CEL expression extensions
The CEL expression is configured to expose parts of the request, and some customfunctions to make matching easier.
In addition to the custom function extension listed below, you can craft anyvalid CEL expression as defined by thecel-spec language definition
Notes on numbers in CEL expressions
One thing to be aware of is how numeric values are treated in CEL expressions,JSON numbers are decoded toCEL doublevalues.
For example:
{
"count": 2,
"measure": 1.7
}
In the JSON above, both numbers are parsed as floating point values.
This means that if you want to do integer arithmetic, you’ll need touse explicit conversion functions.
From the CEL specification:
Note that currently there are no automatic arithmetic conversions for the numeric types (int, uint, and double).
You can either explicitly convert the number, or add another double value e.g.
interceptors:
- cel:
overlays:
- key: count_plus_1
expression: "body.count + 1.0"
- key: count_plus_2
expression: "int(body.count) + 2"
- key: measure_times_3
expression: "body.measure * 3.0"
These will be serialised back to JSON appropriately:
{
"count_plus_1": 2,
"count_plus_2": 3,
"measure_times_3": 5.1
}
Error messages in conversions
The following example will generate an error with the JSON example.
interceptors:
- cel:
overlays:
- key: bad_measure_times_3
expression: "body.measure * 3"
bad_measure_times_3 will fail withfailed to evaluate overlay expression 'body.measure * 3': no such overload
because there’s no automatic conversion.
List of extensions
The body from the http.Request
value is decoded to JSON and exposed, and theheaders are also available.
Symbol | Type | Description | Example |
---|---|---|---|
body | map(string, dynamic) | This is the decoded JSON body from the incoming http.Request exposed as a map of string keys to any value types. |
|
header | map(string, list(string)) | This is the request Header. |
|
NOTE: The header value is a Go http.Header
, which isdefined as:
type Header map[string][]string
i.e. the header is a mapping of strings, to arrays of strings, see the match
function on headers below for an extension that makes looking up headers easier.
List of extension functions
This lists custom functions that can be used from CEL expressions in the CELinterceptor.
Symbol | Type | Description | Example |
---|---|---|---|
match | header.match(string, string) -> bool | Uses the canonical header matching from Go's http.Request to match the header against the value. |
|
truncate | truncate(string, uint) -> string | Truncates a string to no more than the specified length. |
|
split | split(string, string) -> string(dyn) | Splits a string on the provided separator value. |
|
canonical | header.canonical(string) -> string | Uses the canonical header matching from Go's http.Request to get the provided header name. |
|
decodeb64 | (string) -> string | Decodes a base64 encoded string. |
|
compareSecret | string.compareSecret(string, string, string) -> bool | Constant-time comparison of strings against secrets, this will fetch the secret using the combination of namespace/name and compare the token key to the string using a cryptographic constant-time comparison.. The event-listener service account must have access to the secret. |
|
compareSecret | string.compareSecret(string, string) -> bool | This is almost identical to the version above, but only requires two arguments, the namespace is assumed to be the namespace for the event-listener. |
|