *ArrayComprehension) String() string

type AuthorAnnotation added in v0.38.0 

type AuthorAnnotation struct {
	Name  string `json:"name"`
	Email string `json:"email,omitempty"`
}

func (*AuthorAnnotation) Compare added in v0.38.0 

func (a *AuthorAnnotation) Compare(other *AuthorAnnotation) int

Compare returns an integer indicating if s is less than, equal to, or greater than other.

func (*AuthorAnnotation) Copy added in v0.38.0 

func (a *AuthorAnnotation) Copy() *AuthorAnnotation

Copy returns a deep copy of a.

func (*AuthorAnnotation) String added in v0.38.0 

func (a *AuthorAnnotation) String() string

type BeforeAfterVisitor added in v0.17.0 

type BeforeAfterVisitor struct {
	// contains filtered or unexported fields
}

BeforeAfterVisitor provides a utility to walk over AST nodes using closures. If the before closure returns true, the visitor will not walk over AST nodes under x. The after closure is invoked always after visiting a node.

func NewBeforeAfterVisitor added in v0.17.0 

func NewBeforeAfterVisitor(before func(x interface{}) bool, after func(x interface{})) *BeforeAfterVisitor

NewBeforeAfterVisitor returns a new BeforeAndAfterVisitor that will invoke the functions before and after AST nodes.

func (*BeforeAfterVisitor) Walk added in v0.17.0 

func (vis *BeforeAfterVisitor) Walk(x interface{})

Walk iterates the AST by calling the functions on the BeforeAndAfterVisitor before and after recursing. Contrary to the generic Walk, this does not require allocating the visitor from heap.

type BeforeAndAfterVisitor added in v0.7.0 

type BeforeAndAfterVisitor interface {
	Visitor
	Before(x interface{})
	After(x interface{})
}

BeforeAndAfterVisitor wraps Visitor to provide hooks for being called before and after the AST has been visited. Deprecated: use GenericVisitor or another visitor implementation

type Body 

type Body []*Expr

Body represents one or more expressions contained inside a rule or user function.

func MustParseBody 

func MustParseBody(input string) Body

MustParseBody returns a parsed body. If an error occurs during parsing, panic.

func MustParseBodyWithOpts added in v0.37.0 

func MustParseBodyWithOpts(input string, opts ParserOptions) Body

MustParseBodyWithOpts returns a parsed body. If an error occurs during parsing, panic.

func NewBody added in v0.2.0 

func NewBody(exprs ...*Expr) Body

NewBody returns a new Body containing the given expressions. The indices of the immediate expressions will be reset.

func ParseBody 

func ParseBody(input string) (Body, error)

ParseBody returns exactly one body. If multiple bodies are parsed, an error is returned.

func ParseBodyWithOpts added in v0.34.0 

func ParseBodyWithOpts(input string, popts ParserOptions) (Body, error)

ParseBodyWithOpts returns exactly one body. It does _not_ set SkipRules: true on its own, but respects whatever ParserOptions it's been given.

func (*Body) Append added in v0.4.1 

func (body *Body) Append(expr *Expr)

Append adds the expr to the body and updates the expr's index accordingly.

func (Body) Compare added in v0.2.0 

func (body Body) Compare(other Body) int

Compare returns an integer indicating whether body is less than, equal to, or greater than other.

If body is a subset of other, it is considered less than (and vice versa).

func (Body) Contains 

func (body Body) Contains(x *Expr) bool

Contains returns true if this body contains the given expression.

func (Body) Copy added in v0.2.2 

func (body Body) Copy() Body

Copy returns a deep copy of body.

func (Body) Equal 

func (body Body) Equal(other Body) bool

Equal returns true if this Body is equal to the other Body.

func (Body) Hash 

func (body Body) Hash() int

Hash returns the hash code for the Body.

func (Body) IsGround 

func (body Body) IsGround() bool

IsGround returns true if all of the expressions in the Body are ground.

func (Body) Loc 

func (body Body) Loc() *Location

Loc returns the location of the Body in the definition.

func (Body) MarshalJSON added in v0.9.0 

func (body Body) MarshalJSON() ([]byte, error)

MarshalJSON returns JSON encoded bytes representing body.

func (Body) Set added in v0.6.0 

func (body Body) Set(expr *Expr, pos int)

Set sets the expr in the body at the specified position and updates the expr's index accordingly.

func (Body) SetLoc added in v0.9.2 

func (body Body) SetLoc(loc *Location)

SetLoc sets the location on body.

func (Body) String 

func (body Body) String() string

func (Body) Vars 

func (body Body) Vars(params VarVisitorParams) VarSet

Vars returns a VarSet containing variables in body. The params can be set to control which vars are included.

type Boolean 

type Boolean bool

Boolean represents a boolean value defined by JSON.

func (Boolean) Compare added in v0.5.0 

func (bol Boolean) Compare(other Value) int

Compare compares bol to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (Boolean) Equal 

func (bol Boolean) Equal(other Value) bool

Equal returns true if the other Value is a Boolean and is equal.

func (Boolean) Find added in v0.4.5 

func (bol Boolean) Find(path Ref) (Value, error)

Find returns the current value or a not found error.

func (Boolean) Hash 

func (bol Boolean) Hash() int

Hash returns the hash code for the Value.

func (Boolean) IsGround 

func (Boolean) IsGround() bool

IsGround always returns true.

func (Boolean) String 

func (bol Boolean) String() string

type Builtin 

type Builtin struct {
	Name        string `json:"name"`                  // Unique name of built-in function, e.g., <name>(arg1,arg2,...,argN)
	Description string `json:"description,omitempty"` // Description of what the built-in function does.

	// Categories of the built-in function. Omitted for namespaced
	// built-ins, i.e. "array.concat" is taken to be of the "array" category.
	// "minus" for example, is part of two categories: numbers and sets. (NOTE(sr): aspirational)
	Categories []string `json:"categories,omitempty"`

	Decl     *types.Function `json:"decl"`               // Built-in function type declaration.
	Infix    string          `json:"infix,omitempty"`    // Unique name of infix operator. Default should be unset.
	Relation bool            `json:"relation,omitempty"` // Indicates if the built-in acts as a relation.

	Nondeterministic bool `json:"nondeterministic,omitempty"` // Indicates if the built-in returns non-deterministic results.
	// contains filtered or unexported fields
}

Builtin represents a built-in function supported by OPA. Every built-in function is uniquely identified by a name.

func (*Builtin) Call added in v0.7.0 

func (b *Builtin) Call(operands ...*Term) *Term

Call creates a new term for the built-in with the given operands.

func (*Builtin) Expr 

func (b *Builtin) Expr(operands ...*Term) *Expr

Expr creates a new expression for the built-in with the given operands.

func (*Builtin) IsDeprecated added in v0.37.0 

func (b *Builtin) IsDeprecated() bool

IsDeprecated returns true if the Builtin function is deprecated and will be removed in a future release.

func (*Builtin) IsNondeterministic added in v0.44.0 

func (b *Builtin) IsNondeterministic() bool

IsDeterministic returns true if the Builtin function returns non-deterministic results.

func (*Builtin) IsTargetPos 

func (b *Builtin) IsTargetPos(i int) bool

IsTargetPos returns true if a variable in the i-th position will be bound by evaluating the call expression.

func (*Builtin) Minimal added in v0.59.0 

func (b *Builtin) Minimal() *Builtin

Minimal returns a shallow copy of b with the descriptions and categories and named arguments stripped out.

func (*Builtin) Ref added in v0.5.9 

func (b *Builtin) Ref() Ref

Ref returns a Ref that refers to the built-in function.

type Call added in v0.7.0 

type Call []*Term

Call represents as function call in the language.

func (Call) Compare added in v0.7.0 

func (c Call) Compare(other Value) int

Compare compares c to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (Call) Copy added in v0.7.0 

func (c Call) Copy() Call

Copy returns a deep copy of c.

func (Call) Find added in v0.7.0 

func (c Call) Find(Ref) (Value, error)

Find returns the current value or a not found error.

func (Call) Hash added in v0.7.0 

func (c Call) Hash() int

Hash returns the hash code for the Value.

func (Call) IsGround added in v0.7.0 

func (c Call) IsGround() bool

IsGround returns true if the Value is ground.

func (Call) MakeExpr added in v0.7.0 

func (c Call) MakeExpr(output *Term) *Expr

MakeExpr returns an ew Expr from this call.

func (Call) String added in v0.7.0 

func (c Call) String() string

type Capabilities added in v0.23.0 

type Capabilities struct {
	Builtins        []*Builtin       `json:"builtins,omitempty"`
	FutureKeywords  []string         `json:"future_keywords,omitempty"`
	WasmABIVersions []WasmABIVersion `json:"wasm_abi_versions,omitempty"`

	// Features is a bit of a mixed bag for checking that an older version of OPA
	// is able to do what needs to be done.
	// TODO(sr): find better words ^^
	Features []string `json:"features,omitempty"`

	// allow_net is an array of hostnames or IP addresses, that an OPA instance is
	// allowed to connect to.
	// If omitted, ANY host can be connected to. If empty, NO host can be connected to.
	// As of now, this only controls fetching remote refs for using JSON Schemas in
	// the type checker.
	// TODO(sr): support ports to further restrict connection peers
	// TODO(sr): support restricting `http.send` using the same mechanism (see https://github.com/open-policy-agent/opa/issues/3665)
	AllowNet []string `json:"allow_net,omitempty"`
}

Capabilities defines a structure containing data that describes the capabilities or features supported by a particular version of OPA.

func CapabilitiesForThisVersion added in v0.23.0 

func CapabilitiesForThisVersion() *Capabilities

CapabilitiesForThisVersion returns the capabilities of this version of OPA.

func LoadCapabilitiesFile added in v0.40.0 

func LoadCapabilitiesFile(file string) (*Capabilities, error)

LoadCapabilitiesFile loads a JSON serialized capabilities structure from a file.

func LoadCapabilitiesJSON added in v0.23.0 

func LoadCapabilitiesJSON(r io.Reader) (*Capabilities, error)

LoadCapabilitiesJSON loads a JSON serialized capabilities structure from the reader r.

func LoadCapabilitiesVersion added in v0.40.0 

func LoadCapabilitiesVersion(version string) (*Capabilities, error)

LoadCapabilitiesVersion loads a JSON serialized capabilities structure from the specific version.

func (*Capabilities) ContainsFeature added in v0.59.0 

func (c *Capabilities) ContainsFeature(feature string) bool

func (*Capabilities) MinimumCompatibleVersion added in v0.59.0 

func (c *Capabilities) MinimumCompatibleVersion() (string, bool)

MinimumCompatibleVersion returns the minimum compatible OPA version based on the built-ins, features, and keywords in c.

type Comment added in v0.4.0 

type Comment struct {
	// TODO: these fields have inconsistent JSON keys with other structs in this package.
	Text     []byte
	Location *Location
	// contains filtered or unexported fields
}

Comment contains the raw text from the comment in the definition.

func NewComment added in v0.4.0 

func NewComment(text []byte) *Comment

NewComment returns a new Comment object.

func (*Comment) Copy added in v0.20.5 

func (c *Comment) Copy() *Comment

Copy returns a deep copy of c.

func (*Comment) Equal added in v0.10.3 

func (c *Comment) Equal(other *Comment) bool

Equal returns true if this comment equals the other comment. Unlike other equality checks on AST nodes, comment equality depends on location.

func (*Comment) Loc added in v0.4.0 

func (c *Comment) Loc() *Location

Loc returns the location of the comment in the definition.

func (*Comment) SetLoc added in v0.9.2 

func (c *Comment) SetLoc(loc *Location)

SetLoc sets the location on c.

func (*Comment) String added in v0.4.0 

func (c *Comment) String() string

type CompileOpts added in v0.34.0 

type CompileOpts struct {
	EnablePrintStatements bool
	ParserOptions         ParserOptions
}

CompileOpts defines a set of options for the compiler.

type Compiler 

type Compiler struct {

	// Errors contains errors that occurred during the compilation process.
	// If there are one or more errors, the compilation process is considered
	// "failed".
	Errors Errors

	// Modules contains the compiled modules. The compiled modules are the
	// output of the compilation process. If the compilation process failed,
	// there is no guarantee about the state of the modules.
	Modules map[string]*Module

	// ModuleTree organizes the modules into a tree where each node is keyed by
	// an element in the module's package path. E.g., given modules containing
	// the following package directives: "a", "a.b", "a.c", and "a.b", the
	// resulting module tree would be:
	//
	//  root
	//    |
	//    +--- data (no modules)
	//           |
	//           +--- a (1 module)
	//                |
	//                +--- b (2 modules)
	//                |
	//                +--- c (1 module)
	//
	ModuleTree *ModuleTreeNode

	// RuleTree organizes rules into a tree where each node is keyed by an
	// element in the rule's path. The rule path is the concatenation of the
	// containing package and the stringified rule name. E.g., given the
	// following module:
	//
	//  package ex
	//  p[1] { true }
	//  p[2] { true }
	//  q = true
	//  a.b.c = 3
	//
	//  root
	//    |
	//    +--- data (no rules)
	//           |
	//           +--- ex (no rules)
	//                |
	//                +--- p (2 rules)
	//                |
	//                +--- q (1 rule)
	//                |
	//                +--- a
	//                     |
	//                     +--- b
	//                          |
	//                          +--- c (1 rule)
	//
	// Another example with general refs containing vars at arbitrary locations:
	//
	//  package ex
	//  a.b[x].d { x := "c" }            # R1
	//  a.b.c[x] { x := "d" }            # R2
	//  a.b[x][y] { x := "c"; y := "d" } # R3
	//  p := true                        # R4
	//
	//  root
	//    |
	//    +--- data (no rules)
	//           |
	//           +--- ex (no rules)
	//                |
	//                +--- a
	//                |    |
	//                |    +--- b (R1, R3)
	//                |         |
	//                |         +--- c (R2)
	//                |
	//                +--- p (R4)
	RuleTree *TreeNode

	// Graph contains dependencies between rules. An edge (u,v) is added to the
	// graph if rule 'u' refers to the virtual document defined by 'v'.
	Graph *Graph

	// TypeEnv holds type information for values inferred by the compiler.
	TypeEnv *TypeEnv

	// RewrittenVars is a mapping of variables that have been rewritten
	// with the key being the generated name and value being the original.
	RewrittenVars map[Var]Var

	// Capabliities required by the modules that were compiled.
	Required *Capabilities
	// contains filtered or unexported fields
}

Compiler contains the state of a compilation process.

func CompileModules added in v0.10.2 

func CompileModules(modules map[string]string) (*Compiler, error)

CompileModules takes a set of Rego modules represented as strings and compiles them for evaluation. The keys of the map are used as filenames.

func CompileModulesWithOpt added in v0.34.0 

func CompileModulesWithOpt(modules map[string]string, opts CompileOpts) (*Compiler, error)

CompileModulesWithOpt takes a set of Rego modules represented as strings and compiles them for evaluation. The keys of the map are used as filenames.

func MustCompileModules added in v0.10.2 

func MustCompileModules(modules map[string]string) *Compiler

MustCompileModules compiles a set of Rego modules represented as strings. If the compilation process fails, this function panics.

func MustCompileModulesWithOpts added in v0.34.0 

func MustCompileModulesWithOpts(modules map[string]string, opts CompileOpts) *Compiler

MustCompileModulesWithOpts compiles a set of Rego modules represented as strings. If the compilation process fails, this function panics.

func NewCompiler 

func NewCompiler() *Compiler

NewCompiler returns a new empty compiler.

func (*Compiler) Capabilities added in v0.36.0 

func (c *Compiler) Capabilities() *Capabilities

Capabilities returns the capabilities enabled during compilation.

func (*Compiler) Compile 

func (c *Compiler) Compile(modules map[string]*Module)

Compile runs the compilation process on the input modules. The compiled version of the modules and associated data structures are stored on the compiler. If the compilation process fails for any reason, the compiler will contain a slice of errors.

Example 
package main

import (
	"fmt"

	"github.com/open-policy-agent/opa/ast"
)

func main() {

	// Define an input module that will be compiled.
	exampleModule := `package opa.example

import data.foo
import input.bar

p[x] { foo[x]; not bar[x]; x >= min_x }
min_x = 100 { true }`

	// Parse the input module to obtain the AST representation.
	mod, err := ast.ParseModule("my_module", exampleModule)
	if err != nil {
		fmt.Println("Parse error:", err)
	}

	// Create a new compiler instance and compile the module.
	c := ast.NewCompiler()

	mods := map[string]*ast.Module{
		"my_module": mod,
	}

	if c.Compile(mods); c.Failed() {
		fmt.Println("Compile error:", c.Errors)
	}

	fmt.Println("Expr 1:", c.Modules["my_module"].Rules[0].Body[0])
	fmt.Println("Expr 2:", c.Modules["my_module"].Rules[0].Body[1])
	fmt.Println("Expr 3:", c.Modules["my_module"].Rules[0].Body[2])
	fmt.Println("Expr 4:", c.Modules["my_module"].Rules[0].Body[3])

}

Output:


Expr 1: data.foo[x]
Expr 2: not input.bar[x]
Expr 3: __local0__ = data.opa.example.min_x
Expr 4: gte(x, __local0__)

func (*Compiler) ComprehensionIndex added in v0.20.0 

func (c *Compiler) ComprehensionIndex(term *Term) *ComprehensionIndex

ComprehensionIndex returns a data structure specifying how to index comprehension results so that callers do not have to recompute the comprehension more than once. If no index is found, returns nil.

func (*Compiler) Failed 

func (c *Compiler) Failed() bool

Failed returns true if a compilation error has been encountered.

func (*Compiler) GetAnnotationSet added in v0.38.0 

func (c *Compiler) GetAnnotationSet() *AnnotationSet

func (*Compiler) GetArity added in v0.7.0 

func (c *Compiler) GetArity(ref Ref) int

GetArity returns the number of args a function referred to by ref takes. If ref refers to built-in function, the built-in declaration is consulted, otherwise, the ref is used to perform a ruleset lookup.

func (*Compiler) GetRules added in v0.4.0 

func (c *Compiler) GetRules(ref Ref) (rules []*Rule)

GetRules returns a slice of rules that are referred to by ref.

E.g., given the following module: 

package a.b.c

p[x] = y { q[x] = y; ... } # rule1
q[x] = y { ... }           # rule2

The following calls yield the rules on the right. 

GetRules("data.a.b.c.p")	=> [rule1]
GetRules("data.a.b.c.p.x")	=> [rule1]
GetRules("data.a.b.c.q")	=> [rule2]
GetRules("data.a.b.c")		=> [rule1, rule2]
GetRules("data.a.b.d")		=> nil

func (*Compiler) GetRulesDynamic deprecated added in v0.14.0 

func (c *Compiler) GetRulesDynamic(ref Ref) []*Rule

GetRulesDynamic returns a slice of rules that could be referred to by a ref.

Deprecated: use GetRulesDynamicWithOpts

func (*Compiler) GetRulesDynamicWithOpts added in v0.34.0 

func (c *Compiler) GetRulesDynamicWithOpts(ref Ref, opts RulesOptions) []*Rule

GetRulesDynamicWithOpts returns a slice of rules that could be referred to by a ref. When parts of the ref are statically known, we use that information to narrow down which rules the ref could refer to, but in the most general case this will be an over-approximation.

E.g., given the following modules: 

package a.b.c

r1 = 1  # rule1

and: 

package a.d.c

r2 = 2  # rule2

The following calls yield the rules on the right. 

GetRulesDynamicWithOpts("data.a[x].c[y]", opts) => [rule1, rule2]
GetRulesDynamicWithOpts("data.a[x].c.r2", opts) => [rule2]
GetRulesDynamicWithOpts("data.a.b[x][y]", opts) => [rule1]

Using the RulesOptions parameter, the inclusion of hidden modules can be controlled:

With 

package system.main

r3 = 3 # rule3

We'd get this result: 

GetRulesDynamicWithOpts("data[x]", RulesOptions{IncludeHiddenModules: true}) => [rule1, rule2, rule3]

Without the options, it would be excluded.

func (*Compiler) GetRulesExact added in v0.2.0 

func (c *Compiler) GetRulesExact(ref Ref) (rules []*Rule)

GetRulesExact returns a slice of rules referred to by the reference.

E.g., given the following module: 

	package a.b.c

	p[k] = v { ... }    # rule1
 p[k1] = v1 { ... }  # rule2

The following calls yield the rules on the right. 

GetRulesExact("data.a.b.c.p")   => [rule1, rule2]
GetRulesExact("data.a.b.c.p.x") => nil
GetRulesExact("data.a.b.c")     => nil

func (*Compiler) GetRulesForVirtualDocument added in v0.2.0 

func (c *Compiler) GetRulesForVirtualDocument(ref Ref) (rules []*Rule)

GetRulesForVirtualDocument returns a slice of rules that produce the virtual document referred to by the reference.

E.g., given the following module: 

	package a.b.c

	p[k] = v { ... }    # rule1
 p[k1] = v1 { ... }  # rule2

The following calls yield the rules on the right. 

GetRulesForVirtualDocument("data.a.b.c.p")   => [rule1, rule2]
GetRulesForVirtualDocument("data.a.b.c.p.x") => [rule1, rule2]
GetRulesForVirtualDocument("data.a.b.c")     => nil

func (*Compiler) GetRulesWithPrefix added in v0.2.0 

func (c *Compiler) GetRulesWithPrefix(ref Ref) (rules []*Rule)

GetRulesWithPrefix returns a slice of rules that share the prefix ref.

E.g., given the following module: 

package a.b.c

p[x] = y { ... }  # rule1
p[k] = v { ... }  # rule2
q { ... }         # rule3

The following calls yield the rules on the right. 

GetRulesWithPrefix("data.a.b.c.p")   => [rule1, rule2]
GetRulesWithPrefix("data.a.b.c.p.a") => nil
GetRulesWithPrefix("data.a.b.c")     => [rule1, rule2, rule3]

func (*Compiler) ParsedModules added in v0.43.0 

func (c *Compiler) ParsedModules() map[string]*Module

ParsedModules returns the parsed, unprocessed modules from the compiler. It is `nil` if keeping modules wasn't enabled via `WithKeepModules(true)`. The map includes all modules loaded via the ModuleLoader, if one was used.

func (*Compiler) PassesTypeCheck added in v0.26.0 

func (c *Compiler) PassesTypeCheck(body Body) bool

PassesTypeCheck determines whether the given body passes type checking

func (*Compiler) PassesTypeCheckRules added in v0.57.0 

func (c *Compiler) PassesTypeCheckRules(rules []*Rule) Errors

PassesTypeCheckRules determines whether the given rules passes type checking

func (*Compiler) QueryCompiler added in v0.2.2 

func (c *Compiler) QueryCompiler() QueryCompiler

func (*Compiler) RuleIndex added in v0.4.9 

func (c *Compiler) RuleIndex(path Ref) RuleIndex

RuleIndex returns a RuleIndex built for the rule set referred to by path. The path must refer to the rule set exactly, i.e., given a rule set at path data.a.b.c.p, refs data.a.b.c.p.x and data.a.b.c would not return a RuleIndex built for the rule.

func (*Compiler) SetErrorLimit added in v0.5.3 

func (c *Compiler) SetErrorLimit(limit int) *Compiler

SetErrorLimit sets the number of errors the compiler can encounter before it quits. Zero or a negative number indicates no limit.

func (*Compiler) WithAllowUndefinedFunctionCalls added in v0.60.0 

func (c *Compiler) WithAllowUndefinedFunctionCalls(allow bool) *Compiler

func (*Compiler) WithBuiltins added in v0.14.0 

func (c *Compiler) WithBuiltins(builtins map[string]*Builtin) *Compiler

WithBuiltins is deprecated. Use WithCapabilities instead.

func (*Compiler) WithCapabilities added in v0.23.0 

func (c *Compiler) WithCapabilities(capabilities *Capabilities) *Compiler

WithCapabilities sets capabilities to enable during compilation. Capabilities allow the caller to specify the set of built-in functions available to the policy. In the future, capabilities may be able to restrict access to other language features. Capabilities allow callers to check if policies are compatible with a particular version of OPA. If policies are a compiled for a specific version of OPA, there is no guarantee that _this_ version of OPA can evaluate them successfully.

func (*Compiler) WithDebug added in v0.27.0 

func (c *Compiler) WithDebug(sink io.Writer) *Compiler

WithDebug sets where debug messages are written to. Passing `nil` has no effect.

func (*Compiler) WithEnablePrintStatements added in v0.34.0 

func (c *Compiler) WithEnablePrintStatements(yes bool) *Compiler

WithEnablePrintStatements enables print statements inside of modules compiled by the compiler. If print statements are not enabled, calls to print() are erased at compile-time.

func (*Compiler) WithEvalMode added in v0.58.0 

func (c *Compiler) WithEvalMode(e CompilerEvalMode) *Compiler

WithEvalMode allows setting the CompilerEvalMode of the compiler

func (*Compiler) WithKeepModules added in v0.43.0 

func (c *Compiler) WithKeepModules(y bool) *Compiler

WithKeepModules enables retaining unprocessed modules in the compiler. Note that the modules aren't copied on the way in or out -- so when accessing them via ParsedModules(), mutations will occur in the module map that was passed into Compile().`

func (*Compiler) WithMetrics added in v0.11.0 

func (c *Compiler) WithMetrics(metrics metrics.Metrics) *Compiler

WithMetrics will set a metrics.Metrics and be used for profiling the Compiler instance.

func (*Compiler) WithModuleLoader added in v0.3.0 

func (c *Compiler) WithModuleLoader(f ModuleLoader) *Compiler

WithModuleLoader sets f as the ModuleLoader on the compiler.

The compiler will invoke the ModuleLoader after resolving all references in the current set of input modules. The ModuleLoader can return a new collection of parsed modules that are to be included in the compilation process. This process will repeat until the ModuleLoader returns an empty collection or an error. If an error is returned, compilation will stop immediately.

func (*Compiler) WithPathConflictsCheck added in v0.10.4 

func (c *Compiler) WithPathConflictsCheck(fn func([]string) (bool, error)) *Compiler

WithPathConflictsCheck enables base-virtual document conflict detection. The compiler will check that rules don't overlap with paths that exist as determined by the provided callable.

func (*Compiler) WithSchemas added in v0.27.0 

func (c *Compiler) WithSchemas(schemas *SchemaSet) *Compiler

WithSchemas sets a schemaSet to the compiler

func (*Compiler) WithStageAfter added in v0.10.6 

func (c *Compiler) WithStageAfter(after string, stage CompilerStageDefinition) *Compiler

WithStageAfter registers a stage to run during compilation after the named stage.

func (*Compiler) WithStrict added in v0.37.0 

func (c *Compiler) WithStrict(strict bool) *Compiler

WithStrict enables strict mode in the compiler.

func (*Compiler) WithUnsafeBuiltins added in v0.13.0 

func (c *Compiler) WithUnsafeBuiltins(unsafeBuiltins map[string]struct{}) *Compiler

WithUnsafeBuiltins is deprecated. Use WithCapabilities instead.

func (*Compiler) WithUseTypeCheckAnnotations added in v0.48.0 

func (c *Compiler) WithUseTypeCheckAnnotations(enabled bool) *Compiler

WithUseTypeCheckAnnotations use schema annotations during type checking

type CompilerEvalMode added in v0.58.0 

type CompilerEvalMode int

CompilerEvalMode allows toggling certain stages that are only needed for certain modes, Concretely, only "topdown" mode will have the compiler build comprehension and rule indices. 

const (
	// EvalModeTopdown (default) instructs the compiler to build rule
	// and comprehension indices used by topdown evaluation.
	EvalModeTopdown CompilerEvalMode = iota

	// EvalModeIR makes the compiler skip the stages for comprehension
	// and rule indices.
	EvalModeIR
)

type CompilerStage added in v0.10.6 

type CompilerStage func(*Compiler) *Error

CompilerStage defines the interface for stages in the compiler.

type CompilerStageDefinition added in v0.11.0 

type CompilerStageDefinition struct {
	Name       string
	MetricName string
	Stage      CompilerStage
}

CompilerStageDefinition defines a compiler stage

type ComprehensionIndex added in v0.20.0 

type ComprehensionIndex struct {
	Term *Term
	Keys []*Term
}

ComprehensionIndex specifies how the comprehension term can be indexed. The keys tell the evaluator what variables to use for indexing. In the future, the index could be expanded with more information that would allow the evaluator to index a larger fragment of comprehensions (e.g., by closing over variables in the outer query.)

func (*ComprehensionIndex) String added in v0.20.0 

func (ci *ComprehensionIndex) String() string

type DocKind 

type DocKind int

DocKind represents the collection of document types that can be produced by rules.

type Error added in v0.2.0 

type Error struct {
	Code     string       `json:"code"`
	Message  string       `json:"message"`
	Location *Location    `json:"location,omitempty"`
	Details  ErrorDetails `json:"details,omitempty"`
}

Error represents a single error caught during parsing, compiling, etc.

func NewError added in v0.2.0 

func NewError(code string, loc *Location, f string, a ...interface{}) *Error

NewError returns a new Error object.

func (*Error) Error added in v0.2.0 

func (e *Error) Error() string

type ErrorDetails added in v0.4.9 

type ErrorDetails interface {
	Lines() []string
}

ErrorDetails defines the interface for detailed error messages.

type Errors added in v0.2.0 

type Errors []*Error

Errors represents a series of errors encountered during parsing, compiling, etc.

func CheckPathConflicts added in v0.10.4 

func CheckPathConflicts(c *Compiler, exists func([]string) (bool, error)) Errors

CheckPathConflicts returns a set of errors indicating paths that are in conflict with the result of the provided callable.

func CheckRegoV1 added in v0.59.0 

func CheckRegoV1(x interface{}) Errors

CheckRegoV1 checks the given module or rule for errors that are specific to Rego v1. Passing something other than an *ast.Rule or *ast.Module is considered a programming error, and will cause a panic.

func (Errors) Error added in v0.2.0 

func (e Errors) Error() string

func (Errors) Sort added in v0.14.0 

func (e Errors) Sort()

Sort sorts the error slice by location. If the locations are equal then the error message is compared.

type Every added in v0.37.0 

type Every struct {
	Key      *Term     `json:"key"`
	Value    *Term     `json:"value"`
	Domain   *Term     `json:"domain"`
	Body     Body      `json:"body"`
	Location *Location `json:"location,omitempty"`
	// contains filtered or unexported fields
}

func (*Every) Compare added in v0.37.0 

func (q *Every) Compare(other *Every) int

func (*Every) Copy added in v0.37.0 

func (q *Every) Copy() *Every

Copy returns a deep copy of d.

func (*Every) KeyValueVars added in v0.37.0 

func (q *Every) KeyValueVars() VarSet

KeyValueVars returns the key and val arguments of an `every` expression, if they are non-nil and not wildcards.

func (*Every) Loc added in v0.37.0 

func (q *Every) Loc() *Location

func (*Every) MarshalJSON added in v0.50.0 

func (q *Every) MarshalJSON() ([]byte, error)

func (*Every) SetLoc added in v0.37.0 

func (q *Every) SetLoc(l *Location)

func (*Every) String added in v0.37.0 

func (q *Every) String() string

type Expr 

type Expr struct {
	With      []*With     `json:"with,omitempty"`
	Terms     interface{} `json:"terms"`
	Index     int         `json:"index"`
	Generated bool        `json:"generated,omitempty"`
	Negated   bool        `json:"negated,omitempty"`
	Location  *Location   `json:"location,omitempty"`
	// contains filtered or unexported fields
}

Expr represents a single expression contained inside the body of a rule.

func MustParseExpr added in v0.2.0 

func MustParseExpr(input string) *Expr

MustParseExpr returns a parsed expression. If an error occurs during parsing, panic.

func NewBuiltinExpr 

func NewBuiltinExpr(terms ...*Term) *Expr

NewBuiltinExpr creates a new Expr object with the supplied terms. The builtin operator must be the first term.

func NewExpr added in v0.2.1 

func NewExpr(terms interface{}) *Expr

NewExpr returns a new Expr object.

func ParseExpr added in v0.2.0 

func ParseExpr(input string) (*Expr, error)

ParseExpr returns exactly one expression. If multiple expressions are parsed, an error is returned.

func (*Expr) Compare added in v0.2.0 

func (expr *Expr) Compare(other *Expr) int

Compare returns an integer indicating whether expr is less than, equal to, or greater than other.

Expressions are compared as follows:

1. Declarations are always less than other expressions. 2. Preceding expression (by Index) is always less than the other expression. 3. Non-negated expressions are always less than negated expressions. 4. Single term expressions are always less than built-in expressions.

Otherwise, the expression terms are compared normally. If both expressions have the same terms, the modifiers are compared.

func (*Expr) Complement 

func (expr *Expr) Complement() *Expr

Complement returns a copy of this expression with the negation flag flipped.

func (*Expr) Copy added in v0.2.2 

func (expr *Expr) Copy() *Expr

Copy returns a deep copy of expr.

func (*Expr) CopyWithoutTerms added in v0.39.0 

func (expr *Expr) CopyWithoutTerms() *Expr

CopyWithoutTerms returns a deep copy of expr without its Terms

func (*Expr) Equal 

func (expr *Expr) Equal(other *Expr) bool

Equal returns true if this Expr equals the other Expr.

func (*Expr) Hash 

func (expr *Expr) Hash() int

Hash returns the hash code of the Expr.

func (*Expr) IncludeWith added in v0.4.1 

func (expr *Expr) IncludeWith(target *Term, value *Term) *Expr

IncludeWith returns a copy of expr with the with modifier appended.

func (*Expr) IsAssignment added in v0.7.0 

func (expr *Expr) IsAssignment() bool

IsAssignment returns true if this an assignment expression.

func (*Expr) IsCall added in v0.5.9 

func (expr *Expr) IsCall() bool

IsCall returns true if this expression calls a function.

func (*Expr) IsEquality 

func (expr *Expr) IsEquality() bool

IsEquality returns true if this is an equality expression.

func (*Expr) IsEvery added in v0.37.0 

func (expr *Expr) IsEvery() bool

IsEvery returns true if this expression is an 'every' expression.

func (*Expr) IsGround 

func (expr *Expr) IsGround() bool

IsGround returns true if all of the expression terms are ground.

func (*Expr) IsSome added in v0.37.0 

func (expr *Expr) IsSome() bool

IsSome returns true if this expression is a 'some' expression.

func (*Expr) Loc added in v0.9.2 

func (expr *Expr) Loc() *Location

Loc returns the Location of expr.

func (*Expr) MarshalJSON added in v0.50.0 

func (expr *Expr) MarshalJSON() ([]byte, error)

func (*Expr) NoWith added in v0.4.1 

func (expr *Expr) NoWith() *Expr

NoWith returns a copy of expr where the with modifier has been removed.

func (*Expr) Operand added in v0.4.9 

func (expr *Expr) Operand(pos int) *Term

Operand returns the term at the zero-based pos. If the expr does not include at least pos+1 terms, this function returns nil.

func (*Expr) Operands added in v0.4.9 

func (expr *Expr) Operands() []*Term

Operands returns the built-in function operands.

func (*Expr) Operator added in v0.5.9 

func (expr *Expr) Operator() Ref

Operator returns the name of the function or built-in this expression refers to. If this expression is not a function call, returns nil.

func (*Expr) OperatorTerm added in v0.34.0 

func (expr *Expr) OperatorTerm() *Term

OperatorTerm returns the name of the function or built-in this expression refers to. If this expression is not a function call, returns nil.

func (*Expr) SetLoc added in v0.9.2 

func (expr *Expr) SetLoc(loc *Location)

SetLoc sets the location on expr.

func (*Expr) SetLocation added in v0.5.6 

func (expr *Expr) SetLocation(loc *Location) *Expr

SetLocation sets the expr's location and returns the expr itself.

func (*Expr) SetOperator added in v0.7.0 

func (expr *Expr) SetOperator(term *Term) *Expr

SetOperator sets the expr's operator and returns the expr itself. If expr is not a call expr, this function will panic.

func (*Expr) String 

func (expr *Expr) String() string

func (*Expr) UnmarshalJSON 

func (expr *Expr) UnmarshalJSON(bs []byte) error

UnmarshalJSON parses the byte array and stores the result in expr.

func (*Expr) Vars 

func (expr *Expr) Vars(params VarVisitorParams) VarSet

Vars returns a VarSet containing variables in expr. The params can be set to control which vars are included.

type FlatAnnotationsRefSet added in v0.49.0 

type FlatAnnotationsRefSet AnnotationsRefSet

func (FlatAnnotationsRefSet) Insert added in v0.49.0 

func (ars FlatAnnotationsRefSet) Insert(ar *AnnotationsRef) FlatAnnotationsRefSet

type GenericTransformer added in v0.2.0 

type GenericTransformer struct {
	// contains filtered or unexported fields
}

GenericTransformer implements the Transformer interface to provide a utility to transform AST nodes using a closure.

func NewGenericTransformer added in v0.5.11 

func NewGenericTransformer(f func(x interface{}) (interface{}, error)) *GenericTransformer

NewGenericTransformer returns a new GenericTransformer that will transform AST nodes using the function f.

func (*GenericTransformer) Transform added in v0.2.0 

func (t *GenericTransformer) Transform(x interface{}) (interface{}, error)

Transform calls the function f on the GenericTransformer.

type GenericVisitor 

type GenericVisitor struct {
	// contains filtered or unexported fields
}

GenericVisitor provides a utility to walk over AST nodes using a closure. If the closure returns true, the visitor will not walk over AST nodes under x.

func NewGenericVisitor added in v0.4.1 

func NewGenericVisitor(f func(x interface{}) bool) *GenericVisitor

NewGenericVisitor returns a new GenericVisitor that will invoke the function f on AST nodes.

func (*GenericVisitor) Walk added in v0.17.0 

func (vis *GenericVisitor) Walk(x interface{})

Walk iterates the AST by calling the function f on the GenericVisitor before recursing. Contrary to the generic Walk, this does not require allocating the visitor from heap.

type Graph added in v0.5.0 

type Graph struct {
	// contains filtered or unexported fields
}

Graph represents the graph of dependencies between rules.

func NewGraph added in v0.5.0 

func NewGraph(modules map[string]*Module, list func(Ref) []*Rule) *Graph

NewGraph returns a new Graph based on modules. The list function must return the rules referred to directly by the ref.

func (*Graph) Dependencies added in v0.5.0 

func (g *Graph) Dependencies(x util.T) map[util.T]struct{}

Dependencies returns the set of rules that x depends on.

func (*Graph) Dependents added in v0.20.0 

func (g *Graph) Dependents(x util.T) map[util.T]struct{}

Dependents returns the set of rules that depend on x.

func (*Graph) Sort added in v0.5.0 

func (g *Graph) Sort() (sorted []util.T, ok bool)

Sort returns a slice of rules sorted by dependencies. If a cycle is found, ok is set to false.

type GraphTraversal added in v0.12.0 

type GraphTraversal struct {
	// contains filtered or unexported fields
}

GraphTraversal is a Traversal that understands the dependency graph

func NewGraphTraversal added in v0.12.0 

func NewGraphTraversal(graph *Graph) *GraphTraversal

NewGraphTraversal returns a Traversal for the dependency graph

func (*GraphTraversal) Edges added in v0.12.0 

func (g *GraphTraversal) Edges(x util.T) []util.T

Edges lists all dependency connections for a given node

func (*GraphTraversal) Visited added in v0.12.0 

func (g *GraphTraversal) Visited(u util.T) bool

Visited returns whether a node has been visited, setting a node to visited if not 

type Head struct {
	Name      Var       `json:"name,omitempty"`
	Reference Ref       `json:"ref,omitempty"`
	Args      Args      `json:"args,omitempty"`
	Key       *Term     `json:"key,omitempty"`
	Value     *Term     `json:"value,omitempty"`
	Assign    bool      `json:"assign,omitempty"`
	Location  *Location `json:"location,omitempty"`
	// contains filtered or unexported fields
}

Head represents the head of a rule.

func NewHead added in v0.4.1 

func NewHead(name Var, args ...*Term) *Head

NewHead returns a new Head object. If args are provided, the first will be used for the key and the second will be used for the value.

func RefHead added in v0.46.0 

func RefHead(ref Ref, args ...*Term) *Head

RefHead returns a new Head object with the passed Ref. If args are provided, the first will be used for the value.

func VarHead added in v0.57.0 

func VarHead(name Var, location *Location, jsonOpts *astJSON.Options) *Head

VarHead creates a head object, initializes its Name, Location, and Options, and returns the new head.

func (*Head) Compare added in v0.4.1 

func (head *Head) Compare(other *Head) int

Compare returns an integer indicating whether head is less than, equal to, or greater than other.

func (*Head) Copy added in v0.4.1 

func (head *Head) Copy() *Head

Copy returns a deep copy of head.

func (*Head) DocKind added in v0.4.1 

func (head *Head) DocKind() DocKind

DocKind returns the type of document produced by this rule.

func (*Head) Equal added in v0.4.1 

func (head *Head) Equal(other *Head) bool

Equal returns true if this head equals other.

func (*Head) HasDynamicRef added in v0.56.0 

func (head *Head) HasDynamicRef() bool

func (*Head) Loc added in v0.9.2 

func (head *Head) Loc() *Location

Loc returns the Location of head.

func (*Head) MarshalJSON added in v0.46.0 

func (head *Head) MarshalJSON() ([]byte, error)

func (*Head) Ref added in v0.46.0 

func (head *Head) Ref() Ref

Ref returns the Ref of the rule. If it doesn't have one, it's filled in via the Head's Name.

func (*Head) RuleKind added in v0.46.0 

func (head *Head) RuleKind() RuleKind

RuleKind returns the type of rule this is

func (*Head) SetLoc added in v0.9.2 

func (head *Head) SetLoc(loc *Location)

SetLoc sets the location on head.

func (*Head) SetRef added in v0.46.0 

func (head *Head) SetRef(r Ref)

SetRef can be used to set a rule head's Reference

func (*Head) String added in v0.2.0 

func (head *Head) String() string

func (*Head) Vars added in v0.4.1 

func (head *Head) Vars() VarSet

Vars returns a set of vars found in the head.

type Import 

type Import struct {
	Path     *Term     `json:"path"`
	Alias    Var       `json:"alias,omitempty"`
	Location *Location `json:"location,omitempty"`
	// contains filtered or unexported fields
}

Import represents a dependency on a document outside of the policy namespace. Imports are optional.

func MustParseImports added in v0.2.2 

func MustParseImports(input string) []*Import

MustParseImports returns a slice of imports. If an error occurs during parsing, panic.

func ParseImports added in v0.2.2 

func ParseImports(input string) ([]*Import, error)

ParseImports returns a slice of Import objects.

func (*Import) Compare added in v0.2.0 

func (imp *Import) Compare(other *Import) int

Compare returns an integer indicating whether imp is less than, equal to, or greater than other.

func (*Import) Copy added in v0.2.2 

func (imp *Import) Copy() *Import

Copy returns a deep copy of imp.

func (*Import) Equal 

func (imp *Import) Equal(other *Import) bool

Equal returns true if imp is equal to other.

func (*Import) Loc 

func (imp *Import) Loc() *Location

Loc returns the location of the Import in the definition.

func (*Import) MarshalJSON added in v0.50.0 

func (imp *Import) MarshalJSON() ([]byte, error)

func (*Import) Name added in v0.2.2 

func (imp *Import) Name() Var

Name returns the variable that is used to refer to the imported virtual document. This is the alias if defined otherwise the last element in the path.

func (*Import) SetLoc added in v0.9.2 

func (imp *Import) SetLoc(loc *Location)

SetLoc sets the location on imp.

func (*Import) String 

func (imp *Import) String() string

type IndexResult added in v0.4.10 

type IndexResult struct {
	Kind           RuleKind
	Rules          []*Rule
	Else           map[*Rule][]*Rule
	Default        *Rule
	EarlyExit      bool
	OnlyGroundRefs bool
}

IndexResult contains the result of an index lookup.

func NewIndexResult added in v0.4.10 

func NewIndexResult(kind RuleKind) *IndexResult

NewIndexResult returns a new IndexResult object.

func (*IndexResult) Empty added in v0.4.10 

func (ir *IndexResult) Empty() bool

Empty returns true if there are no rules to evaluate.

type JSONOpt added in v0.27.1 

type JSONOpt struct {
	SortSets bool // sort sets before serializing (this makes conversion more expensive)
	CopyMaps bool // enforces copying of map[string]interface{} read from the store
}

JSONOpt defines parameters for AST to JSON conversion.

type Location 

type Location = location.Location

Location records a position in source code.

func NewLocation 

func NewLocation(text []byte, file string, row int, col int) *Location

NewLocation returns a new Location object.

type Module 

type Module struct {
	Package     *Package       `json:"package"`
	Imports     []*Import      `json:"imports,omitempty"`
	Annotations []*Annotations `json:"annotations,omitempty"`
	Rules       []*Rule        `json:"rules,omitempty"`
	Comments    []*Comment     `json:"comments,omitempty"`
	// contains filtered or unexported fields
}

Module represents a collection of policies (defined by rules) within a namespace (defined by the package) and optional dependencies on external documents (defined by imports).

func MustParseModule 

func MustParseModule(input string) *Module

MustParseModule returns a parsed module. If an error occurs during parsing, panic.

func MustParseModuleWithOpts added in v0.37.0 

func MustParseModuleWithOpts(input string, opts ParserOptions) *Module

MustParseModuleWithOpts returns a parsed module. If an error occurs during parsing, panic.

func ParseModule 

func ParseModule(filename, input string) (*Module, error)

ParseModule returns a parsed Module object. For details on Module objects and their fields, see policy.go. Empty input will return nil, nil.

func ParseModuleWithOpts added in v0.28.0 

func ParseModuleWithOpts(filename, input string, popts ParserOptions) (*Module, error)

ParseModuleWithOpts returns a parsed Module object, and has an additional input ParserOptions For details on Module objects and their fields, see policy.go. Empty input will return nil, nil.

func (*Module) Compare added in v0.2.0 

func (mod *Module) Compare(other *Module) int

Compare returns an integer indicating whether mod is less than, equal to, or greater than other.

func (*Module) Copy added in v0.2.2 

func (mod *Module) Copy() *Module

Copy returns a deep copy of mod.

func (*Module) Equal 

func (mod *Module) Equal(other *Module) bool

Equal returns true if mod equals other.

func (*Module) RegoVersion added in v0.60.0 

func (mod *Module) RegoVersion() RegoVersion

func (*Module) RuleSet added in v0.4.9 

func (mod *Module) RuleSet(name Var) RuleSet

RuleSet returns a RuleSet containing named rules in the mod.

func (*Module) String added in v0.2.0 

func (mod *Module) String() string

func (*Module) UnmarshalJSON added in v0.15.1 

func (mod *Module) UnmarshalJSON(bs []byte) error

UnmarshalJSON parses bs and stores the result in mod. The rules in the module will have their module pointer set to mod.

type ModuleLoader added in v0.3.0 

type ModuleLoader func(resolved map[string]*Module) (parsed map[string]*Module, err error)

ModuleLoader defines the interface that callers can implement to enable lazy loading of modules during compilation.

type ModuleTreeNode 

type ModuleTreeNode struct {
	Key      Value
	Modules  []*Module
	Children map[Value]*ModuleTreeNode
	Hide     bool
}

ModuleTreeNode represents a node in the module tree. The module tree is keyed by the package path.

func NewModuleTree 

func NewModuleTree(mods map[string]*Module) *ModuleTreeNode

NewModuleTree returns a new ModuleTreeNode that represents the root of the module tree populated with the given modules.

func (*ModuleTreeNode) DepthFirst added in v0.2.2 

func (n *ModuleTreeNode) DepthFirst(f func(*ModuleTreeNode) bool)

DepthFirst performs a depth-first traversal of the module tree rooted at n. If f returns true, traversal will not continue to the children of n.

func (*ModuleTreeNode) Size 

func (n *ModuleTreeNode) Size() int

Size returns the number of modules in the tree.

func (*ModuleTreeNode) String added in v0.46.0 

func (n *ModuleTreeNode) String() string

type Node added in v0.9.2 

type Node interface {
	fmt.Stringer
	Loc() *Location
	SetLoc(*Location)
}

Node represents a node in an AST. Nodes may be statements in a policy module or elements of an ad-hoc query, expression, etc.

type Null 

type Null struct{}

Null represents the null value defined by JSON.

func (Null) Compare added in v0.5.0 

func (null Null) Compare(other Value) int

Compare compares null to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (Null) Equal 

func (null Null) Equal(other Value) bool

Equal returns true if the other term Value is also Null.

func (Null) Find added in v0.4.5 

func (null Null) Find(path Ref) (Value, error)

Find returns the current value or a not found error.

func (Null) Hash 

func (null Null) Hash() int

Hash returns the hash code for the Value.

func (Null) IsGround 

func (Null) IsGround() bool

IsGround always returns true.

func (Null) String 

func (null Null) String() string

type Number 

type Number json.Number

Number represents a numeric value as defined by JSON.

func (Number) Compare added in v0.5.0 

func (num Number) Compare(other Value) int

Compare compares num to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (Number) Equal 

func (num Number) Equal(other Value) bool

Equal returns true if the other Value is a Number and is equal.

func (Number) Find added in v0.4.5 

func (num Number) Find(path Ref) (Value, error)

Find returns the current value or a not found error.

func (Number) Float64 added in v0.8.2 

func (num Number) Float64() (float64, bool)

Float64 returns the float64 representation of num if possible.

func (Number) Hash 

func (num Number) Hash() int

Hash returns the hash code for the Value.

func (Number) Int added in v0.3.0 

func (num Number) Int() (int, bool)

Int returns the int representation of num if possible.

func (Number) Int64 added in v0.15.0 

func (num Number) Int64() (int64, bool)

Int64 returns the int64 representation of num if possible.

func (Number) IsGround 

func (Number) IsGround() bool

IsGround always returns true.

func (Number) MarshalJSON added in v0.3.0 

func (num Number) MarshalJSON() ([]byte, error)

MarshalJSON returns JSON encoded bytes representing num.

func (Number) String 

func (num Number) String() string

type Object 

type Object interface {
	Value
	Len() int
	Get(*Term) *Term
	Copy() Object
	Insert(*Term, *Term)
	Iter(func(*Term, *Term) error) error
	Until(func(*Term, *Term) bool) bool
	Foreach(func(*Term, *Term))
	Map(func(*Term, *Term) (*Term, *Term, error)) (Object, error)
	Diff(other Object) Object
	Intersect(other Object) [][3]*Term
	Merge(other Object) (Object, bool)
	MergeWith(other Object, conflictResolver func(v1, v2 *Term) (*Term, bool)) (Object, bool)
	Filter(filter Object) (Object, error)
	Keys() []*Term
	KeysIterator() ObjectKeysIterator
	// contains filtered or unexported methods
}

Object represents an object as defined by the language.

func LazyObject added in v0.47.0 

func LazyObject(blob map[string]interface{}) Object

func NewObject added in v0.6.0 

func NewObject(t ...[2]*Term) Object

NewObject creates a new Object with t.

type ObjectComprehension added in v0.5.2 

type ObjectComprehension struct {
	Key   *Term `json:"key"`
	Value *Term `json:"value"`
	Body  Body  `json:"body"`
}

ObjectComprehension represents an object comprehension as defined in the language.

func (*ObjectComprehension) Compare added in v0.5.2 

func (oc *ObjectComprehension) Compare(other Value) int

Compare compares oc to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (*ObjectComprehension) Copy added in v0.5.2 

func (oc *ObjectComprehension) Copy() *ObjectComprehension

Copy returns a deep copy of oc.

func (*ObjectComprehension) Equal added in v0.5.2 

func (oc *ObjectComprehension) Equal(other Value) bool

Equal returns true if oc is equal to other.

func (*ObjectComprehension) Find added in v0.5.2 

func (oc *ObjectComprehension) Find(path Ref) (Value, error)

Find returns the current value or a not found error.

func (*ObjectComprehension) Hash added in v0.5.2 

func (oc *ObjectComprehension) Hash() int

Hash returns the hash code of the Value.

func (*ObjectComprehension) IsGround added in v0.5.2 

func (oc *ObjectComprehension) IsGround() bool

IsGround returns true if the Key, Value and Body are ground.

func (*ObjectComprehension) String added in v0.5.2 

func (oc *ObjectComprehension) String() string

type ObjectKeysIterator added in v0.43.0 

type ObjectKeysIterator interface {
	Next() (*Term, bool)
}

NOTE(philipc): The only way to get an ObjectKeyIterator should be from an Object. This ensures that the iterator can have implementation- specific details internally, with no contracts except to the very limited interface.

type Package 

type Package struct {
	Path     Ref       `json:"path"`
	Location *Location `json:"location,omitempty"`
	// contains filtered or unexported fields
}

Package represents the namespace of the documents produced by rules inside the module.

func MustParsePackage added in v0.2.2 

func MustParsePackage(input string) *Package

MustParsePackage returns a Package. If an error occurs during parsing, panic.

func ParsePackage added in v0.2.2 

func ParsePackage(input string) (*Package, error)

ParsePackage returns exactly one Package. If multiple statements are parsed, an error is returned.

func (*Package) Compare added in v0.2.0 

func (pkg *Package) Compare(other *Package) int

Compare returns an integer indicating whether pkg is less than, equal to, or greater than other.

func (*Package) Copy added in v0.2.2 

func (pkg *Package) Copy() *Package

Copy returns a deep copy of pkg.

func (*Package) Equal 

func (pkg *Package) Equal(other *Package) bool

Equal returns true if pkg is equal to other.

func (*Package) Loc 

func (pkg *Package) Loc() *Location

Loc returns the location of the Package in the definition.

func (*Package) MarshalJSON added in v0.50.0 

func (pkg *Package) MarshalJSON() ([]byte, error)

func (*Package) SetLoc added in v0.9.2 

func (pkg *Package) SetLoc(loc *Location)

SetLoc sets the location on pkg.

func (*Package) String 

func (pkg *Package) String() string

type Parser added in v0.19.0 

type Parser struct {
	// contains filtered or unexported fields
}

Parser is used to parse Rego statements.

func NewParser added in v0.19.0 

func NewParser() *Parser

NewParser creates and initializes a Parser.

func (*Parser) Parse added in v0.19.0 

func (p *Parser) Parse() ([]Statement, []*Comment, Errors)

Parse will read the Rego source and parse statements and comments as they are found. Any errors encountered while parsing will be accumulated and returned as a list of Errors.

func (*Parser) WithAllFutureKeywords added in v0.34.0 

func (p *Parser) WithAllFutureKeywords(yes bool) *Parser

WithAllFutureKeywords enables all "future" keywords, i.e., the ParserOption equivalent of 

import future.keywords

func (*Parser) WithCapabilities added in v0.34.0 

func (p *Parser) WithCapabilities(c *Capabilities) *Parser

WithCapabilities sets the capabilities structure on the parser.

func (*Parser) WithFilename added in v0.19.0 

func (p *Parser) WithFilename(filename string) *Parser

WithFilename provides the filename for Location details on parsed statements.

func (*Parser) WithFutureKeywords added in v0.34.0 

func (p *Parser) WithFutureKeywords(kws ...string) *Parser

WithFutureKeywords enables "future" keywords, i.e., keywords that can be imported via 

import future.keywords.kw
import future.keywords.other

but in a more direct way. The equivalent of this import would be 

WithFutureKeywords("kw", "other")

func (*Parser) WithJSONOptions added in v0.50.0 

func (p *Parser) WithJSONOptions(jsonOptions *astJSON.Options) *Parser

WithJSONOptions sets the Options which will be set on nodes to configure their JSON marshaling behavior.

func (*Parser) WithProcessAnnotation added in v0.28.0 

func (p *Parser) WithProcessAnnotation(processAnnotation bool) *Parser

WithProcessAnnotation enables or disables the processing of annotations by the Parser

func (*Parser) WithReader added in v0.19.0 

func (p *Parser) WithReader(r io.Reader) *Parser

WithReader provides the io.Reader that the parser will use as its source.

func (*Parser) WithRegoVersion added in v0.60.0 

func (p *Parser) WithRegoVersion(version RegoVersion) *Parser

func (*Parser) WithSkipRules added in v0.45.0 

func (p *Parser) WithSkipRules(skip bool) *Parser

WithSkipRules instructs the parser not to attempt to parse Rule statements.

type ParserErrorDetail added in v0.15.0 

type ParserErrorDetail struct {
	Line string `json:"line"`
	Idx  int    `json:"idx"`
}

ParserErrorDetail holds additional details for parser errors.

func (ParserErrorDetail) Lines added in v0.15.0 

func (d ParserErrorDetail) Lines() []string

Lines returns the pretty formatted line output for the error details.

type ParserOptions added in v0.28.0 

type ParserOptions struct {
	Capabilities      *Capabilities
	ProcessAnnotation bool
	AllFutureKeywords bool
	FutureKeywords    []string
	SkipRules         bool
	JSONOptions       *astJSON.Options
	// RegoVersion is the version of Rego to parse for.
	RegoVersion RegoVersion
	// contains filtered or unexported fields
}

ParserOptions defines the options for parsing Rego statements.

func (*ParserOptions) EffectiveRegoVersion added in v0.60.0 

func (po *ParserOptions) EffectiveRegoVersion() RegoVersion

EffectiveRegoVersion returns the effective RegoVersion to use for parsing. Deprecated: Use RegoVersion instead.

type QueryCompiler added in v0.2.2 

type QueryCompiler interface {

	// Compile should be called to compile ad-hoc queries. The return value is
	// the compiled version of the query.
	Compile(q Body) (Body, error)

	// TypeEnv returns the type environment built after running type checking
	// on the query.
	TypeEnv() *TypeEnv

	// WithContext sets the QueryContext on the QueryCompiler. Subsequent calls
	// to Compile will take the QueryContext into account.
	WithContext(qctx *QueryContext) QueryCompiler

	// WithEnablePrintStatements enables print statements in queries compiled
	// with the QueryCompiler.
	WithEnablePrintStatements(yes bool) QueryCompiler

	// WithUnsafeBuiltins sets the built-in functions to treat as unsafe and not
	// allow inside of queries. By default the query compiler inherits the
	// compiler's unsafe built-in functions. This function allows callers to
	// override that set. If an empty (non-nil) map is provided, all built-ins
	// are allowed.
	WithUnsafeBuiltins(unsafe map[string]struct{}) QueryCompiler

	// WithStageAfter registers a stage to run during query compilation after
	// the named stage.
	WithStageAfter(after string, stage QueryCompilerStageDefinition) QueryCompiler

	// RewrittenVars maps generated vars in the compiled query to vars from the
	// parsed query. For example, given the query "input := 1" the rewritten
	// query would be "__local0__ = 1". The mapping would then be {__local0__: input}.
	RewrittenVars() map[Var]Var

	// ComprehensionIndex returns an index data structure for the given comprehension
	// term. If no index is found, returns nil.
	ComprehensionIndex(term *Term) *ComprehensionIndex

	// WithStrict enables strict mode for the query compiler.
	WithStrict(strict bool) QueryCompiler
}

QueryCompiler defines the interface for compiling ad-hoc queries.

type QueryCompilerStage added in v0.7.0 

type QueryCompilerStage func(QueryCompiler, Body) (Body, error)

QueryCompilerStage defines the interface for stages in the query compiler.

type QueryCompilerStageDefinition added in v0.11.0 

type QueryCompilerStageDefinition struct {
	Name       string
	MetricName string
	Stage      QueryCompilerStage
}

QueryCompilerStageDefinition defines a QueryCompiler stage

type QueryContext added in v0.2.2 

type QueryContext struct {
	Package *Package
	Imports []*Import
}

QueryContext contains contextual information for running an ad-hoc query.

Ad-hoc queries can be run in the context of a package and imports may be included to provide concise access to data.

func NewQueryContext added in v0.2.2 

func NewQueryContext() *QueryContext

NewQueryContext returns a new QueryContext object.

func (*QueryContext) Copy added in v0.2.2 

func (qc *QueryContext) Copy() *QueryContext

Copy returns a deep copy of qc.

func (*QueryContext) WithImports added in v0.4.0 

func (qc *QueryContext) WithImports(imports []*Import) *QueryContext

WithImports sets the imports on qc.

func (*QueryContext) WithPackage added in v0.4.0 

func (qc *QueryContext) WithPackage(pkg *Package) *QueryContext

WithPackage sets the pkg on qc.

type QueryIterator 

type QueryIterator func(map[Var]Value, Value) error

QueryIterator defines the interface for querying AST documents with references.

type Ref 

type Ref []*Term

Ref represents a reference as defined by the language.

func EmptyRef 

func EmptyRef() Ref

EmptyRef returns a new, empty reference.

func MustParseRef 

func MustParseRef(input string) Ref

MustParseRef returns a parsed reference. If an error occurs during parsing, panic.

func ParseRef 

func ParseRef(input string) (Ref, error)

ParseRef returns exactly one reference.

func PtrRef added in v0.10.4 

func PtrRef(head *Term, s string) (Ref, error)

PtrRef returns a new reference against the head for the pointer s. Path components in the pointer are unescaped.

func (Ref) Append added in v0.2.0 

func (ref Ref) Append(term *Term) Ref

Append returns a copy of ref with the term appended to the end.

func (Ref) Compare added in v0.5.0 

func (ref Ref) Compare(other Value) int

Compare compares ref to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (Ref) Concat added in v0.9.0 

func (ref Ref) Concat(terms []*Term) Ref

Concat returns a ref with the terms appended.

func (Ref) ConstantPrefix added in v0.5.3 

func (ref Ref) ConstantPrefix() Ref

ConstantPrefix returns the constant portion of the ref starting from the head.

func (Ref) Copy added in v0.2.2 

func (ref Ref) Copy() Ref

Copy returns a deep copy of ref.

func (Ref) Dynamic added in v0.4.9 

func (ref Ref) Dynamic() int

Dynamic returns the offset of the first non-constant operand of ref.

func (Ref) DynamicSuffix added in v0.56.0 

func (ref Ref) DynamicSuffix() Ref

func (Ref) Equal 

func (ref Ref) Equal(other Value) bool

Equal returns true if ref is equal to other.

func (Ref) Extend added in v0.3.0 

func (ref Ref) Extend(other Ref) Ref

Extend returns a copy of ref with the terms from other appended. The head of other will be converted to a string.

func (Ref) Find added in v0.4.5 

func (ref Ref) Find(path Ref) (Value, error)

Find returns the current value or a "not found" error.

func (Ref) GroundPrefix added in v0.2.0 

func (ref Ref) GroundPrefix() Ref

GroundPrefix returns the ground portion of the ref starting from the head. By definition, the head of the reference is always ground.

func (Ref) HasPrefix added in v0.2.0 

func (ref Ref) HasPrefix(other Ref) bool

HasPrefix returns true if the other ref is a prefix of this ref.

func (Ref) Hash 

func (ref Ref) Hash() int

Hash returns the hash code for the Value.

func (Ref) Insert added in v0.6.0 

func (ref Ref) Insert(x *Term, pos int) Ref

Insert returns a copy of the ref with x inserted at pos. If pos < len(ref), existing elements are shifted to the right. If pos > len(ref)+1 this function panics.

func (Ref) IsGround 

func (ref Ref) IsGround() bool

IsGround returns true if all of the parts of the Ref are ground.

func (Ref) IsNested 

func (ref Ref) IsNested() bool

IsNested returns true if this ref contains other Refs.

func (Ref) OutputVars 

func (ref Ref) OutputVars() VarSet

OutputVars returns a VarSet containing variables that would be bound by evaluating this expression in isolation.

func (Ref) Ptr added in v0.10.4 

func (ref Ref) Ptr() (string, error)

Ptr returns a slash-separated path string for this ref. If the ref contains non-string terms this function returns an error. Path components are escaped.

func (Ref) String 

func (ref Ref) String() string

func (Ref) StringPrefix added in v0.57.0 

func (ref Ref) StringPrefix() Ref

type RefErrInvalidDetail added in v0.5.2 

type RefErrInvalidDetail struct {
	Ref   Ref        `json:"ref"`            // invalid ref
	Pos   int        `json:"pos"`            // invalid element
	Have  types.Type `json:"have,omitempty"` // type of invalid element (for var/ref elements)
	Want  types.Type `json:"want"`           // allowed type (for non-object values)
	OneOf []Value    `json:"oneOf"`          // allowed values (e.g., for object keys)
}

RefErrInvalidDetail describes an undefined reference error where the referenced value does not support the reference operand (e.g., missing object key, invalid key type, etc.)

func (*RefErrInvalidDetail) Lines added in v0.5.2 

func (r *RefErrInvalidDetail) Lines() []string

Lines returns the string representation of the detail.

type RefErrUnsupportedDetail added in v0.5.2 

type RefErrUnsupportedDetail struct {
	Ref  Ref        `json:"ref"`  // invalid ref
	Pos  int        `json:"pos"`  // invalid element
	Have types.Type `json:"have"` // referenced type
}

RefErrUnsupportedDetail describes an undefined reference error where the referenced value does not support dereferencing (e.g., scalars).

func (*RefErrUnsupportedDetail) Lines added in v0.5.2 

func (r *RefErrUnsupportedDetail) Lines() []string

Lines returns the string representation of the detail.

type RegoVersion added in v0.60.0 

type RegoVersion int

RegoVersion defines the Rego syntax requirements for a module. 

const (
	// RegoV0 is the default, original Rego syntax.
	RegoV0 RegoVersion = iota
	// RegoV0CompatV1 requires modules to comply with both the RegoV0 and RegoV1 syntax (as when 'rego.v1' is imported in a module).
	// Shortly, RegoV1 compatibility is required, but 'rego.v1' or 'future.keywords' must also be imported.
	RegoV0CompatV1
	// RegoV1 is the Rego syntax enforced by OPA 1.0; e.g.:
	// future.keywords part of default keyword set, and don't require imports;
	// 'if' and 'contains' required in rule heads;
	// (some) strict checks on by default.
	RegoV1
)

type RelatedResourceAnnotation added in v0.38.0 

type RelatedResourceAnnotation struct {
	Ref         url.URL `json:"ref"`
	Description string  `json:"description,omitempty"`
}

func (*RelatedResourceAnnotation) Compare added in v0.38.0 

func (rr *RelatedResourceAnnotation) Compare(other *RelatedResourceAnnotation) int

Compare returns an integer indicating if s is less than, equal to, or greater than other.

func (*RelatedResourceAnnotation) Copy added in v0.38.0 

func (rr *RelatedResourceAnnotation) Copy() *RelatedResourceAnnotation

Copy returns a deep copy of rr.

func (*RelatedResourceAnnotation) MarshalJSON added in v0.38.0 

func (rr *RelatedResourceAnnotation) MarshalJSON() ([]byte, error)

func (*RelatedResourceAnnotation) String added in v0.38.0 

func (rr *RelatedResourceAnnotation) String() string

type Resolver added in v0.4.9 

type Resolver interface {
	Resolve(Ref) (interface{}, error)
}

Resolver defines the interface for resolving references to native Go values.

type Rule 

type Rule struct {
	Default  bool      `json:"default,omitempty"`
	Head     *Head     `json:"head"`
	Body     Body      `json:"body"`
	Else     *Rule     `json:"else,omitempty"`
	Location *Location `json:"location,omitempty"`

	// Module is a pointer to the module containing this rule. If the rule
	// was NOT created while parsing/constructing a module, this should be
	// left unset. The pointer is not included in any standard operations
	// on the rule (e.g., printing, comparison, visiting, etc.)
	Module *Module `json:"-"`
	// contains filtered or unexported fields
}

Rule represents a rule as defined in the language. Rules define the content of documents that represent policy decisions.

func MustParseRule 

func MustParseRule(input string) *Rule

MustParseRule returns a parsed rule. If an error occurs during parsing, panic.

func ParseCompleteDocRuleFromAssignmentExpr added in v0.14.0 

func ParseCompleteDocRuleFromAssignmentExpr(module *Module, lhs, rhs *Term) (*Rule, error)

ParseCompleteDocRuleFromAssignmentExpr returns a rule if the expression can be interpreted as a complete document definition declared with the assignment operator.

func ParseCompleteDocRuleFromEqExpr added in v0.5.6 

func ParseCompleteDocRuleFromEqExpr(module *Module, lhs, rhs *Term) (*Rule, error)

ParseCompleteDocRuleFromEqExpr returns a rule if the expression can be interpreted as a complete document definition.

func ParseCompleteDocRuleWithDotsFromTerm added in v0.46.0 

func ParseCompleteDocRuleWithDotsFromTerm(module *Module, term *Term) (*Rule, error)

func ParsePartialObjectDocRuleFromEqExpr added in v0.5.6 

func ParsePartialObjectDocRuleFromEqExpr(module *Module, lhs, rhs *Term) (*Rule, error)

ParsePartialObjectDocRuleFromEqExpr returns a rule if the expression can be interpreted as a partial object document definition.

func ParsePartialSetDocRuleFromTerm added in v0.5.6 

func ParsePartialSetDocRuleFromTerm(module *Module, term *Term) (*Rule, error)

ParsePartialSetDocRuleFromTerm returns a rule if the term can be interpreted as a partial set document definition.

func ParseRule 

func ParseRule(input string) (*Rule, error)

ParseRule returns exactly one rule. If multiple rules are parsed, an error is returned.

func ParseRuleFromBody added in v0.3.0 

func ParseRuleFromBody(module *Module, body Body) (*Rule, error)

ParseRuleFromBody returns a rule if the body can be interpreted as a rule definition. Otherwise, an error is returned.

func ParseRuleFromCallEqExpr added in v0.7.0 

func ParseRuleFromCallEqExpr(module *Module, lhs, rhs *Term) (*Rule, error)

ParseRuleFromCallEqExpr returns a rule if the term can be interpreted as a function definition (e.g., f(x) = y => f(x) = y { true }).

func ParseRuleFromCallExpr added in v0.5.9 

func ParseRuleFromCallExpr(module *Module, terms []*Term) (*Rule, error)

ParseRuleFromCallExpr returns a rule if the terms can be interpreted as a function returning true or some value (e.g., f(x) => f(x) = true { true }).

func ParseRuleFromExpr added in v0.5.6 

func ParseRuleFromExpr(module *Module, expr *Expr) (*Rule, error)

ParseRuleFromExpr returns a rule if the expression can be interpreted as a rule definition.

func ParseRuleWithOpts added in v0.46.0 

func ParseRuleWithOpts(input string, opts ParserOptions) (*Rule, error)

ParseRuleWithOpts returns exactly one rule. If multiple rules are parsed, an error is returned.

func (*Rule) Compare added in v0.2.0 

func (rule *Rule) Compare(other *Rule) int

Compare returns an integer indicating whether rule is less than, equal to, or greater than other.

func (*Rule) Copy added in v0.2.2 

func (rule *Rule) Copy() *Rule

Copy returns a deep copy of rule.

func (*Rule) Equal 

func (rule *Rule) Equal(other *Rule) bool

Equal returns true if rule is equal to other.

func (*Rule) Loc 

func (rule *Rule) Loc() *Location

Loc returns the location of the Rule in the definition.

func (*Rule) MarshalJSON added in v0.50.0 

func (rule *Rule) MarshalJSON() ([]byte, error)

func (*Rule) Path added in v0.2.0 

func (rule *Rule) Path() Ref

Path returns a ref referring to the document produced by this rule. If rule is not contained in a module, this function panics. Deprecated: Poor handling of ref rules. Use `(*Rule).Ref()` instead.

func (*Rule) Ref added in v0.46.0 

func (rule *Rule) Ref() Ref

Ref returns a ref referring to the document produced by this rule. If rule is not contained in a module, this function panics. The returned ref may contain variables in the last position.

func (*Rule) SetLoc added in v0.9.2 

func (rule *Rule) SetLoc(loc *Location)

SetLoc sets the location on rule.

func (*Rule) String 

func (rule *Rule) String() string

type RuleIndex added in v0.4.9 

type RuleIndex interface {

	// Build tries to construct an index for the given rules. If the index was
	// constructed, it returns true, otherwise false.
	Build(rules []*Rule) bool

	// Lookup searches the index for rules that will match the provided
	// resolver. If the resolver returns an error, it is returned via err.
	Lookup(resolver ValueResolver) (*IndexResult, error)

	// AllRules traverses the index and returns all rules that will match
	// the provided resolver without any optimizations (effectively with
	// indexing disabled). If the resolver returns an error, it is returned
	// via err.
	AllRules(resolver ValueResolver) (*IndexResult, error)
}

RuleIndex defines the interface for rule indices.

type RuleKind added in v0.46.0 

type RuleKind int

type RuleSet added in v0.4.9 

type RuleSet []*Rule

RuleSet represents a collection of rules that produce a virtual document.

func NewRuleSet added in v0.4.9 

func NewRuleSet(rules ...*Rule) RuleSet

NewRuleSet returns a new RuleSet containing the given rules.

func (*RuleSet) Add added in v0.4.9 

func (rs *RuleSet) Add(rule *Rule)

Add inserts the rule into rs.

func (RuleSet) Contains added in v0.4.9 

func (rs RuleSet) Contains(rule *Rule) bool

Contains returns true if rs contains rule.

func (RuleSet) Diff added in v0.4.9 

func (rs RuleSet) Diff(other RuleSet) RuleSet

Diff returns a new RuleSet containing rules in rs that are not in other.

func (RuleSet) Equal added in v0.4.9 

func (rs RuleSet) Equal(other RuleSet) bool

Equal returns true if rs equals other.

func (RuleSet) Merge added in v0.4.9 

func (rs RuleSet) Merge(other RuleSet) RuleSet

Merge returns a ruleset containing the union of rules from rs an other.

func (RuleSet) String added in v0.4.9 

func (rs RuleSet) String() string

type RulesOptions added in v0.34.0 

type RulesOptions struct {
	// IncludeHiddenModules determines if the result contains hidden modules,
	// currently only the "system" namespace, i.e. "data.system.*".
	IncludeHiddenModules bool
}

RulesOptions defines the options for retrieving rules by Ref from the compiler.

type SchemaAnnotation added in v0.28.0 

type SchemaAnnotation struct {
	Path       Ref          `json:"path"`
	Schema     Ref          `json:"schema,omitempty"`
	Definition *interface{} `json:"definition,omitempty"`
}

SchemaAnnotation contains a schema declaration for the document identified by the path.

func (*SchemaAnnotation) Compare added in v0.28.0 

func (s *SchemaAnnotation) Compare(other *SchemaAnnotation) int

Compare returns an integer indicating if s is less than, equal to, or greater than other.

func (*SchemaAnnotation) Copy added in v0.28.0 

func (s *SchemaAnnotation) Copy() *SchemaAnnotation

Copy returns a deep copy of s.

func (*SchemaAnnotation) String added in v0.28.0 

func (s *SchemaAnnotation) String() string

type SchemaSet added in v0.27.0 

type SchemaSet struct {
	// contains filtered or unexported fields
}

SchemaSet holds a map from a path to a schema.

func NewSchemaSet added in v0.28.0 

func NewSchemaSet() *SchemaSet

NewSchemaSet returns an empty SchemaSet.

func (*SchemaSet) Get added in v0.28.0 

func (ss *SchemaSet) Get(path Ref) interface{}

Get returns the raw schema identified by the path.

func (*SchemaSet) Put added in v0.28.0 

func (ss *SchemaSet) Put(path Ref, raw interface{})

Put inserts a raw schema into the set.

type Set added in v0.2.0 

type Set interface {
	Value
	Len() int
	Copy() Set
	Diff(Set) Set
	Intersect(Set) Set
	Union(Set) Set
	Add(*Term)
	Iter(func(*Term) error) error
	Until(func(*Term) bool) bool
	Foreach(func(*Term))
	Contains(*Term) bool
	Map(func(*Term) (*Term, error)) (Set, error)
	Reduce(*Term, func(*Term, *Term) (*Term, error)) (*Term, error)
	Sorted() *Array
	Slice() []*Term
}

Set represents a set as defined by the language.

func NewSet added in v0.6.0 

func NewSet(t ...*Term) Set

NewSet returns a new Set containing t.

type SetComprehension added in v0.5.2 

type SetComprehension struct {
	Term *Term `json:"term"`
	Body Body  `json:"body"`
}

SetComprehension represents a set comprehension as defined in the language.

func (*SetComprehension) Compare added in v0.5.2 

func (sc *SetComprehension) Compare(other Value) int

Compare compares sc to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (*SetComprehension) Copy added in v0.5.2 

func (sc *SetComprehension) Copy() *SetComprehension

Copy returns a deep copy of sc.

func (*SetComprehension) Equal added in v0.5.2 

func (sc *SetComprehension) Equal(other Value) bool

Equal returns true if sc is equal to other.

func (*SetComprehension) Find added in v0.5.2 

func (sc *SetComprehension) Find(path Ref) (Value, error)

Find returns the current value or a not found error.

func (*SetComprehension) Hash added in v0.5.2 

func (sc *SetComprehension) Hash() int

Hash returns the hash code of the Value.

func (*SetComprehension) IsGround added in v0.5.2 

func (sc *SetComprehension) IsGround() bool

IsGround returns true if the Term and Body are ground.

func (*SetComprehension) String added in v0.5.2 

func (sc *SetComprehension) String() string

type SomeDecl added in v0.11.0 

type SomeDecl struct {
	Symbols  []*Term   `json:"symbols"`
	Location *Location `json:"location,omitempty"`
	// contains filtered or unexported fields
}

SomeDecl represents a variable declaration statement. The symbols are variables.

func (*SomeDecl) Compare added in v0.11.0 

func (d *SomeDecl) Compare(other *SomeDecl) int

Compare returns an integer indicating whether d is less than, equal to, or greater than other.

func (*SomeDecl) Copy added in v0.11.0 

func (d *SomeDecl) Copy() *SomeDecl

Copy returns a deep copy of d.

func (*SomeDecl) Hash added in v0.11.0 

func (d *SomeDecl) Hash() int

Hash returns a hash code of d.

func (*SomeDecl) Loc added in v0.11.0 

func (d *SomeDecl) Loc() *Location

Loc returns the Location of d.

func (*SomeDecl) MarshalJSON added in v0.50.0 

func (d *SomeDecl) MarshalJSON() ([]byte, error)

func (*SomeDecl) SetLoc added in v0.11.0 

func (d *SomeDecl) SetLoc(loc *Location)

SetLoc sets the Location on d.

func (*SomeDecl) String added in v0.11.0 

func (d *SomeDecl) String() string

type Statement 

type Statement interface {
	Node
}

Statement represents a single statement in a policy module.

func MustParseStatement 

func MustParseStatement(input string) Statement

MustParseStatement returns exactly one statement. If an error occurs during parsing, panic.

func MustParseStatements 

func MustParseStatements(input string) []Statement

MustParseStatements returns a slice of parsed statements. If an error occurs during parsing, panic.

func ParseStatement 

func ParseStatement(input string) (Statement, error)

ParseStatement returns exactly one statement. A statement might be a term, expression, rule, etc. Regardless, this function expects *exactly* one statement. If multiple statements are parsed, an error is returned.

type String 

type String string

String represents a string value as defined by JSON.

func (String) Compare added in v0.5.0 

func (str String) Compare(other Value) int

Compare compares str to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (String) Equal 

func (str String) Equal(other Value) bool

Equal returns true if the other Value is a String and is equal.

func (String) Find added in v0.4.5 

func (str String) Find(path Ref) (Value, error)

Find returns the current value or a not found error.

func (String) Hash 

func (str String) Hash() int

Hash returns the hash code for the Value.

func (String) IsGround 

func (String) IsGround() bool

IsGround always returns true.

func (String) String 

func (str String) String() string

type Term 

type Term struct {
	Value    Value     `json:"value"`              // the value of the Term as represented in Go
	Location *Location `json:"location,omitempty"` // the location of the Term in the source
	// contains filtered or unexported fields
}

Term is an argument to a function.

func ArrayComprehensionTerm 

func ArrayComprehensionTerm(term *Term, body Body) *Term

ArrayComprehensionTerm creates a new Term with an ArrayComprehension value.

func ArrayTerm 

func ArrayTerm(a ...*Term) *Term

ArrayTerm creates a new Term with an Array value.

func BooleanTerm 

func BooleanTerm(b bool) *Term

BooleanTerm creates a new Term with a Boolean value.

func CallTerm added in v0.7.0 

func CallTerm(terms ...*Term) *Term

CallTerm returns a new Term with a Call value defined by terms. The first term is the operator and the rest are operands.

func FloatNumberTerm added in v0.3.0 

func FloatNumberTerm(f float64) *Term

FloatNumberTerm creates a new Term with a floating point Number value.

func IntNumberTerm added in v0.3.0 

func IntNumberTerm(i int) *Term

IntNumberTerm creates a new Term with an integer Number value.

func Item 

func Item(key, value *Term) [2]*Term

Item is a helper for constructing an tuple containing two Terms representing a key/value pair in an Object.

func MustParseTerm 

func MustParseTerm(input string) *Term

MustParseTerm returns a parsed term. If an error occurs during parsing, panic.

func NewTerm added in v0.2.1 

func NewTerm(v Value) *Term

NewTerm returns a new Term object.

func NullTerm 

func NullTerm() *Term

NullTerm creates a new Term with a Null value.

func NumberTerm 

func NumberTerm(n json.Number) *Term

NumberTerm creates a new Term with a Number value.

func ObjectComprehensionTerm added in v0.5.2 

func ObjectComprehensionTerm(key, value *Term, body Body) *Term

ObjectComprehensionTerm creates a new Term with an ObjectComprehension value.

func ObjectTerm 

func ObjectTerm(o ...[2]*Term) *Term

ObjectTerm creates a new Term with an Object value.

func ParseTerm 

func ParseTerm(input string) (*Term, error)

ParseTerm returns exactly one term. If multiple terms are parsed, an error is returned.

func RefTerm 

func RefTerm(r ...*Term) *Term

RefTerm creates a new Term with a Ref value.

func SetComprehensionTerm added in v0.5.2 

func SetComprehensionTerm(term *Term, body Body) *Term

SetComprehensionTerm creates a new Term with an SetComprehension value.

func SetTerm added in v0.2.0 

func SetTerm(t ...*Term) *Term

SetTerm returns a new Term representing a set containing terms t.

func StringTerm 

func StringTerm(s string) *Term

StringTerm creates a new Term with a String value.

func UIntNumberTerm added in v0.22.0 

func UIntNumberTerm(u uint64) *Term

UIntNumberTerm creates a new Term with an unsigned integer Number value.

func VarTerm 

func VarTerm(v string) *Term

VarTerm creates a new Term with a Variable value.

func (*Term) Copy added in v0.2.2 

func (term *Term) Copy() *Term

Copy returns a deep copy of term.

func (*Term) Equal 

func (term *Term) Equal(other *Term) bool

Equal returns true if this term equals the other term. Equality is defined for each kind of term.

func (*Term) Get added in v0.7.0 

func (term *Term) Get(name *Term) *Term

Get returns a value referred to by name from the term.

func (*Term) Hash 

func (term *Term) Hash() int

Hash returns the hash code of the Term's Value. Its Location is ignored.

func (*Term) IsGround 

func (term *Term) IsGround() bool

IsGround returns true if this term's Value is ground.

func (*Term) Loc added in v0.9.2 

func (term *Term) Loc() *Location

Loc returns the Location of term.

func (*Term) MarshalJSON 

func (term *Term) MarshalJSON() ([]byte, error)

MarshalJSON returns the JSON encoding of the term.

Specialized marshalling logic is required to include a type hint for Value.

func (*Term) SetLoc added in v0.9.2 

func (term *Term) SetLoc(loc *Location)

SetLoc sets the location on term.

func (*Term) SetLocation added in v0.5.0 

func (term *Term) SetLocation(loc *Location) *Term

SetLocation updates the term's Location and returns the term itself.

func (*Term) String 

func (term *Term) String() string

func (*Term) UnmarshalJSON 

func (term *Term) UnmarshalJSON(bs []byte) error

UnmarshalJSON parses the byte array and stores the result in term. Specialized unmarshalling is required to handle Value and Location.

func (*Term) Vars 

func (term *Term) Vars() VarSet

Vars returns a VarSet with variables contained in this term.

type Transformer added in v0.2.0 

type Transformer interface {
	Transform(interface{}) (interface{}, error)
}

Transformer defines the interface for transforming AST elements. If the transformer returns nil and does not indicate an error, the AST element will be set to nil and no transformations will be applied to children of the element.

type TreeNode added in v0.5.0 

type TreeNode struct {
	Key      Value
	Values   []util.T
	Children map[Value]*TreeNode
	Sorted   []Value
	Hide     bool
}

TreeNode represents a node in the rule tree. The rule tree is keyed by rule path.

func NewRuleTree added in v0.2.0 

func NewRuleTree(mtree *ModuleTreeNode) *TreeNode

NewRuleTree returns a new TreeNode that represents the root of the rule tree populated with the given rules.

func (*TreeNode) Child added in v0.5.0 

func (n *TreeNode) Child(k Value) *TreeNode

Child returns n's child with key k.

func (*TreeNode) DepthFirst added in v0.5.0 

func (n *TreeNode) DepthFirst(f func(*TreeNode) bool)

DepthFirst performs a depth-first traversal of the rule tree rooted at n. If f returns true, traversal will not continue to the children of n.

func (*TreeNode) Find added in v0.40.0 

func (n *TreeNode) Find(ref Ref) *TreeNode

Find dereferences ref along the tree

func (*TreeNode) Size added in v0.5.0 

func (n *TreeNode) Size() int

Size returns the number of rules in the tree.

func (*TreeNode) String added in v0.46.0 

func (n *TreeNode) String() string

type TypeEnv added in v0.4.9 

type TypeEnv struct {
	// contains filtered or unexported fields
}

TypeEnv contains type info for static analysis such as type checking.

func (*TypeEnv) Get added in v0.4.9 

func (env *TypeEnv) Get(x interface{}) types.Type

Get returns the type of x.

type UnificationErrDetail added in v0.4.9 

type UnificationErrDetail struct {
	Left  types.Type `json:"a"`
	Right types.Type `json:"b"`
}

UnificationErrDetail describes a type mismatch error when two values are unified (e.g., x = [1,2,y]).

func (*UnificationErrDetail) Lines added in v0.4.9 

func (a *UnificationErrDetail) Lines() []string

Lines returns the string representation of the detail.

type UnknownValueErr added in v0.9.0 

type UnknownValueErr struct{}

UnknownValueErr indicates a ValueResolver was unable to resolve a reference because the reference refers to an unknown value.

func (UnknownValueErr) Error added in v0.9.0 

func (UnknownValueErr) Error() string

type Value 

type Value interface {
	Compare(other Value) int      // Compare returns <0, 0, or >0 if this Value is less than, equal to, or greater than other, respectively.
	Find(path Ref) (Value, error) // Find returns value referred to by path or an error if path is not found.
	Hash() int                    // Returns hash code of the value.
	IsGround() bool               // IsGround returns true if this value is not a variable or contains no variables.
	String() string               // String returns a human readable string representation of the value.
}

Value declares the common interface for all Term values. Every kind of Term value in the language is represented as a type that implements this interface:

- Null, Boolean, Number, String - Object, Array, Set - Variables, References - Array, Set, and Object Comprehensions - Calls

func InterfaceToValue 

func InterfaceToValue(x interface{}) (Value, error)

InterfaceToValue converts a native Go value x to a Value.

func MustInterfaceToValue added in v0.4.5 

func MustInterfaceToValue(x interface{}) Value

MustInterfaceToValue converts a native Go value x to a Value. If the conversion fails, this function will panic. This function is mostly for test purposes.

func ValueFromReader added in v0.14.0 

func ValueFromReader(r io.Reader) (Value, error)

ValueFromReader returns an AST value from a JSON serialized value in the reader.

type ValueMap added in v0.2.0 

type ValueMap struct {
	// contains filtered or unexported fields
}

ValueMap represents a key/value map between AST term values. Any type of term can be used as a key in the map.

func NewValueMap added in v0.2.0 

func NewValueMap() *ValueMap

NewValueMap returns a new ValueMap.

func (*ValueMap) Copy added in v0.2.0 

func (vs *ValueMap) Copy() *ValueMap

Copy returns a shallow copy of the ValueMap.

func (*ValueMap) Delete added in v0.2.0 

func (vs *ValueMap) Delete(k Value)

Delete removes a key k from the map.

func (*ValueMap) Equal added in v0.2.0 

func (vs *ValueMap) Equal(other *ValueMap) bool

Equal returns true if this ValueMap equals the other.

func (*ValueMap) Get added in v0.2.0 

func (vs *ValueMap) Get(k Value) Value

Get returns the value in the map for k.

func (*ValueMap) Hash added in v0.2.0 

func (vs *ValueMap) Hash() int

Hash returns a hash code for this ValueMap.

func (*ValueMap) Iter added in v0.2.0 

func (vs *ValueMap) Iter(iter func(Value, Value) bool) bool

Iter calls the iter function for each key/value pair in the map. If the iter function returns true, iteration stops.

func (*ValueMap) Len added in v0.2.0 

func (vs *ValueMap) Len() int

Len returns the number of elements in the map.

func (*ValueMap) MarshalJSON added in v0.15.0 

func (vs *ValueMap) MarshalJSON() ([]byte, error)

MarshalJSON provides a custom marshaller for the ValueMap which will include the key, value, and value type.

func (*ValueMap) Put added in v0.2.0 

func (vs *ValueMap) Put(k, v Value)

Put inserts a key k into the map with value v.

func (*ValueMap) String added in v0.2.0 

func (vs *ValueMap) String() string

type ValueResolver added in v0.4.9 

type ValueResolver interface {
	Resolve(Ref) (Value, error)
}

ValueResolver defines the interface for resolving references to AST values.

type Var 

type Var string

Var represents a variable as defined by the language.

func (Var) Compare added in v0.5.0 

func (v Var) Compare(other Value) int

Compare compares v to other, return <0, 0, or >0 if it is less than, equal to, or greater than other.

func (Var) Equal 

func (v Var) Equal(other Value) bool

Equal returns true if the other Value is a Variable and has the same value (name).

func (Var) Find added in v0.4.5 

func (v Var) Find(path Ref) (Value, error)

Find returns the current value or a not found error.

func (Var) Hash 

func (v Var) Hash() int

Hash returns the hash code for the Value.

func (Var) IsGenerated added in v0.5.11 

func (v Var) IsGenerated() bool

IsGenerated returns true if this variable was generated during compilation.

func (Var) IsGround 

func (Var) IsGround() bool

IsGround always returns false.

func (Var) IsWildcard added in v0.2.0 

func (v Var) IsWildcard() bool

IsWildcard returns true if this is a wildcard variable.

func (Var) String 

func (v Var) String() string

type VarSet 

type VarSet map[Var]struct{}

VarSet represents a set of variables.

func NewVarSet 

func NewVarSet(vs ...Var) VarSet

NewVarSet returns a new VarSet containing the specified variables.

func OutputVarsFromBody added in v0.20.0 

func OutputVarsFromBody(c *Compiler, body Body, safe VarSet) VarSet

OutputVarsFromBody returns all variables which are the "output" for the given body. For safety checks this means that they would be made safe by the body.

func OutputVarsFromExpr added in v0.20.0 

func OutputVarsFromExpr(c *Compiler, expr *Expr, safe VarSet) VarSet

OutputVarsFromExpr returns all variables which are the "output" for the given expression. For safety checks this means that they would be made safe by the expr.

func Unify 

func Unify(safe VarSet, a *Term, b *Term) VarSet

Unify returns a set of variables that will be unified when the equality expression defined by terms a and b is evaluated. The unifier assumes that variables in the VarSet safe are already unified.

func (VarSet) Add 

func (s VarSet) Add(v Var)

Add updates the set to include the variable "v".

func (VarSet) Contains 

func (s VarSet) Contains(v Var) bool

Contains returns true if the set contains the variable "v".

func (VarSet) Copy 

func (s VarSet) Copy() VarSet

Copy returns a shallow copy of the VarSet.

func (VarSet) Diff 

func (s VarSet) Diff(vs VarSet) VarSet

Diff returns a VarSet containing variables in s that are not in vs.

func (VarSet) Equal added in v0.2.1 

func (s VarSet) Equal(vs VarSet) bool

Equal returns true if s contains exactly the same elements as vs.

func (VarSet) Intersect 

func (s VarSet) Intersect(vs VarSet) VarSet

Intersect returns a VarSet containing variables in s that are in vs.

func (VarSet) Sorted added in v0.11.0 

func (s VarSet) Sorted() []Var

Sorted returns a sorted slice of vars from s.

func (VarSet) String 

func (s VarSet) String() string

func (VarSet) Update 

func (s VarSet) Update(vs VarSet)

Update merges the other VarSet into this VarSet.

type VarVisitor added in v0.3.0 

type VarVisitor struct {
	// contains filtered or unexported fields
}

VarVisitor walks AST nodes under a given node and collects all encountered variables. The collected variables can be controlled by specifying VarVisitorParams when creating the visitor.

func NewVarVisitor added in v0.3.0 

func NewVarVisitor() *VarVisitor

NewVarVisitor returns a new VarVisitor object.

func (*VarVisitor) Vars added in v0.3.0 

func (vis *VarVisitor) Vars() VarSet

Vars returns a VarSet that contains collected vars.

func (*VarVisitor) Walk added in v0.17.0 

func (vis *VarVisitor) Walk(x interface{})

Walk iterates the AST by calling the function f on the GenericVisitor before recursing. Contrary to the generic Walk, this does not require allocating the visitor from heap.

func (*VarVisitor) WithParams added in v0.3.0 

func (vis *VarVisitor) WithParams(params VarVisitorParams) *VarVisitor

WithParams sets the parameters in params on vis.

type VarVisitorParams added in v0.3.0 

type VarVisitorParams struct {
	SkipRefHead     bool
	SkipRefCallHead bool
	SkipObjectKeys  bool
	SkipClosures    bool
	SkipWithTarget  bool
	SkipSets        bool
}

VarVisitorParams contains settings for a VarVisitor.

type VersionIndex added in v0.59.0 

type VersionIndex struct {
	Builtins map[string]semver.Version `json:"builtins"`
	Features map[string]semver.Version `json:"features"`
	Keywords map[string]semver.Version `json:"keywords"`
}

VersonIndex contains an index from built-in function name, language feature, and future rego keyword to version number. During the build, this is used to create an index of the minimum version required for the built-in/feature/kw.

type Visitor 

type Visitor interface {
	Visit(v interface{}) (w Visitor)
}

Visitor defines the interface for iterating AST elements. The Visit function can return a Visitor w which will be used to visit the children of the AST element v. If the Visit function returns nil, the children will not be visited. Deprecated: use GenericVisitor or another visitor implementation

type WasmABIVersion added in v0.27.0 

type WasmABIVersion struct {
	Version int `json:"version"`
	Minor   int `json:"minor_version"`
}

WasmABIVersion captures the Wasm ABI version. Its `Minor` version is indicating backwards-compatible changes.

type With added in v0.4.1 

type With struct {
	Target   *Term     `json:"target"`
	Value    *Term     `json:"value"`
	Location *Location `json:"location,omitempty"`
	// contains filtered or unexported fields
}

With represents a modifier on an expression.

func (*With) Compare added in v0.4.1 

func (w *With) Compare(other *With) int

Compare returns an integer indicating whether w is less than, equal to, or greater than other.

func (*With) Copy added in v0.4.1 

func (w *With) Copy() *With

Copy returns a deep copy of w.

func (*With) Equal added in v0.4.1 

func (w *With) Equal(other *With) bool

Equal returns true if this With is equals the other With.

func (With) Hash added in v0.4.1 

func (w With) Hash() int

Hash returns the hash code of the With.

func (*With) Loc added in v0.9.2 

func (w *With) Loc() *Location

Loc returns the Location of w.

func (*With) MarshalJSON added in v0.50.0 

func (w *With) MarshalJSON() ([]byte, error)

func (*With) SetLoc added in v0.9.2 

func (w *With) SetLoc(loc *Location)

SetLoc sets the location on w.

func (*With) SetLocation added in v0.7.0 

func (w *With) SetLocation(loc *Location) *With

SetLocation sets the location on w.

func (*With) String added in v0.4.1 

func (w *With) String() string

Source Files

View all Source files

Directories

Path Synopsis
internal
scanner
tokens
Package location defines locations in Rego source code.
 Package location defines locations in Rego source code.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.