- Duplicate Map Keys
-
-This library provides options for fast detection and rejection of duplicate map keys based on applying a Go-specific data model to CBOR's extended generic data model in order to determine duplicate vs distinct map keys. Detection relies on whether the CBOR map key would be a duplicate "key" when decoded and applied to the user-provided Go map or struct.
+Struct tags (`toarray`, `keyasint`, `omitempty`) reduce encoded size of structs.
-`DupMapKeyQuiet` turns off detection of duplicate map keys. It tries to use a "keep fastest" method by choosing either "keep first" or "keep last" depending on the Go data type.
-
-`DupMapKeyEnforcedAPF` enforces detection and rejection of duplidate map keys. Decoding stops immediately and returns `DupMapKeyError` when the first duplicate key is detected. The error includes the duplicate map key and the index number.
+Example encoding 3-level nested Go struct to 1 byte CBOR
-APF suffix means "Allow Partial Fill" so the destination map or struct can contain some decoded values at the time of error. It is the caller's responsibility to respond to the `DupMapKeyError` by discarding the partially filled result if that's required by their protocol.
-
-
- Tag Validity
-
-This library checks tag validity for built-in tags (currently tag numbers 0, 1, 2, 3, and 55799):
-
-* Inadmissible type for tag content
-* Inadmissible value for tag content
-
-Unknown tag data items (not tag number 0, 1, 2, 3, or 55799) are handled in two ways:
-
-* When decoding into an empty interface, unknown tag data item will be decoded into `cbor.Tag` data type, which contains tag number and tag content. The tag content will be decoded into the default Go data type for the CBOR data type.
-* When decoding into other Go types, unknown tag data item is decoded into the specified Go type. If Go type is registered with a tag number, the tag number can optionally be verified.
-
-Decoder also has an option to forbid tag data items (treat any tag data item as error) which is specified by protocols such as CTAP2 Canonical CBOR.
-
-For more information, see [decoding options](#decoding-options-1) and [tag options](#tag-options).
-
-
-
-## Limitations
-
-If any of these limitations prevent you from using this library, please open an issue along with a link to your project.
-
-* CBOR `Undefined` (0xf7) value decodes to Go's `nil` value. CBOR `Null` (0xf6) more closely matches Go's `nil`.
-* CBOR map keys with data types not supported by Go for map keys are ignored and an error is returned after continuing to decode remaining items.
-* When using io.Reader interface to read very large or indefinite length CBOR data, Go's `io.LimitReader` should be used to limit size.
-* When decoding registered CBOR tag data to interface type, decoder creates a pointer to registered Go type matching CBOR tag number. Requiring a pointer for this is a Go limitation.
-
-
-
-⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license)
-
-## API
-Many function signatures are identical to Go's encoding/json, such as:
-`Marshal`, `Unmarshal`, `NewEncoder`, `NewDecoder`, `(*Encoder).Encode`, and `(*Decoder).Decode`.
-
-Interfaces identical or comparable to Go's encoding, encoding/json, or encoding/gob include:
-`Marshaler`, `Unmarshaler`, `BinaryMarshaler`, and `BinaryUnmarshaler`.
+```Go
+// Example encoding nested struct (with omitempty tag)
+// - encoding/json: 18 byte JSON
+// - fxamacker/cbor: 1 byte CBOR
+package main
-Like `encoding/json`, `RawMessage` can be used to delay CBOR decoding or precompute CBOR encoding.
+import (
+ "encoding/hex"
+ "encoding/json"
+ "fmt"
-"Mode" in this API means defined way of encoding or decoding -- it links the standard API to CBOR options and CBOR tags.
+ "github.com/fxamacker/cbor/v2"
+)
-EncMode and DecMode are interfaces created from EncOptions or DecOptions structs.
-For example, `em, err := cbor.EncOptions{...}.EncMode()` or `em, err := cbor.CanonicalEncOptions().EncMode()`.
-
-EncMode and DecMode use immutable options so their behavior won't accidentally change at runtime. Modes are intended to be reused and are safe for concurrent use.
-
-__API for Default Mode__
-
-If default options are acceptable, then you don't need to create EncMode or DecMode.
-
-```go
-Marshal(v interface{}) ([]byte, error)
-NewEncoder(w io.Writer) *Encoder
-
-Unmarshal(data []byte, v interface{}) error
-NewDecoder(r io.Reader) *Decoder
-```
-
-__API for Creating & Using Encoding Modes__
-
-```go
-// EncMode interface uses immutable options and is safe for concurrent use.
-type EncMode interface {
- Marshal(v interface{}) ([]byte, error)
- NewEncoder(w io.Writer) *Encoder
- EncOptions() EncOptions // returns copy of options
-}
-
-// EncOptions specifies encoding options.
-type EncOptions struct {
-...
+type GrandChild struct {
+ Quux int `json:",omitempty"`
}
-// EncMode returns an EncMode interface created from EncOptions.
-func (opts EncOptions) EncMode() (EncMode, error) {}
-
-// EncModeWithTags returns EncMode with options and tags that are both immutable.
-func (opts EncOptions) EncModeWithTags(tags TagSet) (EncMode, error) {}
-
-// EncModeWithSharedTags returns EncMode with immutable options and mutable shared tags.
-func (opts EncOptions) EncModeWithSharedTags(tags TagSet) (EncMode, error) {}
-```
-
-The empty curly braces prevent a syntax highlighting bug, please ignore them.
-
-__API for Predefined Encoding Options__
-
-```go
-func CoreDetEncOptions() EncOptions {} // RFC 8949 Core Deterministic Encoding
-func PreferredUnsortedEncOptions() EncOptions {} // RFC 8949 Preferred Serialization
-func CanonicalEncOptions() EncOptions {} // RFC 7049 Canonical CBOR
-func CTAP2EncOptions() EncOptions {} // FIDO2 CTAP2 Canonical CBOR
-```
-
-__API for Creating & Using Decoding Modes__
-
-```go
-// DecMode interface uses immutable options and is safe for concurrent use.
-type DecMode interface {
- Unmarshal(data []byte, v interface{}) error
- NewDecoder(r io.Reader) *Decoder
- DecOptions() DecOptions // returns copy of options
+type Child struct {
+ Baz int `json:",omitempty"`
+ Qux GrandChild `json:",omitempty"`
}
-// DecOptions specifies decoding options.
-type DecOptions struct {
-...
+type Parent struct {
+ Foo Child `json:",omitempty"`
+ Bar int `json:",omitempty"`
}
-// DecMode returns a DecMode interface created from DecOptions.
-func (opts DecOptions) DecMode() (DecMode, error) {}
-
-// DecModeWithTags returns DecMode with options and tags that are both immutable.
-func (opts DecOptions) DecModeWithTags(tags TagSet) (DecMode, error) {}
-
-// DecModeWithSharedTags returns DecMode with immutable options and mutable shared tags.
-func (opts DecOptions) DecModeWithSharedTags(tags TagSet) (DecMode, error) {}
-```
-
-The empty curly braces prevent a syntax highlighting bug, please ignore them.
-
-__API for Using CBOR Tags__
+func cb() {
+ results, _ := cbor.Marshal(Parent{})
+ fmt.Println("hex(CBOR): " + hex.EncodeToString(results))
-`TagSet` can be used to associate user-defined Go type(s) to tag number(s). It's also used to create EncMode or DecMode. For example, `em := EncOptions{...}.EncModeWithTags(ts)` or `em := EncOptions{...}.EncModeWithSharedTags(ts)`. This allows every standard API exported by em (like `Marshal` and `NewEncoder`) to use the specified tags automatically.
-
-`Tag` and `RawTag` can be used to encode/decode a tag number with a Go value, but `TagSet` is generally recommended.
-
-```go
-type TagSet interface {
- // Add adds given tag number(s), content type, and tag options to TagSet.
- Add(opts TagOptions, contentType reflect.Type, num uint64, nestedNum ...uint64) error
-
- // Remove removes given tag content type from TagSet.
- Remove(contentType reflect.Type)
+ text, _ := cbor.Diagnose(results) // Diagnostic Notation
+ fmt.Println("DN: " + text)
}
-```
-`Tag` and `RawTag` types can also be used to encode/decode tag number with Go value.
+func js() {
+ results, _ := json.Marshal(Parent{})
+ fmt.Println("hex(JSON): " + hex.EncodeToString(results))
-```go
-type Tag struct {
- Number uint64
- Content interface{}
+ text := string(results) // JSON
+ fmt.Println("JSON: " + text)
}
-type RawTag struct {
- Number uint64
- Content RawMessage
+func main() {
+ cb()
+ fmt.Println("-------------")
+ js()
}
```
-See [API docs (godoc.org)](https://godoc.org/github.com/fxamacker/cbor) for more details and more functions. See [Usage section](#usage) for usage and code examples.
-
-
-
-⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license)
-
-## Options
-
-Struct tags, decoding options, and encoding options.
-
-### Struct Tags
-
-This library supports both "cbor" and "json" key for some (not all) struct tags. If "cbor" and "json" keys are both present for the same field, then "cbor" key will be used.
-
-| Key | Format Str | Scope | Description |
-| --- | ---------- | ----- | ------------|
-| cbor or json | "myName" | field | Name of field to use such as "myName", etc. like encoding/json. |
-| cbor or json | ",omitempty" | field | Omit (ignore) this field if value is empty, like encoding/json. |
-| cbor or json | "-" | field | Omit (ignore) this field always, like encoding/json. |
-| cbor | ",keyasint" | field | Treat field as an element of CBOR map with specified int as key. |
-| cbor | ",toarray" | struct | Treat each field as an element of CBOR array. This automatically disables "omitempty" and "keyasint" for all fields in the struct. |
-
-The "keyasint" struct tag requires an integer key to be specified:
-
+Output (DN is Diagnostic Notation):
```
-type myStruct struct {
- MyField int64 `cbor:"-1,keyasint,omitempty'`
- OurField string `cbor:"0,keyasint,omitempty"`
- FooField Foo `cbor:"5,keyasint,omitempty"`
- BarField Bar `cbor:"hello,omitempty"`
- ...
-}
+hex(CBOR): a0
+DN: {}
+-------------
+hex(JSON): 7b22466f6f223a7b22517578223a7b7d7d7d
+JSON: {"Foo":{"Qux":{}}}
```
-The "toarray" struct tag requires a special field "_" (underscore) to indicate "toarray" applies to the entire struct:
-
-```
-type myStruct struct {
- _ struct{} `cbor:",toarray"`
- MyField int64
- OurField string
- ...
-}
-```
+
-__Click to expand:__
+
-
- Example Using CBOR Web Tokens
-
+Example using several struct tags
+
-
-| DecOptions.DupMapKey | Description |
-| -------------------- | ----------- |
-| DupMapKeyQuiet (default) | turns off detection of duplicate map keys. It uses a "keep fastest" method by choosing either "keep first" or "keep last" depending on the Go data type. |
-| DupMapKeyEnforcedAPF | enforces detection and rejection of duplidate map keys. Decoding stops immediately and returns `DupMapKeyError` when the first duplicate key is detected. The error includes the duplicate map key and the index number. |
-
-`DupMapKeyEnforcedAPF` uses "Allow Partial Fill" so the destination map or struct can contain some decoded values at the time of error. Users can respond to the `DupMapKeyError` by discarding the partially filled result if that's required by their protocol.
-
-
-
-| DecOptions.IntDec | Description |
-| ------------------ | ----------- |
-| IntDecConvertNone (default) | When decoding to Go interface{}, CBOR positive int (major type 0) decode to uint64 value, and CBOR negative int (major type 1) decode to int64 value. |
-| IntDecConvertSigned | When decoding to Go interface{}, CBOR positive/negative int (major type 0 and 1) decode to int64 value. |
-
-If `IntDecConvertedSigned` is used and value overflows int64, UnmarshalTypeError is returned.
-
-
-
-| DecOptions.IndefLength | Description |
-| ---------------------- | ----------- |
-|IndefLengthAllowed (default) | allow indefinite length data |
-|IndefLengthForbidden | forbid indefinite length data |
-
-
-
-| DecOptions.TagsMd | Description |
-| ----------------- | ----------- |
-|TagsAllowed (default) | allow CBOR tags (major type 6) |
-|TagsForbidden | forbid CBOR tags (major type 6) |
-
-
-
-| DecOptions.ExtraReturnErrors | Description |
-| ----------------- | ----------- |
-|ExtraDecErrorNone (default) | no extra decoding errors. E.g. ignore unknown fields if encountered. |
-|ExtraDecErrorUnknownField | return error if unknown field is encountered |
-
-
-
-| DecOptions.MaxNestedLevels | Description |
-| -------------------------- | ----------- |
-| 32 (default) | allowed setting is [4, 256] |
-
-
-
-| DecOptions.MaxArrayElements | Description |
-| --------------------------- | ----------- |
-| 131072 (default) | allowed setting is [16, 2147483647] |
-
-
-
-| DecOptions.MaxMapPairs | Description |
-| ---------------------- | ----------- |
-| 131072 (default) | allowed setting is [16, 2147483647] |
-
-### Encoding Options
-
-__Integers always encode to the shortest form that preserves value__. Encoding of other data types and map key sort order are determined by encoding options.
-
-These functions are provided to create and return a modifiable EncOptions struct with predefined settings.
-
-| Predefined EncOptions | Description |
-| --------------------- | ----------- |
-| CanonicalEncOptions() |[Canonical CBOR (RFC 7049 Section 3.9)](https://tools.ietf.org/html/rfc7049#section-3.9). |
-| CTAP2EncOptions() |[CTAP2 Canonical CBOR (FIDO2 CTAP2)](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#ctap2-canonical-cbor-encoding-form). |
-| PreferredUnsortedEncOptions() |Unsorted, encode float64->float32->float16 when values fit, NaN values encoded as float16 0x7e00. |
-| CoreDetEncOptions() |PreferredUnsortedEncOptions() + map keys are sorted bytewise lexicographic. |
-
-
-
-| EncOptions.Sort | Description |
-| --------------- | ----------- |
-| SortNone (default) |No sorting for map keys. |
-| SortLengthFirst |Length-first map key ordering. |
-| SortBytewiseLexical |Bytewise lexicographic map key ordering [(RFC 8949 Section 4.2.1)](https://datatracker.ietf.org/doc/html/rfc8949#section-4.2.1).|
-| SortCanonical |(alias) Same as SortLengthFirst [(RFC 7049 Section 3.9)](https://tools.ietf.org/html/rfc7049#section-3.9) |
-| SortCTAP2 |(alias) Same as SortBytewiseLexical [(CTAP2 Canonical CBOR)](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#ctap2-canonical-cbor-encoding-form). |
-| SortCoreDeterministic |(alias) Same as SortBytewiseLexical [(RFC 8949 Section 4.2.1)](https://datatracker.ietf.org/doc/html/rfc8949#section-4.2.1). |
-
-
-
-| EncOptions.Time | Description |
-| --------------- | ----------- |
-| TimeUnix (default) | (seconds) Encode as integer. |
-| TimeUnixMicro | (microseconds) Encode as floating-point. ShortestFloat option determines size. |
-| TimeUnixDynamic | (seconds or microseconds) Encode as integer if time doesn't have fractional seconds, otherwise encode as floating-point rounded to microseconds. |
-| TimeRFC3339 | (seconds) Encode as RFC 3339 formatted string. |
-| TimeRFC3339Nano | (nanoseconds) Encode as RFC3339 formatted string. |
-
-
-
-| EncOptions.TimeTag | Description |
-| ------------------ | ----------- |
-| EncTagNone (default) | Tag number will not be encoded for time values. |
-| EncTagRequired | Tag number (0 or 1) will be encoded unless time value is undefined/zero-instant. |
-
-By default, undefined (zero instant) time values will encode as CBOR Null without tag number for both EncTagNone and EncTagRequired. Although CBOR Undefined might be technically more correct for EncTagRequired, CBOR Undefined might not be supported by other generic decoders and it isn't supported by JSON.
-
-Go's `time` package provides `IsZero` function, which reports whether t represents the zero time instant, January 1, year 1, 00:00:00 UTC.
-
-
-
-| EncOptions.BigIntConvert | Description |
-| ------------------------ | ----------- |
-| BigIntConvertShortest (default) | Encode big.Int as CBOR integer if value fits. |
-| BigIntConvertNone | Encode big.Int as CBOR bignum (tag 2 or 3). |
+Struct tags simplify use of CBOR-based protocols that require CBOR arrays or maps with integer keys.
-
+### CBOR Tags
-__Floating-Point Options__
+CBOR tags are specified in a `TagSet`.
-Encoder has 3 types of options for floating-point data: ShortestFloatMode, InfConvertMode, and NaNConvertMode.
-
-| EncOptions.ShortestFloat | Description |
-| ------------------------ | ----------- |
-| ShortestFloatNone (default) | No size conversion. Encode float32 and float64 to CBOR floating-point of same bit-size. |
-| ShortestFloat16 | Encode float64 -> float32 -> float16 ([IEEE 754 binary16](https://en.wikipedia.org/wiki/Half-precision_floating-point_format)) when values fit. |
-
-Conversions for infinity and NaN use InfConvert and NaNConvert settings.
-
-| EncOptions.InfConvert | Description |
-| --------------------- | ----------- |
-| InfConvertFloat16 (default) | Convert +- infinity to float16 since they always preserve value (recommended) |
-| InfConvertNone |Don't convert +- infinity to other representations -- used by CTAP2 Canonical CBOR |
-
-
-
-| EncOptions.NaNConvert | Description |
-| --------------------- | ----------- |
-| NaNConvert7e00 (default) | Encode to 0xf97e00 (CBOR float16 = 0x7e00) -- used by RFC 8949 Preferred Encoding, etc. |
-| NaNConvertNone | Don't convert NaN to other representations -- used by CTAP2 Canonical CBOR. |
-| NaNConvertQuiet | Force quiet bit = 1 and use shortest form that preserves NaN payload. |
-| NaNConvertPreserveSignal | Convert to smallest form that preserves value (quit bit unmodified and NaN payload preserved). |
-
-
-
-| EncOptions.IndefLength | Description |
-| ---------------------- | ----------- |
-|IndefLengthAllowed (default) | allow indefinite length data |
-|IndefLengthForbidden | forbid indefinite length data |
-
-
-
-| EncOptions.TagsMd | Description |
-| ----------------- | ----------- |
-|TagsAllowed (default) | allow CBOR tags (major type 6) |
-|TagsForbidden | forbid CBOR tags (major type 6) |
-
-
-### Tag Options
+Custom modes can be created with a `TagSet` to handle CBOR tags.
+
+```go
+em, err := opts.EncMode() // no CBOR tags
+em, err := opts.EncModeWithTags(ts) // immutable CBOR tags
+em, err := opts.EncModeWithSharedTags(ts) // mutable shared CBOR tags
+```
-TagOptions specifies how encoder and decoder handle tag number registered with TagSet.
+`TagSet` and modes using it are safe for concurrent use. Equivalent API is available for `DecMode`.
-| TagOptions.DecTag | Description |
-| ------------------ | ----------- |
-| DecTagIgnored (default) | Tag numbers are ignored (if present). |
-| DecTagOptional | Tag numbers are only checked for validity if present. |
-| DecTagRequired | Tag numbers must be provided except for CBOR Null and CBOR Undefined. |
+Example using TagSet and TagOptions
-
+```go
+// Use signedCWT struct defined in "Decoding CWT" example.
-| TagOptions.EncTag | Description |
-| ------------------ | ----------- |
-| EncTagNone (default) | Tag number will not be encoded. |
-| EncTagRequired | Tag number will be encoded. |
-
-
+// Create TagSet (safe for concurrency).
+tags := cbor.NewTagSet()
+// Register tag COSE_Sign1 18 with signedCWT type.
+tags.Add(
+ cbor.TagOptions{EncTag: cbor.EncTagRequired, DecTag: cbor.DecTagRequired},
+ reflect.TypeOf(signedCWT{}),
+ 18)
-⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license)
+// Create DecMode with immutable tags.
+dm, _ := cbor.DecOptions{}.DecModeWithTags(tags)
-## Usage
-🛡️ Use Go's `io.LimitReader` to limit size when decoding very large or indefinite size data.
+// Unmarshal to signedCWT with tag support.
+var v signedCWT
+if err := dm.Unmarshal(data, &v); err != nil {
+ return err
+}
-Functions with identical signatures to encoding/json include:
-`Marshal`, `Unmarshal`, `NewEncoder`, `NewDecoder`, `(*Encoder).Encode`, `(*Decoder).Decode`.
+// Create EncMode with immutable tags.
+em, _ := cbor.EncOptions{}.EncModeWithTags(tags)
-__Default Mode__
+// Marshal signedCWT with tag number.
+if data, err := cbor.Marshal(v); err != nil {
+ return err
+}
+```
-If default options are acceptable, package level functions can be used for encoding and decoding.
+Functions and interfaces at a glance
-encoder := cbor.NewEncoder(w) // create encoder with io.Writer w
+Common functions with same API as `encoding/json`:
+- `Marshal`, `Unmarshal`
+- `NewEncoder`, `(*Encoder).Encode`
+- `NewDecoder`, `(*Decoder).Decode`
-decoder := cbor.NewDecoder(r) // create decoder with io.Reader r
-```
+NOTE: `Unmarshal` will return `ExtraneousDataError` if there are remaining bytes
+because RFC 8949 treats CBOR data item with remaining bytes as malformed.
+- 💡 Use `UnmarshalFirst` to decode first CBOR data item and return any remaining bytes.
-__Modes__
+Other useful functions:
+- `Diagnose`, `DiagnoseFirst` produce human-readable [Extended Diagnostic Notation](https://www.rfc-editor.org/rfc/rfc8610.html#appendix-G) from CBOR data.
+- `UnmarshalFirst` decodes first CBOR data item and return any remaining bytes.
+- `Wellformed` returns true if the the CBOR data item is well-formed.
-If you need to use options or CBOR tags, then you'll want to create a mode.
+Interfaces identical or comparable to Go `encoding` packages include:
+`Marshaler`, `Unmarshaler`, `BinaryMarshaler`, and `BinaryUnmarshaler`.
-"Mode" means defined way of encoding or decoding -- it links the standard API to your CBOR options and CBOR tags. This way, you don't pass around options and the API remains identical to `encoding/json`.
+The `RawMessage` type can be used to delay CBOR decoding or precompute CBOR encoding.
-EncMode and DecMode are interfaces created from EncOptions or DecOptions structs.
-For example, `em, err := cbor.EncOptions{...}.EncMode()` or `em, err := cbor.CanonicalEncOptions().EncMode()`.
+
+__IMPORTANT__: 👉 Before upgrading from v2.4 or older release, please read the notable changes highlighted in the release notes. v2.5.0 is a large release with bug fixes to error handling for extraneous data in `Unmarshal`, etc. that should be reviewed before upgrading.
-
+See [v2.5.0 release notes](https://github.com/fxamacker/cbor/releases/tag/v2.5.0) for list of new features, improvements, and bug fixes.
-
+See ["Version and API Changes"](https://github.com/fxamacker/cbor#versions-and-api-changes) section for more info about version numbering, etc.
-__Decoding CWT (CBOR Web Token)__ using `keyasint` and `toarray` struct tags:
+
-// Create DecMode with immutable tags.
-dm, _ := cbor.DecOptions{}.DecModeWithTags(tags)
+## Who uses fxamacker/cbor
-// Unmarshal to signedCWT with tag support.
-var v signedCWT
-if err := dm.Unmarshal(data, &v); err != nil {
- return err
-}
+`fxamacker/cbor` is used in projects by Arm Ltd., Berlin Institute of Health at Charité, Chainlink, Cisco, Confidential Computing Consortium, ConsenSys, Dapper Labs, EdgeX Foundry, F5, FIDO Alliance, Fraunhofer‑AISEC, Kubernetes, Let's Encrypt (ISRG), Linux Foundation, Matrix.org, Microsoft, Mozilla, National Cybersecurity Agency of France (govt), Netherlands (govt), Oasis Protocol, Smallstep, Tailscale, Taurus SA, Teleport, TIBCO, and others.
-// Create EncMode with immutable tags.
-em, _ := cbor.EncOptions{}.EncModeWithTags(tags)
+`fxamacker/cbor` passed multiple confidential security assessments. A [nonconfidential security assessment](https://github.com/veraison/go-cose/blob/v1.0.0-rc.1/reports/NCC_Microsoft-go-cose-Report_2022-05-26_v1.0.pdf) (prepared by NCC Group for Microsoft Corporation) includes a subset of fxamacker/cbor v2.4.0 in its scope.
-// Marshal signedCWT with tag number.
-if data, err := cbor.Marshal(v); err != nil {
- return err
-}
-```
-
-For more examples, see [examples_test.go](example_test.go).
+## Standards
-
+`fxamacker/cbor` is a CBOR codec in full conformance with [IETF STD 94 (RFC 8949)](https://www.rfc-editor.org/info/std94). It also supports CBOR Sequences ([RFC 8742](https://www.rfc-editor.org/rfc/rfc8742.html)) and Extended Diagnostic Notation ([Appendix G of RFC 8610](https://www.rfc-editor.org/rfc/rfc8610.html#appendix-G)).
-⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license)
+Notable CBOR features include:
-## Comparisons
+| CBOR Feature | Description |
+| :--- | :--- |
+| CBOR tags | API supports built-in and user-defined tags. |
+| Preferred serialization | Integers encode to fewest bytes. Optional float64 → float32 → float16. |
+| Map key sorting | Unsorted, length-first (Canonical CBOR), and bytewise-lexicographic (CTAP2). |
+| Duplicate map keys | Always forbid for encoding and option to allow/forbid for decoding. |
+| Indefinite length data | Option to allow/forbid for encoding and decoding. |
+| Well-formedness | Always checked and enforced. |
+| Basic validity checks | Optionally check UTF-8 validity and duplicate map keys. |
+| Security considerations | Prevent integer overflow and resource exhaustion (RFC 8949 Section 10). |
-Comparisons are between this newer library and a well-known library that had 1,000+ stars before this library was created. Default build settings for each library were used for all comparisons.
+Known limitations are noted in the [Limitations section](#limitations).
-__This library is safer__. Small malicious CBOR messages are rejected quickly before they exhaust system resources.
+Go nil values for slices, maps, pointers, etc. are encoded as CBOR null. Empty slices, maps, etc. are encoded as empty CBOR arrays and maps.
-Decoding 9 or 10 bytes of malformed CBOR data shouldn't exhaust memory. For example,
-`[]byte{0x9B, 0x00, 0x00, 0x42, 0xFA, 0x42, 0xFA, 0x42, 0xFA, 0x42}`
+Decoder checks for all required well-formedness errors, including all "subkinds" of syntax errors and too little data.
-| | Decode bad 10 bytes to interface{} | Decode bad 10 bytes to []byte |
-| :--- | :------------------ | :--------------- |
-| fxamacker/cbor
1.0-2.3 | 49.44 ns/op, 24 B/op, 2 allocs/op* | 51.93 ns/op, 32 B/op, 2 allocs/op* |
-| ugorji/go 1.2.6 | ⚠️ 45021 ns/op, 262852 B/op, 7 allocs/op | 💥 runtime: out of memory: cannot allocate |
-| ugorji/go 1.1.0-1.1.7 | 💥 runtime: out of memory: cannot allocate | 💥 runtime: out of memory: cannot allocate|
+After well-formedness is verified, basic validity errors are handled as follows:
-*Speed and memory are for latest codec version listed in the row (compiled with Go 1.17.5).
+* Invalid UTF-8 string: Decoder has option to check and return invalid UTF-8 string error. This check is enabled by default.
+* Duplicate keys in a map: Decoder has options to ignore or enforce rejection of duplicate map keys.
-fxamacker/cbor CBOR safety settings include: MaxNestedLevels, MaxArrayElements, MaxMapPairs, and IndefLength.
+When decoding well-formed CBOR arrays and maps, decoder saves the first error it encounters and continues with the next item. Options to handle this differently may be added in the future.
-__This library is smaller__. Programs like senmlCat can be 4 MB smaller by switching to this library. Programs using more complex CBOR data types can be 9.2 MB smaller.
+By default, decoder treats time values of floating-point NaN and Infinity as if they are CBOR Null or CBOR Undefined.
-
+__Click to expand topic:__
+
+ Duplicate Map Keys
-__This library is faster__ for encoding and decoding CBOR Web Token (CWT). However, speed is only one factor and it can vary depending on data types and sizes. Unlike the other library, this one doesn't use Go's ```unsafe``` package or code gen.
+This library provides options for fast detection and rejection of duplicate map keys based on applying a Go-specific data model to CBOR's extended generic data model in order to determine duplicate vs distinct map keys. Detection relies on whether the CBOR map key would be a duplicate "key" when decoded and applied to the user-provided Go map or struct.
-
+`DupMapKeyQuiet` turns off detection of duplicate map keys. It tries to use a "keep fastest" method by choosing either "keep first" or "keep last" depending on the Go data type.
-__This library uses less memory__ for encoding and decoding CBOR Web Token (CWT) using test data from RFC 8392 A.1.
+`DupMapKeyEnforcedAPF` enforces detection and rejection of duplidate map keys. Decoding stops immediately and returns `DupMapKeyError` when the first duplicate key is detected. The error includes the duplicate map key and the index number.
-| | fxamacker/cbor 2.3 | ugorji/go 1.2.6 |
-| :--- | :--- | :--- |
-| Encode CWT | 0.18 kB/op 2 allocs/op | 1.35 kB/op 4 allocs/op |
-| Decode CWT | 160 bytes/op 6 allocs/op | 744 bytes/op 6 allocs/op |
+APF suffix means "Allow Partial Fill" so the destination map or struct can contain some decoded values at the time of error. It is the caller's responsibility to respond to the `DupMapKeyError` by discarding the partially filled result if that's required by their protocol.
-Running your own benchmarks is highly recommended. Use your most common data structures and data sizes.
+
-
+
+ Tag Validity
-⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license)
+This library checks tag validity for built-in tags (currently tag numbers 0, 1, 2, 3, and 55799):
-## Benchmarks
+* Inadmissible type for tag content
+* Inadmissible value for tag content
-Go structs are faster than maps with string keys:
+Unknown tag data items (not tag number 0, 1, 2, 3, or 55799) are handled in two ways:
-* decoding into struct is >28% faster than decoding into map.
-* encoding struct is >35% faster than encoding map.
+* When decoding into an empty interface, unknown tag data item will be decoded into `cbor.Tag` data type, which contains tag number and tag content. The tag content will be decoded into the default Go data type for the CBOR data type.
+* When decoding into other Go types, unknown tag data item is decoded into the specified Go type. If Go type is registered with a tag number, the tag number can optionally be verified.
-Go structs with `keyasint` struct tag are faster than maps with integer keys:
+Decoder also has an option to forbid tag data items (treat any tag data item as error) which is specified by protocols such as CTAP2 Canonical CBOR.
-* decoding into struct is >28% faster than decoding into map.
-* encoding struct is >34% faster than encoding map.
+For more information, see [decoding options](#decoding-options-1) and [tag options](#tag-options).
-Go structs with `toarray` struct tag are faster than slice:
+
-* decoding into struct is >15% faster than decoding into slice.
-* encoding struct is >12% faster than encoding slice.
+## Limitations
-Doing your own benchmarks is highly recommended. Use your most common message sizes and data types.
+If any of these limitations prevent you from using this library, please open an issue along with a link to your project.
-See [Benchmarks for fxamacker/cbor](CBOR_BENCHMARKS.md).
+* CBOR `Undefined` (0xf7) value decodes to Go's `nil` value. CBOR `Null` (0xf6) more closely matches Go's `nil`.
+* CBOR map keys with data types not supported by Go for map keys are ignored and an error is returned after continuing to decode remaining items.
+* When decoding registered CBOR tag data to interface type, decoder creates a pointer to registered Go type matching CBOR tag number. Requiring a pointer for this is a Go limitation.
## Fuzzing and Code Coverage
-__Over 375 tests__ must pass on 4 architectures before tagging a release. They include all RFC 7049 and RFC 8949 examples, bugs found by fuzzing, maliciously crafted CBOR data, and over 87 tests with malformed data. There's some overlap in the tests but it isn't a high priority to trim tests.
+__Code coverage__ is always 95% or higher (with `go test -cover`) when tagging a release.
-__Code coverage__ must not fall below 95% when tagging a release. Code coverage is above 98% (`go test -cover`) for cbor v2.3 which is among the highest for libraries (in Go) of this type.
-
-__Coverage-guided fuzzing__ must pass 1+ billion execs using a large corpus before tagging a release. Fuzzing is usually continued after the release is tagged and is manually stopped after reaching 1-3 billion execs. Fuzzing uses a customized version of [dvyukov/go-fuzz](https://github.com/dvyukov/go-fuzz).
-
-To prevent delays to release schedules, fuzzing is not restarted for a release if changes are limited to ci, docs, and comments.
+__Coverage-guided fuzzing__ must pass billions of execs using before tagging a release. Fuzzing is done using nonpublic code which may eventually get merged into this project. Until then, reports like OpenSSF Scorecard can't detect fuzz tests being used by this project.
-⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license)
-
## Versions and API Changes
This project uses [Semantic Versioning](https://semver.org), so the API is always backwards compatible unless the major version number changes.
-These functions have signatures identical to encoding/json and they will likely never change even after major new releases:
+These functions have signatures identical to encoding/json and their API will continue to match `encoding/json` even after major new releases:
`Marshal`, `Unmarshal`, `NewEncoder`, `NewDecoder`, `(*Encoder).Encode`, and `(*Decoder).Decode`.
-Newly added API documented as "subject to change" are excluded from SemVer.
+Exclusions from SemVer:
+- Newly added API documented as "subject to change".
+- Newly added API in the master branch that has never been tagged in non-beta release.
+- If function parameters are unchanged, bug fixes that change behavior (e.g. return error for edge case was missed in prior version). We try to highlight these in the release notes and add extended beta period. E.g. [v2.5.0-beta](https://github.com/fxamacker/cbor/releases/tag/v2.5.0-beta) (Dec 2022) -> [v2.5.0](https://github.com/fxamacker/cbor/releases/tag/v2.5.0) (Aug 2023).
-Newly added API in the master branch that has never been release tagged are excluded from SemVer.
+This project avoids breaking changes to behavior of encoding and decoding functions unless required to improve conformance with supported RFCs (e.g. RFC 8949, RFC 8742, etc.) Visible changes that don't improve conformance to standards are typically made available as new opt-in settings or new functions.
## Code of Conduct
+
This project has adopted the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). Contact [faye.github@gmail.com](mailto:faye.github@gmail.com) with any questions or comments.
## Contributing
-Please refer to [How to Contribute](CONTRIBUTING.md).
+
+Please open an issue before beginning work on a PR. The improvement may have already been considered, etc.
+
+For more info, see [How to Contribute](CONTRIBUTING.md).
## Security Policy
+
Security fixes are provided for the latest released version of fxamacker/cbor.
For the full text of the Security Policy, see [SECURITY.md](SECURITY.md).
-## Disclaimers
-Phrases like "no crashes", "doesn't crash", and "is secure" mean there are no known crash bugs in the latest version based on results of unit tests and coverage-guided fuzzing. They don't imply the software is 100% bug-free or 100% invulnerable to all known and unknown attacks.
+## Acknowledgements
-Please read the license for additional disclaimers and terms.
+Many thanks to all the contributors on this project!
-## Special Thanks
+I'm especially grateful to Bastian Müller and Dieter Shirley for suggesting and collaborating on CBOR stream mode, and much more.
-__Making this library better__
+I'm very grateful to Stefan Tatschner, Yawning Angel, Jernej Kos, x448, ZenGround0, and Jakob Borg for their contributions or support in the very early days.
-* Stefan Tatschner for using this library in [sep](https://rumpelsepp.org/projects/sep), being the 1st to discover my CBOR library, requesting time.Time in issue #1, and submitting this library in a [PR to cbor.io](https://github.com/cbor/cbor.github.io/pull/56) on Aug 12, 2019.
-* Yawning Angel for using this library to [oasis-core](https://github.com/oasislabs/oasis-core), and requesting BinaryMarshaler in issue #5.
-* Jernej Kos for requesting RawMessage in issue #11 and offering feedback on v2.1 API for CBOR tags.
-* ZenGround0 for using this library in [go-filecoin](https://github.com/filecoin-project/go-filecoin), filing "toarray" bug in issue #129, and requesting
-CBOR BSTR <--> Go array in #133.
-* Keith Randall for [fixing Go bugs and providing workarounds](https://github.com/golang/go/issues/36400) so we don't have to wait for new versions of Go.
+Big thanks to Ben Luddy for his contributions in v2.6.0 and v2.7.0.
-__Help clarifying CBOR RFC 7049 or 7049bis (7049bis is the draft of RFC 8949)__
+This library clearly wouldn't be possible without Carsten Bormann authoring CBOR RFCs.
-* Carsten Bormann for RFC 7049 (CBOR), adding this library to cbor.io, his fast confirmation to my RFC 7049 errata, approving my pull request to 7049bis, and his patience when I misread a line in 7049bis.
-* Laurence Lundblade for his help on the IETF mailing list for 7049bis and for pointing out on a CBORbis issue that CBOR Undefined might be problematic translating to JSON.
-* Jeffrey Yasskin for his help on the IETF mailing list for 7049bis.
+Special thanks to Laurence Lundblade and Jeffrey Yasskin for their help on IETF mailing list or at [7049bis](https://github.com/cbor-wg/CBORbis).
-__Words of encouragement and support__
+Huge thanks to The Go Authors for creating a fun and practical programming language with batteries included!
-* Jakob Borg for his words of encouragement about this library at Go Forum. This is especially appreciated in the early stages when there's a lot of rough edges.
+This library uses `x448/float16` which used to be included. As a standalone package, `x448/float16` is useful to other projects as well.
+## License
-## License
-Copyright © 2019-2022 [Faye Amacker](https://github.com/fxamacker).
+Copyright © 2019-2024 [Faye Amacker](https://github.com/fxamacker).
-fxamacker/cbor is licensed under the MIT License. See [LICENSE](LICENSE) for the full license text.
+fxamacker/cbor is licensed under the MIT License. See [LICENSE](LICENSE) for the full license text.
-
-⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license)
diff --git a/vendor/github.com/fxamacker/cbor/v2/bytestring.go b/vendor/github.com/fxamacker/cbor/v2/bytestring.go
new file mode 100644
index 0000000000..823bff12ce
--- /dev/null
+++ b/vendor/github.com/fxamacker/cbor/v2/bytestring.go
@@ -0,0 +1,63 @@
+// Copyright (c) Faye Amacker. All rights reserved.
+// Licensed under the MIT License. See LICENSE in the project root for license information.
+
+package cbor
+
+import (
+ "errors"
+)
+
+// ByteString represents CBOR byte string (major type 2). ByteString can be used
+// when using a Go []byte is not possible or convenient. For example, Go doesn't
+// allow []byte as map key, so ByteString can be used to support data formats
+// having CBOR map with byte string keys. ByteString can also be used to
+// encode invalid UTF-8 string as CBOR byte string.
+// See DecOption.MapKeyByteStringMode for more details.
+type ByteString string
+
+// Bytes returns bytes representing ByteString.
+func (bs ByteString) Bytes() []byte {
+ return []byte(bs)
+}
+
+// MarshalCBOR encodes ByteString as CBOR byte string (major type 2).
+func (bs ByteString) MarshalCBOR() ([]byte, error) {
+ e := getEncodeBuffer()
+ defer putEncodeBuffer(e)
+
+ // Encode length
+ encodeHead(e, byte(cborTypeByteString), uint64(len(bs)))
+
+ // Encode data
+ buf := make([]byte, e.Len()+len(bs))
+ n := copy(buf, e.Bytes())
+ copy(buf[n:], bs)
+
+ return buf, nil
+}
+
+// UnmarshalCBOR decodes CBOR byte string (major type 2) to ByteString.
+// Decoding CBOR null and CBOR undefined sets ByteString to be empty.
+func (bs *ByteString) UnmarshalCBOR(data []byte) error {
+ if bs == nil {
+ return errors.New("cbor.ByteString: UnmarshalCBOR on nil pointer")
+ }
+
+ // Decoding CBOR null and CBOR undefined to ByteString resets data.
+ // This behavior is similar to decoding CBOR null and CBOR undefined to []byte.
+ if len(data) == 1 && (data[0] == 0xf6 || data[0] == 0xf7) {
+ *bs = ""
+ return nil
+ }
+
+ d := decoder{data: data, dm: defaultDecMode}
+
+ // Check if CBOR data type is byte string
+ if typ := d.nextCBORType(); typ != cborTypeByteString {
+ return &UnmarshalTypeError{CBORType: typ.String(), GoType: typeByteString.String()}
+ }
+
+ b, _ := d.parseByteString()
+ *bs = ByteString(b)
+ return nil
+}
diff --git a/vendor/github.com/fxamacker/cbor/v2/cache.go b/vendor/github.com/fxamacker/cbor/v2/cache.go
index 2fdf114bcb..ea0f39e24f 100644
--- a/vendor/github.com/fxamacker/cbor/v2/cache.go
+++ b/vendor/github.com/fxamacker/cbor/v2/cache.go
@@ -6,6 +6,7 @@ package cbor
import (
"bytes"
"errors"
+ "fmt"
"reflect"
"sort"
"strconv"
@@ -84,9 +85,25 @@ func newTypeInfo(t reflect.Type) *typeInfo {
}
type decodingStructType struct {
- fields fields
- err error
- toArray bool
+ fields fields
+ fieldIndicesByName map[string]int
+ err error
+ toArray bool
+}
+
+// The stdlib errors.Join was introduced in Go 1.20, and we still support Go 1.17, so instead,
+// here's a very basic implementation of an aggregated error.
+type multierror []error
+
+func (m multierror) Error() string {
+ var sb strings.Builder
+ for i, err := range m {
+ sb.WriteString(err.Error())
+ if i < len(m)-1 {
+ sb.WriteString(", ")
+ }
+ }
+ return sb.String()
}
func getDecodingStructType(t reflect.Type) *decodingStructType {
@@ -98,12 +115,12 @@ func getDecodingStructType(t reflect.Type) *decodingStructType {
toArray := hasToArrayOption(structOptions)
- var err error
+ var errs []error
for i := 0; i < len(flds); i++ {
if flds[i].keyAsInt {
nameAsInt, numErr := strconv.Atoi(flds[i].name)
if numErr != nil {
- err = errors.New("cbor: failed to parse field name \"" + flds[i].name + "\" to int (" + numErr.Error() + ")")
+ errs = append(errs, errors.New("cbor: failed to parse field name \""+flds[i].name+"\" to int ("+numErr.Error()+")"))
break
}
flds[i].nameAsInt = int64(nameAsInt)
@@ -112,7 +129,36 @@ func getDecodingStructType(t reflect.Type) *decodingStructType {
flds[i].typInfo = getTypeInfo(flds[i].typ)
}
- structType := &decodingStructType{fields: flds, err: err, toArray: toArray}
+ fieldIndicesByName := make(map[string]int, len(flds))
+ for i, fld := range flds {
+ if _, ok := fieldIndicesByName[fld.name]; ok {
+ errs = append(errs, fmt.Errorf("cbor: two or more fields of %v have the same name %q", t, fld.name))
+ continue
+ }
+ fieldIndicesByName[fld.name] = i
+ }
+
+ var err error
+ {
+ var multi multierror
+ for _, each := range errs {
+ if each != nil {
+ multi = append(multi, each)
+ }
+ }
+ if len(multi) == 1 {
+ err = multi[0]
+ } else if len(multi) > 1 {
+ err = multi
+ }
+ }
+
+ structType := &decodingStructType{
+ fields: flds,
+ fieldIndicesByName: fieldIndicesByName,
+ err: err,
+ toArray: toArray,
+ }
decodingStructTypeCache.Store(t, structType)
return structType
}
@@ -124,17 +170,17 @@ type encodingStructType struct {
omitEmptyFieldsIdx []int
err error
toArray bool
- fixedLength bool // Struct type doesn't have any omitempty or anonymous fields.
}
func (st *encodingStructType) getFields(em *encMode) fields {
- if em.sort == SortNone {
+ switch em.sort {
+ case SortNone, SortFastShuffle:
return st.fields
- }
- if em.sort == SortLengthFirst {
+ case SortLengthFirst:
return st.lengthFirstFields
+ default:
+ return st.bytewiseFields
}
- return st.bytewiseFields
}
type bytewiseFieldSorter struct {
@@ -188,8 +234,7 @@ func getEncodingStructType(t reflect.Type) (*encodingStructType, error) {
var hasKeyAsInt bool
var hasKeyAsStr bool
var omitEmptyIdx []int
- fixedLength := true
- e := getEncoderBuffer()
+ e := getEncodeBuffer()
for i := 0; i < len(flds); i++ {
// Get field's encodeFunc
flds[i].ef, flds[i].ief = getEncodeFunc(flds[i].typ)
@@ -224,21 +269,25 @@ func getEncodingStructType(t reflect.Type) (*encodingStructType, error) {
copy(flds[i].cborName[n:], flds[i].name)
e.Reset()
- hasKeyAsStr = true
- }
+ // If cborName contains a text string, then cborNameByteString contains a
+ // string that has the byte string major type but is otherwise identical to
+ // cborName.
+ flds[i].cborNameByteString = make([]byte, len(flds[i].cborName))
+ copy(flds[i].cborNameByteString, flds[i].cborName)
+ // Reset encoded CBOR type to byte string, preserving the "additional
+ // information" bits:
+ flds[i].cborNameByteString[0] = byte(cborTypeByteString) |
+ getAdditionalInformation(flds[i].cborNameByteString[0])
- // Check if field is from embedded struct
- if len(flds[i].idx) > 1 {
- fixedLength = false
+ hasKeyAsStr = true
}
// Check if field can be omitted when empty
if flds[i].omitEmpty {
- fixedLength = false
omitEmptyIdx = append(omitEmptyIdx, i)
}
}
- putEncoderBuffer(e)
+ putEncodeBuffer(e)
if err != nil {
structType := &encodingStructType{err: err}
@@ -263,8 +312,8 @@ func getEncodingStructType(t reflect.Type) (*encodingStructType, error) {
bytewiseFields: bytewiseFields,
lengthFirstFields: lengthFirstFields,
omitEmptyFieldsIdx: omitEmptyIdx,
- fixedLength: fixedLength,
}
+
encodingStructTypeCache.Store(t, structType)
return structType, structType.err
}
@@ -281,9 +330,8 @@ func getEncodingStructToArrayType(t reflect.Type, flds fields) (*encodingStructT
}
structType := &encodingStructType{
- fields: flds,
- toArray: true,
- fixedLength: true,
+ fields: flds,
+ toArray: true,
}
encodingStructTypeCache.Store(t, structType)
return structType, structType.err
diff --git a/vendor/github.com/fxamacker/cbor/v2/common.go b/vendor/github.com/fxamacker/cbor/v2/common.go
new file mode 100644
index 0000000000..ec038a49ec
--- /dev/null
+++ b/vendor/github.com/fxamacker/cbor/v2/common.go
@@ -0,0 +1,182 @@
+// Copyright (c) Faye Amacker. All rights reserved.
+// Licensed under the MIT License. See LICENSE in the project root for license information.
+
+package cbor
+
+import (
+ "fmt"
+ "strconv"
+)
+
+type cborType uint8
+
+const (
+ cborTypePositiveInt cborType = 0x00
+ cborTypeNegativeInt cborType = 0x20
+ cborTypeByteString cborType = 0x40
+ cborTypeTextString cborType = 0x60
+ cborTypeArray cborType = 0x80
+ cborTypeMap cborType = 0xa0
+ cborTypeTag cborType = 0xc0
+ cborTypePrimitives cborType = 0xe0
+)
+
+func (t cborType) String() string {
+ switch t {
+ case cborTypePositiveInt:
+ return "positive integer"
+ case cborTypeNegativeInt:
+ return "negative integer"
+ case cborTypeByteString:
+ return "byte string"
+ case cborTypeTextString:
+ return "UTF-8 text string"
+ case cborTypeArray:
+ return "array"
+ case cborTypeMap:
+ return "map"
+ case cborTypeTag:
+ return "tag"
+ case cborTypePrimitives:
+ return "primitives"
+ default:
+ return "Invalid type " + strconv.Itoa(int(t))
+ }
+}
+
+type additionalInformation uint8
+
+const (
+ maxAdditionalInformationWithoutArgument = 23
+ additionalInformationWith1ByteArgument = 24
+ additionalInformationWith2ByteArgument = 25
+ additionalInformationWith4ByteArgument = 26
+ additionalInformationWith8ByteArgument = 27
+
+ // For major type 7.
+ additionalInformationAsFalse = 20
+ additionalInformationAsTrue = 21
+ additionalInformationAsNull = 22
+ additionalInformationAsUndefined = 23
+ additionalInformationAsFloat16 = 25
+ additionalInformationAsFloat32 = 26
+ additionalInformationAsFloat64 = 27
+
+ // For major type 2, 3, 4, 5.
+ additionalInformationAsIndefiniteLengthFlag = 31
+)
+
+const (
+ maxSimpleValueInAdditionalInformation = 23
+ minSimpleValueIn1ByteArgument = 32
+)
+
+func (ai additionalInformation) isIndefiniteLength() bool {
+ return ai == additionalInformationAsIndefiniteLengthFlag
+}
+
+const (
+ // From RFC 8949 Section 3:
+ // "The initial byte of each encoded data item contains both information about the major type
+ // (the high-order 3 bits, described in Section 3.1) and additional information
+ // (the low-order 5 bits)."
+
+ // typeMask is used to extract major type in initial byte of encoded data item.
+ typeMask = 0xe0
+
+ // additionalInformationMask is used to extract additional information in initial byte of encoded data item.
+ additionalInformationMask = 0x1f
+)
+
+func getType(raw byte) cborType {
+ return cborType(raw & typeMask)
+}
+
+func getAdditionalInformation(raw byte) byte {
+ return raw & additionalInformationMask
+}
+
+func isBreakFlag(raw byte) bool {
+ return raw == cborBreakFlag
+}
+
+func parseInitialByte(b byte) (t cborType, ai byte) {
+ return getType(b), getAdditionalInformation(b)
+}
+
+const (
+ tagNumRFC3339Time = 0
+ tagNumEpochTime = 1
+ tagNumUnsignedBignum = 2
+ tagNumNegativeBignum = 3
+ tagNumExpectedLaterEncodingBase64URL = 21
+ tagNumExpectedLaterEncodingBase64 = 22
+ tagNumExpectedLaterEncodingBase16 = 23
+ tagNumSelfDescribedCBOR = 55799
+)
+
+const (
+ cborBreakFlag = byte(0xff)
+ cborByteStringWithIndefiniteLengthHead = byte(0x5f)
+ cborTextStringWithIndefiniteLengthHead = byte(0x7f)
+ cborArrayWithIndefiniteLengthHead = byte(0x9f)
+ cborMapWithIndefiniteLengthHead = byte(0xbf)
+)
+
+var (
+ cborFalse = []byte{0xf4}
+ cborTrue = []byte{0xf5}
+ cborNil = []byte{0xf6}
+ cborNaN = []byte{0xf9, 0x7e, 0x00}
+ cborPositiveInfinity = []byte{0xf9, 0x7c, 0x00}
+ cborNegativeInfinity = []byte{0xf9, 0xfc, 0x00}
+)
+
+// validBuiltinTag checks that supported built-in tag numbers are followed by expected content types.
+func validBuiltinTag(tagNum uint64, contentHead byte) error {
+ t := getType(contentHead)
+ switch tagNum {
+ case tagNumRFC3339Time:
+ // Tag content (date/time text string in RFC 3339 format) must be string type.
+ if t != cborTypeTextString {
+ return newInadmissibleTagContentTypeError(
+ tagNumRFC3339Time,
+ "text string",
+ t.String())
+ }
+ return nil
+
+ case tagNumEpochTime:
+ // Tag content (epoch date/time) must be uint, int, or float type.
+ if t != cborTypePositiveInt && t != cborTypeNegativeInt && (contentHead < 0xf9 || contentHead > 0xfb) {
+ return newInadmissibleTagContentTypeError(
+ tagNumEpochTime,
+ "integer or floating-point number",
+ t.String())
+ }
+ return nil
+
+ case tagNumUnsignedBignum, tagNumNegativeBignum:
+ // Tag content (bignum) must be byte type.
+ if t != cborTypeByteString {
+ return newInadmissibleTagContentTypeErrorf(
+ fmt.Sprintf(
+ "tag number %d or %d must be followed by byte string, got %s",
+ tagNumUnsignedBignum,
+ tagNumNegativeBignum,
+ t.String(),
+ ))
+ }
+ return nil
+
+ case tagNumExpectedLaterEncodingBase64URL, tagNumExpectedLaterEncodingBase64, tagNumExpectedLaterEncodingBase16:
+ // From RFC 8949 3.4.5.2:
+ // The data item tagged can be a byte string or any other data item. In the latter
+ // case, the tag applies to all of the byte string data items contained in the data
+ // item, except for those contained in a nested data item tagged with an expected
+ // conversion.
+ return nil
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/fxamacker/cbor/v2/decode.go b/vendor/github.com/fxamacker/cbor/v2/decode.go
index 0d5f25351b..85842ac736 100644
--- a/vendor/github.com/fxamacker/cbor/v2/decode.go
+++ b/vendor/github.com/fxamacker/cbor/v2/decode.go
@@ -5,7 +5,9 @@ package cbor
import (
"encoding"
+ "encoding/base64"
"encoding/binary"
+ "encoding/hex"
"errors"
"fmt"
"io"
@@ -40,17 +42,18 @@ import (
// To unmarshal CBOR into an empty interface value, Unmarshal uses the
// following rules:
//
-// CBOR booleans decode to bool.
-// CBOR positive integers decode to uint64.
-// CBOR negative integers decode to int64 (big.Int if value overflows).
-// CBOR floating points decode to float64.
-// CBOR byte strings decode to []byte.
-// CBOR text strings decode to string.
-// CBOR arrays decode to []interface{}.
-// CBOR maps decode to map[interface{}]interface{}.
-// CBOR null and undefined values decode to nil.
-// CBOR times (tag 0 and 1) decode to time.Time.
-// CBOR bignums (tag 2 and 3) decode to big.Int.
+// CBOR booleans decode to bool.
+// CBOR positive integers decode to uint64.
+// CBOR negative integers decode to int64 (big.Int if value overflows).
+// CBOR floating points decode to float64.
+// CBOR byte strings decode to []byte.
+// CBOR text strings decode to string.
+// CBOR arrays decode to []interface{}.
+// CBOR maps decode to map[interface{}]interface{}.
+// CBOR null and undefined values decode to nil.
+// CBOR times (tag 0 and 1) decode to time.Time.
+// CBOR bignums (tag 2 and 3) decode to big.Int.
+// CBOR tags with an unrecognized number decode to cbor.Tag
//
// To unmarshal a CBOR array into a slice, Unmarshal allocates a new slice
// if the CBOR array is empty or slice capacity is less than CBOR array length.
@@ -75,9 +78,9 @@ import (
// To unmarshal a CBOR map into a struct, Unmarshal matches CBOR map keys to the
// keys in the following priority:
//
-// 1. "cbor" key in struct field tag,
-// 2. "json" key in struct field tag,
-// 3. struct field name.
+// 1. "cbor" key in struct field tag,
+// 2. "json" key in struct field tag,
+// 3. struct field name.
//
// Unmarshal tries an exact match for field name, then a case-insensitive match.
// Map key-value pairs without corresponding struct fields are ignored. See
@@ -86,7 +89,8 @@ import (
// To unmarshal a CBOR text string into a time.Time value, Unmarshal parses text
// string formatted in RFC3339. To unmarshal a CBOR integer/float into a
// time.Time value, Unmarshal creates an unix time with integer/float as seconds
-// and fractional seconds since January 1, 1970 UTC.
+// and fractional seconds since January 1, 1970 UTC. As a special case, Infinite
+// and NaN float values decode to time.Time's zero value.
//
// To unmarshal CBOR null (0xf6) and undefined (0xf7) values into a
// slice/map/pointer, Unmarshal sets Go value to nil. Because null is often
@@ -95,15 +99,51 @@ import (
//
// Unmarshal supports CBOR tag 55799 (self-describe CBOR), tag 0 and 1 (time),
// and tag 2 and 3 (bignum).
+//
+// Unmarshal returns ExtraneousDataError error (without decoding into v)
+// if there are any remaining bytes following the first valid CBOR data item.
+// See UnmarshalFirst, if you want to unmarshal only the first
+// CBOR data item without ExtraneousDataError caused by remaining bytes.
func Unmarshal(data []byte, v interface{}) error {
return defaultDecMode.Unmarshal(data, v)
}
-// Valid checks whether the CBOR data is complete and well-formed.
+// UnmarshalFirst parses the first CBOR data item into the value pointed to by v
+// using default decoding options. Any remaining bytes are returned in rest.
+//
+// If v is nil, not a pointer, or a nil pointer, UnmarshalFirst returns an error.
+//
+// See the documentation for Unmarshal for details.
+func UnmarshalFirst(data []byte, v interface{}) (rest []byte, err error) {
+ return defaultDecMode.UnmarshalFirst(data, v)
+}
+
+// Valid checks whether data is a well-formed encoded CBOR data item and
+// that it complies with default restrictions such as MaxNestedLevels,
+// MaxArrayElements, MaxMapPairs, etc.
+//
+// If there are any remaining bytes after the CBOR data item,
+// an ExtraneousDataError is returned.
+//
+// WARNING: Valid doesn't check if encoded CBOR data item is valid (i.e. validity)
+// and RFC 8949 distinctly defines what is "Valid" and what is "Well-formed".
+//
+// Deprecated: Valid is kept for compatibility and should not be used.
+// Use Wellformed instead because it has a more appropriate name.
func Valid(data []byte) error {
return defaultDecMode.Valid(data)
}
+// Wellformed checks whether data is a well-formed encoded CBOR data item and
+// that it complies with default restrictions such as MaxNestedLevels,
+// MaxArrayElements, MaxMapPairs, etc.
+//
+// If there are any remaining bytes after the CBOR data item,
+// an ExtraneousDataError is returned.
+func Wellformed(data []byte) error {
+ return defaultDecMode.Wellformed(data)
+}
+
// Unmarshaler is the interface implemented by types that wish to unmarshal
// CBOR data themselves. The input is a valid CBOR value. UnmarshalCBOR
// must copy the CBOR data if it needs to use it after returning.
@@ -141,6 +181,16 @@ func (e *UnmarshalTypeError) Error() string {
return s
}
+// InvalidMapKeyTypeError describes invalid Go map key type when decoding CBOR map.
+// For example, Go doesn't allow slice as map key.
+type InvalidMapKeyTypeError struct {
+ GoType string
+}
+
+func (e *InvalidMapKeyTypeError) Error() string {
+ return "cbor: invalid map key type: " + e.GoType
+}
+
// DupMapKeyError describes detected duplicate map key in CBOR map.
type DupMapKeyError struct {
Key interface{}
@@ -160,7 +210,95 @@ func (e *UnknownFieldError) Error() string {
return fmt.Sprintf("cbor: found unknown field at map element index %d", e.Index)
}
-// DupMapKeyMode specifies how to enforce duplicate map key.
+// UnacceptableDataItemError is returned when unmarshaling a CBOR input that contains a data item
+// that is not acceptable to a specific CBOR-based application protocol ("invalid or unexpected" as
+// described in RFC 8949 Section 5 Paragraph 3).
+type UnacceptableDataItemError struct {
+ CBORType string
+ Message string
+}
+
+func (e UnacceptableDataItemError) Error() string {
+ return fmt.Sprintf("cbor: data item of cbor type %s is not accepted by protocol: %s", e.CBORType, e.Message)
+}
+
+// ByteStringExpectedFormatError is returned when unmarshaling CBOR byte string fails when
+// using non-default ByteStringExpectedFormat decoding option that makes decoder expect
+// a specified format such as base64, hex, etc.
+type ByteStringExpectedFormatError struct {
+ expectedFormatOption ByteStringExpectedFormatMode
+ err error
+}
+
+func newByteStringExpectedFormatError(expectedFormatOption ByteStringExpectedFormatMode, err error) *ByteStringExpectedFormatError {
+ return &ByteStringExpectedFormatError{expectedFormatOption, err}
+}
+
+func (e *ByteStringExpectedFormatError) Error() string {
+ switch e.expectedFormatOption {
+ case ByteStringExpectedBase64URL:
+ return fmt.Sprintf("cbor: failed to decode base64url from byte string: %s", e.err)
+
+ case ByteStringExpectedBase64:
+ return fmt.Sprintf("cbor: failed to decode base64 from byte string: %s", e.err)
+
+ case ByteStringExpectedBase16:
+ return fmt.Sprintf("cbor: failed to decode hex from byte string: %s", e.err)
+
+ default:
+ return fmt.Sprintf("cbor: failed to decode byte string in expected format %d: %s", e.expectedFormatOption, e.err)
+ }
+}
+
+func (e *ByteStringExpectedFormatError) Unwrap() error {
+ return e.err
+}
+
+// InadmissibleTagContentTypeError is returned when unmarshaling built-in CBOR tags
+// fails because of inadmissible type for tag content. Currently, the built-in
+// CBOR tags in this codec are tags 0-3 and 21-23.
+// See "Tag validity" in RFC 8949 Section 5.3.2.
+type InadmissibleTagContentTypeError struct {
+ s string
+ tagNum int
+ expectedTagContentType string
+ gotTagContentType string
+}
+
+func newInadmissibleTagContentTypeError(
+ tagNum int,
+ expectedTagContentType string,
+ gotTagContentType string,
+) *InadmissibleTagContentTypeError {
+ return &InadmissibleTagContentTypeError{
+ tagNum: tagNum,
+ expectedTagContentType: expectedTagContentType,
+ gotTagContentType: gotTagContentType,
+ }
+}
+
+func newInadmissibleTagContentTypeErrorf(s string) *InadmissibleTagContentTypeError {
+ return &InadmissibleTagContentTypeError{s: "cbor: " + s} //nolint:goconst // ignore "cbor"
+}
+
+func (e *InadmissibleTagContentTypeError) Error() string {
+ if e.s == "" {
+ return fmt.Sprintf(
+ "cbor: tag number %d must be followed by %s, got %s",
+ e.tagNum,
+ e.expectedTagContentType,
+ e.gotTagContentType,
+ )
+ }
+ return e.s
+}
+
+// DupMapKeyMode specifies how to enforce duplicate map key. Two map keys are considered duplicates if:
+// 1. When decoding into a struct, both keys match the same struct field. The keys are also
+// considered duplicates if neither matches any field and decoding to interface{} would produce
+// equal (==) values for both keys.
+// 2. When decoding into a map, both keys are equal (==) when decoded into values of the
+// destination map's key type.
type DupMapKeyMode int
const (
@@ -180,7 +318,7 @@ const (
)
func (dmkm DupMapKeyMode) valid() bool {
- return dmkm < maxDupMapKeyMode
+ return dmkm >= 0 && dmkm < maxDupMapKeyMode
}
// IndefLengthMode specifies whether to allow indefinite length items.
@@ -197,7 +335,7 @@ const (
)
func (m IndefLengthMode) valid() bool {
- return m < maxIndefLengthMode
+ return m >= 0 && m < maxIndefLengthMode
}
// TagsMode specifies whether to allow CBOR tags.
@@ -214,29 +352,78 @@ const (
)
func (tm TagsMode) valid() bool {
- return tm < maxTagsMode
+ return tm >= 0 && tm < maxTagsMode
}
-// IntDecMode specifies which Go int type (int64 or uint64) should
-// be used when decoding CBOR int (major type 0 and 1) to Go interface{}.
+// IntDecMode specifies which Go type (int64, uint64, or big.Int) should
+// be used when decoding CBOR integers (major type 0 and 1) to Go interface{}.
type IntDecMode int
const (
- // IntDecConvertNone affects how CBOR int (major type 0 and 1) decodes to Go interface{}.
- // It makes CBOR positive int (major type 0) decode to uint64 value, and
- // CBOR negative int (major type 1) decode to int64 value.
+ // IntDecConvertNone affects how CBOR integers (major type 0 and 1) decode to Go interface{}.
+ // It decodes CBOR unsigned integer (major type 0) to:
+ // - uint64
+ // It decodes CBOR negative integer (major type 1) to:
+ // - int64 if value fits
+ // - big.Int or *big.Int (see BigIntDecMode) if value doesn't fit into int64
IntDecConvertNone IntDecMode = iota
- // IntDecConvertSigned affects how CBOR int (major type 0 and 1) decodes to Go interface{}.
- // It makes CBOR positive/negative int (major type 0 and 1) decode to int64 value.
- // If value overflows int64, UnmarshalTypeError is returned.
+ // IntDecConvertSigned affects how CBOR integers (major type 0 and 1) decode to Go interface{}.
+ // It decodes CBOR integers (major type 0 and 1) to:
+ // - int64 if value fits
+ // - big.Int or *big.Int (see BigIntDecMode) if value < math.MinInt64
+ // - return UnmarshalTypeError if value > math.MaxInt64
+ // Deprecated: IntDecConvertSigned should not be used.
+ // Please use other options, such as IntDecConvertSignedOrError, IntDecConvertSignedOrBigInt, IntDecConvertNone.
IntDecConvertSigned
+ // IntDecConvertSignedOrFail affects how CBOR integers (major type 0 and 1) decode to Go interface{}.
+ // It decodes CBOR integers (major type 0 and 1) to:
+ // - int64 if value fits
+ // - return UnmarshalTypeError if value doesn't fit into int64
+ IntDecConvertSignedOrFail
+
+ // IntDecConvertSigned affects how CBOR integers (major type 0 and 1) decode to Go interface{}.
+ // It makes CBOR integers (major type 0 and 1) decode to:
+ // - int64 if value fits
+ // - big.Int or *big.Int (see BigIntDecMode) if value doesn't fit into int64
+ IntDecConvertSignedOrBigInt
+
maxIntDec
)
func (idm IntDecMode) valid() bool {
- return idm < maxIntDec
+ return idm >= 0 && idm < maxIntDec
+}
+
+// MapKeyByteStringMode specifies how to decode CBOR byte string (major type 2)
+// as Go map key when decoding CBOR map key into an empty Go interface value.
+// Specifically, this option applies when decoding CBOR map into
+// - Go empty interface, or
+// - Go map with empty interface as key type.
+// The CBOR map key types handled by this option are
+// - byte string
+// - tagged byte string
+// - nested tagged byte string
+type MapKeyByteStringMode int
+
+const (
+ // MapKeyByteStringAllowed allows CBOR byte string to be decoded as Go map key.
+ // Since Go doesn't allow []byte as map key, CBOR byte string is decoded to
+ // ByteString which has underlying string type.
+ // This is the default setting.
+ MapKeyByteStringAllowed MapKeyByteStringMode = iota
+
+ // MapKeyByteStringForbidden forbids CBOR byte string being decoded as Go map key.
+ // Attempting to decode CBOR byte string as map key into empty interface value
+ // returns a decoding error.
+ MapKeyByteStringForbidden
+
+ maxMapKeyByteStringMode
+)
+
+func (mkbsm MapKeyByteStringMode) valid() bool {
+ return mkbsm >= 0 && mkbsm < maxMapKeyByteStringMode
}
// ExtraDecErrorCond specifies extra conditions that should be treated as errors.
@@ -257,17 +444,339 @@ func (ec ExtraDecErrorCond) valid() bool {
return ec < maxExtraDecError
}
+// UTF8Mode option specifies if decoder should
+// decode CBOR Text containing invalid UTF-8 string.
+type UTF8Mode int
+
+const (
+ // UTF8RejectInvalid rejects CBOR Text containing
+ // invalid UTF-8 string.
+ UTF8RejectInvalid UTF8Mode = iota
+
+ // UTF8DecodeInvalid allows decoding CBOR Text containing
+ // invalid UTF-8 string.
+ UTF8DecodeInvalid
+
+ maxUTF8Mode
+)
+
+func (um UTF8Mode) valid() bool {
+ return um >= 0 && um < maxUTF8Mode
+}
+
+// FieldNameMatchingMode specifies how string keys in CBOR maps are matched to Go struct field names.
+type FieldNameMatchingMode int
+
+const (
+ // FieldNameMatchingPreferCaseSensitive prefers to decode map items into struct fields whose names (or tag
+ // names) exactly match the item's key. If there is no such field, a map item will be decoded into a field whose
+ // name is a case-insensitive match for the item's key.
+ FieldNameMatchingPreferCaseSensitive FieldNameMatchingMode = iota
+
+ // FieldNameMatchingCaseSensitive decodes map items only into a struct field whose name (or tag name) is an
+ // exact match for the item's key.
+ FieldNameMatchingCaseSensitive
+
+ maxFieldNameMatchingMode
+)
+
+func (fnmm FieldNameMatchingMode) valid() bool {
+ return fnmm >= 0 && fnmm < maxFieldNameMatchingMode
+}
+
+// BigIntDecMode specifies how to decode CBOR bignum to Go interface{}.
+type BigIntDecMode int
+
+const (
+ // BigIntDecodeValue makes CBOR bignum decode to big.Int (instead of *big.Int)
+ // when unmarshalling into a Go interface{}.
+ BigIntDecodeValue BigIntDecMode = iota
+
+ // BigIntDecodePointer makes CBOR bignum decode to *big.Int when
+ // unmarshalling into a Go interface{}.
+ BigIntDecodePointer
+
+ maxBigIntDecMode
+)
+
+func (bidm BigIntDecMode) valid() bool {
+ return bidm >= 0 && bidm < maxBigIntDecMode
+}
+
+// ByteStringToStringMode specifies the behavior when decoding a CBOR byte string into a Go string.
+type ByteStringToStringMode int
+
+const (
+ // ByteStringToStringForbidden generates an error on an attempt to decode a CBOR byte string into a Go string.
+ ByteStringToStringForbidden ByteStringToStringMode = iota
+
+ // ByteStringToStringAllowed permits decoding a CBOR byte string into a Go string.
+ ByteStringToStringAllowed
+
+ // ByteStringToStringAllowedWithExpectedLaterEncoding permits decoding a CBOR byte string
+ // into a Go string. Also, if the byte string is enclosed (directly or indirectly) by one of
+ // the "expected later encoding" tags (numbers 21 through 23), the destination string will
+ // be populated by applying the designated text encoding to the contents of the input byte
+ // string.
+ ByteStringToStringAllowedWithExpectedLaterEncoding
+
+ maxByteStringToStringMode
+)
+
+func (bstsm ByteStringToStringMode) valid() bool {
+ return bstsm >= 0 && bstsm < maxByteStringToStringMode
+}
+
+// FieldNameByteStringMode specifies the behavior when decoding a CBOR byte string map key as a Go struct field name.
+type FieldNameByteStringMode int
+
+const (
+ // FieldNameByteStringForbidden generates an error on an attempt to decode a CBOR byte string map key as a Go struct field name.
+ FieldNameByteStringForbidden FieldNameByteStringMode = iota
+
+ // FieldNameByteStringAllowed permits CBOR byte string map keys to be recognized as Go struct field names.
+ FieldNameByteStringAllowed
+
+ maxFieldNameByteStringMode
+)
+
+func (fnbsm FieldNameByteStringMode) valid() bool {
+ return fnbsm >= 0 && fnbsm < maxFieldNameByteStringMode
+}
+
+// UnrecognizedTagToAnyMode specifies how to decode unrecognized CBOR tag into an empty interface (any).
+// Currently, recognized CBOR tag numbers are 0, 1, 2, 3, or registered by TagSet.
+type UnrecognizedTagToAnyMode int
+
+const (
+ // UnrecognizedTagNumAndContentToAny decodes CBOR tag number and tag content to cbor.Tag
+ // when decoding unrecognized CBOR tag into an empty interface.
+ UnrecognizedTagNumAndContentToAny UnrecognizedTagToAnyMode = iota
+
+ // UnrecognizedTagContentToAny decodes only CBOR tag content (into its default type)
+ // when decoding unrecognized CBOR tag into an empty interface.
+ UnrecognizedTagContentToAny
+
+ maxUnrecognizedTagToAny
+)
+
+func (uttam UnrecognizedTagToAnyMode) valid() bool {
+ return uttam >= 0 && uttam < maxUnrecognizedTagToAny
+}
+
+// TimeTagToAnyMode specifies how to decode CBOR tag 0 and 1 into an empty interface (any).
+// Based on the specified mode, Unmarshal can return a time.Time value or a time string in a specific format.
+type TimeTagToAnyMode int
+
+const (
+ // TimeTagToTime decodes CBOR tag 0 and 1 into a time.Time value
+ // when decoding tag 0 or 1 into an empty interface.
+ TimeTagToTime TimeTagToAnyMode = iota
+
+ // TimeTagToRFC3339 decodes CBOR tag 0 and 1 into a time string in RFC3339 format
+ // when decoding tag 0 or 1 into an empty interface.
+ TimeTagToRFC3339
+
+ // TimeTagToRFC3339Nano decodes CBOR tag 0 and 1 into a time string in RFC3339Nano format
+ // when decoding tag 0 or 1 into an empty interface.
+ TimeTagToRFC3339Nano
+
+ maxTimeTagToAnyMode
+)
+
+func (tttam TimeTagToAnyMode) valid() bool {
+ return tttam >= 0 && tttam < maxTimeTagToAnyMode
+}
+
+// SimpleValueRegistry is a registry of unmarshaling behaviors for each possible CBOR simple value
+// number (0...23 and 32...255).
+type SimpleValueRegistry struct {
+ rejected [256]bool
+}
+
+// WithRejectedSimpleValue registers the given simple value as rejected. If the simple value is
+// encountered in a CBOR input during unmarshaling, an UnacceptableDataItemError is returned.
+func WithRejectedSimpleValue(sv SimpleValue) func(*SimpleValueRegistry) error {
+ return func(r *SimpleValueRegistry) error {
+ if sv >= 24 && sv <= 31 {
+ return fmt.Errorf("cbor: cannot set analog for reserved simple value %d", sv)
+ }
+ r.rejected[sv] = true
+ return nil
+ }
+}
+
+// Creates a new SimpleValueRegistry. The registry state is initialized by executing the provided
+// functions in order against a registry that is pre-populated with the defaults for all well-formed
+// simple value numbers.
+func NewSimpleValueRegistryFromDefaults(fns ...func(*SimpleValueRegistry) error) (*SimpleValueRegistry, error) {
+ var r SimpleValueRegistry
+ for _, fn := range fns {
+ if err := fn(&r); err != nil {
+ return nil, err
+ }
+ }
+ return &r, nil
+}
+
+// NaNMode specifies how to decode floating-point values (major type 7, additional information 25
+// through 27) representing NaN (not-a-number).
+type NaNMode int
+
+const (
+ // NaNDecodeAllowed will decode NaN values to Go float32 or float64.
+ NaNDecodeAllowed NaNMode = iota
+
+ // NaNDecodeForbidden will return an UnacceptableDataItemError on an attempt to decode a NaN value.
+ NaNDecodeForbidden
+
+ maxNaNDecode
+)
+
+func (ndm NaNMode) valid() bool {
+ return ndm >= 0 && ndm < maxNaNDecode
+}
+
+// InfMode specifies how to decode floating-point values (major type 7, additional information 25
+// through 27) representing positive or negative infinity.
+type InfMode int
+
+const (
+ // InfDecodeAllowed will decode infinite values to Go float32 or float64.
+ InfDecodeAllowed InfMode = iota
+
+ // InfDecodeForbidden will return an UnacceptableDataItemError on an attempt to decode an
+ // infinite value.
+ InfDecodeForbidden
+
+ maxInfDecode
+)
+
+func (idm InfMode) valid() bool {
+ return idm >= 0 && idm < maxInfDecode
+}
+
+// ByteStringToTimeMode specifies the behavior when decoding a CBOR byte string into a Go time.Time.
+type ByteStringToTimeMode int
+
+const (
+ // ByteStringToTimeForbidden generates an error on an attempt to decode a CBOR byte string into a Go time.Time.
+ ByteStringToTimeForbidden ByteStringToTimeMode = iota
+
+ // ByteStringToTimeAllowed permits decoding a CBOR byte string into a Go time.Time.
+ ByteStringToTimeAllowed
+
+ maxByteStringToTimeMode
+)
+
+func (bttm ByteStringToTimeMode) valid() bool {
+ return bttm >= 0 && bttm < maxByteStringToTimeMode
+}
+
+// ByteStringExpectedFormatMode specifies how to decode CBOR byte string into Go byte slice
+// when the byte string is NOT enclosed in CBOR tag 21, 22, or 23. An error is returned if
+// the CBOR byte string does not contain the expected format (e.g. base64) specified.
+// For tags 21-23, see "Expected Later Encoding for CBOR-to-JSON Converters"
+// in RFC 8949 Section 3.4.5.2.
+type ByteStringExpectedFormatMode int
+
+const (
+ // ByteStringExpectedFormatNone copies the unmodified CBOR byte string into Go byte slice
+ // if the byte string is not tagged by CBOR tag 21-23.
+ ByteStringExpectedFormatNone ByteStringExpectedFormatMode = iota
+
+ // ByteStringExpectedBase64URL expects CBOR byte strings to contain base64url-encoded bytes
+ // if the byte string is not tagged by CBOR tag 21-23. The decoder will attempt to decode
+ // the base64url-encoded bytes into Go slice.
+ ByteStringExpectedBase64URL
+
+ // ByteStringExpectedBase64 expects CBOR byte strings to contain base64-encoded bytes
+ // if the byte string is not tagged by CBOR tag 21-23. The decoder will attempt to decode
+ // the base64-encoded bytes into Go slice.
+ ByteStringExpectedBase64
+
+ // ByteStringExpectedBase16 expects CBOR byte strings to contain base16-encoded bytes
+ // if the byte string is not tagged by CBOR tag 21-23. The decoder will attempt to decode
+ // the base16-encoded bytes into Go slice.
+ ByteStringExpectedBase16
+
+ maxByteStringExpectedFormatMode
+)
+
+func (bsefm ByteStringExpectedFormatMode) valid() bool {
+ return bsefm >= 0 && bsefm < maxByteStringExpectedFormatMode
+}
+
+// BignumTagMode specifies whether or not the "bignum" tags 2 and 3 (RFC 8949 Section 3.4.3) can be
+// decoded.
+type BignumTagMode int
+
+const (
+ // BignumTagAllowed allows bignum tags to be decoded.
+ BignumTagAllowed BignumTagMode = iota
+
+ // BignumTagForbidden produces an UnacceptableDataItemError during Unmarshal if a bignum tag
+ // is encountered in the input.
+ BignumTagForbidden
+
+ maxBignumTag
+)
+
+func (btm BignumTagMode) valid() bool {
+ return btm >= 0 && btm < maxBignumTag
+}
+
+// BinaryUnmarshalerMode specifies how to decode into types that implement
+// encoding.BinaryUnmarshaler.
+type BinaryUnmarshalerMode int
+
+const (
+ // BinaryUnmarshalerByteString will invoke UnmarshalBinary on the contents of a CBOR byte
+ // string when decoding into a value that implements BinaryUnmarshaler.
+ BinaryUnmarshalerByteString BinaryUnmarshalerMode = iota
+
+ // BinaryUnmarshalerNone does not recognize BinaryUnmarshaler implementations during decode.
+ BinaryUnmarshalerNone
+
+ maxBinaryUnmarshalerMode
+)
+
+func (bum BinaryUnmarshalerMode) valid() bool {
+ return bum >= 0 && bum < maxBinaryUnmarshalerMode
+}
+
// DecOptions specifies decoding options.
type DecOptions struct {
// DupMapKey specifies whether to enforce duplicate map key.
DupMapKey DupMapKeyMode
- // TimeTag specifies whether to check validity of time.Time (e.g. valid tag number and tag content type).
- // For now, valid tag number means 0 or 1 as specified in RFC 7049 if the Go type is time.Time.
+ // TimeTag specifies whether or not untagged data items, or tags other
+ // than tag 0 and tag 1, can be decoded to time.Time. If tag 0 or tag 1
+ // appears in an input, the type of its content is always validated as
+ // specified in RFC 8949. That behavior is not controlled by this
+ // option. The behavior of the supported modes are:
+ //
+ // DecTagIgnored (default): Untagged text strings and text strings
+ // enclosed in tags other than 0 and 1 are decoded as though enclosed
+ // in tag 0. Untagged unsigned integers, negative integers, and
+ // floating-point numbers (or those enclosed in tags other than 0 and
+ // 1) are decoded as though enclosed in tag 1. Decoding a tag other
+ // than 0 or 1 enclosing simple values null or undefined into a
+ // time.Time does not modify the destination value.
+ //
+ // DecTagOptional: Untagged text strings are decoded as though
+ // enclosed in tag 0. Untagged unsigned integers, negative integers,
+ // and floating-point numbers are decoded as though enclosed in tag
+ // 1. Tags other than 0 and 1 will produce an error on attempts to
+ // decode them into a time.Time.
+ //
+ // DecTagRequired: Only tags 0 and 1 can be decoded to time.Time. Any
+ // other input will produce an error.
TimeTag DecTagMode
// MaxNestedLevels specifies the max nested levels allowed for any combination of CBOR array, maps, and tags.
- // Default is 32 levels and it can be set to [4, 256].
+ // Default is 32 levels and it can be set to [4, 65535]. Note that higher maximum levels of nesting can
+ // require larger amounts of stack to deserialize. Don't increase this higher than you require.
MaxNestedLevels int
// MaxArrayElements specifies the max number of elements for CBOR arrays.
@@ -288,6 +797,12 @@ type DecOptions struct {
// when decoding CBOR int (major type 0 and 1) to Go interface{}.
IntDec IntDecMode
+ // MapKeyByteString specifies how to decode CBOR byte string as map key
+ // when decoding CBOR map with byte string key into an empty interface value.
+ // By default, an error is returned when attempting to decode CBOR byte string
+ // as map key because Go doesn't allow []byte as map key.
+ MapKeyByteString MapKeyByteStringMode
+
// ExtraReturnErrors specifies extra conditions that should be treated as errors.
ExtraReturnErrors ExtraDecErrorCond
@@ -295,22 +810,112 @@ type DecOptions struct {
// when unmarshalling CBOR into an empty interface value.
// By default, unmarshal uses map[interface{}]interface{}.
DefaultMapType reflect.Type
+
+ // UTF8 specifies if decoder should decode CBOR Text containing invalid UTF-8.
+ // By default, unmarshal rejects CBOR text containing invalid UTF-8.
+ UTF8 UTF8Mode
+
+ // FieldNameMatching specifies how string keys in CBOR maps are matched to Go struct field names.
+ FieldNameMatching FieldNameMatchingMode
+
+ // BigIntDec specifies how to decode CBOR bignum to Go interface{}.
+ BigIntDec BigIntDecMode
+
+ // DefaultByteStringType is the Go type that should be produced when decoding a CBOR byte
+ // string into an empty interface value. Types to which a []byte is convertible are valid
+ // for this option, except for array and pointer-to-array types. If nil, the default is
+ // []byte.
+ DefaultByteStringType reflect.Type
+
+ // ByteStringToString specifies the behavior when decoding a CBOR byte string into a Go string.
+ ByteStringToString ByteStringToStringMode
+
+ // FieldNameByteString specifies the behavior when decoding a CBOR byte string map key as a
+ // Go struct field name.
+ FieldNameByteString FieldNameByteStringMode
+
+ // UnrecognizedTagToAny specifies how to decode unrecognized CBOR tag into an empty interface.
+ // Currently, recognized CBOR tag numbers are 0, 1, 2, 3, or registered by TagSet.
+ UnrecognizedTagToAny UnrecognizedTagToAnyMode
+
+ // TimeTagToAny specifies how to decode CBOR tag 0 and 1 into an empty interface (any).
+ // Based on the specified mode, Unmarshal can return a time.Time value or a time string in a specific format.
+ TimeTagToAny TimeTagToAnyMode
+
+ // SimpleValues is an immutable mapping from each CBOR simple value to a corresponding
+ // unmarshal behavior. If nil, the simple values false, true, null, and undefined are mapped
+ // to the Go analog values false, true, nil, and nil, respectively, and all other simple
+ // values N (except the reserved simple values 24 through 31) are mapped to
+ // cbor.SimpleValue(N). In other words, all well-formed simple values can be decoded.
+ //
+ // Users may provide a custom SimpleValueRegistry constructed via
+ // NewSimpleValueRegistryFromDefaults.
+ SimpleValues *SimpleValueRegistry
+
+ // NaN specifies how to decode floating-point values (major type 7, additional information
+ // 25 through 27) representing NaN (not-a-number).
+ NaN NaNMode
+
+ // Inf specifies how to decode floating-point values (major type 7, additional information
+ // 25 through 27) representing positive or negative infinity.
+ Inf InfMode
+
+ // ByteStringToTime specifies how to decode CBOR byte string into Go time.Time.
+ ByteStringToTime ByteStringToTimeMode
+
+ // ByteStringExpectedFormat specifies how to decode CBOR byte string into Go byte slice
+ // when the byte string is NOT enclosed in CBOR tag 21, 22, or 23. An error is returned if
+ // the CBOR byte string does not contain the expected format (e.g. base64) specified.
+ // For tags 21-23, see "Expected Later Encoding for CBOR-to-JSON Converters"
+ // in RFC 8949 Section 3.4.5.2.
+ ByteStringExpectedFormat ByteStringExpectedFormatMode
+
+ // BignumTag specifies whether or not the "bignum" tags 2 and 3 (RFC 8949 Section 3.4.3) can
+ // be decoded. Unlike BigIntDec, this option applies to all bignum tags encountered in a
+ // CBOR input, independent of the type of the destination value of a particular Unmarshal
+ // operation.
+ BignumTag BignumTagMode
+
+ // BinaryUnmarshaler specifies how to decode into types that implement
+ // encoding.BinaryUnmarshaler.
+ BinaryUnmarshaler BinaryUnmarshalerMode
}
// DecMode returns DecMode with immutable options and no tags (safe for concurrency).
-func (opts DecOptions) DecMode() (DecMode, error) {
+func (opts DecOptions) DecMode() (DecMode, error) { //nolint:gocritic // ignore hugeParam
return opts.decMode()
}
-// DecModeWithTags returns DecMode with options and tags that are both immutable (safe for concurrency).
-func (opts DecOptions) DecModeWithTags(tags TagSet) (DecMode, error) {
+// validForTags checks that the provided tag set is compatible with these options and returns a
+// non-nil error if and only if the provided tag set is incompatible.
+func (opts DecOptions) validForTags(tags TagSet) error { //nolint:gocritic // ignore hugeParam
if opts.TagsMd == TagsForbidden {
- return nil, errors.New("cbor: cannot create DecMode with TagSet when TagsMd is TagsForbidden")
+ return errors.New("cbor: cannot create DecMode with TagSet when TagsMd is TagsForbidden")
}
if tags == nil {
- return nil, errors.New("cbor: cannot create DecMode with nil value as TagSet")
+ return errors.New("cbor: cannot create DecMode with nil value as TagSet")
+ }
+ if opts.ByteStringToString == ByteStringToStringAllowedWithExpectedLaterEncoding ||
+ opts.ByteStringExpectedFormat != ByteStringExpectedFormatNone {
+ for _, tagNum := range []uint64{
+ tagNumExpectedLaterEncodingBase64URL,
+ tagNumExpectedLaterEncodingBase64,
+ tagNumExpectedLaterEncodingBase16,
+ } {
+ if rt := tags.getTypeFromTagNum([]uint64{tagNum}); rt != nil {
+ return fmt.Errorf("cbor: DecMode with non-default StringExpectedEncoding or ByteSliceExpectedEncoding treats tag %d as built-in and conflicts with the provided TagSet's registration of %v", tagNum, rt)
+ }
+ }
+
}
+ return nil
+}
+// DecModeWithTags returns DecMode with options and tags that are both immutable (safe for concurrency).
+func (opts DecOptions) DecModeWithTags(tags TagSet) (DecMode, error) { //nolint:gocritic // ignore hugeParam
+ if err := opts.validForTags(tags); err != nil {
+ return nil, err
+ }
dm, err := opts.decMode()
if err != nil {
return nil, err
@@ -335,12 +940,9 @@ func (opts DecOptions) DecModeWithTags(tags TagSet) (DecMode, error) {
}
// DecModeWithSharedTags returns DecMode with immutable options and mutable shared tags (safe for concurrency).
-func (opts DecOptions) DecModeWithSharedTags(tags TagSet) (DecMode, error) {
- if opts.TagsMd == TagsForbidden {
- return nil, errors.New("cbor: cannot create DecMode with TagSet when TagsMd is TagsForbidden")
- }
- if tags == nil {
- return nil, errors.New("cbor: cannot create DecMode with nil value as TagSet")
+func (opts DecOptions) DecModeWithSharedTags(tags TagSet) (DecMode, error) { //nolint:gocritic // ignore hugeParam
+ if err := opts.validForTags(tags); err != nil {
+ return nil, err
}
dm, err := opts.decMode()
if err != nil {
@@ -358,57 +960,166 @@ const (
defaultMaxMapPairs = 131072
minMaxMapPairs = 16
maxMaxMapPairs = 2147483647
+
+ defaultMaxNestedLevels = 32
+ minMaxNestedLevels = 4
+ maxMaxNestedLevels = 65535
)
-func (opts DecOptions) decMode() (*decMode, error) {
+var defaultSimpleValues = func() *SimpleValueRegistry {
+ registry, err := NewSimpleValueRegistryFromDefaults()
+ if err != nil {
+ panic(err)
+ }
+ return registry
+}()
+
+//nolint:gocyclo // Each option comes with some manageable boilerplate
+func (opts DecOptions) decMode() (*decMode, error) { //nolint:gocritic // ignore hugeParam
if !opts.DupMapKey.valid() {
return nil, errors.New("cbor: invalid DupMapKey " + strconv.Itoa(int(opts.DupMapKey)))
}
+
if !opts.TimeTag.valid() {
return nil, errors.New("cbor: invalid TimeTag " + strconv.Itoa(int(opts.TimeTag)))
}
+
if !opts.IndefLength.valid() {
return nil, errors.New("cbor: invalid IndefLength " + strconv.Itoa(int(opts.IndefLength)))
}
+
if !opts.TagsMd.valid() {
return nil, errors.New("cbor: invalid TagsMd " + strconv.Itoa(int(opts.TagsMd)))
}
+
if !opts.IntDec.valid() {
return nil, errors.New("cbor: invalid IntDec " + strconv.Itoa(int(opts.IntDec)))
}
+
+ if !opts.MapKeyByteString.valid() {
+ return nil, errors.New("cbor: invalid MapKeyByteString " + strconv.Itoa(int(opts.MapKeyByteString)))
+ }
+
if opts.MaxNestedLevels == 0 {
- opts.MaxNestedLevels = 32
- } else if opts.MaxNestedLevels < 4 || opts.MaxNestedLevels > 256 {
- return nil, errors.New("cbor: invalid MaxNestedLevels " + strconv.Itoa(opts.MaxNestedLevels) + " (range is [4, 256])")
+ opts.MaxNestedLevels = defaultMaxNestedLevels
+ } else if opts.MaxNestedLevels < minMaxNestedLevels || opts.MaxNestedLevels > maxMaxNestedLevels {
+ return nil, errors.New("cbor: invalid MaxNestedLevels " + strconv.Itoa(opts.MaxNestedLevels) +
+ " (range is [" + strconv.Itoa(minMaxNestedLevels) + ", " + strconv.Itoa(maxMaxNestedLevels) + "])")
}
+
if opts.MaxArrayElements == 0 {
opts.MaxArrayElements = defaultMaxArrayElements
} else if opts.MaxArrayElements < minMaxArrayElements || opts.MaxArrayElements > maxMaxArrayElements {
- return nil, errors.New("cbor: invalid MaxArrayElements " + strconv.Itoa(opts.MaxArrayElements) + " (range is [" + strconv.Itoa(minMaxArrayElements) + ", " + strconv.Itoa(maxMaxArrayElements) + "])")
+ return nil, errors.New("cbor: invalid MaxArrayElements " + strconv.Itoa(opts.MaxArrayElements) +
+ " (range is [" + strconv.Itoa(minMaxArrayElements) + ", " + strconv.Itoa(maxMaxArrayElements) + "])")
}
+
if opts.MaxMapPairs == 0 {
opts.MaxMapPairs = defaultMaxMapPairs
} else if opts.MaxMapPairs < minMaxMapPairs || opts.MaxMapPairs > maxMaxMapPairs {
- return nil, errors.New("cbor: invalid MaxMapPairs " + strconv.Itoa(opts.MaxMapPairs) + " (range is [" + strconv.Itoa(minMaxMapPairs) + ", " + strconv.Itoa(maxMaxMapPairs) + "])")
+ return nil, errors.New("cbor: invalid MaxMapPairs " + strconv.Itoa(opts.MaxMapPairs) +
+ " (range is [" + strconv.Itoa(minMaxMapPairs) + ", " + strconv.Itoa(maxMaxMapPairs) + "])")
}
+
if !opts.ExtraReturnErrors.valid() {
return nil, errors.New("cbor: invalid ExtraReturnErrors " + strconv.Itoa(int(opts.ExtraReturnErrors)))
}
+
if opts.DefaultMapType != nil && opts.DefaultMapType.Kind() != reflect.Map {
return nil, fmt.Errorf("cbor: invalid DefaultMapType %s", opts.DefaultMapType)
}
+
+ if !opts.UTF8.valid() {
+ return nil, errors.New("cbor: invalid UTF8 " + strconv.Itoa(int(opts.UTF8)))
+ }
+
+ if !opts.FieldNameMatching.valid() {
+ return nil, errors.New("cbor: invalid FieldNameMatching " + strconv.Itoa(int(opts.FieldNameMatching)))
+ }
+
+ if !opts.BigIntDec.valid() {
+ return nil, errors.New("cbor: invalid BigIntDec " + strconv.Itoa(int(opts.BigIntDec)))
+ }
+
+ if opts.DefaultByteStringType != nil &&
+ opts.DefaultByteStringType.Kind() != reflect.String &&
+ (opts.DefaultByteStringType.Kind() != reflect.Slice || opts.DefaultByteStringType.Elem().Kind() != reflect.Uint8) {
+ return nil, fmt.Errorf("cbor: invalid DefaultByteStringType: %s is not of kind string or []uint8", opts.DefaultByteStringType)
+ }
+
+ if !opts.ByteStringToString.valid() {
+ return nil, errors.New("cbor: invalid ByteStringToString " + strconv.Itoa(int(opts.ByteStringToString)))
+ }
+
+ if !opts.FieldNameByteString.valid() {
+ return nil, errors.New("cbor: invalid FieldNameByteString " + strconv.Itoa(int(opts.FieldNameByteString)))
+ }
+
+ if !opts.UnrecognizedTagToAny.valid() {
+ return nil, errors.New("cbor: invalid UnrecognizedTagToAnyMode " + strconv.Itoa(int(opts.UnrecognizedTagToAny)))
+ }
+ simpleValues := opts.SimpleValues
+ if simpleValues == nil {
+ simpleValues = defaultSimpleValues
+ }
+
+ if !opts.TimeTagToAny.valid() {
+ return nil, errors.New("cbor: invalid TimeTagToAny " + strconv.Itoa(int(opts.TimeTagToAny)))
+ }
+
+ if !opts.NaN.valid() {
+ return nil, errors.New("cbor: invalid NaNDec " + strconv.Itoa(int(opts.NaN)))
+ }
+
+ if !opts.Inf.valid() {
+ return nil, errors.New("cbor: invalid InfDec " + strconv.Itoa(int(opts.Inf)))
+ }
+
+ if !opts.ByteStringToTime.valid() {
+ return nil, errors.New("cbor: invalid ByteStringToTime " + strconv.Itoa(int(opts.ByteStringToTime)))
+ }
+
+ if !opts.ByteStringExpectedFormat.valid() {
+ return nil, errors.New("cbor: invalid ByteStringExpectedFormat " + strconv.Itoa(int(opts.ByteStringExpectedFormat)))
+ }
+
+ if !opts.BignumTag.valid() {
+ return nil, errors.New("cbor: invalid BignumTag " + strconv.Itoa(int(opts.BignumTag)))
+ }
+
+ if !opts.BinaryUnmarshaler.valid() {
+ return nil, errors.New("cbor: invalid BinaryUnmarshaler " + strconv.Itoa(int(opts.BinaryUnmarshaler)))
+ }
+
dm := decMode{
- dupMapKey: opts.DupMapKey,
- timeTag: opts.TimeTag,
- maxNestedLevels: opts.MaxNestedLevels,
- maxArrayElements: opts.MaxArrayElements,
- maxMapPairs: opts.MaxMapPairs,
- indefLength: opts.IndefLength,
- tagsMd: opts.TagsMd,
- intDec: opts.IntDec,
- extraReturnErrors: opts.ExtraReturnErrors,
- defaultMapType: opts.DefaultMapType,
+ dupMapKey: opts.DupMapKey,
+ timeTag: opts.TimeTag,
+ maxNestedLevels: opts.MaxNestedLevels,
+ maxArrayElements: opts.MaxArrayElements,
+ maxMapPairs: opts.MaxMapPairs,
+ indefLength: opts.IndefLength,
+ tagsMd: opts.TagsMd,
+ intDec: opts.IntDec,
+ mapKeyByteString: opts.MapKeyByteString,
+ extraReturnErrors: opts.ExtraReturnErrors,
+ defaultMapType: opts.DefaultMapType,
+ utf8: opts.UTF8,
+ fieldNameMatching: opts.FieldNameMatching,
+ bigIntDec: opts.BigIntDec,
+ defaultByteStringType: opts.DefaultByteStringType,
+ byteStringToString: opts.ByteStringToString,
+ fieldNameByteString: opts.FieldNameByteString,
+ unrecognizedTagToAny: opts.UnrecognizedTagToAny,
+ timeTagToAny: opts.TimeTagToAny,
+ simpleValues: simpleValues,
+ nanDec: opts.NaN,
+ infDec: opts.Inf,
+ byteStringToTime: opts.ByteStringToTime,
+ byteStringExpectedFormat: opts.ByteStringExpectedFormat,
+ bignumTag: opts.BignumTag,
+ binaryUnmarshaler: opts.BinaryUnmarshaler,
}
+
return &dm, nil
}
@@ -420,42 +1131,112 @@ type DecMode interface {
//
// See the documentation for Unmarshal for details.
Unmarshal(data []byte, v interface{}) error
- // Valid checks whether the CBOR data is complete and well-formed.
+
+ // UnmarshalFirst parses the first CBOR data item into the value pointed to by v
+ // using the decoding mode. Any remaining bytes are returned in rest.
+ //
+ // If v is nil, not a pointer, or a nil pointer, UnmarshalFirst returns an error.
+ //
+ // See the documentation for Unmarshal for details.
+ UnmarshalFirst(data []byte, v interface{}) (rest []byte, err error)
+
+ // Valid checks whether data is a well-formed encoded CBOR data item and
+ // that it complies with configurable restrictions such as MaxNestedLevels,
+ // MaxArrayElements, MaxMapPairs, etc.
+ //
+ // If there are any remaining bytes after the CBOR data item,
+ // an ExtraneousDataError is returned.
+ //
+ // WARNING: Valid doesn't check if encoded CBOR data item is valid (i.e. validity)
+ // and RFC 8949 distinctly defines what is "Valid" and what is "Well-formed".
+ //
+ // Deprecated: Valid is kept for compatibility and should not be used.
+ // Use Wellformed instead because it has a more appropriate name.
Valid(data []byte) error
+
+ // Wellformed checks whether data is a well-formed encoded CBOR data item and
+ // that it complies with configurable restrictions such as MaxNestedLevels,
+ // MaxArrayElements, MaxMapPairs, etc.
+ //
+ // If there are any remaining bytes after the CBOR data item,
+ // an ExtraneousDataError is returned.
+ Wellformed(data []byte) error
+
// NewDecoder returns a new decoder that reads from r using dm DecMode.
NewDecoder(r io.Reader) *Decoder
+
// DecOptions returns user specified options used to create this DecMode.
DecOptions() DecOptions
}
type decMode struct {
- tags tagProvider
- dupMapKey DupMapKeyMode
- timeTag DecTagMode
- maxNestedLevels int
- maxArrayElements int
- maxMapPairs int
- indefLength IndefLengthMode
- tagsMd TagsMode
- intDec IntDecMode
- extraReturnErrors ExtraDecErrorCond
- defaultMapType reflect.Type
+ tags tagProvider
+ dupMapKey DupMapKeyMode
+ timeTag DecTagMode
+ maxNestedLevels int
+ maxArrayElements int
+ maxMapPairs int
+ indefLength IndefLengthMode
+ tagsMd TagsMode
+ intDec IntDecMode
+ mapKeyByteString MapKeyByteStringMode
+ extraReturnErrors ExtraDecErrorCond
+ defaultMapType reflect.Type
+ utf8 UTF8Mode
+ fieldNameMatching FieldNameMatchingMode
+ bigIntDec BigIntDecMode
+ defaultByteStringType reflect.Type
+ byteStringToString ByteStringToStringMode
+ fieldNameByteString FieldNameByteStringMode
+ unrecognizedTagToAny UnrecognizedTagToAnyMode
+ timeTagToAny TimeTagToAnyMode
+ simpleValues *SimpleValueRegistry
+ nanDec NaNMode
+ infDec InfMode
+ byteStringToTime ByteStringToTimeMode
+ byteStringExpectedFormat ByteStringExpectedFormatMode
+ bignumTag BignumTagMode
+ binaryUnmarshaler BinaryUnmarshalerMode
}
var defaultDecMode, _ = DecOptions{}.decMode()
// DecOptions returns user specified options used to create this DecMode.
func (dm *decMode) DecOptions() DecOptions {
+ simpleValues := dm.simpleValues
+ if simpleValues == defaultSimpleValues {
+ // Users can't explicitly set this to defaultSimpleValues. It must have been nil in
+ // the original DecOptions.
+ simpleValues = nil
+ }
+
return DecOptions{
- DupMapKey: dm.dupMapKey,
- TimeTag: dm.timeTag,
- MaxNestedLevels: dm.maxNestedLevels,
- MaxArrayElements: dm.maxArrayElements,
- MaxMapPairs: dm.maxMapPairs,
- IndefLength: dm.indefLength,
- TagsMd: dm.tagsMd,
- IntDec: dm.intDec,
- ExtraReturnErrors: dm.extraReturnErrors,
+ DupMapKey: dm.dupMapKey,
+ TimeTag: dm.timeTag,
+ MaxNestedLevels: dm.maxNestedLevels,
+ MaxArrayElements: dm.maxArrayElements,
+ MaxMapPairs: dm.maxMapPairs,
+ IndefLength: dm.indefLength,
+ TagsMd: dm.tagsMd,
+ IntDec: dm.intDec,
+ MapKeyByteString: dm.mapKeyByteString,
+ ExtraReturnErrors: dm.extraReturnErrors,
+ DefaultMapType: dm.defaultMapType,
+ UTF8: dm.utf8,
+ FieldNameMatching: dm.fieldNameMatching,
+ BigIntDec: dm.bigIntDec,
+ DefaultByteStringType: dm.defaultByteStringType,
+ ByteStringToString: dm.byteStringToString,
+ FieldNameByteString: dm.fieldNameByteString,
+ UnrecognizedTagToAny: dm.unrecognizedTagToAny,
+ TimeTagToAny: dm.timeTagToAny,
+ SimpleValues: simpleValues,
+ NaN: dm.nanDec,
+ Inf: dm.infDec,
+ ByteStringToTime: dm.byteStringToTime,
+ ByteStringExpectedFormat: dm.byteStringExpectedFormat,
+ BignumTag: dm.bignumTag,
+ BinaryUnmarshaler: dm.binaryUnmarshaler,
}
}
@@ -466,13 +1247,72 @@ func (dm *decMode) DecOptions() DecOptions {
// See the documentation for Unmarshal for details.
func (dm *decMode) Unmarshal(data []byte, v interface{}) error {
d := decoder{data: data, dm: dm}
+
+ // Check well-formedness.
+ off := d.off // Save offset before data validation
+ err := d.wellformed(false, false) // don't allow any extra data after valid data item.
+ d.off = off // Restore offset
+ if err != nil {
+ return err
+ }
+
return d.value(v)
}
-// Valid checks whether the CBOR data is complete and well-formed.
+// UnmarshalFirst parses the first CBOR data item into the value pointed to by v
+// using dm decoding mode. Any remaining bytes are returned in rest.
+//
+// If v is nil, not a pointer, or a nil pointer, UnmarshalFirst returns an error.
+//
+// See the documentation for Unmarshal for details.
+func (dm *decMode) UnmarshalFirst(data []byte, v interface{}) (rest []byte, err error) {
+ d := decoder{data: data, dm: dm}
+
+ // check well-formedness.
+ off := d.off // Save offset before data validation
+ err = d.wellformed(true, false) // allow extra data after well-formed data item
+ d.off = off // Restore offset
+
+ // If it is well-formed, parse the value. This is structured like this to allow
+ // better test coverage
+ if err == nil {
+ err = d.value(v)
+ }
+
+ // If either wellformed or value returned an error, do not return rest bytes
+ if err != nil {
+ return nil, err
+ }
+
+ // Return the rest of the data slice (which might be len 0)
+ return d.data[d.off:], nil
+}
+
+// Valid checks whether data is a well-formed encoded CBOR data item and
+// that it complies with configurable restrictions such as MaxNestedLevels,
+// MaxArrayElements, MaxMapPairs, etc.
+//
+// If there are any remaining bytes after the CBOR data item,
+// an ExtraneousDataError is returned.
+//
+// WARNING: Valid doesn't check if encoded CBOR data item is valid (i.e. validity)
+// and RFC 8949 distinctly defines what is "Valid" and what is "Well-formed".
+//
+// Deprecated: Valid is kept for compatibility and should not be used.
+// Use Wellformed instead because it has a more appropriate name.
func (dm *decMode) Valid(data []byte) error {
+ return dm.Wellformed(data)
+}
+
+// Wellformed checks whether data is a well-formed encoded CBOR data item and
+// that it complies with configurable restrictions such as MaxNestedLevels,
+// MaxArrayElements, MaxMapPairs, etc.
+//
+// If there are any remaining bytes after the CBOR data item,
+// an ExtraneousDataError is returned.
+func (dm *decMode) Wellformed(data []byte) error {
d := decoder{data: data, dm: dm}
- return d.valid()
+ return d.wellformed(false, false)
}
// NewDecoder returns a new decoder that reads from r using dm DecMode.
@@ -484,8 +1324,23 @@ type decoder struct {
data []byte
off int // next read offset in data
dm *decMode
+
+ // expectedLaterEncodingTags stores a stack of encountered "Expected Later Encoding" tags,
+ // if any.
+ //
+ // The "Expected Later Encoding" tags (21 to 23) are valid for any data item. When decoding
+ // byte strings, the effective encoding comes from the tag nearest to the byte string being
+ // decoded. For example, the effective encoding of the byte string 21(22(h'41')) would be
+ // controlled by tag 22,and in the data item 23(h'42', 22([21(h'43')])]) the effective
+ // encoding of the byte strings h'42' and h'43' would be controlled by tag 23 and 21,
+ // respectively.
+ expectedLaterEncodingTags []uint64
}
+// value decodes CBOR data item into the value pointed to by v.
+// If CBOR data item fails to be decoded into v,
+// error is returned and offset is moved to the next CBOR data item.
+// Precondition: d.data contains at least one well-formed CBOR data item.
func (d *decoder) value(v interface{}) error {
// v can't be nil, non-pointer, or nil pointer value.
if v == nil {
@@ -497,68 +1352,27 @@ func (d *decoder) value(v interface{}) error {
} else if rv.IsNil() {
return &InvalidUnmarshalError{"cbor: Unmarshal(nil " + rv.Type().String() + ")"}
}
-
- off := d.off // Save offset before data validation
- err := d.valid()
- d.off = off // Restore offset
- if err != nil {
- return err
- }
-
rv = rv.Elem()
return d.parseToValue(rv, getTypeInfo(rv.Type()))
}
-type cborType uint8
-
-const (
- cborTypePositiveInt cborType = 0x00
- cborTypeNegativeInt cborType = 0x20
- cborTypeByteString cborType = 0x40
- cborTypeTextString cborType = 0x60
- cborTypeArray cborType = 0x80
- cborTypeMap cborType = 0xa0
- cborTypeTag cborType = 0xc0
- cborTypePrimitives cborType = 0xe0
-)
-
-func (t cborType) String() string {
- switch t {
- case cborTypePositiveInt:
- return "positive integer"
- case cborTypeNegativeInt:
- return "negative integer"
- case cborTypeByteString:
- return "byte string"
- case cborTypeTextString:
- return "UTF-8 text string"
- case cborTypeArray:
- return "array"
- case cborTypeMap:
- return "map"
- case cborTypeTag:
- return "tag"
- case cborTypePrimitives:
- return "primitives"
- default:
- return "Invalid type " + strconv.Itoa(int(t))
- }
-}
-
-const (
- selfDescribedCBORTagNum = 55799
-)
-
// parseToValue decodes CBOR data to value. It assumes data is well-formed,
// and does not perform bounds checking.
func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolint:gocyclo
+ // Decode CBOR nil or CBOR undefined to pointer value by setting pointer value to nil.
+ if d.nextCBORNil() && v.Kind() == reflect.Ptr {
+ d.skip()
+ v.Set(reflect.Zero(v.Type()))
+ return nil
+ }
+
if tInfo.spclType == specialTypeIface {
if !v.IsNil() {
// Use value type
v = v.Elem()
tInfo = getTypeInfo(v.Type())
- } else {
+ } else { //nolint:gocritic
// Create and use registered type if CBOR data is registered tag
if d.dm.tags != nil && d.nextCBORType() == cborTypeTag {
@@ -583,40 +1397,39 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
}
}
- // Create new value for the pointer v to point to if CBOR value is not nil/undefined.
- if !d.nextCBORNil() {
- for v.Kind() == reflect.Ptr {
- if v.IsNil() {
- if !v.CanSet() {
- d.skip()
- return errors.New("cbor: cannot set new value for " + v.Type().String())
- }
- v.Set(reflect.New(v.Type().Elem()))
+ // Create new value for the pointer v to point to.
+ // At this point, CBOR value is not nil/undefined if v is a pointer.
+ for v.Kind() == reflect.Ptr {
+ if v.IsNil() {
+ if !v.CanSet() {
+ d.skip()
+ return errors.New("cbor: cannot set new value for " + v.Type().String())
}
- v = v.Elem()
+ v.Set(reflect.New(v.Type().Elem()))
}
+ v = v.Elem()
}
// Strip self-described CBOR tag number.
for d.nextCBORType() == cborTypeTag {
off := d.off
_, _, tagNum := d.getHead()
- if tagNum != selfDescribedCBORTagNum {
+ if tagNum != tagNumSelfDescribedCBOR {
d.off = off
break
}
}
// Check validity of supported built-in tags.
- if d.nextCBORType() == cborTypeTag {
- off := d.off
+ off := d.off
+ for d.nextCBORType() == cborTypeTag {
_, _, tagNum := d.getHead()
if err := validBuiltinTag(tagNum, d.data[d.off]); err != nil {
d.skip()
return err
}
- d.off = off
}
+ d.off = off
if tInfo.spclType != specialTypeNone {
switch tInfo.spclType {
@@ -626,20 +1439,25 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
v.Set(reflect.ValueOf(iv))
}
return err
+
case specialTypeTag:
return d.parseToTag(v)
+
case specialTypeTime:
if d.nextCBORNil() {
// Decoding CBOR null and undefined to time.Time is no-op.
d.skip()
return nil
}
- tm, err := d.parseToTime()
+ tm, ok, err := d.parseToTime()
if err != nil {
return err
}
- v.Set(reflect.ValueOf(tm))
+ if ok {
+ v.Set(reflect.ValueOf(tm))
+ }
return nil
+
case specialTypeUnmarshalerIface:
return d.parseToUnmarshaler(v)
}
@@ -668,6 +1486,7 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
case cborTypePositiveInt:
_, _, val := d.getHead()
return fillPositiveInt(t, val, v)
+
case cborTypeNegativeInt:
_, _, val := d.getHead()
if val > math.MaxInt64 {
@@ -689,41 +1508,66 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
}
nValue := int64(-1) ^ int64(val)
return fillNegativeInt(t, nValue, v)
+
case cborTypeByteString:
- b := d.parseByteString()
- return fillByteString(t, b, v)
+ b, copied := d.parseByteString()
+ b, converted, err := d.applyByteStringTextConversion(b, v.Type())
+ if err != nil {
+ return err
+ }
+ copied = copied || converted
+ return fillByteString(t, b, !copied, v, d.dm.byteStringToString, d.dm.binaryUnmarshaler)
+
case cborTypeTextString:
b, err := d.parseTextString()
if err != nil {
return err
}
return fillTextString(t, b, v)
+
case cborTypePrimitives:
_, ai, val := d.getHead()
- if ai < 20 || ai == 24 {
- return fillPositiveInt(t, val, v)
- }
switch ai {
- case 20, 21:
- return fillBool(t, ai == 21, v)
- case 22, 23:
- return fillNil(t, v)
- case 25:
+ case additionalInformationAsFloat16:
f := float64(float16.Frombits(uint16(val)).Float32())
return fillFloat(t, f, v)
- case 26:
+
+ case additionalInformationAsFloat32:
f := float64(math.Float32frombits(uint32(val)))
return fillFloat(t, f, v)
- case 27:
+
+ case additionalInformationAsFloat64:
f := math.Float64frombits(val)
return fillFloat(t, f, v)
+
+ default: // ai <= 24
+ if d.dm.simpleValues.rejected[SimpleValue(val)] {
+ return &UnacceptableDataItemError{
+ CBORType: t.String(),
+ Message: "simple value " + strconv.FormatInt(int64(val), 10) + " is not recognized",
+ }
+ }
+
+ switch ai {
+ case additionalInformationAsFalse,
+ additionalInformationAsTrue:
+ return fillBool(t, ai == additionalInformationAsTrue, v)
+
+ case additionalInformationAsNull,
+ additionalInformationAsUndefined:
+ return fillNil(t, v)
+
+ default:
+ return fillPositiveInt(t, val, v)
+ }
}
+
case cborTypeTag:
_, _, tagNum := d.getHead()
switch tagNum {
- case 2:
+ case tagNumUnsignedBignum:
// Bignum (tag 2) can be decoded to uint, int, float, slice, array, or big.Int.
- b := d.parseByteString()
+ b, copied := d.parseByteString()
bi := new(big.Int).SetBytes(b)
if tInfo.nonPtrType == typeBigInt {
@@ -731,7 +1575,7 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
return nil
}
if tInfo.nonPtrKind == reflect.Slice || tInfo.nonPtrKind == reflect.Array {
- return fillByteString(t, b, v)
+ return fillByteString(t, b, !copied, v, ByteStringToStringForbidden, d.dm.binaryUnmarshaler)
}
if bi.IsUint64() {
return fillPositiveInt(t, bi.Uint64(), v)
@@ -741,9 +1585,10 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
GoType: tInfo.nonPtrType.String(),
errorMsg: bi.String() + " overflows " + v.Type().String(),
}
- case 3:
+
+ case tagNumNegativeBignum:
// Bignum (tag 3) can be decoded to int, float, slice, array, or big.Int.
- b := d.parseByteString()
+ b, copied := d.parseByteString()
bi := new(big.Int).SetBytes(b)
bi.Add(bi, big.NewInt(1))
bi.Neg(bi)
@@ -753,7 +1598,7 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
return nil
}
if tInfo.nonPtrKind == reflect.Slice || tInfo.nonPtrKind == reflect.Array {
- return fillByteString(t, b, v)
+ return fillByteString(t, b, !copied, v, ByteStringToStringForbidden, d.dm.binaryUnmarshaler)
}
if bi.IsInt64() {
return fillNegativeInt(t, bi.Int64(), v)
@@ -763,8 +1608,20 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
GoType: tInfo.nonPtrType.String(),
errorMsg: bi.String() + " overflows " + v.Type().String(),
}
+
+ case tagNumExpectedLaterEncodingBase64URL, tagNumExpectedLaterEncodingBase64, tagNumExpectedLaterEncodingBase16:
+ // If conversion for interoperability with text encodings is not configured,
+ // treat tags 21-23 as unregistered tags.
+ if d.dm.byteStringToString == ByteStringToStringAllowedWithExpectedLaterEncoding || d.dm.byteStringExpectedFormat != ByteStringExpectedFormatNone {
+ d.expectedLaterEncodingTags = append(d.expectedLaterEncodingTags, tagNum)
+ defer func() {
+ d.expectedLaterEncodingTags = d.expectedLaterEncodingTags[:len(d.expectedLaterEncodingTags)-1]
+ }()
+ }
}
+
return d.parseToValue(v, tInfo)
+
case cborTypeArray:
if tInfo.nonPtrKind == reflect.Slice {
return d.parseArrayToSlice(v, tInfo)
@@ -775,6 +1632,7 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
}
d.skip()
return &UnmarshalTypeError{CBORType: t.String(), GoType: tInfo.nonPtrType.String()}
+
case cborTypeMap:
if tInfo.nonPtrKind == reflect.Struct {
return d.parseMapToStruct(v, tInfo)
@@ -784,6 +1642,7 @@ func (d *decoder) parseToValue(v reflect.Value, tInfo *typeInfo) error { //nolin
d.skip()
return &UnmarshalTypeError{CBORType: t.String(), GoType: tInfo.nonPtrType.String()}
}
+
return nil
}
@@ -813,64 +1672,116 @@ func (d *decoder) parseToTag(v reflect.Value) error {
return nil
}
-func (d *decoder) parseToTime() (tm time.Time, err error) {
- t := d.nextCBORType()
-
+// parseToTime decodes the current data item as a time.Time. The bool return value is false if and
+// only if the destination value should remain unmodified.
+func (d *decoder) parseToTime() (time.Time, bool, error) {
// Verify that tag number or absence of tag number is acceptable to specified timeTag.
- if t == cborTypeTag {
+ if t := d.nextCBORType(); t == cborTypeTag {
if d.dm.timeTag == DecTagIgnored {
- // Skip tag number
+ // Skip all enclosing tags
for t == cborTypeTag {
d.getHead()
t = d.nextCBORType()
}
+ if d.nextCBORNil() {
+ d.skip()
+ return time.Time{}, false, nil
+ }
} else {
// Read tag number
_, _, tagNum := d.getHead()
if tagNum != 0 && tagNum != 1 {
- d.skip()
- err = errors.New("cbor: wrong tag number for time.Time, got " + strconv.Itoa(int(tagNum)) + ", expect 0 or 1")
- return
+ d.skip() // skip tag content
+ return time.Time{}, false, errors.New("cbor: wrong tag number for time.Time, got " + strconv.Itoa(int(tagNum)) + ", expect 0 or 1")
}
}
} else {
if d.dm.timeTag == DecTagRequired {
d.skip()
- err = &UnmarshalTypeError{CBORType: t.String(), GoType: typeTime.String(), errorMsg: "expect CBOR tag value"}
- return
+ return time.Time{}, false, &UnmarshalTypeError{CBORType: t.String(), GoType: typeTime.String(), errorMsg: "expect CBOR tag value"}
}
}
- var content interface{}
- content, err = d.parse(false)
- if err != nil {
- return
- }
+ switch t := d.nextCBORType(); t {
+ case cborTypeByteString:
+ if d.dm.byteStringToTime == ByteStringToTimeAllowed {
+ b, _ := d.parseByteString()
+ t, err := time.Parse(time.RFC3339, string(b))
+ if err != nil {
+ return time.Time{}, false, fmt.Errorf("cbor: cannot set %q for time.Time: %w", string(b), err)
+ }
+ return t, true, nil
+ }
+ return time.Time{}, false, &UnmarshalTypeError{CBORType: t.String(), GoType: typeTime.String()}
- switch c := content.(type) {
- case nil:
- return
- case uint64:
- return time.Unix(int64(c), 0), nil
- case int64:
- return time.Unix(c, 0), nil
- case float64:
- if math.IsNaN(c) || math.IsInf(c, 0) {
- return
- }
- f1, f2 := math.Modf(c)
- return time.Unix(int64(f1), int64(f2*1e9)), nil
- case string:
- tm, err = time.Parse(time.RFC3339, c)
+ case cborTypeTextString:
+ s, err := d.parseTextString()
if err != nil {
- tm = time.Time{}
- err = errors.New("cbor: cannot set " + c + " for time.Time: " + err.Error())
- return
+ return time.Time{}, false, err
}
- return
+ t, err := time.Parse(time.RFC3339, string(s))
+ if err != nil {
+ return time.Time{}, false, errors.New("cbor: cannot set " + string(s) + " for time.Time: " + err.Error())
+ }
+ return t, true, nil
+
+ case cborTypePositiveInt:
+ _, _, val := d.getHead()
+ if val > math.MaxInt64 {
+ return time.Time{}, false, &UnmarshalTypeError{
+ CBORType: t.String(),
+ GoType: typeTime.String(),
+ errorMsg: fmt.Sprintf("%d overflows Go's int64", val),
+ }
+ }
+ return time.Unix(int64(val), 0), true, nil
+
+ case cborTypeNegativeInt:
+ _, _, val := d.getHead()
+ if val > math.MaxInt64 {
+ if val == math.MaxUint64 {
+ // Maximum absolute value representable by negative integer is 2^64,
+ // not 2^64-1, so it overflows uint64.
+ return time.Time{}, false, &UnmarshalTypeError{
+ CBORType: t.String(),
+ GoType: typeTime.String(),
+ errorMsg: "-18446744073709551616 overflows Go's int64",
+ }
+ }
+ return time.Time{}, false, &UnmarshalTypeError{
+ CBORType: t.String(),
+ GoType: typeTime.String(),
+ errorMsg: fmt.Sprintf("-%d overflows Go's int64", val+1),
+ }
+ }
+ return time.Unix(int64(-1)^int64(val), 0), true, nil
+
+ case cborTypePrimitives:
+ _, ai, val := d.getHead()
+ var f float64
+ switch ai {
+ case additionalInformationAsFloat16:
+ f = float64(float16.Frombits(uint16(val)).Float32())
+
+ case additionalInformationAsFloat32:
+ f = float64(math.Float32frombits(uint32(val)))
+
+ case additionalInformationAsFloat64:
+ f = math.Float64frombits(val)
+
+ default:
+ return time.Time{}, false, &UnmarshalTypeError{CBORType: t.String(), GoType: typeTime.String()}
+ }
+
+ if math.IsNaN(f) || math.IsInf(f, 0) {
+ // https://www.rfc-editor.org/rfc/rfc8949.html#section-3.4.2-6
+ return time.Time{}, true, nil
+ }
+ seconds, fractional := math.Modf(f)
+ return time.Unix(int64(seconds), int64(fractional*1e9)), true, nil
+
default:
- err = &UnmarshalTypeError{CBORType: t.String(), GoType: typeTime.String()}
- return
+ return time.Time{}, false, &UnmarshalTypeError{CBORType: t.String(), GoType: typeTime.String()}
}
}
@@ -902,7 +1813,7 @@ func (d *decoder) parse(skipSelfDescribedTag bool) (interface{}, error) { //noli
for d.nextCBORType() == cborTypeTag {
off := d.off
_, _, tagNum := d.getHead()
- if tagNum != selfDescribedCBORTagNum {
+ if tagNum != tagNumSelfDescribedCBOR {
d.off = off
break
}
@@ -910,69 +1821,197 @@ func (d *decoder) parse(skipSelfDescribedTag bool) (interface{}, error) { //noli
}
// Check validity of supported built-in tags.
- if d.nextCBORType() == cborTypeTag {
- off := d.off
+ off := d.off
+ for d.nextCBORType() == cborTypeTag {
_, _, tagNum := d.getHead()
if err := validBuiltinTag(tagNum, d.data[d.off]); err != nil {
d.skip()
return nil, err
}
- d.off = off
}
+ d.off = off
t := d.nextCBORType()
switch t {
case cborTypePositiveInt:
_, _, val := d.getHead()
- if d.dm.intDec == IntDecConvertNone {
+
+ switch d.dm.intDec {
+ case IntDecConvertNone:
return val, nil
- }
- if val > math.MaxInt64 {
- return nil, &UnmarshalTypeError{
- CBORType: t.String(),
- GoType: reflect.TypeOf(int64(0)).String(),
- errorMsg: strconv.FormatUint(val, 10) + " overflows Go's int64",
+
+ case IntDecConvertSigned, IntDecConvertSignedOrFail:
+ if val > math.MaxInt64 {
+ return nil, &UnmarshalTypeError{
+ CBORType: t.String(),
+ GoType: reflect.TypeOf(int64(0)).String(),
+ errorMsg: strconv.FormatUint(val, 10) + " overflows Go's int64",
+ }
+ }
+
+ return int64(val), nil
+
+ case IntDecConvertSignedOrBigInt:
+ if val > math.MaxInt64 {
+ bi := new(big.Int).SetUint64(val)
+ if d.dm.bigIntDec == BigIntDecodePointer {
+ return bi, nil
+ }
+ return *bi, nil
}
+
+ return int64(val), nil
+
+ default:
+ // not reachable
}
- return int64(val), nil
+
case cborTypeNegativeInt:
_, _, val := d.getHead()
+
if val > math.MaxInt64 {
// CBOR negative integer value overflows Go int64, use big.Int instead.
bi := new(big.Int).SetUint64(val)
bi.Add(bi, big.NewInt(1))
bi.Neg(bi)
+
+ if d.dm.intDec == IntDecConvertSignedOrFail {
+ return nil, &UnmarshalTypeError{
+ CBORType: t.String(),
+ GoType: reflect.TypeOf(int64(0)).String(),
+ errorMsg: bi.String() + " overflows Go's int64",
+ }
+ }
+
+ if d.dm.bigIntDec == BigIntDecodePointer {
+ return bi, nil
+ }
return *bi, nil
}
+
nValue := int64(-1) ^ int64(val)
return nValue, nil
+
case cborTypeByteString:
- return d.parseByteString(), nil
+ b, copied := d.parseByteString()
+ var effectiveByteStringType = d.dm.defaultByteStringType
+ if effectiveByteStringType == nil {
+ effectiveByteStringType = typeByteSlice
+ }
+ b, converted, err := d.applyByteStringTextConversion(b, effectiveByteStringType)
+ if err != nil {
+ return nil, err
+ }
+ copied = copied || converted
+
+ switch effectiveByteStringType {
+ case typeByteSlice:
+ if copied {
+ return b, nil
+ }
+ clone := make([]byte, len(b))
+ copy(clone, b)
+ return clone, nil
+
+ case typeString:
+ return string(b), nil
+
+ default:
+ if copied || d.dm.defaultByteStringType.Kind() == reflect.String {
+ // Avoid an unnecessary copy since the conversion to string must
+ // copy the underlying bytes.
+ return reflect.ValueOf(b).Convert(d.dm.defaultByteStringType).Interface(), nil
+ }
+ clone := make([]byte, len(b))
+ copy(clone, b)
+ return reflect.ValueOf(clone).Convert(d.dm.defaultByteStringType).Interface(), nil
+ }
+
case cborTypeTextString:
b, err := d.parseTextString()
if err != nil {
return nil, err
}
return string(b), nil
+
case cborTypeTag:
tagOff := d.off
_, _, tagNum := d.getHead()
contentOff := d.off
switch tagNum {
- case 0, 1:
+ case tagNumRFC3339Time, tagNumEpochTime:
d.off = tagOff
- return d.parseToTime()
- case 2:
- b := d.parseByteString()
+ tm, _, err := d.parseToTime()
+ if err != nil {
+ return nil, err
+ }
+
+ switch d.dm.timeTagToAny {
+ case TimeTagToTime:
+ return tm, nil
+
+ case TimeTagToRFC3339:
+ if tagNum == 1 {
+ tm = tm.UTC()
+ }
+ // Call time.MarshalText() to format decoded time to RFC3339 format,
+ // and return error on time value that cannot be represented in
+ // RFC3339 format. E.g. year cannot exceed 9999, etc.
+ text, err := tm.Truncate(time.Second).MarshalText()
+ if err != nil {
+ return nil, fmt.Errorf("cbor: decoded time cannot be represented in RFC3339 format: %v", err)
+ }
+ return string(text), nil
+
+ case TimeTagToRFC3339Nano:
+ if tagNum == 1 {
+ tm = tm.UTC()
+ }
+ // Call time.MarshalText() to format decoded time to RFC3339 format,
+ // and return error on time value that cannot be represented in
+ // RFC3339 format with sub-second precision.
+ text, err := tm.MarshalText()
+ if err != nil {
+ return nil, fmt.Errorf("cbor: decoded time cannot be represented in RFC3339 format with sub-second precision: %v", err)
+ }
+ return string(text), nil
+
+ default:
+ // not reachable
+ }
+
+ case tagNumUnsignedBignum:
+ b, _ := d.parseByteString()
bi := new(big.Int).SetBytes(b)
+
+ if d.dm.bigIntDec == BigIntDecodePointer {
+ return bi, nil
+ }
return *bi, nil
- case 3:
- b := d.parseByteString()
+
+ case tagNumNegativeBignum:
+ b, _ := d.parseByteString()
bi := new(big.Int).SetBytes(b)
bi.Add(bi, big.NewInt(1))
bi.Neg(bi)
+
+ if d.dm.bigIntDec == BigIntDecodePointer {
+ return bi, nil
+ }
return *bi, nil
+
+ case tagNumExpectedLaterEncodingBase64URL, tagNumExpectedLaterEncodingBase64, tagNumExpectedLaterEncodingBase16:
+ // If conversion for interoperability with text encodings is not configured,
+ // treat tags 21-23 as unregistered tags.
+ if d.dm.byteStringToString == ByteStringToStringAllowedWithExpectedLaterEncoding ||
+ d.dm.byteStringExpectedFormat != ByteStringExpectedFormatNone {
+ d.expectedLaterEncodingTags = append(d.expectedLaterEncodingTags, tagNum)
+ defer func() {
+ d.expectedLaterEncodingTags = d.expectedLaterEncodingTags[:len(d.expectedLaterEncodingTags)-1]
+ }()
+ return d.parse(false)
+ }
}
if d.dm.tags != nil {
@@ -999,29 +2038,48 @@ func (d *decoder) parse(skipSelfDescribedTag bool) (interface{}, error) { //noli
if err != nil {
return nil, err
}
+ if d.dm.unrecognizedTagToAny == UnrecognizedTagContentToAny {
+ return content, nil
+ }
return Tag{tagNum, content}, nil
+
case cborTypePrimitives:
_, ai, val := d.getHead()
+ if ai <= 24 && d.dm.simpleValues.rejected[SimpleValue(val)] {
+ return nil, &UnacceptableDataItemError{
+ CBORType: t.String(),
+ Message: "simple value " + strconv.FormatInt(int64(val), 10) + " is not recognized",
+ }
+ }
if ai < 20 || ai == 24 {
- return val, nil
+ return SimpleValue(val), nil
}
+
switch ai {
- case 20, 21:
- return (ai == 21), nil
- case 22, 23:
+ case additionalInformationAsFalse,
+ additionalInformationAsTrue:
+ return (ai == additionalInformationAsTrue), nil
+
+ case additionalInformationAsNull,
+ additionalInformationAsUndefined:
return nil, nil
- case 25:
+
+ case additionalInformationAsFloat16:
f := float64(float16.Frombits(uint16(val)).Float32())
return f, nil
- case 26:
+
+ case additionalInformationAsFloat32:
f := float64(math.Float32frombits(uint32(val)))
return f, nil
- case 27:
+
+ case additionalInformationAsFloat64:
f := math.Float64frombits(val)
return f, nil
}
+
case cborTypeArray:
return d.parseArray()
+
case cborTypeMap:
if d.dm.defaultMapType != nil {
m := reflect.New(d.dm.defaultMapType)
@@ -1033,18 +2091,20 @@ func (d *decoder) parse(skipSelfDescribedTag bool) (interface{}, error) { //noli
}
return d.parseMap()
}
+
return nil, nil
}
-// parseByteString parses CBOR encoded byte string. It returns a byte slice
-// pointing to a copy of parsed data.
-func (d *decoder) parseByteString() []byte {
- _, ai, val := d.getHead()
- if ai != 31 {
- b := make([]byte, int(val))
- copy(b, d.data[d.off:d.off+int(val)])
+// parseByteString parses a CBOR encoded byte string. The returned byte slice
+// may be backed directly by the input. The second return value will be true if
+// and only if the slice is backed by a copy of the input. Callers are
+// responsible for making a copy if necessary.
+func (d *decoder) parseByteString() ([]byte, bool) {
+ _, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
+ if !indefiniteLength {
+ b := d.data[d.off : d.off+int(val)]
d.off += int(val)
- return b
+ return b, false
}
// Process indefinite length string chunks.
b := []byte{}
@@ -1053,18 +2113,96 @@ func (d *decoder) parseByteString() []byte {
b = append(b, d.data[d.off:d.off+int(val)]...)
d.off += int(val)
}
- return b
+ return b, true
+}
+
+// applyByteStringTextConversion converts bytes read from a byte string to or from a configured text
+// encoding. If no transformation was performed (because it was not required), the original byte
+// slice is returned and the bool return value is false. Otherwise, a new slice containing the
+// converted bytes is returned along with the bool value true.
+func (d *decoder) applyByteStringTextConversion(
+ src []byte,
+ dstType reflect.Type,
+) (
+ dst []byte,
+ transformed bool,
+ err error,
+) {
+ switch dstType.Kind() {
+ case reflect.String:
+ if d.dm.byteStringToString != ByteStringToStringAllowedWithExpectedLaterEncoding || len(d.expectedLaterEncodingTags) == 0 {
+ return src, false, nil
+ }
+
+ switch d.expectedLaterEncodingTags[len(d.expectedLaterEncodingTags)-1] {
+ case tagNumExpectedLaterEncodingBase64URL:
+ encoded := make([]byte, base64.RawURLEncoding.EncodedLen(len(src)))
+ base64.RawURLEncoding.Encode(encoded, src)
+ return encoded, true, nil
+
+ case tagNumExpectedLaterEncodingBase64:
+ encoded := make([]byte, base64.StdEncoding.EncodedLen(len(src)))
+ base64.StdEncoding.Encode(encoded, src)
+ return encoded, true, nil
+
+ case tagNumExpectedLaterEncodingBase16:
+ encoded := make([]byte, hex.EncodedLen(len(src)))
+ hex.Encode(encoded, src)
+ return encoded, true, nil
+
+ default:
+ // If this happens, there is a bug: the decoder has pushed an invalid
+ // "expected later encoding" tag to the stack.
+ panic(fmt.Sprintf("unrecognized expected later encoding tag: %d", d.expectedLaterEncodingTags))
+ }
+
+ case reflect.Slice:
+ if dstType.Elem().Kind() != reflect.Uint8 || len(d.expectedLaterEncodingTags) > 0 {
+ // Either the destination is not a slice of bytes, or the encoder that
+ // produced the input indicated an expected text encoding tag and therefore
+ // the content of the byte string has NOT been text encoded.
+ return src, false, nil
+ }
+
+ switch d.dm.byteStringExpectedFormat {
+ case ByteStringExpectedBase64URL:
+ decoded := make([]byte, base64.RawURLEncoding.DecodedLen(len(src)))
+ n, err := base64.RawURLEncoding.Decode(decoded, src)
+ if err != nil {
+ return nil, false, newByteStringExpectedFormatError(ByteStringExpectedBase64URL, err)
+ }
+ return decoded[:n], true, nil
+
+ case ByteStringExpectedBase64:
+ decoded := make([]byte, base64.StdEncoding.DecodedLen(len(src)))
+ n, err := base64.StdEncoding.Decode(decoded, src)
+ if err != nil {
+ return nil, false, newByteStringExpectedFormatError(ByteStringExpectedBase64, err)
+ }
+ return decoded[:n], true, nil
+
+ case ByteStringExpectedBase16:
+ decoded := make([]byte, hex.DecodedLen(len(src)))
+ n, err := hex.Decode(decoded, src)
+ if err != nil {
+ return nil, false, newByteStringExpectedFormatError(ByteStringExpectedBase16, err)
+ }
+ return decoded[:n], true, nil
+ }
+ }
+
+ return src, false, nil
}
// parseTextString parses CBOR encoded text string. It returns a byte slice
// to prevent creating an extra copy of string. Caller should wrap returned
// byte slice as string when needed.
func (d *decoder) parseTextString() ([]byte, error) {
- _, ai, val := d.getHead()
- if ai != 31 {
+ _, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
+ if !indefiniteLength {
b := d.data[d.off : d.off+int(val)]
d.off += int(val)
- if !utf8.Valid(b) {
+ if d.dm.utf8 == UTF8RejectInvalid && !utf8.Valid(b) {
return nil, &SemanticError{"cbor: invalid UTF-8 string"}
}
return b, nil
@@ -1075,7 +2213,7 @@ func (d *decoder) parseTextString() ([]byte, error) {
_, _, val = d.getHead()
x := d.data[d.off : d.off+int(val)]
d.off += int(val)
- if !utf8.Valid(x) {
+ if d.dm.utf8 == UTF8RejectInvalid && !utf8.Valid(x) {
for !d.foundBreak() {
d.skip() // Skip remaining chunk on error
}
@@ -1087,8 +2225,8 @@ func (d *decoder) parseTextString() ([]byte, error) {
}
func (d *decoder) parseArray() ([]interface{}, error) {
- _, ai, val := d.getHead()
- hasSize := (ai != 31)
+ _, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
+ hasSize := !indefiniteLength
count := int(val)
if !hasSize {
count = d.numOfItemsUntilBreak() // peek ahead to get array size to preallocate slice for better performance
@@ -1109,8 +2247,8 @@ func (d *decoder) parseArray() ([]interface{}, error) {
}
func (d *decoder) parseArrayToSlice(v reflect.Value, tInfo *typeInfo) error {
- _, ai, val := d.getHead()
- hasSize := (ai != 31)
+ _, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
+ hasSize := !indefiniteLength
count := int(val)
if !hasSize {
count = d.numOfItemsUntilBreak() // peek ahead to get array size to preallocate slice for better performance
@@ -1131,8 +2269,8 @@ func (d *decoder) parseArrayToSlice(v reflect.Value, tInfo *typeInfo) error {
}
func (d *decoder) parseArrayToArray(v reflect.Value, tInfo *typeInfo) error {
- _, ai, val := d.getHead()
- hasSize := (ai != 31)
+ _, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
+ hasSize := !indefiniteLength
count := int(val)
gi := 0
vLen := v.Len()
@@ -1161,8 +2299,8 @@ func (d *decoder) parseArrayToArray(v reflect.Value, tInfo *typeInfo) error {
}
func (d *decoder) parseMap() (interface{}, error) {
- _, ai, val := d.getHead()
- hasSize := (ai != 31)
+ _, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
+ hasSize := !indefiniteLength
count := int(val)
m := make(map[interface{}]interface{})
var k, e interface{}
@@ -1181,11 +2319,17 @@ func (d *decoder) parseMap() (interface{}, error) {
// Detect if CBOR map key can be used as Go map key.
rv := reflect.ValueOf(k)
if !isHashableValue(rv) {
- if err == nil {
- err = errors.New("cbor: invalid map key type: " + rv.Type().String())
+ var converted bool
+ if d.dm.mapKeyByteString == MapKeyByteStringAllowed {
+ k, converted = convertByteSliceToByteString(k)
+ }
+ if !converted {
+ if err == nil {
+ err = &InvalidMapKeyTypeError{rv.Type().String()}
+ }
+ d.skip()
+ continue
}
- d.skip()
- continue
}
// Parse CBOR map value.
@@ -1220,8 +2364,8 @@ func (d *decoder) parseMap() (interface{}, error) {
}
func (d *decoder) parseMapToMap(v reflect.Value, tInfo *typeInfo) error { //nolint:gocyclo
- _, ai, val := d.getHead()
- hasSize := (ai != 31)
+ _, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
+ hasSize := !indefiniteLength
count := int(val)
if v.IsNil() {
mapsize := count
@@ -1267,11 +2411,21 @@ func (d *decoder) parseMapToMap(v reflect.Value, tInfo *typeInfo) error { //noli
// Detect if CBOR map key can be used as Go map key.
if keyIsInterfaceType && keyValue.Elem().IsValid() {
if !isHashableValue(keyValue.Elem()) {
- if err == nil {
- err = errors.New("cbor: invalid map key type: " + keyValue.Elem().Type().String())
+ var converted bool
+ if d.dm.mapKeyByteString == MapKeyByteStringAllowed {
+ var k interface{}
+ k, converted = convertByteSliceToByteString(keyValue.Elem().Interface())
+ if converted {
+ keyValue.Set(reflect.ValueOf(k))
+ }
+ }
+ if !converted {
+ if err == nil {
+ err = &InvalidMapKeyTypeError{keyValue.Elem().Type().String()}
+ }
+ d.skip()
+ continue
}
- d.skip()
- continue
}
}
@@ -1335,8 +2489,8 @@ func (d *decoder) parseArrayToStruct(v reflect.Value, tInfo *typeInfo) error {
}
start := d.off
- t, ai, val := d.getHead()
- hasSize := (ai != 31)
+ _, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
+ hasSize := !indefiniteLength
count := int(val)
if !hasSize {
count = d.numOfItemsUntilBreak() // peek ahead to get array size
@@ -1345,7 +2499,7 @@ func (d *decoder) parseArrayToStruct(v reflect.Value, tInfo *typeInfo) error {
d.off = start
d.skip()
return &UnmarshalTypeError{
- CBORType: t.String(),
+ CBORType: cborTypeArray.String(),
GoType: tInfo.typ.String(),
errorMsg: "cannot decode CBOR array to struct with different number of elements",
}
@@ -1410,62 +2564,109 @@ func (d *decoder) parseMapToStruct(v reflect.Value, tInfo *typeInfo) error { //n
var err, lastErr error
// Get CBOR map size
- _, ai, val := d.getHead()
- hasSize := (ai != 31)
+ _, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
+ hasSize := !indefiniteLength
count := int(val)
// Keeps track of matched struct fields
- foundFldIdx := make([]bool, len(structType.fields))
+ var foundFldIdx []bool
+ {
+ const maxStackFields = 128
+ if nfields := len(structType.fields); nfields <= maxStackFields {
+ // For structs with typical field counts, expect that this can be
+ // stack-allocated.
+ var a [maxStackFields]bool
+ foundFldIdx = a[:nfields]
+ } else {
+ foundFldIdx = make([]bool, len(structType.fields))
+ }
+ }
// Keeps track of CBOR map keys to detect duplicate map key
keyCount := 0
var mapKeys map[interface{}]struct{}
- if d.dm.dupMapKey == DupMapKeyEnforcedAPF {
- mapKeys = make(map[interface{}]struct{}, len(structType.fields))
- }
errOnUnknownField := (d.dm.extraReturnErrors & ExtraDecErrorUnknownField) > 0
+MapEntryLoop:
for j := 0; (hasSize && j < count) || (!hasSize && !d.foundBreak()); j++ {
var f *field
- var k interface{} // Used by duplicate map key detection
+
+ // If duplicate field detection is enabled and the key at index j did not match any
+ // field, k will hold the map key.
+ var k interface{}
t := d.nextCBORType()
- if t == cborTypeTextString {
+ if t == cborTypeTextString || (t == cborTypeByteString && d.dm.fieldNameByteString == FieldNameByteStringAllowed) {
var keyBytes []byte
- keyBytes, lastErr = d.parseTextString()
- if lastErr != nil {
- if err == nil {
- err = lastErr
+ if t == cborTypeTextString {
+ keyBytes, lastErr = d.parseTextString()
+ if lastErr != nil {
+ if err == nil {
+ err = lastErr
+ }
+ d.skip() // skip value
+ continue
}
- d.skip() // skip value
- continue
+ } else { // cborTypeByteString
+ keyBytes, _ = d.parseByteString()
}
- keyLen := len(keyBytes)
- // Find field with exact match
- for i := 0; i < len(structType.fields); i++ {
+ // Check for exact match on field name.
+ if i, ok := structType.fieldIndicesByName[string(keyBytes)]; ok {
fld := structType.fields[i]
- if !foundFldIdx[i] && len(fld.name) == keyLen && fld.name == string(keyBytes) {
+
+ if !foundFldIdx[i] {
f = fld
foundFldIdx[i] = true
- break
+ } else if d.dm.dupMapKey == DupMapKeyEnforcedAPF {
+ err = &DupMapKeyError{fld.name, j}
+ d.skip() // skip value
+ j++
+ // skip the rest of the map
+ for ; (hasSize && j < count) || (!hasSize && !d.foundBreak()); j++ {
+ d.skip()
+ d.skip()
+ }
+ return err
+ } else {
+ // discard repeated match
+ d.skip()
+ continue MapEntryLoop
}
}
+
// Find field with case-insensitive match
- if f == nil {
+ if f == nil && d.dm.fieldNameMatching == FieldNameMatchingPreferCaseSensitive {
+ keyLen := len(keyBytes)
keyString := string(keyBytes)
for i := 0; i < len(structType.fields); i++ {
fld := structType.fields[i]
- if !foundFldIdx[i] && len(fld.name) == keyLen && strings.EqualFold(fld.name, keyString) {
- f = fld
- foundFldIdx[i] = true
+ if len(fld.name) == keyLen && strings.EqualFold(fld.name, keyString) {
+ if !foundFldIdx[i] {
+ f = fld
+ foundFldIdx[i] = true
+ } else if d.dm.dupMapKey == DupMapKeyEnforcedAPF {
+ err = &DupMapKeyError{keyString, j}
+ d.skip() // skip value
+ j++
+ // skip the rest of the map
+ for ; (hasSize && j < count) || (!hasSize && !d.foundBreak()); j++ {
+ d.skip()
+ d.skip()
+ }
+ return err
+ } else {
+ // discard repeated match
+ d.skip()
+ continue MapEntryLoop
+ }
break
}
}
}
- if d.dm.dupMapKey == DupMapKeyEnforcedAPF {
+ if d.dm.dupMapKey == DupMapKeyEnforcedAPF && f == nil {
k = string(keyBytes)
}
} else if t <= cborTypeNegativeInt { // uint/int
@@ -1493,14 +2694,30 @@ func (d *decoder) parseMapToStruct(v reflect.Value, tInfo *typeInfo) error { //n
// Find field
for i := 0; i < len(structType.fields); i++ {
fld := structType.fields[i]
- if !foundFldIdx[i] && fld.keyAsInt && fld.nameAsInt == nameAsInt {
- f = fld
- foundFldIdx[i] = true
+ if fld.keyAsInt && fld.nameAsInt == nameAsInt {
+ if !foundFldIdx[i] {
+ f = fld
+ foundFldIdx[i] = true
+ } else if d.dm.dupMapKey == DupMapKeyEnforcedAPF {
+ err = &DupMapKeyError{nameAsInt, j}
+ d.skip() // skip value
+ j++
+ // skip the rest of the map
+ for ; (hasSize && j < count) || (!hasSize && !d.foundBreak()); j++ {
+ d.skip()
+ d.skip()
+ }
+ return err
+ } else {
+ // discard repeated match
+ d.skip()
+ continue MapEntryLoop
+ }
break
}
}
- if d.dm.dupMapKey == DupMapKeyEnforcedAPF {
+ if d.dm.dupMapKey == DupMapKeyEnforcedAPF && f == nil {
k = nameAsInt
}
} else {
@@ -1528,23 +2745,6 @@ func (d *decoder) parseMapToStruct(v reflect.Value, tInfo *typeInfo) error { //n
}
}
- if d.dm.dupMapKey == DupMapKeyEnforcedAPF {
- mapKeys[k] = struct{}{}
- newKeyCount := len(mapKeys)
- if newKeyCount == keyCount {
- err = &DupMapKeyError{k, j}
- d.skip() // skip value
- j++
- // skip the rest of the map
- for ; (hasSize && j < count) || (!hasSize && !d.foundBreak()); j++ {
- d.skip()
- d.skip()
- }
- return err
- }
- keyCount = newKeyCount
- }
-
if f == nil {
if errOnUnknownField {
err = &UnknownFieldError{j}
@@ -1557,6 +2757,31 @@ func (d *decoder) parseMapToStruct(v reflect.Value, tInfo *typeInfo) error { //n
}
return err
}
+
+ // Two map keys that match the same struct field are immediately considered
+ // duplicates. This check detects duplicates between two map keys that do
+ // not match a struct field. If unknown field errors are enabled, then this
+ // check is never reached.
+ if d.dm.dupMapKey == DupMapKeyEnforcedAPF {
+ if mapKeys == nil {
+ mapKeys = make(map[interface{}]struct{}, 1)
+ }
+ mapKeys[k] = struct{}{}
+ newKeyCount := len(mapKeys)
+ if newKeyCount == keyCount {
+ err = &DupMapKeyError{k, j}
+ d.skip() // skip value
+ j++
+ // skip the rest of the map
+ for ; (hasSize && j < count) || (!hasSize && !d.foundBreak()); j++ {
+ d.skip()
+ d.skip()
+ }
+ return err
+ }
+ keyCount = newKeyCount
+ }
+
d.skip() // Skip value
continue
}
@@ -1623,13 +2848,13 @@ func (d *decoder) getRegisteredTagItem(vt reflect.Type) *tagItem {
// skip moves data offset to the next item. skip assumes data is well-formed,
// and does not perform bounds checking.
func (d *decoder) skip() {
- t, ai, val := d.getHead()
+ t, _, val, indefiniteLength := d.getHeadWithIndefiniteLengthFlag()
- if ai == 31 {
+ if indefiniteLength {
switch t {
case cborTypeByteString, cborTypeTextString, cborTypeArray, cborTypeMap:
for {
- if d.data[d.off] == 0xff {
+ if isBreakFlag(d.data[d.off]) {
d.off++
return
}
@@ -1641,47 +2866,67 @@ func (d *decoder) skip() {
switch t {
case cborTypeByteString, cborTypeTextString:
d.off += int(val)
+
case cborTypeArray:
for i := 0; i < int(val); i++ {
d.skip()
}
+
case cborTypeMap:
for i := 0; i < int(val)*2; i++ {
d.skip()
}
+
case cborTypeTag:
d.skip()
}
}
+func (d *decoder) getHeadWithIndefiniteLengthFlag() (
+ t cborType,
+ ai byte,
+ val uint64,
+ indefiniteLength bool,
+) {
+ t, ai, val = d.getHead()
+ indefiniteLength = additionalInformation(ai).isIndefiniteLength()
+ return
+}
+
// getHead assumes data is well-formed, and does not perform bounds checking.
func (d *decoder) getHead() (t cborType, ai byte, val uint64) {
- t = cborType(d.data[d.off] & 0xe0)
- ai = d.data[d.off] & 0x1f
+ t, ai = parseInitialByte(d.data[d.off])
val = uint64(ai)
d.off++
- if ai < 24 {
+ if ai <= maxAdditionalInformationWithoutArgument {
return
}
- if ai == 24 {
+
+ if ai == additionalInformationWith1ByteArgument {
val = uint64(d.data[d.off])
d.off++
return
}
- if ai == 25 {
- val = uint64(binary.BigEndian.Uint16(d.data[d.off : d.off+2]))
- d.off += 2
+
+ if ai == additionalInformationWith2ByteArgument {
+ const argumentSize = 2
+ val = uint64(binary.BigEndian.Uint16(d.data[d.off : d.off+argumentSize]))
+ d.off += argumentSize
return
}
- if ai == 26 {
- val = uint64(binary.BigEndian.Uint32(d.data[d.off : d.off+4]))
- d.off += 4
+
+ if ai == additionalInformationWith4ByteArgument {
+ const argumentSize = 4
+ val = uint64(binary.BigEndian.Uint32(d.data[d.off : d.off+argumentSize]))
+ d.off += argumentSize
return
}
- if ai == 27 {
- val = binary.BigEndian.Uint64(d.data[d.off : d.off+8])
- d.off += 8
+
+ if ai == additionalInformationWith8ByteArgument {
+ const argumentSize = 8
+ val = binary.BigEndian.Uint64(d.data[d.off : d.off+argumentSize])
+ d.off += argumentSize
return
}
return
@@ -1698,9 +2943,11 @@ func (d *decoder) numOfItemsUntilBreak() int {
return i
}
+// foundBreak returns true if next byte is CBOR break code and moves cursor by 1,
+// otherwise it returns false.
// foundBreak assumes data is well-formed, and does not perform bounds checking.
func (d *decoder) foundBreak() bool {
- if d.data[d.off] == 0xff {
+ if isBreakFlag(d.data[d.off]) {
d.off++
return true
}
@@ -1710,10 +2957,11 @@ func (d *decoder) foundBreak() bool {
func (d *decoder) reset(data []byte) {
d.data = data
d.off = 0
+ d.expectedLaterEncodingTags = d.expectedLaterEncodingTags[:0]
}
func (d *decoder) nextCBORType() cborType {
- return cborType(d.data[d.off] & 0xe0)
+ return getType(d.data[d.off])
}
func (d *decoder) nextCBORNil() bool {
@@ -1726,9 +2974,11 @@ var (
typeBigInt = reflect.TypeOf(big.Int{})
typeUnmarshaler = reflect.TypeOf((*Unmarshaler)(nil)).Elem()
typeBinaryUnmarshaler = reflect.TypeOf((*encoding.BinaryUnmarshaler)(nil)).Elem()
+ typeString = reflect.TypeOf("")
+ typeByteSlice = reflect.TypeOf([]byte(nil))
)
-func fillNil(t cborType, v reflect.Value) error {
+func fillNil(_ cborType, v reflect.Value) error {
switch v.Kind() {
case reflect.Slice, reflect.Map, reflect.Interface, reflect.Ptr:
v.Set(reflect.Zero(v.Type()))
@@ -1756,6 +3006,7 @@ func fillPositiveInt(t cborType, val uint64, v reflect.Value) error {
}
v.SetInt(int64(val))
return nil
+
case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
if v.OverflowUint(val) {
return &UnmarshalTypeError{
@@ -1766,11 +3017,13 @@ func fillPositiveInt(t cborType, val uint64, v reflect.Value) error {
}
v.SetUint(val)
return nil
+
case reflect.Float32, reflect.Float64:
f := float64(val)
v.SetFloat(f)
return nil
}
+
if v.Type() == typeBigInt {
i := new(big.Int).SetUint64(val)
v.Set(reflect.ValueOf(*i))
@@ -1791,6 +3044,7 @@ func fillNegativeInt(t cborType, val int64, v reflect.Value) error {
}
v.SetInt(val)
return nil
+
case reflect.Float32, reflect.Float64:
f := float64(val)
v.SetFloat(f)
@@ -1828,18 +3082,31 @@ func fillFloat(t cborType, val float64, v reflect.Value) error {
return &UnmarshalTypeError{CBORType: t.String(), GoType: v.Type().String()}
}
-func fillByteString(t cborType, val []byte, v reflect.Value) error {
- if reflect.PtrTo(v.Type()).Implements(typeBinaryUnmarshaler) {
+func fillByteString(t cborType, val []byte, shared bool, v reflect.Value, bsts ByteStringToStringMode, bum BinaryUnmarshalerMode) error {
+ if bum == BinaryUnmarshalerByteString && reflect.PtrTo(v.Type()).Implements(typeBinaryUnmarshaler) {
if v.CanAddr() {
v = v.Addr()
if u, ok := v.Interface().(encoding.BinaryUnmarshaler); ok {
+ // The contract of BinaryUnmarshaler forbids
+ // retaining the input bytes, so no copying is
+ // required even if val is shared.
return u.UnmarshalBinary(val)
}
}
return errors.New("cbor: cannot set new value for " + v.Type().String())
}
+ if bsts != ByteStringToStringForbidden && v.Kind() == reflect.String {
+ v.SetString(string(val))
+ return nil
+ }
if v.Kind() == reflect.Slice && v.Type().Elem().Kind() == reflect.Uint8 {
- v.SetBytes(val)
+ src := val
+ if shared {
+ // SetBytes shares the underlying bytes of the source slice.
+ src = make([]byte, len(val))
+ copy(src, val)
+ }
+ v.SetBytes(src)
return nil
}
if v.Kind() == reflect.Array && v.Type().Elem().Kind() == reflect.Uint8 {
@@ -1876,6 +3143,7 @@ func isImmutableKind(k reflect.Kind) bool {
reflect.Float32, reflect.Float64,
reflect.String:
return true
+
default:
return false
}
@@ -1885,6 +3153,7 @@ func isHashableValue(rv reflect.Value) bool {
switch rv.Kind() {
case reflect.Slice, reflect.Map, reflect.Func:
return false
+
case reflect.Struct:
switch rv.Type() {
case typeTag:
@@ -1897,28 +3166,22 @@ func isHashableValue(rv reflect.Value) bool {
return true
}
-// validBuiltinTag checks that supported built-in tag numbers are followed by expected content types.
-func validBuiltinTag(tagNum uint64, contentHead byte) error {
- t := cborType(contentHead & 0xe0)
- switch tagNum {
- case 0:
- // Tag content (date/time text string in RFC 3339 format) must be string type.
- if t != cborTypeTextString {
- return errors.New("cbor: tag number 0 must be followed by text string, got " + t.String())
- }
- return nil
- case 1:
- // Tag content (epoch date/time) must be uint, int, or float type.
- if t != cborTypePositiveInt && t != cborTypeNegativeInt && (contentHead < 0xf9 || contentHead > 0xfb) {
- return errors.New("cbor: tag number 1 must be followed by integer or floating-point number, got " + t.String())
- }
- return nil
- case 2, 3:
- // Tag content (bignum) must be byte type.
- if t != cborTypeByteString {
- return errors.New("cbor: tag number 2 or 3 must be followed by byte string, got " + t.String())
+// convertByteSliceToByteString converts []byte to ByteString if
+// - v is []byte type, or
+// - v is Tag type and tag content type is []byte
+// This function also handles nested tags.
+// CBOR data is already verified to be well-formed before this function is used,
+// so the recursion won't exceed max nested levels.
+func convertByteSliceToByteString(v interface{}) (interface{}, bool) {
+ switch v := v.(type) {
+ case []byte:
+ return ByteString(v), true
+
+ case Tag:
+ content, converted := convertByteSliceToByteString(v.Content)
+ if converted {
+ return Tag{Number: v.Number, Content: content}, true
}
- return nil
}
- return nil
+ return v, false
}
diff --git a/vendor/github.com/fxamacker/cbor/v2/diagnose.go b/vendor/github.com/fxamacker/cbor/v2/diagnose.go
new file mode 100644
index 0000000000..44afb86608
--- /dev/null
+++ b/vendor/github.com/fxamacker/cbor/v2/diagnose.go
@@ -0,0 +1,724 @@
+// Copyright (c) Faye Amacker. All rights reserved.
+// Licensed under the MIT License. See LICENSE in the project root for license information.
+
+package cbor
+
+import (
+ "bytes"
+ "encoding/base32"
+ "encoding/base64"
+ "encoding/hex"
+ "errors"
+ "fmt"
+ "io"
+ "math"
+ "math/big"
+ "strconv"
+ "unicode/utf16"
+ "unicode/utf8"
+
+ "github.com/x448/float16"
+)
+
+// DiagMode is the main interface for CBOR diagnostic notation.
+type DiagMode interface {
+ // Diagnose returns extended diagnostic notation (EDN) of CBOR data items using this DiagMode.
+ Diagnose([]byte) (string, error)
+
+ // DiagnoseFirst returns extended diagnostic notation (EDN) of the first CBOR data item using the DiagMode. Any remaining bytes are returned in rest.
+ DiagnoseFirst([]byte) (string, []byte, error)
+
+ // DiagOptions returns user specified options used to create this DiagMode.
+ DiagOptions() DiagOptions
+}
+
+// ByteStringEncoding specifies the base encoding that byte strings are notated.
+type ByteStringEncoding uint8
+
+const (
+ // ByteStringBase16Encoding encodes byte strings in base16, without padding.
+ ByteStringBase16Encoding ByteStringEncoding = iota
+
+ // ByteStringBase32Encoding encodes byte strings in base32, without padding.
+ ByteStringBase32Encoding
+
+ // ByteStringBase32HexEncoding encodes byte strings in base32hex, without padding.
+ ByteStringBase32HexEncoding
+
+ // ByteStringBase64Encoding encodes byte strings in base64url, without padding.
+ ByteStringBase64Encoding
+
+ maxByteStringEncoding
+)
+
+func (bse ByteStringEncoding) valid() error {
+ if bse >= maxByteStringEncoding {
+ return errors.New("cbor: invalid ByteStringEncoding " + strconv.Itoa(int(bse)))
+ }
+ return nil
+}
+
+// DiagOptions specifies Diag options.
+type DiagOptions struct {
+ // ByteStringEncoding specifies the base encoding that byte strings are notated.
+ // Default is ByteStringBase16Encoding.
+ ByteStringEncoding ByteStringEncoding
+
+ // ByteStringHexWhitespace specifies notating with whitespace in byte string
+ // when ByteStringEncoding is ByteStringBase16Encoding.
+ ByteStringHexWhitespace bool
+
+ // ByteStringText specifies notating with text in byte string
+ // if it is a valid UTF-8 text.
+ ByteStringText bool
+
+ // ByteStringEmbeddedCBOR specifies notating embedded CBOR in byte string
+ // if it is a valid CBOR bytes.
+ ByteStringEmbeddedCBOR bool
+
+ // CBORSequence specifies notating CBOR sequences.
+ // otherwise, it returns an error if there are more bytes after the first CBOR.
+ CBORSequence bool
+
+ // FloatPrecisionIndicator specifies appending a suffix to indicate float precision.
+ // Refer to https://www.rfc-editor.org/rfc/rfc8949.html#name-encoding-indicators.
+ FloatPrecisionIndicator bool
+
+ // MaxNestedLevels specifies the max nested levels allowed for any combination of CBOR array, maps, and tags.
+ // Default is 32 levels and it can be set to [4, 65535]. Note that higher maximum levels of nesting can
+ // require larger amounts of stack to deserialize. Don't increase this higher than you require.
+ MaxNestedLevels int
+
+ // MaxArrayElements specifies the max number of elements for CBOR arrays.
+ // Default is 128*1024=131072 and it can be set to [16, 2147483647]
+ MaxArrayElements int
+
+ // MaxMapPairs specifies the max number of key-value pairs for CBOR maps.
+ // Default is 128*1024=131072 and it can be set to [16, 2147483647]
+ MaxMapPairs int
+}
+
+// DiagMode returns a DiagMode with immutable options.
+func (opts DiagOptions) DiagMode() (DiagMode, error) {
+ return opts.diagMode()
+}
+
+func (opts DiagOptions) diagMode() (*diagMode, error) {
+ if err := opts.ByteStringEncoding.valid(); err != nil {
+ return nil, err
+ }
+
+ decMode, err := DecOptions{
+ MaxNestedLevels: opts.MaxNestedLevels,
+ MaxArrayElements: opts.MaxArrayElements,
+ MaxMapPairs: opts.MaxMapPairs,
+ }.decMode()
+ if err != nil {
+ return nil, err
+ }
+
+ return &diagMode{
+ byteStringEncoding: opts.ByteStringEncoding,
+ byteStringHexWhitespace: opts.ByteStringHexWhitespace,
+ byteStringText: opts.ByteStringText,
+ byteStringEmbeddedCBOR: opts.ByteStringEmbeddedCBOR,
+ cborSequence: opts.CBORSequence,
+ floatPrecisionIndicator: opts.FloatPrecisionIndicator,
+ decMode: decMode,
+ }, nil
+}
+
+type diagMode struct {
+ byteStringEncoding ByteStringEncoding
+ byteStringHexWhitespace bool
+ byteStringText bool
+ byteStringEmbeddedCBOR bool
+ cborSequence bool
+ floatPrecisionIndicator bool
+ decMode *decMode
+}
+
+// DiagOptions returns user specified options used to create this DiagMode.
+func (dm *diagMode) DiagOptions() DiagOptions {
+ return DiagOptions{
+ ByteStringEncoding: dm.byteStringEncoding,
+ ByteStringHexWhitespace: dm.byteStringHexWhitespace,
+ ByteStringText: dm.byteStringText,
+ ByteStringEmbeddedCBOR: dm.byteStringEmbeddedCBOR,
+ CBORSequence: dm.cborSequence,
+ FloatPrecisionIndicator: dm.floatPrecisionIndicator,
+ MaxNestedLevels: dm.decMode.maxNestedLevels,
+ MaxArrayElements: dm.decMode.maxArrayElements,
+ MaxMapPairs: dm.decMode.maxMapPairs,
+ }
+}
+
+// Diagnose returns extended diagnostic notation (EDN) of CBOR data items using the DiagMode.
+func (dm *diagMode) Diagnose(data []byte) (string, error) {
+ return newDiagnose(data, dm.decMode, dm).diag(dm.cborSequence)
+}
+
+// DiagnoseFirst returns extended diagnostic notation (EDN) of the first CBOR data item using the DiagMode. Any remaining bytes are returned in rest.
+func (dm *diagMode) DiagnoseFirst(data []byte) (diagNotation string, rest []byte, err error) {
+ return newDiagnose(data, dm.decMode, dm).diagFirst()
+}
+
+var defaultDiagMode, _ = DiagOptions{}.diagMode()
+
+// Diagnose returns extended diagnostic notation (EDN) of CBOR data items
+// using the default diagnostic mode.
+//
+// Refer to https://www.rfc-editor.org/rfc/rfc8949.html#name-diagnostic-notation.
+func Diagnose(data []byte) (string, error) {
+ return defaultDiagMode.Diagnose(data)
+}
+
+// Diagnose returns extended diagnostic notation (EDN) of the first CBOR data item using the DiagMode. Any remaining bytes are returned in rest.
+func DiagnoseFirst(data []byte) (diagNotation string, rest []byte, err error) {
+ return defaultDiagMode.DiagnoseFirst(data)
+}
+
+type diagnose struct {
+ dm *diagMode
+ d *decoder
+ w *bytes.Buffer
+}
+
+func newDiagnose(data []byte, decm *decMode, diagm *diagMode) *diagnose {
+ return &diagnose{
+ dm: diagm,
+ d: &decoder{data: data, dm: decm},
+ w: &bytes.Buffer{},
+ }
+}
+
+func (di *diagnose) diag(cborSequence bool) (string, error) {
+ // CBOR Sequence
+ firstItem := true
+ for {
+ switch err := di.wellformed(cborSequence); err {
+ case nil:
+ if !firstItem {
+ di.w.WriteString(", ")
+ }
+ firstItem = false
+ if itemErr := di.item(); itemErr != nil {
+ return di.w.String(), itemErr
+ }
+
+ case io.EOF:
+ if firstItem {
+ return di.w.String(), err
+ }
+ return di.w.String(), nil
+
+ default:
+ return di.w.String(), err
+ }
+ }
+}
+
+func (di *diagnose) diagFirst() (diagNotation string, rest []byte, err error) {
+ err = di.wellformed(true)
+ if err == nil {
+ err = di.item()
+ }
+
+ if err == nil {
+ // Return EDN and the rest of the data slice (which might be len 0)
+ return di.w.String(), di.d.data[di.d.off:], nil
+ }
+
+ return di.w.String(), nil, err
+}
+
+func (di *diagnose) wellformed(allowExtraData bool) error {
+ off := di.d.off
+ err := di.d.wellformed(allowExtraData, false)
+ di.d.off = off
+ return err
+}
+
+func (di *diagnose) item() error { //nolint:gocyclo
+ initialByte := di.d.data[di.d.off]
+ switch initialByte {
+ case cborByteStringWithIndefiniteLengthHead,
+ cborTextStringWithIndefiniteLengthHead: // indefinite-length byte/text string
+ di.d.off++
+ if isBreakFlag(di.d.data[di.d.off]) {
+ di.d.off++
+ switch initialByte {
+ case cborByteStringWithIndefiniteLengthHead:
+ // indefinite-length bytes with no chunks.
+ di.w.WriteString(`''_`)
+ return nil
+ case cborTextStringWithIndefiniteLengthHead:
+ // indefinite-length text with no chunks.
+ di.w.WriteString(`""_`)
+ return nil
+ }
+ }
+
+ di.w.WriteString("(_ ")
+
+ i := 0
+ for !di.d.foundBreak() {
+ if i > 0 {
+ di.w.WriteString(", ")
+ }
+
+ i++
+ // wellformedIndefiniteString() already checked that the next item is a byte/text string.
+ if err := di.item(); err != nil {
+ return err
+ }
+ }
+
+ di.w.WriteByte(')')
+ return nil
+
+ case cborArrayWithIndefiniteLengthHead: // indefinite-length array
+ di.d.off++
+ di.w.WriteString("[_ ")
+
+ i := 0
+ for !di.d.foundBreak() {
+ if i > 0 {
+ di.w.WriteString(", ")
+ }
+
+ i++
+ if err := di.item(); err != nil {
+ return err
+ }
+ }
+
+ di.w.WriteByte(']')
+ return nil
+
+ case cborMapWithIndefiniteLengthHead: // indefinite-length map
+ di.d.off++
+ di.w.WriteString("{_ ")
+
+ i := 0
+ for !di.d.foundBreak() {
+ if i > 0 {
+ di.w.WriteString(", ")
+ }
+
+ i++
+ // key
+ if err := di.item(); err != nil {
+ return err
+ }
+
+ di.w.WriteString(": ")
+
+ // value
+ if err := di.item(); err != nil {
+ return err
+ }
+ }
+
+ di.w.WriteByte('}')
+ return nil
+ }
+
+ t := di.d.nextCBORType()
+ switch t {
+ case cborTypePositiveInt:
+ _, _, val := di.d.getHead()
+ di.w.WriteString(strconv.FormatUint(val, 10))
+ return nil
+
+ case cborTypeNegativeInt:
+ _, _, val := di.d.getHead()
+ if val > math.MaxInt64 {
+ // CBOR negative integer overflows int64, use big.Int to store value.
+ bi := new(big.Int)
+ bi.SetUint64(val)
+ bi.Add(bi, big.NewInt(1))
+ bi.Neg(bi)
+ di.w.WriteString(bi.String())
+ return nil
+ }
+
+ nValue := int64(-1) ^ int64(val)
+ di.w.WriteString(strconv.FormatInt(nValue, 10))
+ return nil
+
+ case cborTypeByteString:
+ b, _ := di.d.parseByteString()
+ return di.encodeByteString(b)
+
+ case cborTypeTextString:
+ b, err := di.d.parseTextString()
+ if err != nil {
+ return err
+ }
+ return di.encodeTextString(string(b), '"')
+
+ case cborTypeArray:
+ _, _, val := di.d.getHead()
+ count := int(val)
+ di.w.WriteByte('[')
+
+ for i := 0; i < count; i++ {
+ if i > 0 {
+ di.w.WriteString(", ")
+ }
+ if err := di.item(); err != nil {
+ return err
+ }
+ }
+ di.w.WriteByte(']')
+ return nil
+
+ case cborTypeMap:
+ _, _, val := di.d.getHead()
+ count := int(val)
+ di.w.WriteByte('{')
+
+ for i := 0; i < count; i++ {
+ if i > 0 {
+ di.w.WriteString(", ")
+ }
+ // key
+ if err := di.item(); err != nil {
+ return err
+ }
+ di.w.WriteString(": ")
+ // value
+ if err := di.item(); err != nil {
+ return err
+ }
+ }
+ di.w.WriteByte('}')
+ return nil
+
+ case cborTypeTag:
+ _, _, tagNum := di.d.getHead()
+ switch tagNum {
+ case tagNumUnsignedBignum:
+ if nt := di.d.nextCBORType(); nt != cborTypeByteString {
+ return newInadmissibleTagContentTypeError(
+ tagNumUnsignedBignum,
+ "byte string",
+ nt.String())
+ }
+
+ b, _ := di.d.parseByteString()
+ bi := new(big.Int).SetBytes(b)
+ di.w.WriteString(bi.String())
+ return nil
+
+ case tagNumNegativeBignum:
+ if nt := di.d.nextCBORType(); nt != cborTypeByteString {
+ return newInadmissibleTagContentTypeError(
+ tagNumNegativeBignum,
+ "byte string",
+ nt.String(),
+ )
+ }
+
+ b, _ := di.d.parseByteString()
+ bi := new(big.Int).SetBytes(b)
+ bi.Add(bi, big.NewInt(1))
+ bi.Neg(bi)
+ di.w.WriteString(bi.String())
+ return nil
+
+ default:
+ di.w.WriteString(strconv.FormatUint(tagNum, 10))
+ di.w.WriteByte('(')
+ if err := di.item(); err != nil {
+ return err
+ }
+ di.w.WriteByte(')')
+ return nil
+ }
+
+ case cborTypePrimitives:
+ _, ai, val := di.d.getHead()
+ switch ai {
+ case additionalInformationAsFalse:
+ di.w.WriteString("false")
+ return nil
+
+ case additionalInformationAsTrue:
+ di.w.WriteString("true")
+ return nil
+
+ case additionalInformationAsNull:
+ di.w.WriteString("null")
+ return nil
+
+ case additionalInformationAsUndefined:
+ di.w.WriteString("undefined")
+ return nil
+
+ case additionalInformationAsFloat16,
+ additionalInformationAsFloat32,
+ additionalInformationAsFloat64:
+ return di.encodeFloat(ai, val)
+
+ default:
+ di.w.WriteString("simple(")
+ di.w.WriteString(strconv.FormatUint(val, 10))
+ di.w.WriteByte(')')
+ return nil
+ }
+ }
+
+ return nil
+}
+
+// writeU16 format a rune as "\uxxxx"
+func (di *diagnose) writeU16(val rune) {
+ di.w.WriteString("\\u")
+ var in [2]byte
+ in[0] = byte(val >> 8)
+ in[1] = byte(val)
+ sz := hex.EncodedLen(len(in))
+ di.w.Grow(sz)
+ dst := di.w.Bytes()[di.w.Len() : di.w.Len()+sz]
+ hex.Encode(dst, in[:])
+ di.w.Write(dst)
+}
+
+var rawBase32Encoding = base32.StdEncoding.WithPadding(base32.NoPadding)
+var rawBase32HexEncoding = base32.HexEncoding.WithPadding(base32.NoPadding)
+
+func (di *diagnose) encodeByteString(val []byte) error {
+ if len(val) > 0 {
+ if di.dm.byteStringText && utf8.Valid(val) {
+ return di.encodeTextString(string(val), '\'')
+ }
+
+ if di.dm.byteStringEmbeddedCBOR {
+ di2 := newDiagnose(val, di.dm.decMode, di.dm)
+ // should always notating embedded CBOR sequence.
+ if str, err := di2.diag(true); err == nil {
+ di.w.WriteString("<<")
+ di.w.WriteString(str)
+ di.w.WriteString(">>")
+ return nil
+ }
+ }
+ }
+
+ switch di.dm.byteStringEncoding {
+ case ByteStringBase16Encoding:
+ di.w.WriteString("h'")
+ if di.dm.byteStringHexWhitespace {
+ sz := hex.EncodedLen(len(val))
+ if len(val) > 0 {
+ sz += len(val) - 1
+ }
+ di.w.Grow(sz)
+
+ dst := di.w.Bytes()[di.w.Len():]
+ for i := range val {
+ if i > 0 {
+ dst = append(dst, ' ')
+ }
+ hex.Encode(dst[len(dst):len(dst)+2], val[i:i+1])
+ dst = dst[:len(dst)+2]
+ }
+ di.w.Write(dst)
+ } else {
+ sz := hex.EncodedLen(len(val))
+ di.w.Grow(sz)
+ dst := di.w.Bytes()[di.w.Len() : di.w.Len()+sz]
+ hex.Encode(dst, val)
+ di.w.Write(dst)
+ }
+ di.w.WriteByte('\'')
+ return nil
+
+ case ByteStringBase32Encoding:
+ di.w.WriteString("b32'")
+ sz := rawBase32Encoding.EncodedLen(len(val))
+ di.w.Grow(sz)
+ dst := di.w.Bytes()[di.w.Len() : di.w.Len()+sz]
+ rawBase32Encoding.Encode(dst, val)
+ di.w.Write(dst)
+ di.w.WriteByte('\'')
+ return nil
+
+ case ByteStringBase32HexEncoding:
+ di.w.WriteString("h32'")
+ sz := rawBase32HexEncoding.EncodedLen(len(val))
+ di.w.Grow(sz)
+ dst := di.w.Bytes()[di.w.Len() : di.w.Len()+sz]
+ rawBase32HexEncoding.Encode(dst, val)
+ di.w.Write(dst)
+ di.w.WriteByte('\'')
+ return nil
+
+ case ByteStringBase64Encoding:
+ di.w.WriteString("b64'")
+ sz := base64.RawURLEncoding.EncodedLen(len(val))
+ di.w.Grow(sz)
+ dst := di.w.Bytes()[di.w.Len() : di.w.Len()+sz]
+ base64.RawURLEncoding.Encode(dst, val)
+ di.w.Write(dst)
+ di.w.WriteByte('\'')
+ return nil
+
+ default:
+ // It should not be possible for users to construct a *diagMode with an invalid byte
+ // string encoding.
+ panic(fmt.Sprintf("diagmode has invalid ByteStringEncoding %v", di.dm.byteStringEncoding))
+ }
+}
+
+const utf16SurrSelf = rune(0x10000)
+
+// quote should be either `'` or `"`
+func (di *diagnose) encodeTextString(val string, quote byte) error {
+ di.w.WriteByte(quote)
+
+ for i := 0; i < len(val); {
+ if b := val[i]; b < utf8.RuneSelf {
+ switch {
+ case b == '\t', b == '\n', b == '\r', b == '\\', b == quote:
+ di.w.WriteByte('\\')
+
+ switch b {
+ case '\t':
+ b = 't'
+ case '\n':
+ b = 'n'
+ case '\r':
+ b = 'r'
+ }
+ di.w.WriteByte(b)
+
+ case b >= ' ' && b <= '~':
+ di.w.WriteByte(b)
+
+ default:
+ di.writeU16(rune(b))
+ }
+
+ i++
+ continue
+ }
+
+ c, size := utf8.DecodeRuneInString(val[i:])
+ switch {
+ case c == utf8.RuneError:
+ return &SemanticError{"cbor: invalid UTF-8 string"}
+
+ case c < utf16SurrSelf:
+ di.writeU16(c)
+
+ default:
+ c1, c2 := utf16.EncodeRune(c)
+ di.writeU16(c1)
+ di.writeU16(c2)
+ }
+
+ i += size
+ }
+
+ di.w.WriteByte(quote)
+ return nil
+}
+
+func (di *diagnose) encodeFloat(ai byte, val uint64) error {
+ f64 := float64(0)
+ switch ai {
+ case additionalInformationAsFloat16:
+ f16 := float16.Frombits(uint16(val))
+ switch {
+ case f16.IsNaN():
+ di.w.WriteString("NaN")
+ return nil
+ case f16.IsInf(1):
+ di.w.WriteString("Infinity")
+ return nil
+ case f16.IsInf(-1):
+ di.w.WriteString("-Infinity")
+ return nil
+ default:
+ f64 = float64(f16.Float32())
+ }
+
+ case additionalInformationAsFloat32:
+ f32 := math.Float32frombits(uint32(val))
+ switch {
+ case f32 != f32:
+ di.w.WriteString("NaN")
+ return nil
+ case f32 > math.MaxFloat32:
+ di.w.WriteString("Infinity")
+ return nil
+ case f32 < -math.MaxFloat32:
+ di.w.WriteString("-Infinity")
+ return nil
+ default:
+ f64 = float64(f32)
+ }
+
+ case additionalInformationAsFloat64:
+ f64 = math.Float64frombits(val)
+ switch {
+ case f64 != f64:
+ di.w.WriteString("NaN")
+ return nil
+ case f64 > math.MaxFloat64:
+ di.w.WriteString("Infinity")
+ return nil
+ case f64 < -math.MaxFloat64:
+ di.w.WriteString("-Infinity")
+ return nil
+ }
+ }
+ // Use ES6 number to string conversion which should match most JSON generators.
+ // Inspired by https://github.com/golang/go/blob/4df10fba1687a6d4f51d7238a403f8f2298f6a16/src/encoding/json/encode.go#L585
+ const bitSize = 64
+ b := make([]byte, 0, 32)
+ if abs := math.Abs(f64); abs != 0 && (abs < 1e-6 || abs >= 1e21) {
+ b = strconv.AppendFloat(b, f64, 'e', -1, bitSize)
+ // clean up e-09 to e-9
+ n := len(b)
+ if n >= 4 && string(b[n-4:n-1]) == "e-0" {
+ b = append(b[:n-2], b[n-1])
+ }
+ } else {
+ b = strconv.AppendFloat(b, f64, 'f', -1, bitSize)
+ }
+
+ // add decimal point and trailing zero if needed
+ if bytes.IndexByte(b, '.') < 0 {
+ if i := bytes.IndexByte(b, 'e'); i < 0 {
+ b = append(b, '.', '0')
+ } else {
+ b = append(b[:i+2], b[i:]...)
+ b[i] = '.'
+ b[i+1] = '0'
+ }
+ }
+
+ di.w.WriteString(string(b))
+
+ if di.dm.floatPrecisionIndicator {
+ switch ai {
+ case additionalInformationAsFloat16:
+ di.w.WriteString("_1")
+ return nil
+
+ case additionalInformationAsFloat32:
+ di.w.WriteString("_2")
+ return nil
+
+ case additionalInformationAsFloat64:
+ di.w.WriteString("_3")
+ return nil
+ }
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/fxamacker/cbor/v2/doc.go b/vendor/github.com/fxamacker/cbor/v2/doc.go
index 8235d05465..23f68b984c 100644
--- a/vendor/github.com/fxamacker/cbor/v2/doc.go
+++ b/vendor/github.com/fxamacker/cbor/v2/doc.go
@@ -17,17 +17,17 @@ For example, "toarray" tag makes struct fields encode to CBOR array elements. A
Latest docs can be viewed at https://github.com/fxamacker/cbor#cbor-library-in-go
-Basics
+# Basics
The Quick Start guide is at https://github.com/fxamacker/cbor#quick-start
Function signatures identical to encoding/json include:
- Marshal, Unmarshal, NewEncoder, NewDecoder, (*Encoder).Encode, (*Decoder).Decode.
+ Marshal, Unmarshal, NewEncoder, NewDecoder, (*Encoder).Encode, (*Decoder).Decode.
Standard interfaces include:
- BinaryMarshaler, BinaryUnmarshaler, Marshaler, and Unmarshaler.
+ BinaryMarshaler, BinaryUnmarshaler, Marshaler, and Unmarshaler.
Custom encoding and decoding is possible by implementing standard interfaces for
user-defined Go types.
@@ -39,9 +39,9 @@ creating modes from options at runtime.
EncMode and DecMode interfaces are created from EncOptions or DecOptions structs.
- em := cbor.EncOptions{...}.EncMode()
- em := cbor.CanonicalEncOptions().EncMode()
- em := cbor.CTAP2EncOptions().EncMode()
+ em, err := cbor.EncOptions{...}.EncMode()
+ em, err := cbor.CanonicalEncOptions().EncMode()
+ em, err := cbor.CTAP2EncOptions().EncMode()
Modes use immutable options to avoid side-effects and simplify concurrency. Behavior of
modes won't accidentally change at runtime after they're created.
@@ -50,55 +50,55 @@ Modes are intended to be reused and are safe for concurrent use.
EncMode and DecMode Interfaces
- // EncMode interface uses immutable options and is safe for concurrent use.
- type EncMode interface {
- Marshal(v interface{}) ([]byte, error)
- NewEncoder(w io.Writer) *Encoder
- EncOptions() EncOptions // returns copy of options
- }
+ // EncMode interface uses immutable options and is safe for concurrent use.
+ type EncMode interface {
+ Marshal(v interface{}) ([]byte, error)
+ NewEncoder(w io.Writer) *Encoder
+ EncOptions() EncOptions // returns copy of options
+ }
- // DecMode interface uses immutable options and is safe for concurrent use.
- type DecMode interface {
- Unmarshal(data []byte, v interface{}) error
- NewDecoder(r io.Reader) *Decoder
- DecOptions() DecOptions // returns copy of options
- }
+ // DecMode interface uses immutable options and is safe for concurrent use.
+ type DecMode interface {
+ Unmarshal(data []byte, v interface{}) error
+ NewDecoder(r io.Reader) *Decoder
+ DecOptions() DecOptions // returns copy of options
+ }
Using Default Encoding Mode
- b, err := cbor.Marshal(v)
+ b, err := cbor.Marshal(v)
- encoder := cbor.NewEncoder(w)
- err = encoder.Encode(v)
+ encoder := cbor.NewEncoder(w)
+ err = encoder.Encode(v)
Using Default Decoding Mode
- err := cbor.Unmarshal(b, &v)
+ err := cbor.Unmarshal(b, &v)
- decoder := cbor.NewDecoder(r)
- err = decoder.Decode(&v)
+ decoder := cbor.NewDecoder(r)
+ err = decoder.Decode(&v)
Creating and Using Encoding Modes
- // Create EncOptions using either struct literal or a function.
- opts := cbor.CanonicalEncOptions()
+ // Create EncOptions using either struct literal or a function.
+ opts := cbor.CanonicalEncOptions()
- // If needed, modify encoding options
- opts.Time = cbor.TimeUnix
+ // If needed, modify encoding options
+ opts.Time = cbor.TimeUnix
- // Create reusable EncMode interface with immutable options, safe for concurrent use.
- em, err := opts.EncMode()
+ // Create reusable EncMode interface with immutable options, safe for concurrent use.
+ em, err := opts.EncMode()
- // Use EncMode like encoding/json, with same function signatures.
- b, err := em.Marshal(v)
- // or
- encoder := em.NewEncoder(w)
- err := encoder.Encode(v)
+ // Use EncMode like encoding/json, with same function signatures.
+ b, err := em.Marshal(v)
+ // or
+ encoder := em.NewEncoder(w)
+ err := encoder.Encode(v)
- // NOTE: Both em.Marshal(v) and encoder.Encode(v) use encoding options
- // specified during creation of em (encoding mode).
+ // NOTE: Both em.Marshal(v) and encoder.Encode(v) use encoding options
+ // specified during creation of em (encoding mode).
-CBOR Options
+# CBOR Options
Predefined Encoding Options: https://github.com/fxamacker/cbor#predefined-encoding-options
@@ -106,7 +106,7 @@ Encoding Options: https://github.com/fxamacker/cbor#encoding-options
Decoding Options: https://github.com/fxamacker/cbor#decoding-options
-Struct Tags
+# Struct Tags
Struct tags like `cbor:"name,omitempty"` and `json:"name,omitempty"` work as expected.
If both struct tags are specified then `cbor` is used.
@@ -121,9 +121,9 @@ https://raw.githubusercontent.com/fxamacker/images/master/cbor/v2.0.0/cbor_easy_
Struct tags are listed at https://github.com/fxamacker/cbor#struct-tags-1
-Tests and Fuzzing
+# Tests and Fuzzing
Over 375 tests are included in this package. Cover-guided fuzzing is handled by
-fxamacker/cbor-fuzz.
+a private fuzzer that replaced fxamacker/cbor-fuzz years ago.
*/
package cbor
diff --git a/vendor/github.com/fxamacker/cbor/v2/encode.go b/vendor/github.com/fxamacker/cbor/v2/encode.go
index 95d2c23f5b..6508e291d6 100644
--- a/vendor/github.com/fxamacker/cbor/v2/encode.go
+++ b/vendor/github.com/fxamacker/cbor/v2/encode.go
@@ -8,9 +8,11 @@ import (
"encoding"
"encoding/binary"
"errors"
+ "fmt"
"io"
"math"
"math/big"
+ "math/rand"
"reflect"
"sort"
"strconv"
@@ -94,12 +96,40 @@ func Marshal(v interface{}) ([]byte, error) {
return defaultEncMode.Marshal(v)
}
+// MarshalToBuffer encodes v into provided buffer (instead of using built-in buffer pool)
+// and uses default encoding options.
+//
+// NOTE: Unlike Marshal, the buffer provided to MarshalToBuffer can contain
+// partially encoded data if error is returned.
+//
+// See Marshal for more details.
+func MarshalToBuffer(v interface{}, buf *bytes.Buffer) error {
+ return defaultEncMode.MarshalToBuffer(v, buf)
+}
+
// Marshaler is the interface implemented by types that can marshal themselves
// into valid CBOR.
type Marshaler interface {
MarshalCBOR() ([]byte, error)
}
+// MarshalerError represents error from checking encoded CBOR data item
+// returned from MarshalCBOR for well-formedness and some very limited tag validation.
+type MarshalerError struct {
+ typ reflect.Type
+ err error
+}
+
+func (e *MarshalerError) Error() string {
+ return "cbor: error calling MarshalCBOR for type " +
+ e.typ.String() +
+ ": " + e.err.Error()
+}
+
+func (e *MarshalerError) Unwrap() error {
+ return e.err
+}
+
// UnsupportedTypeError is returned by Marshal when attempting to encode value
// of an unsupported type.
type UnsupportedTypeError struct {
@@ -110,11 +140,21 @@ func (e *UnsupportedTypeError) Error() string {
return "cbor: unsupported type: " + e.Type.String()
}
+// UnsupportedValueError is returned by Marshal when attempting to encode an
+// unsupported value.
+type UnsupportedValueError struct {
+ msg string
+}
+
+func (e *UnsupportedValueError) Error() string {
+ return "cbor: unsupported value: " + e.msg
+}
+
// SortMode identifies supported sorting order.
type SortMode int
const (
- // SortNone means no sorting.
+ // SortNone encodes map pairs and struct fields in an arbitrary order.
SortNone SortMode = 0
// SortLengthFirst causes map keys or struct fields to be sorted such that:
@@ -130,6 +170,12 @@ const (
// in RFC 7049bis.
SortBytewiseLexical SortMode = 2
+ // SortShuffle encodes map pairs and struct fields in a shuffled
+ // order. This mode does not guarantee an unbiased permutation, but it
+ // does guarantee that the runtime of the shuffle algorithm used will be
+ // constant.
+ SortFastShuffle SortMode = 3
+
// SortCanonical is used in "Canonical CBOR" encoding in RFC 7049 3.9.
SortCanonical SortMode = SortLengthFirst
@@ -139,11 +185,33 @@ const (
// SortCoreDeterministic is used in "Core Deterministic Encoding" in RFC 7049bis.
SortCoreDeterministic SortMode = SortBytewiseLexical
- maxSortMode SortMode = 3
+ maxSortMode SortMode = 4
)
func (sm SortMode) valid() bool {
- return sm < maxSortMode
+ return sm >= 0 && sm < maxSortMode
+}
+
+// StringMode specifies how to encode Go string values.
+type StringMode int
+
+const (
+ // StringToTextString encodes Go string to CBOR text string (major type 3).
+ StringToTextString StringMode = iota
+
+ // StringToByteString encodes Go string to CBOR byte string (major type 2).
+ StringToByteString
+)
+
+func (st StringMode) cborType() (cborType, error) {
+ switch st {
+ case StringToTextString:
+ return cborTypeTextString, nil
+
+ case StringToByteString:
+ return cborTypeByteString, nil
+ }
+ return 0, errors.New("cbor: invalid StringType " + strconv.Itoa(int(st)))
}
// ShortestFloatMode specifies which floating-point format should
@@ -168,7 +236,7 @@ const (
)
func (sfm ShortestFloatMode) valid() bool {
- return sfm < maxShortestFloat
+ return sfm >= 0 && sfm < maxShortestFloat
}
// NaNConvertMode specifies how to encode NaN and overrides ShortestFloatMode.
@@ -192,11 +260,14 @@ const (
// NaN payload.
NaNConvertQuiet
+ // NaNConvertReject returns UnsupportedValueError on attempts to encode a NaN value.
+ NaNConvertReject
+
maxNaNConvert
)
func (ncm NaNConvertMode) valid() bool {
- return ncm < maxNaNConvert
+ return ncm >= 0 && ncm < maxNaNConvert
}
// InfConvertMode specifies how to encode Infinity and overrides ShortestFloatMode.
@@ -210,11 +281,14 @@ const (
// InfConvertNone never converts (used by CTAP2 Canonical CBOR).
InfConvertNone
+ // InfConvertReject returns UnsupportedValueError on attempts to encode an infinite value.
+ InfConvertReject
+
maxInfConvert
)
func (icm InfConvertMode) valid() bool {
- return icm < maxInfConvert
+ return icm >= 0 && icm < maxInfConvert
}
// TimeMode specifies how to encode time.Time values.
@@ -241,7 +315,7 @@ const (
)
func (tm TimeMode) valid() bool {
- return tm < maxTimeMode
+ return tm >= 0 && tm < maxTimeMode
}
// BigIntConvertMode specifies how to encode big.Int values.
@@ -250,18 +324,161 @@ type BigIntConvertMode int
const (
// BigIntConvertShortest makes big.Int encode to CBOR integer if value fits.
// E.g. if big.Int value can be converted to CBOR integer while preserving
- // value, encoder will encode it to CBOR interger (major type 0 or 1).
+ // value, encoder will encode it to CBOR integer (major type 0 or 1).
BigIntConvertShortest BigIntConvertMode = iota
// BigIntConvertNone makes big.Int encode to CBOR bignum (tag 2 or 3) without
// converting it to another CBOR type.
BigIntConvertNone
+ // BigIntConvertReject returns an UnsupportedTypeError instead of marshaling a big.Int.
+ BigIntConvertReject
+
maxBigIntConvert
)
func (bim BigIntConvertMode) valid() bool {
- return bim < maxBigIntConvert
+ return bim >= 0 && bim < maxBigIntConvert
+}
+
+// NilContainersMode specifies how to encode nil slices and maps.
+type NilContainersMode int
+
+const (
+ // NilContainerAsNull encodes nil slices and maps as CBOR null.
+ // This is the default.
+ NilContainerAsNull NilContainersMode = iota
+
+ // NilContainerAsEmpty encodes nil slices and maps as
+ // empty container (CBOR bytestring, array, or map).
+ NilContainerAsEmpty
+
+ maxNilContainersMode
+)
+
+func (m NilContainersMode) valid() bool {
+ return m >= 0 && m < maxNilContainersMode
+}
+
+// OmitEmptyMode specifies how to encode struct fields with omitempty tag.
+// The default behavior omits if field value would encode as empty CBOR value.
+type OmitEmptyMode int
+
+const (
+ // OmitEmptyCBORValue specifies that struct fields tagged with "omitempty"
+ // should be omitted from encoding if the field would be encoded as an empty
+ // CBOR value, such as CBOR false, 0, 0.0, nil, empty byte, empty string,
+ // empty array, or empty map.
+ OmitEmptyCBORValue OmitEmptyMode = iota
+
+ // OmitEmptyGoValue specifies that struct fields tagged with "omitempty"
+ // should be omitted from encoding if the field has an empty Go value,
+ // defined as false, 0, 0.0, a nil pointer, a nil interface value, and
+ // any empty array, slice, map, or string.
+ // This behavior is the same as the current (aka v1) encoding/json package
+ // included in Go.
+ OmitEmptyGoValue
+
+ maxOmitEmptyMode
+)
+
+func (om OmitEmptyMode) valid() bool {
+ return om >= 0 && om < maxOmitEmptyMode
+}
+
+// FieldNameMode specifies the CBOR type to use when encoding struct field names.
+type FieldNameMode int
+
+const (
+ // FieldNameToTextString encodes struct fields to CBOR text string (major type 3).
+ FieldNameToTextString FieldNameMode = iota
+
+ // FieldNameToTextString encodes struct fields to CBOR byte string (major type 2).
+ FieldNameToByteString
+
+ maxFieldNameMode
+)
+
+func (fnm FieldNameMode) valid() bool {
+ return fnm >= 0 && fnm < maxFieldNameMode
+}
+
+// ByteSliceLaterFormatMode specifies which later format conversion hint (CBOR tag 21-23)
+// to include (if any) when encoding Go byte slice to CBOR byte string. The encoder will
+// always encode unmodified bytes from the byte slice and just wrap it within
+// CBOR tag 21, 22, or 23 if specified.
+// See "Expected Later Encoding for CBOR-to-JSON Converters" in RFC 8949 Section 3.4.5.2.
+type ByteSliceLaterFormatMode int
+
+const (
+ // ByteSliceLaterFormatNone encodes unmodified bytes from Go byte slice to CBOR byte string (major type 2)
+ // without adding CBOR tag 21, 22, or 23.
+ ByteSliceLaterFormatNone ByteSliceLaterFormatMode = iota
+
+ // ByteSliceLaterFormatBase64URL encodes unmodified bytes from Go byte slice to CBOR byte string (major type 2)
+ // inside CBOR tag 21 (expected later conversion to base64url encoding, see RFC 8949 Section 3.4.5.2).
+ ByteSliceLaterFormatBase64URL
+
+ // ByteSliceLaterFormatBase64 encodes unmodified bytes from Go byte slice to CBOR byte string (major type 2)
+ // inside CBOR tag 22 (expected later conversion to base64 encoding, see RFC 8949 Section 3.4.5.2).
+ ByteSliceLaterFormatBase64
+
+ // ByteSliceLaterFormatBase16 encodes unmodified bytes from Go byte slice to CBOR byte string (major type 2)
+ // inside CBOR tag 23 (expected later conversion to base16 encoding, see RFC 8949 Section 3.4.5.2).
+ ByteSliceLaterFormatBase16
+)
+
+func (bsefm ByteSliceLaterFormatMode) encodingTag() (uint64, error) {
+ switch bsefm {
+ case ByteSliceLaterFormatNone:
+ return 0, nil
+
+ case ByteSliceLaterFormatBase64URL:
+ return tagNumExpectedLaterEncodingBase64URL, nil
+
+ case ByteSliceLaterFormatBase64:
+ return tagNumExpectedLaterEncodingBase64, nil
+
+ case ByteSliceLaterFormatBase16:
+ return tagNumExpectedLaterEncodingBase16, nil
+ }
+ return 0, errors.New("cbor: invalid ByteSliceLaterFormat " + strconv.Itoa(int(bsefm)))
+}
+
+// ByteArrayMode specifies how to encode byte arrays.
+type ByteArrayMode int
+
+const (
+ // ByteArrayToByteSlice encodes byte arrays the same way that a byte slice with identical
+ // length and contents is encoded.
+ ByteArrayToByteSlice ByteArrayMode = iota
+
+ // ByteArrayToArray encodes byte arrays to the CBOR array type with one unsigned integer
+ // item for each byte in the array.
+ ByteArrayToArray
+
+ maxByteArrayMode
+)
+
+func (bam ByteArrayMode) valid() bool {
+ return bam >= 0 && bam < maxByteArrayMode
+}
+
+// BinaryMarshalerMode specifies how to encode types that implement encoding.BinaryMarshaler.
+type BinaryMarshalerMode int
+
+const (
+ // BinaryMarshalerByteString encodes the output of MarshalBinary to a CBOR byte string.
+ BinaryMarshalerByteString BinaryMarshalerMode = iota
+
+ // BinaryMarshalerNone does not recognize BinaryMarshaler implementations during encode.
+ BinaryMarshalerNone
+
+ maxBinaryMarshalerMode
+)
+
+func (bmm BinaryMarshalerMode) valid() bool {
+ return bmm >= 0 && bmm < maxBinaryMarshalerMode
}
// EncOptions specifies encoding options.
@@ -292,26 +509,52 @@ type EncOptions struct {
// IndefLength specifies whether to allow indefinite length CBOR items.
IndefLength IndefLengthMode
+ // NilContainers specifies how to encode nil slices and maps.
+ NilContainers NilContainersMode
+
// TagsMd specifies whether to allow CBOR tags (major type 6).
TagsMd TagsMode
+
+ // OmitEmptyMode specifies how to encode struct fields with omitempty tag.
+ OmitEmpty OmitEmptyMode
+
+ // String specifies which CBOR type to use when encoding Go strings.
+ // - CBOR text string (major type 3) is default
+ // - CBOR byte string (major type 2)
+ String StringMode
+
+ // FieldName specifies the CBOR type to use when encoding struct field names.
+ FieldName FieldNameMode
+
+ // ByteSliceLaterFormat specifies which later format conversion hint (CBOR tag 21-23)
+ // to include (if any) when encoding Go byte slice to CBOR byte string. The encoder will
+ // always encode unmodified bytes from the byte slice and just wrap it within
+ // CBOR tag 21, 22, or 23 if specified.
+ // See "Expected Later Encoding for CBOR-to-JSON Converters" in RFC 8949 Section 3.4.5.2.
+ ByteSliceLaterFormat ByteSliceLaterFormatMode
+
+ // ByteArray specifies how to encode byte arrays.
+ ByteArray ByteArrayMode
+
+ // BinaryMarshaler specifies how to encode types that implement encoding.BinaryMarshaler.
+ BinaryMarshaler BinaryMarshalerMode
}
// CanonicalEncOptions returns EncOptions for "Canonical CBOR" encoding,
// defined in RFC 7049 Section 3.9 with the following rules:
//
-// 1. "Integers must be as small as possible."
-// 2. "The expression of lengths in major types 2 through 5 must be as short as possible."
-// 3. The keys in every map must be sorted in length-first sorting order.
-// See SortLengthFirst for details.
-// 4. "Indefinite-length items must be made into definite-length items."
-// 5. "If a protocol allows for IEEE floats, then additional canonicalization rules might
-// need to be added. One example rule might be to have all floats start as a 64-bit
-// float, then do a test conversion to a 32-bit float; if the result is the same numeric
-// value, use the shorter value and repeat the process with a test conversion to a
-// 16-bit float. (This rule selects 16-bit float for positive and negative Infinity
-// as well.) Also, there are many representations for NaN. If NaN is an allowed value,
-// it must always be represented as 0xf97e00."
-//
+// 1. "Integers must be as small as possible."
+// 2. "The expression of lengths in major types 2 through 5 must be as short as possible."
+// 3. The keys in every map must be sorted in length-first sorting order.
+// See SortLengthFirst for details.
+// 4. "Indefinite-length items must be made into definite-length items."
+// 5. "If a protocol allows for IEEE floats, then additional canonicalization rules might
+// need to be added. One example rule might be to have all floats start as a 64-bit
+// float, then do a test conversion to a 32-bit float; if the result is the same numeric
+// value, use the shorter value and repeat the process with a test conversion to a
+// 16-bit float. (This rule selects 16-bit float for positive and negative Infinity
+// as well.) Also, there are many representations for NaN. If NaN is an allowed value,
+// it must always be represented as 0xf97e00."
func CanonicalEncOptions() EncOptions {
return EncOptions{
Sort: SortCanonical,
@@ -325,14 +568,13 @@ func CanonicalEncOptions() EncOptions {
// CTAP2EncOptions returns EncOptions for "CTAP2 Canonical CBOR" encoding,
// defined in CTAP specification, with the following rules:
//
-// 1. "Integers must be encoded as small as possible."
-// 2. "The representations of any floating-point values are not changed."
-// 3. "The expression of lengths in major types 2 through 5 must be as short as possible."
-// 4. "Indefinite-length items must be made into definite-length items.""
-// 5. The keys in every map must be sorted in bytewise lexicographic order.
-// See SortBytewiseLexical for details.
-// 6. "Tags as defined in Section 2.4 in [RFC7049] MUST NOT be present."
-//
+// 1. "Integers must be encoded as small as possible."
+// 2. "The representations of any floating-point values are not changed."
+// 3. "The expression of lengths in major types 2 through 5 must be as short as possible."
+// 4. "Indefinite-length items must be made into definite-length items.""
+// 5. The keys in every map must be sorted in bytewise lexicographic order.
+// See SortBytewiseLexical for details.
+// 6. "Tags as defined in Section 2.4 in [RFC7049] MUST NOT be present."
func CTAP2EncOptions() EncOptions {
return EncOptions{
Sort: SortCTAP2,
@@ -347,14 +589,13 @@ func CTAP2EncOptions() EncOptions {
// CoreDetEncOptions returns EncOptions for "Core Deterministic" encoding,
// defined in RFC 7049bis with the following rules:
//
-// 1. "Preferred serialization MUST be used. In particular, this means that arguments
-// (see Section 3) for integers, lengths in major types 2 through 5, and tags MUST
-// be as short as possible"
-// "Floating point values also MUST use the shortest form that preserves the value"
-// 2. "Indefinite-length items MUST NOT appear."
-// 3. "The keys in every map MUST be sorted in the bytewise lexicographic order of
-// their deterministic encodings."
-//
+// 1. "Preferred serialization MUST be used. In particular, this means that arguments
+// (see Section 3) for integers, lengths in major types 2 through 5, and tags MUST
+// be as short as possible"
+// "Floating point values also MUST use the shortest form that preserves the value"
+// 2. "Indefinite-length items MUST NOT appear."
+// 3. "The keys in every map MUST be sorted in the bytewise lexicographic order of
+// their deterministic encodings."
func CoreDetEncOptions() EncOptions {
return EncOptions{
Sort: SortCoreDeterministic,
@@ -368,19 +609,18 @@ func CoreDetEncOptions() EncOptions {
// PreferredUnsortedEncOptions returns EncOptions for "Preferred Serialization" encoding,
// defined in RFC 7049bis with the following rules:
//
-// 1. "The preferred serialization always uses the shortest form of representing the argument
-// (Section 3);"
-// 2. "it also uses the shortest floating-point encoding that preserves the value being
-// encoded (see Section 5.5)."
-// "The preferred encoding for a floating-point value is the shortest floating-point encoding
-// that preserves its value, e.g., 0xf94580 for the number 5.5, and 0xfa45ad9c00 for the
-// number 5555.5, unless the CBOR-based protocol specifically excludes the use of the shorter
-// floating-point encodings. For NaN values, a shorter encoding is preferred if zero-padding
-// the shorter significand towards the right reconstitutes the original NaN value (for many
-// applications, the single NaN encoding 0xf97e00 will suffice)."
-// 3. "Definite length encoding is preferred whenever the length is known at the time the
-// serialization of the item starts."
-//
+// 1. "The preferred serialization always uses the shortest form of representing the argument
+// (Section 3);"
+// 2. "it also uses the shortest floating-point encoding that preserves the value being
+// encoded (see Section 5.5)."
+// "The preferred encoding for a floating-point value is the shortest floating-point encoding
+// that preserves its value, e.g., 0xf94580 for the number 5.5, and 0xfa45ad9c00 for the
+// number 5555.5, unless the CBOR-based protocol specifically excludes the use of the shorter
+// floating-point encodings. For NaN values, a shorter encoding is preferred if zero-padding
+// the shorter significand towards the right reconstitutes the original NaN value (for many
+// applications, the single NaN encoding 0xf97e00 will suffice)."
+// 3. "Definite length encoding is preferred whenever the length is known at the time the
+// serialization of the item starts."
func PreferredUnsortedEncOptions() EncOptions {
return EncOptions{
Sort: SortNone,
@@ -391,12 +631,22 @@ func PreferredUnsortedEncOptions() EncOptions {
}
// EncMode returns EncMode with immutable options and no tags (safe for concurrency).
-func (opts EncOptions) EncMode() (EncMode, error) {
+func (opts EncOptions) EncMode() (EncMode, error) { //nolint:gocritic // ignore hugeParam
+ return opts.encMode()
+}
+
+// UserBufferEncMode returns UserBufferEncMode with immutable options and no tags (safe for concurrency).
+func (opts EncOptions) UserBufferEncMode() (UserBufferEncMode, error) { //nolint:gocritic // ignore hugeParam
return opts.encMode()
}
// EncModeWithTags returns EncMode with options and tags that are both immutable (safe for concurrency).
-func (opts EncOptions) EncModeWithTags(tags TagSet) (EncMode, error) {
+func (opts EncOptions) EncModeWithTags(tags TagSet) (EncMode, error) { //nolint:gocritic // ignore hugeParam
+ return opts.UserBufferEncModeWithTags(tags)
+}
+
+// UserBufferEncModeWithTags returns UserBufferEncMode with options and tags that are both immutable (safe for concurrency).
+func (opts EncOptions) UserBufferEncModeWithTags(tags TagSet) (UserBufferEncMode, error) { //nolint:gocritic // ignore hugeParam
if opts.TagsMd == TagsForbidden {
return nil, errors.New("cbor: cannot create EncMode with TagSet when TagsMd is TagsForbidden")
}
@@ -424,7 +674,12 @@ func (opts EncOptions) EncModeWithTags(tags TagSet) (EncMode, error) {
}
// EncModeWithSharedTags returns EncMode with immutable options and mutable shared tags (safe for concurrency).
-func (opts EncOptions) EncModeWithSharedTags(tags TagSet) (EncMode, error) {
+func (opts EncOptions) EncModeWithSharedTags(tags TagSet) (EncMode, error) { //nolint:gocritic // ignore hugeParam
+ return opts.UserBufferEncModeWithSharedTags(tags)
+}
+
+// UserBufferEncModeWithSharedTags returns UserBufferEncMode with immutable options and mutable shared tags (safe for concurrency).
+func (opts EncOptions) UserBufferEncModeWithSharedTags(tags TagSet) (UserBufferEncMode, error) { //nolint:gocritic // ignore hugeParam
if opts.TagsMd == TagsForbidden {
return nil, errors.New("cbor: cannot create EncMode with TagSet when TagsMd is TagsForbidden")
}
@@ -439,7 +694,7 @@ func (opts EncOptions) EncModeWithSharedTags(tags TagSet) (EncMode, error) {
return em, nil
}
-func (opts EncOptions) encMode() (*encMode, error) {
+func (opts EncOptions) encMode() (*encMode, error) { //nolint:gocritic // ignore hugeParam
if !opts.Sort.valid() {
return nil, errors.New("cbor: invalid SortMode " + strconv.Itoa(int(opts.Sort)))
}
@@ -464,22 +719,54 @@ func (opts EncOptions) encMode() (*encMode, error) {
if !opts.IndefLength.valid() {
return nil, errors.New("cbor: invalid IndefLength " + strconv.Itoa(int(opts.IndefLength)))
}
+ if !opts.NilContainers.valid() {
+ return nil, errors.New("cbor: invalid NilContainers " + strconv.Itoa(int(opts.NilContainers)))
+ }
if !opts.TagsMd.valid() {
return nil, errors.New("cbor: invalid TagsMd " + strconv.Itoa(int(opts.TagsMd)))
}
if opts.TagsMd == TagsForbidden && opts.TimeTag == EncTagRequired {
return nil, errors.New("cbor: cannot set TagsMd to TagsForbidden when TimeTag is EncTagRequired")
}
+ if !opts.OmitEmpty.valid() {
+ return nil, errors.New("cbor: invalid OmitEmpty " + strconv.Itoa(int(opts.OmitEmpty)))
+ }
+ stringMajorType, err := opts.String.cborType()
+ if err != nil {
+ return nil, err
+ }
+ if !opts.FieldName.valid() {
+ return nil, errors.New("cbor: invalid FieldName " + strconv.Itoa(int(opts.FieldName)))
+ }
+ byteSliceLaterEncodingTag, err := opts.ByteSliceLaterFormat.encodingTag()
+ if err != nil {
+ return nil, err
+ }
+ if !opts.ByteArray.valid() {
+ return nil, errors.New("cbor: invalid ByteArray " + strconv.Itoa(int(opts.ByteArray)))
+ }
+ if !opts.BinaryMarshaler.valid() {
+ return nil, errors.New("cbor: invalid BinaryMarshaler " + strconv.Itoa(int(opts.BinaryMarshaler)))
+ }
em := encMode{
- sort: opts.Sort,
- shortestFloat: opts.ShortestFloat,
- nanConvert: opts.NaNConvert,
- infConvert: opts.InfConvert,
- bigIntConvert: opts.BigIntConvert,
- time: opts.Time,
- timeTag: opts.TimeTag,
- indefLength: opts.IndefLength,
- tagsMd: opts.TagsMd,
+ sort: opts.Sort,
+ shortestFloat: opts.ShortestFloat,
+ nanConvert: opts.NaNConvert,
+ infConvert: opts.InfConvert,
+ bigIntConvert: opts.BigIntConvert,
+ time: opts.Time,
+ timeTag: opts.TimeTag,
+ indefLength: opts.IndefLength,
+ nilContainers: opts.NilContainers,
+ tagsMd: opts.TagsMd,
+ omitEmpty: opts.OmitEmpty,
+ stringType: opts.String,
+ stringMajorType: stringMajorType,
+ fieldName: opts.FieldName,
+ byteSliceLaterFormat: opts.ByteSliceLaterFormat,
+ byteSliceLaterEncodingTag: byteSliceLaterEncodingTag,
+ byteArray: opts.ByteArray,
+ binaryMarshaler: opts.BinaryMarshaler,
}
return &em, nil
}
@@ -491,35 +778,136 @@ type EncMode interface {
EncOptions() EncOptions
}
-type encMode struct {
- tags tagProvider
- sort SortMode
- shortestFloat ShortestFloatMode
- nanConvert NaNConvertMode
- infConvert InfConvertMode
- bigIntConvert BigIntConvertMode
- time TimeMode
- timeTag EncTagMode
- indefLength IndefLengthMode
- tagsMd TagsMode
+// UserBufferEncMode is an interface for CBOR encoding, which extends EncMode by
+// adding MarshalToBuffer to support user specified buffer rather than encoding
+// into the built-in buffer pool.
+type UserBufferEncMode interface {
+ EncMode
+ MarshalToBuffer(v interface{}, buf *bytes.Buffer) error
+
+ // This private method is to prevent users implementing
+ // this interface and so future additions to it will
+ // not be breaking changes.
+ // See https://go.dev/blog/module-compatibility
+ unexport()
}
-var defaultEncMode = &encMode{}
+type encMode struct {
+ tags tagProvider
+ sort SortMode
+ shortestFloat ShortestFloatMode
+ nanConvert NaNConvertMode
+ infConvert InfConvertMode
+ bigIntConvert BigIntConvertMode
+ time TimeMode
+ timeTag EncTagMode
+ indefLength IndefLengthMode
+ nilContainers NilContainersMode
+ tagsMd TagsMode
+ omitEmpty OmitEmptyMode
+ stringType StringMode
+ stringMajorType cborType
+ fieldName FieldNameMode
+ byteSliceLaterFormat ByteSliceLaterFormatMode
+ byteSliceLaterEncodingTag uint64
+ byteArray ByteArrayMode
+ binaryMarshaler BinaryMarshalerMode
+}
+
+var defaultEncMode, _ = EncOptions{}.encMode()
+
+// These four decoding modes are used by getMarshalerDecMode.
+// maxNestedLevels, maxArrayElements, and maxMapPairs are
+// set to max allowed limits to avoid rejecting Marshaler
+// output that would have been the allowable output of a
+// non-Marshaler object that exceeds default limits.
+var (
+ marshalerForbidIndefLengthForbidTagsDecMode = decMode{
+ maxNestedLevels: maxMaxNestedLevels,
+ maxArrayElements: maxMaxArrayElements,
+ maxMapPairs: maxMaxMapPairs,
+ indefLength: IndefLengthForbidden,
+ tagsMd: TagsForbidden,
+ }
+
+ marshalerAllowIndefLengthForbidTagsDecMode = decMode{
+ maxNestedLevels: maxMaxNestedLevels,
+ maxArrayElements: maxMaxArrayElements,
+ maxMapPairs: maxMaxMapPairs,
+ indefLength: IndefLengthAllowed,
+ tagsMd: TagsForbidden,
+ }
+
+ marshalerForbidIndefLengthAllowTagsDecMode = decMode{
+ maxNestedLevels: maxMaxNestedLevels,
+ maxArrayElements: maxMaxArrayElements,
+ maxMapPairs: maxMaxMapPairs,
+ indefLength: IndefLengthForbidden,
+ tagsMd: TagsAllowed,
+ }
+
+ marshalerAllowIndefLengthAllowTagsDecMode = decMode{
+ maxNestedLevels: maxMaxNestedLevels,
+ maxArrayElements: maxMaxArrayElements,
+ maxMapPairs: maxMaxMapPairs,
+ indefLength: IndefLengthAllowed,
+ tagsMd: TagsAllowed,
+ }
+)
+
+// getMarshalerDecMode returns one of four existing decoding modes
+// which can be reused (safe for parallel use) for the purpose of
+// checking if data returned by Marshaler is well-formed.
+func getMarshalerDecMode(indefLength IndefLengthMode, tagsMd TagsMode) *decMode {
+ switch {
+ case indefLength == IndefLengthAllowed && tagsMd == TagsAllowed:
+ return &marshalerAllowIndefLengthAllowTagsDecMode
+
+ case indefLength == IndefLengthAllowed && tagsMd == TagsForbidden:
+ return &marshalerAllowIndefLengthForbidTagsDecMode
+
+ case indefLength == IndefLengthForbidden && tagsMd == TagsAllowed:
+ return &marshalerForbidIndefLengthAllowTagsDecMode
+
+ case indefLength == IndefLengthForbidden && tagsMd == TagsForbidden:
+ return &marshalerForbidIndefLengthForbidTagsDecMode
+
+ default:
+ // This should never happen, unless we add new options to
+ // IndefLengthMode or TagsMode without updating this function.
+ return &decMode{
+ maxNestedLevels: maxMaxNestedLevels,
+ maxArrayElements: maxMaxArrayElements,
+ maxMapPairs: maxMaxMapPairs,
+ indefLength: indefLength,
+ tagsMd: tagsMd,
+ }
+ }
+}
// EncOptions returns user specified options used to create this EncMode.
func (em *encMode) EncOptions() EncOptions {
return EncOptions{
- Sort: em.sort,
- ShortestFloat: em.shortestFloat,
- NaNConvert: em.nanConvert,
- InfConvert: em.infConvert,
- BigIntConvert: em.bigIntConvert,
- Time: em.time,
- TimeTag: em.timeTag,
- IndefLength: em.indefLength,
- TagsMd: em.tagsMd,
- }
-}
+ Sort: em.sort,
+ ShortestFloat: em.shortestFloat,
+ NaNConvert: em.nanConvert,
+ InfConvert: em.infConvert,
+ BigIntConvert: em.bigIntConvert,
+ Time: em.time,
+ TimeTag: em.timeTag,
+ IndefLength: em.indefLength,
+ NilContainers: em.nilContainers,
+ TagsMd: em.tagsMd,
+ OmitEmpty: em.omitEmpty,
+ String: em.stringType,
+ FieldName: em.fieldName,
+ ByteSliceLaterFormat: em.byteSliceLaterFormat,
+ ByteArray: em.byteArray,
+ BinaryMarshaler: em.binaryMarshaler,
+ }
+}
+
+func (em *encMode) unexport() {}
func (em *encMode) encTagBytes(t reflect.Type) []byte {
if em.tags != nil {
@@ -534,61 +922,61 @@ func (em *encMode) encTagBytes(t reflect.Type) []byte {
//
// See the documentation for Marshal for details.
func (em *encMode) Marshal(v interface{}) ([]byte, error) {
- e := getEncoderBuffer()
+ e := getEncodeBuffer()
if err := encode(e, em, reflect.ValueOf(v)); err != nil {
- putEncoderBuffer(e)
+ putEncodeBuffer(e)
return nil, err
}
buf := make([]byte, e.Len())
copy(buf, e.Bytes())
- putEncoderBuffer(e)
+ putEncodeBuffer(e)
return buf, nil
}
-// NewEncoder returns a new encoder that writes to w using em EncMode.
-func (em *encMode) NewEncoder(w io.Writer) *Encoder {
- return &Encoder{w: w, em: em, e: getEncoderBuffer()}
+// MarshalToBuffer encodes v into provided buffer (instead of using built-in buffer pool)
+// and uses em encoding mode.
+//
+// NOTE: Unlike Marshal, the buffer provided to MarshalToBuffer can contain
+// partially encoded data if error is returned.
+//
+// See Marshal for more details.
+func (em *encMode) MarshalToBuffer(v interface{}, buf *bytes.Buffer) error {
+ if buf == nil {
+ return fmt.Errorf("cbor: encoding buffer provided by user is nil")
+ }
+ return encode(buf, em, reflect.ValueOf(v))
}
-type encoderBuffer struct {
- bytes.Buffer
- scratch [16]byte
+// NewEncoder returns a new encoder that writes to w using em EncMode.
+func (em *encMode) NewEncoder(w io.Writer) *Encoder {
+ return &Encoder{w: w, em: em}
}
-// encoderBufferPool caches unused encoderBuffer objects for later reuse.
-var encoderBufferPool = sync.Pool{
+// encodeBufferPool caches unused bytes.Buffer objects for later reuse.
+var encodeBufferPool = sync.Pool{
New: func() interface{} {
- e := new(encoderBuffer)
+ e := new(bytes.Buffer)
e.Grow(32) // TODO: make this configurable
return e
},
}
-func getEncoderBuffer() *encoderBuffer {
- return encoderBufferPool.Get().(*encoderBuffer)
+func getEncodeBuffer() *bytes.Buffer {
+ return encodeBufferPool.Get().(*bytes.Buffer)
}
-func putEncoderBuffer(e *encoderBuffer) {
+func putEncodeBuffer(e *bytes.Buffer) {
e.Reset()
- encoderBufferPool.Put(e)
+ encodeBufferPool.Put(e)
}
-type encodeFunc func(e *encoderBuffer, em *encMode, v reflect.Value) error
-type isEmptyFunc func(v reflect.Value) (empty bool, err error)
-
-var (
- cborFalse = []byte{0xf4}
- cborTrue = []byte{0xf5}
- cborNil = []byte{0xf6}
- cborNaN = []byte{0xf9, 0x7e, 0x00}
- cborPositiveInfinity = []byte{0xf9, 0x7c, 0x00}
- cborNegativeInfinity = []byte{0xf9, 0xfc, 0x00}
-)
+type encodeFunc func(e *bytes.Buffer, em *encMode, v reflect.Value) error
+type isEmptyFunc func(em *encMode, v reflect.Value) (empty bool, err error)
-func encode(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encode(e *bytes.Buffer, em *encMode, v reflect.Value) error {
if !v.IsValid() {
// v is zero value
e.Write(cborNil)
@@ -603,7 +991,7 @@ func encode(e *encoderBuffer, em *encMode, v reflect.Value) error {
return f(e, em, v)
}
-func encodeBool(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeBool(e *bytes.Buffer, em *encMode, v reflect.Value) error {
if b := em.encTagBytes(v.Type()); b != nil {
e.Write(b)
}
@@ -615,7 +1003,7 @@ func encodeBool(e *encoderBuffer, em *encMode, v reflect.Value) error {
return nil
}
-func encodeInt(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeInt(e *bytes.Buffer, em *encMode, v reflect.Value) error {
if b := em.encTagBytes(v.Type()); b != nil {
e.Write(b)
}
@@ -629,7 +1017,7 @@ func encodeInt(e *encoderBuffer, em *encMode, v reflect.Value) error {
return nil
}
-func encodeUint(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeUint(e *bytes.Buffer, em *encMode, v reflect.Value) error {
if b := em.encTagBytes(v.Type()); b != nil {
e.Write(b)
}
@@ -637,7 +1025,7 @@ func encodeUint(e *encoderBuffer, em *encMode, v reflect.Value) error {
return nil
}
-func encodeFloat(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeFloat(e *bytes.Buffer, em *encMode, v reflect.Value) error {
if b := em.encTagBytes(v.Type()); b != nil {
e.Write(b)
}
@@ -652,9 +1040,12 @@ func encodeFloat(e *encoderBuffer, em *encMode, v reflect.Value) error {
if v.Kind() == reflect.Float64 && (fopt == ShortestFloatNone || cannotFitFloat32(f64)) {
// Encode float64
// Don't use encodeFloat64() because it cannot be inlined.
- e.scratch[0] = byte(cborTypePrimitives) | byte(27)
- binary.BigEndian.PutUint64(e.scratch[1:], math.Float64bits(f64))
- e.Write(e.scratch[:9])
+ const argumentSize = 8
+ const headSize = 1 + argumentSize
+ var scratch [headSize]byte
+ scratch[0] = byte(cborTypePrimitives) | byte(additionalInformationAsFloat64)
+ binary.BigEndian.PutUint64(scratch[1:], math.Float64bits(f64))
+ e.Write(scratch[:])
return nil
}
@@ -675,24 +1066,34 @@ func encodeFloat(e *encoderBuffer, em *encMode, v reflect.Value) error {
if p == float16.PrecisionExact {
// Encode float16
// Don't use encodeFloat16() because it cannot be inlined.
- e.scratch[0] = byte(cborTypePrimitives) | byte(25)
- binary.BigEndian.PutUint16(e.scratch[1:], uint16(f16))
- e.Write(e.scratch[:3])
+ const argumentSize = 2
+ const headSize = 1 + argumentSize
+ var scratch [headSize]byte
+ scratch[0] = byte(cborTypePrimitives) | additionalInformationAsFloat16
+ binary.BigEndian.PutUint16(scratch[1:], uint16(f16))
+ e.Write(scratch[:])
return nil
}
}
// Encode float32
// Don't use encodeFloat32() because it cannot be inlined.
- e.scratch[0] = byte(cborTypePrimitives) | byte(26)
- binary.BigEndian.PutUint32(e.scratch[1:], math.Float32bits(f32))
- e.Write(e.scratch[:5])
+ const argumentSize = 4
+ const headSize = 1 + argumentSize
+ var scratch [headSize]byte
+ scratch[0] = byte(cborTypePrimitives) | additionalInformationAsFloat32
+ binary.BigEndian.PutUint32(scratch[1:], math.Float32bits(f32))
+ e.Write(scratch[:])
return nil
}
-func encodeInf(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeInf(e *bytes.Buffer, em *encMode, v reflect.Value) error {
f64 := v.Float()
- if em.infConvert == InfConvertFloat16 {
+ switch em.infConvert {
+ case InfConvertReject:
+ return &UnsupportedValueError{msg: "floating-point infinity"}
+
+ case InfConvertFloat16:
if f64 > 0 {
e.Write(cborPositiveInfinity)
} else {
@@ -706,7 +1107,7 @@ func encodeInf(e *encoderBuffer, em *encMode, v reflect.Value) error {
return encodeFloat32(e, float32(f64))
}
-func encodeNaN(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeNaN(e *bytes.Buffer, em *encMode, v reflect.Value) error {
switch em.nanConvert {
case NaNConvert7e00:
e.Write(cborNaN)
@@ -719,6 +1120,9 @@ func encodeNaN(e *encoderBuffer, em *encMode, v reflect.Value) error {
f32 := float32NaNFromReflectValue(v)
return encodeFloat32(e, f32)
+ case NaNConvertReject:
+ return &UnsupportedValueError{msg: "floating-point NaN"}
+
default: // NaNConvertPreserveSignal, NaNConvertQuiet
if v.Kind() == reflect.Float64 {
f64 := v.Float()
@@ -764,33 +1168,45 @@ func encodeNaN(e *encoderBuffer, em *encMode, v reflect.Value) error {
}
}
-func encodeFloat16(e *encoderBuffer, f16 float16.Float16) error {
- e.scratch[0] = byte(cborTypePrimitives) | byte(25)
- binary.BigEndian.PutUint16(e.scratch[1:], uint16(f16))
- e.Write(e.scratch[:3])
+func encodeFloat16(e *bytes.Buffer, f16 float16.Float16) error {
+ const argumentSize = 2
+ const headSize = 1 + argumentSize
+ var scratch [headSize]byte
+ scratch[0] = byte(cborTypePrimitives) | additionalInformationAsFloat16
+ binary.BigEndian.PutUint16(scratch[1:], uint16(f16))
+ e.Write(scratch[:])
return nil
}
-func encodeFloat32(e *encoderBuffer, f32 float32) error {
- e.scratch[0] = byte(cborTypePrimitives) | byte(26)
- binary.BigEndian.PutUint32(e.scratch[1:], math.Float32bits(f32))
- e.Write(e.scratch[:5])
+func encodeFloat32(e *bytes.Buffer, f32 float32) error {
+ const argumentSize = 4
+ const headSize = 1 + argumentSize
+ var scratch [headSize]byte
+ scratch[0] = byte(cborTypePrimitives) | additionalInformationAsFloat32
+ binary.BigEndian.PutUint32(scratch[1:], math.Float32bits(f32))
+ e.Write(scratch[:])
return nil
}
-func encodeFloat64(e *encoderBuffer, f64 float64) error {
- e.scratch[0] = byte(cborTypePrimitives) | byte(27)
- binary.BigEndian.PutUint64(e.scratch[1:], math.Float64bits(f64))
- e.Write(e.scratch[:9])
+func encodeFloat64(e *bytes.Buffer, f64 float64) error {
+ const argumentSize = 8
+ const headSize = 1 + argumentSize
+ var scratch [headSize]byte
+ scratch[0] = byte(cborTypePrimitives) | additionalInformationAsFloat64
+ binary.BigEndian.PutUint64(scratch[1:], math.Float64bits(f64))
+ e.Write(scratch[:])
return nil
}
-func encodeByteString(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeByteString(e *bytes.Buffer, em *encMode, v reflect.Value) error {
vk := v.Kind()
- if vk == reflect.Slice && v.IsNil() {
+ if vk == reflect.Slice && v.IsNil() && em.nilContainers == NilContainerAsNull {
e.Write(cborNil)
return nil
}
+ if vk == reflect.Slice && v.Type().Elem().Kind() == reflect.Uint8 && em.byteSliceLaterEncodingTag != 0 {
+ encodeHead(e, byte(cborTypeTag), em.byteSliceLaterEncodingTag)
+ }
if b := em.encTagBytes(v.Type()); b != nil {
e.Write(b)
}
@@ -809,12 +1225,12 @@ func encodeByteString(e *encoderBuffer, em *encMode, v reflect.Value) error {
return nil
}
-func encodeString(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeString(e *bytes.Buffer, em *encMode, v reflect.Value) error {
if b := em.encTagBytes(v.Type()); b != nil {
e.Write(b)
}
s := v.String()
- encodeHead(e, byte(cborTypeTextString), uint64(len(s)))
+ encodeHead(e, byte(em.stringMajorType), uint64(len(s)))
e.WriteString(s)
return nil
}
@@ -823,8 +1239,11 @@ type arrayEncodeFunc struct {
f encodeFunc
}
-func (ae arrayEncodeFunc) encode(e *encoderBuffer, em *encMode, v reflect.Value) error {
- if v.Kind() == reflect.Slice && v.IsNil() {
+func (ae arrayEncodeFunc) encode(e *bytes.Buffer, em *encMode, v reflect.Value) error {
+ if em.byteArray == ByteArrayToByteSlice && v.Type().Elem().Kind() == reflect.Uint8 {
+ return encodeByteString(e, em, v)
+ }
+ if v.Kind() == reflect.Slice && v.IsNil() && em.nilContainers == NilContainerAsNull {
e.Write(cborNil)
return nil
}
@@ -844,12 +1263,17 @@ func (ae arrayEncodeFunc) encode(e *encoderBuffer, em *encMode, v reflect.Value)
return nil
}
+// encodeKeyValueFunc encodes key/value pairs in map (v).
+// If kvs is provided (having the same length as v), length of encoded key and value are stored in kvs.
+// kvs is used for canonical encoding of map.
+type encodeKeyValueFunc func(e *bytes.Buffer, em *encMode, v reflect.Value, kvs []keyValue) error
+
type mapEncodeFunc struct {
- kf, ef encodeFunc
+ e encodeKeyValueFunc
}
-func (me mapEncodeFunc) encode(e *encoderBuffer, em *encMode, v reflect.Value) error {
- if v.IsNil() {
+func (me mapEncodeFunc) encode(e *bytes.Buffer, em *encMode, v reflect.Value) error {
+ if v.IsNil() && em.nilContainers == NilContainerAsNull {
e.Write(cborNil)
return nil
}
@@ -860,29 +1284,58 @@ func (me mapEncodeFunc) encode(e *encoderBuffer, em *encMode, v reflect.Value) e
if mlen == 0 {
return e.WriteByte(byte(cborTypeMap))
}
- if em.sort != SortNone {
- return me.encodeCanonical(e, em, v)
- }
+
encodeHead(e, byte(cborTypeMap), uint64(mlen))
- iter := v.MapRange()
- for iter.Next() {
- if err := me.kf(e, em, iter.Key()); err != nil {
- return err
- }
- if err := me.ef(e, em, iter.Value()); err != nil {
- return err
- }
+ if em.sort == SortNone || em.sort == SortFastShuffle || mlen <= 1 {
+ return me.e(e, em, v, nil)
+ }
+
+ kvsp := getKeyValues(v.Len()) // for sorting keys
+ defer putKeyValues(kvsp)
+ kvs := *kvsp
+
+ kvBeginOffset := e.Len()
+ if err := me.e(e, em, v, kvs); err != nil {
+ return err
}
+ kvTotalLen := e.Len() - kvBeginOffset
+
+ // Use the capacity at the tail of the encode buffer as a staging area to rearrange the
+ // encoded pairs into sorted order.
+ e.Grow(kvTotalLen)
+ tmp := e.Bytes()[e.Len() : e.Len()+kvTotalLen] // Can use e.AvailableBuffer() in Go 1.21+.
+ dst := e.Bytes()[kvBeginOffset:]
+
+ if em.sort == SortBytewiseLexical {
+ sort.Sort(&bytewiseKeyValueSorter{kvs: kvs, data: dst})
+ } else {
+ sort.Sort(&lengthFirstKeyValueSorter{kvs: kvs, data: dst})
+ }
+
+ // This is where the encoded bytes are actually rearranged in the output buffer to reflect
+ // the desired order.
+ sortedOffset := 0
+ for _, kv := range kvs {
+ copy(tmp[sortedOffset:], dst[kv.offset:kv.nextOffset])
+ sortedOffset += kv.nextOffset - kv.offset
+ }
+ copy(dst, tmp[:kvTotalLen])
+
return nil
+
}
+// keyValue is the position of an encoded pair in a buffer. All offsets are zero-based and relative
+// to the first byte of the first encoded pair.
type keyValue struct {
- keyCBORData, keyValueCBORData []byte
- keyLen, keyValueLen int
+ offset int
+ valueOffset int
+ nextOffset int
}
type bytewiseKeyValueSorter struct {
- kvs []keyValue
+ kvs []keyValue
+ data []byte
}
func (x *bytewiseKeyValueSorter) Len() int {
@@ -894,11 +1347,13 @@ func (x *bytewiseKeyValueSorter) Swap(i, j int) {
}
func (x *bytewiseKeyValueSorter) Less(i, j int) bool {
- return bytes.Compare(x.kvs[i].keyCBORData, x.kvs[j].keyCBORData) <= 0
+ kvi, kvj := x.kvs[i], x.kvs[j]
+ return bytes.Compare(x.data[kvi.offset:kvi.valueOffset], x.data[kvj.offset:kvj.valueOffset]) <= 0
}
type lengthFirstKeyValueSorter struct {
- kvs []keyValue
+ kvs []keyValue
+ data []byte
}
func (x *lengthFirstKeyValueSorter) Len() int {
@@ -910,10 +1365,11 @@ func (x *lengthFirstKeyValueSorter) Swap(i, j int) {
}
func (x *lengthFirstKeyValueSorter) Less(i, j int) bool {
- if len(x.kvs[i].keyCBORData) != len(x.kvs[j].keyCBORData) {
- return len(x.kvs[i].keyCBORData) < len(x.kvs[j].keyCBORData)
+ kvi, kvj := x.kvs[i], x.kvs[j]
+ if keyLengthDifference := (kvi.valueOffset - kvi.offset) - (kvj.valueOffset - kvj.offset); keyLengthDifference != 0 {
+ return keyLengthDifference < 0
}
- return bytes.Compare(x.kvs[i].keyCBORData, x.kvs[j].keyCBORData) <= 0
+ return bytes.Compare(x.data[kvi.offset:kvi.valueOffset], x.data[kvj.offset:kvj.valueOffset]) <= 0
}
var keyValuePool = sync.Pool{}
@@ -941,53 +1397,7 @@ func putKeyValues(x *[]keyValue) {
keyValuePool.Put(x)
}
-func (me mapEncodeFunc) encodeCanonical(e *encoderBuffer, em *encMode, v reflect.Value) error {
- kve := getEncoderBuffer() // accumulated cbor encoded key-values
- kvsp := getKeyValues(v.Len()) // for sorting keys
- kvs := *kvsp
- iter := v.MapRange()
- for i := 0; iter.Next(); i++ {
- off := kve.Len()
- if err := me.kf(kve, em, iter.Key()); err != nil {
- putEncoderBuffer(kve)
- putKeyValues(kvsp)
- return err
- }
- n1 := kve.Len() - off
- if err := me.ef(kve, em, iter.Value()); err != nil {
- putEncoderBuffer(kve)
- putKeyValues(kvsp)
- return err
- }
- n2 := kve.Len() - off
- // Save key and keyvalue length to create slice later.
- kvs[i] = keyValue{keyLen: n1, keyValueLen: n2}
- }
-
- b := kve.Bytes()
- for i, off := 0, 0; i < len(kvs); i++ {
- kvs[i].keyCBORData = b[off : off+kvs[i].keyLen]
- kvs[i].keyValueCBORData = b[off : off+kvs[i].keyValueLen]
- off += kvs[i].keyValueLen
- }
-
- if em.sort == SortBytewiseLexical {
- sort.Sort(&bytewiseKeyValueSorter{kvs})
- } else {
- sort.Sort(&lengthFirstKeyValueSorter{kvs})
- }
-
- encodeHead(e, byte(cborTypeMap), uint64(len(kvs)))
- for i := 0; i < len(kvs); i++ {
- e.Write(kvs[i].keyValueCBORData)
- }
-
- putEncoderBuffer(kve)
- putKeyValues(kvsp)
- return nil
-}
-
-func encodeStructToArray(e *encoderBuffer, em *encMode, v reflect.Value) (err error) {
+func encodeStructToArray(e *bytes.Buffer, em *encMode, v reflect.Value) (err error) {
structType, err := getEncodingStructType(v.Type())
if err != nil {
return err
@@ -1008,7 +1418,7 @@ func encodeStructToArray(e *encoderBuffer, em *encMode, v reflect.Value) (err er
fv = v.Field(f.idx[0])
} else {
// Get embedded field value. No error is expected.
- fv, _ = getFieldValue(v, f.idx, func(v reflect.Value) (reflect.Value, error) {
+ fv, _ = getFieldValue(v, f.idx, func(reflect.Value) (reflect.Value, error) {
// Write CBOR nil for null pointer to embedded struct
e.Write(cborNil)
return reflect.Value{}, nil
@@ -1025,27 +1435,7 @@ func encodeStructToArray(e *encoderBuffer, em *encMode, v reflect.Value) (err er
return nil
}
-func encodeFixedLengthStruct(e *encoderBuffer, em *encMode, v reflect.Value, flds fields) error {
- if b := em.encTagBytes(v.Type()); b != nil {
- e.Write(b)
- }
-
- encodeHead(e, byte(cborTypeMap), uint64(len(flds)))
-
- for i := 0; i < len(flds); i++ {
- f := flds[i]
- e.Write(f.cborName)
-
- fv := v.Field(f.idx[0])
- if err := f.ef(e, em, fv); err != nil {
- return err
- }
- }
-
- return nil
-}
-
-func encodeStruct(e *encoderBuffer, em *encMode, v reflect.Value) (err error) {
+func encodeStruct(e *bytes.Buffer, em *encMode, v reflect.Value) (err error) {
structType, err := getEncodingStructType(v.Type())
if err != nil {
return err
@@ -1053,21 +1443,30 @@ func encodeStruct(e *encoderBuffer, em *encMode, v reflect.Value) (err error) {
flds := structType.getFields(em)
- if structType.fixedLength {
- return encodeFixedLengthStruct(e, em, v, flds)
+ start := 0
+ if em.sort == SortFastShuffle && len(flds) > 0 {
+ start = rand.Intn(len(flds)) //nolint:gosec // Don't need a CSPRNG for deck cutting.
+ }
+
+ if b := em.encTagBytes(v.Type()); b != nil {
+ e.Write(b)
}
- kve := getEncoderBuffer() // encode key-value pairs based on struct field tag options
+ // Encode head with struct field count.
+ // Head is rewritten later if actual encoded field count is different from struct field count.
+ encodedHeadLen := encodeHead(e, byte(cborTypeMap), uint64(len(flds)))
+
+ kvbegin := e.Len()
kvcount := 0
- for i := 0; i < len(flds); i++ {
- f := flds[i]
+ for offset := 0; offset < len(flds); offset++ {
+ f := flds[(start+offset)%len(flds)]
var fv reflect.Value
if len(f.idx) == 1 {
fv = v.Field(f.idx[0])
} else {
// Get embedded field value. No error is expected.
- fv, _ = getFieldValue(v, f.idx, func(v reflect.Value) (reflect.Value, error) {
+ fv, _ = getFieldValue(v, f.idx, func(reflect.Value) (reflect.Value, error) {
// Skip null pointer to embedded struct
return reflect.Value{}, nil
})
@@ -1075,11 +1474,9 @@ func encodeStruct(e *encoderBuffer, em *encMode, v reflect.Value) (err error) {
continue
}
}
-
if f.omitEmpty {
- empty, err := f.ief(fv)
+ empty, err := f.ief(em, fv)
if err != nil {
- putEncoderBuffer(kve)
return err
}
if empty {
@@ -1087,27 +1484,52 @@ func encodeStruct(e *encoderBuffer, em *encMode, v reflect.Value) (err error) {
}
}
- kve.Write(f.cborName)
+ if !f.keyAsInt && em.fieldName == FieldNameToByteString {
+ e.Write(f.cborNameByteString)
+ } else { // int or text string
+ e.Write(f.cborName)
+ }
- if err := f.ef(kve, em, fv); err != nil {
- putEncoderBuffer(kve)
+ if err := f.ef(e, em, fv); err != nil {
return err
}
+
kvcount++
}
- if b := em.encTagBytes(v.Type()); b != nil {
- e.Write(b)
+ if len(flds) == kvcount {
+ // Encoded element count in head is the same as actual element count.
+ return nil
+ }
+
+ // Overwrite the bytes that were reserved for the head before encoding the map entries.
+ var actualHeadLen int
+ {
+ headbuf := *bytes.NewBuffer(e.Bytes()[kvbegin-encodedHeadLen : kvbegin-encodedHeadLen : kvbegin])
+ actualHeadLen = encodeHead(&headbuf, byte(cborTypeMap), uint64(kvcount))
+ }
+
+ if actualHeadLen == encodedHeadLen {
+ // The bytes reserved for the encoded head were exactly the right size, so the
+ // encoded entries are already in their final positions.
+ return nil
}
- encodeHead(e, byte(cborTypeMap), uint64(kvcount))
- e.Write(kve.Bytes())
+ // We reserved more bytes than needed for the encoded head, based on the number of fields
+ // encoded. The encoded entries are offset to the right by the number of excess reserved
+ // bytes. Shift the entries left to remove the gap.
+ excessReservedBytes := encodedHeadLen - actualHeadLen
+ dst := e.Bytes()[kvbegin-excessReservedBytes : e.Len()-excessReservedBytes]
+ src := e.Bytes()[kvbegin:e.Len()]
+ copy(dst, src)
- putEncoderBuffer(kve)
+ // After shifting, the excess bytes are at the end of the output buffer and they are
+ // garbage.
+ e.Truncate(e.Len() - excessReservedBytes)
return nil
}
-func encodeIntf(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeIntf(e *bytes.Buffer, em *encMode, v reflect.Value) error {
if v.IsNil() {
e.Write(cborNil)
return nil
@@ -1115,7 +1537,7 @@ func encodeIntf(e *encoderBuffer, em *encMode, v reflect.Value) error {
return encode(e, em, v.Elem())
}
-func encodeTime(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeTime(e *bytes.Buffer, em *encMode, v reflect.Value) error {
t := v.Interface().(time.Time)
if t.IsZero() {
e.Write(cborNil) // Even if tag is required, encode as CBOR null.
@@ -1132,10 +1554,12 @@ func encodeTime(e *encoderBuffer, em *encMode, v reflect.Value) error {
case TimeUnix:
secs := t.Unix()
return encodeInt(e, em, reflect.ValueOf(secs))
+
case TimeUnixMicro:
t = t.UTC().Round(time.Microsecond)
f := float64(t.UnixNano()) / 1e9
return encodeFloat(e, em, reflect.ValueOf(f))
+
case TimeUnixDynamic:
t = t.UTC().Round(time.Microsecond)
secs, nsecs := t.Unix(), uint64(t.Nanosecond())
@@ -1144,16 +1568,22 @@ func encodeTime(e *encoderBuffer, em *encMode, v reflect.Value) error {
}
f := float64(secs) + float64(nsecs)/1e9
return encodeFloat(e, em, reflect.ValueOf(f))
+
case TimeRFC3339:
s := t.Format(time.RFC3339)
return encodeString(e, em, reflect.ValueOf(s))
+
default: // TimeRFC3339Nano
s := t.Format(time.RFC3339Nano)
return encodeString(e, em, reflect.ValueOf(s))
}
}
-func encodeBigInt(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeBigInt(e *bytes.Buffer, em *encMode, v reflect.Value) error {
+ if em.bigIntConvert == BigIntConvertReject {
+ return &UnsupportedTypeError{Type: typeBigInt}
+ }
+
vbi := v.Interface().(big.Int)
sign := vbi.Sign()
bi := new(big.Int).SetBytes(vbi.Bytes()) // bi is absolute value of v
@@ -1188,7 +1618,16 @@ func encodeBigInt(e *encoderBuffer, em *encMode, v reflect.Value) error {
return nil
}
-func encodeBinaryMarshalerType(e *encoderBuffer, em *encMode, v reflect.Value) error {
+type binaryMarshalerEncoder struct {
+ alternateEncode encodeFunc
+ alternateIsEmpty isEmptyFunc
+}
+
+func (bme binaryMarshalerEncoder) encode(e *bytes.Buffer, em *encMode, v reflect.Value) error {
+ if em.binaryMarshaler != BinaryMarshalerByteString {
+ return bme.alternateEncode(e, em, v)
+ }
+
vt := v.Type()
m, ok := v.Interface().(encoding.BinaryMarshaler)
if !ok {
@@ -1208,7 +1647,25 @@ func encodeBinaryMarshalerType(e *encoderBuffer, em *encMode, v reflect.Value) e
return nil
}
-func encodeMarshalerType(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func (bme binaryMarshalerEncoder) isEmpty(em *encMode, v reflect.Value) (bool, error) {
+ if em.binaryMarshaler != BinaryMarshalerByteString {
+ return bme.alternateIsEmpty(em, v)
+ }
+
+ m, ok := v.Interface().(encoding.BinaryMarshaler)
+ if !ok {
+ pv := reflect.New(v.Type())
+ pv.Elem().Set(v)
+ m = pv.Interface().(encoding.BinaryMarshaler)
+ }
+ data, err := m.MarshalBinary()
+ if err != nil {
+ return false, err
+ }
+ return len(data) == 0, nil
+}
+
+func encodeMarshalerType(e *bytes.Buffer, em *encMode, v reflect.Value) error {
if em.tagsMd == TagsForbidden && v.Type() == typeRawTag {
return errors.New("cbor: cannot encode cbor.RawTag when TagsMd is TagsForbidden")
}
@@ -1222,11 +1679,19 @@ func encodeMarshalerType(e *encoderBuffer, em *encMode, v reflect.Value) error {
if err != nil {
return err
}
+
+ // Verify returned CBOR data item from MarshalCBOR() is well-formed and passes tag validity for builtin tags 0-3.
+ d := decoder{data: data, dm: getMarshalerDecMode(em.indefLength, em.tagsMd)}
+ err = d.wellformed(false, true)
+ if err != nil {
+ return &MarshalerError{typ: v.Type(), err: err}
+ }
+
e.Write(data)
return nil
}
-func encodeTag(e *encoderBuffer, em *encMode, v reflect.Value) error {
+func encodeTag(e *bytes.Buffer, em *encMode, v reflect.Value) error {
if em.tagsMd == TagsForbidden {
return errors.New("cbor: cannot encode cbor.Tag when TagsMd is TagsForbidden")
}
@@ -1242,96 +1707,148 @@ func encodeTag(e *encoderBuffer, em *encMode, v reflect.Value) error {
// Marshal tag number
encodeHead(e, byte(cborTypeTag), t.Number)
- // Marshal tag content
- if err := encode(e, em, reflect.ValueOf(t.Content)); err != nil {
- return err
+ vem := *em // shallow copy
+
+ // For built-in tags, disable settings that may introduce tag validity errors when
+ // marshaling certain Content values.
+ switch t.Number {
+ case tagNumRFC3339Time:
+ vem.stringType = StringToTextString
+ vem.stringMajorType = cborTypeTextString
+ case tagNumUnsignedBignum, tagNumNegativeBignum:
+ vem.byteSliceLaterFormat = ByteSliceLaterFormatNone
+ vem.byteSliceLaterEncodingTag = 0
}
- return nil
+ // Marshal tag content
+ return encode(e, &vem, reflect.ValueOf(t.Content))
}
-func encodeHead(e *encoderBuffer, t byte, n uint64) {
- if n <= 23 {
+// encodeHead writes CBOR head of specified type t and returns number of bytes written.
+func encodeHead(e *bytes.Buffer, t byte, n uint64) int {
+ if n <= maxAdditionalInformationWithoutArgument {
+ const headSize = 1
e.WriteByte(t | byte(n))
- return
+ return headSize
}
+
if n <= math.MaxUint8 {
- e.scratch[0] = t | byte(24)
- e.scratch[1] = byte(n)
- e.Write(e.scratch[:2])
- return
+ const headSize = 2
+ scratch := [headSize]byte{
+ t | byte(additionalInformationWith1ByteArgument),
+ byte(n),
+ }
+ e.Write(scratch[:])
+ return headSize
}
+
if n <= math.MaxUint16 {
- e.scratch[0] = t | byte(25)
- binary.BigEndian.PutUint16(e.scratch[1:], uint16(n))
- e.Write(e.scratch[:3])
- return
+ const headSize = 3
+ var scratch [headSize]byte
+ scratch[0] = t | byte(additionalInformationWith2ByteArgument)
+ binary.BigEndian.PutUint16(scratch[1:], uint16(n))
+ e.Write(scratch[:])
+ return headSize
}
+
if n <= math.MaxUint32 {
- e.scratch[0] = t | byte(26)
- binary.BigEndian.PutUint32(e.scratch[1:], uint32(n))
- e.Write(e.scratch[:5])
- return
+ const headSize = 5
+ var scratch [headSize]byte
+ scratch[0] = t | byte(additionalInformationWith4ByteArgument)
+ binary.BigEndian.PutUint32(scratch[1:], uint32(n))
+ e.Write(scratch[:])
+ return headSize
}
- e.scratch[0] = t | byte(27)
- binary.BigEndian.PutUint64(e.scratch[1:], n)
- e.Write(e.scratch[:9])
+
+ const headSize = 9
+ var scratch [headSize]byte
+ scratch[0] = t | byte(additionalInformationWith8ByteArgument)
+ binary.BigEndian.PutUint64(scratch[1:], n)
+ e.Write(scratch[:])
+ return headSize
}
var (
typeMarshaler = reflect.TypeOf((*Marshaler)(nil)).Elem()
typeBinaryMarshaler = reflect.TypeOf((*encoding.BinaryMarshaler)(nil)).Elem()
typeRawMessage = reflect.TypeOf(RawMessage(nil))
+ typeByteString = reflect.TypeOf(ByteString(""))
)
-func getEncodeFuncInternal(t reflect.Type) (encodeFunc, isEmptyFunc) {
+func getEncodeFuncInternal(t reflect.Type) (ef encodeFunc, ief isEmptyFunc) {
k := t.Kind()
if k == reflect.Ptr {
return getEncodeIndirectValueFunc(t), isEmptyPtr
}
switch t {
+ case typeSimpleValue:
+ return encodeMarshalerType, isEmptyUint
+
case typeTag:
return encodeTag, alwaysNotEmpty
+
case typeTime:
return encodeTime, alwaysNotEmpty
+
case typeBigInt:
return encodeBigInt, alwaysNotEmpty
+
case typeRawMessage:
return encodeMarshalerType, isEmptySlice
+
+ case typeByteString:
+ return encodeMarshalerType, isEmptyString
}
if reflect.PtrTo(t).Implements(typeMarshaler) {
return encodeMarshalerType, alwaysNotEmpty
}
if reflect.PtrTo(t).Implements(typeBinaryMarshaler) {
- return encodeBinaryMarshalerType, isEmptyBinaryMarshaler
+ defer func() {
+ // capture encoding method used for modes that disable BinaryMarshaler
+ bme := binaryMarshalerEncoder{
+ alternateEncode: ef,
+ alternateIsEmpty: ief,
+ }
+ ef = bme.encode
+ ief = bme.isEmpty
+ }()
}
switch k {
case reflect.Bool:
return encodeBool, isEmptyBool
+
case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
return encodeInt, isEmptyInt
+
case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
return encodeUint, isEmptyUint
+
case reflect.Float32, reflect.Float64:
return encodeFloat, isEmptyFloat
+
case reflect.String:
return encodeString, isEmptyString
- case reflect.Slice, reflect.Array:
+
+ case reflect.Slice:
if t.Elem().Kind() == reflect.Uint8 {
return encodeByteString, isEmptySlice
}
+ fallthrough
+
+ case reflect.Array:
f, _ := getEncodeFunc(t.Elem())
if f == nil {
return nil, nil
}
return arrayEncodeFunc{f: f}.encode, isEmptySlice
+
case reflect.Map:
- kf, _ := getEncodeFunc(t.Key())
- ef, _ := getEncodeFunc(t.Elem())
- if kf == nil || ef == nil {
+ f := getEncodeMapFunc(t)
+ if f == nil {
return nil, nil
}
- return mapEncodeFunc{kf: kf, ef: ef}.encode, isEmptyMap
+ return f, isEmptyMap
+
case reflect.Struct:
// Get struct's special field "_" tag options
if f, ok := t.FieldByName("_"); ok {
@@ -1343,6 +1860,7 @@ func getEncodeFuncInternal(t reflect.Type) (encodeFunc, isEmptyFunc) {
}
}
return encodeStruct, isEmptyStruct
+
case reflect.Interface:
return encodeIntf, isEmptyIntf
}
@@ -1357,7 +1875,7 @@ func getEncodeIndirectValueFunc(t reflect.Type) encodeFunc {
if f == nil {
return nil
}
- return func(e *encoderBuffer, em *encMode, v reflect.Value) error {
+ return func(e *bytes.Buffer, em *encMode, v reflect.Value) error {
for v.Kind() == reflect.Ptr && !v.IsNil() {
v = v.Elem()
}
@@ -1369,52 +1887,56 @@ func getEncodeIndirectValueFunc(t reflect.Type) encodeFunc {
}
}
-func alwaysNotEmpty(v reflect.Value) (empty bool, err error) {
+func alwaysNotEmpty(_ *encMode, _ reflect.Value) (empty bool, err error) {
return false, nil
}
-func isEmptyBool(v reflect.Value) (bool, error) {
+func isEmptyBool(_ *encMode, v reflect.Value) (bool, error) {
return !v.Bool(), nil
}
-func isEmptyInt(v reflect.Value) (bool, error) {
+func isEmptyInt(_ *encMode, v reflect.Value) (bool, error) {
return v.Int() == 0, nil
}
-func isEmptyUint(v reflect.Value) (bool, error) {
+func isEmptyUint(_ *encMode, v reflect.Value) (bool, error) {
return v.Uint() == 0, nil
}
-func isEmptyFloat(v reflect.Value) (bool, error) {
+func isEmptyFloat(_ *encMode, v reflect.Value) (bool, error) {
return v.Float() == 0.0, nil
}
-func isEmptyString(v reflect.Value) (bool, error) {
+func isEmptyString(_ *encMode, v reflect.Value) (bool, error) {
return v.Len() == 0, nil
}
-func isEmptySlice(v reflect.Value) (bool, error) {
+func isEmptySlice(_ *encMode, v reflect.Value) (bool, error) {
return v.Len() == 0, nil
}
-func isEmptyMap(v reflect.Value) (bool, error) {
+func isEmptyMap(_ *encMode, v reflect.Value) (bool, error) {
return v.Len() == 0, nil
}
-func isEmptyPtr(v reflect.Value) (bool, error) {
+func isEmptyPtr(_ *encMode, v reflect.Value) (bool, error) {
return v.IsNil(), nil
}
-func isEmptyIntf(v reflect.Value) (bool, error) {
+func isEmptyIntf(_ *encMode, v reflect.Value) (bool, error) {
return v.IsNil(), nil
}
-func isEmptyStruct(v reflect.Value) (bool, error) {
+func isEmptyStruct(em *encMode, v reflect.Value) (bool, error) {
structType, err := getEncodingStructType(v.Type())
if err != nil {
return false, err
}
+ if em.omitEmpty == OmitEmptyGoValue {
+ return false, nil
+ }
+
if structType.toArray {
return len(structType.fields) == 0, nil
}
@@ -1432,7 +1954,7 @@ func isEmptyStruct(v reflect.Value) (bool, error) {
fv = v.Field(f.idx[0])
} else {
// Get embedded field value. No error is expected.
- fv, _ = getFieldValue(v, f.idx, func(v reflect.Value) (reflect.Value, error) {
+ fv, _ = getFieldValue(v, f.idx, func(reflect.Value) (reflect.Value, error) {
// Skip null pointer to embedded struct
return reflect.Value{}, nil
})
@@ -1441,7 +1963,7 @@ func isEmptyStruct(v reflect.Value) (bool, error) {
}
}
- empty, err := f.ief(fv)
+ empty, err := f.ief(em, fv)
if err != nil {
return false, err
}
@@ -1452,20 +1974,6 @@ func isEmptyStruct(v reflect.Value) (bool, error) {
return true, nil
}
-func isEmptyBinaryMarshaler(v reflect.Value) (bool, error) {
- m, ok := v.Interface().(encoding.BinaryMarshaler)
- if !ok {
- pv := reflect.New(v.Type())
- pv.Elem().Set(v)
- m = pv.Interface().(encoding.BinaryMarshaler)
- }
- data, err := m.MarshalBinary()
- if err != nil {
- return false, err
- }
- return len(data) == 0, nil
-}
-
func cannotFitFloat32(f64 float64) bool {
f32 := float32(f64)
return float64(f32) != f64
diff --git a/vendor/github.com/fxamacker/cbor/v2/encode_map.go b/vendor/github.com/fxamacker/cbor/v2/encode_map.go
new file mode 100644
index 0000000000..8b4b4bbc59
--- /dev/null
+++ b/vendor/github.com/fxamacker/cbor/v2/encode_map.go
@@ -0,0 +1,94 @@
+// Copyright (c) Faye Amacker. All rights reserved.
+// Licensed under the MIT License. See LICENSE in the project root for license information.
+
+//go:build go1.20
+
+package cbor
+
+import (
+ "bytes"
+ "reflect"
+ "sync"
+)
+
+type mapKeyValueEncodeFunc struct {
+ kf, ef encodeFunc
+ kpool, vpool sync.Pool
+}
+
+func (me *mapKeyValueEncodeFunc) encodeKeyValues(e *bytes.Buffer, em *encMode, v reflect.Value, kvs []keyValue) error {
+ iterk := me.kpool.Get().(*reflect.Value)
+ defer func() {
+ iterk.SetZero()
+ me.kpool.Put(iterk)
+ }()
+ iterv := me.vpool.Get().(*reflect.Value)
+ defer func() {
+ iterv.SetZero()
+ me.vpool.Put(iterv)
+ }()
+
+ if kvs == nil {
+ for i, iter := 0, v.MapRange(); iter.Next(); i++ {
+ iterk.SetIterKey(iter)
+ iterv.SetIterValue(iter)
+
+ if err := me.kf(e, em, *iterk); err != nil {
+ return err
+ }
+ if err := me.ef(e, em, *iterv); err != nil {
+ return err
+ }
+ }
+ return nil
+ }
+
+ initial := e.Len()
+ for i, iter := 0, v.MapRange(); iter.Next(); i++ {
+ iterk.SetIterKey(iter)
+ iterv.SetIterValue(iter)
+
+ offset := e.Len()
+ if err := me.kf(e, em, *iterk); err != nil {
+ return err
+ }
+ valueOffset := e.Len()
+ if err := me.ef(e, em, *iterv); err != nil {
+ return err
+ }
+ kvs[i] = keyValue{
+ offset: offset - initial,
+ valueOffset: valueOffset - initial,
+ nextOffset: e.Len() - initial,
+ }
+ }
+
+ return nil
+}
+
+func getEncodeMapFunc(t reflect.Type) encodeFunc {
+ kf, _ := getEncodeFunc(t.Key())
+ ef, _ := getEncodeFunc(t.Elem())
+ if kf == nil || ef == nil {
+ return nil
+ }
+ mkv := &mapKeyValueEncodeFunc{
+ kf: kf,
+ ef: ef,
+ kpool: sync.Pool{
+ New: func() interface{} {
+ rk := reflect.New(t.Key()).Elem()
+ return &rk
+ },
+ },
+ vpool: sync.Pool{
+ New: func() interface{} {
+ rv := reflect.New(t.Elem()).Elem()
+ return &rv
+ },
+ },
+ }
+ return mapEncodeFunc{
+ e: mkv.encodeKeyValues,
+ }.encode
+}
diff --git a/vendor/github.com/fxamacker/cbor/v2/encode_map_go117.go b/vendor/github.com/fxamacker/cbor/v2/encode_map_go117.go
new file mode 100644
index 0000000000..31c39336dd
--- /dev/null
+++ b/vendor/github.com/fxamacker/cbor/v2/encode_map_go117.go
@@ -0,0 +1,60 @@
+// Copyright (c) Faye Amacker. All rights reserved.
+// Licensed under the MIT License. See LICENSE in the project root for license information.
+
+//go:build !go1.20
+
+package cbor
+
+import (
+ "bytes"
+ "reflect"
+)
+
+type mapKeyValueEncodeFunc struct {
+ kf, ef encodeFunc
+}
+
+func (me *mapKeyValueEncodeFunc) encodeKeyValues(e *bytes.Buffer, em *encMode, v reflect.Value, kvs []keyValue) error {
+ if kvs == nil {
+ for i, iter := 0, v.MapRange(); iter.Next(); i++ {
+ if err := me.kf(e, em, iter.Key()); err != nil {
+ return err
+ }
+ if err := me.ef(e, em, iter.Value()); err != nil {
+ return err
+ }
+ }
+ return nil
+ }
+
+ initial := e.Len()
+ for i, iter := 0, v.MapRange(); iter.Next(); i++ {
+ offset := e.Len()
+ if err := me.kf(e, em, iter.Key()); err != nil {
+ return err
+ }
+ valueOffset := e.Len()
+ if err := me.ef(e, em, iter.Value()); err != nil {
+ return err
+ }
+ kvs[i] = keyValue{
+ offset: offset - initial,
+ valueOffset: valueOffset - initial,
+ nextOffset: e.Len() - initial,
+ }
+ }
+
+ return nil
+}
+
+func getEncodeMapFunc(t reflect.Type) encodeFunc {
+ kf, _ := getEncodeFunc(t.Key())
+ ef, _ := getEncodeFunc(t.Elem())
+ if kf == nil || ef == nil {
+ return nil
+ }
+ mkv := &mapKeyValueEncodeFunc{kf: kf, ef: ef}
+ return mapEncodeFunc{
+ e: mkv.encodeKeyValues,
+ }.encode
+}
diff --git a/vendor/github.com/fxamacker/cbor/v2/simplevalue.go b/vendor/github.com/fxamacker/cbor/v2/simplevalue.go
new file mode 100644
index 0000000000..de175cee4a
--- /dev/null
+++ b/vendor/github.com/fxamacker/cbor/v2/simplevalue.go
@@ -0,0 +1,69 @@
+package cbor
+
+import (
+ "errors"
+ "fmt"
+ "reflect"
+)
+
+// SimpleValue represents CBOR simple value.
+// CBOR simple value is:
+// - an extension point like CBOR tag.
+// - a subset of CBOR major type 7 that isn't floating-point.
+// - "identified by a number between 0 and 255, but distinct from that number itself".
+// For example, "a simple value 2 is not equivalent to an integer 2" as a CBOR map key.
+//
+// CBOR simple values identified by 20..23 are: "false", "true" , "null", and "undefined".
+// Other CBOR simple values are currently unassigned/reserved by IANA.
+type SimpleValue uint8
+
+var (
+ typeSimpleValue = reflect.TypeOf(SimpleValue(0))
+)
+
+// MarshalCBOR encodes SimpleValue as CBOR simple value (major type 7).
+func (sv SimpleValue) MarshalCBOR() ([]byte, error) {
+ // RFC 8949 3.3. Floating-Point Numbers and Values with No Content says:
+ // "An encoder MUST NOT issue two-byte sequences that start with 0xf8
+ // (major type 7, additional information 24) and continue with a byte
+ // less than 0x20 (32 decimal). Such sequences are not well-formed.
+ // (This implies that an encoder cannot encode false, true, null, or
+ // undefined in two-byte sequences and that only the one-byte variants
+ // of these are well-formed; more generally speaking, each simple value
+ // only has a single representation variant)."
+
+ switch {
+ case sv <= maxSimpleValueInAdditionalInformation:
+ return []byte{byte(cborTypePrimitives) | byte(sv)}, nil
+
+ case sv >= minSimpleValueIn1ByteArgument:
+ return []byte{byte(cborTypePrimitives) | additionalInformationWith1ByteArgument, byte(sv)}, nil
+
+ default:
+ return nil, &UnsupportedValueError{msg: fmt.Sprintf("SimpleValue(%d)", sv)}
+ }
+}
+
+// UnmarshalCBOR decodes CBOR simple value (major type 7) to SimpleValue.
+func (sv *SimpleValue) UnmarshalCBOR(data []byte) error {
+ if sv == nil {
+ return errors.New("cbor.SimpleValue: UnmarshalCBOR on nil pointer")
+ }
+
+ d := decoder{data: data, dm: defaultDecMode}
+
+ typ, ai, val := d.getHead()
+
+ if typ != cborTypePrimitives {
+ return &UnmarshalTypeError{CBORType: typ.String(), GoType: "SimpleValue"}
+ }
+ if ai > additionalInformationWith1ByteArgument {
+ return &UnmarshalTypeError{CBORType: typ.String(), GoType: "SimpleValue", errorMsg: "not simple values"}
+ }
+
+ // It is safe to cast val to uint8 here because
+ // - data is already verified to be well-formed CBOR simple value and
+ // - val is <= math.MaxUint8.
+ *sv = SimpleValue(val)
+ return nil
+}
diff --git a/vendor/github.com/fxamacker/cbor/v2/stream.go b/vendor/github.com/fxamacker/cbor/v2/stream.go
index 29172b92dc..507ab6c184 100644
--- a/vendor/github.com/fxamacker/cbor/v2/stream.go
+++ b/vendor/github.com/fxamacker/cbor/v2/stream.go
@@ -4,6 +4,7 @@
package cbor
import (
+ "bytes"
"errors"
"io"
"reflect"
@@ -26,26 +27,37 @@ func NewDecoder(r io.Reader) *Decoder {
// Decode reads CBOR value and decodes it into the value pointed to by v.
func (dec *Decoder) Decode(v interface{}) error {
- if len(dec.buf) == dec.off {
- if n, err := dec.read(); n == 0 {
- return err
- }
+ _, err := dec.readNext()
+ if err != nil {
+ // Return validation error or read error.
+ return err
}
dec.d.reset(dec.buf[dec.off:])
- err := dec.d.value(v)
+ err = dec.d.value(v)
+
+ // Increment dec.off even if decoding err is not nil because
+ // dec.d.off points to the next CBOR data item if current
+ // CBOR data item is valid but failed to be decoded into v.
+ // This allows next CBOR data item to be decoded in next
+ // call to this function.
dec.off += dec.d.off
dec.bytesRead += dec.d.off
+
+ return err
+}
+
+// Skip skips to the next CBOR data item (if there is any),
+// otherwise it returns error such as io.EOF, io.UnexpectedEOF, etc.
+func (dec *Decoder) Skip() error {
+ n, err := dec.readNext()
if err != nil {
- if err != io.ErrUnexpectedEOF {
- return err
- }
- // Need to read more data.
- if n, e := dec.read(); n == 0 {
- return e
- }
- return dec.Decode(v)
+ // Return validation error or read error.
+ return err
}
+
+ dec.off += n
+ dec.bytesRead += n
return nil
}
@@ -54,6 +66,71 @@ func (dec *Decoder) NumBytesRead() int {
return dec.bytesRead
}
+// Buffered returns a reader for data remaining in Decoder's buffer.
+// Returned reader is valid until the next call to Decode or Skip.
+func (dec *Decoder) Buffered() io.Reader {
+ return bytes.NewReader(dec.buf[dec.off:])
+}
+
+// readNext() reads next CBOR data item from Reader to buffer.
+// It returns the size of next CBOR data item.
+// It also returns validation error or read error if any.
+func (dec *Decoder) readNext() (int, error) {
+ var readErr error
+ var validErr error
+
+ for {
+ // Process any unread data in dec.buf.
+ if dec.off < len(dec.buf) {
+ dec.d.reset(dec.buf[dec.off:])
+ off := dec.off // Save offset before data validation
+ validErr = dec.d.wellformed(true, false)
+ dec.off = off // Restore offset
+
+ if validErr == nil {
+ return dec.d.off, nil
+ }
+
+ if validErr != io.ErrUnexpectedEOF {
+ return 0, validErr
+ }
+
+ // Process last read error on io.ErrUnexpectedEOF.
+ if readErr != nil {
+ if readErr == io.EOF {
+ // current CBOR data item is incomplete.
+ return 0, io.ErrUnexpectedEOF
+ }
+ return 0, readErr
+ }
+ }
+
+ // More data is needed and there was no read error.
+ var n int
+ for n == 0 {
+ n, readErr = dec.read()
+ if n == 0 && readErr != nil {
+ // No more data can be read and read error is encountered.
+ // At this point, validErr is either nil or io.ErrUnexpectedEOF.
+ if readErr == io.EOF {
+ if validErr == io.ErrUnexpectedEOF {
+ // current CBOR data item is incomplete.
+ return 0, io.ErrUnexpectedEOF
+ }
+ }
+ return 0, readErr
+ }
+ }
+
+ // At this point, dec.buf contains new data from last read (n > 0).
+ }
+}
+
+// read() reads data from Reader to buffer.
+// It returns number of bytes read and any read error encountered.
+// Postconditions:
+// - dec.buf contains previously unread data and new data.
+// - dec.off is 0.
func (dec *Decoder) read() (int, error) {
// Grow buf if needed.
const minRead = 512
@@ -84,7 +161,6 @@ func (dec *Decoder) overwriteBuf(newBuf []byte) {
type Encoder struct {
w io.Writer
em *encMode
- e *encoderBuffer
indefTypes []cborType
}
@@ -111,24 +187,27 @@ func (enc *Encoder) Encode(v interface{}) error {
}
}
- err := encode(enc.e, enc.em, reflect.ValueOf(v))
+ buf := getEncodeBuffer()
+
+ err := encode(buf, enc.em, reflect.ValueOf(v))
if err == nil {
- _, err = enc.e.WriteTo(enc.w)
+ _, err = enc.w.Write(buf.Bytes())
}
- enc.e.Reset()
+
+ putEncodeBuffer(buf)
return err
}
// StartIndefiniteByteString starts byte string encoding of indefinite length.
// Subsequent calls of (*Encoder).Encode() encodes definite length byte strings
-// ("chunks") as one continguous string until EndIndefinite is called.
+// ("chunks") as one contiguous string until EndIndefinite is called.
func (enc *Encoder) StartIndefiniteByteString() error {
return enc.startIndefinite(cborTypeByteString)
}
// StartIndefiniteTextString starts text string encoding of indefinite length.
// Subsequent calls of (*Encoder).Encode() encodes definite length text strings
-// ("chunks") as one continguous string until EndIndefinite is called.
+// ("chunks") as one contiguous string until EndIndefinite is called.
func (enc *Encoder) StartIndefiniteTextString() error {
return enc.startIndefinite(cborTypeTextString)
}
@@ -152,7 +231,7 @@ func (enc *Encoder) EndIndefinite() error {
if len(enc.indefTypes) == 0 {
return errors.New("cbor: cannot encode \"break\" code outside indefinite length values")
}
- _, err := enc.w.Write([]byte{0xff})
+ _, err := enc.w.Write([]byte{cborBreakFlag})
if err == nil {
enc.indefTypes = enc.indefTypes[:len(enc.indefTypes)-1]
}
@@ -160,10 +239,10 @@ func (enc *Encoder) EndIndefinite() error {
}
var cborIndefHeader = map[cborType][]byte{
- cborTypeByteString: {0x5f},
- cborTypeTextString: {0x7f},
- cborTypeArray: {0x9f},
- cborTypeMap: {0xbf},
+ cborTypeByteString: {cborByteStringWithIndefiniteLengthHead},
+ cborTypeTextString: {cborTextStringWithIndefiniteLengthHead},
+ cborTypeArray: {cborArrayWithIndefiniteLengthHead},
+ cborTypeMap: {cborMapWithIndefiniteLengthHead},
}
func (enc *Encoder) startIndefinite(typ cborType) error {
@@ -193,7 +272,6 @@ func (m *RawMessage) UnmarshalCBOR(data []byte) error {
if m == nil {
return errors.New("cbor.RawMessage: UnmarshalCBOR on nil pointer")
}
- *m = make([]byte, len(data))
- copy(*m, data)
+ *m = append((*m)[0:0], data...)
return nil
}
diff --git a/vendor/github.com/fxamacker/cbor/v2/structfields.go b/vendor/github.com/fxamacker/cbor/v2/structfields.go
index 7c5974f38a..81228acf0f 100644
--- a/vendor/github.com/fxamacker/cbor/v2/structfields.go
+++ b/vendor/github.com/fxamacker/cbor/v2/structfields.go
@@ -10,17 +10,18 @@ import (
)
type field struct {
- name string
- nameAsInt int64 // used to decoder to match field name with CBOR int
- cborName []byte
- idx []int
- typ reflect.Type
- ef encodeFunc
- ief isEmptyFunc
- typInfo *typeInfo // used to decoder to reuse type info
- tagged bool // used to choose dominant field (at the same level tagged fields dominate untagged fields)
- omitEmpty bool // used to skip empty field
- keyAsInt bool // used to encode/decode field name as int
+ name string
+ nameAsInt int64 // used to decoder to match field name with CBOR int
+ cborName []byte
+ cborNameByteString []byte // major type 2 name encoding iff cborName has major type 3
+ idx []int
+ typ reflect.Type
+ ef encodeFunc
+ ief isEmptyFunc
+ typInfo *typeInfo // used to decoder to reuse type info
+ tagged bool // used to choose dominant field (at the same level tagged fields dominate untagged fields)
+ omitEmpty bool // used to skip empty field
+ keyAsInt bool // used to encode/decode field name as int
}
type fields []*field
@@ -129,7 +130,7 @@ func getFields(t reflect.Type) (flds fields, structOptions string) {
}
// Skip fields with the same field name.
- for i++; i < len(flds) && name == flds[i].name; i++ {
+ for i++; i < len(flds) && name == flds[i].name; i++ { //nolint:revive
}
}
if j != len(flds) {
@@ -143,7 +144,15 @@ func getFields(t reflect.Type) (flds fields, structOptions string) {
}
// appendFields appends type t's exportable fields to flds and anonymous struct fields to nTypes .
-func appendFields(t reflect.Type, idx []int, flds fields, nTypes map[reflect.Type][][]int) (fields, map[reflect.Type][][]int) {
+func appendFields(
+ t reflect.Type,
+ idx []int,
+ flds fields,
+ nTypes map[reflect.Type][][]int,
+) (
+ _flds fields,
+ _nTypes map[reflect.Type][][]int,
+) {
for i := 0; i < t.NumField(); i++ {
f := t.Field(i)
@@ -164,12 +173,12 @@ func appendFields(t reflect.Type, idx []int, flds fields, nTypes map[reflect.Typ
continue
}
- tagged := len(tag) > 0
+ tagged := tag != ""
// Parse field tag options
var tagFieldName string
var omitempty, keyasint bool
- for j := 0; len(tag) > 0; j++ {
+ for j := 0; tag != ""; j++ {
var token string
idx := strings.IndexByte(tag, ',')
if idx == -1 {
@@ -198,7 +207,7 @@ func appendFields(t reflect.Type, idx []int, flds fields, nTypes map[reflect.Typ
copy(fIdx, idx)
fIdx[len(fIdx)-1] = i
- if !f.Anonymous || ft.Kind() != reflect.Struct || len(tagFieldName) > 0 {
+ if !f.Anonymous || ft.Kind() != reflect.Struct || tagFieldName != "" {
flds = append(flds, &field{
name: fieldName,
idx: fIdx,
@@ -220,7 +229,7 @@ func appendFields(t reflect.Type, idx []int, flds fields, nTypes map[reflect.Typ
// isFieldExportable returns true if f is an exportable (regular or anonymous) field or
// a nonexportable anonymous field of struct type.
// Nonexportable anonymous field of struct type can contain exportable fields.
-func isFieldExportable(f reflect.StructField, fk reflect.Kind) bool {
+func isFieldExportable(f reflect.StructField, fk reflect.Kind) bool { //nolint:gocritic // ignore hugeParam
exportable := f.PkgPath == ""
return exportable || (f.Anonymous && fk == reflect.Struct)
}
diff --git a/vendor/github.com/fxamacker/cbor/v2/tag.go b/vendor/github.com/fxamacker/cbor/v2/tag.go
index 5205aa66c3..5c4d2b7a42 100644
--- a/vendor/github.com/fxamacker/cbor/v2/tag.go
+++ b/vendor/github.com/fxamacker/cbor/v2/tag.go
@@ -7,7 +7,9 @@ import (
"sync"
)
-// Tag represents CBOR tag data, including tag number and unmarshaled tag content.
+// Tag represents CBOR tag data, including tag number and unmarshaled tag content. Marshaling and
+// unmarshaling of tag content is subject to any encode and decode options that would apply to
+// enclosed data item if it were to appear outside of a tag.
type Tag struct {
Number uint64
Content interface{}
@@ -56,7 +58,7 @@ func (t RawTag) MarshalCBOR() ([]byte, error) {
return b, nil
}
- e := getEncoderBuffer()
+ e := getEncodeBuffer()
encodeHead(e, byte(cborTypeTag), t.Number)
@@ -69,7 +71,7 @@ func (t RawTag) MarshalCBOR() ([]byte, error) {
n := copy(buf, e.Bytes())
copy(buf[n:], content)
- putEncoderBuffer(e)
+ putEncodeBuffer(e)
return buf, nil
}
@@ -90,7 +92,7 @@ const (
)
func (dtm DecTagMode) valid() bool {
- return dtm < maxDecTagMode
+ return dtm >= 0 && dtm < maxDecTagMode
}
// EncTagMode specifies how encoder handles tag number.
@@ -107,7 +109,7 @@ const (
)
func (etm EncTagMode) valid() bool {
- return etm < maxEncTagMode
+ return etm >= 0 && etm < maxEncTagMode
}
// TagOptions specifies how encoder and decoder handle tag number.
@@ -261,7 +263,7 @@ func newTagItem(opts TagOptions, contentType reflect.Type, num uint64, nestedNum
if num == 2 || num == 3 {
return nil, errors.New("cbor: cannot add tag number 2 or 3 to TagSet, it's built-in and supported automatically")
}
- if num == selfDescribedCBORTagNum {
+ if num == tagNumSelfDescribedCBOR {
return nil, errors.New("cbor: cannot add tag number 55799 to TagSet, it's built-in and ignored automatically")
}
@@ -269,13 +271,13 @@ func newTagItem(opts TagOptions, contentType reflect.Type, num uint64, nestedNum
te.num = append(te.num, nestedNum...)
// Cache encoded tag numbers
- e := getEncoderBuffer()
+ e := getEncodeBuffer()
for _, n := range te.num {
encodeHead(e, byte(cborTypeTag), n)
}
te.cborTagNum = make([]byte, e.Len())
copy(te.cborTagNum, e.Bytes())
- putEncoderBuffer(e)
+ putEncodeBuffer(e)
return &te, nil
}
diff --git a/vendor/github.com/fxamacker/cbor/v2/valid.go b/vendor/github.com/fxamacker/cbor/v2/valid.go
index f775afb0ea..b40793b95e 100644
--- a/vendor/github.com/fxamacker/cbor/v2/valid.go
+++ b/vendor/github.com/fxamacker/cbor/v2/valid.go
@@ -7,7 +7,10 @@ import (
"encoding/binary"
"errors"
"io"
+ "math"
"strconv"
+
+ "github.com/x448/float16"
)
// SyntaxError is a description of a CBOR syntax error.
@@ -68,29 +71,47 @@ func (e *TagsMdError) Error() string {
return "cbor: CBOR tag isn't allowed"
}
-// valid checks whether the CBOR data is complete and well-formed.
-func (d *decoder) valid() error {
+// ExtraneousDataError indicates found extraneous data following well-formed CBOR data item.
+type ExtraneousDataError struct {
+ numOfBytes int // number of bytes of extraneous data
+ index int // location of extraneous data
+}
+
+func (e *ExtraneousDataError) Error() string {
+ return "cbor: " + strconv.Itoa(e.numOfBytes) + " bytes of extraneous data starting at index " + strconv.Itoa(e.index)
+}
+
+// wellformed checks whether the CBOR data item is well-formed.
+// allowExtraData indicates if extraneous data is allowed after the CBOR data item.
+// - use allowExtraData = true when using Decoder.Decode()
+// - use allowExtraData = false when using Unmarshal()
+func (d *decoder) wellformed(allowExtraData bool, checkBuiltinTags bool) error {
if len(d.data) == d.off {
return io.EOF
}
- _, err := d.validInternal(0)
+ _, err := d.wellformedInternal(0, checkBuiltinTags)
+ if err == nil {
+ if !allowExtraData && d.off != len(d.data) {
+ err = &ExtraneousDataError{len(d.data) - d.off, d.off}
+ }
+ }
return err
}
-// validInternal checks data's well-formedness and returns max depth and error.
-func (d *decoder) validInternal(depth int) (int, error) {
- t, ai, val, err := d.validHead()
+// wellformedInternal checks data's well-formedness and returns max depth and error.
+func (d *decoder) wellformedInternal(depth int, checkBuiltinTags bool) (int, error) { //nolint:gocyclo
+ t, _, val, indefiniteLength, err := d.wellformedHeadWithIndefiniteLengthFlag()
if err != nil {
return 0, err
}
switch t {
case cborTypeByteString, cborTypeTextString:
- if ai == 31 {
+ if indefiniteLength {
if d.dm.indefLength == IndefLengthForbidden {
return 0, &IndefiniteLengthError{t}
}
- return d.validIndefiniteString(t, depth)
+ return d.wellformedIndefiniteString(t, depth, checkBuiltinTags)
}
valInt := int(val)
if valInt < 0 {
@@ -101,17 +122,18 @@ func (d *decoder) validInternal(depth int) (int, error) {
return 0, io.ErrUnexpectedEOF
}
d.off += valInt
+
case cborTypeArray, cborTypeMap:
depth++
if depth > d.dm.maxNestedLevels {
return 0, &MaxNestedLevelError{d.dm.maxNestedLevels}
}
- if ai == 31 {
+ if indefiniteLength {
if d.dm.indefLength == IndefLengthForbidden {
return 0, &IndefiniteLengthError{t}
}
- return d.validIndefiniteArrayOrMap(t, depth)
+ return d.wellformedIndefiniteArrayOrMap(t, depth, checkBuiltinTags)
}
valInt := int(val)
@@ -138,7 +160,7 @@ func (d *decoder) validInternal(depth int) (int, error) {
for j := 0; j < count; j++ {
for i := 0; i < valInt; i++ {
var dpt int
- if dpt, err = d.validInternal(depth); err != nil {
+ if dpt, err = d.wellformedInternal(depth, checkBuiltinTags); err != nil {
return 0, err
}
if dpt > maxDepth {
@@ -147,20 +169,35 @@ func (d *decoder) validInternal(depth int) (int, error) {
}
}
depth = maxDepth
+
case cborTypeTag:
if d.dm.tagsMd == TagsForbidden {
return 0, &TagsMdError{}
}
+ tagNum := val
+
// Scan nested tag numbers to avoid recursion.
for {
if len(d.data) == d.off { // Tag number must be followed by tag content.
return 0, io.ErrUnexpectedEOF
}
- if cborType(d.data[d.off]&0xe0) != cborTypeTag {
+ if checkBuiltinTags {
+ err = validBuiltinTag(tagNum, d.data[d.off])
+ if err != nil {
+ return 0, err
+ }
+ }
+ if d.dm.bignumTag == BignumTagForbidden && (tagNum == 2 || tagNum == 3) {
+ return 0, &UnacceptableDataItemError{
+ CBORType: cborTypeTag.String(),
+ Message: "bignum",
+ }
+ }
+ if getType(d.data[d.off]) != cborTypeTag {
break
}
- if _, _, _, err = d.validHead(); err != nil {
+ if _, _, tagNum, err = d.wellformedHead(); err != nil {
return 0, err
}
depth++
@@ -169,39 +206,40 @@ func (d *decoder) validInternal(depth int) (int, error) {
}
}
// Check tag content.
- return d.validInternal(depth)
+ return d.wellformedInternal(depth, checkBuiltinTags)
}
+
return depth, nil
}
-// validIndefiniteString checks indefinite length byte/text string's well-formedness and returns max depth and error.
-func (d *decoder) validIndefiniteString(t cborType, depth int) (int, error) {
+// wellformedIndefiniteString checks indefinite length byte/text string's well-formedness and returns max depth and error.
+func (d *decoder) wellformedIndefiniteString(t cborType, depth int, checkBuiltinTags bool) (int, error) {
var err error
for {
if len(d.data) == d.off {
return 0, io.ErrUnexpectedEOF
}
- if d.data[d.off] == 0xff {
+ if isBreakFlag(d.data[d.off]) {
d.off++
break
}
// Peek ahead to get next type and indefinite length status.
- nt := cborType(d.data[d.off] & 0xe0)
+ nt, ai := parseInitialByte(d.data[d.off])
if t != nt {
return 0, &SyntaxError{"cbor: wrong element type " + nt.String() + " for indefinite-length " + t.String()}
}
- if (d.data[d.off] & 0x1f) == 31 {
+ if additionalInformation(ai).isIndefiniteLength() {
return 0, &SyntaxError{"cbor: indefinite-length " + t.String() + " chunk is not definite-length"}
}
- if depth, err = d.validInternal(depth); err != nil {
+ if depth, err = d.wellformedInternal(depth, checkBuiltinTags); err != nil {
return 0, err
}
}
return depth, nil
}
-// validIndefiniteArrayOrMap checks indefinite length array/map's well-formedness and returns max depth and error.
-func (d *decoder) validIndefiniteArrayOrMap(t cborType, depth int) (int, error) {
+// wellformedIndefiniteArrayOrMap checks indefinite length array/map's well-formedness and returns max depth and error.
+func (d *decoder) wellformedIndefiniteArrayOrMap(t cborType, depth int, checkBuiltinTags bool) (int, error) {
var err error
maxDepth := depth
i := 0
@@ -209,12 +247,12 @@ func (d *decoder) validIndefiniteArrayOrMap(t cborType, depth int) (int, error)
if len(d.data) == d.off {
return 0, io.ErrUnexpectedEOF
}
- if d.data[d.off] == 0xff {
+ if isBreakFlag(d.data[d.off]) {
d.off++
break
}
var dpt int
- if dpt, err = d.validInternal(depth); err != nil {
+ if dpt, err = d.wellformedInternal(depth, checkBuiltinTags); err != nil {
return 0, err
}
if dpt > maxDepth {
@@ -237,22 +275,39 @@ func (d *decoder) validIndefiniteArrayOrMap(t cborType, depth int) (int, error)
return maxDepth, nil
}
-func (d *decoder) validHead() (t cborType, ai byte, val uint64, err error) {
+func (d *decoder) wellformedHeadWithIndefiniteLengthFlag() (
+ t cborType,
+ ai byte,
+ val uint64,
+ indefiniteLength bool,
+ err error,
+) {
+ t, ai, val, err = d.wellformedHead()
+ if err != nil {
+ return
+ }
+ indefiniteLength = additionalInformation(ai).isIndefiniteLength()
+ return
+}
+
+func (d *decoder) wellformedHead() (t cborType, ai byte, val uint64, err error) {
dataLen := len(d.data) - d.off
if dataLen == 0 {
return 0, 0, 0, io.ErrUnexpectedEOF
}
- t = cborType(d.data[d.off] & 0xe0)
- ai = d.data[d.off] & 0x1f
+ t, ai = parseInitialByte(d.data[d.off])
val = uint64(ai)
d.off++
+ dataLen--
- if ai < 24 {
+ if ai <= maxAdditionalInformationWithoutArgument {
return t, ai, val, nil
}
- if ai == 24 {
- if dataLen < 2 {
+
+ if ai == additionalInformationWith1ByteArgument {
+ const argumentSize = 1
+ if dataLen < argumentSize {
return 0, 0, 0, io.ErrUnexpectedEOF
}
val = uint64(d.data[d.off])
@@ -262,39 +317,78 @@ func (d *decoder) validHead() (t cborType, ai byte, val uint64, err error) {
}
return t, ai, val, nil
}
- if ai == 25 {
- if dataLen < 3 {
+
+ if ai == additionalInformationWith2ByteArgument {
+ const argumentSize = 2
+ if dataLen < argumentSize {
return 0, 0, 0, io.ErrUnexpectedEOF
}
- val = uint64(binary.BigEndian.Uint16(d.data[d.off : d.off+2]))
- d.off += 2
+ val = uint64(binary.BigEndian.Uint16(d.data[d.off : d.off+argumentSize]))
+ d.off += argumentSize
+ if t == cborTypePrimitives {
+ if err := d.acceptableFloat(float64(float16.Frombits(uint16(val)).Float32())); err != nil {
+ return 0, 0, 0, err
+ }
+ }
return t, ai, val, nil
}
- if ai == 26 {
- if dataLen < 5 {
+
+ if ai == additionalInformationWith4ByteArgument {
+ const argumentSize = 4
+ if dataLen < argumentSize {
return 0, 0, 0, io.ErrUnexpectedEOF
}
- val = uint64(binary.BigEndian.Uint32(d.data[d.off : d.off+4]))
- d.off += 4
+ val = uint64(binary.BigEndian.Uint32(d.data[d.off : d.off+argumentSize]))
+ d.off += argumentSize
+ if t == cborTypePrimitives {
+ if err := d.acceptableFloat(float64(math.Float32frombits(uint32(val)))); err != nil {
+ return 0, 0, 0, err
+ }
+ }
return t, ai, val, nil
}
- if ai == 27 {
- if dataLen < 9 {
+
+ if ai == additionalInformationWith8ByteArgument {
+ const argumentSize = 8
+ if dataLen < argumentSize {
return 0, 0, 0, io.ErrUnexpectedEOF
}
- val = binary.BigEndian.Uint64(d.data[d.off : d.off+8])
- d.off += 8
+ val = binary.BigEndian.Uint64(d.data[d.off : d.off+argumentSize])
+ d.off += argumentSize
+ if t == cborTypePrimitives {
+ if err := d.acceptableFloat(math.Float64frombits(val)); err != nil {
+ return 0, 0, 0, err
+ }
+ }
return t, ai, val, nil
}
- if ai == 31 {
+
+ if additionalInformation(ai).isIndefiniteLength() {
switch t {
case cborTypePositiveInt, cborTypeNegativeInt, cborTypeTag:
return 0, 0, 0, &SyntaxError{"cbor: invalid additional information " + strconv.Itoa(int(ai)) + " for type " + t.String()}
- case cborTypePrimitives: // 0xff (break code) should not be outside validIndefinite().
+ case cborTypePrimitives: // 0xff (break code) should not be outside wellformedIndefinite().
return 0, 0, 0, &SyntaxError{"cbor: unexpected \"break\" code"}
}
return t, ai, val, nil
}
+
// ai == 28, 29, 30
return 0, 0, 0, &SyntaxError{"cbor: invalid additional information " + strconv.Itoa(int(ai)) + " for type " + t.String()}
}
+
+func (d *decoder) acceptableFloat(f float64) error {
+ switch {
+ case d.dm.nanDec == NaNDecodeForbidden && math.IsNaN(f):
+ return &UnacceptableDataItemError{
+ CBORType: cborTypePrimitives.String(),
+ Message: "floating-point NaN",
+ }
+ case d.dm.infDec == InfDecodeForbidden && math.IsInf(f, 0):
+ return &UnacceptableDataItemError{
+ CBORType: cborTypePrimitives.String(),
+ Message: "floating-point infinity",
+ }
+ }
+ return nil
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/function/func.go b/vendor/github.com/google/go-cmp/cmp/internal/function/func.go
index d127d43623..def01a6be3 100644
--- a/vendor/github.com/google/go-cmp/cmp/internal/function/func.go
+++ b/vendor/github.com/google/go-cmp/cmp/internal/function/func.go
@@ -19,6 +19,7 @@ const (
tbFunc // func(T) bool
ttbFunc // func(T, T) bool
+ ttiFunc // func(T, T) int
trbFunc // func(T, R) bool
tibFunc // func(T, I) bool
trFunc // func(T) R
@@ -28,11 +29,13 @@ const (
Transformer = trFunc // func(T) R
ValueFilter = ttbFunc // func(T, T) bool
Less = ttbFunc // func(T, T) bool
+ Compare = ttiFunc // func(T, T) int
ValuePredicate = tbFunc // func(T) bool
KeyValuePredicate = trbFunc // func(T, R) bool
)
var boolType = reflect.TypeOf(true)
+var intType = reflect.TypeOf(0)
// IsType reports whether the reflect.Type is of the specified function type.
func IsType(t reflect.Type, ft funcType) bool {
@@ -49,6 +52,10 @@ func IsType(t reflect.Type, ft funcType) bool {
if ni == 2 && no == 1 && t.In(0) == t.In(1) && t.Out(0) == boolType {
return true
}
+ case ttiFunc: // func(T, T) int
+ if ni == 2 && no == 1 && t.In(0) == t.In(1) && t.Out(0) == intType {
+ return true
+ }
case trbFunc: // func(T, R) bool
if ni == 2 && no == 1 && t.Out(0) == boolType {
return true
diff --git a/vendor/github.com/google/go-cmp/cmp/options.go b/vendor/github.com/google/go-cmp/cmp/options.go
index 754496f3b3..ba3fce81ff 100644
--- a/vendor/github.com/google/go-cmp/cmp/options.go
+++ b/vendor/github.com/google/go-cmp/cmp/options.go
@@ -232,7 +232,15 @@ func (validator) apply(s *state, vx, vy reflect.Value) {
if t := s.curPath.Index(-2).Type(); t.Name() != "" {
// Named type with unexported fields.
name = fmt.Sprintf("%q.%v", t.PkgPath(), t.Name()) // e.g., "path/to/package".MyType
- if _, ok := reflect.New(t).Interface().(error); ok {
+ isProtoMessage := func(t reflect.Type) bool {
+ m, ok := reflect.PointerTo(t).MethodByName("ProtoReflect")
+ return ok && m.Type.NumIn() == 1 && m.Type.NumOut() == 1 &&
+ m.Type.Out(0).PkgPath() == "google.golang.org/protobuf/reflect/protoreflect" &&
+ m.Type.Out(0).Name() == "Message"
+ }
+ if isProtoMessage(t) {
+ help = `consider using "google.golang.org/protobuf/testing/protocmp".Transform to compare proto.Message types`
+ } else if _, ok := reflect.New(t).Interface().(error); ok {
help = "consider using cmpopts.EquateErrors to compare error values"
} else if t.Comparable() {
help = "consider using cmpopts.EquateComparable to compare comparable Go types"
diff --git a/vendor/github.com/klauspost/compress/.goreleaser.yml b/vendor/github.com/klauspost/compress/.goreleaser.yml
index a22953805c..4528059ca6 100644
--- a/vendor/github.com/klauspost/compress/.goreleaser.yml
+++ b/vendor/github.com/klauspost/compress/.goreleaser.yml
@@ -1,5 +1,5 @@
-# This is an example goreleaser.yaml file with some sane defaults.
-# Make sure to check the documentation at http://goreleaser.com
+version: 2
+
before:
hooks:
- ./gen.sh
@@ -99,7 +99,7 @@ archives:
checksum:
name_template: 'checksums.txt'
snapshot:
- name_template: "{{ .Tag }}-next"
+ version_template: "{{ .Tag }}-next"
changelog:
sort: asc
filters:
diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md
index 05c7359e48..244ee19c4b 100644
--- a/vendor/github.com/klauspost/compress/README.md
+++ b/vendor/github.com/klauspost/compress/README.md
@@ -14,8 +14,55 @@ This package provides various compression algorithms.
[](https://github.com/klauspost/compress/actions/workflows/go.yml)
[](https://sourcegraph.com/github.com/klauspost/compress?badge)
+# package usage
+
+Use `go get github.com/klauspost/compress@latest` to add it to your project.
+
+This package will support the current Go version and 2 versions back.
+
+* Use the `nounsafe` tag to disable all use of the "unsafe" package.
+* Use the `noasm` tag to disable all assembly across packages.
+
+Use the links above for more information on each.
+
# changelog
+* Feb 19th, 2025 - [1.18.0](https://github.com/klauspost/compress/releases/tag/v1.18.0)
+ * Add unsafe little endian loaders https://github.com/klauspost/compress/pull/1036
+ * fix: check `r.err != nil` but return a nil value error `err` by @alingse in https://github.com/klauspost/compress/pull/1028
+ * flate: Simplify L4-6 loading https://github.com/klauspost/compress/pull/1043
+ * flate: Simplify matchlen (remove asm) https://github.com/klauspost/compress/pull/1045
+ * s2: Improve small block compression speed w/o asm https://github.com/klauspost/compress/pull/1048
+ * flate: Fix matchlen L5+L6 https://github.com/klauspost/compress/pull/1049
+ * flate: Cleanup & reduce casts https://github.com/klauspost/compress/pull/1050
+
+* Oct 11th, 2024 - [1.17.11](https://github.com/klauspost/compress/releases/tag/v1.17.11)
+ * zstd: Fix extra CRC written with multiple Close calls https://github.com/klauspost/compress/pull/1017
+ * s2: Don't use stack for index tables https://github.com/klauspost/compress/pull/1014
+ * gzhttp: No content-type on no body response code by @juliens in https://github.com/klauspost/compress/pull/1011
+ * gzhttp: Do not set the content-type when response has no body by @kevinpollet in https://github.com/klauspost/compress/pull/1013
+
+* Sep 23rd, 2024 - [1.17.10](https://github.com/klauspost/compress/releases/tag/v1.17.10)
+ * gzhttp: Add TransportAlwaysDecompress option. https://github.com/klauspost/compress/pull/978
+ * gzhttp: Add supported decompress request body by @mirecl in https://github.com/klauspost/compress/pull/1002
+ * s2: Add EncodeBuffer buffer recycling callback https://github.com/klauspost/compress/pull/982
+ * zstd: Improve memory usage on small streaming encodes https://github.com/klauspost/compress/pull/1007
+ * flate: read data written with partial flush by @vajexal in https://github.com/klauspost/compress/pull/996
+
+* Jun 12th, 2024 - [1.17.9](https://github.com/klauspost/compress/releases/tag/v1.17.9)
+ * s2: Reduce ReadFrom temporary allocations https://github.com/klauspost/compress/pull/949
+ * flate, zstd: Shave some bytes off amd64 matchLen by @greatroar in https://github.com/klauspost/compress/pull/963
+ * Upgrade zip/zlib to 1.22.4 upstream https://github.com/klauspost/compress/pull/970 https://github.com/klauspost/compress/pull/971
+ * zstd: BuildDict fails with RLE table https://github.com/klauspost/compress/pull/951
+
+* Apr 9th, 2024 - [1.17.8](https://github.com/klauspost/compress/releases/tag/v1.17.8)
+ * zstd: Reject blocks where reserved values are not 0 https://github.com/klauspost/compress/pull/885
+ * zstd: Add RLE detection+encoding https://github.com/klauspost/compress/pull/938
+
+* Feb 21st, 2024 - [1.17.7](https://github.com/klauspost/compress/releases/tag/v1.17.7)
+ * s2: Add AsyncFlush method: Complete the block without flushing by @Jille in https://github.com/klauspost/compress/pull/927
+ * s2: Fix literal+repeat exceeds dst crash https://github.com/klauspost/compress/pull/930
+
* Feb 5th, 2024 - [1.17.6](https://github.com/klauspost/compress/releases/tag/v1.17.6)
* zstd: Fix incorrect repeat coding in best mode https://github.com/klauspost/compress/pull/923
* s2: Fix DecodeConcurrent deadlock on errors https://github.com/klauspost/compress/pull/925
@@ -44,9 +91,9 @@ https://github.com/klauspost/compress/pull/919 https://github.com/klauspost/comp
* zstd: Fix rare *CORRUPTION* output in "best" mode. See https://github.com/klauspost/compress/pull/876
* Oct 14th, 2023 - [v1.17.1](https://github.com/klauspost/compress/releases/tag/v1.17.1)
- * s2: Fix S2 "best" dictionary wrong encoding by @klauspost in https://github.com/klauspost/compress/pull/871
+ * s2: Fix S2 "best" dictionary wrong encoding https://github.com/klauspost/compress/pull/871
* flate: Reduce allocations in decompressor and minor code improvements by @fakefloordiv in https://github.com/klauspost/compress/pull/869
- * s2: Fix EstimateBlockSize on 6&7 length input by @klauspost in https://github.com/klauspost/compress/pull/867
+ * s2: Fix EstimateBlockSize on 6&7 length input https://github.com/klauspost/compress/pull/867
* Sept 19th, 2023 - [v1.17.0](https://github.com/klauspost/compress/releases/tag/v1.17.0)
* Add experimental dictionary builder https://github.com/klauspost/compress/pull/853
@@ -81,7 +128,7 @@ https://github.com/klauspost/compress/pull/919 https://github.com/klauspost/comp
* zstd: Various minor improvements by @greatroar in https://github.com/klauspost/compress/pull/788 https://github.com/klauspost/compress/pull/794 https://github.com/klauspost/compress/pull/795
* s2: Fix huge block overflow https://github.com/klauspost/compress/pull/779
* s2: Allow CustomEncoder fallback https://github.com/klauspost/compress/pull/780
- * gzhttp: Suppport ResponseWriter Unwrap() in gzhttp handler by @jgimenez in https://github.com/klauspost/compress/pull/799
+ * gzhttp: Support ResponseWriter Unwrap() in gzhttp handler by @jgimenez in https://github.com/klauspost/compress/pull/799
* Mar 13, 2023 - [v1.16.1](https://github.com/klauspost/compress/releases/tag/v1.16.1)
* zstd: Speed up + improve best encoder by @greatroar in https://github.com/klauspost/compress/pull/776
@@ -103,7 +150,7 @@ https://github.com/klauspost/compress/pull/919 https://github.com/klauspost/comp
See changes to v1.15.x
* Jan 21st, 2023 (v1.15.15)
- * deflate: Improve level 7-9 by @klauspost in https://github.com/klauspost/compress/pull/739
+ * deflate: Improve level 7-9 https://github.com/klauspost/compress/pull/739
* zstd: Add delta encoding support by @greatroar in https://github.com/klauspost/compress/pull/728
* zstd: Various speed improvements by @greatroar https://github.com/klauspost/compress/pull/741 https://github.com/klauspost/compress/pull/734 https://github.com/klauspost/compress/pull/736 https://github.com/klauspost/compress/pull/744 https://github.com/klauspost/compress/pull/743 https://github.com/klauspost/compress/pull/745
* gzhttp: Add SuffixETag() and DropETag() options to prevent ETag collisions on compressed responses by @willbicks in https://github.com/klauspost/compress/pull/740
@@ -136,7 +183,7 @@ https://github.com/klauspost/compress/pull/919 https://github.com/klauspost/comp
* zstd: Add [WithDecodeAllCapLimit](https://pkg.go.dev/github.com/klauspost/compress@v1.15.10/zstd#WithDecodeAllCapLimit) https://github.com/klauspost/compress/pull/649
* Add Go 1.19 - deprecate Go 1.16 https://github.com/klauspost/compress/pull/651
* flate: Improve level 5+6 compression https://github.com/klauspost/compress/pull/656
- * zstd: Improve "better" compresssion https://github.com/klauspost/compress/pull/657
+ * zstd: Improve "better" compression https://github.com/klauspost/compress/pull/657
* s2: Improve "best" compression https://github.com/klauspost/compress/pull/658
* s2: Improve "better" compression. https://github.com/klauspost/compress/pull/635
* s2: Slightly faster non-assembly decompression https://github.com/klauspost/compress/pull/646
@@ -146,7 +193,7 @@ https://github.com/klauspost/compress/pull/919 https://github.com/klauspost/comp
* zstd: Fix decoder crash on amd64 (no BMI) on invalid input https://github.com/klauspost/compress/pull/645
* zstd: Disable decoder extended memory copies (amd64) due to possible crashes https://github.com/klauspost/compress/pull/644
- * zstd: Allow single segments up to "max decoded size" by @klauspost in https://github.com/klauspost/compress/pull/643
+ * zstd: Allow single segments up to "max decoded size" https://github.com/klauspost/compress/pull/643
* July 13, 2022 (v1.15.8)
@@ -188,7 +235,7 @@ https://github.com/klauspost/compress/pull/919 https://github.com/klauspost/comp
* zstd: Speed up when WithDecoderLowmem(false) https://github.com/klauspost/compress/pull/599
* zstd: faster next state update in BMI2 version of decode by @WojciechMula in https://github.com/klauspost/compress/pull/593
* huff0: Do not check max size when reading table. https://github.com/klauspost/compress/pull/586
- * flate: Inplace hashing for level 7-9 by @klauspost in https://github.com/klauspost/compress/pull/590
+ * flate: Inplace hashing for level 7-9 https://github.com/klauspost/compress/pull/590
* May 11, 2022 (v1.15.4)
@@ -215,12 +262,12 @@ https://github.com/klauspost/compress/pull/919 https://github.com/klauspost/comp
* zstd: Add stricter block size checks in [#523](https://github.com/klauspost/compress/pull/523)
* Mar 3, 2022 (v1.15.0)
- * zstd: Refactor decoder by @klauspost in [#498](https://github.com/klauspost/compress/pull/498)
- * zstd: Add stream encoding without goroutines by @klauspost in [#505](https://github.com/klauspost/compress/pull/505)
+ * zstd: Refactor decoder [#498](https://github.com/klauspost/compress/pull/498)
+ * zstd: Add stream encoding without goroutines [#505](https://github.com/klauspost/compress/pull/505)
* huff0: Prevent single blocks exceeding 16 bits by @klauspost in[#507](https://github.com/klauspost/compress/pull/507)
- * flate: Inline literal emission by @klauspost in [#509](https://github.com/klauspost/compress/pull/509)
- * gzhttp: Add zstd to transport by @klauspost in [#400](https://github.com/klauspost/compress/pull/400)
- * gzhttp: Make content-type optional by @klauspost in [#510](https://github.com/klauspost/compress/pull/510)
+ * flate: Inline literal emission [#509](https://github.com/klauspost/compress/pull/509)
+ * gzhttp: Add zstd to transport [#400](https://github.com/klauspost/compress/pull/400)
+ * gzhttp: Make content-type optional [#510](https://github.com/klauspost/compress/pull/510)
Both compression and decompression now supports "synchronous" stream operations. This means that whenever "concurrency" is set to 1, they will operate without spawning goroutines.
@@ -237,7 +284,7 @@ While the release has been extensively tested, it is recommended to testing when
* flate: Fix rare huffman only (-2) corruption. [#503](https://github.com/klauspost/compress/pull/503)
* zip: Update deprecated CreateHeaderRaw to correctly call CreateRaw by @saracen in [#502](https://github.com/klauspost/compress/pull/502)
* zip: don't read data descriptor early by @saracen in [#501](https://github.com/klauspost/compress/pull/501) #501
- * huff0: Use static decompression buffer up to 30% faster by @klauspost in [#499](https://github.com/klauspost/compress/pull/499) [#500](https://github.com/klauspost/compress/pull/500)
+ * huff0: Use static decompression buffer up to 30% faster [#499](https://github.com/klauspost/compress/pull/499) [#500](https://github.com/klauspost/compress/pull/500)
* Feb 17, 2022 (v1.14.3)
* flate: Improve fastest levels compression speed ~10% more throughput. [#482](https://github.com/klauspost/compress/pull/482) [#489](https://github.com/klauspost/compress/pull/489) [#490](https://github.com/klauspost/compress/pull/490) [#491](https://github.com/klauspost/compress/pull/491) [#494](https://github.com/klauspost/compress/pull/494) [#478](https://github.com/klauspost/compress/pull/478)
@@ -339,7 +386,7 @@ While the release has been extensively tested, it is recommended to testing when
* s2: Fix binaries.
* Feb 25, 2021 (v1.11.8)
- * s2: Fixed occational out-of-bounds write on amd64. Upgrade recommended.
+ * s2: Fixed occasional out-of-bounds write on amd64. Upgrade recommended.
* s2: Add AMD64 assembly for better mode. 25-50% faster. [#315](https://github.com/klauspost/compress/pull/315)
* s2: Less upfront decoder allocation. [#322](https://github.com/klauspost/compress/pull/322)
* zstd: Faster "compression" of incompressible data. [#314](https://github.com/klauspost/compress/pull/314)
@@ -518,7 +565,7 @@ While the release has been extensively tested, it is recommended to testing when
* Feb 19, 2016: Faster bit writer, level -2 is 15% faster, level 1 is 4% faster.
* Feb 19, 2016: Handle small payloads faster in level 1-3.
* Feb 19, 2016: Added faster level 2 + 3 compression modes.
-* Feb 19, 2016: [Rebalanced compression levels](https://blog.klauspost.com/rebalancing-deflate-compression-levels/), so there is a more even progresssion in terms of compression. New default level is 5.
+* Feb 19, 2016: [Rebalanced compression levels](https://blog.klauspost.com/rebalancing-deflate-compression-levels/), so there is a more even progression in terms of compression. New default level is 5.
* Feb 14, 2016: Snappy: Merge upstream changes.
* Feb 14, 2016: Snappy: Fix aggressive skipping.
* Feb 14, 2016: Snappy: Update benchmark.
@@ -544,12 +591,14 @@ While the release has been extensively tested, it is recommended to testing when
The packages are drop-in replacements for standard libraries. Simply replace the import path to use them:
-| old import | new import | Documentation
-|--------------------|-----------------------------------------|--------------------|
-| `compress/gzip` | `github.com/klauspost/compress/gzip` | [gzip](https://pkg.go.dev/github.com/klauspost/compress/gzip?tab=doc)
-| `compress/zlib` | `github.com/klauspost/compress/zlib` | [zlib](https://pkg.go.dev/github.com/klauspost/compress/zlib?tab=doc)
-| `archive/zip` | `github.com/klauspost/compress/zip` | [zip](https://pkg.go.dev/github.com/klauspost/compress/zip?tab=doc)
-| `compress/flate` | `github.com/klauspost/compress/flate` | [flate](https://pkg.go.dev/github.com/klauspost/compress/flate?tab=doc)
+Typical speed is about 2x of the standard library packages.
+
+| old import | new import | Documentation |
+|------------------|---------------------------------------|-------------------------------------------------------------------------|
+| `compress/gzip` | `github.com/klauspost/compress/gzip` | [gzip](https://pkg.go.dev/github.com/klauspost/compress/gzip?tab=doc) |
+| `compress/zlib` | `github.com/klauspost/compress/zlib` | [zlib](https://pkg.go.dev/github.com/klauspost/compress/zlib?tab=doc) |
+| `archive/zip` | `github.com/klauspost/compress/zip` | [zip](https://pkg.go.dev/github.com/klauspost/compress/zip?tab=doc) |
+| `compress/flate` | `github.com/klauspost/compress/flate` | [flate](https://pkg.go.dev/github.com/klauspost/compress/flate?tab=doc) |
* Optimized [deflate](https://godoc.org/github.com/klauspost/compress/flate) packages which can be used as a dropin replacement for [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip) and [zlib](https://godoc.org/github.com/klauspost/compress/zlib).
@@ -604,84 +653,6 @@ This will only use up to 4KB in memory when the writer is idle.
Compression is almost always worse than the fastest compression level
and each write will allocate (a little) memory.
-# Performance Update 2018
-
-It has been a while since we have been looking at the speed of this package compared to the standard library, so I thought I would re-do my tests and give some overall recommendations based on the current state. All benchmarks have been performed with Go 1.10 on my Desktop Intel(R) Core(TM) i7-2600 CPU @3.40GHz. Since I last ran the tests, I have gotten more RAM, which means tests with big files are no longer limited by my SSD.
-
-The raw results are in my [updated spreadsheet](https://docs.google.com/spreadsheets/d/1nuNE2nPfuINCZJRMt6wFWhKpToF95I47XjSsc-1rbPQ/edit?usp=sharing). Due to cgo changes and upstream updates i could not get the cgo version of gzip to compile. Instead I included the [zstd](https://github.com/datadog/zstd) cgo implementation. If I get cgo gzip to work again, I might replace the results in the sheet.
-
-The columns to take note of are: *MB/s* - the throughput. *Reduction* - the data size reduction in percent of the original. *Rel Speed* relative speed compared to the standard library at the same level. *Smaller* - how many percent smaller is the compressed output compared to stdlib. Negative means the output was bigger. *Loss* means the loss (or gain) in compression as a percentage difference of the input.
-
-The `gzstd` (standard library gzip) and `gzkp` (this package gzip) only uses one CPU core. [`pgzip`](https://github.com/klauspost/pgzip), [`bgzf`](https://github.com/biogo/hts/tree/master/bgzf) uses all 4 cores. [`zstd`](https://github.com/DataDog/zstd) uses one core, and is a beast (but not Go, yet).
-
-
-## Overall differences.
-
-There appears to be a roughly 5-10% speed advantage over the standard library when comparing at similar compression levels.
-
-The biggest difference you will see is the result of [re-balancing](https://blog.klauspost.com/rebalancing-deflate-compression-levels/) the compression levels. I wanted by library to give a smoother transition between the compression levels than the standard library.
-
-This package attempts to provide a more smooth transition, where "1" is taking a lot of shortcuts, "5" is the reasonable trade-off and "9" is the "give me the best compression", and the values in between gives something reasonable in between. The standard library has big differences in levels 1-4, but levels 5-9 having no significant gains - often spending a lot more time than can be justified by the achieved compression.
-
-There are links to all the test data in the [spreadsheet](https://docs.google.com/spreadsheets/d/1nuNE2nPfuINCZJRMt6wFWhKpToF95I47XjSsc-1rbPQ/edit?usp=sharing) in the top left field on each tab.
-
-## Web Content
-
-This test set aims to emulate typical use in a web server. The test-set is 4GB data in 53k files, and is a mixture of (mostly) HTML, JS, CSS.
-
-Since level 1 and 9 are close to being the same code, they are quite close. But looking at the levels in-between the differences are quite big.
-
-Looking at level 6, this package is 88% faster, but will output about 6% more data. For a web server, this means you can serve 88% more data, but have to pay for 6% more bandwidth. You can draw your own conclusions on what would be the most expensive for your case.
-
-## Object files
-
-This test is for typical data files stored on a server. In this case it is a collection of Go precompiled objects. They are very compressible.
-
-The picture is similar to the web content, but with small differences since this is very compressible. Levels 2-3 offer good speed, but is sacrificing quite a bit of compression.
-
-The standard library seems suboptimal on level 3 and 4 - offering both worse compression and speed than level 6 & 7 of this package respectively.
-
-## Highly Compressible File
-
-This is a JSON file with very high redundancy. The reduction starts at 95% on level 1, so in real life terms we are dealing with something like a highly redundant stream of data, etc.
-
-It is definitely visible that we are dealing with specialized content here, so the results are very scattered. This package does not do very well at levels 1-4, but picks up significantly at level 5 and levels 7 and 8 offering great speed for the achieved compression.
-
-So if you know you content is extremely compressible you might want to go slightly higher than the defaults. The standard library has a huge gap between levels 3 and 4 in terms of speed (2.75x slowdown), so it offers little "middle ground".
-
-## Medium-High Compressible
-
-This is a pretty common test corpus: [enwik9](http://mattmahoney.net/dc/textdata.html). It contains the first 10^9 bytes of the English Wikipedia dump on Mar. 3, 2006. This is a very good test of typical text based compression and more data heavy streams.
-
-We see a similar picture here as in "Web Content". On equal levels some compression is sacrificed for more speed. Level 5 seems to be the best trade-off between speed and size, beating stdlib level 3 in both.
-
-## Medium Compressible
-
-I will combine two test sets, one [10GB file set](http://mattmahoney.net/dc/10gb.html) and a VM disk image (~8GB). Both contain different data types and represent a typical backup scenario.
-
-The most notable thing is how quickly the standard library drops to very low compression speeds around level 5-6 without any big gains in compression. Since this type of data is fairly common, this does not seem like good behavior.
-
-
-## Un-compressible Content
-
-This is mainly a test of how good the algorithms are at detecting un-compressible input. The standard library only offers this feature with very conservative settings at level 1. Obviously there is no reason for the algorithms to try to compress input that cannot be compressed. The only downside is that it might skip some compressible data on false detections.
-
-
-## Huffman only compression
-
-This compression library adds a special compression level, named `HuffmanOnly`, which allows near linear time compression. This is done by completely disabling matching of previous data, and only reduce the number of bits to represent each character.
-
-This means that often used characters, like 'e' and ' ' (space) in text use the fewest bits to represent, and rare characters like '¤' takes more bits to represent. For more information see [wikipedia](https://en.wikipedia.org/wiki/Huffman_coding) or this nice [video](https://youtu.be/ZdooBTdW5bM).
-
-Since this type of compression has much less variance, the compression speed is mostly unaffected by the input data, and is usually more than *180MB/s* for a single core.
-
-The downside is that the compression ratio is usually considerably worse than even the fastest conventional compression. The compression ratio can never be better than 8:1 (12.5%).
-
-The linear time compression can be used as a "better than nothing" mode, where you cannot risk the encoder to slow down on some content. For comparison, the size of the "Twain" text is *233460 bytes* (+29% vs. level 1) and encode speed is 144MB/s (4.5x level 1). So in this case you trade a 30% size increase for a 4 times speedup.
-
-For more information see my blog post on [Fast Linear Time Compression](http://blog.klauspost.com/constant-time-gzipzip-compression/).
-
-This is implemented on Go 1.7 as "Huffman Only" mode, though not exposed for gzip.
# Other packages
diff --git a/vendor/github.com/klauspost/compress/fse/decompress.go b/vendor/github.com/klauspost/compress/fse/decompress.go
index cc05d0f7ea..0c7dd4ffef 100644
--- a/vendor/github.com/klauspost/compress/fse/decompress.go
+++ b/vendor/github.com/klauspost/compress/fse/decompress.go
@@ -15,7 +15,7 @@ const (
// It is possible, but by no way guaranteed that corrupt data will
// return an error.
// It is up to the caller to verify integrity of the returned data.
-// Use a predefined Scrach to set maximum acceptable output size.
+// Use a predefined Scratch to set maximum acceptable output size.
func Decompress(b []byte, s *Scratch) ([]byte, error) {
s, err := s.prepare(b)
if err != nil {
diff --git a/vendor/github.com/klauspost/compress/huff0/bitreader.go b/vendor/github.com/klauspost/compress/huff0/bitreader.go
index e36d9742f9..bfc7a523de 100644
--- a/vendor/github.com/klauspost/compress/huff0/bitreader.go
+++ b/vendor/github.com/klauspost/compress/huff0/bitreader.go
@@ -6,10 +6,11 @@
package huff0
import (
- "encoding/binary"
"errors"
"fmt"
"io"
+
+ "github.com/klauspost/compress/internal/le"
)
// bitReader reads a bitstream in reverse.
@@ -46,7 +47,7 @@ func (b *bitReaderBytes) init(in []byte) error {
return nil
}
-// peekBitsFast requires that at least one bit is requested every time.
+// peekByteFast requires that at least one byte is requested every time.
// There are no checks if the buffer is filled.
func (b *bitReaderBytes) peekByteFast() uint8 {
got := uint8(b.value >> 56)
@@ -66,8 +67,7 @@ func (b *bitReaderBytes) fillFast() {
}
// 2 bounds checks.
- v := b.in[b.off-4 : b.off]
- low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+ low := le.Load32(b.in, b.off-4)
b.value |= uint64(low) << (b.bitsRead - 32)
b.bitsRead -= 32
b.off -= 4
@@ -76,7 +76,7 @@ func (b *bitReaderBytes) fillFast() {
// fillFastStart() assumes the bitReaderBytes is empty and there is at least 8 bytes to read.
func (b *bitReaderBytes) fillFastStart() {
// Do single re-slice to avoid bounds checks.
- b.value = binary.LittleEndian.Uint64(b.in[b.off-8:])
+ b.value = le.Load64(b.in, b.off-8)
b.bitsRead = 0
b.off -= 8
}
@@ -86,9 +86,8 @@ func (b *bitReaderBytes) fill() {
if b.bitsRead < 32 {
return
}
- if b.off > 4 {
- v := b.in[b.off-4 : b.off]
- low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+ if b.off >= 4 {
+ low := le.Load32(b.in, b.off-4)
b.value |= uint64(low) << (b.bitsRead - 32)
b.bitsRead -= 32
b.off -= 4
@@ -175,9 +174,7 @@ func (b *bitReaderShifted) fillFast() {
return
}
- // 2 bounds checks.
- v := b.in[b.off-4 : b.off]
- low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+ low := le.Load32(b.in, b.off-4)
b.value |= uint64(low) << ((b.bitsRead - 32) & 63)
b.bitsRead -= 32
b.off -= 4
@@ -185,8 +182,7 @@ func (b *bitReaderShifted) fillFast() {
// fillFastStart() assumes the bitReaderShifted is empty and there is at least 8 bytes to read.
func (b *bitReaderShifted) fillFastStart() {
- // Do single re-slice to avoid bounds checks.
- b.value = binary.LittleEndian.Uint64(b.in[b.off-8:])
+ b.value = le.Load64(b.in, b.off-8)
b.bitsRead = 0
b.off -= 8
}
@@ -197,8 +193,7 @@ func (b *bitReaderShifted) fill() {
return
}
if b.off > 4 {
- v := b.in[b.off-4 : b.off]
- low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
+ low := le.Load32(b.in, b.off-4)
b.value |= uint64(low) << ((b.bitsRead - 32) & 63)
b.bitsRead -= 32
b.off -= 4
diff --git a/vendor/github.com/klauspost/compress/huff0/decompress.go b/vendor/github.com/klauspost/compress/huff0/decompress.go
index 54bd08b25c..0f56b02d74 100644
--- a/vendor/github.com/klauspost/compress/huff0/decompress.go
+++ b/vendor/github.com/klauspost/compress/huff0/decompress.go
@@ -1136,7 +1136,7 @@ func (s *Scratch) matches(ct cTable, w io.Writer) {
errs++
}
if errs > 0 {
- fmt.Fprintf(w, "%d errros in base, stopping\n", errs)
+ fmt.Fprintf(w, "%d errors in base, stopping\n", errs)
continue
}
// Ensure that all combinations are covered.
@@ -1152,7 +1152,7 @@ func (s *Scratch) matches(ct cTable, w io.Writer) {
errs++
}
if errs > 20 {
- fmt.Fprintf(w, "%d errros, stopping\n", errs)
+ fmt.Fprintf(w, "%d errors, stopping\n", errs)
break
}
}
diff --git a/vendor/github.com/klauspost/compress/internal/le/le.go b/vendor/github.com/klauspost/compress/internal/le/le.go
new file mode 100644
index 0000000000..e54909e16f
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/internal/le/le.go
@@ -0,0 +1,5 @@
+package le
+
+type Indexer interface {
+ int | int8 | int16 | int32 | int64 | uint | uint8 | uint16 | uint32 | uint64
+}
diff --git a/vendor/github.com/klauspost/compress/internal/le/unsafe_disabled.go b/vendor/github.com/klauspost/compress/internal/le/unsafe_disabled.go
new file mode 100644
index 0000000000..0cfb5c0e27
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/internal/le/unsafe_disabled.go
@@ -0,0 +1,42 @@
+//go:build !(amd64 || arm64 || ppc64le || riscv64) || nounsafe || purego || appengine
+
+package le
+
+import (
+ "encoding/binary"
+)
+
+// Load8 will load from b at index i.
+func Load8[I Indexer](b []byte, i I) byte {
+ return b[i]
+}
+
+// Load16 will load from b at index i.
+func Load16[I Indexer](b []byte, i I) uint16 {
+ return binary.LittleEndian.Uint16(b[i:])
+}
+
+// Load32 will load from b at index i.
+func Load32[I Indexer](b []byte, i I) uint32 {
+ return binary.LittleEndian.Uint32(b[i:])
+}
+
+// Load64 will load from b at index i.
+func Load64[I Indexer](b []byte, i I) uint64 {
+ return binary.LittleEndian.Uint64(b[i:])
+}
+
+// Store16 will store v at b.
+func Store16(b []byte, v uint16) {
+ binary.LittleEndian.PutUint16(b, v)
+}
+
+// Store32 will store v at b.
+func Store32(b []byte, v uint32) {
+ binary.LittleEndian.PutUint32(b, v)
+}
+
+// Store64 will store v at b.
+func Store64(b []byte, v uint64) {
+ binary.LittleEndian.PutUint64(b, v)
+}
diff --git a/vendor/github.com/klauspost/compress/internal/le/unsafe_enabled.go b/vendor/github.com/klauspost/compress/internal/le/unsafe_enabled.go
new file mode 100644
index 0000000000..ada45cd909
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/internal/le/unsafe_enabled.go
@@ -0,0 +1,55 @@
+// We enable 64 bit LE platforms:
+
+//go:build (amd64 || arm64 || ppc64le || riscv64) && !nounsafe && !purego && !appengine
+
+package le
+
+import (
+ "unsafe"
+)
+
+// Load8 will load from b at index i.
+func Load8[I Indexer](b []byte, i I) byte {
+ //return binary.LittleEndian.Uint16(b[i:])
+ //return *(*uint16)(unsafe.Pointer(&b[i]))
+ return *(*byte)(unsafe.Add(unsafe.Pointer(unsafe.SliceData(b)), i))
+}
+
+// Load16 will load from b at index i.
+func Load16[I Indexer](b []byte, i I) uint16 {
+ //return binary.LittleEndian.Uint16(b[i:])
+ //return *(*uint16)(unsafe.Pointer(&b[i]))
+ return *(*uint16)(unsafe.Add(unsafe.Pointer(unsafe.SliceData(b)), i))
+}
+
+// Load32 will load from b at index i.
+func Load32[I Indexer](b []byte, i I) uint32 {
+ //return binary.LittleEndian.Uint32(b[i:])
+ //return *(*uint32)(unsafe.Pointer(&b[i]))
+ return *(*uint32)(unsafe.Add(unsafe.Pointer(unsafe.SliceData(b)), i))
+}
+
+// Load64 will load from b at index i.
+func Load64[I Indexer](b []byte, i I) uint64 {
+ //return binary.LittleEndian.Uint64(b[i:])
+ //return *(*uint64)(unsafe.Pointer(&b[i]))
+ return *(*uint64)(unsafe.Add(unsafe.Pointer(unsafe.SliceData(b)), i))
+}
+
+// Store16 will store v at b.
+func Store16(b []byte, v uint16) {
+ //binary.LittleEndian.PutUint16(b, v)
+ *(*uint16)(unsafe.Pointer(unsafe.SliceData(b))) = v
+}
+
+// Store32 will store v at b.
+func Store32(b []byte, v uint32) {
+ //binary.LittleEndian.PutUint32(b, v)
+ *(*uint32)(unsafe.Pointer(unsafe.SliceData(b))) = v
+}
+
+// Store64 will store v at b.
+func Store64(b []byte, v uint64) {
+ //binary.LittleEndian.PutUint64(b, v)
+ *(*uint64)(unsafe.Pointer(unsafe.SliceData(b))) = v
+}
diff --git a/vendor/github.com/klauspost/compress/s2sx.mod b/vendor/github.com/klauspost/compress/s2sx.mod
index 5a4412f907..81bda5e294 100644
--- a/vendor/github.com/klauspost/compress/s2sx.mod
+++ b/vendor/github.com/klauspost/compress/s2sx.mod
@@ -1,4 +1,3 @@
module github.com/klauspost/compress
-go 1.19
-
+go 1.22
diff --git a/vendor/github.com/klauspost/compress/zstd/README.md b/vendor/github.com/klauspost/compress/zstd/README.md
index 92e2347bbc..c11d7fa28e 100644
--- a/vendor/github.com/klauspost/compress/zstd/README.md
+++ b/vendor/github.com/klauspost/compress/zstd/README.md
@@ -6,7 +6,7 @@ A high performance compression algorithm is implemented. For now focused on spee
This package provides [compression](#Compressor) to and [decompression](#Decompressor) of Zstandard content.
-This package is pure Go and without use of "unsafe".
+This package is pure Go. Use `noasm` and `nounsafe` to disable relevant features.
The `zstd` package is provided as open source software using a Go standard license.
diff --git a/vendor/github.com/klauspost/compress/zstd/bitreader.go b/vendor/github.com/klauspost/compress/zstd/bitreader.go
index 25ca983941..d41e3e1709 100644
--- a/vendor/github.com/klauspost/compress/zstd/bitreader.go
+++ b/vendor/github.com/klauspost/compress/zstd/bitreader.go
@@ -5,11 +5,12 @@
package zstd
import (
- "encoding/binary"
"errors"
"fmt"
"io"
"math/bits"
+
+ "github.com/klauspost/compress/internal/le"
)
// bitReader reads a bitstream in reverse.
@@ -18,6 +19,7 @@ import (
type bitReader struct {
in []byte
value uint64 // Maybe use [16]byte, but shifting is awkward.
+ cursor int // offset where next read should end
bitsRead uint8
}
@@ -32,6 +34,7 @@ func (b *bitReader) init(in []byte) error {
if v == 0 {
return errors.New("corrupt stream, did not find end of stream")
}
+ b.cursor = len(in)
b.bitsRead = 64
b.value = 0
if len(in) >= 8 {
@@ -67,18 +70,15 @@ func (b *bitReader) fillFast() {
if b.bitsRead < 32 {
return
}
- v := b.in[len(b.in)-4:]
- b.in = b.in[:len(b.in)-4]
- low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
- b.value = (b.value << 32) | uint64(low)
+ b.cursor -= 4
+ b.value = (b.value << 32) | uint64(le.Load32(b.in, b.cursor))
b.bitsRead -= 32
}
// fillFastStart() assumes the bitreader is empty and there is at least 8 bytes to read.
func (b *bitReader) fillFastStart() {
- v := b.in[len(b.in)-8:]
- b.in = b.in[:len(b.in)-8]
- b.value = binary.LittleEndian.Uint64(v)
+ b.cursor -= 8
+ b.value = le.Load64(b.in, b.cursor)
b.bitsRead = 0
}
@@ -87,25 +87,23 @@ func (b *bitReader) fill() {
if b.bitsRead < 32 {
return
}
- if len(b.in) >= 4 {
- v := b.in[len(b.in)-4:]
- b.in = b.in[:len(b.in)-4]
- low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
- b.value = (b.value << 32) | uint64(low)
+ if b.cursor >= 4 {
+ b.cursor -= 4
+ b.value = (b.value << 32) | uint64(le.Load32(b.in, b.cursor))
b.bitsRead -= 32
return
}
- b.bitsRead -= uint8(8 * len(b.in))
- for len(b.in) > 0 {
- b.value = (b.value << 8) | uint64(b.in[len(b.in)-1])
- b.in = b.in[:len(b.in)-1]
+ b.bitsRead -= uint8(8 * b.cursor)
+ for b.cursor > 0 {
+ b.cursor -= 1
+ b.value = (b.value << 8) | uint64(b.in[b.cursor])
}
}
// finished returns true if all bits have been read from the bit stream.
func (b *bitReader) finished() bool {
- return len(b.in) == 0 && b.bitsRead >= 64
+ return b.cursor == 0 && b.bitsRead >= 64
}
// overread returns true if more bits have been requested than is on the stream.
@@ -115,13 +113,14 @@ func (b *bitReader) overread() bool {
// remain returns the number of bits remaining.
func (b *bitReader) remain() uint {
- return 8*uint(len(b.in)) + 64 - uint(b.bitsRead)
+ return 8*uint(b.cursor) + 64 - uint(b.bitsRead)
}
// close the bitstream and returns an error if out-of-buffer reads occurred.
func (b *bitReader) close() error {
// Release reference.
b.in = nil
+ b.cursor = 0
if !b.finished() {
return fmt.Errorf("%d extra bits on block, should be 0", b.remain())
}
diff --git a/vendor/github.com/klauspost/compress/zstd/blockdec.go b/vendor/github.com/klauspost/compress/zstd/blockdec.go
index 03744fbc76..0dd742fd2a 100644
--- a/vendor/github.com/klauspost/compress/zstd/blockdec.go
+++ b/vendor/github.com/klauspost/compress/zstd/blockdec.go
@@ -5,14 +5,10 @@
package zstd
import (
- "bytes"
- "encoding/binary"
"errors"
"fmt"
"hash/crc32"
"io"
- "os"
- "path/filepath"
"sync"
"github.com/klauspost/compress/huff0"
@@ -598,7 +594,9 @@ func (b *blockDec) prepareSequences(in []byte, hist *history) (err error) {
printf("RLE set to 0x%x, code: %v", symb, v)
}
case compModeFSE:
- println("Reading table for", tableIndex(i))
+ if debugDecoder {
+ println("Reading table for", tableIndex(i))
+ }
if seq.fse == nil || seq.fse.preDefined {
seq.fse = fseDecoderPool.Get().(*fseDecoder)
}
@@ -646,21 +644,6 @@ func (b *blockDec) prepareSequences(in []byte, hist *history) (err error) {
println("initializing sequences:", err)
return err
}
- // Extract blocks...
- if false && hist.dict == nil {
- fatalErr := func(err error) {
- if err != nil {
- panic(err)
- }
- }
- fn := fmt.Sprintf("n-%d-lits-%d-prev-%d-%d-%d-win-%d.blk", hist.decoders.nSeqs, len(hist.decoders.literals), hist.recentOffsets[0], hist.recentOffsets[1], hist.recentOffsets[2], hist.windowSize)
- var buf bytes.Buffer
- fatalErr(binary.Write(&buf, binary.LittleEndian, hist.decoders.litLengths.fse))
- fatalErr(binary.Write(&buf, binary.LittleEndian, hist.decoders.matchLengths.fse))
- fatalErr(binary.Write(&buf, binary.LittleEndian, hist.decoders.offsets.fse))
- buf.Write(in)
- os.WriteFile(filepath.Join("testdata", "seqs", fn), buf.Bytes(), os.ModePerm)
- }
return nil
}
diff --git a/vendor/github.com/klauspost/compress/zstd/blockenc.go b/vendor/github.com/klauspost/compress/zstd/blockenc.go
index 32a7f401d5..fd35ea1480 100644
--- a/vendor/github.com/klauspost/compress/zstd/blockenc.go
+++ b/vendor/github.com/klauspost/compress/zstd/blockenc.go
@@ -9,6 +9,7 @@ import (
"fmt"
"math"
"math/bits"
+ "slices"
"github.com/klauspost/compress/huff0"
)
@@ -457,16 +458,7 @@ func fuzzFseEncoder(data []byte) int {
// All 0
return 0
}
- maxCount := func(a []uint32) int {
- var max uint32
- for _, v := range a {
- if v > max {
- max = v
- }
- }
- return int(max)
- }
- cnt := maxCount(hist[:maxSym])
+ cnt := int(slices.Max(hist[:maxSym]))
if cnt == len(data) {
// RLE
return 0
@@ -884,15 +876,6 @@ func (b *blockEnc) genCodes() {
}
}
}
- maxCount := func(a []uint32) int {
- var max uint32
- for _, v := range a {
- if v > max {
- max = v
- }
- }
- return int(max)
- }
if debugAsserts && mlMax > maxMatchLengthSymbol {
panic(fmt.Errorf("mlMax > maxMatchLengthSymbol (%d)", mlMax))
}
@@ -903,7 +886,7 @@ func (b *blockEnc) genCodes() {
panic(fmt.Errorf("llMax > maxLiteralLengthSymbol (%d)", llMax))
}
- b.coders.mlEnc.HistogramFinished(mlMax, maxCount(mlH[:mlMax+1]))
- b.coders.ofEnc.HistogramFinished(ofMax, maxCount(ofH[:ofMax+1]))
- b.coders.llEnc.HistogramFinished(llMax, maxCount(llH[:llMax+1]))
+ b.coders.mlEnc.HistogramFinished(mlMax, int(slices.Max(mlH[:mlMax+1])))
+ b.coders.ofEnc.HistogramFinished(ofMax, int(slices.Max(ofH[:ofMax+1])))
+ b.coders.llEnc.HistogramFinished(llMax, int(slices.Max(llH[:llMax+1])))
}
diff --git a/vendor/github.com/klauspost/compress/zstd/decoder.go b/vendor/github.com/klauspost/compress/zstd/decoder.go
index bbca17234a..ea2a19376c 100644
--- a/vendor/github.com/klauspost/compress/zstd/decoder.go
+++ b/vendor/github.com/klauspost/compress/zstd/decoder.go
@@ -123,7 +123,7 @@ func NewReader(r io.Reader, opts ...DOption) (*Decoder, error) {
}
// Read bytes from the decompressed stream into p.
-// Returns the number of bytes written and any error that occurred.
+// Returns the number of bytes read and any error that occurred.
// When the stream is done, io.EOF will be returned.
func (d *Decoder) Read(p []byte) (int, error) {
var n int
@@ -323,6 +323,7 @@ func (d *Decoder) DecodeAll(input, dst []byte) ([]byte, error) {
frame.bBuf = nil
if frame.history.decoders.br != nil {
frame.history.decoders.br.in = nil
+ frame.history.decoders.br.cursor = 0
}
d.decoders <- block
}()
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_base.go b/vendor/github.com/klauspost/compress/zstd/enc_base.go
index 5ca46038ad..7d250c67f5 100644
--- a/vendor/github.com/klauspost/compress/zstd/enc_base.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_base.go
@@ -116,7 +116,7 @@ func (e *fastBase) matchlen(s, t int32, src []byte) int32 {
panic(err)
}
if t < 0 {
- err := fmt.Sprintf("s (%d) < 0", s)
+ err := fmt.Sprintf("t (%d) < 0", t)
panic(err)
}
if s-t > e.maxMatchOff {
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_better.go b/vendor/github.com/klauspost/compress/zstd/enc_better.go
index a4f5bf91fc..84a79fde76 100644
--- a/vendor/github.com/klauspost/compress/zstd/enc_better.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_better.go
@@ -179,9 +179,9 @@ encodeLoop:
if repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>(repOff*8)) {
// Consider history as well.
var seq seq
- lenght := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
+ length := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
- seq.matchLen = uint32(lenght - zstdMinMatch)
+ seq.matchLen = uint32(length - zstdMinMatch)
// We might be able to match backwards.
// Extend as long as we can.
@@ -210,12 +210,12 @@ encodeLoop:
// Index match start+1 (long) -> s - 1
index0 := s + repOff
- s += lenght + repOff
+ s += length + repOff
nextEmit = s
if s >= sLimit {
if debugEncoder {
- println("repeat ended", s, lenght)
+ println("repeat ended", s, length)
}
break encodeLoop
@@ -241,9 +241,9 @@ encodeLoop:
if false && repIndex >= 0 && load6432(src, repIndex) == load6432(src, s+repOff) {
// Consider history as well.
var seq seq
- lenght := 8 + e.matchlen(s+8+repOff2, repIndex+8, src)
+ length := 8 + e.matchlen(s+8+repOff2, repIndex+8, src)
- seq.matchLen = uint32(lenght - zstdMinMatch)
+ seq.matchLen = uint32(length - zstdMinMatch)
// We might be able to match backwards.
// Extend as long as we can.
@@ -270,11 +270,11 @@ encodeLoop:
}
blk.sequences = append(blk.sequences, seq)
- s += lenght + repOff2
+ s += length + repOff2
nextEmit = s
if s >= sLimit {
if debugEncoder {
- println("repeat ended", s, lenght)
+ println("repeat ended", s, length)
}
break encodeLoop
@@ -708,9 +708,9 @@ encodeLoop:
if repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>(repOff*8)) {
// Consider history as well.
var seq seq
- lenght := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
+ length := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
- seq.matchLen = uint32(lenght - zstdMinMatch)
+ seq.matchLen = uint32(length - zstdMinMatch)
// We might be able to match backwards.
// Extend as long as we can.
@@ -738,12 +738,12 @@ encodeLoop:
blk.sequences = append(blk.sequences, seq)
// Index match start+1 (long) -> s - 1
- s += lenght + repOff
+ s += length + repOff
nextEmit = s
if s >= sLimit {
if debugEncoder {
- println("repeat ended", s, lenght)
+ println("repeat ended", s, length)
}
break encodeLoop
@@ -772,9 +772,9 @@ encodeLoop:
if false && repIndex >= 0 && load6432(src, repIndex) == load6432(src, s+repOff) {
// Consider history as well.
var seq seq
- lenght := 8 + e.matchlen(s+8+repOff2, repIndex+8, src)
+ length := 8 + e.matchlen(s+8+repOff2, repIndex+8, src)
- seq.matchLen = uint32(lenght - zstdMinMatch)
+ seq.matchLen = uint32(length - zstdMinMatch)
// We might be able to match backwards.
// Extend as long as we can.
@@ -801,11 +801,11 @@ encodeLoop:
}
blk.sequences = append(blk.sequences, seq)
- s += lenght + repOff2
+ s += length + repOff2
nextEmit = s
if s >= sLimit {
if debugEncoder {
- println("repeat ended", s, lenght)
+ println("repeat ended", s, length)
}
break encodeLoop
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go
index a154c18f74..d36be7bd8c 100644
--- a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go
@@ -138,9 +138,9 @@ encodeLoop:
if repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>(repOff*8)) {
// Consider history as well.
var seq seq
- lenght := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
+ length := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
- seq.matchLen = uint32(lenght - zstdMinMatch)
+ seq.matchLen = uint32(length - zstdMinMatch)
// We might be able to match backwards.
// Extend as long as we can.
@@ -166,11 +166,11 @@ encodeLoop:
println("repeat sequence", seq, "next s:", s)
}
blk.sequences = append(blk.sequences, seq)
- s += lenght + repOff
+ s += length + repOff
nextEmit = s
if s >= sLimit {
if debugEncoder {
- println("repeat ended", s, lenght)
+ println("repeat ended", s, length)
}
break encodeLoop
@@ -798,9 +798,9 @@ encodeLoop:
if repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>(repOff*8)) {
// Consider history as well.
var seq seq
- lenght := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
+ length := 4 + e.matchlen(s+4+repOff, repIndex+4, src)
- seq.matchLen = uint32(lenght - zstdMinMatch)
+ seq.matchLen = uint32(length - zstdMinMatch)
// We might be able to match backwards.
// Extend as long as we can.
@@ -826,11 +826,11 @@ encodeLoop:
println("repeat sequence", seq, "next s:", s)
}
blk.sequences = append(blk.sequences, seq)
- s += lenght + repOff
+ s += length + repOff
nextEmit = s
if s >= sLimit {
if debugEncoder {
- println("repeat ended", s, lenght)
+ println("repeat ended", s, length)
}
break encodeLoop
diff --git a/vendor/github.com/klauspost/compress/zstd/encoder.go b/vendor/github.com/klauspost/compress/zstd/encoder.go
index 72af7ef0fe..8f8223cd3a 100644
--- a/vendor/github.com/klauspost/compress/zstd/encoder.go
+++ b/vendor/github.com/klauspost/compress/zstd/encoder.go
@@ -6,6 +6,7 @@ package zstd
import (
"crypto/rand"
+ "errors"
"fmt"
"io"
"math"
@@ -149,6 +150,9 @@ func (e *Encoder) ResetContentSize(w io.Writer, size int64) {
// and write CRC if requested.
func (e *Encoder) Write(p []byte) (n int, err error) {
s := &e.state
+ if s.eofWritten {
+ return 0, ErrEncoderClosed
+ }
for len(p) > 0 {
if len(p)+len(s.filling) < e.o.blockSize {
if e.o.crc {
@@ -202,7 +206,7 @@ func (e *Encoder) nextBlock(final bool) error {
return nil
}
if final && len(s.filling) > 0 {
- s.current = e.EncodeAll(s.filling, s.current[:0])
+ s.current = e.encodeAll(s.encoder, s.filling, s.current[:0])
var n2 int
n2, s.err = s.w.Write(s.current)
if s.err != nil {
@@ -288,6 +292,9 @@ func (e *Encoder) nextBlock(final bool) error {
s.filling, s.current, s.previous = s.previous[:0], s.filling, s.current
s.nInput += int64(len(s.current))
s.wg.Add(1)
+ if final {
+ s.eofWritten = true
+ }
go func(src []byte) {
if debugEncoder {
println("Adding block,", len(src), "bytes, final:", final)
@@ -303,9 +310,6 @@ func (e *Encoder) nextBlock(final bool) error {
blk := enc.Block()
enc.Encode(blk, src)
blk.last = final
- if final {
- s.eofWritten = true
- }
// Wait for pending writes.
s.wWg.Wait()
if s.writeErr != nil {
@@ -401,12 +405,20 @@ func (e *Encoder) Flush() error {
if len(s.filling) > 0 {
err := e.nextBlock(false)
if err != nil {
+ // Ignore Flush after Close.
+ if errors.Is(s.err, ErrEncoderClosed) {
+ return nil
+ }
return err
}
}
s.wg.Wait()
s.wWg.Wait()
if s.err != nil {
+ // Ignore Flush after Close.
+ if errors.Is(s.err, ErrEncoderClosed) {
+ return nil
+ }
return s.err
}
return s.writeErr
@@ -422,6 +434,9 @@ func (e *Encoder) Close() error {
}
err := e.nextBlock(true)
if err != nil {
+ if errors.Is(s.err, ErrEncoderClosed) {
+ return nil
+ }
return err
}
if s.frameContentSize > 0 {
@@ -459,6 +474,11 @@ func (e *Encoder) Close() error {
}
_, s.err = s.w.Write(frame)
}
+ if s.err == nil {
+ s.err = ErrEncoderClosed
+ return nil
+ }
+
return s.err
}
@@ -469,6 +489,15 @@ func (e *Encoder) Close() error {
// Data compressed with EncodeAll can be decoded with the Decoder,
// using either a stream or DecodeAll.
func (e *Encoder) EncodeAll(src, dst []byte) []byte {
+ e.init.Do(e.initialize)
+ enc := <-e.encoders
+ defer func() {
+ e.encoders <- enc
+ }()
+ return e.encodeAll(enc, src, dst)
+}
+
+func (e *Encoder) encodeAll(enc encoder, src, dst []byte) []byte {
if len(src) == 0 {
if e.o.fullZero {
// Add frame header.
@@ -491,13 +520,7 @@ func (e *Encoder) EncodeAll(src, dst []byte) []byte {
}
return dst
}
- e.init.Do(e.initialize)
- enc := <-e.encoders
- defer func() {
- // Release encoder reference to last block.
- // If a non-single block is needed the encoder will reset again.
- e.encoders <- enc
- }()
+
// Use single segments when above minimum window and below window size.
single := len(src) <= e.o.windowSize && len(src) > MinWindowSize
if e.o.single != nil {
diff --git a/vendor/github.com/klauspost/compress/zstd/framedec.go b/vendor/github.com/klauspost/compress/zstd/framedec.go
index 53e160f7e5..e47af66e7c 100644
--- a/vendor/github.com/klauspost/compress/zstd/framedec.go
+++ b/vendor/github.com/klauspost/compress/zstd/framedec.go
@@ -146,7 +146,9 @@ func (d *frameDec) reset(br byteBuffer) error {
}
return err
}
- printf("raw: %x, mantissa: %d, exponent: %d\n", wd, wd&7, wd>>3)
+ if debugDecoder {
+ printf("raw: %x, mantissa: %d, exponent: %d\n", wd, wd&7, wd>>3)
+ }
windowLog := 10 + (wd >> 3)
windowBase := uint64(1) << windowLog
windowAdd := (windowBase / 8) * uint64(wd&0x7)
diff --git a/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go b/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go
index 57b9c31c02..bea1779e97 100644
--- a/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go
+++ b/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go
@@ -7,20 +7,25 @@
package zstd
import (
- "encoding/binary"
"math/bits"
+
+ "github.com/klauspost/compress/internal/le"
)
// matchLen returns the maximum common prefix length of a and b.
// a must be the shortest of the two.
func matchLen(a, b []byte) (n int) {
- for ; len(a) >= 8 && len(b) >= 8; a, b = a[8:], b[8:] {
- diff := binary.LittleEndian.Uint64(a) ^ binary.LittleEndian.Uint64(b)
+ left := len(a)
+ for left >= 8 {
+ diff := le.Load64(a, n) ^ le.Load64(b, n)
if diff != 0 {
return n + bits.TrailingZeros64(diff)>>3
}
n += 8
+ left -= 8
}
+ a = a[n:]
+ b = b[n:]
for i := range a {
if a[i] != b[i] {
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec.go b/vendor/github.com/klauspost/compress/zstd/seqdec.go
index d7fe6d82d9..9a7de82f9e 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec.go
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec.go
@@ -245,7 +245,7 @@ func (s *sequenceDecs) decodeSync(hist []byte) error {
return io.ErrUnexpectedEOF
}
var ll, mo, ml int
- if len(br.in) > 4+((maxOffsetBits+16+16)>>3) {
+ if br.cursor > 4+((maxOffsetBits+16+16)>>3) {
// inlined function:
// ll, mo, ml = s.nextFast(br, llState, mlState, ofState)
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go
index 8adabd8287..c59f17e07a 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go
@@ -146,7 +146,7 @@ func (s *sequenceDecs) decodeSyncSimple(hist []byte) (bool, error) {
return true, fmt.Errorf("output bigger than max block size (%d)", maxBlockSize)
default:
- return true, fmt.Errorf("sequenceDecs_decode returned erronous code %d", errCode)
+ return true, fmt.Errorf("sequenceDecs_decode returned erroneous code %d", errCode)
}
s.seqSize += ctx.litRemain
@@ -292,7 +292,7 @@ func (s *sequenceDecs) decode(seqs []seqVals) error {
return io.ErrUnexpectedEOF
}
- return fmt.Errorf("sequenceDecs_decode_amd64 returned erronous code %d", errCode)
+ return fmt.Errorf("sequenceDecs_decode_amd64 returned erroneous code %d", errCode)
}
if ctx.litRemain < 0 {
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
index 5b06174b89..a708ca6d3d 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
@@ -7,9 +7,9 @@
TEXT ·sequenceDecs_decode_amd64(SB), $8-32
MOVQ br+8(FP), CX
MOVQ 24(CX), DX
- MOVBQZX 32(CX), BX
+ MOVBQZX 40(CX), BX
MOVQ (CX), AX
- MOVQ 8(CX), SI
+ MOVQ 32(CX), SI
ADDQ SI, AX
MOVQ AX, (SP)
MOVQ ctx+16(FP), AX
@@ -299,8 +299,8 @@ sequenceDecs_decode_amd64_match_len_ofs_ok:
MOVQ R13, 160(AX)
MOVQ br+8(FP), AX
MOVQ DX, 24(AX)
- MOVB BL, 32(AX)
- MOVQ SI, 8(AX)
+ MOVB BL, 40(AX)
+ MOVQ SI, 32(AX)
// Return success
MOVQ $0x00000000, ret+24(FP)
@@ -335,9 +335,9 @@ error_overread:
TEXT ·sequenceDecs_decode_56_amd64(SB), $8-32
MOVQ br+8(FP), CX
MOVQ 24(CX), DX
- MOVBQZX 32(CX), BX
+ MOVBQZX 40(CX), BX
MOVQ (CX), AX
- MOVQ 8(CX), SI
+ MOVQ 32(CX), SI
ADDQ SI, AX
MOVQ AX, (SP)
MOVQ ctx+16(FP), AX
@@ -598,8 +598,8 @@ sequenceDecs_decode_56_amd64_match_len_ofs_ok:
MOVQ R13, 160(AX)
MOVQ br+8(FP), AX
MOVQ DX, 24(AX)
- MOVB BL, 32(AX)
- MOVQ SI, 8(AX)
+ MOVB BL, 40(AX)
+ MOVQ SI, 32(AX)
// Return success
MOVQ $0x00000000, ret+24(FP)
@@ -634,9 +634,9 @@ error_overread:
TEXT ·sequenceDecs_decode_bmi2(SB), $8-32
MOVQ br+8(FP), BX
MOVQ 24(BX), AX
- MOVBQZX 32(BX), DX
+ MOVBQZX 40(BX), DX
MOVQ (BX), CX
- MOVQ 8(BX), BX
+ MOVQ 32(BX), BX
ADDQ BX, CX
MOVQ CX, (SP)
MOVQ ctx+16(FP), CX
@@ -884,8 +884,8 @@ sequenceDecs_decode_bmi2_match_len_ofs_ok:
MOVQ R12, 160(CX)
MOVQ br+8(FP), CX
MOVQ AX, 24(CX)
- MOVB DL, 32(CX)
- MOVQ BX, 8(CX)
+ MOVB DL, 40(CX)
+ MOVQ BX, 32(CX)
// Return success
MOVQ $0x00000000, ret+24(FP)
@@ -920,9 +920,9 @@ error_overread:
TEXT ·sequenceDecs_decode_56_bmi2(SB), $8-32
MOVQ br+8(FP), BX
MOVQ 24(BX), AX
- MOVBQZX 32(BX), DX
+ MOVBQZX 40(BX), DX
MOVQ (BX), CX
- MOVQ 8(BX), BX
+ MOVQ 32(BX), BX
ADDQ BX, CX
MOVQ CX, (SP)
MOVQ ctx+16(FP), CX
@@ -1141,8 +1141,8 @@ sequenceDecs_decode_56_bmi2_match_len_ofs_ok:
MOVQ R12, 160(CX)
MOVQ br+8(FP), CX
MOVQ AX, 24(CX)
- MOVB DL, 32(CX)
- MOVQ BX, 8(CX)
+ MOVB DL, 40(CX)
+ MOVQ BX, 32(CX)
// Return success
MOVQ $0x00000000, ret+24(FP)
@@ -1787,9 +1787,9 @@ empty_seqs:
TEXT ·sequenceDecs_decodeSync_amd64(SB), $64-32
MOVQ br+8(FP), CX
MOVQ 24(CX), DX
- MOVBQZX 32(CX), BX
+ MOVBQZX 40(CX), BX
MOVQ (CX), AX
- MOVQ 8(CX), SI
+ MOVQ 32(CX), SI
ADDQ SI, AX
MOVQ AX, (SP)
MOVQ ctx+16(FP), AX
@@ -1814,7 +1814,7 @@ TEXT ·sequenceDecs_decodeSync_amd64(SB), $64-32
MOVQ 40(SP), AX
ADDQ AX, 48(SP)
- // Calculate poiter to s.out[cap(s.out)] (a past-end pointer)
+ // Calculate pointer to s.out[cap(s.out)] (a past-end pointer)
ADDQ R10, 32(SP)
// outBase += outPosition
@@ -2281,8 +2281,8 @@ handle_loop:
loop_finished:
MOVQ br+8(FP), AX
MOVQ DX, 24(AX)
- MOVB BL, 32(AX)
- MOVQ SI, 8(AX)
+ MOVB BL, 40(AX)
+ MOVQ SI, 32(AX)
// Update the context
MOVQ ctx+16(FP), AX
@@ -2349,9 +2349,9 @@ error_not_enough_space:
TEXT ·sequenceDecs_decodeSync_bmi2(SB), $64-32
MOVQ br+8(FP), BX
MOVQ 24(BX), AX
- MOVBQZX 32(BX), DX
+ MOVBQZX 40(BX), DX
MOVQ (BX), CX
- MOVQ 8(BX), BX
+ MOVQ 32(BX), BX
ADDQ BX, CX
MOVQ CX, (SP)
MOVQ ctx+16(FP), CX
@@ -2376,7 +2376,7 @@ TEXT ·sequenceDecs_decodeSync_bmi2(SB), $64-32
MOVQ 40(SP), CX
ADDQ CX, 48(SP)
- // Calculate poiter to s.out[cap(s.out)] (a past-end pointer)
+ // Calculate pointer to s.out[cap(s.out)] (a past-end pointer)
ADDQ R9, 32(SP)
// outBase += outPosition
@@ -2801,8 +2801,8 @@ handle_loop:
loop_finished:
MOVQ br+8(FP), CX
MOVQ AX, 24(CX)
- MOVB DL, 32(CX)
- MOVQ BX, 8(CX)
+ MOVB DL, 40(CX)
+ MOVQ BX, 32(CX)
// Update the context
MOVQ ctx+16(FP), AX
@@ -2869,9 +2869,9 @@ error_not_enough_space:
TEXT ·sequenceDecs_decodeSync_safe_amd64(SB), $64-32
MOVQ br+8(FP), CX
MOVQ 24(CX), DX
- MOVBQZX 32(CX), BX
+ MOVBQZX 40(CX), BX
MOVQ (CX), AX
- MOVQ 8(CX), SI
+ MOVQ 32(CX), SI
ADDQ SI, AX
MOVQ AX, (SP)
MOVQ ctx+16(FP), AX
@@ -2896,7 +2896,7 @@ TEXT ·sequenceDecs_decodeSync_safe_amd64(SB), $64-32
MOVQ 40(SP), AX
ADDQ AX, 48(SP)
- // Calculate poiter to s.out[cap(s.out)] (a past-end pointer)
+ // Calculate pointer to s.out[cap(s.out)] (a past-end pointer)
ADDQ R10, 32(SP)
// outBase += outPosition
@@ -3465,8 +3465,8 @@ handle_loop:
loop_finished:
MOVQ br+8(FP), AX
MOVQ DX, 24(AX)
- MOVB BL, 32(AX)
- MOVQ SI, 8(AX)
+ MOVB BL, 40(AX)
+ MOVQ SI, 32(AX)
// Update the context
MOVQ ctx+16(FP), AX
@@ -3533,9 +3533,9 @@ error_not_enough_space:
TEXT ·sequenceDecs_decodeSync_safe_bmi2(SB), $64-32
MOVQ br+8(FP), BX
MOVQ 24(BX), AX
- MOVBQZX 32(BX), DX
+ MOVBQZX 40(BX), DX
MOVQ (BX), CX
- MOVQ 8(BX), BX
+ MOVQ 32(BX), BX
ADDQ BX, CX
MOVQ CX, (SP)
MOVQ ctx+16(FP), CX
@@ -3560,7 +3560,7 @@ TEXT ·sequenceDecs_decodeSync_safe_bmi2(SB), $64-32
MOVQ 40(SP), CX
ADDQ CX, 48(SP)
- // Calculate poiter to s.out[cap(s.out)] (a past-end pointer)
+ // Calculate pointer to s.out[cap(s.out)] (a past-end pointer)
ADDQ R9, 32(SP)
// outBase += outPosition
@@ -4087,8 +4087,8 @@ handle_loop:
loop_finished:
MOVQ br+8(FP), CX
MOVQ AX, 24(CX)
- MOVB DL, 32(CX)
- MOVQ BX, 8(CX)
+ MOVB DL, 40(CX)
+ MOVQ BX, 32(CX)
// Update the context
MOVQ ctx+16(FP), AX
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go
index 2fb35b788c..7cec2197cd 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go
@@ -29,7 +29,7 @@ func (s *sequenceDecs) decode(seqs []seqVals) error {
}
for i := range seqs {
var ll, mo, ml int
- if len(br.in) > 4+((maxOffsetBits+16+16)>>3) {
+ if br.cursor > 4+((maxOffsetBits+16+16)>>3) {
// inlined function:
// ll, mo, ml = s.nextFast(br, llState, mlState, ofState)
diff --git a/vendor/github.com/klauspost/compress/zstd/seqenc.go b/vendor/github.com/klauspost/compress/zstd/seqenc.go
index 8014174a77..65045eabdd 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqenc.go
+++ b/vendor/github.com/klauspost/compress/zstd/seqenc.go
@@ -69,7 +69,6 @@ var llBitsTable = [maxLLCode + 1]byte{
func llCode(litLength uint32) uint8 {
const llDeltaCode = 19
if litLength <= 63 {
- // Compiler insists on bounds check (Go 1.12)
return llCodeTable[litLength&63]
}
return uint8(highBit(litLength)) + llDeltaCode
@@ -102,7 +101,6 @@ var mlBitsTable = [maxMLCode + 1]byte{
func mlCode(mlBase uint32) uint8 {
const mlDeltaCode = 36
if mlBase <= 127 {
- // Compiler insists on bounds check (Go 1.12)
return mlCodeTable[mlBase&127]
}
return uint8(highBit(mlBase)) + mlDeltaCode
diff --git a/vendor/github.com/klauspost/compress/zstd/snappy.go b/vendor/github.com/klauspost/compress/zstd/snappy.go
index ec13594e89..a17381b8f8 100644
--- a/vendor/github.com/klauspost/compress/zstd/snappy.go
+++ b/vendor/github.com/klauspost/compress/zstd/snappy.go
@@ -197,7 +197,7 @@ func (r *SnappyConverter) Convert(in io.Reader, w io.Writer) (int64, error) {
n, r.err = w.Write(r.block.output)
if r.err != nil {
- return written, err
+ return written, r.err
}
written += int64(n)
continue
@@ -239,7 +239,7 @@ func (r *SnappyConverter) Convert(in io.Reader, w io.Writer) (int64, error) {
}
n, r.err = w.Write(r.block.output)
if r.err != nil {
- return written, err
+ return written, r.err
}
written += int64(n)
continue
diff --git a/vendor/github.com/klauspost/compress/zstd/zstd.go b/vendor/github.com/klauspost/compress/zstd/zstd.go
index 4be7cc7367..6252b46ae6 100644
--- a/vendor/github.com/klauspost/compress/zstd/zstd.go
+++ b/vendor/github.com/klauspost/compress/zstd/zstd.go
@@ -5,10 +5,11 @@ package zstd
import (
"bytes"
- "encoding/binary"
"errors"
"log"
"math"
+
+ "github.com/klauspost/compress/internal/le"
)
// enable debug printing
@@ -88,6 +89,10 @@ var (
// Close has been called.
ErrDecoderClosed = errors.New("decoder used after Close")
+ // ErrEncoderClosed will be returned if the Encoder was used after
+ // Close has been called.
+ ErrEncoderClosed = errors.New("encoder used after Close")
+
// ErrDecoderNilInput is returned when a nil Reader was provided
// and an operation other than Reset/DecodeAll/Close was attempted.
ErrDecoderNilInput = errors.New("nil input provided as reader")
@@ -106,11 +111,11 @@ func printf(format string, a ...interface{}) {
}
func load3232(b []byte, i int32) uint32 {
- return binary.LittleEndian.Uint32(b[:len(b):len(b)][i:])
+ return le.Load32(b, i)
}
func load6432(b []byte, i int32) uint64 {
- return binary.LittleEndian.Uint64(b[:len(b):len(b)][i:])
+ return le.Load64(b, i)
}
type byter interface {
diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go
index e78e726196..58f13c269d 100644
--- a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go
+++ b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go
@@ -51,7 +51,7 @@ func mountedByOpenat2(path string) (bool, error) {
Resolve: unix.RESOLVE_NO_XDEV,
})
_ = unix.Close(dirfd)
- switch err { //nolint:errorlint // unix errors are bare
+ switch err {
case nil: // definitely not a mount
_ = unix.Close(fd)
return false, nil
diff --git a/vendor/github.com/moby/sys/sequential/sequential_unix.go b/vendor/github.com/moby/sys/sequential/sequential_unix.go
index a3c7340e3a..278cdfb077 100644
--- a/vendor/github.com/moby/sys/sequential/sequential_unix.go
+++ b/vendor/github.com/moby/sys/sequential/sequential_unix.go
@@ -5,41 +5,22 @@ package sequential
import "os"
-// Create creates the named file with mode 0666 (before umask), truncating
-// it if it already exists. If successful, methods on the returned
-// File can be used for I/O; the associated file descriptor has mode
-// O_RDWR.
-// If there is an error, it will be of type *PathError.
+// Create is an alias for [os.Create] on non-Windows platforms.
func Create(name string) (*os.File, error) {
return os.Create(name)
}
-// Open opens the named file for reading. If successful, methods on
-// the returned file can be used for reading; the associated file
-// descriptor has mode O_RDONLY.
-// If there is an error, it will be of type *PathError.
+// Open is an alias for [os.Open] on non-Windows platforms.
func Open(name string) (*os.File, error) {
return os.Open(name)
}
-// OpenFile is the generalized open call; most users will use Open
-// or Create instead. It opens the named file with specified flag
-// (O_RDONLY etc.) and perm, (0666 etc.) if applicable. If successful,
-// methods on the returned File can be used for I/O.
-// If there is an error, it will be of type *PathError.
+// OpenFile is an alias for [os.OpenFile] on non-Windows platforms.
func OpenFile(name string, flag int, perm os.FileMode) (*os.File, error) {
return os.OpenFile(name, flag, perm)
}
-// CreateTemp creates a new temporary file in the directory dir
-// with a name beginning with prefix, opens the file for reading
-// and writing, and returns the resulting *os.File.
-// If dir is the empty string, TempFile uses the default directory
-// for temporary files (see os.TempDir).
-// Multiple programs calling TempFile simultaneously
-// will not choose the same file. The caller can use f.Name()
-// to find the pathname of the file. It is the caller's responsibility
-// to remove the file when no longer needed.
+// CreateTemp is an alias for [os.CreateTemp] on non-Windows platforms.
func CreateTemp(dir, prefix string) (f *os.File, err error) {
return os.CreateTemp(dir, prefix)
}
diff --git a/vendor/github.com/moby/sys/sequential/sequential_windows.go b/vendor/github.com/moby/sys/sequential/sequential_windows.go
index 3f7f0d83e0..3500ecc689 100644
--- a/vendor/github.com/moby/sys/sequential/sequential_windows.go
+++ b/vendor/github.com/moby/sys/sequential/sequential_windows.go
@@ -5,48 +5,52 @@ import (
"path/filepath"
"strconv"
"sync"
- "syscall"
"time"
"unsafe"
"golang.org/x/sys/windows"
)
-// Create creates the named file with mode 0666 (before umask), truncating
-// it if it already exists. If successful, methods on the returned
-// File can be used for I/O; the associated file descriptor has mode
-// O_RDWR.
-// If there is an error, it will be of type *PathError.
+// Create is a copy of [os.Create], modified to use sequential file access.
+//
+// It uses [windows.FILE_FLAG_SEQUENTIAL_SCAN] rather than [windows.FILE_ATTRIBUTE_NORMAL]
+// as implemented in golang. Refer to the [Win32 API documentation] for details
+// on sequential file access.
+//
+// [Win32 API documentation]: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea#FILE_FLAG_SEQUENTIAL_SCAN
func Create(name string) (*os.File, error) {
- return OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0)
+ return openFileSequential(name, windows.O_RDWR|windows.O_CREAT|windows.O_TRUNC)
}
-// Open opens the named file for reading. If successful, methods on
-// the returned file can be used for reading; the associated file
-// descriptor has mode O_RDONLY.
-// If there is an error, it will be of type *PathError.
+// Open is a copy of [os.Open], modified to use sequential file access.
+//
+// It uses [windows.FILE_FLAG_SEQUENTIAL_SCAN] rather than [windows.FILE_ATTRIBUTE_NORMAL]
+// as implemented in golang. Refer to the [Win32 API documentation] for details
+// on sequential file access.
+//
+// [Win32 API documentation]: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea#FILE_FLAG_SEQUENTIAL_SCAN
func Open(name string) (*os.File, error) {
- return OpenFile(name, os.O_RDONLY, 0)
+ return openFileSequential(name, windows.O_RDONLY)
}
-// OpenFile is the generalized open call; most users will use Open
-// or Create instead.
-// If there is an error, it will be of type *PathError.
+// OpenFile is a copy of [os.OpenFile], modified to use sequential file access.
+//
+// It uses [windows.FILE_FLAG_SEQUENTIAL_SCAN] rather than [windows.FILE_ATTRIBUTE_NORMAL]
+// as implemented in golang. Refer to the [Win32 API documentation] for details
+// on sequential file access.
+//
+// [Win32 API documentation]: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea#FILE_FLAG_SEQUENTIAL_SCAN
func OpenFile(name string, flag int, _ os.FileMode) (*os.File, error) {
- if name == "" {
- return nil, &os.PathError{Op: "open", Path: name, Err: syscall.ENOENT}
- }
- r, err := openFileSequential(name, flag, 0)
- if err == nil {
- return r, nil
- }
- return nil, &os.PathError{Op: "open", Path: name, Err: err}
+ return openFileSequential(name, flag)
}
-func openFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) {
- r, e := openSequential(name, flag|windows.O_CLOEXEC, 0)
+func openFileSequential(name string, flag int) (file *os.File, err error) {
+ if name == "" {
+ return nil, &os.PathError{Op: "open", Path: name, Err: windows.ERROR_FILE_NOT_FOUND}
+ }
+ r, e := openSequential(name, flag|windows.O_CLOEXEC)
if e != nil {
- return nil, e
+ return nil, &os.PathError{Op: "open", Path: name, Err: e}
}
return os.NewFile(uintptr(r), name), nil
}
@@ -58,7 +62,7 @@ func makeInheritSa() *windows.SecurityAttributes {
return &sa
}
-func openSequential(path string, mode int, _ uint32) (fd windows.Handle, err error) {
+func openSequential(path string, mode int) (fd windows.Handle, err error) {
if len(path) == 0 {
return windows.InvalidHandle, windows.ERROR_FILE_NOT_FOUND
}
@@ -101,15 +105,16 @@ func openSequential(path string, mode int, _ uint32) (fd windows.Handle, err err
createmode = windows.OPEN_EXISTING
}
// Use FILE_FLAG_SEQUENTIAL_SCAN rather than FILE_ATTRIBUTE_NORMAL as implemented in golang.
- // https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
- const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN
- h, e := windows.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
+ // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea#FILE_FLAG_SEQUENTIAL_SCAN
+ h, e := windows.CreateFile(pathp, access, sharemode, sa, createmode, windows.FILE_FLAG_SEQUENTIAL_SCAN, 0)
return h, e
}
// Helpers for CreateTemp
-var rand uint32
-var randmu sync.Mutex
+var (
+ rand uint32
+ randmu sync.Mutex
+)
func reseed() uint32 {
return uint32(time.Now().UnixNano() + int64(os.Getpid()))
@@ -127,17 +132,13 @@ func nextSuffix() string {
return strconv.Itoa(int(1e9 + r%1e9))[1:]
}
-// CreateTemp is a copy of os.CreateTemp, modified to use sequential
-// file access. Below is the original comment from golang:
-// TempFile creates a new temporary file in the directory dir
-// with a name beginning with prefix, opens the file for reading
-// and writing, and returns the resulting *os.File.
-// If dir is the empty string, TempFile uses the default directory
-// for temporary files (see os.TempDir).
-// Multiple programs calling TempFile simultaneously
-// will not choose the same file. The caller can use f.Name()
-// to find the pathname of the file. It is the caller's responsibility
-// to remove the file when no longer needed.
+// CreateTemp is a copy of [os.CreateTemp], modified to use sequential file access.
+//
+// It uses [windows.FILE_FLAG_SEQUENTIAL_SCAN] rather than [windows.FILE_ATTRIBUTE_NORMAL]
+// as implemented in golang. Refer to the [Win32 API documentation] for details
+// on sequential file access.
+//
+// [Win32 API documentation]: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea#FILE_FLAG_SEQUENTIAL_SCAN
func CreateTemp(dir, prefix string) (f *os.File, err error) {
if dir == "" {
dir = os.TempDir()
@@ -146,7 +147,7 @@ func CreateTemp(dir, prefix string) (f *os.File, err error) {
nconflict := 0
for i := 0; i < 10000; i++ {
name := filepath.Join(dir, prefix+nextSuffix())
- f, err = OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o600)
+ f, err = openFileSequential(name, windows.O_RDWR|windows.O_CREAT|windows.O_EXCL)
if os.IsExist(err) {
if nconflict++; nconflict > 10 {
randmu.Lock()
diff --git a/vendor/github.com/moby/sys/user/idtools.go b/vendor/github.com/moby/sys/user/idtools.go
new file mode 100644
index 0000000000..595b7a9272
--- /dev/null
+++ b/vendor/github.com/moby/sys/user/idtools.go
@@ -0,0 +1,141 @@
+package user
+
+import (
+ "fmt"
+ "os"
+)
+
+// MkdirOpt is a type for options to pass to Mkdir calls
+type MkdirOpt func(*mkdirOptions)
+
+type mkdirOptions struct {
+ onlyNew bool
+}
+
+// WithOnlyNew is an option for MkdirAllAndChown that will only change ownership and permissions
+// on newly created directories. If the directory already exists, it will not be modified
+func WithOnlyNew(o *mkdirOptions) {
+ o.onlyNew = true
+}
+
+// MkdirAllAndChown creates a directory (include any along the path) and then modifies
+// ownership to the requested uid/gid. By default, if the directory already exists, this
+// function will still change ownership and permissions. If WithOnlyNew is passed as an
+// option, then only the newly created directories will have ownership and permissions changed.
+func MkdirAllAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error {
+ var options mkdirOptions
+ for _, opt := range opts {
+ opt(&options)
+ }
+
+ return mkdirAs(path, mode, uid, gid, true, options.onlyNew)
+}
+
+// MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid.
+// By default, if the directory already exists, this function still changes ownership and permissions.
+// If WithOnlyNew is passed as an option, then only the newly created directory will have ownership
+// and permissions changed.
+// Note that unlike os.Mkdir(), this function does not return IsExist error
+// in case path already exists.
+func MkdirAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error {
+ var options mkdirOptions
+ for _, opt := range opts {
+ opt(&options)
+ }
+ return mkdirAs(path, mode, uid, gid, false, options.onlyNew)
+}
+
+// getRootUIDGID retrieves the remapped root uid/gid pair from the set of maps.
+// If the maps are empty, then the root uid/gid will default to "real" 0/0
+func getRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) {
+ uid, err := toHost(0, uidMap)
+ if err != nil {
+ return -1, -1, err
+ }
+ gid, err := toHost(0, gidMap)
+ if err != nil {
+ return -1, -1, err
+ }
+ return uid, gid, nil
+}
+
+// toContainer takes an id mapping, and uses it to translate a
+// host ID to the remapped ID. If no map is provided, then the translation
+// assumes a 1-to-1 mapping and returns the passed in id
+func toContainer(hostID int, idMap []IDMap) (int, error) {
+ if idMap == nil {
+ return hostID, nil
+ }
+ for _, m := range idMap {
+ if (int64(hostID) >= m.ParentID) && (int64(hostID) <= (m.ParentID + m.Count - 1)) {
+ contID := int(m.ID + (int64(hostID) - m.ParentID))
+ return contID, nil
+ }
+ }
+ return -1, fmt.Errorf("host ID %d cannot be mapped to a container ID", hostID)
+}
+
+// toHost takes an id mapping and a remapped ID, and translates the
+// ID to the mapped host ID. If no map is provided, then the translation
+// assumes a 1-to-1 mapping and returns the passed in id #
+func toHost(contID int, idMap []IDMap) (int, error) {
+ if idMap == nil {
+ return contID, nil
+ }
+ for _, m := range idMap {
+ if (int64(contID) >= m.ID) && (int64(contID) <= (m.ID + m.Count - 1)) {
+ hostID := int(m.ParentID + (int64(contID) - m.ID))
+ return hostID, nil
+ }
+ }
+ return -1, fmt.Errorf("container ID %d cannot be mapped to a host ID", contID)
+}
+
+// IdentityMapping contains a mappings of UIDs and GIDs.
+// The zero value represents an empty mapping.
+type IdentityMapping struct {
+ UIDMaps []IDMap `json:"UIDMaps"`
+ GIDMaps []IDMap `json:"GIDMaps"`
+}
+
+// RootPair returns a uid and gid pair for the root user. The error is ignored
+// because a root user always exists, and the defaults are correct when the uid
+// and gid maps are empty.
+func (i IdentityMapping) RootPair() (int, int) {
+ uid, gid, _ := getRootUIDGID(i.UIDMaps, i.GIDMaps)
+ return uid, gid
+}
+
+// ToHost returns the host UID and GID for the container uid, gid.
+// Remapping is only performed if the ids aren't already the remapped root ids
+func (i IdentityMapping) ToHost(uid, gid int) (int, int, error) {
+ var err error
+ ruid, rgid := i.RootPair()
+
+ if uid != ruid {
+ ruid, err = toHost(uid, i.UIDMaps)
+ if err != nil {
+ return ruid, rgid, err
+ }
+ }
+
+ if gid != rgid {
+ rgid, err = toHost(gid, i.GIDMaps)
+ }
+ return ruid, rgid, err
+}
+
+// ToContainer returns the container UID and GID for the host uid and gid
+func (i IdentityMapping) ToContainer(uid, gid int) (int, int, error) {
+ ruid, err := toContainer(uid, i.UIDMaps)
+ if err != nil {
+ return -1, -1, err
+ }
+ rgid, err := toContainer(gid, i.GIDMaps)
+ return ruid, rgid, err
+}
+
+// Empty returns true if there are no id mappings
+func (i IdentityMapping) Empty() bool {
+ return len(i.UIDMaps) == 0 && len(i.GIDMaps) == 0
+}
diff --git a/vendor/github.com/moby/sys/user/idtools_unix.go b/vendor/github.com/moby/sys/user/idtools_unix.go
new file mode 100644
index 0000000000..4e39d2446b
--- /dev/null
+++ b/vendor/github.com/moby/sys/user/idtools_unix.go
@@ -0,0 +1,143 @@
+//go:build !windows
+
+package user
+
+import (
+ "fmt"
+ "os"
+ "path/filepath"
+ "strconv"
+ "syscall"
+)
+
+func mkdirAs(path string, mode os.FileMode, uid, gid int, mkAll, onlyNew bool) error {
+ path, err := filepath.Abs(path)
+ if err != nil {
+ return err
+ }
+
+ stat, err := os.Stat(path)
+ if err == nil {
+ if !stat.IsDir() {
+ return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR}
+ }
+ if onlyNew {
+ return nil
+ }
+
+ // short-circuit -- we were called with an existing directory and chown was requested
+ return setPermissions(path, mode, uid, gid, stat)
+ }
+
+ // make an array containing the original path asked for, plus (for mkAll == true)
+ // all path components leading up to the complete path that don't exist before we MkdirAll
+ // so that we can chown all of them properly at the end. If onlyNew is true, we won't
+ // chown the full directory path if it exists
+ var paths []string
+ if os.IsNotExist(err) {
+ paths = append(paths, path)
+ }
+
+ if mkAll {
+ // walk back to "/" looking for directories which do not exist
+ // and add them to the paths array for chown after creation
+ dirPath := path
+ for {
+ dirPath = filepath.Dir(dirPath)
+ if dirPath == "/" {
+ break
+ }
+ if _, err = os.Stat(dirPath); os.IsNotExist(err) {
+ paths = append(paths, dirPath)
+ }
+ }
+ if err = os.MkdirAll(path, mode); err != nil {
+ return err
+ }
+ } else if err = os.Mkdir(path, mode); err != nil {
+ return err
+ }
+ // even if it existed, we will chown the requested path + any subpaths that
+ // didn't exist when we called MkdirAll
+ for _, pathComponent := range paths {
+ if err = setPermissions(pathComponent, mode, uid, gid, nil); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// setPermissions performs a chown/chmod only if the uid/gid don't match what's requested
+// Normally a Chown is a no-op if uid/gid match, but in some cases this can still cause an error, e.g. if the
+// dir is on an NFS share, so don't call chown unless we absolutely must.
+// Likewise for setting permissions.
+func setPermissions(p string, mode os.FileMode, uid, gid int, stat os.FileInfo) error {
+ if stat == nil {
+ var err error
+ stat, err = os.Stat(p)
+ if err != nil {
+ return err
+ }
+ }
+ if stat.Mode().Perm() != mode.Perm() {
+ if err := os.Chmod(p, mode.Perm()); err != nil {
+ return err
+ }
+ }
+ ssi := stat.Sys().(*syscall.Stat_t)
+ if ssi.Uid == uint32(uid) && ssi.Gid == uint32(gid) {
+ return nil
+ }
+ return os.Chown(p, uid, gid)
+}
+
+// LoadIdentityMapping takes a requested username and
+// using the data from /etc/sub{uid,gid} ranges, creates the
+// proper uid and gid remapping ranges for that user/group pair
+func LoadIdentityMapping(name string) (IdentityMapping, error) {
+ // TODO: Consider adding support for calling out to "getent"
+ usr, err := LookupUser(name)
+ if err != nil {
+ return IdentityMapping{}, fmt.Errorf("could not get user for username %s: %w", name, err)
+ }
+
+ subuidRanges, err := lookupSubRangesFile("/etc/subuid", usr)
+ if err != nil {
+ return IdentityMapping{}, err
+ }
+ subgidRanges, err := lookupSubRangesFile("/etc/subgid", usr)
+ if err != nil {
+ return IdentityMapping{}, err
+ }
+
+ return IdentityMapping{
+ UIDMaps: subuidRanges,
+ GIDMaps: subgidRanges,
+ }, nil
+}
+
+func lookupSubRangesFile(path string, usr User) ([]IDMap, error) {
+ uidstr := strconv.Itoa(usr.Uid)
+ rangeList, err := ParseSubIDFileFilter(path, func(sid SubID) bool {
+ return sid.Name == usr.Name || sid.Name == uidstr
+ })
+ if err != nil {
+ return nil, err
+ }
+ if len(rangeList) == 0 {
+ return nil, fmt.Errorf("no subuid ranges found for user %q", usr.Name)
+ }
+
+ idMap := []IDMap{}
+
+ var containerID int64
+ for _, idrange := range rangeList {
+ idMap = append(idMap, IDMap{
+ ID: containerID,
+ ParentID: idrange.SubID,
+ Count: idrange.Count,
+ })
+ containerID = containerID + idrange.Count
+ }
+ return idMap, nil
+}
diff --git a/vendor/github.com/moby/sys/user/idtools_windows.go b/vendor/github.com/moby/sys/user/idtools_windows.go
new file mode 100644
index 0000000000..9de730cafb
--- /dev/null
+++ b/vendor/github.com/moby/sys/user/idtools_windows.go
@@ -0,0 +1,13 @@
+package user
+
+import (
+ "os"
+)
+
+// This is currently a wrapper around [os.MkdirAll] since currently
+// permissions aren't set through this path, the identity isn't utilized.
+// Ownership is handled elsewhere, but in the future could be support here
+// too.
+func mkdirAs(path string, _ os.FileMode, _, _ int, _, _ bool) error {
+ return os.MkdirAll(path, 0)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/annotations.go b/vendor/github.com/open-policy-agent/opa/ast/annotations.go
index d6267a0e64..3bc5fb36a5 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/annotations.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/annotations.go
@@ -5,973 +5,33 @@
package ast
import (
- "encoding/json"
- "fmt"
- "net/url"
- "sort"
- "strings"
-
- astJSON "github.com/open-policy-agent/opa/ast/json"
- "github.com/open-policy-agent/opa/internal/deepcopy"
- "github.com/open-policy-agent/opa/util"
-)
-
-const (
- annotationScopePackage = "package"
- annotationScopeImport = "import"
- annotationScopeRule = "rule"
- annotationScopeDocument = "document"
- annotationScopeSubpackages = "subpackages"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
type (
// Annotations represents metadata attached to other AST nodes such as rules.
- Annotations struct {
- Scope string `json:"scope"`
- Title string `json:"title,omitempty"`
- Entrypoint bool `json:"entrypoint,omitempty"`
- Description string `json:"description,omitempty"`
- Organizations []string `json:"organizations,omitempty"`
- RelatedResources []*RelatedResourceAnnotation `json:"related_resources,omitempty"`
- Authors []*AuthorAnnotation `json:"authors,omitempty"`
- Schemas []*SchemaAnnotation `json:"schemas,omitempty"`
- Custom map[string]interface{} `json:"custom,omitempty"`
- Location *Location `json:"location,omitempty"`
-
- comments []*Comment
- node Node
- jsonOptions astJSON.Options
- }
+ Annotations = v1.Annotations
// SchemaAnnotation contains a schema declaration for the document identified by the path.
- SchemaAnnotation struct {
- Path Ref `json:"path"`
- Schema Ref `json:"schema,omitempty"`
- Definition *interface{} `json:"definition,omitempty"`
- }
-
- AuthorAnnotation struct {
- Name string `json:"name"`
- Email string `json:"email,omitempty"`
- }
-
- RelatedResourceAnnotation struct {
- Ref url.URL `json:"ref"`
- Description string `json:"description,omitempty"`
- }
-
- AnnotationSet struct {
- byRule map[*Rule][]*Annotations
- byPackage map[int]*Annotations
- byPath *annotationTreeNode
- modules []*Module // Modules this set was constructed from
- }
+ SchemaAnnotation = v1.SchemaAnnotation
- annotationTreeNode struct {
- Value *Annotations
- Children map[Value]*annotationTreeNode // we assume key elements are hashable (vars and strings only!)
- }
+ AuthorAnnotation = v1.AuthorAnnotation
- AnnotationsRef struct {
- Path Ref `json:"path"` // The path of the node the annotations are applied to
- Annotations *Annotations `json:"annotations,omitempty"`
- Location *Location `json:"location,omitempty"` // The location of the node the annotations are applied to
+ RelatedResourceAnnotation = v1.RelatedResourceAnnotation
- jsonOptions astJSON.Options
+ AnnotationSet = v1.AnnotationSet
- node Node // The node the annotations are applied to
- }
+ AnnotationsRef = v1.AnnotationsRef
- AnnotationsRefSet []*AnnotationsRef
+ AnnotationsRefSet = v1.AnnotationsRefSet
- FlatAnnotationsRefSet AnnotationsRefSet
+ FlatAnnotationsRefSet = v1.FlatAnnotationsRefSet
)
-func (a *Annotations) String() string {
- bs, _ := a.MarshalJSON()
- return string(bs)
-}
-
-// Loc returns the location of this annotation.
-func (a *Annotations) Loc() *Location {
- return a.Location
-}
-
-// SetLoc updates the location of this annotation.
-func (a *Annotations) SetLoc(l *Location) {
- a.Location = l
-}
-
-// EndLoc returns the location of this annotation's last comment line.
-func (a *Annotations) EndLoc() *Location {
- count := len(a.comments)
- if count == 0 {
- return a.Location
- }
- return a.comments[count-1].Location
-}
-
-// Compare returns an integer indicating if a is less than, equal to, or greater
-// than other.
-func (a *Annotations) Compare(other *Annotations) int {
-
- if a == nil && other == nil {
- return 0
- }
-
- if a == nil {
- return -1
- }
-
- if other == nil {
- return 1
- }
-
- if cmp := scopeCompare(a.Scope, other.Scope); cmp != 0 {
- return cmp
- }
-
- if cmp := strings.Compare(a.Title, other.Title); cmp != 0 {
- return cmp
- }
-
- if cmp := strings.Compare(a.Description, other.Description); cmp != 0 {
- return cmp
- }
-
- if cmp := compareStringLists(a.Organizations, other.Organizations); cmp != 0 {
- return cmp
- }
-
- if cmp := compareRelatedResources(a.RelatedResources, other.RelatedResources); cmp != 0 {
- return cmp
- }
-
- if cmp := compareAuthors(a.Authors, other.Authors); cmp != 0 {
- return cmp
- }
-
- if cmp := compareSchemas(a.Schemas, other.Schemas); cmp != 0 {
- return cmp
- }
-
- if a.Entrypoint != other.Entrypoint {
- if a.Entrypoint {
- return 1
- }
- return -1
- }
-
- if cmp := util.Compare(a.Custom, other.Custom); cmp != 0 {
- return cmp
- }
-
- return 0
-}
-
-// GetTargetPath returns the path of the node these Annotations are applied to (the target)
-func (a *Annotations) GetTargetPath() Ref {
- switch n := a.node.(type) {
- case *Package:
- return n.Path
- case *Rule:
- return n.Ref().GroundPrefix()
- default:
- return nil
- }
-}
-
-func (a *Annotations) setJSONOptions(opts astJSON.Options) {
- a.jsonOptions = opts
- if a.Location != nil {
- a.Location.JSONOptions = opts
- }
-}
-
-func (a *Annotations) MarshalJSON() ([]byte, error) {
- if a == nil {
- return []byte(`{"scope":""}`), nil
- }
-
- data := map[string]interface{}{
- "scope": a.Scope,
- }
-
- if a.Title != "" {
- data["title"] = a.Title
- }
-
- if a.Description != "" {
- data["description"] = a.Description
- }
-
- if a.Entrypoint {
- data["entrypoint"] = a.Entrypoint
- }
-
- if len(a.Organizations) > 0 {
- data["organizations"] = a.Organizations
- }
-
- if len(a.RelatedResources) > 0 {
- data["related_resources"] = a.RelatedResources
- }
-
- if len(a.Authors) > 0 {
- data["authors"] = a.Authors
- }
-
- if len(a.Schemas) > 0 {
- data["schemas"] = a.Schemas
- }
-
- if len(a.Custom) > 0 {
- data["custom"] = a.Custom
- }
-
- if a.jsonOptions.MarshalOptions.IncludeLocation.Annotations {
- if a.Location != nil {
- data["location"] = a.Location
- }
- }
-
- return json.Marshal(data)
-}
-
func NewAnnotationsRef(a *Annotations) *AnnotationsRef {
- var loc *Location
- if a.node != nil {
- loc = a.node.Loc()
- }
-
- return &AnnotationsRef{
- Location: loc,
- Path: a.GetTargetPath(),
- Annotations: a,
- node: a.node,
- jsonOptions: a.jsonOptions,
- }
-}
-
-func (ar *AnnotationsRef) GetPackage() *Package {
- switch n := ar.node.(type) {
- case *Package:
- return n
- case *Rule:
- return n.Module.Package
- default:
- return nil
- }
-}
-
-func (ar *AnnotationsRef) GetRule() *Rule {
- switch n := ar.node.(type) {
- case *Rule:
- return n
- default:
- return nil
- }
-}
-
-func (ar *AnnotationsRef) MarshalJSON() ([]byte, error) {
- data := map[string]interface{}{
- "path": ar.Path,
- }
-
- if ar.Annotations != nil {
- data["annotations"] = ar.Annotations
- }
-
- if ar.jsonOptions.MarshalOptions.IncludeLocation.AnnotationsRef {
- if ar.Location != nil {
- data["location"] = ar.Location
- }
- }
-
- return json.Marshal(data)
-}
-
-func scopeCompare(s1, s2 string) int {
-
- o1 := scopeOrder(s1)
- o2 := scopeOrder(s2)
-
- if o2 < o1 {
- return 1
- } else if o2 > o1 {
- return -1
- }
-
- if s1 < s2 {
- return -1
- } else if s2 < s1 {
- return 1
- }
-
- return 0
-}
-
-func scopeOrder(s string) int {
- switch s {
- case annotationScopeRule:
- return 1
- }
- return 0
-}
-
-func compareAuthors(a, b []*AuthorAnnotation) int {
- if len(a) > len(b) {
- return 1
- } else if len(a) < len(b) {
- return -1
- }
-
- for i := 0; i < len(a); i++ {
- if cmp := a[i].Compare(b[i]); cmp != 0 {
- return cmp
- }
- }
-
- return 0
-}
-
-func compareRelatedResources(a, b []*RelatedResourceAnnotation) int {
- if len(a) > len(b) {
- return 1
- } else if len(a) < len(b) {
- return -1
- }
-
- for i := 0; i < len(a); i++ {
- if cmp := strings.Compare(a[i].String(), b[i].String()); cmp != 0 {
- return cmp
- }
- }
-
- return 0
-}
-
-func compareSchemas(a, b []*SchemaAnnotation) int {
- maxLen := len(a)
- if len(b) < maxLen {
- maxLen = len(b)
- }
-
- for i := 0; i < maxLen; i++ {
- if cmp := a[i].Compare(b[i]); cmp != 0 {
- return cmp
- }
- }
-
- if len(a) > len(b) {
- return 1
- } else if len(a) < len(b) {
- return -1
- }
-
- return 0
-}
-
-func compareStringLists(a, b []string) int {
- if len(a) > len(b) {
- return 1
- } else if len(a) < len(b) {
- return -1
- }
-
- for i := 0; i < len(a); i++ {
- if cmp := strings.Compare(a[i], b[i]); cmp != 0 {
- return cmp
- }
- }
-
- return 0
-}
-
-// Copy returns a deep copy of s.
-func (a *Annotations) Copy(node Node) *Annotations {
- cpy := *a
-
- cpy.Organizations = make([]string, len(a.Organizations))
- copy(cpy.Organizations, a.Organizations)
-
- cpy.RelatedResources = make([]*RelatedResourceAnnotation, len(a.RelatedResources))
- for i := range a.RelatedResources {
- cpy.RelatedResources[i] = a.RelatedResources[i].Copy()
- }
-
- cpy.Authors = make([]*AuthorAnnotation, len(a.Authors))
- for i := range a.Authors {
- cpy.Authors[i] = a.Authors[i].Copy()
- }
-
- cpy.Schemas = make([]*SchemaAnnotation, len(a.Schemas))
- for i := range a.Schemas {
- cpy.Schemas[i] = a.Schemas[i].Copy()
- }
-
- cpy.Custom = deepcopy.Map(a.Custom)
-
- cpy.node = node
-
- return &cpy
-}
-
-// toObject constructs an AST Object from the annotation.
-func (a *Annotations) toObject() (*Object, *Error) {
- obj := NewObject()
-
- if a == nil {
- return &obj, nil
- }
-
- if len(a.Scope) > 0 {
- obj.Insert(StringTerm("scope"), StringTerm(a.Scope))
- }
-
- if len(a.Title) > 0 {
- obj.Insert(StringTerm("title"), StringTerm(a.Title))
- }
-
- if a.Entrypoint {
- obj.Insert(StringTerm("entrypoint"), BooleanTerm(true))
- }
-
- if len(a.Description) > 0 {
- obj.Insert(StringTerm("description"), StringTerm(a.Description))
- }
-
- if len(a.Organizations) > 0 {
- orgs := make([]*Term, 0, len(a.Organizations))
- for _, org := range a.Organizations {
- orgs = append(orgs, StringTerm(org))
- }
- obj.Insert(StringTerm("organizations"), ArrayTerm(orgs...))
- }
-
- if len(a.RelatedResources) > 0 {
- rrs := make([]*Term, 0, len(a.RelatedResources))
- for _, rr := range a.RelatedResources {
- rrObj := NewObject(Item(StringTerm("ref"), StringTerm(rr.Ref.String())))
- if len(rr.Description) > 0 {
- rrObj.Insert(StringTerm("description"), StringTerm(rr.Description))
- }
- rrs = append(rrs, NewTerm(rrObj))
- }
- obj.Insert(StringTerm("related_resources"), ArrayTerm(rrs...))
- }
-
- if len(a.Authors) > 0 {
- as := make([]*Term, 0, len(a.Authors))
- for _, author := range a.Authors {
- aObj := NewObject()
- if len(author.Name) > 0 {
- aObj.Insert(StringTerm("name"), StringTerm(author.Name))
- }
- if len(author.Email) > 0 {
- aObj.Insert(StringTerm("email"), StringTerm(author.Email))
- }
- as = append(as, NewTerm(aObj))
- }
- obj.Insert(StringTerm("authors"), ArrayTerm(as...))
- }
-
- if len(a.Schemas) > 0 {
- ss := make([]*Term, 0, len(a.Schemas))
- for _, s := range a.Schemas {
- sObj := NewObject()
- if len(s.Path) > 0 {
- sObj.Insert(StringTerm("path"), NewTerm(s.Path.toArray()))
- }
- if len(s.Schema) > 0 {
- sObj.Insert(StringTerm("schema"), NewTerm(s.Schema.toArray()))
- }
- if s.Definition != nil {
- def, err := InterfaceToValue(s.Definition)
- if err != nil {
- return nil, NewError(CompileErr, a.Location, "invalid definition in schema annotation: %s", err.Error())
- }
- sObj.Insert(StringTerm("definition"), NewTerm(def))
- }
- ss = append(ss, NewTerm(sObj))
- }
- obj.Insert(StringTerm("schemas"), ArrayTerm(ss...))
- }
-
- if len(a.Custom) > 0 {
- c, err := InterfaceToValue(a.Custom)
- if err != nil {
- return nil, NewError(CompileErr, a.Location, "invalid custom annotation %s", err.Error())
- }
- obj.Insert(StringTerm("custom"), NewTerm(c))
- }
-
- return &obj, nil
-}
-
-func attachRuleAnnotations(mod *Module) {
- // make a copy of the annotations
- cpy := make([]*Annotations, len(mod.Annotations))
- for i, a := range mod.Annotations {
- cpy[i] = a.Copy(a.node)
- }
-
- for _, rule := range mod.Rules {
- var j int
- var found bool
- for i, a := range cpy {
- if rule.Ref().GroundPrefix().Equal(a.GetTargetPath()) {
- if a.Scope == annotationScopeDocument {
- rule.Annotations = append(rule.Annotations, a)
- } else if a.Scope == annotationScopeRule && rule.Loc().Row > a.Location.Row {
- j = i
- found = true
- rule.Annotations = append(rule.Annotations, a)
- }
- }
- }
-
- if found && j < len(cpy) {
- cpy = append(cpy[:j], cpy[j+1:]...)
- }
- }
-}
-
-func attachAnnotationsNodes(mod *Module) Errors {
- var errs Errors
-
- // Find first non-annotation statement following each annotation and attach
- // the annotation to that statement.
- for _, a := range mod.Annotations {
- for _, stmt := range mod.stmts {
- _, ok := stmt.(*Annotations)
- if !ok {
- if stmt.Loc().Row > a.Location.Row {
- a.node = stmt
- break
- }
- }
- }
-
- if a.Scope == "" {
- switch a.node.(type) {
- case *Rule:
- if a.Entrypoint {
- a.Scope = annotationScopeDocument
- } else {
- a.Scope = annotationScopeRule
- }
- case *Package:
- a.Scope = annotationScopePackage
- case *Import:
- a.Scope = annotationScopeImport
- }
- }
-
- if err := validateAnnotationScopeAttachment(a); err != nil {
- errs = append(errs, err)
- }
-
- if err := validateAnnotationEntrypointAttachment(a); err != nil {
- errs = append(errs, err)
- }
- }
-
- return errs
-}
-
-func validateAnnotationScopeAttachment(a *Annotations) *Error {
-
- switch a.Scope {
- case annotationScopeRule, annotationScopeDocument:
- if _, ok := a.node.(*Rule); ok {
- return nil
- }
- return newScopeAttachmentErr(a, "rule")
- case annotationScopePackage, annotationScopeSubpackages:
- if _, ok := a.node.(*Package); ok {
- return nil
- }
- return newScopeAttachmentErr(a, "package")
- }
-
- return NewError(ParseErr, a.Loc(), "invalid annotation scope '%v'. Use one of '%s', '%s', '%s', or '%s'",
- a.Scope, annotationScopeRule, annotationScopeDocument, annotationScopePackage, annotationScopeSubpackages)
-}
-
-func validateAnnotationEntrypointAttachment(a *Annotations) *Error {
- if a.Entrypoint && !(a.Scope == annotationScopeDocument || a.Scope == annotationScopePackage) {
- return NewError(
- ParseErr, a.Loc(), "annotation entrypoint applied to non-document or package scope '%v'", a.Scope)
- }
- return nil
-}
-
-// Copy returns a deep copy of a.
-func (a *AuthorAnnotation) Copy() *AuthorAnnotation {
- cpy := *a
- return &cpy
-}
-
-// Compare returns an integer indicating if s is less than, equal to, or greater
-// than other.
-func (a *AuthorAnnotation) Compare(other *AuthorAnnotation) int {
- if cmp := strings.Compare(a.Name, other.Name); cmp != 0 {
- return cmp
- }
-
- if cmp := strings.Compare(a.Email, other.Email); cmp != 0 {
- return cmp
- }
-
- return 0
-}
-
-func (a *AuthorAnnotation) String() string {
- if len(a.Email) == 0 {
- return a.Name
- } else if len(a.Name) == 0 {
- return fmt.Sprintf("<%s>", a.Email)
- }
- return fmt.Sprintf("%s <%s>", a.Name, a.Email)
-}
-
-// Copy returns a deep copy of rr.
-func (rr *RelatedResourceAnnotation) Copy() *RelatedResourceAnnotation {
- cpy := *rr
- return &cpy
-}
-
-// Compare returns an integer indicating if s is less than, equal to, or greater
-// than other.
-func (rr *RelatedResourceAnnotation) Compare(other *RelatedResourceAnnotation) int {
- if cmp := strings.Compare(rr.Description, other.Description); cmp != 0 {
- return cmp
- }
-
- if cmp := strings.Compare(rr.Ref.String(), other.Ref.String()); cmp != 0 {
- return cmp
- }
-
- return 0
-}
-
-func (rr *RelatedResourceAnnotation) String() string {
- bs, _ := json.Marshal(rr)
- return string(bs)
-}
-
-func (rr *RelatedResourceAnnotation) MarshalJSON() ([]byte, error) {
- d := map[string]interface{}{
- "ref": rr.Ref.String(),
- }
-
- if len(rr.Description) > 0 {
- d["description"] = rr.Description
- }
-
- return json.Marshal(d)
-}
-
-// Copy returns a deep copy of s.
-func (s *SchemaAnnotation) Copy() *SchemaAnnotation {
- cpy := *s
- return &cpy
-}
-
-// Compare returns an integer indicating if s is less than, equal to, or greater
-// than other.
-func (s *SchemaAnnotation) Compare(other *SchemaAnnotation) int {
-
- if cmp := s.Path.Compare(other.Path); cmp != 0 {
- return cmp
- }
-
- if cmp := s.Schema.Compare(other.Schema); cmp != 0 {
- return cmp
- }
-
- if s.Definition != nil && other.Definition == nil {
- return -1
- } else if s.Definition == nil && other.Definition != nil {
- return 1
- } else if s.Definition != nil && other.Definition != nil {
- return util.Compare(*s.Definition, *other.Definition)
- }
-
- return 0
-}
-
-func (s *SchemaAnnotation) String() string {
- bs, _ := json.Marshal(s)
- return string(bs)
-}
-
-func newAnnotationSet() *AnnotationSet {
- return &AnnotationSet{
- byRule: map[*Rule][]*Annotations{},
- byPackage: map[int]*Annotations{},
- byPath: newAnnotationTree(),
- }
+ return v1.NewAnnotationsRef(a)
}
func BuildAnnotationSet(modules []*Module) (*AnnotationSet, Errors) {
- as := newAnnotationSet()
- var errs Errors
- for _, m := range modules {
- for _, a := range m.Annotations {
- if err := as.add(a); err != nil {
- errs = append(errs, err)
- }
- }
- }
- if len(errs) > 0 {
- return nil, errs
- }
- as.modules = modules
- return as, nil
-}
-
-// NOTE(philipc): During copy propagation, the underlying Nodes can be
-// stripped away from the annotations, leading to nil deref panics. We
-// silently ignore these cases for now, as a workaround.
-func (as *AnnotationSet) add(a *Annotations) *Error {
- switch a.Scope {
- case annotationScopeRule:
- if rule, ok := a.node.(*Rule); ok {
- as.byRule[rule] = append(as.byRule[rule], a)
- }
- case annotationScopePackage:
- if pkg, ok := a.node.(*Package); ok {
- hash := pkg.Path.Hash()
- if exist, ok := as.byPackage[hash]; ok {
- return errAnnotationRedeclared(a, exist.Location)
- }
- as.byPackage[hash] = a
- }
- case annotationScopeDocument:
- if rule, ok := a.node.(*Rule); ok {
- path := rule.Ref().GroundPrefix()
- x := as.byPath.get(path)
- if x != nil {
- return errAnnotationRedeclared(a, x.Value.Location)
- }
- as.byPath.insert(path, a)
- }
- case annotationScopeSubpackages:
- if pkg, ok := a.node.(*Package); ok {
- x := as.byPath.get(pkg.Path)
- if x != nil && x.Value != nil {
- return errAnnotationRedeclared(a, x.Value.Location)
- }
- as.byPath.insert(pkg.Path, a)
- }
- }
- return nil
-}
-
-func (as *AnnotationSet) GetRuleScope(r *Rule) []*Annotations {
- if as == nil {
- return nil
- }
- return as.byRule[r]
-}
-
-func (as *AnnotationSet) GetSubpackagesScope(path Ref) []*Annotations {
- if as == nil {
- return nil
- }
- return as.byPath.ancestors(path)
-}
-
-func (as *AnnotationSet) GetDocumentScope(path Ref) *Annotations {
- if as == nil {
- return nil
- }
- if node := as.byPath.get(path); node != nil {
- return node.Value
- }
- return nil
-}
-
-func (as *AnnotationSet) GetPackageScope(pkg *Package) *Annotations {
- if as == nil {
- return nil
- }
- return as.byPackage[pkg.Path.Hash()]
-}
-
-// Flatten returns a flattened list view of this AnnotationSet.
-// The returned slice is sorted, first by the annotations' target path, then by their target location
-func (as *AnnotationSet) Flatten() FlatAnnotationsRefSet {
- // This preallocation often won't be optimal, but it's superior to starting with a nil slice.
- refs := make([]*AnnotationsRef, 0, len(as.byPath.Children)+len(as.byRule)+len(as.byPackage))
-
- refs = as.byPath.flatten(refs)
-
- for _, a := range as.byPackage {
- refs = append(refs, NewAnnotationsRef(a))
- }
-
- for _, as := range as.byRule {
- for _, a := range as {
- refs = append(refs, NewAnnotationsRef(a))
- }
- }
-
- // Sort by path, then annotation location, for stable output
- sort.SliceStable(refs, func(i, j int) bool {
- return refs[i].Compare(refs[j]) < 0
- })
-
- return refs
-}
-
-// Chain returns the chain of annotations leading up to the given rule.
-// The returned slice is ordered as follows
-// 0. Entries for the given rule, ordered from the METADATA block declared immediately above the rule, to the block declared farthest away (always at least one entry)
-// 1. The 'document' scope entry, if any
-// 2. The 'package' scope entry, if any
-// 3. Entries for the 'subpackages' scope, if any; ordered from the closest package path to the fartest. E.g.: 'do.re.mi', 'do.re', 'do'
-// The returned slice is guaranteed to always contain at least one entry, corresponding to the given rule.
-func (as *AnnotationSet) Chain(rule *Rule) AnnotationsRefSet {
- var refs []*AnnotationsRef
-
- ruleAnnots := as.GetRuleScope(rule)
-
- if len(ruleAnnots) >= 1 {
- for _, a := range ruleAnnots {
- refs = append(refs, NewAnnotationsRef(a))
- }
- } else {
- // Make sure there is always a leading entry representing the passed rule, even if it has no annotations
- refs = append(refs, &AnnotationsRef{
- Location: rule.Location,
- Path: rule.Ref().GroundPrefix(),
- node: rule,
- })
- }
-
- if len(refs) > 1 {
- // Sort by annotation location; chain must start with annotations declared closest to rule, then going outward
- sort.SliceStable(refs, func(i, j int) bool {
- return refs[i].Annotations.Location.Compare(refs[j].Annotations.Location) > 0
- })
- }
-
- docAnnots := as.GetDocumentScope(rule.Ref().GroundPrefix())
- if docAnnots != nil {
- refs = append(refs, NewAnnotationsRef(docAnnots))
- }
-
- pkg := rule.Module.Package
- pkgAnnots := as.GetPackageScope(pkg)
- if pkgAnnots != nil {
- refs = append(refs, NewAnnotationsRef(pkgAnnots))
- }
-
- subPkgAnnots := as.GetSubpackagesScope(pkg.Path)
- // We need to reverse the order, as subPkgAnnots ordering will start at the root,
- // whereas we want to end at the root.
- for i := len(subPkgAnnots) - 1; i >= 0; i-- {
- refs = append(refs, NewAnnotationsRef(subPkgAnnots[i]))
- }
-
- return refs
-}
-
-func (ars FlatAnnotationsRefSet) Insert(ar *AnnotationsRef) FlatAnnotationsRefSet {
- result := make(FlatAnnotationsRefSet, 0, len(ars)+1)
-
- // insertion sort, first by path, then location
- for i, current := range ars {
- if ar.Compare(current) < 0 {
- result = append(result, ar)
- result = append(result, ars[i:]...)
- break
- }
- result = append(result, current)
- }
-
- if len(result) < len(ars)+1 {
- result = append(result, ar)
- }
-
- return result
-}
-
-func newAnnotationTree() *annotationTreeNode {
- return &annotationTreeNode{
- Value: nil,
- Children: map[Value]*annotationTreeNode{},
- }
-}
-
-func (t *annotationTreeNode) insert(path Ref, value *Annotations) {
- node := t
- for _, k := range path {
- child, ok := node.Children[k.Value]
- if !ok {
- child = newAnnotationTree()
- node.Children[k.Value] = child
- }
- node = child
- }
- node.Value = value
-}
-
-func (t *annotationTreeNode) get(path Ref) *annotationTreeNode {
- node := t
- for _, k := range path {
- if node == nil {
- return nil
- }
- child, ok := node.Children[k.Value]
- if !ok {
- return nil
- }
- node = child
- }
- return node
-}
-
-// ancestors returns a slice of annotations in ascending order, starting with the root of ref; e.g.: 'root', 'root.foo', 'root.foo.bar'.
-func (t *annotationTreeNode) ancestors(path Ref) (result []*Annotations) {
- node := t
- for _, k := range path {
- if node == nil {
- return result
- }
- child, ok := node.Children[k.Value]
- if !ok {
- return result
- }
- if child.Value != nil {
- result = append(result, child.Value)
- }
- node = child
- }
- return result
-}
-
-func (t *annotationTreeNode) flatten(refs []*AnnotationsRef) []*AnnotationsRef {
- if a := t.Value; a != nil {
- refs = append(refs, NewAnnotationsRef(a))
- }
- for _, c := range t.Children {
- refs = c.flatten(refs)
- }
- return refs
-}
-
-func (ar *AnnotationsRef) Compare(other *AnnotationsRef) int {
- if c := ar.Path.Compare(other.Path); c != 0 {
- return c
- }
-
- if c := ar.Annotations.Location.Compare(other.Annotations.Location); c != 0 {
- return c
- }
-
- return ar.Annotations.Compare(other.Annotations)
+ return v1.BuildAnnotationSet(modules)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/builtins.go b/vendor/github.com/open-policy-agent/opa/ast/builtins.go
index f54d91d317..d0ab69a163 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/builtins.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/builtins.go
@@ -5,1348 +5,230 @@
package ast
import (
- "strings"
-
- "github.com/open-policy-agent/opa/types"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// Builtins is the registry of built-in functions supported by OPA.
// Call RegisterBuiltin to add a new built-in.
-var Builtins []*Builtin
+var Builtins = v1.Builtins
// RegisterBuiltin adds a new built-in function to the registry.
func RegisterBuiltin(b *Builtin) {
- Builtins = append(Builtins, b)
- BuiltinMap[b.Name] = b
- if len(b.Infix) > 0 {
- BuiltinMap[b.Infix] = b
- }
+ v1.RegisterBuiltin(b)
}
// DefaultBuiltins is the registry of built-in functions supported in OPA
// by default. When adding a new built-in function to OPA, update this
// list.
-var DefaultBuiltins = [...]*Builtin{
- // Unification/equality ("=")
- Equality,
-
- // Assignment (":=")
- Assign,
-
- // Membership, infix "in": `x in xs`
- Member,
- MemberWithKey,
-
- // Comparisons
- GreaterThan,
- GreaterThanEq,
- LessThan,
- LessThanEq,
- NotEqual,
- Equal,
-
- // Arithmetic
- Plus,
- Minus,
- Multiply,
- Divide,
- Ceil,
- Floor,
- Round,
- Abs,
- Rem,
-
- // Bitwise Arithmetic
- BitsOr,
- BitsAnd,
- BitsNegate,
- BitsXOr,
- BitsShiftLeft,
- BitsShiftRight,
-
- // Binary
- And,
- Or,
-
- // Aggregates
- Count,
- Sum,
- Product,
- Max,
- Min,
- Any,
- All,
-
- // Arrays
- ArrayConcat,
- ArraySlice,
- ArrayReverse,
-
- // Conversions
- ToNumber,
-
- // Casts (DEPRECATED)
- CastObject,
- CastNull,
- CastBoolean,
- CastString,
- CastSet,
- CastArray,
-
- // Regular Expressions
- RegexIsValid,
- RegexMatch,
- RegexMatchDeprecated,
- RegexSplit,
- GlobsMatch,
- RegexTemplateMatch,
- RegexFind,
- RegexFindAllStringSubmatch,
- RegexReplace,
-
- // Sets
- SetDiff,
- Intersection,
- Union,
-
- // Strings
- AnyPrefixMatch,
- AnySuffixMatch,
- Concat,
- FormatInt,
- IndexOf,
- IndexOfN,
- Substring,
- Lower,
- Upper,
- Contains,
- StringCount,
- StartsWith,
- EndsWith,
- Split,
- Replace,
- ReplaceN,
- Trim,
- TrimLeft,
- TrimPrefix,
- TrimRight,
- TrimSuffix,
- TrimSpace,
- Sprintf,
- StringReverse,
- RenderTemplate,
-
- // Numbers
- NumbersRange,
- NumbersRangeStep,
- RandIntn,
-
- // Encoding
- JSONMarshal,
- JSONMarshalWithOptions,
- JSONUnmarshal,
- JSONIsValid,
- Base64Encode,
- Base64Decode,
- Base64IsValid,
- Base64UrlEncode,
- Base64UrlEncodeNoPad,
- Base64UrlDecode,
- URLQueryDecode,
- URLQueryEncode,
- URLQueryEncodeObject,
- URLQueryDecodeObject,
- YAMLMarshal,
- YAMLUnmarshal,
- YAMLIsValid,
- HexEncode,
- HexDecode,
-
- // Object Manipulation
- ObjectUnion,
- ObjectUnionN,
- ObjectRemove,
- ObjectFilter,
- ObjectGet,
- ObjectKeys,
- ObjectSubset,
-
- // JSON Object Manipulation
- JSONFilter,
- JSONRemove,
- JSONPatch,
-
- // Tokens
- JWTDecode,
- JWTVerifyRS256,
- JWTVerifyRS384,
- JWTVerifyRS512,
- JWTVerifyPS256,
- JWTVerifyPS384,
- JWTVerifyPS512,
- JWTVerifyES256,
- JWTVerifyES384,
- JWTVerifyES512,
- JWTVerifyHS256,
- JWTVerifyHS384,
- JWTVerifyHS512,
- JWTDecodeVerify,
- JWTEncodeSignRaw,
- JWTEncodeSign,
-
- // Time
- NowNanos,
- ParseNanos,
- ParseRFC3339Nanos,
- ParseDurationNanos,
- Format,
- Date,
- Clock,
- Weekday,
- AddDate,
- Diff,
-
- // Crypto
- CryptoX509ParseCertificates,
- CryptoX509ParseAndVerifyCertificates,
- CryptoX509ParseAndVerifyCertificatesWithOptions,
- CryptoMd5,
- CryptoSha1,
- CryptoSha256,
- CryptoX509ParseCertificateRequest,
- CryptoX509ParseRSAPrivateKey,
- CryptoX509ParseKeyPair,
- CryptoParsePrivateKeys,
- CryptoHmacMd5,
- CryptoHmacSha1,
- CryptoHmacSha256,
- CryptoHmacSha512,
- CryptoHmacEqual,
-
- // Graphs
- WalkBuiltin,
- ReachableBuiltin,
- ReachablePathsBuiltin,
-
- // Sort
- Sort,
-
- // Types
- IsNumber,
- IsString,
- IsBoolean,
- IsArray,
- IsSet,
- IsObject,
- IsNull,
- TypeNameBuiltin,
-
- // HTTP
- HTTPSend,
-
- // GraphQL
- GraphQLParse,
- GraphQLParseAndVerify,
- GraphQLParseQuery,
- GraphQLParseSchema,
- GraphQLIsValid,
- GraphQLSchemaIsValid,
-
- // JSON Schema
- JSONSchemaVerify,
- JSONMatchSchema,
-
- // Cloud Provider Helpers
- ProvidersAWSSignReqObj,
-
- // Rego
- RegoParseModule,
- RegoMetadataChain,
- RegoMetadataRule,
-
- // OPA
- OPARuntime,
-
- // Tracing
- Trace,
-
- // Networking
- NetCIDROverlap,
- NetCIDRIntersects,
- NetCIDRContains,
- NetCIDRContainsMatches,
- NetCIDRExpand,
- NetCIDRMerge,
- NetLookupIPAddr,
- NetCIDRIsValid,
-
- // Glob
- GlobMatch,
- GlobQuoteMeta,
-
- // Units
- UnitsParse,
- UnitsParseBytes,
-
- // UUIDs
- UUIDRFC4122,
- UUIDParse,
-
- // SemVers
- SemVerIsValid,
- SemVerCompare,
-
- // Printing
- Print,
- InternalPrint,
-}
+var DefaultBuiltins = v1.DefaultBuiltins
// BuiltinMap provides a convenient mapping of built-in names to
// built-in definitions.
-var BuiltinMap map[string]*Builtin
+var BuiltinMap = v1.BuiltinMap
// Deprecated: Builtins can now be directly annotated with the
// Nondeterministic property, and when set to true, will be ignored
// for partial evaluation.
-var IgnoreDuringPartialEval = []*Builtin{
- RandIntn,
- UUIDRFC4122,
- JWTDecodeVerify,
- JWTEncodeSignRaw,
- JWTEncodeSign,
- NowNanos,
- HTTPSend,
- OPARuntime,
- NetLookupIPAddr,
-}
+var IgnoreDuringPartialEval = v1.IgnoreDuringPartialEval
/**
* Unification
*/
// Equality represents the "=" operator.
-var Equality = &Builtin{
- Name: "eq",
- Infix: "=",
- Decl: types.NewFunction(
- types.Args(types.A, types.A),
- types.B,
- ),
-}
+var Equality = v1.Equality
/**
* Assignment
*/
// Assign represents the assignment (":=") operator.
-var Assign = &Builtin{
- Name: "assign",
- Infix: ":=",
- Decl: types.NewFunction(
- types.Args(types.A, types.A),
- types.B,
- ),
-}
+var Assign = v1.Assign
// Member represents the `in` (infix) operator.
-var Member = &Builtin{
- Name: "internal.member_2",
- Infix: "in",
- Decl: types.NewFunction(
- types.Args(
- types.A,
- types.A,
- ),
- types.B,
- ),
-}
+var Member = v1.Member
// MemberWithKey represents the `in` (infix) operator when used
// with two terms on the lhs, i.e., `k, v in obj`.
-var MemberWithKey = &Builtin{
- Name: "internal.member_3",
- Infix: "in",
- Decl: types.NewFunction(
- types.Args(
- types.A,
- types.A,
- types.A,
- ),
- types.B,
- ),
-}
+var MemberWithKey = v1.MemberWithKey
-/**
- * Comparisons
- */
-var comparison = category("comparison")
-
-var GreaterThan = &Builtin{
- Name: "gt",
- Infix: ">",
- Categories: comparison,
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- types.Named("y", types.A),
- ),
- types.Named("result", types.B).Description("true if `x` is greater than `y`; false otherwise"),
- ),
-}
+var GreaterThan = v1.GreaterThan
-var GreaterThanEq = &Builtin{
- Name: "gte",
- Infix: ">=",
- Categories: comparison,
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- types.Named("y", types.A),
- ),
- types.Named("result", types.B).Description("true if `x` is greater or equal to `y`; false otherwise"),
- ),
-}
+var GreaterThanEq = v1.GreaterThanEq
// LessThan represents the "<" comparison operator.
-var LessThan = &Builtin{
- Name: "lt",
- Infix: "<",
- Categories: comparison,
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- types.Named("y", types.A),
- ),
- types.Named("result", types.B).Description("true if `x` is less than `y`; false otherwise"),
- ),
-}
+var LessThan = v1.LessThan
-var LessThanEq = &Builtin{
- Name: "lte",
- Infix: "<=",
- Categories: comparison,
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- types.Named("y", types.A),
- ),
- types.Named("result", types.B).Description("true if `x` is less than or equal to `y`; false otherwise"),
- ),
-}
+var LessThanEq = v1.LessThanEq
-var NotEqual = &Builtin{
- Name: "neq",
- Infix: "!=",
- Categories: comparison,
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- types.Named("y", types.A),
- ),
- types.Named("result", types.B).Description("true if `x` is not equal to `y`; false otherwise"),
- ),
-}
+var NotEqual = v1.NotEqual
// Equal represents the "==" comparison operator.
-var Equal = &Builtin{
- Name: "equal",
- Infix: "==",
- Categories: comparison,
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- types.Named("y", types.A),
- ),
- types.Named("result", types.B).Description("true if `x` is equal to `y`; false otherwise"),
- ),
-}
+var Equal = v1.Equal
-/**
- * Arithmetic
- */
-var number = category("numbers")
-
-var Plus = &Builtin{
- Name: "plus",
- Infix: "+",
- Description: "Plus adds two numbers together.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- types.Named("y", types.N),
- ),
- types.Named("z", types.N).Description("the sum of `x` and `y`"),
- ),
- Categories: number,
-}
+var Plus = v1.Plus
-var Minus = &Builtin{
- Name: "minus",
- Infix: "-",
- Description: "Minus subtracts the second number from the first number or computes the difference between two sets.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.NewAny(types.N, types.NewSet(types.A))),
- types.Named("y", types.NewAny(types.N, types.NewSet(types.A))),
- ),
- types.Named("z", types.NewAny(types.N, types.NewSet(types.A))).Description("the difference of `x` and `y`"),
- ),
- Categories: category("sets", "numbers"),
-}
+var Minus = v1.Minus
-var Multiply = &Builtin{
- Name: "mul",
- Infix: "*",
- Description: "Multiplies two numbers.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- types.Named("y", types.N),
- ),
- types.Named("z", types.N).Description("the product of `x` and `y`"),
- ),
- Categories: number,
-}
+var Multiply = v1.Multiply
-var Divide = &Builtin{
- Name: "div",
- Infix: "/",
- Description: "Divides the first number by the second number.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N).Description("the dividend"),
- types.Named("y", types.N).Description("the divisor"),
- ),
- types.Named("z", types.N).Description("the result of `x` divided by `y`"),
- ),
- Categories: number,
-}
+var Divide = v1.Divide
-var Round = &Builtin{
- Name: "round",
- Description: "Rounds the number to the nearest integer.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N).Description("the number to round"),
- ),
- types.Named("y", types.N).Description("the result of rounding `x`"),
- ),
- Categories: number,
-}
+var Round = v1.Round
-var Ceil = &Builtin{
- Name: "ceil",
- Description: "Rounds the number _up_ to the nearest integer.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N).Description("the number to round"),
- ),
- types.Named("y", types.N).Description("the result of rounding `x` _up_"),
- ),
- Categories: number,
-}
+var Ceil = v1.Ceil
-var Floor = &Builtin{
- Name: "floor",
- Description: "Rounds the number _down_ to the nearest integer.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N).Description("the number to round"),
- ),
- types.Named("y", types.N).Description("the result of rounding `x` _down_"),
- ),
- Categories: number,
-}
+var Floor = v1.Floor
-var Abs = &Builtin{
- Name: "abs",
- Description: "Returns the number without its sign.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- ),
- types.Named("y", types.N).Description("the absolute value of `x`"),
- ),
- Categories: number,
-}
+var Abs = v1.Abs
-var Rem = &Builtin{
- Name: "rem",
- Infix: "%",
- Description: "Returns the remainder for of `x` divided by `y`, for `y != 0`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- types.Named("y", types.N),
- ),
- types.Named("z", types.N).Description("the remainder"),
- ),
- Categories: number,
-}
+var Rem = v1.Rem
/**
* Bitwise
*/
-var BitsOr = &Builtin{
- Name: "bits.or",
- Description: "Returns the bitwise \"OR\" of two integers.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- types.Named("y", types.N),
- ),
- types.Named("z", types.N),
- ),
-}
+var BitsOr = v1.BitsOr
-var BitsAnd = &Builtin{
- Name: "bits.and",
- Description: "Returns the bitwise \"AND\" of two integers.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- types.Named("y", types.N),
- ),
- types.Named("z", types.N),
- ),
-}
+var BitsAnd = v1.BitsAnd
-var BitsNegate = &Builtin{
- Name: "bits.negate",
- Description: "Returns the bitwise negation (flip) of an integer.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- ),
- types.Named("z", types.N),
- ),
-}
+var BitsNegate = v1.BitsNegate
-var BitsXOr = &Builtin{
- Name: "bits.xor",
- Description: "Returns the bitwise \"XOR\" (exclusive-or) of two integers.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- types.Named("y", types.N),
- ),
- types.Named("z", types.N),
- ),
-}
+var BitsXOr = v1.BitsXOr
-var BitsShiftLeft = &Builtin{
- Name: "bits.lsh",
- Description: "Returns a new integer with its bits shifted `s` bits to the left.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- types.Named("s", types.N),
- ),
- types.Named("z", types.N),
- ),
-}
+var BitsShiftLeft = v1.BitsShiftLeft
-var BitsShiftRight = &Builtin{
- Name: "bits.rsh",
- Description: "Returns a new integer with its bits shifted `s` bits to the right.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.N),
- types.Named("s", types.N),
- ),
- types.Named("z", types.N),
- ),
-}
+var BitsShiftRight = v1.BitsShiftRight
/**
* Sets
*/
-var sets = category("sets")
-
-var And = &Builtin{
- Name: "and",
- Infix: "&",
- Description: "Returns the intersection of two sets.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.NewSet(types.A)),
- types.Named("y", types.NewSet(types.A)),
- ),
- types.Named("z", types.NewSet(types.A)).Description("the intersection of `x` and `y`"),
- ),
- Categories: sets,
-}
+var And = v1.And
// Or performs a union operation on sets.
-var Or = &Builtin{
- Name: "or",
- Infix: "|",
- Description: "Returns the union of two sets.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.NewSet(types.A)),
- types.Named("y", types.NewSet(types.A)),
- ),
- types.Named("z", types.NewSet(types.A)).Description("the union of `x` and `y`"),
- ),
- Categories: sets,
-}
+var Or = v1.Or
-var Intersection = &Builtin{
- Name: "intersection",
- Description: "Returns the intersection of the given input sets.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("xs", types.NewSet(types.NewSet(types.A))).Description("set of sets to intersect"),
- ),
- types.Named("y", types.NewSet(types.A)).Description("the intersection of all `xs` sets"),
- ),
- Categories: sets,
-}
+var Intersection = v1.Intersection
-var Union = &Builtin{
- Name: "union",
- Description: "Returns the union of the given input sets.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("xs", types.NewSet(types.NewSet(types.A))).Description("set of sets to merge"),
- ),
- types.Named("y", types.NewSet(types.A)).Description("the union of all `xs` sets"),
- ),
- Categories: sets,
-}
+var Union = v1.Union
/**
* Aggregates
*/
-var aggregates = category("aggregates")
-
-var Count = &Builtin{
- Name: "count",
- Description: " Count takes a collection or string and returns the number of elements (or characters) in it.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("collection", types.NewAny(
- types.NewSet(types.A),
- types.NewArray(nil, types.A),
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- types.S,
- )).Description("the set/array/object/string to be counted"),
- ),
- types.Named("n", types.N).Description("the count of elements, key/val pairs, or characters, respectively."),
- ),
- Categories: aggregates,
-}
+var Count = v1.Count
-var Sum = &Builtin{
- Name: "sum",
- Description: "Sums elements of an array or set of numbers.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("collection", types.NewAny(
- types.NewSet(types.N),
- types.NewArray(nil, types.N),
- )),
- ),
- types.Named("n", types.N).Description("the sum of all elements"),
- ),
- Categories: aggregates,
-}
+var Sum = v1.Sum
-var Product = &Builtin{
- Name: "product",
- Description: "Muliplies elements of an array or set of numbers",
- Decl: types.NewFunction(
- types.Args(
- types.Named("collection", types.NewAny(
- types.NewSet(types.N),
- types.NewArray(nil, types.N),
- )),
- ),
- types.Named("n", types.N).Description("the product of all elements"),
- ),
- Categories: aggregates,
-}
+var Product = v1.Product
-var Max = &Builtin{
- Name: "max",
- Description: "Returns the maximum value in a collection.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("collection", types.NewAny(
- types.NewSet(types.A),
- types.NewArray(nil, types.A),
- )),
- ),
- types.Named("n", types.A).Description("the maximum of all elements"),
- ),
- Categories: aggregates,
-}
+var Max = v1.Max
-var Min = &Builtin{
- Name: "min",
- Description: "Returns the minimum value in a collection.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("collection", types.NewAny(
- types.NewSet(types.A),
- types.NewArray(nil, types.A),
- )),
- ),
- types.Named("n", types.A).Description("the minimum of all elements"),
- ),
- Categories: aggregates,
-}
+var Min = v1.Min
/**
* Sorting
*/
-var Sort = &Builtin{
- Name: "sort",
- Description: "Returns a sorted array.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("collection", types.NewAny(
- types.NewArray(nil, types.A),
- types.NewSet(types.A),
- )).Description("the array or set to be sorted"),
- ),
- types.Named("n", types.NewArray(nil, types.A)).Description("the sorted array"),
- ),
- Categories: aggregates,
-}
+var Sort = v1.Sort
/**
* Arrays
*/
-var ArrayConcat = &Builtin{
- Name: "array.concat",
- Description: "Concatenates two arrays.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.NewArray(nil, types.A)),
- types.Named("y", types.NewArray(nil, types.A)),
- ),
- types.Named("z", types.NewArray(nil, types.A)).Description("the concatenation of `x` and `y`"),
- ),
-}
+var ArrayConcat = v1.ArrayConcat
-var ArraySlice = &Builtin{
- Name: "array.slice",
- Description: "Returns a slice of a given array. If `start` is greater or equal than `stop`, `slice` is `[]`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("arr", types.NewArray(nil, types.A)).Description("the array to be sliced"),
- types.Named("start", types.NewNumber()).Description("the start index of the returned slice; if less than zero, it's clamped to 0"),
- types.Named("stop", types.NewNumber()).Description("the stop index of the returned slice; if larger than `count(arr)`, it's clamped to `count(arr)`"),
- ),
- types.Named("slice", types.NewArray(nil, types.A)).Description("the subslice of `array`, from `start` to `end`, including `arr[start]`, but excluding `arr[end]`"),
- ),
-} // NOTE(sr): this function really needs examples
-
-var ArrayReverse = &Builtin{
- Name: "array.reverse",
- Description: "Returns the reverse of a given array.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("arr", types.NewArray(nil, types.A)).Description("the array to be reversed"),
- ),
- types.Named("rev", types.NewArray(nil, types.A)).Description("an array containing the elements of `arr` in reverse order"),
- ),
-}
+var ArraySlice = v1.ArraySlice
+
+var ArrayReverse = v1.ArrayReverse
/**
* Conversions
*/
-var conversions = category("conversions")
-
-var ToNumber = &Builtin{
- Name: "to_number",
- Description: "Converts a string, bool, or number value to a number: Strings are converted to numbers using `strconv.Atoi`, Boolean `false` is converted to 0 and `true` is converted to 1.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.NewAny(
- types.N,
- types.S,
- types.B,
- types.NewNull(),
- )),
- ),
- types.Named("num", types.N),
- ),
- Categories: conversions,
-}
+
+var ToNumber = v1.ToNumber
/**
* Regular Expressions
*/
-var RegexMatch = &Builtin{
- Name: "regex.match",
- Description: "Matches a string against a regular expression.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("pattern", types.S).Description("regular expression"),
- types.Named("value", types.S).Description("value to match against `pattern`"),
- ),
- types.Named("result", types.B),
- ),
-}
+var RegexMatch = v1.RegexMatch
-var RegexIsValid = &Builtin{
- Name: "regex.is_valid",
- Description: "Checks if a string is a valid regular expression: the detailed syntax for patterns is defined by https://github.com/google/re2/wiki/Syntax.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("pattern", types.S).Description("regular expression"),
- ),
- types.Named("result", types.B),
- ),
-}
+var RegexIsValid = v1.RegexIsValid
-var RegexFindAllStringSubmatch = &Builtin{
- Name: "regex.find_all_string_submatch_n",
- Description: "Returns all successive matches of the expression.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("pattern", types.S).Description("regular expression"),
- types.Named("value", types.S).Description("string to match"),
- types.Named("number", types.N).Description("number of matches to return; `-1` means all matches"),
- ),
- types.Named("output", types.NewArray(nil, types.NewArray(nil, types.S))),
- ),
-}
+var RegexFindAllStringSubmatch = v1.RegexFindAllStringSubmatch
-var RegexTemplateMatch = &Builtin{
- Name: "regex.template_match",
- Description: "Matches a string against a pattern, where there pattern may be glob-like",
- Decl: types.NewFunction(
- types.Args(
- types.Named("template", types.S).Description("template expression containing `0..n` regular expressions"),
- types.Named("value", types.S).Description("string to match"),
- types.Named("delimiter_start", types.S).Description("start delimiter of the regular expression in `template`"),
- types.Named("delimiter_end", types.S).Description("end delimiter of the regular expression in `template`"),
- ),
- types.Named("result", types.B),
- ),
-} // TODO(sr): example:`regex.template_match("urn:foo:{.*}", "urn:foo:bar:baz", "{", "}")`` returns ``true``.
-
-var RegexSplit = &Builtin{
- Name: "regex.split",
- Description: "Splits the input string by the occurrences of the given pattern.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("pattern", types.S).Description("regular expression"),
- types.Named("value", types.S).Description("string to match"),
- ),
- types.Named("output", types.NewArray(nil, types.S)).Description("the parts obtained by splitting `value`"),
- ),
-}
+var RegexTemplateMatch = v1.RegexTemplateMatch
+
+var RegexSplit = v1.RegexSplit
// RegexFind takes two strings and a number, the pattern, the value and number of match values to
// return, -1 means all match values.
-var RegexFind = &Builtin{
- Name: "regex.find_n",
- Description: "Returns the specified number of matches when matching the input against the pattern.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("pattern", types.S).Description("regular expression"),
- types.Named("value", types.S).Description("string to match"),
- types.Named("number", types.N).Description("number of matches to return, if `-1`, returns all matches"),
- ),
- types.Named("output", types.NewArray(nil, types.S)).Description("collected matches"),
- ),
-}
+var RegexFind = v1.RegexFind
// GlobsMatch takes two strings regexp-style strings and evaluates to true if their
// intersection matches a non-empty set of non-empty strings.
// Examples:
// - "a.a." and ".b.b" -> true.
// - "[a-z]*" and [0-9]+" -> not true.
-var GlobsMatch = &Builtin{
- Name: "regex.globs_match",
- Description: `Checks if the intersection of two glob-style regular expressions matches a non-empty set of non-empty strings.
-The set of regex symbols is limited for this builtin: only ` + "`.`, `*`, `+`, `[`, `-`, `]` and `\\` are treated as special symbols.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("glob1", types.S),
- types.Named("glob2", types.S),
- ),
- types.Named("result", types.B),
- ),
-}
+var GlobsMatch = v1.GlobsMatch
/**
* Strings
*/
-var stringsCat = category("strings")
-
-var AnyPrefixMatch = &Builtin{
- Name: "strings.any_prefix_match",
- Description: "Returns true if any of the search strings begins with any of the base strings.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("search", types.NewAny(
- types.S,
- types.NewSet(types.S),
- types.NewArray(nil, types.S),
- )).Description("search string(s)"),
- types.Named("base", types.NewAny(
- types.S,
- types.NewSet(types.S),
- types.NewArray(nil, types.S),
- )).Description("base string(s)"),
- ),
- types.Named("result", types.B).Description("result of the prefix check"),
- ),
- Categories: stringsCat,
-}
-var AnySuffixMatch = &Builtin{
- Name: "strings.any_suffix_match",
- Description: "Returns true if any of the search strings ends with any of the base strings.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("search", types.NewAny(
- types.S,
- types.NewSet(types.S),
- types.NewArray(nil, types.S),
- )).Description("search string(s)"),
- types.Named("base", types.NewAny(
- types.S,
- types.NewSet(types.S),
- types.NewArray(nil, types.S),
- )).Description("base string(s)"),
- ),
- types.Named("result", types.B).Description("result of the suffix check"),
- ),
- Categories: stringsCat,
-}
+var AnyPrefixMatch = v1.AnyPrefixMatch
-var Concat = &Builtin{
- Name: "concat",
- Description: "Joins a set or array of strings with a delimiter.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("delimiter", types.S),
- types.Named("collection", types.NewAny(
- types.NewSet(types.S),
- types.NewArray(nil, types.S),
- )).Description("strings to join"),
- ),
- types.Named("output", types.S),
- ),
- Categories: stringsCat,
-}
+var AnySuffixMatch = v1.AnySuffixMatch
-var FormatInt = &Builtin{
- Name: "format_int",
- Description: "Returns the string representation of the number in the given base after rounding it down to an integer value.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("number", types.N).Description("number to format"),
- types.Named("base", types.N).Description("base of number representation to use"),
- ),
- types.Named("output", types.S).Description("formatted number"),
- ),
- Categories: stringsCat,
-}
+var Concat = v1.Concat
-var IndexOf = &Builtin{
- Name: "indexof",
- Description: "Returns the index of a substring contained inside a string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("haystack", types.S).Description("string to search in"),
- types.Named("needle", types.S).Description("substring to look for"),
- ),
- types.Named("output", types.N).Description("index of first occurrence, `-1` if not found"),
- ),
- Categories: stringsCat,
-}
+var FormatInt = v1.FormatInt
-var IndexOfN = &Builtin{
- Name: "indexof_n",
- Description: "Returns a list of all the indexes of a substring contained inside a string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("haystack", types.S).Description("string to search in"),
- types.Named("needle", types.S).Description("substring to look for"),
- ),
- types.Named("output", types.NewArray(nil, types.N)).Description("all indices at which `needle` occurs in `haystack`, may be empty"),
- ),
- Categories: stringsCat,
-}
+var IndexOf = v1.IndexOf
-var Substring = &Builtin{
- Name: "substring",
- Description: "Returns the portion of a string for a given `offset` and a `length`. If `length < 0`, `output` is the remainder of the string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("value", types.S),
- types.Named("offset", types.N).Description("offset, must be positive"),
- types.Named("length", types.N).Description("length of the substring starting from `offset`"),
- ),
- types.Named("output", types.S).Description("substring of `value` from `offset`, of length `length`"),
- ),
- Categories: stringsCat,
-}
+var IndexOfN = v1.IndexOfN
-var Contains = &Builtin{
- Name: "contains",
- Description: "Returns `true` if the search string is included in the base string",
- Decl: types.NewFunction(
- types.Args(
- types.Named("haystack", types.S).Description("string to search in"),
- types.Named("needle", types.S).Description("substring to look for"),
- ),
- types.Named("result", types.B).Description("result of the containment check"),
- ),
- Categories: stringsCat,
-}
+var Substring = v1.Substring
-var StringCount = &Builtin{
- Name: "strings.count",
- Description: "Returns the number of non-overlapping instances of a substring in a string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("search", types.S).Description("string to search in"),
- types.Named("substring", types.S).Description("substring to look for"),
- ),
- types.Named("output", types.N).Description("count of occurrences, `0` if not found"),
- ),
- Categories: stringsCat,
-}
+var Contains = v1.Contains
-var StartsWith = &Builtin{
- Name: "startswith",
- Description: "Returns true if the search string begins with the base string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("search", types.S).Description("search string"),
- types.Named("base", types.S).Description("base string"),
- ),
- types.Named("result", types.B).Description("result of the prefix check"),
- ),
- Categories: stringsCat,
-}
+var StringCount = v1.StringCount
-var EndsWith = &Builtin{
- Name: "endswith",
- Description: "Returns true if the search string ends with the base string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("search", types.S).Description("search string"),
- types.Named("base", types.S).Description("base string"),
- ),
- types.Named("result", types.B).Description("result of the suffix check"),
- ),
- Categories: stringsCat,
-}
+var StartsWith = v1.StartsWith
-var Lower = &Builtin{
- Name: "lower",
- Description: "Returns the input string but with all characters in lower-case.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("string that is converted to lower-case"),
- ),
- types.Named("y", types.S).Description("lower-case of x"),
- ),
- Categories: stringsCat,
-}
+var EndsWith = v1.EndsWith
-var Upper = &Builtin{
- Name: "upper",
- Description: "Returns the input string but with all characters in upper-case.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("string that is converted to upper-case"),
- ),
- types.Named("y", types.S).Description("upper-case of x"),
- ),
- Categories: stringsCat,
-}
+var Lower = v1.Lower
-var Split = &Builtin{
- Name: "split",
- Description: "Split returns an array containing elements of the input string split on a delimiter.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("string that is split"),
- types.Named("delimiter", types.S).Description("delimiter used for splitting"),
- ),
- types.Named("ys", types.NewArray(nil, types.S)).Description("split parts"),
- ),
- Categories: stringsCat,
-}
+var Upper = v1.Upper
-var Replace = &Builtin{
- Name: "replace",
- Description: "Replace replaces all instances of a sub-string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("string being processed"),
- types.Named("old", types.S).Description("substring to replace"),
- types.Named("new", types.S).Description("string to replace `old` with"),
- ),
- types.Named("y", types.S).Description("string with replaced substrings"),
- ),
- Categories: stringsCat,
-}
+var Split = v1.Split
-var ReplaceN = &Builtin{
- Name: "strings.replace_n",
- Description: `Replaces a string from a list of old, new string pairs.
-Replacements are performed in the order they appear in the target string, without overlapping matches.
-The old string comparisons are done in argument order.`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("patterns", types.NewObject(
- nil,
- types.NewDynamicProperty(
- types.S,
- types.S)),
- ).Description("replacement pairs"),
- types.Named("value", types.S).Description("string to replace substring matches in"),
- ),
- types.Named("output", types.S),
- ),
-}
+var Replace = v1.Replace
-var RegexReplace = &Builtin{
- Name: "regex.replace",
- Description: `Find and replaces the text using the regular expression pattern.`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("s", types.S).Description("string being processed"),
- types.Named("pattern", types.S).Description("regex pattern to be applied"),
- types.Named("value", types.S).Description("regex value"),
- ),
- types.Named("output", types.S),
- ),
-}
+var ReplaceN = v1.ReplaceN
-var Trim = &Builtin{
- Name: "trim",
- Description: "Returns `value` with all leading or trailing instances of the `cutset` characters removed.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("value", types.S).Description("string to trim"),
- types.Named("cutset", types.S).Description("string of characters that are cut off"),
- ),
- types.Named("output", types.S).Description("string trimmed of `cutset` characters"),
- ),
- Categories: stringsCat,
-}
+var RegexReplace = v1.RegexReplace
-var TrimLeft = &Builtin{
- Name: "trim_left",
- Description: "Returns `value` with all leading instances of the `cutset` characters removed.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("value", types.S).Description("string to trim"),
- types.Named("cutset", types.S).Description("string of characters that are cut off on the left"),
- ),
- types.Named("output", types.S).Description("string left-trimmed of `cutset` characters"),
- ),
- Categories: stringsCat,
-}
+var Trim = v1.Trim
-var TrimPrefix = &Builtin{
- Name: "trim_prefix",
- Description: "Returns `value` without the prefix. If `value` doesn't start with `prefix`, it is returned unchanged.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("value", types.S).Description("string to trim"),
- types.Named("prefix", types.S).Description("prefix to cut off"),
- ),
- types.Named("output", types.S).Description("string with `prefix` cut off"),
- ),
- Categories: stringsCat,
-}
+var TrimLeft = v1.TrimLeft
-var TrimRight = &Builtin{
- Name: "trim_right",
- Description: "Returns `value` with all trailing instances of the `cutset` characters removed.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("value", types.S).Description("string to trim"),
- types.Named("cutset", types.S).Description("string of characters that are cut off on the right"),
- ),
- types.Named("output", types.S).Description("string right-trimmed of `cutset` characters"),
- ),
- Categories: stringsCat,
-}
+var TrimPrefix = v1.TrimPrefix
-var TrimSuffix = &Builtin{
- Name: "trim_suffix",
- Description: "Returns `value` without the suffix. If `value` doesn't end with `suffix`, it is returned unchanged.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("value", types.S).Description("string to trim"),
- types.Named("suffix", types.S).Description("suffix to cut off"),
- ),
- types.Named("output", types.S).Description("string with `suffix` cut off"),
- ),
- Categories: stringsCat,
-}
+var TrimRight = v1.TrimRight
-var TrimSpace = &Builtin{
- Name: "trim_space",
- Description: "Return the given string with all leading and trailing white space removed.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("value", types.S).Description("string to trim"),
- ),
- types.Named("output", types.S).Description("string leading and trailing white space cut off"),
- ),
- Categories: stringsCat,
-}
+var TrimSuffix = v1.TrimSuffix
-var Sprintf = &Builtin{
- Name: "sprintf",
- Description: "Returns the given string, formatted.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("format", types.S).Description("string with formatting verbs"),
- types.Named("values", types.NewArray(nil, types.A)).Description("arguments to format into formatting verbs"),
- ),
- types.Named("output", types.S).Description("`format` formatted by the values in `values`"),
- ),
- Categories: stringsCat,
-}
+var TrimSpace = v1.TrimSpace
-var StringReverse = &Builtin{
- Name: "strings.reverse",
- Description: "Reverses a given string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S),
- ),
- Categories: stringsCat,
-}
+var Sprintf = v1.Sprintf
-var RenderTemplate = &Builtin{
- Name: "strings.render_template",
- Description: `Renders a templated string with given template variables injected. For a given templated string and key/value mapping, values will be injected into the template where they are referenced by key.
- For examples of templating syntax, see https://pkg.go.dev/text/template`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("value", types.S).Description("a templated string"),
- types.Named("vars", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("a mapping of template variable keys to values"),
- ),
- types.Named("result", types.S).Description("rendered template with template variables injected"),
- ),
- Categories: stringsCat,
-}
+var StringReverse = v1.StringReverse
+
+var RenderTemplate = v1.RenderTemplate
/**
* Numbers
@@ -1354,82 +236,19 @@ var RenderTemplate = &Builtin{
// RandIntn returns a random number 0 - n
// Marked non-deterministic because it relies on RNG internally.
-var RandIntn = &Builtin{
- Name: "rand.intn",
- Description: "Returns a random integer between `0` and `n` (`n` exclusive). If `n` is `0`, then `y` is always `0`. For any given argument pair (`str`, `n`), the output will be consistent throughout a query evaluation.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("str", types.S),
- types.Named("n", types.N),
- ),
- types.Named("y", types.N).Description("random integer in the range `[0, abs(n))`"),
- ),
- Categories: number,
- Nondeterministic: true,
-}
+var RandIntn = v1.RandIntn
-var NumbersRange = &Builtin{
- Name: "numbers.range",
- Description: "Returns an array of numbers in the given (inclusive) range. If `a==b`, then `range == [a]`; if `a > b`, then `range` is in descending order.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("a", types.N),
- types.Named("b", types.N),
- ),
- types.Named("range", types.NewArray(nil, types.N)).Description("the range between `a` and `b`"),
- ),
-}
+var NumbersRange = v1.NumbersRange
-var NumbersRangeStep = &Builtin{
- Name: "numbers.range_step",
- Description: `Returns an array of numbers in the given (inclusive) range incremented by a positive step.
- If "a==b", then "range == [a]"; if "a > b", then "range" is in descending order.
- If the provided "step" is less then 1, an error will be thrown.
- If "b" is not in the range of the provided "step", "b" won't be included in the result.
- `,
- Decl: types.NewFunction(
- types.Args(
- types.Named("a", types.N),
- types.Named("b", types.N),
- types.Named("step", types.N),
- ),
- types.Named("range", types.NewArray(nil, types.N)).Description("the range between `a` and `b` in `step` increments"),
- ),
-}
+var NumbersRangeStep = v1.NumbersRangeStep
/**
* Units
*/
-var UnitsParse = &Builtin{
- Name: "units.parse",
- Description: `Converts strings like "10G", "5K", "4M", "1500m" and the like into a number.
-This number can be a non-integer, such as 1.5, 0.22, etc. Supports standard metric decimal and
-binary SI units (e.g., K, Ki, M, Mi, G, Gi etc.) m, K, M, G, T, P, and E are treated as decimal
-units and Ki, Mi, Gi, Ti, Pi, and Ei are treated as binary units.
-
-Note that 'm' and 'M' are case-sensitive, to allow distinguishing between "milli" and "mega" units respectively. Other units are case-insensitive.`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("the unit to parse"),
- ),
- types.Named("y", types.N).Description("the parsed number"),
- ),
-}
+var UnitsParse = v1.UnitsParse
-var UnitsParseBytes = &Builtin{
- Name: "units.parse_bytes",
- Description: `Converts strings like "10GB", "5K", "4mb" into an integer number of bytes.
-Supports standard byte units (e.g., KB, KiB, etc.) KB, MB, GB, and TB are treated as decimal
-units and KiB, MiB, GiB, and TiB are treated as binary units. The bytes symbol (b/B) in the
-unit is optional and omitting it wil give the same result (e.g. Mi and MiB).`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("the byte unit to parse"),
- ),
- types.Named("y", types.N).Description("the parsed number"),
- ),
-}
+var UnitsParseBytes = v1.UnitsParseBytes
//
/**
@@ -1438,1372 +257,241 @@ unit is optional and omitting it wil give the same result (e.g. Mi and MiB).`,
// UUIDRFC4122 returns a version 4 UUID string.
// Marked non-deterministic because it relies on RNG internally.
-var UUIDRFC4122 = &Builtin{
- Name: "uuid.rfc4122",
- Description: "Returns a new UUIDv4.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("k", types.S),
- ),
- types.Named("output", types.S).Description("a version 4 UUID; for any given `k`, the output will be consistent throughout a query evaluation"),
- ),
- Nondeterministic: true,
-}
+var UUIDRFC4122 = v1.UUIDRFC4122
-var UUIDParse = &Builtin{
- Name: "uuid.parse",
- Description: "Parses the string value as an UUID and returns an object with the well-defined fields of the UUID if valid.",
- Categories: nil,
- Decl: types.NewFunction(
- types.Args(
- types.Named("uuid", types.S),
- ),
- types.Named("result", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("Properties of UUID if valid (version, variant, etc). Undefined otherwise."),
- ),
- Relation: false,
-}
+var UUIDParse = v1.UUIDParse
/**
* JSON
*/
-var objectCat = category("object")
-
-var JSONFilter = &Builtin{
- Name: "json.filter",
- Description: "Filters the object. " +
- "For example: `json.filter({\"a\": {\"b\": \"x\", \"c\": \"y\"}}, [\"a/b\"])` will result in `{\"a\": {\"b\": \"x\"}}`). " +
- "Paths are not filtered in-order and are deduplicated before being evaluated.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("object", types.NewObject(
- nil,
- types.NewDynamicProperty(types.A, types.A),
- )),
- types.Named("paths", types.NewAny(
- types.NewArray(
- nil,
- types.NewAny(
- types.S,
- types.NewArray(
- nil,
- types.A,
- ),
- ),
- ),
- types.NewSet(
- types.NewAny(
- types.S,
- types.NewArray(
- nil,
- types.A,
- ),
- ),
- ),
- )).Description("JSON string paths"),
- ),
- types.Named("filtered", types.A).Description("remaining data from `object` with only keys specified in `paths`"),
- ),
- Categories: objectCat,
-}
+var JSONFilter = v1.JSONFilter
-var JSONRemove = &Builtin{
- Name: "json.remove",
- Description: "Removes paths from an object. " +
- "For example: `json.remove({\"a\": {\"b\": \"x\", \"c\": \"y\"}}, [\"a/b\"])` will result in `{\"a\": {\"c\": \"y\"}}`. " +
- "Paths are not removed in-order and are deduplicated before being evaluated.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("object", types.NewObject(
- nil,
- types.NewDynamicProperty(types.A, types.A),
- )),
- types.Named("paths", types.NewAny(
- types.NewArray(
- nil,
- types.NewAny(
- types.S,
- types.NewArray(
- nil,
- types.A,
- ),
- ),
- ),
- types.NewSet(
- types.NewAny(
- types.S,
- types.NewArray(
- nil,
- types.A,
- ),
- ),
- ),
- )).Description("JSON string paths"),
- ),
- types.Named("output", types.A).Description("result of removing all keys specified in `paths`"),
- ),
- Categories: objectCat,
-}
+var JSONRemove = v1.JSONRemove
-var JSONPatch = &Builtin{
- Name: "json.patch",
- Description: "Patches an object according to RFC6902. " +
- "For example: `json.patch({\"a\": {\"foo\": 1}}, [{\"op\": \"add\", \"path\": \"/a/bar\", \"value\": 2}])` results in `{\"a\": {\"foo\": 1, \"bar\": 2}`. " +
- "The patches are applied atomically: if any of them fails, the result will be undefined. " +
- "Additionally works on sets, where a value contained in the set is considered to be its path.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("object", types.A), // TODO(sr): types.A?
- types.Named("patches", types.NewArray(
- nil,
- types.NewObject(
- []*types.StaticProperty{
- {Key: "op", Value: types.S},
- {Key: "path", Value: types.A},
- },
- types.NewDynamicProperty(types.A, types.A),
- ),
- )),
- ),
- types.Named("output", types.A).Description("result obtained after consecutively applying all patch operations in `patches`"),
- ),
- Categories: objectCat,
-}
+var JSONPatch = v1.JSONPatch
-var ObjectSubset = &Builtin{
- Name: "object.subset",
- Description: "Determines if an object `sub` is a subset of another object `super`." +
- "Object `sub` is a subset of object `super` if and only if every key in `sub` is also in `super`, " +
- "**and** for all keys which `sub` and `super` share, they have the same value. " +
- "This function works with objects, sets, arrays and a set of array and set." +
- "If both arguments are objects, then the operation is recursive, e.g. " +
- "`{\"c\": {\"x\": {10, 15, 20}}` is a subset of `{\"a\": \"b\", \"c\": {\"x\": {10, 15, 20, 25}, \"y\": \"z\"}`. " +
- "If both arguments are sets, then this function checks if every element of `sub` is a member of `super`, " +
- "but does not attempt to recurse. If both arguments are arrays, " +
- "then this function checks if `sub` appears contiguously in order within `super`, " +
- "and also does not attempt to recurse. If `super` is array and `sub` is set, " +
- "then this function checks if `super` contains every element of `sub` with no consideration of ordering, " +
- "and also does not attempt to recurse.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("super", types.NewAny(types.NewObject(
- nil,
- types.NewDynamicProperty(types.A, types.A),
- ),
- types.NewSet(types.A),
- types.NewArray(nil, types.A),
- )).Description("object to test if sub is a subset of"),
- types.Named("sub", types.NewAny(types.NewObject(
- nil,
- types.NewDynamicProperty(types.A, types.A),
- ),
- types.NewSet(types.A),
- types.NewArray(nil, types.A),
- )).Description("object to test if super is a superset of"),
- ),
- types.Named("result", types.A).Description("`true` if `sub` is a subset of `super`"),
- ),
-}
+var ObjectSubset = v1.ObjectSubset
-var ObjectUnion = &Builtin{
- Name: "object.union",
- Description: "Creates a new object of the asymmetric union of two objects. " +
- "For example: `object.union({\"a\": 1, \"b\": 2, \"c\": {\"d\": 3}}, {\"a\": 7, \"c\": {\"d\": 4, \"e\": 5}})` will result in `{\"a\": 7, \"b\": 2, \"c\": {\"d\": 4, \"e\": 5}}`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("a", types.NewObject(
- nil,
- types.NewDynamicProperty(types.A, types.A),
- )),
- types.Named("b", types.NewObject(
- nil,
- types.NewDynamicProperty(types.A, types.A),
- )),
- ),
- types.Named("output", types.A).Description("a new object which is the result of an asymmetric recursive union of two objects where conflicts are resolved by choosing the key from the right-hand object `b`"),
- ), // TODO(sr): types.A? ^^^^^^^ (also below)
-}
+var ObjectUnion = v1.ObjectUnion
-var ObjectUnionN = &Builtin{
- Name: "object.union_n",
- Description: "Creates a new object that is the asymmetric union of all objects merged from left to right. " +
- "For example: `object.union_n([{\"a\": 1}, {\"b\": 2}, {\"a\": 3}])` will result in `{\"b\": 2, \"a\": 3}`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("objects", types.NewArray(
- nil,
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- )),
- ),
- types.Named("output", types.A).Description("asymmetric recursive union of all objects in `objects`, merged from left to right, where conflicts are resolved by choosing the key from the right-hand object"),
- ),
-}
+var ObjectUnionN = v1.ObjectUnionN
-var ObjectRemove = &Builtin{
- Name: "object.remove",
- Description: "Removes specified keys from an object.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("object", types.NewObject(
- nil,
- types.NewDynamicProperty(types.A, types.A),
- )).Description("object to remove keys from"),
- types.Named("keys", types.NewAny(
- types.NewArray(nil, types.A),
- types.NewSet(types.A),
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- )).Description("keys to remove from x"),
- ),
- types.Named("output", types.A).Description("result of removing the specified `keys` from `object`"),
- ),
-}
+var ObjectRemove = v1.ObjectRemove
-var ObjectFilter = &Builtin{
- Name: "object.filter",
- Description: "Filters the object by keeping only specified keys. " +
- "For example: `object.filter({\"a\": {\"b\": \"x\", \"c\": \"y\"}, \"d\": \"z\"}, [\"a\"])` will result in `{\"a\": {\"b\": \"x\", \"c\": \"y\"}}`).",
- Decl: types.NewFunction(
- types.Args(
- types.Named("object", types.NewObject(
- nil,
- types.NewDynamicProperty(types.A, types.A),
- )).Description("object to filter keys"),
- types.Named("keys", types.NewAny(
- types.NewArray(nil, types.A),
- types.NewSet(types.A),
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- )),
- ),
- types.Named("filtered", types.A).Description("remaining data from `object` with only keys specified in `keys`"),
- ),
-}
+var ObjectFilter = v1.ObjectFilter
-var ObjectGet = &Builtin{
- Name: "object.get",
- Description: "Returns value of an object's key if present, otherwise a default. " +
- "If the supplied `key` is an `array`, then `object.get` will search through a nested object or array using each key in turn. " +
- "For example: `object.get({\"a\": [{ \"b\": true }]}, [\"a\", 0, \"b\"], false)` results in `true`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("object", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("object to get `key` from"),
- types.Named("key", types.A).Description("key to lookup in `object`"),
- types.Named("default", types.A).Description("default to use when lookup fails"),
- ),
- types.Named("value", types.A).Description("`object[key]` if present, otherwise `default`"),
- ),
-}
+var ObjectGet = v1.ObjectGet
-var ObjectKeys = &Builtin{
- Name: "object.keys",
- Description: "Returns a set of an object's keys. " +
- "For example: `object.keys({\"a\": 1, \"b\": true, \"c\": \"d\")` results in `{\"a\", \"b\", \"c\"}`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("object", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("object to get keys from"),
- ),
- types.Named("value", types.NewSet(types.A)).Description("set of `object`'s keys"),
- ),
-}
+var ObjectKeys = v1.ObjectKeys
/*
* Encoding
*/
-var encoding = category("encoding")
-
-var JSONMarshal = &Builtin{
- Name: "json.marshal",
- Description: "Serializes the input term to JSON.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A).Description("the term to serialize"),
- ),
- types.Named("y", types.S).Description("the JSON string representation of `x`"),
- ),
- Categories: encoding,
-}
-var JSONMarshalWithOptions = &Builtin{
- Name: "json.marshal_with_options",
- Description: "Serializes the input term JSON, with additional formatting options via the `opts` parameter. " +
- "`opts` accepts keys `pretty` (enable multi-line/formatted JSON), `prefix` (string to prefix lines with, default empty string) and `indent` (string to indent with, default `\\t`).",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A).Description("the term to serialize"),
- types.Named("opts", types.NewObject(
- []*types.StaticProperty{
- types.NewStaticProperty("pretty", types.B),
- types.NewStaticProperty("indent", types.S),
- types.NewStaticProperty("prefix", types.S),
- },
- types.NewDynamicProperty(types.S, types.A),
- )).Description("encoding options"),
- ),
- types.Named("y", types.S).Description("the JSON string representation of `x`, with configured prefix/indent string(s) as appropriate"),
- ),
- Categories: encoding,
-}
+var JSONMarshal = v1.JSONMarshal
-var JSONUnmarshal = &Builtin{
- Name: "json.unmarshal",
- Description: "Deserializes the input string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("a JSON string"),
- ),
- types.Named("y", types.A).Description("the term deserialized from `x`"),
- ),
- Categories: encoding,
-}
+var JSONMarshalWithOptions = v1.JSONMarshalWithOptions
-var JSONIsValid = &Builtin{
- Name: "json.is_valid",
- Description: "Verifies the input string is a valid JSON document.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("a JSON string"),
- ),
- types.Named("result", types.B).Description("`true` if `x` is valid JSON, `false` otherwise"),
- ),
- Categories: encoding,
-}
+var JSONUnmarshal = v1.JSONUnmarshal
-var Base64Encode = &Builtin{
- Name: "base64.encode",
- Description: "Serializes the input string into base64 encoding.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("base64 serialization of `x`"),
- ),
- Categories: encoding,
-}
+var JSONIsValid = v1.JSONIsValid
-var Base64Decode = &Builtin{
- Name: "base64.decode",
- Description: "Deserializes the base64 encoded input string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("base64 deserialization of `x`"),
- ),
- Categories: encoding,
-}
+var Base64Encode = v1.Base64Encode
-var Base64IsValid = &Builtin{
- Name: "base64.is_valid",
- Description: "Verifies the input string is base64 encoded.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("result", types.B).Description("`true` if `x` is valid base64 encoded value, `false` otherwise"),
- ),
- Categories: encoding,
-}
+var Base64Decode = v1.Base64Decode
-var Base64UrlEncode = &Builtin{
- Name: "base64url.encode",
- Description: "Serializes the input string into base64url encoding.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("base64url serialization of `x`"),
- ),
- Categories: encoding,
-}
+var Base64IsValid = v1.Base64IsValid
-var Base64UrlEncodeNoPad = &Builtin{
- Name: "base64url.encode_no_pad",
- Description: "Serializes the input string into base64url encoding without padding.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("base64url serialization of `x`"),
- ),
- Categories: encoding,
-}
+var Base64UrlEncode = v1.Base64UrlEncode
-var Base64UrlDecode = &Builtin{
- Name: "base64url.decode",
- Description: "Deserializes the base64url encoded input string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("base64url deserialization of `x`"),
- ),
- Categories: encoding,
-}
+var Base64UrlEncodeNoPad = v1.Base64UrlEncodeNoPad
-var URLQueryDecode = &Builtin{
- Name: "urlquery.decode",
- Description: "Decodes a URL-encoded input string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("URL-encoding deserialization of `x`"),
- ),
- Categories: encoding,
-}
+var Base64UrlDecode = v1.Base64UrlDecode
-var URLQueryEncode = &Builtin{
- Name: "urlquery.encode",
- Description: "Encodes the input string into a URL-encoded string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("URL-encoding serialization of `x`"),
- ),
- Categories: encoding,
-}
+var URLQueryDecode = v1.URLQueryDecode
-var URLQueryEncodeObject = &Builtin{
- Name: "urlquery.encode_object",
- Description: "Encodes the given object into a URL encoded query string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("object", types.NewObject(
- nil,
- types.NewDynamicProperty(
- types.S,
- types.NewAny(
- types.S,
- types.NewArray(nil, types.S),
- types.NewSet(types.S)))))),
- types.Named("y", types.S).Description("the URL-encoded serialization of `object`"),
- ),
- Categories: encoding,
-}
+var URLQueryEncode = v1.URLQueryEncode
-var URLQueryDecodeObject = &Builtin{
- Name: "urlquery.decode_object",
- Description: "Decodes the given URL query string into an object.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("the query string"),
- ),
- types.Named("object", types.NewObject(nil, types.NewDynamicProperty(
- types.S,
- types.NewArray(nil, types.S)))).Description("the resulting object"),
- ),
- Categories: encoding,
-}
+var URLQueryEncodeObject = v1.URLQueryEncodeObject
-var YAMLMarshal = &Builtin{
- Name: "yaml.marshal",
- Description: "Serializes the input term to YAML.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A).Description("the term to serialize"),
- ),
- types.Named("y", types.S).Description("the YAML string representation of `x`"),
- ),
- Categories: encoding,
-}
+var URLQueryDecodeObject = v1.URLQueryDecodeObject
-var YAMLUnmarshal = &Builtin{
- Name: "yaml.unmarshal",
- Description: "Deserializes the input string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("a YAML string"),
- ),
- types.Named("y", types.A).Description("the term deserialized from `x`"),
- ),
- Categories: encoding,
-}
+var YAMLMarshal = v1.YAMLMarshal
+
+var YAMLUnmarshal = v1.YAMLUnmarshal
// YAMLIsValid verifies the input string is a valid YAML document.
-var YAMLIsValid = &Builtin{
- Name: "yaml.is_valid",
- Description: "Verifies the input string is a valid YAML document.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("a YAML string"),
- ),
- types.Named("result", types.B).Description("`true` if `x` is valid YAML, `false` otherwise"),
- ),
- Categories: encoding,
-}
+var YAMLIsValid = v1.YAMLIsValid
-var HexEncode = &Builtin{
- Name: "hex.encode",
- Description: "Serializes the input string using hex-encoding.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("serialization of `x` using hex-encoding"),
- ),
- Categories: encoding,
-}
+var HexEncode = v1.HexEncode
-var HexDecode = &Builtin{
- Name: "hex.decode",
- Description: "Deserializes the hex-encoded input string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("a hex-encoded string"),
- ),
- types.Named("y", types.S).Description("deserialized from `x`"),
- ),
- Categories: encoding,
-}
+var HexDecode = v1.HexDecode
/**
* Tokens
*/
-var tokensCat = category("tokens")
-
-var JWTDecode = &Builtin{
- Name: "io.jwt.decode",
- Description: "Decodes a JSON Web Token and outputs it as an object.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token to decode"),
- ),
- types.Named("output", types.NewArray([]types.Type{
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- types.S,
- }, nil)).Description("`[header, payload, sig]`, where `header` and `payload` are objects; `sig` is the hexadecimal representation of the signature on the token."),
- ),
- Categories: tokensCat,
-}
-var JWTVerifyRS256 = &Builtin{
- Name: "io.jwt.verify_rs256",
- Description: "Verifies if a RS256 JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTDecode = v1.JWTDecode
-var JWTVerifyRS384 = &Builtin{
- Name: "io.jwt.verify_rs384",
- Description: "Verifies if a RS384 JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyRS256 = v1.JWTVerifyRS256
-var JWTVerifyRS512 = &Builtin{
- Name: "io.jwt.verify_rs512",
- Description: "Verifies if a RS512 JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyRS384 = v1.JWTVerifyRS384
-var JWTVerifyPS256 = &Builtin{
- Name: "io.jwt.verify_ps256",
- Description: "Verifies if a PS256 JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyRS512 = v1.JWTVerifyRS512
-var JWTVerifyPS384 = &Builtin{
- Name: "io.jwt.verify_ps384",
- Description: "Verifies if a PS384 JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyPS256 = v1.JWTVerifyPS256
-var JWTVerifyPS512 = &Builtin{
- Name: "io.jwt.verify_ps512",
- Description: "Verifies if a PS512 JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyPS384 = v1.JWTVerifyPS384
-var JWTVerifyES256 = &Builtin{
- Name: "io.jwt.verify_es256",
- Description: "Verifies if a ES256 JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyPS512 = v1.JWTVerifyPS512
-var JWTVerifyES384 = &Builtin{
- Name: "io.jwt.verify_es384",
- Description: "Verifies if a ES384 JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyES256 = v1.JWTVerifyES256
-var JWTVerifyES512 = &Builtin{
- Name: "io.jwt.verify_es512",
- Description: "Verifies if a ES512 JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyES384 = v1.JWTVerifyES384
-var JWTVerifyHS256 = &Builtin{
- Name: "io.jwt.verify_hs256",
- Description: "Verifies if a HS256 (secret) JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("secret", types.S).Description("plain text secret used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyES512 = v1.JWTVerifyES512
-var JWTVerifyHS384 = &Builtin{
- Name: "io.jwt.verify_hs384",
- Description: "Verifies if a HS384 (secret) JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("secret", types.S).Description("plain text secret used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyHS256 = v1.JWTVerifyHS256
-var JWTVerifyHS512 = &Builtin{
- Name: "io.jwt.verify_hs512",
- Description: "Verifies if a HS512 (secret) JWT signature is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
- types.Named("secret", types.S).Description("plain text secret used to verify the signature"),
- ),
- types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
- ),
- Categories: tokensCat,
-}
+var JWTVerifyHS384 = v1.JWTVerifyHS384
-// Marked non-deterministic because it relies on time internally.
-var JWTDecodeVerify = &Builtin{
- Name: "io.jwt.decode_verify",
- Description: `Verifies a JWT signature under parameterized constraints and decodes the claims if it is valid.
-Supports the following algorithms: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384 and PS512.`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("jwt", types.S).Description("JWT token whose signature is to be verified and whose claims are to be checked"),
- types.Named("constraints", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("claim verification constraints"),
- ),
- types.Named("output", types.NewArray([]types.Type{
- types.B,
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- }, nil)).Description("`[valid, header, payload]`: if the input token is verified and meets the requirements of `constraints` then `valid` is `true`; `header` and `payload` are objects containing the JOSE header and the JWT claim set; otherwise, `valid` is `false`, `header` and `payload` are `{}`"),
- ),
- Categories: tokensCat,
- Nondeterministic: true,
-}
+var JWTVerifyHS512 = v1.JWTVerifyHS512
-var tokenSign = category("tokensign")
+// Marked non-deterministic because it relies on time internally.
+var JWTDecodeVerify = v1.JWTDecodeVerify
// Marked non-deterministic because it relies on RNG internally.
-var JWTEncodeSignRaw = &Builtin{
- Name: "io.jwt.encode_sign_raw",
- Description: "Encodes and optionally signs a JSON Web Token.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("headers", types.S).Description("JWS Protected Header"),
- types.Named("payload", types.S).Description("JWS Payload"),
- types.Named("key", types.S).Description("JSON Web Key (RFC7517)"),
- ),
- types.Named("output", types.S).Description("signed JWT"),
- ),
- Categories: tokenSign,
- Nondeterministic: true,
-}
+var JWTEncodeSignRaw = v1.JWTEncodeSignRaw
// Marked non-deterministic because it relies on RNG internally.
-var JWTEncodeSign = &Builtin{
- Name: "io.jwt.encode_sign",
- Description: "Encodes and optionally signs a JSON Web Token. Inputs are taken as objects, not encoded strings (see `io.jwt.encode_sign_raw`).",
- Decl: types.NewFunction(
- types.Args(
- types.Named("headers", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JWS Protected Header"),
- types.Named("payload", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JWS Payload"),
- types.Named("key", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JSON Web Key (RFC7517)"),
- ),
- types.Named("output", types.S).Description("signed JWT"),
- ),
- Categories: tokenSign,
- Nondeterministic: true,
-}
+var JWTEncodeSign = v1.JWTEncodeSign
/**
* Time
*/
// Marked non-deterministic because it relies on time directly.
-var NowNanos = &Builtin{
- Name: "time.now_ns",
- Description: "Returns the current time since epoch in nanoseconds.",
- Decl: types.NewFunction(
- nil,
- types.Named("now", types.N).Description("nanoseconds since epoch"),
- ),
- Nondeterministic: true,
-}
+var NowNanos = v1.NowNanos
-var ParseNanos = &Builtin{
- Name: "time.parse_ns",
- Description: "Returns the time in nanoseconds parsed from the string in the given format. `undefined` if the result would be outside the valid time range that can fit within an `int64`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("layout", types.S).Description("format used for parsing, see the [Go `time` package documentation](https://golang.org/pkg/time/#Parse) for more details"),
- types.Named("value", types.S).Description("input to parse according to `layout`"),
- ),
- types.Named("ns", types.N).Description("`value` in nanoseconds since epoch"),
- ),
-}
+var ParseNanos = v1.ParseNanos
-var ParseRFC3339Nanos = &Builtin{
- Name: "time.parse_rfc3339_ns",
- Description: "Returns the time in nanoseconds parsed from the string in RFC3339 format. `undefined` if the result would be outside the valid time range that can fit within an `int64`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("value", types.S),
- ),
- types.Named("ns", types.N).Description("`value` in nanoseconds since epoch"),
- ),
-}
+var ParseRFC3339Nanos = v1.ParseRFC3339Nanos
-var ParseDurationNanos = &Builtin{
- Name: "time.parse_duration_ns",
- Description: "Returns the duration in nanoseconds represented by a string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("duration", types.S).Description("a duration like \"3m\"; see the [Go `time` package documentation](https://golang.org/pkg/time/#ParseDuration) for more details"),
- ),
- types.Named("ns", types.N).Description("the `duration` in nanoseconds"),
- ),
-}
+var ParseDurationNanos = v1.ParseDurationNanos
-var Format = &Builtin{
- Name: "time.format",
- Description: "Returns the formatted timestamp for the nanoseconds since epoch.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.NewAny(
- types.N,
- types.NewArray([]types.Type{types.N, types.S}, nil),
- types.NewArray([]types.Type{types.N, types.S, types.S}, nil),
- )).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string; or a three-element array of ns, timezone string and a layout string or golang defined formatting constant (see golang supported time formats)"),
- ),
- types.Named("formatted timestamp", types.S).Description("the formatted timestamp represented for the nanoseconds since the epoch in the supplied timezone (or UTC)"),
- ),
-}
+var Format = v1.Format
-var Date = &Builtin{
- Name: "time.date",
- Description: "Returns the `[year, month, day]` for the nanoseconds since epoch.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.NewAny(
- types.N,
- types.NewArray([]types.Type{types.N, types.S}, nil),
- )).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string"),
- ),
- types.Named("date", types.NewArray([]types.Type{types.N, types.N, types.N}, nil)).Description("an array of `year`, `month` (1-12), and `day` (1-31)"),
- ),
-}
+var Date = v1.Date
-var Clock = &Builtin{
- Name: "time.clock",
- Description: "Returns the `[hour, minute, second]` of the day for the nanoseconds since epoch.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.NewAny(
- types.N,
- types.NewArray([]types.Type{types.N, types.S}, nil),
- )).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string"),
- ),
- types.Named("output", types.NewArray([]types.Type{types.N, types.N, types.N}, nil)).
- Description("the `hour`, `minute` (0-59), and `second` (0-59) representing the time of day for the nanoseconds since epoch in the supplied timezone (or UTC)"),
- ),
-}
+var Clock = v1.Clock
-var Weekday = &Builtin{
- Name: "time.weekday",
- Description: "Returns the day of the week (Monday, Tuesday, ...) for the nanoseconds since epoch.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.NewAny(
- types.N,
- types.NewArray([]types.Type{types.N, types.S}, nil),
- )).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string"),
- ),
- types.Named("day", types.S).Description("the weekday represented by `ns` nanoseconds since the epoch in the supplied timezone (or UTC)"),
- ),
-}
+var Weekday = v1.Weekday
-var AddDate = &Builtin{
- Name: "time.add_date",
- Description: "Returns the nanoseconds since epoch after adding years, months and days to nanoseconds. Month & day values outside their usual ranges after the operation and will be normalized - for example, October 32 would become November 1. `undefined` if the result would be outside the valid time range that can fit within an `int64`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("ns", types.N).Description("nanoseconds since the epoch"),
- types.Named("years", types.N),
- types.Named("months", types.N),
- types.Named("days", types.N),
- ),
- types.Named("output", types.N).Description("nanoseconds since the epoch representing the input time, with years, months and days added"),
- ),
-}
+var AddDate = v1.AddDate
-var Diff = &Builtin{
- Name: "time.diff",
- Description: "Returns the difference between two unix timestamps in nanoseconds (with optional timezone strings).",
- Decl: types.NewFunction(
- types.Args(
- types.Named("ns1", types.NewAny(
- types.N,
- types.NewArray([]types.Type{types.N, types.S}, nil),
- )),
- types.Named("ns2", types.NewAny(
- types.N,
- types.NewArray([]types.Type{types.N, types.S}, nil),
- )),
- ),
- types.Named("output", types.NewArray([]types.Type{types.N, types.N, types.N, types.N, types.N, types.N}, nil)).Description("difference between `ns1` and `ns2` (in their supplied timezones, if supplied, or UTC) as array of numbers: `[years, months, days, hours, minutes, seconds]`"),
- ),
-}
+var Diff = v1.Diff
/**
* Crypto.
*/
-var CryptoX509ParseCertificates = &Builtin{
- Name: "crypto.x509.parse_certificates",
- Description: `Returns zero or more certificates from the given encoded string containing
-DER certificate data.
-
-If the input is empty, the function will return null. The input string should be a list of one or more
-concatenated PEM blocks. The whole input of concatenated PEM blocks can optionally be Base64 encoded.`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("certs", types.S).Description("base64 encoded DER or PEM data containing one or more certificates or a PEM string of one or more certificates"),
- ),
- types.Named("output", types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A)))).Description("parsed X.509 certificates represented as objects"),
- ),
-}
+var CryptoX509ParseCertificates = v1.CryptoX509ParseCertificates
-var CryptoX509ParseAndVerifyCertificates = &Builtin{
- Name: "crypto.x509.parse_and_verify_certificates",
- Description: `Returns one or more certificates from the given string containing PEM
-or base64 encoded DER certificates after verifying the supplied certificates form a complete
-certificate chain back to a trusted root.
-
-The first certificate is treated as the root and the last is treated as the leaf,
-with all others being treated as intermediates.`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("certs", types.S).Description("base64 encoded DER or PEM data containing two or more certificates where the first is a root CA, the last is a leaf certificate, and all others are intermediate CAs"),
- ),
- types.Named("output", types.NewArray([]types.Type{
- types.B,
- types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
- }, nil)).Description("array of `[valid, certs]`: if the input certificate chain could be verified then `valid` is `true` and `certs` is an array of X.509 certificates represented as objects; if the input certificate chain could not be verified then `valid` is `false` and `certs` is `[]`"),
- ),
-}
+var CryptoX509ParseAndVerifyCertificates = v1.CryptoX509ParseAndVerifyCertificates
-var CryptoX509ParseAndVerifyCertificatesWithOptions = &Builtin{
- Name: "crypto.x509.parse_and_verify_certificates_with_options",
- Description: `Returns one or more certificates from the given string containing PEM
-or base64 encoded DER certificates after verifying the supplied certificates form a complete
-certificate chain back to a trusted root. A config option passed as the second argument can
-be used to configure the validation options used.
-
-The first certificate is treated as the root and the last is treated as the leaf,
-with all others being treated as intermediates.`,
-
- Decl: types.NewFunction(
- types.Args(
- types.Named("certs", types.S).Description("base64 encoded DER or PEM data containing two or more certificates where the first is a root CA, the last is a leaf certificate, and all others are intermediate CAs"),
- types.Named("options", types.NewObject(
- nil,
- types.NewDynamicProperty(types.S, types.A),
- )).Description("object containing extra configs to verify the validity of certificates. `options` object supports four fields which maps to same fields in [x509.VerifyOptions struct](https://pkg.go.dev/crypto/x509#VerifyOptions). `DNSName`, `CurrentTime`: Nanoseconds since the Unix Epoch as a number, `MaxConstraintComparisons` and `KeyUsages`. `KeyUsages` is list and can have possible values as in: `\"KeyUsageAny\"`, `\"KeyUsageServerAuth\"`, `\"KeyUsageClientAuth\"`, `\"KeyUsageCodeSigning\"`, `\"KeyUsageEmailProtection\"`, `\"KeyUsageIPSECEndSystem\"`, `\"KeyUsageIPSECTunnel\"`, `\"KeyUsageIPSECUser\"`, `\"KeyUsageTimeStamping\"`, `\"KeyUsageOCSPSigning\"`, `\"KeyUsageMicrosoftServerGatedCrypto\"`, `\"KeyUsageNetscapeServerGatedCrypto\"`, `\"KeyUsageMicrosoftCommercialCodeSigning\"`, `\"KeyUsageMicrosoftKernelCodeSigning\"` "),
- ),
- types.Named("output", types.NewArray([]types.Type{
- types.B,
- types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
- }, nil)).Description("array of `[valid, certs]`: if the input certificate chain could be verified then `valid` is `true` and `certs` is an array of X.509 certificates represented as objects; if the input certificate chain could not be verified then `valid` is `false` and `certs` is `[]`"),
- ),
-}
+var CryptoX509ParseAndVerifyCertificatesWithOptions = v1.CryptoX509ParseAndVerifyCertificatesWithOptions
-var CryptoX509ParseCertificateRequest = &Builtin{
- Name: "crypto.x509.parse_certificate_request",
- Description: "Returns a PKCS #10 certificate signing request from the given PEM-encoded PKCS#10 certificate signing request.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("csr", types.S).Description("base64 string containing either a PEM encoded or DER CSR or a string containing a PEM CSR"),
- ),
- types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("X.509 CSR represented as an object"),
- ),
-}
+var CryptoX509ParseCertificateRequest = v1.CryptoX509ParseCertificateRequest
-var CryptoX509ParseKeyPair = &Builtin{
- Name: "crypto.x509.parse_keypair",
- Description: "Returns a valid key pair",
- Decl: types.NewFunction(
- types.Args(
- types.Named("cert", types.S).Description("string containing PEM or base64 encoded DER certificates"),
- types.Named("pem", types.S).Description("string containing PEM or base64 encoded DER keys"),
- ),
- types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("if key pair is valid, returns the tls.certificate(https://pkg.go.dev/crypto/tls#Certificate) as an object. If the key pair is invalid, nil and an error are returned."),
- ),
-}
-var CryptoX509ParseRSAPrivateKey = &Builtin{
- Name: "crypto.x509.parse_rsa_private_key",
- Description: "Returns a JWK for signing a JWT from the given PEM-encoded RSA private key.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("pem", types.S).Description("base64 string containing a PEM encoded RSA private key"),
- ),
- types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JWK as an object"),
- ),
-}
+var CryptoX509ParseKeyPair = v1.CryptoX509ParseKeyPair
+var CryptoX509ParseRSAPrivateKey = v1.CryptoX509ParseRSAPrivateKey
-var CryptoParsePrivateKeys = &Builtin{
- Name: "crypto.parse_private_keys",
- Description: `Returns zero or more private keys from the given encoded string containing DER certificate data.
-
-If the input is empty, the function will return null. The input string should be a list of one or more concatenated PEM blocks. The whole input of concatenated PEM blocks can optionally be Base64 encoded.`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("keys", types.S).Description("PEM encoded data containing one or more private keys as concatenated blocks. Optionally Base64 encoded."),
- ),
- types.Named("output", types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A)))).Description("parsed private keys represented as objects"),
- ),
-}
+var CryptoParsePrivateKeys = v1.CryptoParsePrivateKeys
-var CryptoMd5 = &Builtin{
- Name: "crypto.md5",
- Description: "Returns a string representing the input string hashed with the MD5 function",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("MD5-hash of `x`"),
- ),
-}
+var CryptoMd5 = v1.CryptoMd5
-var CryptoSha1 = &Builtin{
- Name: "crypto.sha1",
- Description: "Returns a string representing the input string hashed with the SHA1 function",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("SHA1-hash of `x`"),
- ),
-}
+var CryptoSha1 = v1.CryptoSha1
-var CryptoSha256 = &Builtin{
- Name: "crypto.sha256",
- Description: "Returns a string representing the input string hashed with the SHA256 function",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S),
- ),
- types.Named("y", types.S).Description("SHA256-hash of `x`"),
- ),
-}
+var CryptoSha256 = v1.CryptoSha256
-var CryptoHmacMd5 = &Builtin{
- Name: "crypto.hmac.md5",
- Description: "Returns a string representing the MD5 HMAC of the input message using the input key.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("input string"),
- types.Named("key", types.S).Description("key to use"),
- ),
- types.Named("y", types.S).Description("MD5-HMAC of `x`"),
- ),
-}
+var CryptoHmacMd5 = v1.CryptoHmacMd5
-var CryptoHmacSha1 = &Builtin{
- Name: "crypto.hmac.sha1",
- Description: "Returns a string representing the SHA1 HMAC of the input message using the input key.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("input string"),
- types.Named("key", types.S).Description("key to use"),
- ),
- types.Named("y", types.S).Description("SHA1-HMAC of `x`"),
- ),
-}
+var CryptoHmacSha1 = v1.CryptoHmacSha1
-var CryptoHmacSha256 = &Builtin{
- Name: "crypto.hmac.sha256",
- Description: "Returns a string representing the SHA256 HMAC of the input message using the input key.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("input string"),
- types.Named("key", types.S).Description("key to use"),
- ),
- types.Named("y", types.S).Description("SHA256-HMAC of `x`"),
- ),
-}
+var CryptoHmacSha256 = v1.CryptoHmacSha256
-var CryptoHmacSha512 = &Builtin{
- Name: "crypto.hmac.sha512",
- Description: "Returns a string representing the SHA512 HMAC of the input message using the input key.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.S).Description("input string"),
- types.Named("key", types.S).Description("key to use"),
- ),
- types.Named("y", types.S).Description("SHA512-HMAC of `x`"),
- ),
-}
+var CryptoHmacSha512 = v1.CryptoHmacSha512
-var CryptoHmacEqual = &Builtin{
- Name: "crypto.hmac.equal",
- Description: "Returns a boolean representing the result of comparing two MACs for equality without leaking timing information.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("mac1", types.S).Description("mac1 to compare"),
- types.Named("mac2", types.S).Description("mac2 to compare"),
- ),
- types.Named("result", types.B).Description("`true` if the MACs are equals, `false` otherwise"),
- ),
-}
+var CryptoHmacEqual = v1.CryptoHmacEqual
/**
* Graphs.
*/
-var graphs = category("graph")
-
-var WalkBuiltin = &Builtin{
- Name: "walk",
- Relation: true,
- Description: "Generates `[path, value]` tuples for all nested documents of `x` (recursively). Queries can use `walk` to traverse documents nested under `x`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- ),
- types.Named("output", types.NewArray(
- []types.Type{
- types.NewArray(nil, types.A),
- types.A,
- },
- nil,
- )).Description("pairs of `path` and `value`: `path` is an array representing the pointer to `value` in `x`. If `path` is assigned a wildcard (`_`), the `walk` function will skip path creation entirely for faster evaluation."),
- ),
- Categories: graphs,
-}
-var ReachableBuiltin = &Builtin{
- Name: "graph.reachable",
- Description: "Computes the set of reachable nodes in the graph from a set of starting nodes.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("graph", types.NewObject(
- nil,
- types.NewDynamicProperty(
- types.A,
- types.NewAny(
- types.NewSet(types.A),
- types.NewArray(nil, types.A)),
- )),
- ).Description("object containing a set or array of neighboring vertices"),
- types.Named("initial", types.NewAny(types.NewSet(types.A), types.NewArray(nil, types.A))).Description("set or array of root vertices"),
- ),
- types.Named("output", types.NewSet(types.A)).Description("set of vertices reachable from the `initial` vertices in the directed `graph`"),
- ),
-}
+var WalkBuiltin = v1.WalkBuiltin
-var ReachablePathsBuiltin = &Builtin{
- Name: "graph.reachable_paths",
- Description: "Computes the set of reachable paths in the graph from a set of starting nodes.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("graph", types.NewObject(
- nil,
- types.NewDynamicProperty(
- types.A,
- types.NewAny(
- types.NewSet(types.A),
- types.NewArray(nil, types.A)),
- )),
- ).Description("object containing a set or array of root vertices"),
- types.Named("initial", types.NewAny(types.NewSet(types.A), types.NewArray(nil, types.A))).Description("initial paths"), // TODO(sr): copied. is that correct?
- ),
- types.Named("output", types.NewSet(types.NewArray(nil, types.A))).Description("paths reachable from the `initial` vertices in the directed `graph`"),
- ),
-}
+var ReachableBuiltin = v1.ReachableBuiltin
+
+var ReachablePathsBuiltin = v1.ReachablePathsBuiltin
/**
* Type
*/
-var typesCat = category("types")
-
-var IsNumber = &Builtin{
- Name: "is_number",
- Description: "Returns `true` if the input value is a number.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- ),
- types.Named("result", types.B).Description("`true` if `x` is a number, `false` otherwise."),
- ),
- Categories: typesCat,
-}
-var IsString = &Builtin{
- Name: "is_string",
- Description: "Returns `true` if the input value is a string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- ),
- types.Named("result", types.B).Description("`true` if `x` is a string, `false` otherwise."),
- ),
- Categories: typesCat,
-}
+var IsNumber = v1.IsNumber
-var IsBoolean = &Builtin{
- Name: "is_boolean",
- Description: "Returns `true` if the input value is a boolean.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- ),
- types.Named("result", types.B).Description("`true` if `x` is an boolean, `false` otherwise."),
- ),
- Categories: typesCat,
-}
+var IsString = v1.IsString
-var IsArray = &Builtin{
- Name: "is_array",
- Description: "Returns `true` if the input value is an array.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- ),
- types.Named("result", types.B).Description("`true` if `x` is an array, `false` otherwise."),
- ),
- Categories: typesCat,
-}
+var IsBoolean = v1.IsBoolean
-var IsSet = &Builtin{
- Name: "is_set",
- Description: "Returns `true` if the input value is a set.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- ),
- types.Named("result", types.B).Description("`true` if `x` is a set, `false` otherwise."),
- ),
- Categories: typesCat,
-}
+var IsArray = v1.IsArray
-var IsObject = &Builtin{
- Name: "is_object",
- Description: "Returns true if the input value is an object",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- ),
- types.Named("result", types.B).Description("`true` if `x` is an object, `false` otherwise."),
- ),
- Categories: typesCat,
-}
+var IsSet = v1.IsSet
-var IsNull = &Builtin{
- Name: "is_null",
- Description: "Returns `true` if the input value is null.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- ),
- types.Named("result", types.B).Description("`true` if `x` is null, `false` otherwise."),
- ),
- Categories: typesCat,
-}
+var IsObject = v1.IsObject
+
+var IsNull = v1.IsNull
/**
* Type Name
*/
// TypeNameBuiltin returns the type of the input.
-var TypeNameBuiltin = &Builtin{
- Name: "type_name",
- Description: "Returns the type of its input value.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("x", types.A),
- ),
- types.Named("type", types.S).Description(`one of "null", "boolean", "number", "string", "array", "object", "set"`),
- ),
- Categories: typesCat,
-}
+var TypeNameBuiltin = v1.TypeNameBuiltin
/**
* HTTP Request
*/
// Marked non-deterministic because HTTP request results can be non-deterministic.
-var HTTPSend = &Builtin{
- Name: "http.send",
- Description: "Returns a HTTP response to the given HTTP request.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("request", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
- ),
- types.Named("response", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))),
- ),
- Nondeterministic: true,
-}
+var HTTPSend = v1.HTTPSend
/**
* GraphQL
*/
// GraphQLParse returns a pair of AST objects from parsing/validation.
-var GraphQLParse = &Builtin{
- Name: "graphql.parse",
- Description: "Returns AST objects for a given GraphQL query and schema after validating the query against the schema. Returns undefined if errors were encountered during parsing or validation. The query and/or schema can be either GraphQL strings or AST objects from the other GraphQL builtin functions.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("query", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
- types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
- ),
- types.Named("output", types.NewArray([]types.Type{
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- }, nil)).Description("`output` is of the form `[query_ast, schema_ast]`. If the GraphQL query is valid given the provided schema, then `query_ast` and `schema_ast` are objects describing the ASTs for the query and schema."),
- ),
-}
+var GraphQLParse = v1.GraphQLParse
// GraphQLParseAndVerify returns a boolean and a pair of AST object from parsing/validation.
-var GraphQLParseAndVerify = &Builtin{
- Name: "graphql.parse_and_verify",
- Description: "Returns a boolean indicating success or failure alongside the parsed ASTs for a given GraphQL query and schema after validating the query against the schema. The query and/or schema can be either GraphQL strings or AST objects from the other GraphQL builtin functions.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("query", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
- types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
- ),
- types.Named("output", types.NewArray([]types.Type{
- types.B,
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- }, nil)).Description(" `output` is of the form `[valid, query_ast, schema_ast]`. If the query is valid given the provided schema, then `valid` is `true`, and `query_ast` and `schema_ast` are objects describing the ASTs for the GraphQL query and schema. Otherwise, `valid` is `false` and `query_ast` and `schema_ast` are `{}`."),
- ),
-}
+var GraphQLParseAndVerify = v1.GraphQLParseAndVerify
// GraphQLParseQuery parses the input GraphQL query and returns a JSON
// representation of its AST.
-var GraphQLParseQuery = &Builtin{
- Name: "graphql.parse_query",
- Description: "Returns an AST object for a GraphQL query.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("query", types.S),
- ),
- types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("AST object for the GraphQL query."),
- ),
-}
+var GraphQLParseQuery = v1.GraphQLParseQuery
// GraphQLParseSchema parses the input GraphQL schema and returns a JSON
// representation of its AST.
-var GraphQLParseSchema = &Builtin{
- Name: "graphql.parse_schema",
- Description: "Returns an AST object for a GraphQL schema.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("schema", types.S),
- ),
- types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("AST object for the GraphQL schema."),
- ),
-}
+var GraphQLParseSchema = v1.GraphQLParseSchema
// GraphQLIsValid returns true if a GraphQL query is valid with a given
// schema, and returns false for all other inputs.
-var GraphQLIsValid = &Builtin{
- Name: "graphql.is_valid",
- Description: "Checks that a GraphQL query is valid against a given schema. The query and/or schema can be either GraphQL strings or AST objects from the other GraphQL builtin functions.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("query", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
- types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
- ),
- types.Named("output", types.B).Description("`true` if the query is valid under the given schema. `false` otherwise."),
- ),
-}
+var GraphQLIsValid = v1.GraphQLIsValid
// GraphQLSchemaIsValid returns true if the input is valid GraphQL schema,
// and returns false for all other inputs.
-var GraphQLSchemaIsValid = &Builtin{
- Name: "graphql.schema_is_valid",
- Description: "Checks that the input is a valid GraphQL schema. The schema can be either a GraphQL string or an AST object from the other GraphQL builtin functions.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))),
- ),
- types.Named("output", types.B).Description("`true` if the schema is a valid GraphQL schema. `false` otherwise."),
- ),
-}
+var GraphQLSchemaIsValid = v1.GraphQLSchemaIsValid
/**
* JSON Schema
@@ -2811,313 +499,76 @@ var GraphQLSchemaIsValid = &Builtin{
// JSONSchemaVerify returns empty string if the input is valid JSON schema
// and returns error string for all other inputs.
-var JSONSchemaVerify = &Builtin{
- Name: "json.verify_schema",
- Description: "Checks that the input is a valid JSON schema object. The schema can be either a JSON string or an JSON object.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
- Description("the schema to verify"),
- ),
- types.Named("output", types.NewArray([]types.Type{
- types.B,
- types.NewAny(types.S, types.Null{}),
- }, nil)).
- Description("`output` is of the form `[valid, error]`. If the schema is valid, then `valid` is `true`, and `error` is `null`. Otherwise, `valid` is `false` and `error` is a string describing the error."),
- ),
- Categories: objectCat,
-}
+var JSONSchemaVerify = v1.JSONSchemaVerify
// JSONMatchSchema returns empty array if the document matches the JSON schema,
// and returns non-empty array with error objects otherwise.
-var JSONMatchSchema = &Builtin{
- Name: "json.match_schema",
- Description: "Checks that the document matches the JSON schema.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("document", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
- Description("document to verify by schema"),
- types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
- Description("schema to verify document by"),
- ),
- types.Named("output", types.NewArray([]types.Type{
- types.B,
- types.NewArray(
- nil, types.NewObject(
- []*types.StaticProperty{
- {Key: "error", Value: types.S},
- {Key: "type", Value: types.S},
- {Key: "field", Value: types.S},
- {Key: "desc", Value: types.S},
- },
- nil,
- ),
- ),
- }, nil)).
- Description("`output` is of the form `[match, errors]`. If the document is valid given the schema, then `match` is `true`, and `errors` is an empty array. Otherwise, `match` is `false` and `errors` is an array of objects describing the error(s)."),
- ),
- Categories: objectCat,
-}
+var JSONMatchSchema = v1.JSONMatchSchema
/**
* Cloud Provider Helper Functions
*/
-var providersAWSCat = category("providers.aws")
-
-var ProvidersAWSSignReqObj = &Builtin{
- Name: "providers.aws.sign_req",
- Description: "Signs an HTTP request object for Amazon Web Services. Currently implements [AWS Signature Version 4 request signing](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) by the `Authorization` header method.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("request", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
- types.Named("aws_config", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
- types.Named("time_ns", types.N),
- ),
- types.Named("signed_request", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))),
- ),
- Categories: providersAWSCat,
-}
+
+var ProvidersAWSSignReqObj = v1.ProvidersAWSSignReqObj
/**
* Rego
*/
-var RegoParseModule = &Builtin{
- Name: "rego.parse_module",
- Description: "Parses the input Rego string and returns an object representation of the AST.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("filename", types.S).Description("file name to attach to AST nodes' locations"),
- types.Named("rego", types.S).Description("Rego module"),
- ),
- types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))), // TODO(tsandall): import AST schema
- ),
-}
+var RegoParseModule = v1.RegoParseModule
-var RegoMetadataChain = &Builtin{
- Name: "rego.metadata.chain",
- Description: `Returns the chain of metadata for the active rule.
-Ordered starting at the active rule, going outward to the most distant node in its package ancestry.
-A chain entry is a JSON document with two members: "path", an array representing the path of the node; and "annotations", a JSON document containing the annotations declared for the node.
-The first entry in the chain always points to the active rule, even if it has no declared annotations (in which case the "annotations" member is not present).`,
- Decl: types.NewFunction(
- types.Args(),
- types.Named("chain", types.NewArray(nil, types.A)).Description("each array entry represents a node in the path ancestry (chain) of the active rule that also has declared annotations"),
- ),
-}
+var RegoMetadataChain = v1.RegoMetadataChain
// RegoMetadataRule returns the metadata for the active rule
-var RegoMetadataRule = &Builtin{
- Name: "rego.metadata.rule",
- Description: "Returns annotations declared for the active rule and using the _rule_ scope.",
- Decl: types.NewFunction(
- types.Args(),
- types.Named("output", types.A).Description("\"rule\" scope annotations for this rule; empty object if no annotations exist"),
- ),
-}
+var RegoMetadataRule = v1.RegoMetadataRule
/**
* OPA
*/
// Marked non-deterministic because of unpredictable config/environment-dependent results.
-var OPARuntime = &Builtin{
- Name: "opa.runtime",
- Description: "Returns an object that describes the runtime environment where OPA is deployed.",
- Decl: types.NewFunction(
- nil,
- types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).
- Description("includes a `config` key if OPA was started with a configuration file; an `env` key containing the environment variables that the OPA process was started with; includes `version` and `commit` keys containing the version and build commit of OPA."),
- ),
- Nondeterministic: true,
-}
+var OPARuntime = v1.OPARuntime
/**
* Trace
*/
-var tracing = category("tracing")
-
-var Trace = &Builtin{
- Name: "trace",
- Description: "Emits `note` as a `Note` event in the query explanation. Query explanations show the exact expressions evaluated by OPA during policy execution. For example, `trace(\"Hello There!\")` includes `Note \"Hello There!\"` in the query explanation. To include variables in the message, use `sprintf`. For example, `person := \"Bob\"; trace(sprintf(\"Hello There! %v\", [person]))` will emit `Note \"Hello There! Bob\"` inside of the explanation.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("note", types.S).Description("the note to include"),
- ),
- types.Named("result", types.B).Description("always `true`"),
- ),
- Categories: tracing,
-}
+
+var Trace = v1.Trace
/**
* Glob
*/
-var GlobMatch = &Builtin{
- Name: "glob.match",
- Description: "Parses and matches strings against the glob notation. Not to be confused with `regex.globs_match`.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("pattern", types.S),
- types.Named("delimiters", types.NewAny(
- types.NewArray(nil, types.S),
- types.NewNull(),
- )).Description("glob pattern delimiters, e.g. `[\".\", \":\"]`, defaults to `[\".\"]` if unset. If `delimiters` is `null`, glob match without delimiter."),
- types.Named("match", types.S),
- ),
- types.Named("result", types.B).Description("true if `match` can be found in `pattern` which is separated by `delimiters`"),
- ),
-}
+var GlobMatch = v1.GlobMatch
-var GlobQuoteMeta = &Builtin{
- Name: "glob.quote_meta",
- Description: "Returns a string which represents a version of the pattern where all asterisks have been escaped.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("pattern", types.S),
- ),
- types.Named("output", types.S).Description("the escaped string of `pattern`"),
- ),
- // TODO(sr): example for this was: Calling ``glob.quote_meta("*.github.com", output)`` returns ``\\*.github.com`` as ``output``.
-}
+var GlobQuoteMeta = v1.GlobQuoteMeta
/**
* Networking
*/
-var NetCIDRIntersects = &Builtin{
- Name: "net.cidr_intersects",
- Description: "Checks if a CIDR intersects with another CIDR (e.g. `192.168.0.0/16` overlaps with `192.168.1.0/24`). Supports both IPv4 and IPv6 notations.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("cidr1", types.S),
- types.Named("cidr2", types.S),
- ),
- types.Named("result", types.B),
- ),
-}
+var NetCIDRIntersects = v1.NetCIDRIntersects
-var NetCIDRExpand = &Builtin{
- Name: "net.cidr_expand",
- Description: "Expands CIDR to set of hosts (e.g., `net.cidr_expand(\"192.168.0.0/30\")` generates 4 hosts: `{\"192.168.0.0\", \"192.168.0.1\", \"192.168.0.2\", \"192.168.0.3\"}`).",
- Decl: types.NewFunction(
- types.Args(
- types.Named("cidr", types.S),
- ),
- types.Named("hosts", types.NewSet(types.S)).Description("set of IP addresses the CIDR `cidr` expands to"),
- ),
-}
+var NetCIDRExpand = v1.NetCIDRExpand
-var NetCIDRContains = &Builtin{
- Name: "net.cidr_contains",
- Description: "Checks if a CIDR or IP is contained within another CIDR. `output` is `true` if `cidr_or_ip` (e.g. `127.0.0.64/26` or `127.0.0.1`) is contained within `cidr` (e.g. `127.0.0.1/24`) and `false` otherwise. Supports both IPv4 and IPv6 notations.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("cidr", types.S),
- types.Named("cidr_or_ip", types.S),
- ),
- types.Named("result", types.B),
- ),
-}
+var NetCIDRContains = v1.NetCIDRContains
-var NetCIDRContainsMatches = &Builtin{
- Name: "net.cidr_contains_matches",
- Description: "Checks if collections of cidrs or ips are contained within another collection of cidrs and returns matches. " +
- "This function is similar to `net.cidr_contains` except it allows callers to pass collections of CIDRs or IPs as arguments and returns the matches (as opposed to a boolean result indicating a match between two CIDRs/IPs).",
- Decl: types.NewFunction(
- types.Args(
- types.Named("cidrs", netCidrContainsMatchesOperandType),
- types.Named("cidrs_or_ips", netCidrContainsMatchesOperandType),
- ),
- types.Named("output", types.NewSet(types.NewArray([]types.Type{types.A, types.A}, nil))).Description("tuples identifying matches where `cidrs_or_ips` are contained within `cidrs`"),
- ),
-}
+var NetCIDRContainsMatches = v1.NetCIDRContainsMatches
-var NetCIDRMerge = &Builtin{
- Name: "net.cidr_merge",
- Description: "Merges IP addresses and subnets into the smallest possible list of CIDRs (e.g., `net.cidr_merge([\"192.0.128.0/24\", \"192.0.129.0/24\"])` generates `{\"192.0.128.0/23\"}`." +
- `This function merges adjacent subnets where possible, those contained within others and also removes any duplicates.
-Supports both IPv4 and IPv6 notations. IPv6 inputs need a prefix length (e.g. "/128").`,
- Decl: types.NewFunction(
- types.Args(
- types.Named("addrs", types.NewAny(
- types.NewArray(nil, types.NewAny(types.S)),
- types.NewSet(types.S),
- )).Description("CIDRs or IP addresses"),
- ),
- types.Named("output", types.NewSet(types.S)).Description("smallest possible set of CIDRs obtained after merging the provided list of IP addresses and subnets in `addrs`"),
- ),
-}
+var NetCIDRMerge = v1.NetCIDRMerge
-var NetCIDRIsValid = &Builtin{
- Name: "net.cidr_is_valid",
- Description: "Parses an IPv4/IPv6 CIDR and returns a boolean indicating if the provided CIDR is valid.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("cidr", types.S),
- ),
- types.Named("result", types.B),
- ),
-}
-
-var netCidrContainsMatchesOperandType = types.NewAny(
- types.S,
- types.NewArray(nil, types.NewAny(
- types.S,
- types.NewArray(nil, types.A),
- )),
- types.NewSet(types.NewAny(
- types.S,
- types.NewArray(nil, types.A),
- )),
- types.NewObject(nil, types.NewDynamicProperty(
- types.S,
- types.NewAny(
- types.S,
- types.NewArray(nil, types.A),
- ),
- )),
-)
+var NetCIDRIsValid = v1.NetCIDRIsValid
// Marked non-deterministic because DNS resolution results can be non-deterministic.
-var NetLookupIPAddr = &Builtin{
- Name: "net.lookup_ip_addr",
- Description: "Returns the set of IP addresses (both v4 and v6) that the passed-in `name` resolves to using the standard name resolution mechanisms available.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("name", types.S).Description("domain name to resolve"),
- ),
- types.Named("addrs", types.NewSet(types.S)).Description("IP addresses (v4 and v6) that `name` resolves to"),
- ),
- Nondeterministic: true,
-}
+var NetLookupIPAddr = v1.NetLookupIPAddr
/**
* Semantic Versions
*/
-var SemVerIsValid = &Builtin{
- Name: "semver.is_valid",
- Description: "Validates that the input is a valid SemVer string.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("vsn", types.A),
- ),
- types.Named("result", types.B).Description("`true` if `vsn` is a valid SemVer; `false` otherwise"),
- ),
-}
+var SemVerIsValid = v1.SemVerIsValid
-var SemVerCompare = &Builtin{
- Name: "semver.compare",
- Description: "Compares valid SemVer formatted version strings.",
- Decl: types.NewFunction(
- types.Args(
- types.Named("a", types.S),
- types.Named("b", types.S),
- ),
- types.Named("result", types.N).Description("`-1` if `a < b`; `1` if `a > b`; `0` if `a == b`"),
- ),
-}
+var SemVerCompare = v1.SemVerCompare
/**
* Printing
@@ -3128,248 +579,56 @@ var SemVerCompare = &Builtin{
// operands may be of any type. Furthermore, unlike other built-in functions,
// undefined operands DO NOT cause the print() function to fail during
// evaluation.
-var Print = &Builtin{
- Name: "print",
- Decl: types.NewVariadicFunction(nil, types.A, nil),
-}
+var Print = v1.Print
// InternalPrint represents the internal implementation of the print() function.
// The compiler rewrites print() calls to refer to the internal implementation.
-var InternalPrint = &Builtin{
- Name: "internal.print",
- Decl: types.NewFunction([]types.Type{types.NewArray(nil, types.NewSet(types.A))}, nil),
-}
+var InternalPrint = v1.InternalPrint
/**
* Deprecated built-ins.
*/
// SetDiff has been replaced by the minus built-in.
-var SetDiff = &Builtin{
- Name: "set_diff",
- Decl: types.NewFunction(
- types.Args(
- types.NewSet(types.A),
- types.NewSet(types.A),
- ),
- types.NewSet(types.A),
- ),
- deprecated: true,
-}
+var SetDiff = v1.SetDiff
// NetCIDROverlap has been replaced by the `net.cidr_contains` built-in.
-var NetCIDROverlap = &Builtin{
- Name: "net.cidr_overlap",
- Decl: types.NewFunction(
- types.Args(
- types.S,
- types.S,
- ),
- types.B,
- ),
- deprecated: true,
-}
+var NetCIDROverlap = v1.NetCIDROverlap
// CastArray checks the underlying type of the input. If it is array or set, an array
// containing the values is returned. If it is not an array, an error is thrown.
-var CastArray = &Builtin{
- Name: "cast_array",
- Decl: types.NewFunction(
- types.Args(types.A),
- types.NewArray(nil, types.A),
- ),
- deprecated: true,
-}
+var CastArray = v1.CastArray
// CastSet checks the underlying type of the input.
// If it is a set, the set is returned.
// If it is an array, the array is returned in set form (all duplicates removed)
// If neither, an error is thrown
-var CastSet = &Builtin{
- Name: "cast_set",
- Decl: types.NewFunction(
- types.Args(types.A),
- types.NewSet(types.A),
- ),
- deprecated: true,
-}
+var CastSet = v1.CastSet
// CastString returns input if it is a string; if not returns error.
// For formatting variables, see sprintf
-var CastString = &Builtin{
- Name: "cast_string",
- Decl: types.NewFunction(
- types.Args(types.A),
- types.S,
- ),
- deprecated: true,
-}
+var CastString = v1.CastString
// CastBoolean returns input if it is a boolean; if not returns error.
-var CastBoolean = &Builtin{
- Name: "cast_boolean",
- Decl: types.NewFunction(
- types.Args(types.A),
- types.B,
- ),
- deprecated: true,
-}
+var CastBoolean = v1.CastBoolean
// CastNull returns null if input is null; if not returns error.
-var CastNull = &Builtin{
- Name: "cast_null",
- Decl: types.NewFunction(
- types.Args(types.A),
- types.NewNull(),
- ),
- deprecated: true,
-}
+var CastNull = v1.CastNull
// CastObject returns the given object if it is null; throws an error otherwise
-var CastObject = &Builtin{
- Name: "cast_object",
- Decl: types.NewFunction(
- types.Args(types.A),
- types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
- ),
- deprecated: true,
-}
+var CastObject = v1.CastObject
// RegexMatchDeprecated declares `re_match` which has been deprecated. Use `regex.match` instead.
-var RegexMatchDeprecated = &Builtin{
- Name: "re_match",
- Decl: types.NewFunction(
- types.Args(
- types.S,
- types.S,
- ),
- types.B,
- ),
- deprecated: true,
-}
+var RegexMatchDeprecated = v1.RegexMatchDeprecated
// All takes a list and returns true if all of the items
// are true. A collection of length 0 returns true.
-var All = &Builtin{
- Name: "all",
- Decl: types.NewFunction(
- types.Args(
- types.NewAny(
- types.NewSet(types.A),
- types.NewArray(nil, types.A),
- ),
- ),
- types.B,
- ),
- deprecated: true,
-}
+var All = v1.All
// Any takes a collection and returns true if any of the items
// is true. A collection of length 0 returns false.
-var Any = &Builtin{
- Name: "any",
- Decl: types.NewFunction(
- types.Args(
- types.NewAny(
- types.NewSet(types.A),
- types.NewArray(nil, types.A),
- ),
- ),
- types.B,
- ),
- deprecated: true,
-}
+var Any = v1.Any
// Builtin represents a built-in function supported by OPA. Every built-in
// function is uniquely identified by a name.
-type Builtin struct {
- Name string `json:"name"` // Unique name of built-in function, e.g., (arg1,arg2,...,argN)
- Description string `json:"description,omitempty"` // Description of what the built-in function does.
-
- // Categories of the built-in function. Omitted for namespaced
- // built-ins, i.e. "array.concat" is taken to be of the "array" category.
- // "minus" for example, is part of two categories: numbers and sets. (NOTE(sr): aspirational)
- Categories []string `json:"categories,omitempty"`
-
- Decl *types.Function `json:"decl"` // Built-in function type declaration.
- Infix string `json:"infix,omitempty"` // Unique name of infix operator. Default should be unset.
- Relation bool `json:"relation,omitempty"` // Indicates if the built-in acts as a relation.
- deprecated bool // Indicates if the built-in has been deprecated.
- Nondeterministic bool `json:"nondeterministic,omitempty"` // Indicates if the built-in returns non-deterministic results.
-}
-
-// category is a helper for specifying a Builtin's Categories
-func category(cs ...string) []string {
- return cs
-}
-
-// Minimal returns a shallow copy of b with the descriptions and categories and
-// named arguments stripped out.
-func (b *Builtin) Minimal() *Builtin {
- cpy := *b
- fargs := b.Decl.FuncArgs()
- if fargs.Variadic != nil {
- cpy.Decl = types.NewVariadicFunction(fargs.Args, fargs.Variadic, b.Decl.Result())
- } else {
- cpy.Decl = types.NewFunction(fargs.Args, b.Decl.Result())
- }
- cpy.Categories = nil
- cpy.Description = ""
- return &cpy
-}
-
-// IsDeprecated returns true if the Builtin function is deprecated and will be removed in a future release.
-func (b *Builtin) IsDeprecated() bool {
- return b.deprecated
-}
-
-// IsDeterministic returns true if the Builtin function returns non-deterministic results.
-func (b *Builtin) IsNondeterministic() bool {
- return b.Nondeterministic
-}
-
-// Expr creates a new expression for the built-in with the given operands.
-func (b *Builtin) Expr(operands ...*Term) *Expr {
- ts := make([]*Term, len(operands)+1)
- ts[0] = NewTerm(b.Ref())
- for i := range operands {
- ts[i+1] = operands[i]
- }
- return &Expr{
- Terms: ts,
- }
-}
-
-// Call creates a new term for the built-in with the given operands.
-func (b *Builtin) Call(operands ...*Term) *Term {
- call := make(Call, len(operands)+1)
- call[0] = NewTerm(b.Ref())
- for i := range operands {
- call[i+1] = operands[i]
- }
- return NewTerm(call)
-}
-
-// Ref returns a Ref that refers to the built-in function.
-func (b *Builtin) Ref() Ref {
- parts := strings.Split(b.Name, ".")
- ref := make(Ref, len(parts))
- ref[0] = VarTerm(parts[0])
- for i := 1; i < len(parts); i++ {
- ref[i] = StringTerm(parts[i])
- }
- return ref
-}
-
-// IsTargetPos returns true if a variable in the i-th position will be bound by
-// evaluating the call expression.
-func (b *Builtin) IsTargetPos(i int) bool {
- return len(b.Decl.FuncArgs().Args) == i
-}
-
-func init() {
- BuiltinMap = map[string]*Builtin{}
- for _, b := range DefaultBuiltins {
- RegisterBuiltin(b)
- }
-}
+type Builtin = v1.Builtin
diff --git a/vendor/github.com/open-policy-agent/opa/ast/capabilities.go b/vendor/github.com/open-policy-agent/opa/ast/capabilities.go
index 3b95d79e57..bc7278a885 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/capabilities.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/capabilities.go
@@ -5,228 +5,54 @@
package ast
import (
- "bytes"
- _ "embed"
- "encoding/json"
- "fmt"
"io"
- "os"
- "sort"
- "strings"
- caps "github.com/open-policy-agent/opa/capabilities"
- "github.com/open-policy-agent/opa/internal/semver"
- "github.com/open-policy-agent/opa/internal/wasm/sdk/opa/capabilities"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// VersonIndex contains an index from built-in function name, language feature,
// and future rego keyword to version number. During the build, this is used to
// create an index of the minimum version required for the built-in/feature/kw.
-type VersionIndex struct {
- Builtins map[string]semver.Version `json:"builtins"`
- Features map[string]semver.Version `json:"features"`
- Keywords map[string]semver.Version `json:"keywords"`
-}
-
-// NOTE(tsandall): this file is generated by internal/cmd/genversionindex/main.go
-// and run as part of go:generate. We generate the version index as part of the
-// build process because it's relatively expensive to build (it takes ~500ms on
-// my machine) and never changes.
-//
-//go:embed version_index.json
-var versionIndexBs []byte
-
-var minVersionIndex = func() VersionIndex {
- var vi VersionIndex
- err := json.Unmarshal(versionIndexBs, &vi)
- if err != nil {
- panic(err)
- }
- return vi
-}()
+type VersionIndex = v1.VersionIndex
// In the compiler, we used this to check that we're OK working with ref heads.
// If this isn't present, we'll fail. This is to ensure that older versions of
// OPA can work with policies that we're compiling -- if they don't know ref
// heads, they wouldn't be able to parse them.
-const FeatureRefHeadStringPrefixes = "rule_head_ref_string_prefixes"
-const FeatureRefHeads = "rule_head_refs"
-const FeatureRegoV1Import = "rego_v1_import"
+const FeatureRefHeadStringPrefixes = v1.FeatureRefHeadStringPrefixes
+const FeatureRefHeads = v1.FeatureRefHeads
+const FeatureRegoV1 = v1.FeatureRegoV1
+const FeatureRegoV1Import = v1.FeatureRegoV1Import
// Capabilities defines a structure containing data that describes the capabilities
// or features supported by a particular version of OPA.
-type Capabilities struct {
- Builtins []*Builtin `json:"builtins,omitempty"`
- FutureKeywords []string `json:"future_keywords,omitempty"`
- WasmABIVersions []WasmABIVersion `json:"wasm_abi_versions,omitempty"`
-
- // Features is a bit of a mixed bag for checking that an older version of OPA
- // is able to do what needs to be done.
- // TODO(sr): find better words ^^
- Features []string `json:"features,omitempty"`
-
- // allow_net is an array of hostnames or IP addresses, that an OPA instance is
- // allowed to connect to.
- // If omitted, ANY host can be connected to. If empty, NO host can be connected to.
- // As of now, this only controls fetching remote refs for using JSON Schemas in
- // the type checker.
- // TODO(sr): support ports to further restrict connection peers
- // TODO(sr): support restricting `http.send` using the same mechanism (see https://github.com/open-policy-agent/opa/issues/3665)
- AllowNet []string `json:"allow_net,omitempty"`
-}
+type Capabilities = v1.Capabilities
// WasmABIVersion captures the Wasm ABI version. Its `Minor` version is indicating
// backwards-compatible changes.
-type WasmABIVersion struct {
- Version int `json:"version"`
- Minor int `json:"minor_version"`
-}
+type WasmABIVersion = v1.WasmABIVersion
// CapabilitiesForThisVersion returns the capabilities of this version of OPA.
func CapabilitiesForThisVersion() *Capabilities {
- f := &Capabilities{}
-
- for _, vers := range capabilities.ABIVersions() {
- f.WasmABIVersions = append(f.WasmABIVersions, WasmABIVersion{Version: vers[0], Minor: vers[1]})
- }
-
- f.Builtins = make([]*Builtin, len(Builtins))
- copy(f.Builtins, Builtins)
- sort.Slice(f.Builtins, func(i, j int) bool {
- return f.Builtins[i].Name < f.Builtins[j].Name
- })
-
- for kw := range futureKeywords {
- f.FutureKeywords = append(f.FutureKeywords, kw)
- }
- sort.Strings(f.FutureKeywords)
-
- f.Features = []string{
- FeatureRefHeadStringPrefixes,
- FeatureRefHeads,
- FeatureRegoV1Import,
- }
-
- return f
+ return v1.CapabilitiesForThisVersion(v1.CapabilitiesRegoVersion(DefaultRegoVersion))
}
// LoadCapabilitiesJSON loads a JSON serialized capabilities structure from the reader r.
func LoadCapabilitiesJSON(r io.Reader) (*Capabilities, error) {
- d := util.NewJSONDecoder(r)
- var c Capabilities
- return &c, d.Decode(&c)
+ return v1.LoadCapabilitiesJSON(r)
}
// LoadCapabilitiesVersion loads a JSON serialized capabilities structure from the specific version.
func LoadCapabilitiesVersion(version string) (*Capabilities, error) {
- cvs, err := LoadCapabilitiesVersions()
- if err != nil {
- return nil, err
- }
-
- for _, cv := range cvs {
- if cv == version {
- cont, err := caps.FS.ReadFile(cv + ".json")
- if err != nil {
- return nil, err
- }
-
- return LoadCapabilitiesJSON(bytes.NewReader(cont))
- }
-
- }
- return nil, fmt.Errorf("no capabilities version found %v", version)
+ return v1.LoadCapabilitiesVersion(version)
}
// LoadCapabilitiesFile loads a JSON serialized capabilities structure from a file.
func LoadCapabilitiesFile(file string) (*Capabilities, error) {
- fd, err := os.Open(file)
- if err != nil {
- return nil, err
- }
- defer fd.Close()
- return LoadCapabilitiesJSON(fd)
+ return v1.LoadCapabilitiesFile(file)
}
// LoadCapabilitiesVersions loads all capabilities versions
func LoadCapabilitiesVersions() ([]string, error) {
- ents, err := caps.FS.ReadDir(".")
- if err != nil {
- return nil, err
- }
-
- capabilitiesVersions := make([]string, 0, len(ents))
- for _, ent := range ents {
- capabilitiesVersions = append(capabilitiesVersions, strings.Replace(ent.Name(), ".json", "", 1))
- }
- return capabilitiesVersions, nil
-}
-
-// MinimumCompatibleVersion returns the minimum compatible OPA version based on
-// the built-ins, features, and keywords in c.
-func (c *Capabilities) MinimumCompatibleVersion() (string, bool) {
-
- var maxVersion semver.Version
-
- // this is the oldest OPA release that includes capabilities
- if err := maxVersion.Set("0.17.0"); err != nil {
- panic("unreachable")
- }
-
- for _, bi := range c.Builtins {
- v, ok := minVersionIndex.Builtins[bi.Name]
- if !ok {
- return "", false
- }
- if v.Compare(maxVersion) > 0 {
- maxVersion = v
- }
- }
-
- for _, kw := range c.FutureKeywords {
- v, ok := minVersionIndex.Keywords[kw]
- if !ok {
- return "", false
- }
- if v.Compare(maxVersion) > 0 {
- maxVersion = v
- }
- }
-
- for _, feat := range c.Features {
- v, ok := minVersionIndex.Features[feat]
- if !ok {
- return "", false
- }
- if v.Compare(maxVersion) > 0 {
- maxVersion = v
- }
- }
-
- return maxVersion.String(), true
-}
-
-func (c *Capabilities) ContainsFeature(feature string) bool {
- for _, f := range c.Features {
- if f == feature {
- return true
- }
- }
- return false
-}
-
-// addBuiltinSorted inserts a built-in into c in sorted order. An existing built-in with the same name
-// will be overwritten.
-func (c *Capabilities) addBuiltinSorted(bi *Builtin) {
- i := sort.Search(len(c.Builtins), func(x int) bool {
- return c.Builtins[x].Name >= bi.Name
- })
- if i < len(c.Builtins) && bi.Name == c.Builtins[i].Name {
- c.Builtins[i] = bi
- return
- }
- c.Builtins = append(c.Builtins, nil)
- copy(c.Builtins[i+1:], c.Builtins[i:])
- c.Builtins[i] = bi
+ return v1.LoadCapabilitiesVersions()
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/check.go b/vendor/github.com/open-policy-agent/opa/ast/check.go
index 03d31123cf..4cf00436df 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/check.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/check.go
@@ -5,1317 +5,18 @@
package ast
import (
- "fmt"
- "sort"
- "strings"
-
- "github.com/open-policy-agent/opa/types"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
-type varRewriter func(Ref) Ref
-
-// exprChecker defines the interface for executing type checking on a single
-// expression. The exprChecker must update the provided TypeEnv with inferred
-// types of vars.
-type exprChecker func(*TypeEnv, *Expr) *Error
-
-// typeChecker implements type checking on queries and rules. Errors are
-// accumulated on the typeChecker so that a single run can report multiple
-// issues.
-type typeChecker struct {
- builtins map[string]*Builtin
- required *Capabilities
- errs Errors
- exprCheckers map[string]exprChecker
- varRewriter varRewriter
- ss *SchemaSet
- allowNet []string
- input types.Type
- allowUndefinedFuncs bool
- schemaTypes map[string]types.Type
-}
-
-// newTypeChecker returns a new typeChecker object that has no errors.
-func newTypeChecker() *typeChecker {
- return &typeChecker{
- builtins: make(map[string]*Builtin),
- schemaTypes: make(map[string]types.Type),
- exprCheckers: map[string]exprChecker{
- "eq": checkExprEq,
- },
- }
-}
-
-func (tc *typeChecker) newEnv(exist *TypeEnv) *TypeEnv {
- if exist != nil {
- return exist.wrap()
- }
- env := newTypeEnv(tc.copy)
- if tc.input != nil {
- env.tree.Put(InputRootRef, tc.input)
- }
- return env
-}
-
-func (tc *typeChecker) copy() *typeChecker {
- return newTypeChecker().
- WithVarRewriter(tc.varRewriter).
- WithSchemaSet(tc.ss).
- WithAllowNet(tc.allowNet).
- WithInputType(tc.input).
- WithAllowUndefinedFunctionCalls(tc.allowUndefinedFuncs).
- WithBuiltins(tc.builtins).
- WithRequiredCapabilities(tc.required)
-}
-
-func (tc *typeChecker) WithRequiredCapabilities(c *Capabilities) *typeChecker {
- tc.required = c
- return tc
-}
-
-func (tc *typeChecker) WithBuiltins(builtins map[string]*Builtin) *typeChecker {
- tc.builtins = builtins
- return tc
-}
-
-func (tc *typeChecker) WithSchemaSet(ss *SchemaSet) *typeChecker {
- tc.ss = ss
- return tc
-}
-
-func (tc *typeChecker) WithAllowNet(hosts []string) *typeChecker {
- tc.allowNet = hosts
- return tc
-}
-
-func (tc *typeChecker) WithVarRewriter(f varRewriter) *typeChecker {
- tc.varRewriter = f
- return tc
-}
-
-func (tc *typeChecker) WithInputType(tpe types.Type) *typeChecker {
- tc.input = tpe
- return tc
-}
-
-// WithAllowUndefinedFunctionCalls sets the type checker to allow references to undefined functions.
-// Additionally, the 'CheckUndefinedFuncs' and 'CheckSafetyRuleBodies' compiler stages are skipped.
-func (tc *typeChecker) WithAllowUndefinedFunctionCalls(allow bool) *typeChecker {
- tc.allowUndefinedFuncs = allow
- return tc
-}
-
-// Env returns a type environment for the specified built-ins with any other
-// global types configured on the checker. In practice, this is the default
-// environment that other statements will be checked against.
-func (tc *typeChecker) Env(builtins map[string]*Builtin) *TypeEnv {
- env := tc.newEnv(nil)
- for _, bi := range builtins {
- env.tree.Put(bi.Ref(), bi.Decl)
- }
- return env
-}
-
-// CheckBody runs type checking on the body and returns a TypeEnv if no errors
-// are found. The resulting TypeEnv wraps the provided one. The resulting
-// TypeEnv will be able to resolve types of vars contained in the body.
-func (tc *typeChecker) CheckBody(env *TypeEnv, body Body) (*TypeEnv, Errors) {
-
- errors := []*Error{}
- env = tc.newEnv(env)
-
- WalkExprs(body, func(expr *Expr) bool {
-
- closureErrs := tc.checkClosures(env, expr)
- for _, err := range closureErrs {
- errors = append(errors, err)
- }
-
- hasClosureErrors := len(closureErrs) > 0
-
- vis := newRefChecker(env, tc.varRewriter)
- NewGenericVisitor(vis.Visit).Walk(expr)
- for _, err := range vis.errs {
- errors = append(errors, err)
- }
-
- hasRefErrors := len(vis.errs) > 0
-
- if err := tc.checkExpr(env, expr); err != nil {
- // Suppress this error if a more actionable one has occurred. In
- // this case, if an error occurred in a ref or closure contained in
- // this expression, and the error is due to a nil type, then it's
- // likely to be the result of the more specific error.
- skip := (hasClosureErrors || hasRefErrors) && causedByNilType(err)
- if !skip {
- errors = append(errors, err)
- }
- }
- return true
- })
-
- tc.err(errors)
- return env, errors
-}
-
-// CheckTypes runs type checking on the rules returns a TypeEnv if no errors
-// are found. The resulting TypeEnv wraps the provided one. The resulting
-// TypeEnv will be able to resolve types of refs that refer to rules.
-func (tc *typeChecker) CheckTypes(env *TypeEnv, sorted []util.T, as *AnnotationSet) (*TypeEnv, Errors) {
- env = tc.newEnv(env)
- for _, s := range sorted {
- tc.checkRule(env, as, s.(*Rule))
- }
- tc.errs.Sort()
- return env, tc.errs
-}
-
-func (tc *typeChecker) checkClosures(env *TypeEnv, expr *Expr) Errors {
- var result Errors
- WalkClosures(expr, func(x interface{}) bool {
- switch x := x.(type) {
- case *ArrayComprehension:
- _, errs := tc.copy().CheckBody(env, x.Body)
- if len(errs) > 0 {
- result = errs
- return true
- }
- case *SetComprehension:
- _, errs := tc.copy().CheckBody(env, x.Body)
- if len(errs) > 0 {
- result = errs
- return true
- }
- case *ObjectComprehension:
- _, errs := tc.copy().CheckBody(env, x.Body)
- if len(errs) > 0 {
- result = errs
- return true
- }
- }
- return false
- })
- return result
-}
-
-func (tc *typeChecker) getSchemaType(schemaAnnot *SchemaAnnotation, rule *Rule) (types.Type, *Error) {
- if refType, exists := tc.schemaTypes[schemaAnnot.Schema.String()]; exists {
- return refType, nil
- }
-
- refType, err := processAnnotation(tc.ss, schemaAnnot, rule, tc.allowNet)
- if err != nil {
- return nil, err
- }
-
- if refType == nil {
- return nil, nil
- }
-
- tc.schemaTypes[schemaAnnot.Schema.String()] = refType
- return refType, nil
-
-}
-
-func (tc *typeChecker) checkRule(env *TypeEnv, as *AnnotationSet, rule *Rule) {
-
- env = env.wrap()
-
- schemaAnnots := getRuleAnnotation(as, rule)
- for _, schemaAnnot := range schemaAnnots {
- refType, err := tc.getSchemaType(schemaAnnot, rule)
- if err != nil {
- tc.err([]*Error{err})
- continue
- }
-
- ref := schemaAnnot.Path
- // if we do not have a ref or a reftype, we should not evaluate this rule.
- if ref == nil || refType == nil {
- continue
- }
-
- prefixRef, t := getPrefix(env, ref)
- if t == nil || len(prefixRef) == len(ref) {
- env.tree.Put(ref, refType)
- } else {
- newType, err := override(ref[len(prefixRef):], t, refType, rule)
- if err != nil {
- tc.err([]*Error{err})
- continue
- }
- env.tree.Put(prefixRef, newType)
- }
- }
-
- cpy, err := tc.CheckBody(env, rule.Body)
- env = env.next
- path := rule.Ref()
-
- if len(err) > 0 {
- // if the rule/function contains an error, add it to the type env so
- // that expressions that refer to this rule/function do not encounter
- // type errors.
- env.tree.Put(path, types.A)
- return
- }
-
- var tpe types.Type
-
- if len(rule.Head.Args) > 0 {
- // If args are not referred to in body, infer as any.
- WalkVars(rule.Head.Args, func(v Var) bool {
- if cpy.Get(v) == nil {
- cpy.tree.PutOne(v, types.A)
- }
- return false
- })
-
- // Construct function type.
- args := make([]types.Type, len(rule.Head.Args))
- for i := 0; i < len(rule.Head.Args); i++ {
- args[i] = cpy.Get(rule.Head.Args[i])
- }
-
- f := types.NewFunction(args, cpy.Get(rule.Head.Value))
-
- tpe = f
- } else {
- switch rule.Head.RuleKind() {
- case SingleValue:
- typeV := cpy.Get(rule.Head.Value)
- if !path.IsGround() {
- // e.g. store object[string: whatever] at data.p.q.r, not data.p.q.r[x] or data.p.q.r[x].y[z]
- objPath := path.DynamicSuffix()
- path = path.GroundPrefix()
-
- var err error
- tpe, err = nestedObject(cpy, objPath, typeV)
- if err != nil {
- tc.err([]*Error{NewError(TypeErr, rule.Head.Location, err.Error())})
- tpe = nil
- }
- } else {
- if typeV != nil {
- tpe = typeV
- }
- }
- case MultiValue:
- typeK := cpy.Get(rule.Head.Key)
- if typeK != nil {
- tpe = types.NewSet(typeK)
- }
- }
- }
-
- if tpe != nil {
- env.tree.Insert(path, tpe, env)
- }
-}
-
-// nestedObject creates a nested structure of object types, where each term on path corresponds to a level in the
-// nesting. Each term in the path only contributes to the dynamic portion of its corresponding object.
-func nestedObject(env *TypeEnv, path Ref, tpe types.Type) (types.Type, error) {
- if len(path) == 0 {
- return tpe, nil
- }
-
- k := path[0]
- typeV, err := nestedObject(env, path[1:], tpe)
- if err != nil {
- return nil, err
- }
- if typeV == nil {
- return nil, nil
- }
-
- var dynamicProperty *types.DynamicProperty
- typeK := env.Get(k)
- if typeK == nil {
- return nil, nil
- }
- dynamicProperty = types.NewDynamicProperty(typeK, typeV)
-
- return types.NewObject(nil, dynamicProperty), nil
-}
-
-func (tc *typeChecker) checkExpr(env *TypeEnv, expr *Expr) *Error {
- if err := tc.checkExprWith(env, expr, 0); err != nil {
- return err
- }
- if !expr.IsCall() {
- return nil
- }
-
- operator := expr.Operator().String()
-
- // If the type checker wasn't provided with a required capabilities
- // structure then just skip. In some cases, type checking might be run
- // without the need to record what builtins are required.
- if tc.required != nil {
- if bi, ok := tc.builtins[operator]; ok {
- tc.required.addBuiltinSorted(bi)
- }
- }
-
- checker := tc.exprCheckers[operator]
- if checker != nil {
- return checker(env, expr)
- }
-
- return tc.checkExprBuiltin(env, expr)
-}
-
-func (tc *typeChecker) checkExprBuiltin(env *TypeEnv, expr *Expr) *Error {
-
- args := expr.Operands()
- pre := getArgTypes(env, args)
-
- // NOTE(tsandall): undefined functions will have been caught earlier in the
- // compiler. We check for undefined functions before the safety check so
- // that references to non-existent functions result in undefined function
- // errors as opposed to unsafe var errors.
- //
- // We cannot run type checking before the safety check because part of the
- // type checker relies on reordering (in particular for references to local
- // vars).
- name := expr.Operator()
- tpe := env.Get(name)
-
- if tpe == nil {
- if tc.allowUndefinedFuncs {
- return nil
- }
- return NewError(TypeErr, expr.Location, "undefined function %v", name)
- }
-
- // check if the expression refers to a function that contains an error
- _, ok := tpe.(types.Any)
- if ok {
- return nil
- }
-
- ftpe, ok := tpe.(*types.Function)
- if !ok {
- return NewError(TypeErr, expr.Location, "undefined function %v", name)
- }
-
- fargs := ftpe.FuncArgs()
- namedFargs := ftpe.NamedFuncArgs()
-
- if ftpe.Result() != nil {
- fargs.Args = append(fargs.Args, ftpe.Result())
- namedFargs.Args = append(namedFargs.Args, ftpe.NamedResult())
- }
-
- if len(args) > len(fargs.Args) && fargs.Variadic == nil {
- return newArgError(expr.Location, name, "too many arguments", pre, namedFargs)
- }
-
- if len(args) < len(ftpe.FuncArgs().Args) {
- return newArgError(expr.Location, name, "too few arguments", pre, namedFargs)
- }
-
- for i := range args {
- if !unify1(env, args[i], fargs.Arg(i), false) {
- post := make([]types.Type, len(args))
- for i := range args {
- post[i] = env.Get(args[i])
- }
- return newArgError(expr.Location, name, "invalid argument(s)", post, namedFargs)
- }
- }
-
- return nil
-}
-
-func checkExprEq(env *TypeEnv, expr *Expr) *Error {
-
- pre := getArgTypes(env, expr.Operands())
- exp := Equality.Decl.FuncArgs()
-
- if len(pre) < len(exp.Args) {
- return newArgError(expr.Location, expr.Operator(), "too few arguments", pre, exp)
- }
-
- if len(exp.Args) < len(pre) {
- return newArgError(expr.Location, expr.Operator(), "too many arguments", pre, exp)
- }
-
- a, b := expr.Operand(0), expr.Operand(1)
- typeA, typeB := env.Get(a), env.Get(b)
-
- if !unify2(env, a, typeA, b, typeB) {
- err := NewError(TypeErr, expr.Location, "match error")
- err.Details = &UnificationErrDetail{
- Left: typeA,
- Right: typeB,
- }
- return err
- }
-
- return nil
-}
-
-func (tc *typeChecker) checkExprWith(env *TypeEnv, expr *Expr, i int) *Error {
- if i == len(expr.With) {
- return nil
- }
-
- target, value := expr.With[i].Target, expr.With[i].Value
- targetType, valueType := env.Get(target), env.Get(value)
-
- if t, ok := targetType.(*types.Function); ok { // built-in function replacement
- switch v := valueType.(type) {
- case *types.Function: // ...by function
- if !unifies(targetType, valueType) {
- return newArgError(expr.With[i].Loc(), target.Value.(Ref), "arity mismatch", v.FuncArgs().Args, t.NamedFuncArgs())
- }
- default: // ... by value, nothing to check
- }
- }
-
- return tc.checkExprWith(env, expr, i+1)
-}
-
-func unify2(env *TypeEnv, a *Term, typeA types.Type, b *Term, typeB types.Type) bool {
-
- nilA := types.Nil(typeA)
- nilB := types.Nil(typeB)
-
- if nilA && !nilB {
- return unify1(env, a, typeB, false)
- } else if nilB && !nilA {
- return unify1(env, b, typeA, false)
- } else if !nilA && !nilB {
- return unifies(typeA, typeB)
- }
-
- switch a.Value.(type) {
- case *Array:
- return unify2Array(env, a, b)
- case *object:
- return unify2Object(env, a, b)
- case Var:
- switch b.Value.(type) {
- case Var:
- return unify1(env, a, types.A, false) && unify1(env, b, env.Get(a), false)
- case *Array:
- return unify2Array(env, b, a)
- case *object:
- return unify2Object(env, b, a)
- }
- }
-
- return false
-}
-
-func unify2Array(env *TypeEnv, a *Term, b *Term) bool {
- arr := a.Value.(*Array)
- switch bv := b.Value.(type) {
- case *Array:
- if arr.Len() == bv.Len() {
- for i := 0; i < arr.Len(); i++ {
- if !unify2(env, arr.Elem(i), env.Get(arr.Elem(i)), bv.Elem(i), env.Get(bv.Elem(i))) {
- return false
- }
- }
- return true
- }
- case Var:
- return unify1(env, a, types.A, false) && unify1(env, b, env.Get(a), false)
- }
- return false
-}
-
-func unify2Object(env *TypeEnv, a *Term, b *Term) bool {
- obj := a.Value.(Object)
- switch bv := b.Value.(type) {
- case *object:
- cv := obj.Intersect(bv)
- if obj.Len() == bv.Len() && bv.Len() == len(cv) {
- for i := range cv {
- if !unify2(env, cv[i][1], env.Get(cv[i][1]), cv[i][2], env.Get(cv[i][2])) {
- return false
- }
- }
- return true
- }
- case Var:
- return unify1(env, a, types.A, false) && unify1(env, b, env.Get(a), false)
- }
- return false
-}
-
-func unify1(env *TypeEnv, term *Term, tpe types.Type, union bool) bool {
- switch v := term.Value.(type) {
- case *Array:
- switch tpe := tpe.(type) {
- case *types.Array:
- return unify1Array(env, v, tpe, union)
- case types.Any:
- if types.Compare(tpe, types.A) == 0 {
- for i := 0; i < v.Len(); i++ {
- unify1(env, v.Elem(i), types.A, true)
- }
- return true
- }
- unifies := false
- for i := range tpe {
- unifies = unify1(env, term, tpe[i], true) || unifies
- }
- return unifies
- }
- return false
- case *object:
- switch tpe := tpe.(type) {
- case *types.Object:
- return unify1Object(env, v, tpe, union)
- case types.Any:
- if types.Compare(tpe, types.A) == 0 {
- v.Foreach(func(key, value *Term) {
- unify1(env, key, types.A, true)
- unify1(env, value, types.A, true)
- })
- return true
- }
- unifies := false
- for i := range tpe {
- unifies = unify1(env, term, tpe[i], true) || unifies
- }
- return unifies
- }
- return false
- case Set:
- switch tpe := tpe.(type) {
- case *types.Set:
- return unify1Set(env, v, tpe, union)
- case types.Any:
- if types.Compare(tpe, types.A) == 0 {
- v.Foreach(func(elem *Term) {
- unify1(env, elem, types.A, true)
- })
- return true
- }
- unifies := false
- for i := range tpe {
- unifies = unify1(env, term, tpe[i], true) || unifies
- }
- return unifies
- }
- return false
- case Ref, *ArrayComprehension, *ObjectComprehension, *SetComprehension:
- return unifies(env.Get(v), tpe)
- case Var:
- if !union {
- if exist := env.Get(v); exist != nil {
- return unifies(exist, tpe)
- }
- env.tree.PutOne(term.Value, tpe)
- } else {
- env.tree.PutOne(term.Value, types.Or(env.Get(v), tpe))
- }
- return true
- default:
- if !IsConstant(v) {
- panic("unreachable")
- }
- return unifies(env.Get(term), tpe)
- }
-}
-
-func unify1Array(env *TypeEnv, val *Array, tpe *types.Array, union bool) bool {
- if val.Len() != tpe.Len() && tpe.Dynamic() == nil {
- return false
- }
- for i := 0; i < val.Len(); i++ {
- if !unify1(env, val.Elem(i), tpe.Select(i), union) {
- return false
- }
- }
- return true
-}
-
-func unify1Object(env *TypeEnv, val Object, tpe *types.Object, union bool) bool {
- if val.Len() != len(tpe.Keys()) && tpe.DynamicValue() == nil {
- return false
- }
- stop := val.Until(func(k, v *Term) bool {
- if IsConstant(k.Value) {
- if child := selectConstant(tpe, k); child != nil {
- if !unify1(env, v, child, union) {
- return true
- }
- } else {
- return true
- }
- } else {
- // Inferring type of value under dynamic key would involve unioning
- // with all property values of tpe whose keys unify. For now, type
- // these values as Any. We can investigate stricter inference in
- // the future.
- unify1(env, v, types.A, union)
- }
- return false
- })
- return !stop
-}
-
-func unify1Set(env *TypeEnv, val Set, tpe *types.Set, union bool) bool {
- of := types.Values(tpe)
- return !val.Until(func(elem *Term) bool {
- return !unify1(env, elem, of, union)
- })
-}
-
-func (tc *typeChecker) err(errors []*Error) {
- tc.errs = append(tc.errs, errors...)
-}
-
-type refChecker struct {
- env *TypeEnv
- errs Errors
- varRewriter varRewriter
-}
-
-func rewriteVarsNop(node Ref) Ref {
- return node
-}
-
-func newRefChecker(env *TypeEnv, f varRewriter) *refChecker {
-
- if f == nil {
- f = rewriteVarsNop
- }
-
- return &refChecker{
- env: env,
- errs: nil,
- varRewriter: f,
- }
-}
-
-func (rc *refChecker) Visit(x interface{}) bool {
- switch x := x.(type) {
- case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
- return true
- case *Expr:
- switch terms := x.Terms.(type) {
- case []*Term:
- for i := 1; i < len(terms); i++ {
- NewGenericVisitor(rc.Visit).Walk(terms[i])
- }
- return true
- case *Term:
- NewGenericVisitor(rc.Visit).Walk(terms)
- return true
- }
- case Ref:
- if err := rc.checkApply(rc.env, x); err != nil {
- rc.errs = append(rc.errs, err)
- return true
- }
- if err := rc.checkRef(rc.env, rc.env.tree, x, 0); err != nil {
- rc.errs = append(rc.errs, err)
- }
- }
- return false
-}
-
-func (rc *refChecker) checkApply(curr *TypeEnv, ref Ref) *Error {
- switch tpe := curr.Get(ref).(type) {
- case *types.Function: // NOTE(sr): We don't support first-class functions, except for `with`.
- return newRefErrUnsupported(ref[0].Location, rc.varRewriter(ref), len(ref)-1, tpe)
- }
-
- return nil
-}
-
-func (rc *refChecker) checkRef(curr *TypeEnv, node *typeTreeNode, ref Ref, idx int) *Error {
-
- if idx == len(ref) {
- return nil
- }
-
- head := ref[idx]
-
- // NOTE(sr): as long as package statements are required, this isn't possible:
- // the shortest possible rule ref is data.a.b (b is idx 2), idx 1 and 2 need to
- // be strings or vars.
- if idx == 1 || idx == 2 {
- switch head.Value.(type) {
- case Var, String: // OK
- default:
- have := rc.env.Get(head.Value)
- return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, have, types.S, getOneOfForNode(node))
- }
- }
-
- if v, ok := head.Value.(Var); ok && idx != 0 {
- tpe := types.Keys(rc.env.getRefRecExtent(node))
- if exist := rc.env.Get(v); exist != nil {
- if !unifies(tpe, exist) {
- return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, exist, tpe, getOneOfForNode(node))
- }
- } else {
- rc.env.tree.PutOne(v, tpe)
- }
- }
-
- child := node.Child(head.Value)
- if child == nil {
- // NOTE(sr): idx is reset on purpose: we start over
- switch {
- case curr.next != nil:
- next := curr.next
- return rc.checkRef(next, next.tree, ref, 0)
-
- case RootDocumentNames.Contains(ref[0]):
- if idx != 0 {
- node.Children().Iter(func(_, child util.T) bool {
- _ = rc.checkRef(curr, child.(*typeTreeNode), ref, idx+1) // ignore error
- return false
- })
- return nil
- }
- return rc.checkRefLeaf(types.A, ref, 1)
-
- default:
- return rc.checkRefLeaf(types.A, ref, 0)
- }
- }
-
- if child.Leaf() {
- return rc.checkRefLeaf(child.Value(), ref, idx+1)
- }
-
- return rc.checkRef(curr, child, ref, idx+1)
-}
-
-func (rc *refChecker) checkRefLeaf(tpe types.Type, ref Ref, idx int) *Error {
-
- if idx == len(ref) {
- return nil
- }
-
- head := ref[idx]
-
- keys := types.Keys(tpe)
- if keys == nil {
- return newRefErrUnsupported(ref[0].Location, rc.varRewriter(ref), idx-1, tpe)
- }
-
- switch value := head.Value.(type) {
-
- case Var:
- if exist := rc.env.Get(value); exist != nil {
- if !unifies(exist, keys) {
- return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, exist, keys, getOneOfForType(tpe))
- }
- } else {
- rc.env.tree.PutOne(value, types.Keys(tpe))
- }
-
- case Ref:
- if exist := rc.env.Get(value); exist != nil {
- if !unifies(exist, keys) {
- return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, exist, keys, getOneOfForType(tpe))
- }
- }
-
- case *Array, Object, Set:
- if !unify1(rc.env, head, keys, false) {
- return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, rc.env.Get(head), keys, nil)
- }
-
- default:
- child := selectConstant(tpe, head)
- if child == nil {
- return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, nil, types.Keys(tpe), getOneOfForType(tpe))
- }
- return rc.checkRefLeaf(child, ref, idx+1)
- }
-
- return rc.checkRefLeaf(types.Values(tpe), ref, idx+1)
-}
-
-func unifies(a, b types.Type) bool {
-
- if a == nil || b == nil {
- return false
- }
-
- anyA, ok1 := a.(types.Any)
- if ok1 {
- if unifiesAny(anyA, b) {
- return true
- }
- }
-
- anyB, ok2 := b.(types.Any)
- if ok2 {
- if unifiesAny(anyB, a) {
- return true
- }
- }
-
- if ok1 || ok2 {
- return false
- }
-
- switch a := a.(type) {
- case types.Null:
- _, ok := b.(types.Null)
- return ok
- case types.Boolean:
- _, ok := b.(types.Boolean)
- return ok
- case types.Number:
- _, ok := b.(types.Number)
- return ok
- case types.String:
- _, ok := b.(types.String)
- return ok
- case *types.Array:
- b, ok := b.(*types.Array)
- if !ok {
- return false
- }
- return unifiesArrays(a, b)
- case *types.Object:
- b, ok := b.(*types.Object)
- if !ok {
- return false
- }
- return unifiesObjects(a, b)
- case *types.Set:
- b, ok := b.(*types.Set)
- if !ok {
- return false
- }
- return unifies(types.Values(a), types.Values(b))
- case *types.Function:
- // NOTE(sr): variadic functions can only be internal ones, and we've forbidden
- // their replacement via `with`; so we disregard variadic here
- if types.Arity(a) == types.Arity(b) {
- b := b.(*types.Function)
- for i := range a.FuncArgs().Args {
- if !unifies(a.FuncArgs().Arg(i), b.FuncArgs().Arg(i)) {
- return false
- }
- }
- return true
- }
- return false
- default:
- panic("unreachable")
- }
-}
-
-func unifiesAny(a types.Any, b types.Type) bool {
- if _, ok := b.(*types.Function); ok {
- return false
- }
- for i := range a {
- if unifies(a[i], b) {
- return true
- }
- }
- return len(a) == 0
-}
-
-func unifiesArrays(a, b *types.Array) bool {
-
- if !unifiesArraysStatic(a, b) {
- return false
- }
-
- if !unifiesArraysStatic(b, a) {
- return false
- }
-
- return a.Dynamic() == nil || b.Dynamic() == nil || unifies(a.Dynamic(), b.Dynamic())
-}
-
-func unifiesArraysStatic(a, b *types.Array) bool {
- if a.Len() != 0 {
- for i := 0; i < a.Len(); i++ {
- if !unifies(a.Select(i), b.Select(i)) {
- return false
- }
- }
- }
- return true
-}
-
-func unifiesObjects(a, b *types.Object) bool {
- if !unifiesObjectsStatic(a, b) {
- return false
- }
-
- if !unifiesObjectsStatic(b, a) {
- return false
- }
-
- return a.DynamicValue() == nil || b.DynamicValue() == nil || unifies(a.DynamicValue(), b.DynamicValue())
-}
-
-func unifiesObjectsStatic(a, b *types.Object) bool {
- for _, k := range a.Keys() {
- if !unifies(a.Select(k), b.Select(k)) {
- return false
- }
- }
- return true
-}
-
-// typeErrorCause defines an interface to determine the reason for a type
-// error. The type error details implement this interface so that type checking
-// can report more actionable errors.
-type typeErrorCause interface {
- nilType() bool
-}
-
-func causedByNilType(err *Error) bool {
- cause, ok := err.Details.(typeErrorCause)
- if !ok {
- return false
- }
- return cause.nilType()
-}
-
-// ArgErrDetail represents a generic argument error.
-type ArgErrDetail struct {
- Have []types.Type `json:"have"`
- Want types.FuncArgs `json:"want"`
-}
-
-// Lines returns the string representation of the detail.
-func (d *ArgErrDetail) Lines() []string {
- lines := make([]string, 2)
- lines[0] = "have: " + formatArgs(d.Have)
- lines[1] = "want: " + fmt.Sprint(d.Want)
- return lines
-}
-
-func (d *ArgErrDetail) nilType() bool {
- for i := range d.Have {
- if types.Nil(d.Have[i]) {
- return true
- }
- }
- return false
-}
-
// UnificationErrDetail describes a type mismatch error when two values are
// unified (e.g., x = [1,2,y]).
-type UnificationErrDetail struct {
- Left types.Type `json:"a"`
- Right types.Type `json:"b"`
-}
-
-func (a *UnificationErrDetail) nilType() bool {
- return types.Nil(a.Left) || types.Nil(a.Right)
-}
-
-// Lines returns the string representation of the detail.
-func (a *UnificationErrDetail) Lines() []string {
- lines := make([]string, 2)
- lines[0] = fmt.Sprint("left : ", types.Sprint(a.Left))
- lines[1] = fmt.Sprint("right : ", types.Sprint(a.Right))
- return lines
-}
+type UnificationErrDetail = v1.UnificationErrDetail
// RefErrUnsupportedDetail describes an undefined reference error where the
// referenced value does not support dereferencing (e.g., scalars).
-type RefErrUnsupportedDetail struct {
- Ref Ref `json:"ref"` // invalid ref
- Pos int `json:"pos"` // invalid element
- Have types.Type `json:"have"` // referenced type
-}
-
-// Lines returns the string representation of the detail.
-func (r *RefErrUnsupportedDetail) Lines() []string {
- lines := []string{
- r.Ref.String(),
- strings.Repeat("^", len(r.Ref[:r.Pos+1].String())),
- fmt.Sprintf("have: %v", r.Have),
- }
- return lines
-}
+type RefErrUnsupportedDetail = v1.RefErrUnsupportedDetail
// RefErrInvalidDetail describes an undefined reference error where the referenced
// value does not support the reference operand (e.g., missing object key,
// invalid key type, etc.)
-type RefErrInvalidDetail struct {
- Ref Ref `json:"ref"` // invalid ref
- Pos int `json:"pos"` // invalid element
- Have types.Type `json:"have,omitempty"` // type of invalid element (for var/ref elements)
- Want types.Type `json:"want"` // allowed type (for non-object values)
- OneOf []Value `json:"oneOf"` // allowed values (e.g., for object keys)
-}
-
-// Lines returns the string representation of the detail.
-func (r *RefErrInvalidDetail) Lines() []string {
- lines := []string{r.Ref.String()}
- offset := len(r.Ref[:r.Pos].String()) + 1
- pad := strings.Repeat(" ", offset)
- lines = append(lines, fmt.Sprintf("%s^", pad))
- if r.Have != nil {
- lines = append(lines, fmt.Sprintf("%shave (type): %v", pad, r.Have))
- } else {
- lines = append(lines, fmt.Sprintf("%shave: %v", pad, r.Ref[r.Pos]))
- }
- if len(r.OneOf) > 0 {
- lines = append(lines, fmt.Sprintf("%swant (one of): %v", pad, r.OneOf))
- } else {
- lines = append(lines, fmt.Sprintf("%swant (type): %v", pad, r.Want))
- }
- return lines
-}
-
-func formatArgs(args []types.Type) string {
- buf := make([]string, len(args))
- for i := range args {
- buf[i] = types.Sprint(args[i])
- }
- return "(" + strings.Join(buf, ", ") + ")"
-}
-
-func newRefErrInvalid(loc *Location, ref Ref, idx int, have, want types.Type, oneOf []Value) *Error {
- err := newRefError(loc, ref)
- err.Details = &RefErrInvalidDetail{
- Ref: ref,
- Pos: idx,
- Have: have,
- Want: want,
- OneOf: oneOf,
- }
- return err
-}
-
-func newRefErrUnsupported(loc *Location, ref Ref, idx int, have types.Type) *Error {
- err := newRefError(loc, ref)
- err.Details = &RefErrUnsupportedDetail{
- Ref: ref,
- Pos: idx,
- Have: have,
- }
- return err
-}
-
-func newRefError(loc *Location, ref Ref) *Error {
- return NewError(TypeErr, loc, "undefined ref: %v", ref)
-}
-
-func newArgError(loc *Location, builtinName Ref, msg string, have []types.Type, want types.FuncArgs) *Error {
- err := NewError(TypeErr, loc, "%v: %v", builtinName, msg)
- err.Details = &ArgErrDetail{
- Have: have,
- Want: want,
- }
- return err
-}
-
-func getOneOfForNode(node *typeTreeNode) (result []Value) {
- node.Children().Iter(func(k, _ util.T) bool {
- result = append(result, k.(Value))
- return false
- })
-
- sortValueSlice(result)
- return result
-}
-
-func getOneOfForType(tpe types.Type) (result []Value) {
- switch tpe := tpe.(type) {
- case *types.Object:
- for _, k := range tpe.Keys() {
- v, err := InterfaceToValue(k)
- if err != nil {
- panic(err)
- }
- result = append(result, v)
- }
-
- case types.Any:
- for _, object := range tpe {
- objRes := getOneOfForType(object)
- result = append(result, objRes...)
- }
- }
-
- result = removeDuplicate(result)
- sortValueSlice(result)
- return result
-}
-
-func sortValueSlice(sl []Value) {
- sort.Slice(sl, func(i, j int) bool {
- return sl[i].Compare(sl[j]) < 0
- })
-}
-
-func removeDuplicate(list []Value) []Value {
- seen := make(map[Value]bool)
- var newResult []Value
- for _, item := range list {
- if !seen[item] {
- newResult = append(newResult, item)
- seen[item] = true
- }
- }
- return newResult
-}
-
-func getArgTypes(env *TypeEnv, args []*Term) []types.Type {
- pre := make([]types.Type, len(args))
- for i := range args {
- pre[i] = env.Get(args[i])
- }
- return pre
-}
-
-// getPrefix returns the shortest prefix of ref that exists in env
-func getPrefix(env *TypeEnv, ref Ref) (Ref, types.Type) {
- if len(ref) == 1 {
- t := env.Get(ref)
- if t != nil {
- return ref, t
- }
- }
- for i := 1; i < len(ref); i++ {
- t := env.Get(ref[:i])
- if t != nil {
- return ref[:i], t
- }
- }
- return nil, nil
-}
-
-// override takes a type t and returns a type obtained from t where the path represented by ref within it has type o (overriding the original type of that path)
-func override(ref Ref, t types.Type, o types.Type, rule *Rule) (types.Type, *Error) {
- var newStaticProps []*types.StaticProperty
- obj, ok := t.(*types.Object)
- if !ok {
- newType, err := getObjectType(ref, o, rule, types.NewDynamicProperty(types.A, types.A))
- if err != nil {
- return nil, err
- }
- return newType, nil
- }
- found := false
- if ok {
- staticProps := obj.StaticProperties()
- for _, prop := range staticProps {
- valueCopy := prop.Value
- key, err := InterfaceToValue(prop.Key)
- if err != nil {
- return nil, NewError(TypeErr, rule.Location, "unexpected error in override: %s", err.Error())
- }
- if len(ref) > 0 && ref[0].Value.Compare(key) == 0 {
- found = true
- if len(ref) == 1 {
- valueCopy = o
- } else {
- newVal, err := override(ref[1:], valueCopy, o, rule)
- if err != nil {
- return nil, err
- }
- valueCopy = newVal
- }
- }
- newStaticProps = append(newStaticProps, types.NewStaticProperty(prop.Key, valueCopy))
- }
- }
-
- // ref[0] is not a top-level key in staticProps, so it must be added
- if !found {
- newType, err := getObjectType(ref, o, rule, obj.DynamicProperties())
- if err != nil {
- return nil, err
- }
- newStaticProps = append(newStaticProps, newType.StaticProperties()...)
- }
- return types.NewObject(newStaticProps, obj.DynamicProperties()), nil
-}
-
-func getKeys(ref Ref, rule *Rule) ([]interface{}, *Error) {
- keys := []interface{}{}
- for _, refElem := range ref {
- key, err := JSON(refElem.Value)
- if err != nil {
- return nil, NewError(TypeErr, rule.Location, "error getting key from value: %s", err.Error())
- }
- keys = append(keys, key)
- }
- return keys, nil
-}
-
-func getObjectTypeRec(keys []interface{}, o types.Type, d *types.DynamicProperty) *types.Object {
- if len(keys) == 1 {
- staticProps := []*types.StaticProperty{types.NewStaticProperty(keys[0], o)}
- return types.NewObject(staticProps, d)
- }
-
- staticProps := []*types.StaticProperty{types.NewStaticProperty(keys[0], getObjectTypeRec(keys[1:], o, d))}
- return types.NewObject(staticProps, d)
-}
-
-func getObjectType(ref Ref, o types.Type, rule *Rule, d *types.DynamicProperty) (*types.Object, *Error) {
- keys, err := getKeys(ref, rule)
- if err != nil {
- return nil, err
- }
- return getObjectTypeRec(keys, o, d), nil
-}
-
-func getRuleAnnotation(as *AnnotationSet, rule *Rule) (result []*SchemaAnnotation) {
-
- for _, x := range as.GetSubpackagesScope(rule.Module.Package.Path) {
- result = append(result, x.Schemas...)
- }
-
- if x := as.GetPackageScope(rule.Module.Package); x != nil {
- result = append(result, x.Schemas...)
- }
-
- if x := as.GetDocumentScope(rule.Ref().GroundPrefix()); x != nil {
- result = append(result, x.Schemas...)
- }
-
- for _, x := range as.GetRuleScope(rule) {
- result = append(result, x.Schemas...)
- }
-
- return result
-}
-
-func processAnnotation(ss *SchemaSet, annot *SchemaAnnotation, rule *Rule, allowNet []string) (types.Type, *Error) {
-
- var schema interface{}
-
- if annot.Schema != nil {
- if ss == nil {
- return nil, nil
- }
- schema = ss.Get(annot.Schema)
- if schema == nil {
- return nil, NewError(TypeErr, rule.Location, "undefined schema: %v", annot.Schema)
- }
- } else if annot.Definition != nil {
- schema = *annot.Definition
- }
-
- tpe, err := loadSchema(schema, allowNet)
- if err != nil {
- return nil, NewError(TypeErr, rule.Location, err.Error())
- }
-
- return tpe, nil
-}
-
-func errAnnotationRedeclared(a *Annotations, other *Location) *Error {
- return NewError(TypeErr, a.Location, "%v annotation redeclared: %v", a.Scope, other)
-}
+type RefErrInvalidDetail = v1.RefErrInvalidDetail
diff --git a/vendor/github.com/open-policy-agent/opa/ast/compare.go b/vendor/github.com/open-policy-agent/opa/ast/compare.go
index 3bb6f2a75d..5e617e992f 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/compare.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/compare.go
@@ -5,9 +5,7 @@
package ast
import (
- "encoding/json"
- "fmt"
- "math/big"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// Compare returns an integer indicating whether two AST values are less than,
@@ -36,361 +34,6 @@ import (
// Sets are considered equal if and only if the symmetric difference of a and b
// is empty.
// Other comparisons are consistent but not defined.
-func Compare(a, b interface{}) int {
-
- if t, ok := a.(*Term); ok {
- if t == nil {
- a = nil
- } else {
- a = t.Value
- }
- }
-
- if t, ok := b.(*Term); ok {
- if t == nil {
- b = nil
- } else {
- b = t.Value
- }
- }
-
- if a == nil {
- if b == nil {
- return 0
- }
- return -1
- }
- if b == nil {
- return 1
- }
-
- sortA := sortOrder(a)
- sortB := sortOrder(b)
-
- if sortA < sortB {
- return -1
- } else if sortB < sortA {
- return 1
- }
-
- switch a := a.(type) {
- case Null:
- return 0
- case Boolean:
- b := b.(Boolean)
- if a.Equal(b) {
- return 0
- }
- if !a {
- return -1
- }
- return 1
- case Number:
- if ai, err := json.Number(a).Int64(); err == nil {
- if bi, err := json.Number(b.(Number)).Int64(); err == nil {
- if ai == bi {
- return 0
- }
- if ai < bi {
- return -1
- }
- return 1
- }
- }
-
- // We use big.Rat for comparing big numbers.
- // It replaces big.Float due to following reason:
- // big.Float comes with a default precision of 64, and setting a
- // larger precision results in more memory being allocated
- // (regardless of the actual number we are parsing with SetString).
- //
- // Note: If we're so close to zero that big.Float says we are zero, do
- // *not* big.Rat).SetString on the original string it'll potentially
- // take very long.
- var bigA, bigB *big.Rat
- fa, ok := new(big.Float).SetString(string(a))
- if !ok {
- panic("illegal value")
- }
- if fa.IsInt() {
- if i, _ := fa.Int64(); i == 0 {
- bigA = new(big.Rat).SetInt64(0)
- }
- }
- if bigA == nil {
- bigA, ok = new(big.Rat).SetString(string(a))
- if !ok {
- panic("illegal value")
- }
- }
-
- fb, ok := new(big.Float).SetString(string(b.(Number)))
- if !ok {
- panic("illegal value")
- }
- if fb.IsInt() {
- if i, _ := fb.Int64(); i == 0 {
- bigB = new(big.Rat).SetInt64(0)
- }
- }
- if bigB == nil {
- bigB, ok = new(big.Rat).SetString(string(b.(Number)))
- if !ok {
- panic("illegal value")
- }
- }
-
- return bigA.Cmp(bigB)
- case String:
- b := b.(String)
- if a.Equal(b) {
- return 0
- }
- if a < b {
- return -1
- }
- return 1
- case Var:
- b := b.(Var)
- if a.Equal(b) {
- return 0
- }
- if a < b {
- return -1
- }
- return 1
- case Ref:
- b := b.(Ref)
- return termSliceCompare(a, b)
- case *Array:
- b := b.(*Array)
- return termSliceCompare(a.elems, b.elems)
- case *lazyObj:
- return Compare(a.force(), b)
- case *object:
- if x, ok := b.(*lazyObj); ok {
- b = x.force()
- }
- b := b.(*object)
- return a.Compare(b)
- case Set:
- b := b.(Set)
- return a.Compare(b)
- case *ArrayComprehension:
- b := b.(*ArrayComprehension)
- if cmp := Compare(a.Term, b.Term); cmp != 0 {
- return cmp
- }
- return Compare(a.Body, b.Body)
- case *ObjectComprehension:
- b := b.(*ObjectComprehension)
- if cmp := Compare(a.Key, b.Key); cmp != 0 {
- return cmp
- }
- if cmp := Compare(a.Value, b.Value); cmp != 0 {
- return cmp
- }
- return Compare(a.Body, b.Body)
- case *SetComprehension:
- b := b.(*SetComprehension)
- if cmp := Compare(a.Term, b.Term); cmp != 0 {
- return cmp
- }
- return Compare(a.Body, b.Body)
- case Call:
- b := b.(Call)
- return termSliceCompare(a, b)
- case *Expr:
- b := b.(*Expr)
- return a.Compare(b)
- case *SomeDecl:
- b := b.(*SomeDecl)
- return a.Compare(b)
- case *Every:
- b := b.(*Every)
- return a.Compare(b)
- case *With:
- b := b.(*With)
- return a.Compare(b)
- case Body:
- b := b.(Body)
- return a.Compare(b)
- case *Head:
- b := b.(*Head)
- return a.Compare(b)
- case *Rule:
- b := b.(*Rule)
- return a.Compare(b)
- case Args:
- b := b.(Args)
- return termSliceCompare(a, b)
- case *Import:
- b := b.(*Import)
- return a.Compare(b)
- case *Package:
- b := b.(*Package)
- return a.Compare(b)
- case *Annotations:
- b := b.(*Annotations)
- return a.Compare(b)
- case *Module:
- b := b.(*Module)
- return a.Compare(b)
- }
- panic(fmt.Sprintf("illegal value: %T", a))
-}
-
-type termSlice []*Term
-
-func (s termSlice) Less(i, j int) bool { return Compare(s[i].Value, s[j].Value) < 0 }
-func (s termSlice) Swap(i, j int) { x := s[i]; s[i] = s[j]; s[j] = x }
-func (s termSlice) Len() int { return len(s) }
-
-func sortOrder(x interface{}) int {
- switch x.(type) {
- case Null:
- return 0
- case Boolean:
- return 1
- case Number:
- return 2
- case String:
- return 3
- case Var:
- return 4
- case Ref:
- return 5
- case *Array:
- return 6
- case Object:
- return 7
- case Set:
- return 8
- case *ArrayComprehension:
- return 9
- case *ObjectComprehension:
- return 10
- case *SetComprehension:
- return 11
- case Call:
- return 12
- case Args:
- return 13
- case *Expr:
- return 100
- case *SomeDecl:
- return 101
- case *Every:
- return 102
- case *With:
- return 110
- case *Head:
- return 120
- case Body:
- return 200
- case *Rule:
- return 1000
- case *Import:
- return 1001
- case *Package:
- return 1002
- case *Annotations:
- return 1003
- case *Module:
- return 10000
- }
- panic(fmt.Sprintf("illegal value: %T", x))
-}
-
-func importsCompare(a, b []*Import) int {
- minLen := len(a)
- if len(b) < minLen {
- minLen = len(b)
- }
- for i := 0; i < minLen; i++ {
- if cmp := a[i].Compare(b[i]); cmp != 0 {
- return cmp
- }
- }
- if len(a) < len(b) {
- return -1
- }
- if len(b) < len(a) {
- return 1
- }
- return 0
-}
-
-func annotationsCompare(a, b []*Annotations) int {
- minLen := len(a)
- if len(b) < minLen {
- minLen = len(b)
- }
- for i := 0; i < minLen; i++ {
- if cmp := a[i].Compare(b[i]); cmp != 0 {
- return cmp
- }
- }
- if len(a) < len(b) {
- return -1
- }
- if len(b) < len(a) {
- return 1
- }
- return 0
-}
-
-func rulesCompare(a, b []*Rule) int {
- minLen := len(a)
- if len(b) < minLen {
- minLen = len(b)
- }
- for i := 0; i < minLen; i++ {
- if cmp := a[i].Compare(b[i]); cmp != 0 {
- return cmp
- }
- }
- if len(a) < len(b) {
- return -1
- }
- if len(b) < len(a) {
- return 1
- }
- return 0
-}
-
-func termSliceCompare(a, b []*Term) int {
- minLen := len(a)
- if len(b) < minLen {
- minLen = len(b)
- }
- for i := 0; i < minLen; i++ {
- if cmp := Compare(a[i], b[i]); cmp != 0 {
- return cmp
- }
- }
- if len(a) < len(b) {
- return -1
- } else if len(b) < len(a) {
- return 1
- }
- return 0
-}
-
-func withSliceCompare(a, b []*With) int {
- minLen := len(a)
- if len(b) < minLen {
- minLen = len(b)
- }
- for i := 0; i < minLen; i++ {
- if cmp := Compare(a[i], b[i]); cmp != 0 {
- return cmp
- }
- }
- if len(a) < len(b) {
- return -1
- } else if len(b) < len(a) {
- return 1
- }
- return 0
+func Compare(a, b any) int {
+ return v1.Compare(a, b)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/compile.go b/vendor/github.com/open-policy-agent/opa/ast/compile.go
index 9025f862b2..5a3daa910a 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/compile.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/compile.go
@@ -5,5882 +5,123 @@
package ast
import (
- "errors"
- "fmt"
- "io"
- "sort"
- "strconv"
- "strings"
-
- "github.com/open-policy-agent/opa/ast/location"
- "github.com/open-policy-agent/opa/internal/debug"
- "github.com/open-policy-agent/opa/internal/gojsonschema"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/types"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// CompileErrorLimitDefault is the default number errors a compiler will allow before
// exiting.
const CompileErrorLimitDefault = 10
-var errLimitReached = NewError(CompileErr, nil, "error limit reached")
-
// Compiler contains the state of a compilation process.
-type Compiler struct {
-
- // Errors contains errors that occurred during the compilation process.
- // If there are one or more errors, the compilation process is considered
- // "failed".
- Errors Errors
-
- // Modules contains the compiled modules. The compiled modules are the
- // output of the compilation process. If the compilation process failed,
- // there is no guarantee about the state of the modules.
- Modules map[string]*Module
-
- // ModuleTree organizes the modules into a tree where each node is keyed by
- // an element in the module's package path. E.g., given modules containing
- // the following package directives: "a", "a.b", "a.c", and "a.b", the
- // resulting module tree would be:
- //
- // root
- // |
- // +--- data (no modules)
- // |
- // +--- a (1 module)
- // |
- // +--- b (2 modules)
- // |
- // +--- c (1 module)
- //
- ModuleTree *ModuleTreeNode
-
- // RuleTree organizes rules into a tree where each node is keyed by an
- // element in the rule's path. The rule path is the concatenation of the
- // containing package and the stringified rule name. E.g., given the
- // following module:
- //
- // package ex
- // p[1] { true }
- // p[2] { true }
- // q = true
- // a.b.c = 3
- //
- // root
- // |
- // +--- data (no rules)
- // |
- // +--- ex (no rules)
- // |
- // +--- p (2 rules)
- // |
- // +--- q (1 rule)
- // |
- // +--- a
- // |
- // +--- b
- // |
- // +--- c (1 rule)
- //
- // Another example with general refs containing vars at arbitrary locations:
- //
- // package ex
- // a.b[x].d { x := "c" } # R1
- // a.b.c[x] { x := "d" } # R2
- // a.b[x][y] { x := "c"; y := "d" } # R3
- // p := true # R4
- //
- // root
- // |
- // +--- data (no rules)
- // |
- // +--- ex (no rules)
- // |
- // +--- a
- // | |
- // | +--- b (R1, R3)
- // | |
- // | +--- c (R2)
- // |
- // +--- p (R4)
- RuleTree *TreeNode
-
- // Graph contains dependencies between rules. An edge (u,v) is added to the
- // graph if rule 'u' refers to the virtual document defined by 'v'.
- Graph *Graph
-
- // TypeEnv holds type information for values inferred by the compiler.
- TypeEnv *TypeEnv
-
- // RewrittenVars is a mapping of variables that have been rewritten
- // with the key being the generated name and value being the original.
- RewrittenVars map[Var]Var
-
- // Capabliities required by the modules that were compiled.
- Required *Capabilities
-
- localvargen *localVarGenerator
- moduleLoader ModuleLoader
- ruleIndices *util.HashMap
- stages []stage
- maxErrs int
- sorted []string // list of sorted module names
- pathExists func([]string) (bool, error)
- after map[string][]CompilerStageDefinition
- metrics metrics.Metrics
- capabilities *Capabilities // user-supplied capabilities
- imports map[string][]*Import // saved imports from stripping
- builtins map[string]*Builtin // universe of built-in functions
- customBuiltins map[string]*Builtin // user-supplied custom built-in functions (deprecated: use capabilities)
- unsafeBuiltinsMap map[string]struct{} // user-supplied set of unsafe built-ins functions to block (deprecated: use capabilities)
- deprecatedBuiltinsMap map[string]struct{} // set of deprecated, but not removed, built-in functions
- enablePrintStatements bool // indicates if print statements should be elided (default)
- comprehensionIndices map[*Term]*ComprehensionIndex // comprehension key index
- initialized bool // indicates if init() has been called
- debug debug.Debug // emits debug information produced during compilation
- schemaSet *SchemaSet // user-supplied schemas for input and data documents
- inputType types.Type // global input type retrieved from schema set
- annotationSet *AnnotationSet // hierarchical set of annotations
- strict bool // enforce strict compilation checks
- keepModules bool // whether to keep the unprocessed, parse modules (below)
- parsedModules map[string]*Module // parsed, but otherwise unprocessed modules, kept track of when keepModules is true
- useTypeCheckAnnotations bool // whether to provide annotated information (schemas) to the type checker
- allowUndefinedFuncCalls bool // don't error on calls to unknown functions.
- evalMode CompilerEvalMode //
- rewriteTestRulesForTracing bool // rewrite test rules to capture dynamic values for tracing.
-}
+type Compiler = v1.Compiler
// CompilerStage defines the interface for stages in the compiler.
-type CompilerStage func(*Compiler) *Error
+type CompilerStage = v1.CompilerStage
// CompilerEvalMode allows toggling certain stages that are only
// needed for certain modes, Concretely, only "topdown" mode will
// have the compiler build comprehension and rule indices.
-type CompilerEvalMode int
+type CompilerEvalMode = v1.CompilerEvalMode
const (
// EvalModeTopdown (default) instructs the compiler to build rule
// and comprehension indices used by topdown evaluation.
- EvalModeTopdown CompilerEvalMode = iota
+ EvalModeTopdown = v1.EvalModeTopdown
// EvalModeIR makes the compiler skip the stages for comprehension
// and rule indices.
- EvalModeIR
+ EvalModeIR = v1.EvalModeIR
)
// CompilerStageDefinition defines a compiler stage
-type CompilerStageDefinition struct {
- Name string
- MetricName string
- Stage CompilerStage
-}
+type CompilerStageDefinition = v1.CompilerStageDefinition
// RulesOptions defines the options for retrieving rules by Ref from the
// compiler.
-type RulesOptions struct {
- // IncludeHiddenModules determines if the result contains hidden modules,
- // currently only the "system" namespace, i.e. "data.system.*".
- IncludeHiddenModules bool
-}
+type RulesOptions = v1.RulesOptions
// QueryContext contains contextual information for running an ad-hoc query.
//
// Ad-hoc queries can be run in the context of a package and imports may be
// included to provide concise access to data.
-type QueryContext struct {
- Package *Package
- Imports []*Import
-}
+type QueryContext = v1.QueryContext
// NewQueryContext returns a new QueryContext object.
func NewQueryContext() *QueryContext {
- return &QueryContext{}
-}
-
-// WithPackage sets the pkg on qc.
-func (qc *QueryContext) WithPackage(pkg *Package) *QueryContext {
- if qc == nil {
- qc = NewQueryContext()
- }
- qc.Package = pkg
- return qc
-}
-
-// WithImports sets the imports on qc.
-func (qc *QueryContext) WithImports(imports []*Import) *QueryContext {
- if qc == nil {
- qc = NewQueryContext()
- }
- qc.Imports = imports
- return qc
-}
-
-// Copy returns a deep copy of qc.
-func (qc *QueryContext) Copy() *QueryContext {
- if qc == nil {
- return nil
- }
- cpy := *qc
- if cpy.Package != nil {
- cpy.Package = qc.Package.Copy()
- }
- cpy.Imports = make([]*Import, len(qc.Imports))
- for i := range qc.Imports {
- cpy.Imports[i] = qc.Imports[i].Copy()
- }
- return &cpy
+ return v1.NewQueryContext()
}
// QueryCompiler defines the interface for compiling ad-hoc queries.
-type QueryCompiler interface {
-
- // Compile should be called to compile ad-hoc queries. The return value is
- // the compiled version of the query.
- Compile(q Body) (Body, error)
-
- // TypeEnv returns the type environment built after running type checking
- // on the query.
- TypeEnv() *TypeEnv
-
- // WithContext sets the QueryContext on the QueryCompiler. Subsequent calls
- // to Compile will take the QueryContext into account.
- WithContext(qctx *QueryContext) QueryCompiler
-
- // WithEnablePrintStatements enables print statements in queries compiled
- // with the QueryCompiler.
- WithEnablePrintStatements(yes bool) QueryCompiler
-
- // WithUnsafeBuiltins sets the built-in functions to treat as unsafe and not
- // allow inside of queries. By default the query compiler inherits the
- // compiler's unsafe built-in functions. This function allows callers to
- // override that set. If an empty (non-nil) map is provided, all built-ins
- // are allowed.
- WithUnsafeBuiltins(unsafe map[string]struct{}) QueryCompiler
-
- // WithStageAfter registers a stage to run during query compilation after
- // the named stage.
- WithStageAfter(after string, stage QueryCompilerStageDefinition) QueryCompiler
-
- // RewrittenVars maps generated vars in the compiled query to vars from the
- // parsed query. For example, given the query "input := 1" the rewritten
- // query would be "__local0__ = 1". The mapping would then be {__local0__: input}.
- RewrittenVars() map[Var]Var
-
- // ComprehensionIndex returns an index data structure for the given comprehension
- // term. If no index is found, returns nil.
- ComprehensionIndex(term *Term) *ComprehensionIndex
-
- // WithStrict enables strict mode for the query compiler.
- WithStrict(strict bool) QueryCompiler
-}
+type QueryCompiler = v1.QueryCompiler
// QueryCompilerStage defines the interface for stages in the query compiler.
-type QueryCompilerStage func(QueryCompiler, Body) (Body, error)
+type QueryCompilerStage = v1.QueryCompilerStage
// QueryCompilerStageDefinition defines a QueryCompiler stage
-type QueryCompilerStageDefinition struct {
- Name string
- MetricName string
- Stage QueryCompilerStage
-}
-
-type stage struct {
- name string
- metricName string
- f func()
-}
+type QueryCompilerStageDefinition = v1.QueryCompilerStageDefinition
// NewCompiler returns a new empty compiler.
func NewCompiler() *Compiler {
-
- c := &Compiler{
- Modules: map[string]*Module{},
- RewrittenVars: map[Var]Var{},
- Required: &Capabilities{},
- ruleIndices: util.NewHashMap(func(a, b util.T) bool {
- r1, r2 := a.(Ref), b.(Ref)
- return r1.Equal(r2)
- }, func(x util.T) int {
- return x.(Ref).Hash()
- }),
- maxErrs: CompileErrorLimitDefault,
- after: map[string][]CompilerStageDefinition{},
- unsafeBuiltinsMap: map[string]struct{}{},
- deprecatedBuiltinsMap: map[string]struct{}{},
- comprehensionIndices: map[*Term]*ComprehensionIndex{},
- debug: debug.Discard(),
- }
-
- c.ModuleTree = NewModuleTree(nil)
- c.RuleTree = NewRuleTree(c.ModuleTree)
-
- c.stages = []stage{
- // Reference resolution should run first as it may be used to lazily
- // load additional modules. If any stages run before resolution, they
- // need to be re-run after resolution.
- {"ResolveRefs", "compile_stage_resolve_refs", c.resolveAllRefs},
- // The local variable generator must be initialized after references are
- // resolved and the dynamic module loader has run but before subsequent
- // stages that need to generate variables.
- {"InitLocalVarGen", "compile_stage_init_local_var_gen", c.initLocalVarGen},
- {"RewriteRuleHeadRefs", "compile_stage_rewrite_rule_head_refs", c.rewriteRuleHeadRefs},
- {"CheckKeywordOverrides", "compile_stage_check_keyword_overrides", c.checkKeywordOverrides},
- {"CheckDuplicateImports", "compile_stage_check_duplicate_imports", c.checkDuplicateImports},
- {"RemoveImports", "compile_stage_remove_imports", c.removeImports},
- {"SetModuleTree", "compile_stage_set_module_tree", c.setModuleTree},
- {"SetRuleTree", "compile_stage_set_rule_tree", c.setRuleTree}, // depends on RewriteRuleHeadRefs
- {"RewriteLocalVars", "compile_stage_rewrite_local_vars", c.rewriteLocalVars},
- {"CheckVoidCalls", "compile_stage_check_void_calls", c.checkVoidCalls},
- {"RewritePrintCalls", "compile_stage_rewrite_print_calls", c.rewritePrintCalls},
- {"RewriteExprTerms", "compile_stage_rewrite_expr_terms", c.rewriteExprTerms},
- {"ParseMetadataBlocks", "compile_stage_parse_metadata_blocks", c.parseMetadataBlocks},
- {"SetAnnotationSet", "compile_stage_set_annotationset", c.setAnnotationSet},
- {"RewriteRegoMetadataCalls", "compile_stage_rewrite_rego_metadata_calls", c.rewriteRegoMetadataCalls},
- {"SetGraph", "compile_stage_set_graph", c.setGraph},
- {"RewriteComprehensionTerms", "compile_stage_rewrite_comprehension_terms", c.rewriteComprehensionTerms},
- {"RewriteRefsInHead", "compile_stage_rewrite_refs_in_head", c.rewriteRefsInHead},
- {"RewriteWithValues", "compile_stage_rewrite_with_values", c.rewriteWithModifiers},
- {"CheckRuleConflicts", "compile_stage_check_rule_conflicts", c.checkRuleConflicts},
- {"CheckUndefinedFuncs", "compile_stage_check_undefined_funcs", c.checkUndefinedFuncs},
- {"CheckSafetyRuleHeads", "compile_stage_check_safety_rule_heads", c.checkSafetyRuleHeads},
- {"CheckSafetyRuleBodies", "compile_stage_check_safety_rule_bodies", c.checkSafetyRuleBodies},
- {"RewriteEquals", "compile_stage_rewrite_equals", c.rewriteEquals},
- {"RewriteDynamicTerms", "compile_stage_rewrite_dynamic_terms", c.rewriteDynamicTerms},
- {"RewriteTestRulesForTracing", "compile_stage_rewrite_test_rules_for_tracing", c.rewriteTestRuleEqualities}, // must run after RewriteDynamicTerms
- {"CheckRecursion", "compile_stage_check_recursion", c.checkRecursion},
- {"CheckTypes", "compile_stage_check_types", c.checkTypes}, // must be run after CheckRecursion
- {"CheckUnsafeBuiltins", "compile_state_check_unsafe_builtins", c.checkUnsafeBuiltins},
- {"CheckDeprecatedBuiltins", "compile_state_check_deprecated_builtins", c.checkDeprecatedBuiltins},
- {"BuildRuleIndices", "compile_stage_rebuild_indices", c.buildRuleIndices},
- {"BuildComprehensionIndices", "compile_stage_rebuild_comprehension_indices", c.buildComprehensionIndices},
- {"BuildRequiredCapabilities", "compile_stage_build_required_capabilities", c.buildRequiredCapabilities},
- }
-
- return c
-}
-
-// SetErrorLimit sets the number of errors the compiler can encounter before it
-// quits. Zero or a negative number indicates no limit.
-func (c *Compiler) SetErrorLimit(limit int) *Compiler {
- c.maxErrs = limit
- return c
-}
-
-// WithEnablePrintStatements enables print statements inside of modules compiled
-// by the compiler. If print statements are not enabled, calls to print() are
-// erased at compile-time.
-func (c *Compiler) WithEnablePrintStatements(yes bool) *Compiler {
- c.enablePrintStatements = yes
- return c
-}
-
-// WithPathConflictsCheck enables base-virtual document conflict
-// detection. The compiler will check that rules don't overlap with
-// paths that exist as determined by the provided callable.
-func (c *Compiler) WithPathConflictsCheck(fn func([]string) (bool, error)) *Compiler {
- c.pathExists = fn
- return c
-}
-
-// WithStageAfter registers a stage to run during compilation after
-// the named stage.
-func (c *Compiler) WithStageAfter(after string, stage CompilerStageDefinition) *Compiler {
- c.after[after] = append(c.after[after], stage)
- return c
-}
-
-// WithMetrics will set a metrics.Metrics and be used for profiling
-// the Compiler instance.
-func (c *Compiler) WithMetrics(metrics metrics.Metrics) *Compiler {
- c.metrics = metrics
- return c
-}
-
-// WithCapabilities sets capabilities to enable during compilation. Capabilities allow the caller
-// to specify the set of built-in functions available to the policy. In the future, capabilities
-// may be able to restrict access to other language features. Capabilities allow callers to check
-// if policies are compatible with a particular version of OPA. If policies are a compiled for a
-// specific version of OPA, there is no guarantee that _this_ version of OPA can evaluate them
-// successfully.
-func (c *Compiler) WithCapabilities(capabilities *Capabilities) *Compiler {
- c.capabilities = capabilities
- return c
-}
-
-// Capabilities returns the capabilities enabled during compilation.
-func (c *Compiler) Capabilities() *Capabilities {
- return c.capabilities
-}
-
-// WithDebug sets where debug messages are written to. Passing `nil` has no
-// effect.
-func (c *Compiler) WithDebug(sink io.Writer) *Compiler {
- if sink != nil {
- c.debug = debug.New(sink)
- }
- return c
-}
-
-// WithBuiltins is deprecated. Use WithCapabilities instead.
-func (c *Compiler) WithBuiltins(builtins map[string]*Builtin) *Compiler {
- c.customBuiltins = make(map[string]*Builtin)
- for k, v := range builtins {
- c.customBuiltins[k] = v
- }
- return c
-}
-
-// WithUnsafeBuiltins is deprecated. Use WithCapabilities instead.
-func (c *Compiler) WithUnsafeBuiltins(unsafeBuiltins map[string]struct{}) *Compiler {
- for name := range unsafeBuiltins {
- c.unsafeBuiltinsMap[name] = struct{}{}
- }
- return c
-}
-
-// WithStrict enables strict mode in the compiler.
-func (c *Compiler) WithStrict(strict bool) *Compiler {
- c.strict = strict
- return c
-}
-
-// WithKeepModules enables retaining unprocessed modules in the compiler.
-// Note that the modules aren't copied on the way in or out -- so when
-// accessing them via ParsedModules(), mutations will occur in the module
-// map that was passed into Compile().`
-func (c *Compiler) WithKeepModules(y bool) *Compiler {
- c.keepModules = y
- return c
-}
-
-// WithUseTypeCheckAnnotations use schema annotations during type checking
-func (c *Compiler) WithUseTypeCheckAnnotations(enabled bool) *Compiler {
- c.useTypeCheckAnnotations = enabled
- return c
-}
-
-func (c *Compiler) WithAllowUndefinedFunctionCalls(allow bool) *Compiler {
- c.allowUndefinedFuncCalls = allow
- return c
-}
-
-// WithEvalMode allows setting the CompilerEvalMode of the compiler
-func (c *Compiler) WithEvalMode(e CompilerEvalMode) *Compiler {
- c.evalMode = e
- return c
-}
-
-// WithRewriteTestRules enables rewriting test rules to capture dynamic values in local variables,
-// so they can be accessed by tracing.
-func (c *Compiler) WithRewriteTestRules(rewrite bool) *Compiler {
- c.rewriteTestRulesForTracing = rewrite
- return c
-}
-
-// ParsedModules returns the parsed, unprocessed modules from the compiler.
-// It is `nil` if keeping modules wasn't enabled via `WithKeepModules(true)`.
-// The map includes all modules loaded via the ModuleLoader, if one was used.
-func (c *Compiler) ParsedModules() map[string]*Module {
- return c.parsedModules
-}
-
-func (c *Compiler) QueryCompiler() QueryCompiler {
- c.init()
- c0 := *c
- return newQueryCompiler(&c0)
-}
-
-// Compile runs the compilation process on the input modules. The compiled
-// version of the modules and associated data structures are stored on the
-// compiler. If the compilation process fails for any reason, the compiler will
-// contain a slice of errors.
-func (c *Compiler) Compile(modules map[string]*Module) {
-
- c.init()
-
- c.Modules = make(map[string]*Module, len(modules))
- c.sorted = make([]string, 0, len(modules))
-
- if c.keepModules {
- c.parsedModules = make(map[string]*Module, len(modules))
- } else {
- c.parsedModules = nil
- }
-
- for k, v := range modules {
- c.Modules[k] = v.Copy()
- c.sorted = append(c.sorted, k)
- if c.parsedModules != nil {
- c.parsedModules[k] = v
- }
- }
-
- sort.Strings(c.sorted)
-
- c.compile()
-}
-
-// WithSchemas sets a schemaSet to the compiler
-func (c *Compiler) WithSchemas(schemas *SchemaSet) *Compiler {
- c.schemaSet = schemas
- return c
-}
-
-// Failed returns true if a compilation error has been encountered.
-func (c *Compiler) Failed() bool {
- return len(c.Errors) > 0
-}
-
-// ComprehensionIndex returns a data structure specifying how to index comprehension
-// results so that callers do not have to recompute the comprehension more than once.
-// If no index is found, returns nil.
-func (c *Compiler) ComprehensionIndex(term *Term) *ComprehensionIndex {
- return c.comprehensionIndices[term]
-}
-
-// GetArity returns the number of args a function referred to by ref takes. If
-// ref refers to built-in function, the built-in declaration is consulted,
-// otherwise, the ref is used to perform a ruleset lookup.
-func (c *Compiler) GetArity(ref Ref) int {
- if bi := c.builtins[ref.String()]; bi != nil {
- return len(bi.Decl.FuncArgs().Args)
- }
- rules := c.GetRulesExact(ref)
- if len(rules) == 0 {
- return -1
- }
- return len(rules[0].Head.Args)
-}
-
-// GetRulesExact returns a slice of rules referred to by the reference.
-//
-// E.g., given the following module:
-//
-// package a.b.c
-//
-// p[k] = v { ... } # rule1
-// p[k1] = v1 { ... } # rule2
-//
-// The following calls yield the rules on the right.
-//
-// GetRulesExact("data.a.b.c.p") => [rule1, rule2]
-// GetRulesExact("data.a.b.c.p.x") => nil
-// GetRulesExact("data.a.b.c") => nil
-func (c *Compiler) GetRulesExact(ref Ref) (rules []*Rule) {
- node := c.RuleTree
-
- for _, x := range ref {
- if node = node.Child(x.Value); node == nil {
- return nil
- }
- }
-
- return extractRules(node.Values)
-}
-
-// GetRulesForVirtualDocument returns a slice of rules that produce the virtual
-// document referred to by the reference.
-//
-// E.g., given the following module:
-//
-// package a.b.c
-//
-// p[k] = v { ... } # rule1
-// p[k1] = v1 { ... } # rule2
-//
-// The following calls yield the rules on the right.
-//
-// GetRulesForVirtualDocument("data.a.b.c.p") => [rule1, rule2]
-// GetRulesForVirtualDocument("data.a.b.c.p.x") => [rule1, rule2]
-// GetRulesForVirtualDocument("data.a.b.c") => nil
-func (c *Compiler) GetRulesForVirtualDocument(ref Ref) (rules []*Rule) {
-
- node := c.RuleTree
-
- for _, x := range ref {
- if node = node.Child(x.Value); node == nil {
- return nil
- }
- if len(node.Values) > 0 {
- return extractRules(node.Values)
- }
- }
-
- return extractRules(node.Values)
-}
-
-// GetRulesWithPrefix returns a slice of rules that share the prefix ref.
-//
-// E.g., given the following module:
-//
-// package a.b.c
-//
-// p[x] = y { ... } # rule1
-// p[k] = v { ... } # rule2
-// q { ... } # rule3
-//
-// The following calls yield the rules on the right.
-//
-// GetRulesWithPrefix("data.a.b.c.p") => [rule1, rule2]
-// GetRulesWithPrefix("data.a.b.c.p.a") => nil
-// GetRulesWithPrefix("data.a.b.c") => [rule1, rule2, rule3]
-func (c *Compiler) GetRulesWithPrefix(ref Ref) (rules []*Rule) {
-
- node := c.RuleTree
-
- for _, x := range ref {
- if node = node.Child(x.Value); node == nil {
- return nil
- }
- }
-
- var acc func(node *TreeNode)
-
- acc = func(node *TreeNode) {
- rules = append(rules, extractRules(node.Values)...)
- for _, child := range node.Children {
- if child.Hide {
- continue
- }
- acc(child)
- }
- }
-
- acc(node)
-
- return rules
-}
-
-func extractRules(s []util.T) []*Rule {
- rules := make([]*Rule, len(s))
- for i := range s {
- rules[i] = s[i].(*Rule)
- }
- return rules
-}
-
-// GetRules returns a slice of rules that are referred to by ref.
-//
-// E.g., given the following module:
-//
-// package a.b.c
-//
-// p[x] = y { q[x] = y; ... } # rule1
-// q[x] = y { ... } # rule2
-//
-// The following calls yield the rules on the right.
-//
-// GetRules("data.a.b.c.p") => [rule1]
-// GetRules("data.a.b.c.p.x") => [rule1]
-// GetRules("data.a.b.c.q") => [rule2]
-// GetRules("data.a.b.c") => [rule1, rule2]
-// GetRules("data.a.b.d") => nil
-func (c *Compiler) GetRules(ref Ref) (rules []*Rule) {
-
- set := map[*Rule]struct{}{}
-
- for _, rule := range c.GetRulesForVirtualDocument(ref) {
- set[rule] = struct{}{}
- }
-
- for _, rule := range c.GetRulesWithPrefix(ref) {
- set[rule] = struct{}{}
- }
-
- for rule := range set {
- rules = append(rules, rule)
- }
-
- return rules
-}
-
-// GetRulesDynamic returns a slice of rules that could be referred to by a ref.
-//
-// Deprecated: use GetRulesDynamicWithOpts
-func (c *Compiler) GetRulesDynamic(ref Ref) []*Rule {
- return c.GetRulesDynamicWithOpts(ref, RulesOptions{})
-}
-
-// GetRulesDynamicWithOpts returns a slice of rules that could be referred to by
-// a ref.
-// When parts of the ref are statically known, we use that information to narrow
-// down which rules the ref could refer to, but in the most general case this
-// will be an over-approximation.
-//
-// E.g., given the following modules:
-//
-// package a.b.c
-//
-// r1 = 1 # rule1
-//
-// and:
-//
-// package a.d.c
-//
-// r2 = 2 # rule2
-//
-// The following calls yield the rules on the right.
-//
-// GetRulesDynamicWithOpts("data.a[x].c[y]", opts) => [rule1, rule2]
-// GetRulesDynamicWithOpts("data.a[x].c.r2", opts) => [rule2]
-// GetRulesDynamicWithOpts("data.a.b[x][y]", opts) => [rule1]
-//
-// Using the RulesOptions parameter, the inclusion of hidden modules can be
-// controlled:
-//
-// With
-//
-// package system.main
-//
-// r3 = 3 # rule3
-//
-// We'd get this result:
-//
-// GetRulesDynamicWithOpts("data[x]", RulesOptions{IncludeHiddenModules: true}) => [rule1, rule2, rule3]
-//
-// Without the options, it would be excluded.
-func (c *Compiler) GetRulesDynamicWithOpts(ref Ref, opts RulesOptions) []*Rule {
- node := c.RuleTree
-
- set := map[*Rule]struct{}{}
- var walk func(node *TreeNode, i int)
- walk = func(node *TreeNode, i int) {
- switch {
- case i >= len(ref):
- // We've reached the end of the reference and want to collect everything
- // under this "prefix".
- node.DepthFirst(func(descendant *TreeNode) bool {
- insertRules(set, descendant.Values)
- if opts.IncludeHiddenModules {
- return false
- }
- return descendant.Hide
- })
-
- case i == 0 || IsConstant(ref[i].Value):
- // The head of the ref is always grounded. In case another part of the
- // ref is also grounded, we can lookup the exact child. If it's not found
- // we can immediately return...
- if child := node.Child(ref[i].Value); child != nil {
- if len(child.Values) > 0 {
- // Add any rules at this position
- insertRules(set, child.Values)
- }
- // There might still be "sub-rules" contributing key-value "overrides" for e.g. partial object rules, continue walking
- walk(child, i+1)
- } else {
- return
- }
-
- default:
- // This part of the ref is a dynamic term. We can't know what it refers
- // to and will just need to try all of the children.
- for _, child := range node.Children {
- if child.Hide && !opts.IncludeHiddenModules {
- continue
- }
- insertRules(set, child.Values)
- walk(child, i+1)
- }
- }
- }
-
- walk(node, 0)
- rules := make([]*Rule, 0, len(set))
- for rule := range set {
- rules = append(rules, rule)
- }
- return rules
-}
-
-// Utility: add all rule values to the set.
-func insertRules(set map[*Rule]struct{}, rules []util.T) {
- for _, rule := range rules {
- set[rule.(*Rule)] = struct{}{}
- }
-}
-
-// RuleIndex returns a RuleIndex built for the rule set referred to by path.
-// The path must refer to the rule set exactly, i.e., given a rule set at path
-// data.a.b.c.p, refs data.a.b.c.p.x and data.a.b.c would not return a
-// RuleIndex built for the rule.
-func (c *Compiler) RuleIndex(path Ref) RuleIndex {
- r, ok := c.ruleIndices.Get(path)
- if !ok {
- return nil
- }
- return r.(RuleIndex)
-}
-
-// PassesTypeCheck determines whether the given body passes type checking
-func (c *Compiler) PassesTypeCheck(body Body) bool {
- checker := newTypeChecker().WithSchemaSet(c.schemaSet).WithInputType(c.inputType)
- env := c.TypeEnv
- _, errs := checker.CheckBody(env, body)
- return len(errs) == 0
-}
-
-// PassesTypeCheckRules determines whether the given rules passes type checking
-func (c *Compiler) PassesTypeCheckRules(rules []*Rule) Errors {
- elems := []util.T{}
-
- for _, rule := range rules {
- elems = append(elems, rule)
- }
-
- // Load the global input schema if one was provided.
- if c.schemaSet != nil {
- if schema := c.schemaSet.Get(SchemaRootRef); schema != nil {
-
- var allowNet []string
- if c.capabilities != nil {
- allowNet = c.capabilities.AllowNet
- }
-
- tpe, err := loadSchema(schema, allowNet)
- if err != nil {
- return Errors{NewError(TypeErr, nil, err.Error())}
- }
- c.inputType = tpe
- }
- }
-
- var as *AnnotationSet
- if c.useTypeCheckAnnotations {
- as = c.annotationSet
- }
-
- checker := newTypeChecker().WithSchemaSet(c.schemaSet).WithInputType(c.inputType)
-
- if c.TypeEnv == nil {
- if c.capabilities == nil {
- c.capabilities = CapabilitiesForThisVersion()
- }
-
- c.builtins = make(map[string]*Builtin, len(c.capabilities.Builtins)+len(c.customBuiltins))
-
- for _, bi := range c.capabilities.Builtins {
- c.builtins[bi.Name] = bi
- }
-
- for name, bi := range c.customBuiltins {
- c.builtins[name] = bi
- }
-
- c.TypeEnv = checker.Env(c.builtins)
- }
-
- _, errs := checker.CheckTypes(c.TypeEnv, elems, as)
- return errs
+ return v1.NewCompiler().WithDefaultRegoVersion(DefaultRegoVersion)
}
// ModuleLoader defines the interface that callers can implement to enable lazy
// loading of modules during compilation.
-type ModuleLoader func(resolved map[string]*Module) (parsed map[string]*Module, err error)
-
-// WithModuleLoader sets f as the ModuleLoader on the compiler.
-//
-// The compiler will invoke the ModuleLoader after resolving all references in
-// the current set of input modules. The ModuleLoader can return a new
-// collection of parsed modules that are to be included in the compilation
-// process. This process will repeat until the ModuleLoader returns an empty
-// collection or an error. If an error is returned, compilation will stop
-// immediately.
-func (c *Compiler) WithModuleLoader(f ModuleLoader) *Compiler {
- c.moduleLoader = f
- return c
-}
-
-func (c *Compiler) counterAdd(name string, n uint64) {
- if c.metrics == nil {
- return
- }
- c.metrics.Counter(name).Add(n)
-}
-
-func (c *Compiler) buildRuleIndices() {
-
- c.RuleTree.DepthFirst(func(node *TreeNode) bool {
- if len(node.Values) == 0 {
- return false
- }
- rules := extractRules(node.Values)
- hasNonGroundRef := false
- for _, r := range rules {
- hasNonGroundRef = !r.Head.Ref().IsGround()
- }
- if hasNonGroundRef {
- // Collect children to ensure that all rules within the extent of a rule with a general ref
- // are found on the same index. E.g. the following rules should be indexed under data.a.b.c:
- //
- // package a
- // b.c[x].e := 1 { x := input.x }
- // b.c.d := 2
- // b.c.d2.e[x] := 3 { x := input.x }
- for _, child := range node.Children {
- child.DepthFirst(func(c *TreeNode) bool {
- rules = append(rules, extractRules(c.Values)...)
- return false
- })
- }
- }
-
- index := newBaseDocEqIndex(func(ref Ref) bool {
- return isVirtual(c.RuleTree, ref.GroundPrefix())
- })
- if index.Build(rules) {
- c.ruleIndices.Put(rules[0].Ref().GroundPrefix(), index)
- }
- return hasNonGroundRef // currently, we don't allow those branches to go deeper
- })
-
-}
-
-func (c *Compiler) buildComprehensionIndices() {
- for _, name := range c.sorted {
- WalkRules(c.Modules[name], func(r *Rule) bool {
- candidates := r.Head.Args.Vars()
- candidates.Update(ReservedVars)
- n := buildComprehensionIndices(c.debug, c.GetArity, candidates, c.RewrittenVars, r.Body, c.comprehensionIndices)
- c.counterAdd(compileStageComprehensionIndexBuild, n)
- return false
- })
- }
-}
+type ModuleLoader = v1.ModuleLoader
-// buildRequiredCapabilities updates the required capabilities on the compiler
-// to include any keyword and feature dependencies present in the modules. The
-// built-in function dependencies will have already been added by the type
-// checker.
-func (c *Compiler) buildRequiredCapabilities() {
-
- features := map[string]struct{}{}
-
- // extract required keywords from modules
- keywords := map[string]struct{}{}
- futureKeywordsPrefix := Ref{FutureRootDocument, StringTerm("keywords")}
- for _, name := range c.sorted {
- for _, imp := range c.imports[name] {
- path := imp.Path.Value.(Ref)
- switch {
- case path.Equal(RegoV1CompatibleRef):
- features[FeatureRegoV1Import] = struct{}{}
- case path.HasPrefix(futureKeywordsPrefix):
- if len(path) == 2 {
- for kw := range futureKeywords {
- keywords[kw] = struct{}{}
- }
- } else {
- keywords[string(path[2].Value.(String))] = struct{}{}
- }
- }
- }
- }
-
- c.Required.FutureKeywords = stringMapToSortedSlice(keywords)
-
- // extract required features from modules
-
- for _, name := range c.sorted {
- for _, rule := range c.Modules[name].Rules {
- refLen := len(rule.Head.Reference)
- if refLen >= 3 {
- if refLen > len(rule.Head.Reference.ConstantPrefix()) {
- features[FeatureRefHeads] = struct{}{}
- } else {
- features[FeatureRefHeadStringPrefixes] = struct{}{}
- }
- }
- }
- }
-
- c.Required.Features = stringMapToSortedSlice(features)
-
- for i, bi := range c.Required.Builtins {
- c.Required.Builtins[i] = bi.Minimal()
- }
-}
-
-func stringMapToSortedSlice(xs map[string]struct{}) []string {
- if len(xs) == 0 {
- return nil
- }
- s := make([]string, 0, len(xs))
- for k := range xs {
- s = append(s, k)
- }
- sort.Strings(s)
- return s
-}
-
-// checkRecursion ensures that there are no recursive definitions, i.e., there are
-// no cycles in the Graph.
-func (c *Compiler) checkRecursion() {
- eq := func(a, b util.T) bool {
- return a.(*Rule) == b.(*Rule)
- }
-
- c.RuleTree.DepthFirst(func(node *TreeNode) bool {
- for _, rule := range node.Values {
- for node := rule.(*Rule); node != nil; node = node.Else {
- c.checkSelfPath(node.Loc(), eq, node, node)
- }
- }
- return false
- })
-}
-
-func (c *Compiler) checkSelfPath(loc *Location, eq func(a, b util.T) bool, a, b util.T) {
- tr := NewGraphTraversal(c.Graph)
- if p := util.DFSPath(tr, eq, a, b); len(p) > 0 {
- n := make([]string, 0, len(p))
- for _, x := range p {
- n = append(n, astNodeToString(x))
- }
- c.err(NewError(RecursionErr, loc, "rule %v is recursive: %v", astNodeToString(a), strings.Join(n, " -> ")))
- }
-}
-
-func astNodeToString(x interface{}) string {
- return x.(*Rule).Ref().String()
-}
-
-// checkRuleConflicts ensures that rules definitions are not in conflict.
-func (c *Compiler) checkRuleConflicts() {
- rw := rewriteVarsInRef(c.RewrittenVars)
-
- c.RuleTree.DepthFirst(func(node *TreeNode) bool {
- if len(node.Values) == 0 {
- return false // go deeper
- }
-
- kinds := make(map[RuleKind]struct{}, len(node.Values))
- defaultRules := 0
- completeRules := 0
- partialRules := 0
- arities := make(map[int]struct{}, len(node.Values))
- name := ""
- var conflicts []Ref
-
- for _, rule := range node.Values {
- r := rule.(*Rule)
- ref := r.Ref()
- name = rw(ref.Copy()).String() // varRewriter operates in-place
- kinds[r.Head.RuleKind()] = struct{}{}
- arities[len(r.Head.Args)] = struct{}{}
- if r.Default {
- defaultRules++
- }
-
- // Single-value rules may not have any other rules in their extent.
- // Rules with vars in their ref are allowed to have rules inside their extent.
- // Only the ground portion (terms before the first var term) of a rule's ref is considered when determining
- // whether it's inside the extent of another (c.RuleTree is organized this way already).
- // These pairs are invalid:
- //
- // data.p.q.r { true } # data.p.q is { "r": true }
- // data.p.q.r.s { true }
- //
- // data.p.q.r { true }
- // data.p.q.r[s].t { s = input.key }
- //
- // But this is allowed:
- //
- // data.p.q.r { true }
- // data.p.q[r].s.t { r = input.key }
- //
- // data.p[r] := x { r = input.key; x = input.bar }
- // data.p.q[r] := x { r = input.key; x = input.bar }
- //
- // data.p.q[r] { r := input.r }
- // data.p.q.r.s { true }
- //
- // data.p.q[r] = 1 { r := "r" }
- // data.p.q.s = 2
- //
- // data.p[q][r] { q := input.q; r := input.r }
- // data.p.q.r { true }
- //
- // data.p.q[r] { r := input.r }
- // data.p[q].r { q := input.q }
- //
- // data.p.q[r][s] { r := input.r; s := input.s }
- // data.p[q].r.s { q := input.q }
-
- if r.Ref().IsGround() && len(node.Children) > 0 {
- conflicts = node.flattenChildren()
- }
-
- if r.Head.RuleKind() == SingleValue && r.Head.Ref().IsGround() {
- completeRules++
- } else {
- partialRules++
- }
- }
-
- switch {
- case conflicts != nil:
- c.err(NewError(TypeErr, node.Values[0].(*Rule).Loc(), "rule %v conflicts with %v", name, conflicts))
-
- case len(kinds) > 1 || len(arities) > 1 || (completeRules >= 1 && partialRules >= 1):
- c.err(NewError(TypeErr, node.Values[0].(*Rule).Loc(), "conflicting rules %v found", name))
-
- case defaultRules > 1:
- c.err(NewError(TypeErr, node.Values[0].(*Rule).Loc(), "multiple default rules %s found", name))
- }
-
- return false
- })
+// SafetyCheckVisitorParams defines the AST visitor parameters to use for collecting
+// variables during the safety check. This has to be exported because it's relied on
+// by the copy propagation implementation in topdown.
+var SafetyCheckVisitorParams = v1.SafetyCheckVisitorParams
- if c.pathExists != nil {
- for _, err := range CheckPathConflicts(c, c.pathExists) {
- c.err(err)
- }
- }
+// ComprehensionIndex specifies how the comprehension term can be indexed. The keys
+// tell the evaluator what variables to use for indexing. In the future, the index
+// could be expanded with more information that would allow the evaluator to index
+// a larger fragment of comprehensions (e.g., by closing over variables in the outer
+// query.)
+type ComprehensionIndex = v1.ComprehensionIndex
- // NOTE(sr): depthfirst might better use sorted for stable errs?
- c.ModuleTree.DepthFirst(func(node *ModuleTreeNode) bool {
- for _, mod := range node.Modules {
- for _, rule := range mod.Rules {
- ref := rule.Head.Ref().GroundPrefix()
- // Rules with a dynamic portion in their ref are exempted, as a conflict within the dynamic portion
- // can only be detected at eval-time.
- if len(ref) < len(rule.Head.Ref()) {
- continue
- }
+// ModuleTreeNode represents a node in the module tree. The module
+// tree is keyed by the package path.
+type ModuleTreeNode = v1.ModuleTreeNode
- childNode, tail := node.find(ref)
- if childNode != nil && len(tail) == 0 {
- for _, childMod := range childNode.Modules {
- // Avoid recursively checking a module for equality unless we know it's a possible self-match.
- if childMod.Equal(mod) {
- continue // don't self-conflict
- }
- msg := fmt.Sprintf("%v conflicts with rule %v defined at %v", childMod.Package, rule.Head.Ref(), rule.Loc())
- c.err(NewError(TypeErr, mod.Package.Loc(), msg))
- }
- }
- }
- }
- return false
- })
-}
+// TreeNode represents a node in the rule tree. The rule tree is keyed by
+// rule path.
+type TreeNode = v1.TreeNode
-func (c *Compiler) checkUndefinedFuncs() {
- for _, name := range c.sorted {
- m := c.Modules[name]
- for _, err := range checkUndefinedFuncs(c.TypeEnv, m, c.GetArity, c.RewrittenVars) {
- c.err(err)
- }
- }
+// NewRuleTree returns a new TreeNode that represents the root
+// of the rule tree populated with the given rules.
+func NewRuleTree(mtree *ModuleTreeNode) *TreeNode {
+ return v1.NewRuleTree(mtree)
}
-func checkUndefinedFuncs(env *TypeEnv, x interface{}, arity func(Ref) int, rwVars map[Var]Var) Errors {
-
- var errs Errors
-
- WalkExprs(x, func(expr *Expr) bool {
- if !expr.IsCall() {
- return false
- }
- ref := expr.Operator()
- if arity := arity(ref); arity >= 0 {
- operands := len(expr.Operands())
- if expr.Generated { // an output var was added
- if !expr.IsEquality() && operands != arity+1 {
- ref = rewriteVarsInRef(rwVars)(ref)
- errs = append(errs, arityMismatchError(env, ref, expr, arity, operands-1))
- return true
- }
- } else { // either output var or not
- if operands != arity && operands != arity+1 {
- ref = rewriteVarsInRef(rwVars)(ref)
- errs = append(errs, arityMismatchError(env, ref, expr, arity, operands))
- return true
- }
- }
- return false
- }
- ref = rewriteVarsInRef(rwVars)(ref)
- errs = append(errs, NewError(TypeErr, expr.Loc(), "undefined function %v", ref))
- return true
- })
-
- return errs
-}
+// Graph represents the graph of dependencies between rules.
+type Graph = v1.Graph
-func arityMismatchError(env *TypeEnv, f Ref, expr *Expr, exp, act int) *Error {
- if want, ok := env.Get(f).(*types.Function); ok { // generate richer error for built-in functions
- have := make([]types.Type, len(expr.Operands()))
- for i, op := range expr.Operands() {
- have[i] = env.Get(op)
- }
- return newArgError(expr.Loc(), f, "arity mismatch", have, want.NamedFuncArgs())
- }
- if act != 1 {
- return NewError(TypeErr, expr.Loc(), "function %v has arity %d, got %d arguments", f, exp, act)
- }
- return NewError(TypeErr, expr.Loc(), "function %v has arity %d, got %d argument", f, exp, act)
+// NewGraph returns a new Graph based on modules. The list function must return
+// the rules referred to directly by the ref.
+func NewGraph(modules map[string]*Module, list func(Ref) []*Rule) *Graph {
+ return v1.NewGraph(modules, list)
}
-// checkSafetyRuleBodies ensures that variables appearing in negated expressions or non-target
-// positions of built-in expressions will be bound when evaluating the rule from left
-// to right, re-ordering as necessary.
-func (c *Compiler) checkSafetyRuleBodies() {
- for _, name := range c.sorted {
- m := c.Modules[name]
- WalkRules(m, func(r *Rule) bool {
- safe := ReservedVars.Copy()
- safe.Update(r.Head.Args.Vars())
- r.Body = c.checkBodySafety(safe, r.Body)
- return false
- })
- }
-}
+// GraphTraversal is a Traversal that understands the dependency graph
+type GraphTraversal = v1.GraphTraversal
-func (c *Compiler) checkBodySafety(safe VarSet, b Body) Body {
- reordered, unsafe := reorderBodyForSafety(c.builtins, c.GetArity, safe, b)
- if errs := safetyErrorSlice(unsafe, c.RewrittenVars); len(errs) > 0 {
- for _, err := range errs {
- c.err(err)
- }
- return b
- }
- return reordered
+// NewGraphTraversal returns a Traversal for the dependency graph
+func NewGraphTraversal(graph *Graph) *GraphTraversal {
+ return v1.NewGraphTraversal(graph)
}
-// SafetyCheckVisitorParams defines the AST visitor parameters to use for collecting
-// variables during the safety check. This has to be exported because it's relied on
-// by the copy propagation implementation in topdown.
-var SafetyCheckVisitorParams = VarVisitorParams{
- SkipRefCallHead: true,
- SkipClosures: true,
+// OutputVarsFromBody returns all variables which are the "output" for
+// the given body. For safety checks this means that they would be
+// made safe by the body.
+func OutputVarsFromBody(c *Compiler, body Body, safe VarSet) VarSet {
+ return v1.OutputVarsFromBody(c, body, safe)
}
-// checkSafetyRuleHeads ensures that variables appearing in the head of a
-// rule also appear in the body.
-func (c *Compiler) checkSafetyRuleHeads() {
-
- for _, name := range c.sorted {
- m := c.Modules[name]
- WalkRules(m, func(r *Rule) bool {
- safe := r.Body.Vars(SafetyCheckVisitorParams)
- safe.Update(r.Head.Args.Vars())
- unsafe := r.Head.Vars().Diff(safe)
- for v := range unsafe {
- if w, ok := c.RewrittenVars[v]; ok {
- v = w
- }
- if !v.IsGenerated() {
- c.err(NewError(UnsafeVarErr, r.Loc(), "var %v is unsafe", v))
- }
- }
- return false
- })
- }
-}
-
-func compileSchema(goSchema interface{}, allowNet []string) (*gojsonschema.Schema, error) {
- gojsonschema.SetAllowNet(allowNet)
-
- var refLoader gojsonschema.JSONLoader
- sl := gojsonschema.NewSchemaLoader()
-
- if goSchema != nil {
- refLoader = gojsonschema.NewGoLoader(goSchema)
- } else {
- return nil, fmt.Errorf("no schema as input to compile")
- }
- schemasCompiled, err := sl.Compile(refLoader)
- if err != nil {
- return nil, fmt.Errorf("unable to compile the schema: %w", err)
- }
- return schemasCompiled, nil
-}
-
-func mergeSchemas(schemas ...*gojsonschema.SubSchema) (*gojsonschema.SubSchema, error) {
- if len(schemas) == 0 {
- return nil, nil
- }
- var result = schemas[0]
-
- for i := range schemas {
- if len(schemas[i].PropertiesChildren) > 0 {
- if !schemas[i].Types.Contains("object") {
- if err := schemas[i].Types.Add("object"); err != nil {
- return nil, fmt.Errorf("unable to set the type in schemas")
- }
- }
- } else if len(schemas[i].ItemsChildren) > 0 {
- if !schemas[i].Types.Contains("array") {
- if err := schemas[i].Types.Add("array"); err != nil {
- return nil, fmt.Errorf("unable to set the type in schemas")
- }
- }
- }
- }
-
- for i := 1; i < len(schemas); i++ {
- if result.Types.String() != schemas[i].Types.String() {
- return nil, fmt.Errorf("unable to merge these schemas: type mismatch: %v and %v", result.Types.String(), schemas[i].Types.String())
- } else if result.Types.Contains("object") && len(result.PropertiesChildren) > 0 && schemas[i].Types.Contains("object") && len(schemas[i].PropertiesChildren) > 0 {
- result.PropertiesChildren = append(result.PropertiesChildren, schemas[i].PropertiesChildren...)
- } else if result.Types.Contains("array") && len(result.ItemsChildren) > 0 && schemas[i].Types.Contains("array") && len(schemas[i].ItemsChildren) > 0 {
- for j := 0; j < len(schemas[i].ItemsChildren); j++ {
- if len(result.ItemsChildren)-1 < j && !(len(schemas[i].ItemsChildren)-1 < j) {
- result.ItemsChildren = append(result.ItemsChildren, schemas[i].ItemsChildren[j])
- }
- if result.ItemsChildren[j].Types.String() != schemas[i].ItemsChildren[j].Types.String() {
- return nil, fmt.Errorf("unable to merge these schemas")
- }
- }
- }
- }
- return result, nil
-}
-
-type schemaParser struct {
- definitionCache map[string]*cachedDef
-}
-
-type cachedDef struct {
- properties []*types.StaticProperty
-}
-
-func newSchemaParser() *schemaParser {
- return &schemaParser{
- definitionCache: map[string]*cachedDef{},
- }
-}
-
-func (parser *schemaParser) parseSchema(schema interface{}) (types.Type, error) {
- return parser.parseSchemaWithPropertyKey(schema, "")
-}
-
-func (parser *schemaParser) parseSchemaWithPropertyKey(schema interface{}, propertyKey string) (types.Type, error) {
- subSchema, ok := schema.(*gojsonschema.SubSchema)
- if !ok {
- return nil, fmt.Errorf("unexpected schema type %v", subSchema)
- }
-
- // Handle referenced schemas, returns directly when a $ref is found
- if subSchema.RefSchema != nil {
- if existing, ok := parser.definitionCache[subSchema.Ref.String()]; ok {
- return types.NewObject(existing.properties, nil), nil
- }
- return parser.parseSchemaWithPropertyKey(subSchema.RefSchema, subSchema.Ref.String())
- }
-
- // Handle anyOf
- if subSchema.AnyOf != nil {
- var orType types.Type
-
- // If there is a core schema, find its type first
- if subSchema.Types.IsTyped() {
- copySchema := *subSchema
- copySchemaRef := ©Schema
- copySchemaRef.AnyOf = nil
- coreType, err := parser.parseSchema(copySchemaRef)
- if err != nil {
- return nil, fmt.Errorf("unexpected schema type %v: %w", subSchema, err)
- }
-
- // Only add Object type with static props to orType
- if objType, ok := coreType.(*types.Object); ok {
- if objType.StaticProperties() != nil && objType.DynamicProperties() == nil {
- orType = types.Or(orType, coreType)
- }
- }
- }
-
- // Iterate through every property of AnyOf and add it to orType
- for _, pSchema := range subSchema.AnyOf {
- newtype, err := parser.parseSchema(pSchema)
- if err != nil {
- return nil, fmt.Errorf("unexpected schema type %v: %w", pSchema, err)
- }
- orType = types.Or(newtype, orType)
- }
-
- return orType, nil
- }
-
- if subSchema.AllOf != nil {
- subSchemaArray := subSchema.AllOf
- allOfResult, err := mergeSchemas(subSchemaArray...)
- if err != nil {
- return nil, err
- }
-
- if subSchema.Types.IsTyped() {
- if (subSchema.Types.Contains("object") && allOfResult.Types.Contains("object")) || (subSchema.Types.Contains("array") && allOfResult.Types.Contains("array")) {
- objectOrArrayResult, err := mergeSchemas(allOfResult, subSchema)
- if err != nil {
- return nil, err
- }
- return parser.parseSchema(objectOrArrayResult)
- } else if subSchema.Types.String() != allOfResult.Types.String() {
- return nil, fmt.Errorf("unable to merge these schemas")
- }
- }
- return parser.parseSchema(allOfResult)
- }
-
- if subSchema.Types.IsTyped() {
- if subSchema.Types.Contains("boolean") {
- return types.B, nil
-
- } else if subSchema.Types.Contains("string") {
- return types.S, nil
-
- } else if subSchema.Types.Contains("integer") || subSchema.Types.Contains("number") {
- return types.N, nil
-
- } else if subSchema.Types.Contains("object") {
- if len(subSchema.PropertiesChildren) > 0 {
- def := &cachedDef{
- properties: make([]*types.StaticProperty, 0, len(subSchema.PropertiesChildren)),
- }
- for _, pSchema := range subSchema.PropertiesChildren {
- def.properties = append(def.properties, types.NewStaticProperty(pSchema.Property, nil))
- }
- if propertyKey != "" {
- parser.definitionCache[propertyKey] = def
- }
- for _, pSchema := range subSchema.PropertiesChildren {
- newtype, err := parser.parseSchema(pSchema)
- if err != nil {
- return nil, fmt.Errorf("unexpected schema type %v: %w", pSchema, err)
- }
- for i, prop := range def.properties {
- if prop.Key == pSchema.Property {
- def.properties[i].Value = newtype
- break
- }
- }
- }
- return types.NewObject(def.properties, nil), nil
- }
- return types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)), nil
-
- } else if subSchema.Types.Contains("array") {
- if len(subSchema.ItemsChildren) > 0 {
- if subSchema.ItemsChildrenIsSingleSchema {
- iSchema := subSchema.ItemsChildren[0]
- newtype, err := parser.parseSchema(iSchema)
- if err != nil {
- return nil, fmt.Errorf("unexpected schema type %v", iSchema)
- }
- return types.NewArray(nil, newtype), nil
- }
- newTypes := make([]types.Type, 0, len(subSchema.ItemsChildren))
- for i := 0; i != len(subSchema.ItemsChildren); i++ {
- iSchema := subSchema.ItemsChildren[i]
- newtype, err := parser.parseSchema(iSchema)
- if err != nil {
- return nil, fmt.Errorf("unexpected schema type %v", iSchema)
- }
- newTypes = append(newTypes, newtype)
- }
- return types.NewArray(newTypes, nil), nil
- }
- return types.NewArray(nil, types.A), nil
- }
- }
-
- // Assume types if not specified in schema
- if len(subSchema.PropertiesChildren) > 0 {
- if err := subSchema.Types.Add("object"); err == nil {
- return parser.parseSchema(subSchema)
- }
- } else if len(subSchema.ItemsChildren) > 0 {
- if err := subSchema.Types.Add("array"); err == nil {
- return parser.parseSchema(subSchema)
- }
- }
-
- return types.A, nil
-}
-
-func (c *Compiler) setAnnotationSet() {
- // Sorting modules by name for stable error reporting
- sorted := make([]*Module, 0, len(c.Modules))
- for _, mName := range c.sorted {
- sorted = append(sorted, c.Modules[mName])
- }
-
- as, errs := BuildAnnotationSet(sorted)
- for _, err := range errs {
- c.err(err)
- }
- c.annotationSet = as
-}
-
-// checkTypes runs the type checker on all rules. The type checker builds a
-// TypeEnv that is stored on the compiler.
-func (c *Compiler) checkTypes() {
- // Recursion is caught in earlier step, so this cannot fail.
- sorted, _ := c.Graph.Sort()
- checker := newTypeChecker().
- WithAllowNet(c.capabilities.AllowNet).
- WithSchemaSet(c.schemaSet).
- WithInputType(c.inputType).
- WithBuiltins(c.builtins).
- WithRequiredCapabilities(c.Required).
- WithVarRewriter(rewriteVarsInRef(c.RewrittenVars)).
- WithAllowUndefinedFunctionCalls(c.allowUndefinedFuncCalls)
- var as *AnnotationSet
- if c.useTypeCheckAnnotations {
- as = c.annotationSet
- }
- env, errs := checker.CheckTypes(c.TypeEnv, sorted, as)
- for _, err := range errs {
- c.err(err)
- }
- c.TypeEnv = env
-}
-
-func (c *Compiler) checkUnsafeBuiltins() {
- for _, name := range c.sorted {
- errs := checkUnsafeBuiltins(c.unsafeBuiltinsMap, c.Modules[name])
- for _, err := range errs {
- c.err(err)
- }
- }
-}
-
-func (c *Compiler) checkDeprecatedBuiltins() {
- for _, name := range c.sorted {
- mod := c.Modules[name]
- if c.strict || mod.regoV1Compatible() {
- errs := checkDeprecatedBuiltins(c.deprecatedBuiltinsMap, mod)
- for _, err := range errs {
- c.err(err)
- }
- }
- }
-}
-
-func (c *Compiler) runStage(metricName string, f func()) {
- if c.metrics != nil {
- c.metrics.Timer(metricName).Start()
- defer c.metrics.Timer(metricName).Stop()
- }
- f()
-}
-
-func (c *Compiler) runStageAfter(metricName string, s CompilerStage) *Error {
- if c.metrics != nil {
- c.metrics.Timer(metricName).Start()
- defer c.metrics.Timer(metricName).Stop()
- }
- return s(c)
-}
-
-func (c *Compiler) compile() {
-
- defer func() {
- if r := recover(); r != nil && r != errLimitReached {
- panic(r)
- }
- }()
-
- for _, s := range c.stages {
- if c.evalMode == EvalModeIR {
- switch s.name {
- case "BuildRuleIndices", "BuildComprehensionIndices":
- continue // skip these stages
- }
- }
-
- if c.allowUndefinedFuncCalls && (s.name == "CheckUndefinedFuncs" || s.name == "CheckSafetyRuleBodies") {
- continue
- }
-
- c.runStage(s.metricName, s.f)
- if c.Failed() {
- return
- }
- for _, a := range c.after[s.name] {
- if err := c.runStageAfter(a.MetricName, a.Stage); err != nil {
- c.err(err)
- return
- }
- }
- }
-}
-
-func (c *Compiler) init() {
-
- if c.initialized {
- return
- }
-
- if c.capabilities == nil {
- c.capabilities = CapabilitiesForThisVersion()
- }
-
- c.builtins = make(map[string]*Builtin, len(c.capabilities.Builtins)+len(c.customBuiltins))
-
- for _, bi := range c.capabilities.Builtins {
- c.builtins[bi.Name] = bi
- if bi.IsDeprecated() {
- c.deprecatedBuiltinsMap[bi.Name] = struct{}{}
- }
- }
-
- for name, bi := range c.customBuiltins {
- c.builtins[name] = bi
- }
-
- // Load the global input schema if one was provided.
- if c.schemaSet != nil {
- if schema := c.schemaSet.Get(SchemaRootRef); schema != nil {
- tpe, err := loadSchema(schema, c.capabilities.AllowNet)
- if err != nil {
- c.err(NewError(TypeErr, nil, err.Error()))
- } else {
- c.inputType = tpe
- }
- }
- }
-
- c.TypeEnv = newTypeChecker().
- WithSchemaSet(c.schemaSet).
- WithInputType(c.inputType).
- Env(c.builtins)
-
- c.initialized = true
-}
-
-func (c *Compiler) err(err *Error) {
- if c.maxErrs > 0 && len(c.Errors) >= c.maxErrs {
- c.Errors = append(c.Errors, errLimitReached)
- panic(errLimitReached)
- }
- c.Errors = append(c.Errors, err)
-}
-
-func (c *Compiler) getExports() *util.HashMap {
-
- rules := util.NewHashMap(func(a, b util.T) bool {
- return a.(Ref).Equal(b.(Ref))
- }, func(v util.T) int {
- return v.(Ref).Hash()
- })
-
- for _, name := range c.sorted {
- mod := c.Modules[name]
-
- for _, rule := range mod.Rules {
- hashMapAdd(rules, mod.Package.Path, rule.Head.Ref().GroundPrefix())
- }
- }
-
- return rules
-}
-
-func hashMapAdd(rules *util.HashMap, pkg, rule Ref) {
- prev, ok := rules.Get(pkg)
- if !ok {
- rules.Put(pkg, []Ref{rule})
- return
- }
- for _, p := range prev.([]Ref) {
- if p.Equal(rule) {
- return
- }
- }
- rules.Put(pkg, append(prev.([]Ref), rule))
-}
-
-func (c *Compiler) GetAnnotationSet() *AnnotationSet {
- return c.annotationSet
-}
-
-func (c *Compiler) checkDuplicateImports() {
- modules := make([]*Module, 0, len(c.Modules))
-
- for _, name := range c.sorted {
- mod := c.Modules[name]
- if c.strict || mod.regoV1Compatible() {
- modules = append(modules, mod)
- }
- }
-
- errs := checkDuplicateImports(modules)
- for _, err := range errs {
- c.err(err)
- }
-}
-
-func (c *Compiler) checkKeywordOverrides() {
- for _, name := range c.sorted {
- mod := c.Modules[name]
- if c.strict || mod.regoV1Compatible() {
- errs := checkRootDocumentOverrides(mod)
- for _, err := range errs {
- c.err(err)
- }
- }
- }
-}
-
-// resolveAllRefs resolves references in expressions to their fully qualified values.
-//
-// For instance, given the following module:
-//
-// package a.b
-// import data.foo.bar
-// p[x] { bar[_] = x }
-//
-// The reference "bar[_]" would be resolved to "data.foo.bar[_]".
-//
-// Ref rules are resolved, too:
-//
-// package a.b
-// q { c.d.e == 1 }
-// c.d[e] := 1 if e := "e"
-//
-// The reference "c.d.e" would be resolved to "data.a.b.c.d.e".
-func (c *Compiler) resolveAllRefs() {
-
- rules := c.getExports()
-
- for _, name := range c.sorted {
- mod := c.Modules[name]
-
- var ruleExports []Ref
- if x, ok := rules.Get(mod.Package.Path); ok {
- ruleExports = x.([]Ref)
- }
-
- globals := getGlobals(mod.Package, ruleExports, mod.Imports)
-
- WalkRules(mod, func(rule *Rule) bool {
- err := resolveRefsInRule(globals, rule)
- if err != nil {
- c.err(NewError(CompileErr, rule.Location, err.Error()))
- }
- return false
- })
-
- if c.strict { // check for unused imports
- for _, imp := range mod.Imports {
- path := imp.Path.Value.(Ref)
- if FutureRootDocument.Equal(path[0]) || RegoRootDocument.Equal(path[0]) {
- continue // ignore future and rego imports
- }
-
- for v, u := range globals {
- if v.Equal(imp.Name()) && !u.used {
- c.err(NewError(CompileErr, imp.Location, "%s unused", imp.String()))
- }
- }
- }
- }
- }
-
- if c.moduleLoader != nil {
-
- parsed, err := c.moduleLoader(c.Modules)
- if err != nil {
- c.err(NewError(CompileErr, nil, err.Error()))
- return
- }
-
- if len(parsed) == 0 {
- return
- }
-
- for id, module := range parsed {
- c.Modules[id] = module.Copy()
- c.sorted = append(c.sorted, id)
- if c.parsedModules != nil {
- c.parsedModules[id] = module
- }
- }
-
- sort.Strings(c.sorted)
- c.resolveAllRefs()
- }
-}
-
-func (c *Compiler) removeImports() {
- c.imports = make(map[string][]*Import, len(c.Modules))
- for name := range c.Modules {
- c.imports[name] = c.Modules[name].Imports
- c.Modules[name].Imports = nil
- }
-}
-
-func (c *Compiler) initLocalVarGen() {
- c.localvargen = newLocalVarGeneratorForModuleSet(c.sorted, c.Modules)
-}
-
-func (c *Compiler) rewriteComprehensionTerms() {
- f := newEqualityFactory(c.localvargen)
- for _, name := range c.sorted {
- mod := c.Modules[name]
- _, _ = rewriteComprehensionTerms(f, mod) // ignore error
- }
-}
-
-func (c *Compiler) rewriteExprTerms() {
- for _, name := range c.sorted {
- mod := c.Modules[name]
- WalkRules(mod, func(rule *Rule) bool {
- rewriteExprTermsInHead(c.localvargen, rule)
- rule.Body = rewriteExprTermsInBody(c.localvargen, rule.Body)
- return false
- })
- }
-}
-
-func (c *Compiler) rewriteRuleHeadRefs() {
- f := newEqualityFactory(c.localvargen)
- for _, name := range c.sorted {
- WalkRules(c.Modules[name], func(rule *Rule) bool {
-
- ref := rule.Head.Ref()
- // NOTE(sr): We're backfilling Refs here -- all parser code paths would have them, but
- // it's possible to construct Module{} instances from Golang code, so we need
- // to accommodate for that, too.
- if len(rule.Head.Reference) == 0 {
- rule.Head.Reference = ref
- }
-
- cannotSpeakStringPrefixRefs := true
- cannotSpeakGeneralRefs := true
- for _, f := range c.capabilities.Features {
- switch f {
- case FeatureRefHeadStringPrefixes:
- cannotSpeakStringPrefixRefs = false
- case FeatureRefHeads:
- cannotSpeakGeneralRefs = false
- }
- }
-
- if cannotSpeakStringPrefixRefs && cannotSpeakGeneralRefs && rule.Head.Name == "" {
- c.err(NewError(CompileErr, rule.Loc(), "rule heads with refs are not supported: %v", rule.Head.Reference))
- return true
- }
-
- for i := 1; i < len(ref); i++ {
- if cannotSpeakGeneralRefs && (rule.Head.RuleKind() == MultiValue || i != len(ref)-1) { // last
- if _, ok := ref[i].Value.(String); !ok {
- c.err(NewError(TypeErr, rule.Loc(), "rule heads with general refs (containing variables) are not supported: %v", rule.Head.Reference))
- continue
- }
- }
-
- // Rewrite so that any non-scalar elements in the rule's ref are vars:
- // p.q.r[y.z] { ... } => p.q.r[__local0__] { __local0__ = y.z }
- // p.q[a.b][c.d] { ... } => p.q[__local0__] { __local0__ = a.b; __local1__ = c.d }
- // because that's what the RuleTree knows how to deal with.
- if _, ok := ref[i].Value.(Var); !ok && !IsScalar(ref[i].Value) {
- expr := f.Generate(ref[i])
- if i == len(ref)-1 && rule.Head.Key.Equal(ref[i]) {
- rule.Head.Key = expr.Operand(0)
- }
- rule.Head.Reference[i] = expr.Operand(0)
- rule.Body.Append(expr)
- }
- }
-
- return true
- })
- }
-}
-
-func (c *Compiler) checkVoidCalls() {
- for _, name := range c.sorted {
- mod := c.Modules[name]
- for _, err := range checkVoidCalls(c.TypeEnv, mod) {
- c.err(err)
- }
- }
-}
-
-func (c *Compiler) rewritePrintCalls() {
- var modified bool
- if !c.enablePrintStatements {
- for _, name := range c.sorted {
- if erasePrintCalls(c.Modules[name]) {
- modified = true
- }
- }
- } else {
- for _, name := range c.sorted {
- mod := c.Modules[name]
- WalkRules(mod, func(r *Rule) bool {
- safe := r.Head.Args.Vars()
- safe.Update(ReservedVars)
- vis := func(b Body) bool {
- modrec, errs := rewritePrintCalls(c.localvargen, c.GetArity, safe, b)
- if modrec {
- modified = true
- }
- for _, err := range errs {
- c.err(err)
- }
- return false
- }
- WalkBodies(r.Head, vis)
- WalkBodies(r.Body, vis)
- return false
- })
- }
- }
- if modified {
- c.Required.addBuiltinSorted(Print)
- }
-}
-
-// checkVoidCalls returns errors for any expressions that treat void function
-// calls as values. The only void functions in Rego are specific built-ins like
-// print().
-func checkVoidCalls(env *TypeEnv, x interface{}) Errors {
- var errs Errors
- WalkTerms(x, func(x *Term) bool {
- if call, ok := x.Value.(Call); ok {
- if tpe, ok := env.Get(call[0]).(*types.Function); ok && tpe.Result() == nil {
- errs = append(errs, NewError(TypeErr, x.Loc(), "%v used as value", call))
- }
- }
- return false
- })
- return errs
-}
-
-// rewritePrintCalls will rewrite the body so that print operands are captured
-// in local variables and their evaluation occurs within a comprehension.
-// Wrapping the terms inside of a comprehension ensures that undefined values do
-// not short-circuit evaluation.
-//
-// For example, given the following print statement:
-//
-// print("the value of x is:", input.x)
-//
-// The expression would be rewritten to:
-//
-// print({__local0__ | __local0__ = "the value of x is:"}, {__local1__ | __local1__ = input.x})
-func rewritePrintCalls(gen *localVarGenerator, getArity func(Ref) int, globals VarSet, body Body) (bool, Errors) {
-
- var errs Errors
- var modified bool
-
- // Visit comprehension bodies recursively to ensure print statements inside
- // those bodies only close over variables that are safe.
- for i := range body {
- if ContainsClosures(body[i]) {
- safe := outputVarsForBody(body[:i], getArity, globals)
- safe.Update(globals)
- WalkClosures(body[i], func(x interface{}) bool {
- var modrec bool
- var errsrec Errors
- switch x := x.(type) {
- case *SetComprehension:
- modrec, errsrec = rewritePrintCalls(gen, getArity, safe, x.Body)
- case *ArrayComprehension:
- modrec, errsrec = rewritePrintCalls(gen, getArity, safe, x.Body)
- case *ObjectComprehension:
- modrec, errsrec = rewritePrintCalls(gen, getArity, safe, x.Body)
- case *Every:
- safe.Update(x.KeyValueVars())
- modrec, errsrec = rewritePrintCalls(gen, getArity, safe, x.Body)
- }
- if modrec {
- modified = true
- }
- errs = append(errs, errsrec...)
- return true
- })
- if len(errs) > 0 {
- return false, errs
- }
- }
- }
-
- for i := range body {
-
- if !isPrintCall(body[i]) {
- continue
- }
-
- modified = true
-
- var errs Errors
- safe := outputVarsForBody(body[:i], getArity, globals)
- safe.Update(globals)
- args := body[i].Operands()
-
- for j := range args {
- vis := NewVarVisitor().WithParams(SafetyCheckVisitorParams)
- vis.Walk(args[j])
- unsafe := vis.Vars().Diff(safe)
- for _, v := range unsafe.Sorted() {
- errs = append(errs, NewError(CompileErr, args[j].Loc(), "var %v is undeclared", v))
- }
- }
-
- if len(errs) > 0 {
- return false, errs
- }
-
- arr := NewArray()
-
- for j := range args {
- x := NewTerm(gen.Generate()).SetLocation(args[j].Loc())
- capture := Equality.Expr(x, args[j]).SetLocation(args[j].Loc())
- arr = arr.Append(SetComprehensionTerm(x, NewBody(capture)).SetLocation(args[j].Loc()))
- }
-
- body.Set(NewExpr([]*Term{
- NewTerm(InternalPrint.Ref()).SetLocation(body[i].Loc()),
- NewTerm(arr).SetLocation(body[i].Loc()),
- }).SetLocation(body[i].Loc()), i)
- }
-
- return modified, nil
-}
-
-func erasePrintCalls(node interface{}) bool {
- var modified bool
- NewGenericVisitor(func(x interface{}) bool {
- var modrec bool
- switch x := x.(type) {
- case *Rule:
- modrec, x.Body = erasePrintCallsInBody(x.Body)
- case *ArrayComprehension:
- modrec, x.Body = erasePrintCallsInBody(x.Body)
- case *SetComprehension:
- modrec, x.Body = erasePrintCallsInBody(x.Body)
- case *ObjectComprehension:
- modrec, x.Body = erasePrintCallsInBody(x.Body)
- case *Every:
- modrec, x.Body = erasePrintCallsInBody(x.Body)
- }
- if modrec {
- modified = true
- }
- return false
- }).Walk(node)
- return modified
-}
-
-func erasePrintCallsInBody(x Body) (bool, Body) {
-
- if !containsPrintCall(x) {
- return false, x
- }
-
- var cpy Body
-
- for i := range x {
-
- // Recursively visit any comprehensions contained in this expression.
- erasePrintCalls(x[i])
-
- if !isPrintCall(x[i]) {
- cpy.Append(x[i])
- }
- }
-
- if len(cpy) == 0 {
- term := BooleanTerm(true).SetLocation(x.Loc())
- expr := NewExpr(term).SetLocation(x.Loc())
- cpy.Append(expr)
- }
-
- return true, cpy
-}
-
-func containsPrintCall(x interface{}) bool {
- var found bool
- WalkExprs(x, func(expr *Expr) bool {
- if !found {
- if isPrintCall(expr) {
- found = true
- }
- }
- return found
- })
- return found
-}
-
-func isPrintCall(x *Expr) bool {
- return x.IsCall() && x.Operator().Equal(Print.Ref())
-}
-
-// rewriteRefsInHead will rewrite rules so that the head does not contain any
-// terms that require evaluation (e.g., refs or comprehensions). If the key or
-// value contains one or more of these terms, the key or value will be moved
-// into the body and assigned to a new variable. The new variable will replace
-// the key or value in the head.
-//
-// For instance, given the following rule:
-//
-// p[{"foo": data.foo[i]}] { i < 100 }
-//
-// The rule would be re-written as:
-//
-// p[__local0__] { i < 100; __local0__ = {"foo": data.foo[i]} }
-func (c *Compiler) rewriteRefsInHead() {
- f := newEqualityFactory(c.localvargen)
- for _, name := range c.sorted {
- mod := c.Modules[name]
- WalkRules(mod, func(rule *Rule) bool {
- if requiresEval(rule.Head.Key) {
- expr := f.Generate(rule.Head.Key)
- rule.Head.Key = expr.Operand(0)
- rule.Body.Append(expr)
- }
- if requiresEval(rule.Head.Value) {
- expr := f.Generate(rule.Head.Value)
- rule.Head.Value = expr.Operand(0)
- rule.Body.Append(expr)
- }
- for i := 0; i < len(rule.Head.Args); i++ {
- if requiresEval(rule.Head.Args[i]) {
- expr := f.Generate(rule.Head.Args[i])
- rule.Head.Args[i] = expr.Operand(0)
- rule.Body.Append(expr)
- }
- }
- return false
- })
- }
-}
-
-func (c *Compiler) rewriteEquals() {
- modified := false
- for _, name := range c.sorted {
- mod := c.Modules[name]
- modified = rewriteEquals(mod) || modified
- }
- if modified {
- c.Required.addBuiltinSorted(Equal)
- }
-}
-
-func (c *Compiler) rewriteDynamicTerms() {
- f := newEqualityFactory(c.localvargen)
- for _, name := range c.sorted {
- mod := c.Modules[name]
- WalkRules(mod, func(rule *Rule) bool {
- rule.Body = rewriteDynamics(f, rule.Body)
- return false
- })
- }
-}
-
-// rewriteTestRuleEqualities rewrites equality expressions in test rule bodies to create local vars for statements that would otherwise
-// not have their values captured through tracing, such as refs and comprehensions not unified/assigned to a local var.
-// For example, given the following module:
-//
-// package test
-//
-// p.q contains v if {
-// some v in numbers.range(1, 3)
-// }
-//
-// p.r := "foo"
-//
-// test_rule {
-// p == {
-// "q": {4, 5, 6}
-// }
-// }
-//
-// `p` in `test_rule` resolves to `data.test.p`, which won't be an entry in the virtual-cache and must therefore be calculated after-the-fact.
-// If `p` isn't captured in a local var, there is no trivial way to retrieve its value for test reporting.
-func (c *Compiler) rewriteTestRuleEqualities() {
- if !c.rewriteTestRulesForTracing {
- return
- }
-
- f := newEqualityFactory(c.localvargen)
- for _, name := range c.sorted {
- mod := c.Modules[name]
- WalkRules(mod, func(rule *Rule) bool {
- if strings.HasPrefix(string(rule.Head.Name), "test_") {
- rule.Body = rewriteTestEqualities(f, rule.Body)
- }
- return false
- })
- }
-}
-
-func (c *Compiler) parseMetadataBlocks() {
- // Only parse annotations if rego.metadata built-ins are called
- regoMetadataCalled := false
- for _, name := range c.sorted {
- mod := c.Modules[name]
- WalkExprs(mod, func(expr *Expr) bool {
- if isRegoMetadataChainCall(expr) || isRegoMetadataRuleCall(expr) {
- regoMetadataCalled = true
- }
- return regoMetadataCalled
- })
-
- if regoMetadataCalled {
- break
- }
- }
-
- if regoMetadataCalled {
- // NOTE: Possible optimization: only parse annotations for modules on the path of rego.metadata-calling module
- for _, name := range c.sorted {
- mod := c.Modules[name]
-
- if len(mod.Annotations) == 0 {
- var errs Errors
- mod.Annotations, errs = parseAnnotations(mod.Comments)
- errs = append(errs, attachAnnotationsNodes(mod)...)
- for _, err := range errs {
- c.err(err)
- }
-
- attachRuleAnnotations(mod)
- }
- }
- }
-}
-
-func (c *Compiler) rewriteRegoMetadataCalls() {
- eqFactory := newEqualityFactory(c.localvargen)
-
- _, chainFuncAllowed := c.builtins[RegoMetadataChain.Name]
- _, ruleFuncAllowed := c.builtins[RegoMetadataRule.Name]
-
- for _, name := range c.sorted {
- mod := c.Modules[name]
-
- WalkRules(mod, func(rule *Rule) bool {
- var firstChainCall *Expr
- var firstRuleCall *Expr
-
- WalkExprs(rule, func(expr *Expr) bool {
- if chainFuncAllowed && firstChainCall == nil && isRegoMetadataChainCall(expr) {
- firstChainCall = expr
- } else if ruleFuncAllowed && firstRuleCall == nil && isRegoMetadataRuleCall(expr) {
- firstRuleCall = expr
- }
- return firstChainCall != nil && firstRuleCall != nil
- })
-
- chainCalled := firstChainCall != nil
- ruleCalled := firstRuleCall != nil
-
- if chainCalled || ruleCalled {
- body := make(Body, 0, len(rule.Body)+2)
-
- var metadataChainVar Var
- if chainCalled {
- // Create and inject metadata chain for rule
-
- chain, err := createMetadataChain(c.annotationSet.Chain(rule))
- if err != nil {
- c.err(err)
- return false
- }
-
- chain.Location = firstChainCall.Location
- eq := eqFactory.Generate(chain)
- metadataChainVar = eq.Operands()[0].Value.(Var)
- body.Append(eq)
- }
-
- var metadataRuleVar Var
- if ruleCalled {
- // Create and inject metadata for rule
-
- var metadataRuleTerm *Term
-
- a := getPrimaryRuleAnnotations(c.annotationSet, rule)
- if a != nil {
- annotObj, err := a.toObject()
- if err != nil {
- c.err(err)
- return false
- }
- metadataRuleTerm = NewTerm(*annotObj)
- } else {
- // If rule has no annotations, assign an empty object
- metadataRuleTerm = ObjectTerm()
- }
-
- metadataRuleTerm.Location = firstRuleCall.Location
- eq := eqFactory.Generate(metadataRuleTerm)
- metadataRuleVar = eq.Operands()[0].Value.(Var)
- body.Append(eq)
- }
-
- for _, expr := range rule.Body {
- body.Append(expr)
- }
- rule.Body = body
-
- vis := func(b Body) bool {
- for _, err := range rewriteRegoMetadataCalls(&metadataChainVar, &metadataRuleVar, b, &c.RewrittenVars) {
- c.err(err)
- }
- return false
- }
- WalkBodies(rule.Head, vis)
- WalkBodies(rule.Body, vis)
- }
-
- return false
- })
- }
-}
-
-func getPrimaryRuleAnnotations(as *AnnotationSet, rule *Rule) *Annotations {
- annots := as.GetRuleScope(rule)
-
- if len(annots) == 0 {
- return nil
- }
-
- // Sort by annotation location; chain must start with annotations declared closest to rule, then going outward
- sort.SliceStable(annots, func(i, j int) bool {
- return annots[i].Location.Compare(annots[j].Location) > 0
- })
-
- return annots[0]
-}
-
-func rewriteRegoMetadataCalls(metadataChainVar *Var, metadataRuleVar *Var, body Body, rewrittenVars *map[Var]Var) Errors {
- var errs Errors
-
- WalkClosures(body, func(x interface{}) bool {
- switch x := x.(type) {
- case *ArrayComprehension:
- errs = rewriteRegoMetadataCalls(metadataChainVar, metadataRuleVar, x.Body, rewrittenVars)
- case *SetComprehension:
- errs = rewriteRegoMetadataCalls(metadataChainVar, metadataRuleVar, x.Body, rewrittenVars)
- case *ObjectComprehension:
- errs = rewriteRegoMetadataCalls(metadataChainVar, metadataRuleVar, x.Body, rewrittenVars)
- case *Every:
- errs = rewriteRegoMetadataCalls(metadataChainVar, metadataRuleVar, x.Body, rewrittenVars)
- }
- return true
- })
-
- for i := range body {
- expr := body[i]
- var metadataVar Var
-
- if metadataChainVar != nil && isRegoMetadataChainCall(expr) {
- metadataVar = *metadataChainVar
- } else if metadataRuleVar != nil && isRegoMetadataRuleCall(expr) {
- metadataVar = *metadataRuleVar
- } else {
- continue
- }
-
- // NOTE(johanfylling): An alternative strategy would be to walk the body and replace all operands[0]
- // usages with *metadataChainVar
- operands := expr.Operands()
- var newExpr *Expr
- if len(operands) > 0 { // There is an output var to rewrite
- rewrittenVar := operands[0]
- newExpr = Equality.Expr(rewrittenVar, NewTerm(metadataVar))
- } else { // No output var, just rewrite expr to metadataVar
- newExpr = NewExpr(NewTerm(metadataVar))
- }
-
- newExpr.Generated = true
- newExpr.Location = expr.Location
- body.Set(newExpr, i)
- }
-
- return errs
-}
-
-func isRegoMetadataChainCall(x *Expr) bool {
- return x.IsCall() && x.Operator().Equal(RegoMetadataChain.Ref())
-}
-
-func isRegoMetadataRuleCall(x *Expr) bool {
- return x.IsCall() && x.Operator().Equal(RegoMetadataRule.Ref())
-}
-
-func createMetadataChain(chain []*AnnotationsRef) (*Term, *Error) {
-
- metaArray := NewArray()
- for _, link := range chain {
- p := link.Path.toArray().
- Slice(1, -1) // Dropping leading 'data' element of path
- obj := NewObject(
- Item(StringTerm("path"), NewTerm(p)),
- )
- if link.Annotations != nil {
- annotObj, err := link.Annotations.toObject()
- if err != nil {
- return nil, err
- }
- obj.Insert(StringTerm("annotations"), NewTerm(*annotObj))
- }
- metaArray = metaArray.Append(NewTerm(obj))
- }
-
- return NewTerm(metaArray), nil
-}
-
-func (c *Compiler) rewriteLocalVars() {
-
- var assignment bool
-
- for _, name := range c.sorted {
- mod := c.Modules[name]
- gen := c.localvargen
-
- WalkRules(mod, func(rule *Rule) bool {
- argsStack := newLocalDeclaredVars()
-
- args := NewVarVisitor()
- if c.strict {
- args.Walk(rule.Head.Args)
- }
- unusedArgs := args.Vars()
-
- c.rewriteLocalArgVars(gen, argsStack, rule)
-
- // Rewrite local vars in each else-branch of the rule.
- // Note: this is done instead of a walk so that we can capture any unused function arguments
- // across else-branches.
- for rule := rule; rule != nil; rule = rule.Else {
- stack, errs := c.rewriteLocalVarsInRule(rule, unusedArgs, argsStack, gen)
- if stack.assignment {
- assignment = true
- }
-
- for arg := range unusedArgs {
- if stack.Count(arg) > 1 {
- delete(unusedArgs, arg)
- }
- }
-
- for _, err := range errs {
- c.err(err)
- }
- }
-
- if c.strict {
- // Report an error for each unused function argument
- for arg := range unusedArgs {
- if !arg.IsWildcard() {
- c.err(NewError(CompileErr, rule.Head.Location, "unused argument %v. (hint: use _ (wildcard variable) instead)", arg))
- }
- }
- }
-
- return true
- })
- }
-
- if assignment {
- c.Required.addBuiltinSorted(Assign)
- }
-}
-
-func (c *Compiler) rewriteLocalVarsInRule(rule *Rule, unusedArgs VarSet, argsStack *localDeclaredVars, gen *localVarGenerator) (*localDeclaredVars, Errors) {
- // Rewrite assignments contained in head of rule. Assignments can
- // occur in rule head if they're inside a comprehension. Note,
- // assigned vars in comprehensions in the head will be rewritten
- // first to preserve scoping rules. For example:
- //
- // p = [x | x := 1] { x := 2 } becomes p = [__local0__ | __local0__ = 1] { __local1__ = 2 }
- //
- // This behaviour is consistent scoping inside the body. For example:
- //
- // p = xs { x := 2; xs = [x | x := 1] } becomes p = xs { __local0__ = 2; xs = [__local1__ | __local1__ = 1] }
- nestedXform := &rewriteNestedHeadVarLocalTransform{
- gen: gen,
- RewrittenVars: c.RewrittenVars,
- strict: c.strict,
- }
-
- NewGenericVisitor(nestedXform.Visit).Walk(rule.Head)
-
- for _, err := range nestedXform.errs {
- c.err(err)
- }
-
- // Rewrite assignments in body.
- used := NewVarSet()
-
- for _, t := range rule.Head.Ref()[1:] {
- used.Update(t.Vars())
- }
-
- if rule.Head.Key != nil {
- used.Update(rule.Head.Key.Vars())
- }
-
- if rule.Head.Value != nil {
- valueVars := rule.Head.Value.Vars()
- used.Update(valueVars)
- for arg := range unusedArgs {
- if valueVars.Contains(arg) {
- delete(unusedArgs, arg)
- }
- }
- }
-
- stack := argsStack.Copy()
-
- body, declared, errs := rewriteLocalVars(gen, stack, used, rule.Body, c.strict)
-
- // For rewritten vars use the collection of all variables that
- // were in the stack at some point in time.
- for k, v := range stack.rewritten {
- c.RewrittenVars[k] = v
- }
-
- rule.Body = body
-
- // Rewrite vars in head that refer to locally declared vars in the body.
- localXform := rewriteHeadVarLocalTransform{declared: declared}
-
- for i := range rule.Head.Args {
- rule.Head.Args[i], _ = transformTerm(localXform, rule.Head.Args[i])
- }
-
- for i := 1; i < len(rule.Head.Ref()); i++ {
- rule.Head.Reference[i], _ = transformTerm(localXform, rule.Head.Ref()[i])
- }
- if rule.Head.Key != nil {
- rule.Head.Key, _ = transformTerm(localXform, rule.Head.Key)
- }
-
- if rule.Head.Value != nil {
- rule.Head.Value, _ = transformTerm(localXform, rule.Head.Value)
- }
- return stack, errs
-}
-
-type rewriteNestedHeadVarLocalTransform struct {
- gen *localVarGenerator
- errs Errors
- RewrittenVars map[Var]Var
- strict bool
-}
-
-func (xform *rewriteNestedHeadVarLocalTransform) Visit(x interface{}) bool {
-
- if term, ok := x.(*Term); ok {
-
- stop := false
- stack := newLocalDeclaredVars()
-
- switch x := term.Value.(type) {
- case *object:
- cpy, _ := x.Map(func(k, v *Term) (*Term, *Term, error) {
- kcpy := k.Copy()
- NewGenericVisitor(xform.Visit).Walk(kcpy)
- vcpy := v.Copy()
- NewGenericVisitor(xform.Visit).Walk(vcpy)
- return kcpy, vcpy, nil
- })
- term.Value = cpy
- stop = true
- case *set:
- cpy, _ := x.Map(func(v *Term) (*Term, error) {
- vcpy := v.Copy()
- NewGenericVisitor(xform.Visit).Walk(vcpy)
- return vcpy, nil
- })
- term.Value = cpy
- stop = true
- case *ArrayComprehension:
- xform.errs = rewriteDeclaredVarsInArrayComprehension(xform.gen, stack, x, xform.errs, xform.strict)
- stop = true
- case *SetComprehension:
- xform.errs = rewriteDeclaredVarsInSetComprehension(xform.gen, stack, x, xform.errs, xform.strict)
- stop = true
- case *ObjectComprehension:
- xform.errs = rewriteDeclaredVarsInObjectComprehension(xform.gen, stack, x, xform.errs, xform.strict)
- stop = true
- }
-
- for k, v := range stack.rewritten {
- xform.RewrittenVars[k] = v
- }
-
- return stop
- }
-
- return false
-}
-
-type rewriteHeadVarLocalTransform struct {
- declared map[Var]Var
-}
-
-func (xform rewriteHeadVarLocalTransform) Transform(x interface{}) (interface{}, error) {
- if v, ok := x.(Var); ok {
- if gv, ok := xform.declared[v]; ok {
- return gv, nil
- }
- }
- return x, nil
-}
-
-func (c *Compiler) rewriteLocalArgVars(gen *localVarGenerator, stack *localDeclaredVars, rule *Rule) {
-
- vis := &ruleArgLocalRewriter{
- stack: stack,
- gen: gen,
- }
-
- for i := range rule.Head.Args {
- Walk(vis, rule.Head.Args[i])
- }
-
- for i := range vis.errs {
- c.err(vis.errs[i])
- }
-}
-
-type ruleArgLocalRewriter struct {
- stack *localDeclaredVars
- gen *localVarGenerator
- errs []*Error
-}
-
-func (vis *ruleArgLocalRewriter) Visit(x interface{}) Visitor {
-
- t, ok := x.(*Term)
- if !ok {
- return vis
- }
-
- switch v := t.Value.(type) {
- case Var:
- gv, ok := vis.stack.Declared(v)
- if ok {
- vis.stack.Seen(v)
- } else {
- gv = vis.gen.Generate()
- vis.stack.Insert(v, gv, argVar)
- }
- t.Value = gv
- return nil
- case *object:
- if cpy, err := v.Map(func(k, v *Term) (*Term, *Term, error) {
- vcpy := v.Copy()
- Walk(vis, vcpy)
- return k, vcpy, nil
- }); err != nil {
- vis.errs = append(vis.errs, NewError(CompileErr, t.Location, err.Error()))
- } else {
- t.Value = cpy
- }
- return nil
- case Null, Boolean, Number, String, *ArrayComprehension, *SetComprehension, *ObjectComprehension, Set:
- // Scalars are no-ops. Comprehensions are handled above. Sets must not
- // contain variables.
- return nil
- case Call:
- vis.errs = append(vis.errs, NewError(CompileErr, t.Location, "rule arguments cannot contain calls"))
- return nil
- default:
- // Recurse on refs and arrays. Any embedded
- // variables can be rewritten.
- return vis
- }
-}
-
-func (c *Compiler) rewriteWithModifiers() {
- f := newEqualityFactory(c.localvargen)
- for _, name := range c.sorted {
- mod := c.Modules[name]
- t := NewGenericTransformer(func(x interface{}) (interface{}, error) {
- body, ok := x.(Body)
- if !ok {
- return x, nil
- }
- body, err := rewriteWithModifiersInBody(c, c.unsafeBuiltinsMap, f, body)
- if err != nil {
- c.err(err)
- }
-
- return body, nil
- })
- _, _ = Transform(t, mod) // ignore error
- }
-}
-
-func (c *Compiler) setModuleTree() {
- c.ModuleTree = NewModuleTree(c.Modules)
-}
-
-func (c *Compiler) setRuleTree() {
- c.RuleTree = NewRuleTree(c.ModuleTree)
-}
-
-func (c *Compiler) setGraph() {
- list := func(r Ref) []*Rule {
- return c.GetRulesDynamicWithOpts(r, RulesOptions{IncludeHiddenModules: true})
- }
- c.Graph = NewGraph(c.Modules, list)
-}
-
-type queryCompiler struct {
- compiler *Compiler
- qctx *QueryContext
- typeEnv *TypeEnv
- rewritten map[Var]Var
- after map[string][]QueryCompilerStageDefinition
- unsafeBuiltins map[string]struct{}
- comprehensionIndices map[*Term]*ComprehensionIndex
- enablePrintStatements bool
-}
-
-func newQueryCompiler(compiler *Compiler) QueryCompiler {
- qc := &queryCompiler{
- compiler: compiler,
- qctx: nil,
- after: map[string][]QueryCompilerStageDefinition{},
- comprehensionIndices: map[*Term]*ComprehensionIndex{},
- }
- return qc
-}
-
-func (qc *queryCompiler) WithStrict(strict bool) QueryCompiler {
- qc.compiler.WithStrict(strict)
- return qc
-}
-
-func (qc *queryCompiler) WithEnablePrintStatements(yes bool) QueryCompiler {
- qc.enablePrintStatements = yes
- return qc
-}
-
-func (qc *queryCompiler) WithContext(qctx *QueryContext) QueryCompiler {
- qc.qctx = qctx
- return qc
-}
-
-func (qc *queryCompiler) WithStageAfter(after string, stage QueryCompilerStageDefinition) QueryCompiler {
- qc.after[after] = append(qc.after[after], stage)
- return qc
-}
-
-func (qc *queryCompiler) WithUnsafeBuiltins(unsafe map[string]struct{}) QueryCompiler {
- qc.unsafeBuiltins = unsafe
- return qc
-}
-
-func (qc *queryCompiler) RewrittenVars() map[Var]Var {
- return qc.rewritten
-}
-
-func (qc *queryCompiler) ComprehensionIndex(term *Term) *ComprehensionIndex {
- if result, ok := qc.comprehensionIndices[term]; ok {
- return result
- } else if result, ok := qc.compiler.comprehensionIndices[term]; ok {
- return result
- }
- return nil
-}
-
-func (qc *queryCompiler) runStage(metricName string, qctx *QueryContext, query Body, s func(*QueryContext, Body) (Body, error)) (Body, error) {
- if qc.compiler.metrics != nil {
- qc.compiler.metrics.Timer(metricName).Start()
- defer qc.compiler.metrics.Timer(metricName).Stop()
- }
- return s(qctx, query)
-}
-
-func (qc *queryCompiler) runStageAfter(metricName string, query Body, s QueryCompilerStage) (Body, error) {
- if qc.compiler.metrics != nil {
- qc.compiler.metrics.Timer(metricName).Start()
- defer qc.compiler.metrics.Timer(metricName).Stop()
- }
- return s(qc, query)
-}
-
-type queryStage = struct {
- name string
- metricName string
- f func(*QueryContext, Body) (Body, error)
-}
-
-func (qc *queryCompiler) Compile(query Body) (Body, error) {
- if len(query) == 0 {
- return nil, Errors{NewError(CompileErr, nil, "empty query cannot be compiled")}
- }
-
- query = query.Copy()
-
- stages := []queryStage{
- {"CheckKeywordOverrides", "query_compile_stage_check_keyword_overrides", qc.checkKeywordOverrides},
- {"ResolveRefs", "query_compile_stage_resolve_refs", qc.resolveRefs},
- {"RewriteLocalVars", "query_compile_stage_rewrite_local_vars", qc.rewriteLocalVars},
- {"CheckVoidCalls", "query_compile_stage_check_void_calls", qc.checkVoidCalls},
- {"RewritePrintCalls", "query_compile_stage_rewrite_print_calls", qc.rewritePrintCalls},
- {"RewriteExprTerms", "query_compile_stage_rewrite_expr_terms", qc.rewriteExprTerms},
- {"RewriteComprehensionTerms", "query_compile_stage_rewrite_comprehension_terms", qc.rewriteComprehensionTerms},
- {"RewriteWithValues", "query_compile_stage_rewrite_with_values", qc.rewriteWithModifiers},
- {"CheckUndefinedFuncs", "query_compile_stage_check_undefined_funcs", qc.checkUndefinedFuncs},
- {"CheckSafety", "query_compile_stage_check_safety", qc.checkSafety},
- {"RewriteDynamicTerms", "query_compile_stage_rewrite_dynamic_terms", qc.rewriteDynamicTerms},
- {"CheckTypes", "query_compile_stage_check_types", qc.checkTypes},
- {"CheckUnsafeBuiltins", "query_compile_stage_check_unsafe_builtins", qc.checkUnsafeBuiltins},
- {"CheckDeprecatedBuiltins", "query_compile_stage_check_deprecated_builtins", qc.checkDeprecatedBuiltins},
- }
- if qc.compiler.evalMode == EvalModeTopdown {
- stages = append(stages, queryStage{"BuildComprehensionIndex", "query_compile_stage_build_comprehension_index", qc.buildComprehensionIndices})
- }
-
- qctx := qc.qctx.Copy()
-
- for _, s := range stages {
- var err error
- query, err = qc.runStage(s.metricName, qctx, query, s.f)
- if err != nil {
- return nil, qc.applyErrorLimit(err)
- }
- for _, s := range qc.after[s.name] {
- query, err = qc.runStageAfter(s.MetricName, query, s.Stage)
- if err != nil {
- return nil, qc.applyErrorLimit(err)
- }
- }
- }
-
- return query, nil
-}
-
-func (qc *queryCompiler) TypeEnv() *TypeEnv {
- return qc.typeEnv
-}
-
-func (qc *queryCompiler) applyErrorLimit(err error) error {
- var errs Errors
- if errors.As(err, &errs) {
- if qc.compiler.maxErrs > 0 && len(errs) > qc.compiler.maxErrs {
- err = append(errs[:qc.compiler.maxErrs], errLimitReached)
- }
- }
- return err
-}
-
-func (qc *queryCompiler) checkKeywordOverrides(_ *QueryContext, body Body) (Body, error) {
- if qc.compiler.strict {
- if errs := checkRootDocumentOverrides(body); len(errs) > 0 {
- return nil, errs
- }
- }
- return body, nil
-}
-
-func (qc *queryCompiler) resolveRefs(qctx *QueryContext, body Body) (Body, error) {
-
- var globals map[Var]*usedRef
-
- if qctx != nil {
- pkg := qctx.Package
- // Query compiler ought to generate a package if one was not provided and one or more imports were provided.
- // The generated package name could even be an empty string to avoid conflicts (it doesn't have to be valid syntactically)
- if pkg == nil && len(qctx.Imports) > 0 {
- pkg = &Package{Path: RefTerm(VarTerm("")).Value.(Ref)}
- }
- if pkg != nil {
- var ruleExports []Ref
- rules := qc.compiler.getExports()
- if exist, ok := rules.Get(pkg.Path); ok {
- ruleExports = exist.([]Ref)
- }
-
- globals = getGlobals(qctx.Package, ruleExports, qctx.Imports)
- qctx.Imports = nil
- }
- }
-
- ignore := &declaredVarStack{declaredVars(body)}
-
- return resolveRefsInBody(globals, ignore, body), nil
-}
-
-func (qc *queryCompiler) rewriteComprehensionTerms(_ *QueryContext, body Body) (Body, error) {
- gen := newLocalVarGenerator("q", body)
- f := newEqualityFactory(gen)
- node, err := rewriteComprehensionTerms(f, body)
- if err != nil {
- return nil, err
- }
- return node.(Body), nil
-}
-
-func (qc *queryCompiler) rewriteDynamicTerms(_ *QueryContext, body Body) (Body, error) {
- gen := newLocalVarGenerator("q", body)
- f := newEqualityFactory(gen)
- return rewriteDynamics(f, body), nil
-}
-
-func (qc *queryCompiler) rewriteExprTerms(_ *QueryContext, body Body) (Body, error) {
- gen := newLocalVarGenerator("q", body)
- return rewriteExprTermsInBody(gen, body), nil
-}
-
-func (qc *queryCompiler) rewriteLocalVars(_ *QueryContext, body Body) (Body, error) {
- gen := newLocalVarGenerator("q", body)
- stack := newLocalDeclaredVars()
- body, _, err := rewriteLocalVars(gen, stack, nil, body, qc.compiler.strict)
- if len(err) != 0 {
- return nil, err
- }
- qc.rewritten = make(map[Var]Var, len(stack.rewritten))
- for k, v := range stack.rewritten {
- // The vars returned during the rewrite will include all seen vars,
- // even if they're not declared with an assignment operation. We don't
- // want to include these inside the rewritten set though.
- qc.rewritten[k] = v
- }
- return body, nil
-}
-
-func (qc *queryCompiler) rewritePrintCalls(_ *QueryContext, body Body) (Body, error) {
- if !qc.enablePrintStatements {
- _, cpy := erasePrintCallsInBody(body)
- return cpy, nil
- }
- gen := newLocalVarGenerator("q", body)
- if _, errs := rewritePrintCalls(gen, qc.compiler.GetArity, ReservedVars, body); len(errs) > 0 {
- return nil, errs
- }
- return body, nil
-}
-
-func (qc *queryCompiler) checkVoidCalls(_ *QueryContext, body Body) (Body, error) {
- if errs := checkVoidCalls(qc.compiler.TypeEnv, body); len(errs) > 0 {
- return nil, errs
- }
- return body, nil
-}
-
-func (qc *queryCompiler) checkUndefinedFuncs(_ *QueryContext, body Body) (Body, error) {
- if errs := checkUndefinedFuncs(qc.compiler.TypeEnv, body, qc.compiler.GetArity, qc.rewritten); len(errs) > 0 {
- return nil, errs
- }
- return body, nil
-}
-
-func (qc *queryCompiler) checkSafety(_ *QueryContext, body Body) (Body, error) {
- safe := ReservedVars.Copy()
- reordered, unsafe := reorderBodyForSafety(qc.compiler.builtins, qc.compiler.GetArity, safe, body)
- if errs := safetyErrorSlice(unsafe, qc.RewrittenVars()); len(errs) > 0 {
- return nil, errs
- }
- return reordered, nil
-}
-
-func (qc *queryCompiler) checkTypes(_ *QueryContext, body Body) (Body, error) {
- var errs Errors
- checker := newTypeChecker().
- WithSchemaSet(qc.compiler.schemaSet).
- WithInputType(qc.compiler.inputType).
- WithVarRewriter(rewriteVarsInRef(qc.rewritten, qc.compiler.RewrittenVars))
- qc.typeEnv, errs = checker.CheckBody(qc.compiler.TypeEnv, body)
- if len(errs) > 0 {
- return nil, errs
- }
-
- return body, nil
-}
-
-func (qc *queryCompiler) checkUnsafeBuiltins(_ *QueryContext, body Body) (Body, error) {
- errs := checkUnsafeBuiltins(qc.unsafeBuiltinsMap(), body)
- if len(errs) > 0 {
- return nil, errs
- }
- return body, nil
-}
-
-func (qc *queryCompiler) unsafeBuiltinsMap() map[string]struct{} {
- if qc.unsafeBuiltins != nil {
- return qc.unsafeBuiltins
- }
- return qc.compiler.unsafeBuiltinsMap
-}
-
-func (qc *queryCompiler) checkDeprecatedBuiltins(_ *QueryContext, body Body) (Body, error) {
- if qc.compiler.strict {
- errs := checkDeprecatedBuiltins(qc.compiler.deprecatedBuiltinsMap, body)
- if len(errs) > 0 {
- return nil, errs
- }
- }
- return body, nil
-}
-
-func (qc *queryCompiler) rewriteWithModifiers(_ *QueryContext, body Body) (Body, error) {
- f := newEqualityFactory(newLocalVarGenerator("q", body))
- body, err := rewriteWithModifiersInBody(qc.compiler, qc.unsafeBuiltinsMap(), f, body)
- if err != nil {
- return nil, Errors{err}
- }
- return body, nil
-}
-
-func (qc *queryCompiler) buildComprehensionIndices(_ *QueryContext, body Body) (Body, error) {
- // NOTE(tsandall): The query compiler does not have a metrics object so we
- // cannot record index metrics currently.
- _ = buildComprehensionIndices(qc.compiler.debug, qc.compiler.GetArity, ReservedVars, qc.RewrittenVars(), body, qc.comprehensionIndices)
- return body, nil
-}
-
-// ComprehensionIndex specifies how the comprehension term can be indexed. The keys
-// tell the evaluator what variables to use for indexing. In the future, the index
-// could be expanded with more information that would allow the evaluator to index
-// a larger fragment of comprehensions (e.g., by closing over variables in the outer
-// query.)
-type ComprehensionIndex struct {
- Term *Term
- Keys []*Term
-}
-
-func (ci *ComprehensionIndex) String() string {
- if ci == nil {
- return ""
- }
- return fmt.Sprintf("", NewArray(ci.Keys...))
-}
-
-func buildComprehensionIndices(dbg debug.Debug, arity func(Ref) int, candidates VarSet, rwVars map[Var]Var, node interface{}, result map[*Term]*ComprehensionIndex) uint64 {
- var n uint64
- cpy := candidates.Copy()
- WalkBodies(node, func(b Body) bool {
- for _, expr := range b {
- index := getComprehensionIndex(dbg, arity, cpy, rwVars, expr)
- if index != nil {
- result[index.Term] = index
- n++
- }
- // Any variables appearing in the expressions leading up to the comprehension
- // are fair-game to be used as index keys.
- cpy.Update(expr.Vars(VarVisitorParams{SkipClosures: true, SkipRefCallHead: true}))
- }
- return false
- })
- return n
-}
-
-func getComprehensionIndex(dbg debug.Debug, arity func(Ref) int, candidates VarSet, rwVars map[Var]Var, expr *Expr) *ComprehensionIndex {
-
- // Ignore everything except = expressions. Extract
- // the comprehension term from the expression.
- if !expr.IsEquality() || expr.Negated || len(expr.With) > 0 {
- // No debug message, these are assumed to be known hinderances
- // to comprehension indexing.
- return nil
- }
-
- var term *Term
-
- lhs, rhs := expr.Operand(0), expr.Operand(1)
-
- if _, ok := lhs.Value.(Var); ok && IsComprehension(rhs.Value) {
- term = rhs
- } else if _, ok := rhs.Value.(Var); ok && IsComprehension(lhs.Value) {
- term = lhs
- }
-
- if term == nil {
- // no debug for this, it's the ordinary "nothing to do here" case
- return nil
- }
-
- // Ignore comprehensions that contain expressions that close over variables
- // in the outer body if those variables are not also output variables in the
- // comprehension body. In other words, ignore comprehensions that we cannot
- // safely evaluate without bindings from the outer body. For example:
- //
- // x = [1]
- // [true | data.y[z] = x] # safe to evaluate w/o outer body
- // [true | data.y[z] = x[0]] # NOT safe to evaluate because 'x' would be unsafe.
- //
- // By identifying output variables in the body we also know what to index on by
- // intersecting with candidate variables from the outer query.
- //
- // For example:
- //
- // x = data.foo[_]
- // _ = [y | data.bar[y] = x] # index on 'x'
- //
- // This query goes from O(data.foo*data.bar) to O(data.foo+data.bar).
- var body Body
-
- switch x := term.Value.(type) {
- case *ArrayComprehension:
- body = x.Body
- case *SetComprehension:
- body = x.Body
- case *ObjectComprehension:
- body = x.Body
- }
-
- outputs := outputVarsForBody(body, arity, ReservedVars)
- unsafe := body.Vars(SafetyCheckVisitorParams).Diff(outputs).Diff(ReservedVars)
-
- if len(unsafe) > 0 {
- dbg.Printf("%s: comprehension index: unsafe vars: %v", expr.Location, unsafe)
- return nil
- }
-
- // Similarly, ignore comprehensions that contain references with output variables
- // that intersect with the candidates. Indexing these comprehensions could worsen
- // performance.
- regressionVis := newComprehensionIndexRegressionCheckVisitor(candidates)
- regressionVis.Walk(body)
- if regressionVis.worse {
- dbg.Printf("%s: comprehension index: output vars intersect candidates", expr.Location)
- return nil
- }
-
- // Check if any nested comprehensions close over candidates. If any intersection is found
- // the comprehension cannot be cached because it would require closing over the candidates
- // which the evaluator does not support today.
- nestedVis := newComprehensionIndexNestedCandidateVisitor(candidates)
- nestedVis.Walk(body)
- if nestedVis.found {
- dbg.Printf("%s: comprehension index: nested comprehensions close over candidates", expr.Location)
- return nil
- }
-
- // Make a sorted set of variable names that will serve as the index key set.
- // Sort to ensure deterministic indexing. In future this could be relaxed
- // if we can decide that one ordering is better than another. If the set is
- // empty, there is no indexing to do.
- indexVars := candidates.Intersect(outputs)
- if len(indexVars) == 0 {
- dbg.Printf("%s: comprehension index: no index vars", expr.Location)
- return nil
- }
-
- result := make([]*Term, 0, len(indexVars))
-
- for v := range indexVars {
- result = append(result, NewTerm(v))
- }
-
- sort.Slice(result, func(i, j int) bool {
- return result[i].Value.Compare(result[j].Value) < 0
- })
-
- debugRes := make([]*Term, len(result))
- for i, r := range result {
- if o, ok := rwVars[r.Value.(Var)]; ok {
- debugRes[i] = NewTerm(o)
- } else {
- debugRes[i] = r
- }
- }
- dbg.Printf("%s: comprehension index: built with keys: %v", expr.Location, debugRes)
- return &ComprehensionIndex{Term: term, Keys: result}
-}
-
-type comprehensionIndexRegressionCheckVisitor struct {
- candidates VarSet
- seen VarSet
- worse bool
-}
-
-// TODO(tsandall): Improve this so that users can either supply this list explicitly
-// or the information is maintained on the built-in function declaration. What we really
-// need to know is whether the built-in function allows callers to push down output
-// values or not. It's unlikely that anything outside of OPA does this today so this
-// solution is fine for now.
-var comprehensionIndexBlacklist = map[string]int{
- WalkBuiltin.Name: len(WalkBuiltin.Decl.FuncArgs().Args),
-}
-
-func newComprehensionIndexRegressionCheckVisitor(candidates VarSet) *comprehensionIndexRegressionCheckVisitor {
- return &comprehensionIndexRegressionCheckVisitor{
- candidates: candidates,
- seen: NewVarSet(),
- }
-}
-
-func (vis *comprehensionIndexRegressionCheckVisitor) Walk(x interface{}) {
- NewGenericVisitor(vis.visit).Walk(x)
-}
-
-func (vis *comprehensionIndexRegressionCheckVisitor) visit(x interface{}) bool {
- if !vis.worse {
- switch x := x.(type) {
- case *Expr:
- operands := x.Operands()
- if pos := comprehensionIndexBlacklist[x.Operator().String()]; pos > 0 && pos < len(operands) {
- vis.assertEmptyIntersection(operands[pos].Vars())
- }
- case Ref:
- vis.assertEmptyIntersection(x.OutputVars())
- case Var:
- vis.seen.Add(x)
- // Always skip comprehensions. We do not have to visit their bodies here.
- case *ArrayComprehension, *SetComprehension, *ObjectComprehension:
- return true
- }
- }
- return vis.worse
-}
-
-func (vis *comprehensionIndexRegressionCheckVisitor) assertEmptyIntersection(vs VarSet) {
- for v := range vs {
- if vis.candidates.Contains(v) && !vis.seen.Contains(v) {
- vis.worse = true
- return
- }
- }
-}
-
-type comprehensionIndexNestedCandidateVisitor struct {
- candidates VarSet
- found bool
-}
-
-func newComprehensionIndexNestedCandidateVisitor(candidates VarSet) *comprehensionIndexNestedCandidateVisitor {
- return &comprehensionIndexNestedCandidateVisitor{
- candidates: candidates,
- }
-}
-
-func (vis *comprehensionIndexNestedCandidateVisitor) Walk(x interface{}) {
- NewGenericVisitor(vis.visit).Walk(x)
-}
-
-func (vis *comprehensionIndexNestedCandidateVisitor) visit(x interface{}) bool {
-
- if vis.found {
- return true
- }
-
- if v, ok := x.(Value); ok && IsComprehension(v) {
- varVis := NewVarVisitor().WithParams(VarVisitorParams{SkipRefHead: true})
- varVis.Walk(v)
- vis.found = len(varVis.Vars().Intersect(vis.candidates)) > 0
- return true
- }
-
- return false
-}
-
-// ModuleTreeNode represents a node in the module tree. The module
-// tree is keyed by the package path.
-type ModuleTreeNode struct {
- Key Value
- Modules []*Module
- Children map[Value]*ModuleTreeNode
- Hide bool
-}
-
-func (n *ModuleTreeNode) String() string {
- var rules []string
- for _, m := range n.Modules {
- for _, r := range m.Rules {
- rules = append(rules, r.Head.String())
- }
- }
- return fmt.Sprintf("", n.Key, n.Children, rules, n.Hide)
-}
-
-// NewModuleTree returns a new ModuleTreeNode that represents the root
-// of the module tree populated with the given modules.
-func NewModuleTree(mods map[string]*Module) *ModuleTreeNode {
- root := &ModuleTreeNode{
- Children: map[Value]*ModuleTreeNode{},
- }
- names := make([]string, 0, len(mods))
- for name := range mods {
- names = append(names, name)
- }
- sort.Strings(names)
- for _, name := range names {
- m := mods[name]
- node := root
- for i, x := range m.Package.Path {
- c, ok := node.Children[x.Value]
- if !ok {
- var hide bool
- if i == 1 && x.Value.Compare(SystemDocumentKey) == 0 {
- hide = true
- }
- c = &ModuleTreeNode{
- Key: x.Value,
- Children: map[Value]*ModuleTreeNode{},
- Hide: hide,
- }
- node.Children[x.Value] = c
- }
- node = c
- }
- node.Modules = append(node.Modules, m)
- }
- return root
-}
-
-// Size returns the number of modules in the tree.
-func (n *ModuleTreeNode) Size() int {
- s := len(n.Modules)
- for _, c := range n.Children {
- s += c.Size()
- }
- return s
-}
-
-// Child returns n's child with key k.
-func (n *ModuleTreeNode) child(k Value) *ModuleTreeNode {
- switch k.(type) {
- case String, Var:
- return n.Children[k]
- }
- return nil
-}
-
-// Find dereferences ref along the tree. ref[0] is converted to a String
-// for convenience.
-func (n *ModuleTreeNode) find(ref Ref) (*ModuleTreeNode, Ref) {
- if v, ok := ref[0].Value.(Var); ok {
- ref = Ref{StringTerm(string(v))}.Concat(ref[1:])
- }
- node := n
- for i, r := range ref {
- next := node.child(r.Value)
- if next == nil {
- tail := make(Ref, len(ref)-i)
- tail[0] = VarTerm(string(ref[i].Value.(String)))
- copy(tail[1:], ref[i+1:])
- return node, tail
- }
- node = next
- }
- return node, nil
-}
-
-// DepthFirst performs a depth-first traversal of the module tree rooted at n.
-// If f returns true, traversal will not continue to the children of n.
-func (n *ModuleTreeNode) DepthFirst(f func(*ModuleTreeNode) bool) {
- if f(n) {
- return
- }
- for _, node := range n.Children {
- node.DepthFirst(f)
- }
-}
-
-// TreeNode represents a node in the rule tree. The rule tree is keyed by
-// rule path.
-type TreeNode struct {
- Key Value
- Values []util.T
- Children map[Value]*TreeNode
- Sorted []Value
- Hide bool
-}
-
-func (n *TreeNode) String() string {
- return fmt.Sprintf("", n.Key, n.Values, n.Sorted, n.Hide)
-}
-
-// NewRuleTree returns a new TreeNode that represents the root
-// of the rule tree populated with the given rules.
-func NewRuleTree(mtree *ModuleTreeNode) *TreeNode {
- root := TreeNode{
- Key: mtree.Key,
- }
-
- mtree.DepthFirst(func(m *ModuleTreeNode) bool {
- for _, mod := range m.Modules {
- if len(mod.Rules) == 0 {
- root.add(mod.Package.Path, nil)
- }
- for _, rule := range mod.Rules {
- root.add(rule.Ref().GroundPrefix(), rule)
- }
- }
- return false
- })
-
- // ensure that data.system's TreeNode is hidden
- node, tail := root.find(DefaultRootRef.Append(NewTerm(SystemDocumentKey)))
- if len(tail) == 0 { // found
- node.Hide = true
- }
-
- root.DepthFirst(func(x *TreeNode) bool {
- x.sort()
- return false
- })
-
- return &root
-}
-
-func (n *TreeNode) add(path Ref, rule *Rule) {
- node, tail := n.find(path)
- if len(tail) > 0 {
- sub := treeNodeFromRef(tail, rule)
- if node.Children == nil {
- node.Children = make(map[Value]*TreeNode, 1)
- }
- node.Children[sub.Key] = sub
- node.Sorted = append(node.Sorted, sub.Key)
- } else {
- if rule != nil {
- node.Values = append(node.Values, rule)
- }
- }
-}
-
-// Size returns the number of rules in the tree.
-func (n *TreeNode) Size() int {
- s := len(n.Values)
- for _, c := range n.Children {
- s += c.Size()
- }
- return s
-}
-
-// Child returns n's child with key k.
-func (n *TreeNode) Child(k Value) *TreeNode {
- switch k.(type) {
- case Ref, Call:
- return nil
- default:
- return n.Children[k]
- }
-}
-
-// Find dereferences ref along the tree
-func (n *TreeNode) Find(ref Ref) *TreeNode {
- node := n
- for _, r := range ref {
- node = node.Child(r.Value)
- if node == nil {
- return nil
- }
- }
- return node
-}
-
-// Iteratively dereferences ref along the node's subtree.
-// - If matching fails immediately, the tail will contain the full ref.
-// - Partial matching will result in a tail of non-zero length.
-// - A complete match will result in a 0 length tail.
-func (n *TreeNode) find(ref Ref) (*TreeNode, Ref) {
- node := n
- for i := range ref {
- next := node.Child(ref[i].Value)
- if next == nil {
- tail := make(Ref, len(ref)-i)
- copy(tail, ref[i:])
- return node, tail
- }
- node = next
- }
- return node, nil
-}
-
-// DepthFirst performs a depth-first traversal of the rule tree rooted at n. If
-// f returns true, traversal will not continue to the children of n.
-func (n *TreeNode) DepthFirst(f func(*TreeNode) bool) {
- if f(n) {
- return
- }
- for _, node := range n.Children {
- node.DepthFirst(f)
- }
-}
-
-func (n *TreeNode) sort() {
- sort.Slice(n.Sorted, func(i, j int) bool {
- return n.Sorted[i].Compare(n.Sorted[j]) < 0
- })
-}
-
-func treeNodeFromRef(ref Ref, rule *Rule) *TreeNode {
- depth := len(ref) - 1
- key := ref[depth].Value
- node := &TreeNode{
- Key: key,
- Children: nil,
- }
- if rule != nil {
- node.Values = []util.T{rule}
- }
-
- for i := len(ref) - 2; i >= 0; i-- {
- key := ref[i].Value
- node = &TreeNode{
- Key: key,
- Children: map[Value]*TreeNode{ref[i+1].Value: node},
- Sorted: []Value{ref[i+1].Value},
- }
- }
- return node
-}
-
-// flattenChildren flattens all children's rule refs into a sorted array.
-func (n *TreeNode) flattenChildren() []Ref {
- ret := newRefSet()
- for _, sub := range n.Children { // we only want the children, so don't use n.DepthFirst() right away
- sub.DepthFirst(func(x *TreeNode) bool {
- for _, r := range x.Values {
- rule := r.(*Rule)
- ret.AddPrefix(rule.Ref())
- }
- return false
- })
- }
-
- sort.Slice(ret.s, func(i, j int) bool {
- return ret.s[i].Compare(ret.s[j]) < 0
- })
- return ret.s
-}
-
-// Graph represents the graph of dependencies between rules.
-type Graph struct {
- adj map[util.T]map[util.T]struct{}
- radj map[util.T]map[util.T]struct{}
- nodes map[util.T]struct{}
- sorted []util.T
-}
-
-// NewGraph returns a new Graph based on modules. The list function must return
-// the rules referred to directly by the ref.
-func NewGraph(modules map[string]*Module, list func(Ref) []*Rule) *Graph {
-
- graph := &Graph{
- adj: map[util.T]map[util.T]struct{}{},
- radj: map[util.T]map[util.T]struct{}{},
- nodes: map[util.T]struct{}{},
- sorted: nil,
- }
-
- // Create visitor to walk a rule AST and add edges to the rule graph for
- // each dependency.
- vis := func(a *Rule) *GenericVisitor {
- stop := false
- return NewGenericVisitor(func(x interface{}) bool {
- switch x := x.(type) {
- case Ref:
- for _, b := range list(x) {
- for node := b; node != nil; node = node.Else {
- graph.addDependency(a, node)
- }
- }
- case *Rule:
- if stop {
- // Do not recurse into else clauses (which will be handled
- // by the outer visitor.)
- return true
- }
- stop = true
- }
- return false
- })
- }
-
- // Walk over all rules, add them to graph, and build adjacency lists.
- for _, module := range modules {
- WalkRules(module, func(a *Rule) bool {
- graph.addNode(a)
- vis(a).Walk(a)
- return false
- })
- }
-
- return graph
-}
-
-// Dependencies returns the set of rules that x depends on.
-func (g *Graph) Dependencies(x util.T) map[util.T]struct{} {
- return g.adj[x]
-}
-
-// Dependents returns the set of rules that depend on x.
-func (g *Graph) Dependents(x util.T) map[util.T]struct{} {
- return g.radj[x]
-}
-
-// Sort returns a slice of rules sorted by dependencies. If a cycle is found,
-// ok is set to false.
-func (g *Graph) Sort() (sorted []util.T, ok bool) {
- if g.sorted != nil {
- return g.sorted, true
- }
-
- sorter := &graphSort{
- sorted: make([]util.T, 0, len(g.nodes)),
- deps: g.Dependencies,
- marked: map[util.T]struct{}{},
- temp: map[util.T]struct{}{},
- }
-
- for node := range g.nodes {
- if !sorter.Visit(node) {
- return nil, false
- }
- }
-
- g.sorted = sorter.sorted
- return g.sorted, true
-}
-
-func (g *Graph) addDependency(u util.T, v util.T) {
-
- if _, ok := g.nodes[u]; !ok {
- g.addNode(u)
- }
-
- if _, ok := g.nodes[v]; !ok {
- g.addNode(v)
- }
-
- edges, ok := g.adj[u]
- if !ok {
- edges = map[util.T]struct{}{}
- g.adj[u] = edges
- }
-
- edges[v] = struct{}{}
-
- edges, ok = g.radj[v]
- if !ok {
- edges = map[util.T]struct{}{}
- g.radj[v] = edges
- }
-
- edges[u] = struct{}{}
-}
-
-func (g *Graph) addNode(n util.T) {
- g.nodes[n] = struct{}{}
-}
-
-type graphSort struct {
- sorted []util.T
- deps func(util.T) map[util.T]struct{}
- marked map[util.T]struct{}
- temp map[util.T]struct{}
-}
-
-func (sort *graphSort) Marked(node util.T) bool {
- _, marked := sort.marked[node]
- return marked
-}
-
-func (sort *graphSort) Visit(node util.T) (ok bool) {
- if _, ok := sort.temp[node]; ok {
- return false
- }
- if sort.Marked(node) {
- return true
- }
- sort.temp[node] = struct{}{}
- for other := range sort.deps(node) {
- if !sort.Visit(other) {
- return false
- }
- }
- sort.marked[node] = struct{}{}
- delete(sort.temp, node)
- sort.sorted = append(sort.sorted, node)
- return true
-}
-
-// GraphTraversal is a Traversal that understands the dependency graph
-type GraphTraversal struct {
- graph *Graph
- visited map[util.T]struct{}
-}
-
-// NewGraphTraversal returns a Traversal for the dependency graph
-func NewGraphTraversal(graph *Graph) *GraphTraversal {
- return &GraphTraversal{
- graph: graph,
- visited: map[util.T]struct{}{},
- }
-}
-
-// Edges lists all dependency connections for a given node
-func (g *GraphTraversal) Edges(x util.T) []util.T {
- r := []util.T{}
- for v := range g.graph.Dependencies(x) {
- r = append(r, v)
- }
- return r
-}
-
-// Visited returns whether a node has been visited, setting a node to visited if not
-func (g *GraphTraversal) Visited(u util.T) bool {
- _, ok := g.visited[u]
- g.visited[u] = struct{}{}
- return ok
-}
-
-type unsafePair struct {
- Expr *Expr
- Vars VarSet
-}
-
-type unsafeVarLoc struct {
- Var Var
- Loc *Location
-}
-
-type unsafeVars map[*Expr]VarSet
-
-func (vs unsafeVars) Add(e *Expr, v Var) {
- if u, ok := vs[e]; ok {
- u[v] = struct{}{}
- } else {
- vs[e] = VarSet{v: struct{}{}}
- }
-}
-
-func (vs unsafeVars) Set(e *Expr, s VarSet) {
- vs[e] = s
-}
-
-func (vs unsafeVars) Update(o unsafeVars) {
- for k, v := range o {
- if _, ok := vs[k]; !ok {
- vs[k] = VarSet{}
- }
- vs[k].Update(v)
- }
-}
-
-func (vs unsafeVars) Vars() (result []unsafeVarLoc) {
-
- locs := map[Var]*Location{}
-
- // If var appears in multiple sets then pick first by location.
- for expr, vars := range vs {
- for v := range vars {
- if locs[v].Compare(expr.Location) > 0 {
- locs[v] = expr.Location
- }
- }
- }
-
- for v, loc := range locs {
- result = append(result, unsafeVarLoc{
- Var: v,
- Loc: loc,
- })
- }
-
- sort.Slice(result, func(i, j int) bool {
- return result[i].Loc.Compare(result[j].Loc) < 0
- })
-
- return result
-}
-
-func (vs unsafeVars) Slice() (result []unsafePair) {
- for expr, vs := range vs {
- result = append(result, unsafePair{
- Expr: expr,
- Vars: vs,
- })
- }
- return
-}
-
-// reorderBodyForSafety returns a copy of the body ordered such that
-// left to right evaluation of the body will not encounter unbound variables
-// in input positions or negated expressions.
-//
-// Expressions are added to the re-ordered body as soon as they are considered
-// safe. If multiple expressions become safe in the same pass, they are added
-// in their original order. This results in minimal re-ordering of the body.
-//
-// If the body cannot be reordered to ensure safety, the second return value
-// contains a mapping of expressions to unsafe variables in those expressions.
-func reorderBodyForSafety(builtins map[string]*Builtin, arity func(Ref) int, globals VarSet, body Body) (Body, unsafeVars) {
-
- bodyVars := body.Vars(SafetyCheckVisitorParams)
- reordered := make(Body, 0, len(body))
- safe := VarSet{}
- unsafe := unsafeVars{}
-
- for _, e := range body {
- for v := range e.Vars(SafetyCheckVisitorParams) {
- if globals.Contains(v) {
- safe.Add(v)
- } else {
- unsafe.Add(e, v)
- }
- }
- }
-
- for {
- n := len(reordered)
-
- for _, e := range body {
- if reordered.Contains(e) {
- continue
- }
-
- ovs := outputVarsForExpr(e, arity, safe)
-
- // check closures: is this expression closing over variables that
- // haven't been made safe by what's already included in `reordered`?
- vs := unsafeVarsInClosures(e)
- cv := vs.Intersect(bodyVars).Diff(globals)
- uv := cv.Diff(outputVarsForBody(reordered, arity, safe))
-
- if len(uv) > 0 {
- if uv.Equal(ovs) { // special case "closure-self"
- continue
- }
- unsafe.Set(e, uv)
- }
-
- for v := range unsafe[e] {
- if ovs.Contains(v) || safe.Contains(v) {
- delete(unsafe[e], v)
- }
- }
-
- if len(unsafe[e]) == 0 {
- delete(unsafe, e)
- reordered.Append(e)
- safe.Update(ovs) // this expression's outputs are safe
- }
- }
-
- if len(reordered) == n { // fixed point, could not add any expr of body
- break
- }
- }
-
- // Recursively visit closures and perform the safety checks on them.
- // Update the globals at each expression to include the variables that could
- // be closed over.
- g := globals.Copy()
- for i, e := range reordered {
- if i > 0 {
- g.Update(reordered[i-1].Vars(SafetyCheckVisitorParams))
- }
- xform := &bodySafetyTransformer{
- builtins: builtins,
- arity: arity,
- current: e,
- globals: g,
- unsafe: unsafe,
- }
- NewGenericVisitor(xform.Visit).Walk(e)
- }
-
- return reordered, unsafe
-}
-
-type bodySafetyTransformer struct {
- builtins map[string]*Builtin
- arity func(Ref) int
- current *Expr
- globals VarSet
- unsafe unsafeVars
-}
-
-func (xform *bodySafetyTransformer) Visit(x interface{}) bool {
- switch term := x.(type) {
- case *Term:
- switch x := term.Value.(type) {
- case *object:
- cpy, _ := x.Map(func(k, v *Term) (*Term, *Term, error) {
- kcpy := k.Copy()
- NewGenericVisitor(xform.Visit).Walk(kcpy)
- vcpy := v.Copy()
- NewGenericVisitor(xform.Visit).Walk(vcpy)
- return kcpy, vcpy, nil
- })
- term.Value = cpy
- return true
- case *set:
- cpy, _ := x.Map(func(v *Term) (*Term, error) {
- vcpy := v.Copy()
- NewGenericVisitor(xform.Visit).Walk(vcpy)
- return vcpy, nil
- })
- term.Value = cpy
- return true
- case *ArrayComprehension:
- xform.reorderArrayComprehensionSafety(x)
- return true
- case *ObjectComprehension:
- xform.reorderObjectComprehensionSafety(x)
- return true
- case *SetComprehension:
- xform.reorderSetComprehensionSafety(x)
- return true
- }
- case *Expr:
- if ev, ok := term.Terms.(*Every); ok {
- xform.globals.Update(ev.KeyValueVars())
- ev.Body = xform.reorderComprehensionSafety(NewVarSet(), ev.Body)
- return true
- }
- }
- return false
-}
-
-func (xform *bodySafetyTransformer) reorderComprehensionSafety(tv VarSet, body Body) Body {
- bv := body.Vars(SafetyCheckVisitorParams)
- bv.Update(xform.globals)
- uv := tv.Diff(bv)
- for v := range uv {
- xform.unsafe.Add(xform.current, v)
- }
-
- r, u := reorderBodyForSafety(xform.builtins, xform.arity, xform.globals, body)
- if len(u) == 0 {
- return r
- }
-
- xform.unsafe.Update(u)
- return body
-}
-
-func (xform *bodySafetyTransformer) reorderArrayComprehensionSafety(ac *ArrayComprehension) {
- ac.Body = xform.reorderComprehensionSafety(ac.Term.Vars(), ac.Body)
-}
-
-func (xform *bodySafetyTransformer) reorderObjectComprehensionSafety(oc *ObjectComprehension) {
- tv := oc.Key.Vars()
- tv.Update(oc.Value.Vars())
- oc.Body = xform.reorderComprehensionSafety(tv, oc.Body)
-}
-
-func (xform *bodySafetyTransformer) reorderSetComprehensionSafety(sc *SetComprehension) {
- sc.Body = xform.reorderComprehensionSafety(sc.Term.Vars(), sc.Body)
-}
-
-// unsafeVarsInClosures collects vars that are contained in closures within
-// this expression.
-func unsafeVarsInClosures(e *Expr) VarSet {
- vs := VarSet{}
- WalkClosures(e, func(x interface{}) bool {
- vis := &VarVisitor{vars: vs}
- if ev, ok := x.(*Every); ok {
- vis.Walk(ev.Body)
- return true
- }
- vis.Walk(x)
- return true
- })
- return vs
-}
-
-// OutputVarsFromBody returns all variables which are the "output" for
-// the given body. For safety checks this means that they would be
-// made safe by the body.
-func OutputVarsFromBody(c *Compiler, body Body, safe VarSet) VarSet {
- return outputVarsForBody(body, c.GetArity, safe)
-}
-
-func outputVarsForBody(body Body, arity func(Ref) int, safe VarSet) VarSet {
- o := safe.Copy()
- for _, e := range body {
- o.Update(outputVarsForExpr(e, arity, o))
- }
- return o.Diff(safe)
-}
-
-// OutputVarsFromExpr returns all variables which are the "output" for
-// the given expression. For safety checks this means that they would be
-// made safe by the expr.
-func OutputVarsFromExpr(c *Compiler, expr *Expr, safe VarSet) VarSet {
- return outputVarsForExpr(expr, c.GetArity, safe)
-}
-
-func outputVarsForExpr(expr *Expr, arity func(Ref) int, safe VarSet) VarSet {
-
- // Negated expressions must be safe.
- if expr.Negated {
- return VarSet{}
- }
-
- // With modifier inputs must be safe.
- for _, with := range expr.With {
- vis := NewVarVisitor().WithParams(SafetyCheckVisitorParams)
- vis.Walk(with)
- vars := vis.Vars()
- unsafe := vars.Diff(safe)
- if len(unsafe) > 0 {
- return VarSet{}
- }
- }
-
- switch terms := expr.Terms.(type) {
- case *Term:
- return outputVarsForTerms(expr, safe)
- case []*Term:
- if expr.IsEquality() {
- return outputVarsForExprEq(expr, safe)
- }
-
- operator, ok := terms[0].Value.(Ref)
- if !ok {
- return VarSet{}
- }
-
- ar := arity(operator)
- if ar < 0 {
- return VarSet{}
- }
-
- return outputVarsForExprCall(expr, ar, safe, terms)
- case *Every:
- return outputVarsForTerms(terms.Domain, safe)
- default:
- panic("illegal expression")
- }
-}
-
-func outputVarsForExprEq(expr *Expr, safe VarSet) VarSet {
-
- if !validEqAssignArgCount(expr) {
- return safe
- }
-
- output := outputVarsForTerms(expr, safe)
- output.Update(safe)
- output.Update(Unify(output, expr.Operand(0), expr.Operand(1)))
-
- return output.Diff(safe)
-}
-
-func outputVarsForExprCall(expr *Expr, arity int, safe VarSet, terms []*Term) VarSet {
-
- output := outputVarsForTerms(expr, safe)
-
- numInputTerms := arity + 1
- if numInputTerms >= len(terms) {
- return output
- }
-
- params := VarVisitorParams{
- SkipClosures: true,
- SkipSets: true,
- SkipObjectKeys: true,
- SkipRefHead: true,
- }
- vis := NewVarVisitor().WithParams(params)
- vis.Walk(Args(terms[:numInputTerms]))
- unsafe := vis.Vars().Diff(output).Diff(safe)
-
- if len(unsafe) > 0 {
- return VarSet{}
- }
-
- vis = NewVarVisitor().WithParams(params)
- vis.Walk(Args(terms[numInputTerms:]))
- output.Update(vis.vars)
- return output
-}
-
-func outputVarsForTerms(expr interface{}, safe VarSet) VarSet {
- output := VarSet{}
- WalkTerms(expr, func(x *Term) bool {
- switch r := x.Value.(type) {
- case *SetComprehension, *ArrayComprehension, *ObjectComprehension:
- return true
- case Ref:
- if !isRefSafe(r, safe) {
- return true
- }
- output.Update(r.OutputVars())
- return false
- }
- return false
- })
- return output
-}
-
-type equalityFactory struct {
- gen *localVarGenerator
-}
-
-func newEqualityFactory(gen *localVarGenerator) *equalityFactory {
- return &equalityFactory{gen}
-}
-
-func (f *equalityFactory) Generate(other *Term) *Expr {
- term := NewTerm(f.gen.Generate()).SetLocation(other.Location)
- expr := Equality.Expr(term, other)
- expr.Generated = true
- expr.Location = other.Location
- return expr
-}
-
-type localVarGenerator struct {
- exclude VarSet
- suffix string
- next int
-}
-
-func newLocalVarGeneratorForModuleSet(sorted []string, modules map[string]*Module) *localVarGenerator {
- exclude := NewVarSet()
- vis := &VarVisitor{vars: exclude}
- for _, key := range sorted {
- vis.Walk(modules[key])
- }
- return &localVarGenerator{exclude: exclude, next: 0}
-}
-
-func newLocalVarGenerator(suffix string, node interface{}) *localVarGenerator {
- exclude := NewVarSet()
- vis := &VarVisitor{vars: exclude}
- vis.Walk(node)
- return &localVarGenerator{exclude: exclude, suffix: suffix, next: 0}
-}
-
-func (l *localVarGenerator) Generate() Var {
- for {
- result := Var("__local" + l.suffix + strconv.Itoa(l.next) + "__")
- l.next++
- if !l.exclude.Contains(result) {
- return result
- }
- }
-}
-
-func getGlobals(pkg *Package, rules []Ref, imports []*Import) map[Var]*usedRef {
-
- globals := make(map[Var]*usedRef, len(rules)) // NB: might grow bigger with imports
-
- // Populate globals with exports within the package.
- for _, ref := range rules {
- v := ref[0].Value.(Var)
- globals[v] = &usedRef{ref: pkg.Path.Append(StringTerm(string(v)))}
- }
-
- // Populate globals with imports.
- for _, imp := range imports {
- path := imp.Path.Value.(Ref)
- if FutureRootDocument.Equal(path[0]) || RegoRootDocument.Equal(path[0]) {
- continue // ignore future and rego imports
- }
- globals[imp.Name()] = &usedRef{ref: path}
- }
-
- return globals
-}
-
-func requiresEval(x *Term) bool {
- if x == nil {
- return false
- }
- return ContainsRefs(x) || ContainsComprehensions(x)
-}
-
-func resolveRef(globals map[Var]*usedRef, ignore *declaredVarStack, ref Ref) Ref {
-
- r := Ref{}
- for i, x := range ref {
- switch v := x.Value.(type) {
- case Var:
- if g, ok := globals[v]; ok && !ignore.Contains(v) {
- cpy := g.ref.Copy()
- for i := range cpy {
- cpy[i].SetLocation(x.Location)
- }
- if i == 0 {
- r = cpy
- } else {
- r = append(r, NewTerm(cpy).SetLocation(x.Location))
- }
- g.used = true
- } else {
- r = append(r, x)
- }
- case Ref, *Array, Object, Set, *ArrayComprehension, *SetComprehension, *ObjectComprehension, Call:
- r = append(r, resolveRefsInTerm(globals, ignore, x))
- default:
- r = append(r, x)
- }
- }
-
- return r
-}
-
-type usedRef struct {
- ref Ref
- used bool
-}
-
-func resolveRefsInRule(globals map[Var]*usedRef, rule *Rule) error {
- ignore := &declaredVarStack{}
-
- vars := NewVarSet()
- var vis *GenericVisitor
- var err error
-
- // Walk args to collect vars and transform body so that callers can shadow
- // root documents.
- vis = NewGenericVisitor(func(x interface{}) bool {
- if err != nil {
- return true
- }
- switch x := x.(type) {
- case Var:
- vars.Add(x)
-
- // Object keys cannot be pattern matched so only walk values.
- case *object:
- x.Foreach(func(_, v *Term) {
- vis.Walk(v)
- })
-
- // Skip terms that could contain vars that cannot be pattern matched.
- case Set, *ArrayComprehension, *SetComprehension, *ObjectComprehension, Call:
- return true
-
- case *Term:
- if _, ok := x.Value.(Ref); ok {
- if RootDocumentRefs.Contains(x) {
- // We could support args named input, data, etc. however
- // this would require rewriting terms in the head and body.
- // Preventing root document shadowing is simpler, and
- // arguably, will prevent confusing names from being used.
- // NOTE: this check is also performed as part of strict-mode in
- // checkRootDocumentOverrides.
- err = fmt.Errorf("args must not shadow %v (use a different variable name)", x)
- return true
- }
- }
- }
- return false
- })
-
- vis.Walk(rule.Head.Args)
-
- if err != nil {
- return err
- }
-
- ignore.Push(vars)
- ignore.Push(declaredVars(rule.Body))
-
- ref := rule.Head.Ref()
- for i := 1; i < len(ref); i++ {
- ref[i] = resolveRefsInTerm(globals, ignore, ref[i])
- }
- if rule.Head.Key != nil {
- rule.Head.Key = resolveRefsInTerm(globals, ignore, rule.Head.Key)
- }
-
- if rule.Head.Value != nil {
- rule.Head.Value = resolveRefsInTerm(globals, ignore, rule.Head.Value)
- }
-
- rule.Body = resolveRefsInBody(globals, ignore, rule.Body)
- return nil
-}
-
-func resolveRefsInBody(globals map[Var]*usedRef, ignore *declaredVarStack, body Body) Body {
- r := make([]*Expr, 0, len(body))
- for _, expr := range body {
- r = append(r, resolveRefsInExpr(globals, ignore, expr))
- }
- return r
-}
-
-func resolveRefsInExpr(globals map[Var]*usedRef, ignore *declaredVarStack, expr *Expr) *Expr {
- cpy := *expr
- switch ts := expr.Terms.(type) {
- case *Term:
- cpy.Terms = resolveRefsInTerm(globals, ignore, ts)
- case []*Term:
- buf := make([]*Term, len(ts))
- for i := 0; i < len(ts); i++ {
- buf[i] = resolveRefsInTerm(globals, ignore, ts[i])
- }
- cpy.Terms = buf
- case *SomeDecl:
- if val, ok := ts.Symbols[0].Value.(Call); ok {
- cpy.Terms = &SomeDecl{Symbols: []*Term{CallTerm(resolveRefsInTermSlice(globals, ignore, val)...)}}
- }
- case *Every:
- locals := NewVarSet()
- if ts.Key != nil {
- locals.Update(ts.Key.Vars())
- }
- locals.Update(ts.Value.Vars())
- ignore.Push(locals)
- cpy.Terms = &Every{
- Key: ts.Key.Copy(), // TODO(sr): do more?
- Value: ts.Value.Copy(), // TODO(sr): do more?
- Domain: resolveRefsInTerm(globals, ignore, ts.Domain),
- Body: resolveRefsInBody(globals, ignore, ts.Body),
- }
- ignore.Pop()
- }
- for _, w := range cpy.With {
- w.Target = resolveRefsInTerm(globals, ignore, w.Target)
- w.Value = resolveRefsInTerm(globals, ignore, w.Value)
- }
- return &cpy
-}
-
-func resolveRefsInTerm(globals map[Var]*usedRef, ignore *declaredVarStack, term *Term) *Term {
- switch v := term.Value.(type) {
- case Var:
- if g, ok := globals[v]; ok && !ignore.Contains(v) {
- cpy := g.ref.Copy()
- for i := range cpy {
- cpy[i].SetLocation(term.Location)
- }
- g.used = true
- return NewTerm(cpy).SetLocation(term.Location)
- }
- return term
- case Ref:
- fqn := resolveRef(globals, ignore, v)
- cpy := *term
- cpy.Value = fqn
- return &cpy
- case *object:
- cpy := *term
- cpy.Value, _ = v.Map(func(k, v *Term) (*Term, *Term, error) {
- k = resolveRefsInTerm(globals, ignore, k)
- v = resolveRefsInTerm(globals, ignore, v)
- return k, v, nil
- })
- return &cpy
- case *Array:
- cpy := *term
- cpy.Value = NewArray(resolveRefsInTermArray(globals, ignore, v)...)
- return &cpy
- case Call:
- cpy := *term
- cpy.Value = Call(resolveRefsInTermSlice(globals, ignore, v))
- return &cpy
- case Set:
- s, _ := v.Map(func(e *Term) (*Term, error) {
- return resolveRefsInTerm(globals, ignore, e), nil
- })
- cpy := *term
- cpy.Value = s
- return &cpy
- case *ArrayComprehension:
- ac := &ArrayComprehension{}
- ignore.Push(declaredVars(v.Body))
- ac.Term = resolveRefsInTerm(globals, ignore, v.Term)
- ac.Body = resolveRefsInBody(globals, ignore, v.Body)
- cpy := *term
- cpy.Value = ac
- ignore.Pop()
- return &cpy
- case *ObjectComprehension:
- oc := &ObjectComprehension{}
- ignore.Push(declaredVars(v.Body))
- oc.Key = resolveRefsInTerm(globals, ignore, v.Key)
- oc.Value = resolveRefsInTerm(globals, ignore, v.Value)
- oc.Body = resolveRefsInBody(globals, ignore, v.Body)
- cpy := *term
- cpy.Value = oc
- ignore.Pop()
- return &cpy
- case *SetComprehension:
- sc := &SetComprehension{}
- ignore.Push(declaredVars(v.Body))
- sc.Term = resolveRefsInTerm(globals, ignore, v.Term)
- sc.Body = resolveRefsInBody(globals, ignore, v.Body)
- cpy := *term
- cpy.Value = sc
- ignore.Pop()
- return &cpy
- default:
- return term
- }
-}
-
-func resolveRefsInTermArray(globals map[Var]*usedRef, ignore *declaredVarStack, terms *Array) []*Term {
- cpy := make([]*Term, terms.Len())
- for i := 0; i < terms.Len(); i++ {
- cpy[i] = resolveRefsInTerm(globals, ignore, terms.Elem(i))
- }
- return cpy
-}
-
-func resolveRefsInTermSlice(globals map[Var]*usedRef, ignore *declaredVarStack, terms []*Term) []*Term {
- cpy := make([]*Term, len(terms))
- for i := 0; i < len(terms); i++ {
- cpy[i] = resolveRefsInTerm(globals, ignore, terms[i])
- }
- return cpy
-}
-
-type declaredVarStack []VarSet
-
-func (s declaredVarStack) Contains(v Var) bool {
- for i := len(s) - 1; i >= 0; i-- {
- if _, ok := s[i][v]; ok {
- return ok
- }
- }
- return false
-}
-
-func (s declaredVarStack) Add(v Var) {
- s[len(s)-1].Add(v)
-}
-
-func (s *declaredVarStack) Push(vs VarSet) {
- *s = append(*s, vs)
-}
-
-func (s *declaredVarStack) Pop() {
- curr := *s
- *s = curr[:len(curr)-1]
-}
-
-func declaredVars(x interface{}) VarSet {
- vars := NewVarSet()
- vis := NewGenericVisitor(func(x interface{}) bool {
- switch x := x.(type) {
- case *Expr:
- if x.IsAssignment() && validEqAssignArgCount(x) {
- WalkVars(x.Operand(0), func(v Var) bool {
- vars.Add(v)
- return false
- })
- } else if decl, ok := x.Terms.(*SomeDecl); ok {
- for i := range decl.Symbols {
- switch val := decl.Symbols[i].Value.(type) {
- case Var:
- vars.Add(val)
- case Call:
- args := val[1:]
- if len(args) == 3 { // some x, y in xs
- WalkVars(args[1], func(v Var) bool {
- vars.Add(v)
- return false
- })
- }
- // some x in xs
- WalkVars(args[0], func(v Var) bool {
- vars.Add(v)
- return false
- })
- }
- }
- }
- case *ArrayComprehension, *SetComprehension, *ObjectComprehension:
- return true
- }
- return false
- })
- vis.Walk(x)
- return vars
-}
-
-// rewriteComprehensionTerms will rewrite comprehensions so that the term part
-// is bound to a variable in the body. This allows any type of term to be used
-// in the term part (even if the term requires evaluation.)
-//
-// For instance, given the following comprehension:
-//
-// [x[0] | x = y[_]; y = [1,2,3]]
-//
-// The comprehension would be rewritten as:
-//
-// [__local0__ | x = y[_]; y = [1,2,3]; __local0__ = x[0]]
-func rewriteComprehensionTerms(f *equalityFactory, node interface{}) (interface{}, error) {
- return TransformComprehensions(node, func(x interface{}) (Value, error) {
- switch x := x.(type) {
- case *ArrayComprehension:
- if requiresEval(x.Term) {
- expr := f.Generate(x.Term)
- x.Term = expr.Operand(0)
- x.Body.Append(expr)
- }
- return x, nil
- case *SetComprehension:
- if requiresEval(x.Term) {
- expr := f.Generate(x.Term)
- x.Term = expr.Operand(0)
- x.Body.Append(expr)
- }
- return x, nil
- case *ObjectComprehension:
- if requiresEval(x.Key) {
- expr := f.Generate(x.Key)
- x.Key = expr.Operand(0)
- x.Body.Append(expr)
- }
- if requiresEval(x.Value) {
- expr := f.Generate(x.Value)
- x.Value = expr.Operand(0)
- x.Body.Append(expr)
- }
- return x, nil
- }
- panic("illegal type")
- })
-}
-
-// rewriteEquals will rewrite exprs under x as unification calls instead of ==
-// calls. For example:
-//
-// data.foo == data.bar is rewritten as data.foo = data.bar
-//
-// This stage should only run the safety check (since == is a built-in with no
-// outputs, so the inputs must not be marked as safe.)
-//
-// This stage is not executed by the query compiler by default because when
-// callers specify == instead of = they expect to receive a true/false/undefined
-// result back whereas with = the result is only ever true/undefined. For
-// partial evaluation cases we do want to rewrite == to = to simplify the
-// result.
-func rewriteEquals(x interface{}) (modified bool) {
- doubleEq := Equal.Ref()
- unifyOp := Equality.Ref()
- t := NewGenericTransformer(func(x interface{}) (interface{}, error) {
- if x, ok := x.(*Expr); ok && x.IsCall() {
- operator := x.Operator()
- if operator.Equal(doubleEq) && len(x.Operands()) == 2 {
- modified = true
- x.SetOperator(NewTerm(unifyOp))
- }
- }
- return x, nil
- })
- _, _ = Transform(t, x) // ignore error
- return modified
-}
-
-func rewriteTestEqualities(f *equalityFactory, body Body) Body {
- result := make(Body, 0, len(body))
- for _, expr := range body {
- // We can't rewrite negated expressions; if the extracted term is undefined, evaluation would fail before
- // reaching the negation check.
- if !expr.Negated && !expr.Generated {
- switch {
- case expr.IsEquality():
- terms := expr.Terms.([]*Term)
- result, terms[1] = rewriteDynamicsShallow(expr, f, terms[1], result)
- result, terms[2] = rewriteDynamicsShallow(expr, f, terms[2], result)
- case expr.IsEvery():
- // We rewrite equalities inside of every-bodies as a fail here will be the cause of the test-rule fail.
- // Failures inside other expressions with closures, such as comprehensions, won't cause the test-rule to fail, so we skip those.
- every := expr.Terms.(*Every)
- every.Body = rewriteTestEqualities(f, every.Body)
- }
- }
- result = appendExpr(result, expr)
- }
- return result
-}
-
-func rewriteDynamicsShallow(original *Expr, f *equalityFactory, term *Term, result Body) (Body, *Term) {
- switch term.Value.(type) {
- case Ref, *ArrayComprehension, *SetComprehension, *ObjectComprehension:
- generated := f.Generate(term)
- generated.With = original.With
- result.Append(generated)
- connectGeneratedExprs(original, generated)
- return result, result[len(result)-1].Operand(0)
- }
- return result, term
-}
-
-// rewriteDynamics will rewrite the body so that dynamic terms (i.e., refs and
-// comprehensions) are bound to vars earlier in the query. This translation
-// results in eager evaluation.
-//
-// For instance, given the following query:
-//
-// foo(data.bar) = 1
-//
-// The rewritten version will be:
-//
-// __local0__ = data.bar; foo(__local0__) = 1
-func rewriteDynamics(f *equalityFactory, body Body) Body {
- result := make(Body, 0, len(body))
- for _, expr := range body {
- switch {
- case expr.IsEquality():
- result = rewriteDynamicsEqExpr(f, expr, result)
- case expr.IsCall():
- result = rewriteDynamicsCallExpr(f, expr, result)
- case expr.IsEvery():
- result = rewriteDynamicsEveryExpr(f, expr, result)
- default:
- result = rewriteDynamicsTermExpr(f, expr, result)
- }
- }
- return result
-}
-
-func appendExpr(body Body, expr *Expr) Body {
- body.Append(expr)
- return body
-}
-
-func rewriteDynamicsEqExpr(f *equalityFactory, expr *Expr, result Body) Body {
- if !validEqAssignArgCount(expr) {
- return appendExpr(result, expr)
- }
- terms := expr.Terms.([]*Term)
- result, terms[1] = rewriteDynamicsInTerm(expr, f, terms[1], result)
- result, terms[2] = rewriteDynamicsInTerm(expr, f, terms[2], result)
- return appendExpr(result, expr)
-}
-
-func rewriteDynamicsCallExpr(f *equalityFactory, expr *Expr, result Body) Body {
- terms := expr.Terms.([]*Term)
- for i := 1; i < len(terms); i++ {
- result, terms[i] = rewriteDynamicsOne(expr, f, terms[i], result)
- }
- return appendExpr(result, expr)
-}
-
-func rewriteDynamicsEveryExpr(f *equalityFactory, expr *Expr, result Body) Body {
- ev := expr.Terms.(*Every)
- result, ev.Domain = rewriteDynamicsOne(expr, f, ev.Domain, result)
- ev.Body = rewriteDynamics(f, ev.Body)
- return appendExpr(result, expr)
-}
-
-func rewriteDynamicsTermExpr(f *equalityFactory, expr *Expr, result Body) Body {
- term := expr.Terms.(*Term)
- result, expr.Terms = rewriteDynamicsInTerm(expr, f, term, result)
- return appendExpr(result, expr)
-}
-
-func rewriteDynamicsInTerm(original *Expr, f *equalityFactory, term *Term, result Body) (Body, *Term) {
- switch v := term.Value.(type) {
- case Ref:
- for i := 1; i < len(v); i++ {
- result, v[i] = rewriteDynamicsOne(original, f, v[i], result)
- }
- case *ArrayComprehension:
- v.Body = rewriteDynamics(f, v.Body)
- case *SetComprehension:
- v.Body = rewriteDynamics(f, v.Body)
- case *ObjectComprehension:
- v.Body = rewriteDynamics(f, v.Body)
- default:
- result, term = rewriteDynamicsOne(original, f, term, result)
- }
- return result, term
-}
-
-func rewriteDynamicsOne(original *Expr, f *equalityFactory, term *Term, result Body) (Body, *Term) {
- switch v := term.Value.(type) {
- case Ref:
- for i := 1; i < len(v); i++ {
- result, v[i] = rewriteDynamicsOne(original, f, v[i], result)
- }
- generated := f.Generate(term)
- generated.With = original.With
- result.Append(generated)
- connectGeneratedExprs(original, generated)
- return result, result[len(result)-1].Operand(0)
- case *Array:
- for i := 0; i < v.Len(); i++ {
- var t *Term
- result, t = rewriteDynamicsOne(original, f, v.Elem(i), result)
- v.set(i, t)
- }
- return result, term
- case *object:
- cpy := NewObject()
- v.Foreach(func(key, value *Term) {
- result, key = rewriteDynamicsOne(original, f, key, result)
- result, value = rewriteDynamicsOne(original, f, value, result)
- cpy.Insert(key, value)
- })
- return result, NewTerm(cpy).SetLocation(term.Location)
- case Set:
- cpy := NewSet()
- for _, term := range v.Slice() {
- var rw *Term
- result, rw = rewriteDynamicsOne(original, f, term, result)
- cpy.Add(rw)
- }
- return result, NewTerm(cpy).SetLocation(term.Location)
- case *ArrayComprehension:
- var extra *Expr
- v.Body, extra = rewriteDynamicsComprehensionBody(original, f, v.Body, term)
- result.Append(extra)
- connectGeneratedExprs(original, extra)
- return result, result[len(result)-1].Operand(0)
- case *SetComprehension:
- var extra *Expr
- v.Body, extra = rewriteDynamicsComprehensionBody(original, f, v.Body, term)
- result.Append(extra)
- connectGeneratedExprs(original, extra)
- return result, result[len(result)-1].Operand(0)
- case *ObjectComprehension:
- var extra *Expr
- v.Body, extra = rewriteDynamicsComprehensionBody(original, f, v.Body, term)
- result.Append(extra)
- connectGeneratedExprs(original, extra)
- return result, result[len(result)-1].Operand(0)
- }
- return result, term
-}
-
-func rewriteDynamicsComprehensionBody(original *Expr, f *equalityFactory, body Body, term *Term) (Body, *Expr) {
- body = rewriteDynamics(f, body)
- generated := f.Generate(term)
- generated.With = original.With
- return body, generated
-}
-
-func rewriteExprTermsInHead(gen *localVarGenerator, rule *Rule) {
- for i := range rule.Head.Args {
- support, output := expandExprTerm(gen, rule.Head.Args[i])
- for j := range support {
- rule.Body.Append(support[j])
- }
- rule.Head.Args[i] = output
- }
- if rule.Head.Key != nil {
- support, output := expandExprTerm(gen, rule.Head.Key)
- for i := range support {
- rule.Body.Append(support[i])
- }
- rule.Head.Key = output
- }
- if rule.Head.Value != nil {
- support, output := expandExprTerm(gen, rule.Head.Value)
- for i := range support {
- rule.Body.Append(support[i])
- }
- rule.Head.Value = output
- }
-}
-
-func rewriteExprTermsInBody(gen *localVarGenerator, body Body) Body {
- cpy := make(Body, 0, len(body))
- for i := 0; i < len(body); i++ {
- for _, expr := range expandExpr(gen, body[i]) {
- cpy.Append(expr)
- }
- }
- return cpy
-}
-
-func expandExpr(gen *localVarGenerator, expr *Expr) (result []*Expr) {
- for i := range expr.With {
- extras, value := expandExprTerm(gen, expr.With[i].Value)
- expr.With[i].Value = value
- result = append(result, extras...)
- }
- switch terms := expr.Terms.(type) {
- case *Term:
- extras, term := expandExprTerm(gen, terms)
- if len(expr.With) > 0 {
- for i := range extras {
- extras[i].With = expr.With
- }
- }
- result = append(result, extras...)
- expr.Terms = term
- result = append(result, expr)
- case []*Term:
- for i := 1; i < len(terms); i++ {
- var extras []*Expr
- extras, terms[i] = expandExprTerm(gen, terms[i])
- connectGeneratedExprs(expr, extras...)
- if len(expr.With) > 0 {
- for i := range extras {
- extras[i].With = expr.With
- }
- }
- result = append(result, extras...)
- }
- result = append(result, expr)
- case *Every:
- var extras []*Expr
-
- term := NewTerm(gen.Generate()).SetLocation(terms.Domain.Location)
- eq := Equality.Expr(term, terms.Domain).SetLocation(terms.Domain.Location)
- eq.Generated = true
- eq.With = expr.With
- extras = expandExpr(gen, eq)
- terms.Domain = term
-
- terms.Body = rewriteExprTermsInBody(gen, terms.Body)
- result = append(result, extras...)
- result = append(result, expr)
- }
- return
-}
-
-func connectGeneratedExprs(parent *Expr, children ...*Expr) {
- for _, child := range children {
- child.generatedFrom = parent
- parent.generates = append(parent.generates, child)
- }
-}
-
-func expandExprTerm(gen *localVarGenerator, term *Term) (support []*Expr, output *Term) {
- output = term
- switch v := term.Value.(type) {
- case Call:
- for i := 1; i < len(v); i++ {
- var extras []*Expr
- extras, v[i] = expandExprTerm(gen, v[i])
- support = append(support, extras...)
- }
- output = NewTerm(gen.Generate()).SetLocation(term.Location)
- expr := v.MakeExpr(output).SetLocation(term.Location)
- expr.Generated = true
- support = append(support, expr)
- case Ref:
- support = expandExprRef(gen, v)
- case *Array:
- support = expandExprTermArray(gen, v)
- case *object:
- cpy, _ := v.Map(func(k, v *Term) (*Term, *Term, error) {
- extras1, expandedKey := expandExprTerm(gen, k)
- extras2, expandedValue := expandExprTerm(gen, v)
- support = append(support, extras1...)
- support = append(support, extras2...)
- return expandedKey, expandedValue, nil
- })
- output = NewTerm(cpy).SetLocation(term.Location)
- case Set:
- cpy, _ := v.Map(func(x *Term) (*Term, error) {
- extras, expanded := expandExprTerm(gen, x)
- support = append(support, extras...)
- return expanded, nil
- })
- output = NewTerm(cpy).SetLocation(term.Location)
- case *ArrayComprehension:
- support, term := expandExprTerm(gen, v.Term)
- for i := range support {
- v.Body.Append(support[i])
- }
- v.Term = term
- v.Body = rewriteExprTermsInBody(gen, v.Body)
- case *SetComprehension:
- support, term := expandExprTerm(gen, v.Term)
- for i := range support {
- v.Body.Append(support[i])
- }
- v.Term = term
- v.Body = rewriteExprTermsInBody(gen, v.Body)
- case *ObjectComprehension:
- support, key := expandExprTerm(gen, v.Key)
- for i := range support {
- v.Body.Append(support[i])
- }
- v.Key = key
- support, value := expandExprTerm(gen, v.Value)
- for i := range support {
- v.Body.Append(support[i])
- }
- v.Value = value
- v.Body = rewriteExprTermsInBody(gen, v.Body)
- }
- return
-}
-
-func expandExprRef(gen *localVarGenerator, v []*Term) (support []*Expr) {
- // Start by calling a normal expandExprTerm on all terms.
- support = expandExprTermSlice(gen, v)
-
- // Rewrite references in order to support indirect references. We rewrite
- // e.g.
- //
- // [1, 2, 3][i]
- //
- // to
- //
- // __local_var = [1, 2, 3]
- // __local_var[i]
- //
- // to support these. This only impacts the reference subject, i.e. the
- // first item in the slice.
- var subject = v[0]
- switch subject.Value.(type) {
- case *Array, Object, Set, *ArrayComprehension, *SetComprehension, *ObjectComprehension, Call:
- f := newEqualityFactory(gen)
- assignToLocal := f.Generate(subject)
- support = append(support, assignToLocal)
- v[0] = assignToLocal.Operand(0)
- }
- return
-}
-
-func expandExprTermArray(gen *localVarGenerator, arr *Array) (support []*Expr) {
- for i := 0; i < arr.Len(); i++ {
- extras, v := expandExprTerm(gen, arr.Elem(i))
- arr.set(i, v)
- support = append(support, extras...)
- }
- return
-}
-
-func expandExprTermSlice(gen *localVarGenerator, v []*Term) (support []*Expr) {
- for i := 0; i < len(v); i++ {
- var extras []*Expr
- extras, v[i] = expandExprTerm(gen, v[i])
- support = append(support, extras...)
- }
- return
-}
-
-type localDeclaredVars struct {
- vars []*declaredVarSet
-
- // rewritten contains a mapping of *all* user-defined variables
- // that have been rewritten whereas vars contains the state
- // from the current query (not any nested queries, and all vars
- // seen).
- rewritten map[Var]Var
-
- // indicates if an assignment (:= operator) has been seen *ever*
- assignment bool
-}
-
-type varOccurrence int
-
-const (
- newVar varOccurrence = iota
- argVar
- seenVar
- assignedVar
- declaredVar
-)
-
-type declaredVarSet struct {
- vs map[Var]Var
- reverse map[Var]Var
- occurrence map[Var]varOccurrence
- count map[Var]int
-}
-
-func newDeclaredVarSet() *declaredVarSet {
- return &declaredVarSet{
- vs: map[Var]Var{},
- reverse: map[Var]Var{},
- occurrence: map[Var]varOccurrence{},
- count: map[Var]int{},
- }
-}
-
-func newLocalDeclaredVars() *localDeclaredVars {
- return &localDeclaredVars{
- vars: []*declaredVarSet{newDeclaredVarSet()},
- rewritten: map[Var]Var{},
- }
-}
-
-func (s *localDeclaredVars) Copy() *localDeclaredVars {
- stack := &localDeclaredVars{
- vars: []*declaredVarSet{},
- rewritten: map[Var]Var{},
- }
-
- for i := range s.vars {
- stack.vars = append(stack.vars, newDeclaredVarSet())
- for k, v := range s.vars[i].vs {
- stack.vars[0].vs[k] = v
- }
- for k, v := range s.vars[i].reverse {
- stack.vars[0].reverse[k] = v
- }
- for k, v := range s.vars[i].count {
- stack.vars[0].count[k] = v
- }
- for k, v := range s.vars[i].occurrence {
- stack.vars[0].occurrence[k] = v
- }
- }
-
- for k, v := range s.rewritten {
- stack.rewritten[k] = v
- }
-
- return stack
-}
-
-func (s *localDeclaredVars) Push() {
- s.vars = append(s.vars, newDeclaredVarSet())
-}
-
-func (s *localDeclaredVars) Pop() *declaredVarSet {
- sl := s.vars
- curr := sl[len(sl)-1]
- s.vars = sl[:len(sl)-1]
- return curr
-}
-
-func (s localDeclaredVars) Peek() *declaredVarSet {
- return s.vars[len(s.vars)-1]
-}
-
-func (s localDeclaredVars) Insert(x, y Var, occurrence varOccurrence) {
- elem := s.vars[len(s.vars)-1]
- elem.vs[x] = y
- elem.reverse[y] = x
- elem.occurrence[x] = occurrence
-
- elem.count[x] = 1
-
- // If the variable has been rewritten (where x != y, with y being
- // the generated value), store it in the map of rewritten vars.
- // Assume that the generated values are unique for the compilation.
- if !x.Equal(y) {
- s.rewritten[y] = x
- }
-}
-
-func (s localDeclaredVars) Declared(x Var) (y Var, ok bool) {
- for i := len(s.vars) - 1; i >= 0; i-- {
- if y, ok = s.vars[i].vs[x]; ok {
- return
- }
- }
- return
-}
-
-// Occurrence returns a flag that indicates whether x has occurred in the
-// current scope.
-func (s localDeclaredVars) Occurrence(x Var) varOccurrence {
- return s.vars[len(s.vars)-1].occurrence[x]
-}
-
-// GlobalOccurrence returns a flag that indicates whether x has occurred in the
-// global scope.
-func (s localDeclaredVars) GlobalOccurrence(x Var) (varOccurrence, bool) {
- for i := len(s.vars) - 1; i >= 0; i-- {
- if occ, ok := s.vars[i].occurrence[x]; ok {
- return occ, true
- }
- }
- return newVar, false
-}
-
-// Seen marks x as seen by incrementing its counter
-func (s localDeclaredVars) Seen(x Var) {
- for i := len(s.vars) - 1; i >= 0; i-- {
- dvs := s.vars[i]
- if c, ok := dvs.count[x]; ok {
- dvs.count[x] = c + 1
- return
- }
- }
-
- s.vars[len(s.vars)-1].count[x] = 1
-}
-
-// Count returns how many times x has been seen
-func (s localDeclaredVars) Count(x Var) int {
- for i := len(s.vars) - 1; i >= 0; i-- {
- if c, ok := s.vars[i].count[x]; ok {
- return c
- }
- }
-
- return 0
-}
-
-// rewriteLocalVars rewrites bodies to remove assignment/declaration
-// expressions. For example:
-//
-// a := 1; p[a]
-//
-// Is rewritten to:
-//
-// __local0__ = 1; p[__local0__]
-//
-// During rewriting, assignees are validated to prevent use before declaration.
-func rewriteLocalVars(g *localVarGenerator, stack *localDeclaredVars, used VarSet, body Body, strict bool) (Body, map[Var]Var, Errors) {
- var errs Errors
- body, errs = rewriteDeclaredVarsInBody(g, stack, used, body, errs, strict)
- return body, stack.Peek().vs, errs
-}
-
-func rewriteDeclaredVarsInBody(g *localVarGenerator, stack *localDeclaredVars, used VarSet, body Body, errs Errors, strict bool) (Body, Errors) {
-
- var cpy Body
-
- for i := range body {
- var expr *Expr
- switch {
- case body[i].IsAssignment():
- stack.assignment = true
- expr, errs = rewriteDeclaredAssignment(g, stack, body[i], errs, strict)
- case body[i].IsSome():
- expr, errs = rewriteSomeDeclStatement(g, stack, body[i], errs, strict)
- case body[i].IsEvery():
- expr, errs = rewriteEveryStatement(g, stack, body[i], errs, strict)
- default:
- expr, errs = rewriteDeclaredVarsInExpr(g, stack, body[i], errs, strict)
- }
- if expr != nil {
- cpy.Append(expr)
- }
- }
-
- // If the body only contained a var statement it will be empty at this
- // point. Append true to the body to ensure that it's non-empty (zero length
- // bodies are not supported.)
- if len(cpy) == 0 {
- cpy.Append(NewExpr(BooleanTerm(true)))
- }
-
- errs = checkUnusedAssignedVars(body, stack, used, errs, strict)
- return cpy, checkUnusedDeclaredVars(body, stack, used, cpy, errs)
-}
-
-func checkUnusedAssignedVars(body Body, stack *localDeclaredVars, used VarSet, errs Errors, strict bool) Errors {
-
- if !strict || len(errs) > 0 {
- return errs
- }
-
- dvs := stack.Peek()
- unused := NewVarSet()
-
- for v, occ := range dvs.occurrence {
- // A var that was assigned in this scope must have been seen (used) more than once (the time of assignment) in
- // the same, or nested, scope to be counted as used.
- if !v.IsWildcard() && stack.Count(v) <= 1 && occ == assignedVar {
- unused.Add(dvs.vs[v])
- }
- }
-
- rewrittenUsed := NewVarSet()
- for v := range used {
- if gv, ok := stack.Declared(v); ok {
- rewrittenUsed.Add(gv)
- } else {
- rewrittenUsed.Add(v)
- }
- }
-
- unused = unused.Diff(rewrittenUsed)
-
- for _, gv := range unused.Sorted() {
- found := false
- for i := range body {
- if body[i].Vars(VarVisitorParams{}).Contains(gv) {
- errs = append(errs, NewError(CompileErr, body[i].Loc(), "assigned var %v unused", dvs.reverse[gv]))
- found = true
- break
- }
- }
- if !found {
- errs = append(errs, NewError(CompileErr, body[0].Loc(), "assigned var %v unused", dvs.reverse[gv]))
- }
- }
-
- return errs
-}
-
-func checkUnusedDeclaredVars(body Body, stack *localDeclaredVars, used VarSet, cpy Body, errs Errors) Errors {
-
- // NOTE(tsandall): Do not generate more errors if there are existing
- // declaration errors.
- if len(errs) > 0 {
- return errs
- }
-
- dvs := stack.Peek()
- declared := NewVarSet()
-
- for v, occ := range dvs.occurrence {
- if occ == declaredVar {
- declared.Add(dvs.vs[v])
- }
- }
-
- bodyvars := cpy.Vars(VarVisitorParams{})
-
- for v := range used {
- if gv, ok := stack.Declared(v); ok {
- bodyvars.Add(gv)
- } else {
- bodyvars.Add(v)
- }
- }
-
- unused := declared.Diff(bodyvars).Diff(used)
-
- for _, gv := range unused.Sorted() {
- rv := dvs.reverse[gv]
- if !rv.IsGenerated() {
- // Scan through body exprs, looking for a match between the
- // bad var's original name, and each expr's declared vars.
- foundUnusedVarByName := false
- for i := range body {
- varsDeclaredInExpr := declaredVars(body[i])
- if varsDeclaredInExpr.Contains(dvs.reverse[gv]) {
- // TODO(philipc): Clean up the offset logic here when the parser
- // reports more accurate locations.
- errs = append(errs, NewError(CompileErr, body[i].Loc(), "declared var %v unused", dvs.reverse[gv]))
- foundUnusedVarByName = true
- break
- }
- }
- // Default error location returned.
- if !foundUnusedVarByName {
- errs = append(errs, NewError(CompileErr, body[0].Loc(), "declared var %v unused", dvs.reverse[gv]))
- }
- }
- }
-
- return errs
-}
-
-func rewriteEveryStatement(g *localVarGenerator, stack *localDeclaredVars, expr *Expr, errs Errors, strict bool) (*Expr, Errors) {
- e := expr.Copy()
- every := e.Terms.(*Every)
-
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, every.Domain, errs, strict)
-
- stack.Push()
- defer stack.Pop()
-
- // if the key exists, rewrite
- if every.Key != nil {
- if v := every.Key.Value.(Var); !v.IsWildcard() {
- gv, err := rewriteDeclaredVar(g, stack, v, declaredVar)
- if err != nil {
- return nil, append(errs, NewError(CompileErr, every.Loc(), err.Error()))
- }
- every.Key.Value = gv
- }
- } else { // if the key doesn't exist, add dummy local
- every.Key = NewTerm(g.Generate())
- }
-
- // value is always present
- if v := every.Value.Value.(Var); !v.IsWildcard() {
- gv, err := rewriteDeclaredVar(g, stack, v, declaredVar)
- if err != nil {
- return nil, append(errs, NewError(CompileErr, every.Loc(), err.Error()))
- }
- every.Value.Value = gv
- }
-
- used := NewVarSet()
- every.Body, errs = rewriteDeclaredVarsInBody(g, stack, used, every.Body, errs, strict)
-
- return rewriteDeclaredVarsInExpr(g, stack, e, errs, strict)
-}
-
-func rewriteSomeDeclStatement(g *localVarGenerator, stack *localDeclaredVars, expr *Expr, errs Errors, strict bool) (*Expr, Errors) {
- e := expr.Copy()
- decl := e.Terms.(*SomeDecl)
- for i := range decl.Symbols {
- switch v := decl.Symbols[i].Value.(type) {
- case Var:
- if _, err := rewriteDeclaredVar(g, stack, v, declaredVar); err != nil {
- return nil, append(errs, NewError(CompileErr, decl.Loc(), err.Error()))
- }
- case Call:
- var key, val, container *Term
- switch len(v) {
- case 4: // member3
- key = v[1]
- val = v[2]
- container = v[3]
- case 3: // member
- key = NewTerm(g.Generate())
- val = v[1]
- container = v[2]
- }
-
- var rhs *Term
- switch c := container.Value.(type) {
- case Ref:
- rhs = RefTerm(append(c, key)...)
- default:
- rhs = RefTerm(container, key)
- }
- e.Terms = []*Term{
- RefTerm(VarTerm(Equality.Name)), val, rhs,
- }
-
- for _, v0 := range outputVarsForExprEq(e, container.Vars()).Sorted() {
- if _, err := rewriteDeclaredVar(g, stack, v0, declaredVar); err != nil {
- return nil, append(errs, NewError(CompileErr, decl.Loc(), err.Error()))
- }
- }
- return rewriteDeclaredVarsInExpr(g, stack, e, errs, strict)
- }
- }
- return nil, errs
-}
-
-func rewriteDeclaredVarsInExpr(g *localVarGenerator, stack *localDeclaredVars, expr *Expr, errs Errors, strict bool) (*Expr, Errors) {
- vis := NewGenericVisitor(func(x interface{}) bool {
- var stop bool
- switch x := x.(type) {
- case *Term:
- stop, errs = rewriteDeclaredVarsInTerm(g, stack, x, errs, strict)
- case *With:
- stop, errs = true, rewriteDeclaredVarsInWithRecursive(g, stack, x, errs, strict)
- }
- return stop
- })
- vis.Walk(expr)
- return expr, errs
-}
-
-func rewriteDeclaredAssignment(g *localVarGenerator, stack *localDeclaredVars, expr *Expr, errs Errors, strict bool) (*Expr, Errors) {
-
- if expr.Negated {
- errs = append(errs, NewError(CompileErr, expr.Location, "cannot assign vars inside negated expression"))
- return expr, errs
- }
-
- numErrsBefore := len(errs)
-
- if !validEqAssignArgCount(expr) {
- return expr, errs
- }
-
- // Rewrite terms on right hand side capture seen vars and recursively
- // process comprehensions before left hand side is processed. Also
- // rewrite with modifier.
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, expr.Operand(1), errs, strict)
-
- for _, w := range expr.With {
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, w.Value, errs, strict)
- }
-
- // Rewrite vars on left hand side with unique names. Catch redeclaration
- // and invalid term types here.
- var vis func(t *Term) bool
-
- vis = func(t *Term) bool {
- switch v := t.Value.(type) {
- case Var:
- if gv, err := rewriteDeclaredVar(g, stack, v, assignedVar); err != nil {
- errs = append(errs, NewError(CompileErr, t.Location, err.Error()))
- } else {
- t.Value = gv
- }
- return true
- case *Array:
- return false
- case *object:
- v.Foreach(func(_, v *Term) {
- WalkTerms(v, vis)
- })
- return true
- case Ref:
- if RootDocumentRefs.Contains(t) {
- if gv, err := rewriteDeclaredVar(g, stack, v[0].Value.(Var), assignedVar); err != nil {
- errs = append(errs, NewError(CompileErr, t.Location, err.Error()))
- } else {
- t.Value = gv
- }
- return true
- }
- }
- errs = append(errs, NewError(CompileErr, t.Location, "cannot assign to %v", TypeName(t.Value)))
- return true
- }
-
- WalkTerms(expr.Operand(0), vis)
-
- if len(errs) == numErrsBefore {
- loc := expr.Operator()[0].Location
- expr.SetOperator(RefTerm(VarTerm(Equality.Name).SetLocation(loc)).SetLocation(loc))
- }
-
- return expr, errs
-}
-
-func rewriteDeclaredVarsInTerm(g *localVarGenerator, stack *localDeclaredVars, term *Term, errs Errors, strict bool) (bool, Errors) {
- switch v := term.Value.(type) {
- case Var:
- if gv, ok := stack.Declared(v); ok {
- term.Value = gv
- stack.Seen(v)
- } else if stack.Occurrence(v) == newVar {
- stack.Insert(v, v, seenVar)
- }
- case Ref:
- if RootDocumentRefs.Contains(term) {
- x := v[0].Value.(Var)
- if occ, ok := stack.GlobalOccurrence(x); ok && occ != seenVar {
- gv, _ := stack.Declared(x)
- term.Value = gv
- }
-
- return true, errs
- }
- return false, errs
- case Call:
- ref := v[0]
- WalkVars(ref, func(v Var) bool {
- if gv, ok := stack.Declared(v); ok && !gv.Equal(v) {
- // We will rewrite the ref of a function call, which is never ok since we don't have first-class functions.
- errs = append(errs, NewError(CompileErr, term.Location, "called function %s shadowed", ref))
- return true
- }
- return false
- })
- return false, errs
- case *object:
- cpy, _ := v.Map(func(k, v *Term) (*Term, *Term, error) {
- kcpy := k.Copy()
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, kcpy, errs, strict)
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, v, errs, strict)
- return kcpy, v, nil
- })
- term.Value = cpy
- case Set:
- cpy, _ := v.Map(func(elem *Term) (*Term, error) {
- elemcpy := elem.Copy()
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, elemcpy, errs, strict)
- return elemcpy, nil
- })
- term.Value = cpy
- case *ArrayComprehension:
- errs = rewriteDeclaredVarsInArrayComprehension(g, stack, v, errs, strict)
- case *SetComprehension:
- errs = rewriteDeclaredVarsInSetComprehension(g, stack, v, errs, strict)
- case *ObjectComprehension:
- errs = rewriteDeclaredVarsInObjectComprehension(g, stack, v, errs, strict)
- default:
- return false, errs
- }
- return true, errs
-}
-
-func rewriteDeclaredVarsInTermRecursive(g *localVarGenerator, stack *localDeclaredVars, term *Term, errs Errors, strict bool) Errors {
- WalkTerms(term, func(t *Term) bool {
- var stop bool
- stop, errs = rewriteDeclaredVarsInTerm(g, stack, t, errs, strict)
- return stop
- })
- return errs
-}
-
-func rewriteDeclaredVarsInWithRecursive(g *localVarGenerator, stack *localDeclaredVars, w *With, errs Errors, strict bool) Errors {
- // NOTE(sr): `with input as` and `with input.a.b.c as` are deliberately skipped here: `input` could
- // have been shadowed by a local variable/argument but should NOT be replaced in the `with` target.
- //
- // We cannot drop `input` from the stack since it's conceivable to do `with input[input] as` where
- // the second input is meant to be the local var. It's a terrible idea, but when you're shadowing
- // `input` those might be your thing.
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, w.Target, errs, strict)
- if sdwInput, ok := stack.Declared(InputRootDocument.Value.(Var)); ok { // Was "input" shadowed...
- switch value := w.Target.Value.(type) {
- case Var:
- if sdwInput.Equal(value) { // ...and replaced? If so, fix it
- w.Target.Value = InputRootRef
- }
- case Ref:
- if sdwInput.Equal(value[0].Value.(Var)) {
- w.Target.Value.(Ref)[0].Value = InputRootDocument.Value
- }
- }
- }
- // No special handling of the `with` value
- return rewriteDeclaredVarsInTermRecursive(g, stack, w.Value, errs, strict)
-}
-
-func rewriteDeclaredVarsInArrayComprehension(g *localVarGenerator, stack *localDeclaredVars, v *ArrayComprehension, errs Errors, strict bool) Errors {
- used := NewVarSet()
- used.Update(v.Term.Vars())
-
- stack.Push()
- v.Body, errs = rewriteDeclaredVarsInBody(g, stack, used, v.Body, errs, strict)
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, v.Term, errs, strict)
- stack.Pop()
- return errs
-}
-
-func rewriteDeclaredVarsInSetComprehension(g *localVarGenerator, stack *localDeclaredVars, v *SetComprehension, errs Errors, strict bool) Errors {
- used := NewVarSet()
- used.Update(v.Term.Vars())
-
- stack.Push()
- v.Body, errs = rewriteDeclaredVarsInBody(g, stack, used, v.Body, errs, strict)
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, v.Term, errs, strict)
- stack.Pop()
- return errs
-}
-
-func rewriteDeclaredVarsInObjectComprehension(g *localVarGenerator, stack *localDeclaredVars, v *ObjectComprehension, errs Errors, strict bool) Errors {
- used := NewVarSet()
- used.Update(v.Key.Vars())
- used.Update(v.Value.Vars())
-
- stack.Push()
- v.Body, errs = rewriteDeclaredVarsInBody(g, stack, used, v.Body, errs, strict)
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, v.Key, errs, strict)
- errs = rewriteDeclaredVarsInTermRecursive(g, stack, v.Value, errs, strict)
- stack.Pop()
- return errs
-}
-
-func rewriteDeclaredVar(g *localVarGenerator, stack *localDeclaredVars, v Var, occ varOccurrence) (gv Var, err error) {
- switch stack.Occurrence(v) {
- case seenVar:
- return gv, fmt.Errorf("var %v referenced above", v)
- case assignedVar:
- return gv, fmt.Errorf("var %v assigned above", v)
- case declaredVar:
- return gv, fmt.Errorf("var %v declared above", v)
- case argVar:
- return gv, fmt.Errorf("arg %v redeclared", v)
- }
- gv = g.Generate()
- stack.Insert(v, gv, occ)
- return
-}
-
-// rewriteWithModifiersInBody will rewrite the body so that with modifiers do
-// not contain terms that require evaluation as values. If this function
-// encounters an invalid with modifier target then it will raise an error.
-func rewriteWithModifiersInBody(c *Compiler, unsafeBuiltinsMap map[string]struct{}, f *equalityFactory, body Body) (Body, *Error) {
- var result Body
- for i := range body {
- exprs, err := rewriteWithModifier(c, unsafeBuiltinsMap, f, body[i])
- if err != nil {
- return nil, err
- }
- if len(exprs) > 0 {
- for _, expr := range exprs {
- result.Append(expr)
- }
- } else {
- result.Append(body[i])
- }
- }
- return result, nil
-}
-
-func rewriteWithModifier(c *Compiler, unsafeBuiltinsMap map[string]struct{}, f *equalityFactory, expr *Expr) ([]*Expr, *Error) {
-
- var result []*Expr
- for i := range expr.With {
- eval, err := validateWith(c, unsafeBuiltinsMap, expr, i)
- if err != nil {
- return nil, err
- }
-
- if eval {
- eq := f.Generate(expr.With[i].Value)
- result = append(result, eq)
- expr.With[i].Value = eq.Operand(0)
- }
- }
-
- return append(result, expr), nil
-}
-
-func validateWith(c *Compiler, unsafeBuiltinsMap map[string]struct{}, expr *Expr, i int) (bool, *Error) {
- target, value := expr.With[i].Target, expr.With[i].Value
-
- // Ensure that values that are built-ins are rewritten to Ref (not Var)
- if v, ok := value.Value.(Var); ok {
- if _, ok := c.builtins[v.String()]; ok {
- value.Value = Ref([]*Term{NewTerm(v)})
- }
- }
- isBuiltinRefOrVar, err := isBuiltinRefOrVar(c.builtins, unsafeBuiltinsMap, target)
- if err != nil {
- return false, err
- }
-
- isAllowedUnknownFuncCall := false
- if c.allowUndefinedFuncCalls {
- switch target.Value.(type) {
- case Ref, Var:
- isAllowedUnknownFuncCall = true
- }
- }
-
- switch {
- case isDataRef(target):
- ref := target.Value.(Ref)
- targetNode := c.RuleTree
- for i := 0; i < len(ref)-1; i++ {
- child := targetNode.Child(ref[i].Value)
- if child == nil {
- break
- } else if len(child.Values) > 0 {
- return false, NewError(CompileErr, target.Loc(), "with keyword cannot partially replace virtual document(s)")
- }
- targetNode = child
- }
-
- if targetNode != nil {
- // NOTE(sr): at this point in the compiler stages, we don't have a fully-populated
- // TypeEnv yet -- so we have to make do with this check to see if the replacement
- // target is a function. It's probably wrong for arity-0 functions, but those are
- // and edge case anyways.
- if child := targetNode.Child(ref[len(ref)-1].Value); child != nil {
- for _, v := range child.Values {
- if len(v.(*Rule).Head.Args) > 0 {
- if ok, err := validateWithFunctionValue(c.builtins, unsafeBuiltinsMap, c.RuleTree, value); err != nil || ok {
- return false, err // err may be nil
- }
- }
- }
- }
- }
-
- // If the with-value is a ref to a function, but not a call, we can't rewrite it
- if r, ok := value.Value.(Ref); ok {
- // TODO: check that target ref doesn't exist?
- if valueNode := c.RuleTree.Find(r); valueNode != nil {
- for _, v := range valueNode.Values {
- if len(v.(*Rule).Head.Args) > 0 {
- return false, nil
- }
- }
- }
- }
- case isInputRef(target): // ok, valid
- case isBuiltinRefOrVar:
-
- // NOTE(sr): first we ensure that parsed Var builtins (`count`, `concat`, etc)
- // are rewritten to their proper Ref convention
- if v, ok := target.Value.(Var); ok {
- target.Value = Ref([]*Term{NewTerm(v)})
- }
-
- targetRef := target.Value.(Ref)
- bi := c.builtins[targetRef.String()] // safe because isBuiltinRefOrVar checked this
- if err := validateWithBuiltinTarget(bi, targetRef, target.Loc()); err != nil {
- return false, err
- }
-
- if ok, err := validateWithFunctionValue(c.builtins, unsafeBuiltinsMap, c.RuleTree, value); err != nil || ok {
- return false, err // err may be nil
- }
- case isAllowedUnknownFuncCall:
- // The target isn't a ref to the input doc, data doc, or a known built-in, but it might be a ref to an unknown built-in.
- return false, nil
- default:
- return false, NewError(TypeErr, target.Location, "with keyword target must reference existing %v, %v, or a function", InputRootDocument, DefaultRootDocument)
- }
- return requiresEval(value), nil
-}
-
-func validateWithBuiltinTarget(bi *Builtin, target Ref, loc *location.Location) *Error {
- switch bi.Name {
- case Equality.Name,
- RegoMetadataChain.Name,
- RegoMetadataRule.Name:
- return NewError(CompileErr, loc, "with keyword replacing built-in function: replacement of %q invalid", bi.Name)
- }
-
- switch {
- case target.HasPrefix(Ref([]*Term{VarTerm("internal")})):
- return NewError(CompileErr, loc, "with keyword replacing built-in function: replacement of internal function %q invalid", target)
-
- case bi.Relation:
- return NewError(CompileErr, loc, "with keyword replacing built-in function: target must not be a relation")
-
- case bi.Decl.Result() == nil:
- return NewError(CompileErr, loc, "with keyword replacing built-in function: target must not be a void function")
- }
- return nil
-}
-
-func validateWithFunctionValue(bs map[string]*Builtin, unsafeMap map[string]struct{}, ruleTree *TreeNode, value *Term) (bool, *Error) {
- if v, ok := value.Value.(Ref); ok {
- if ruleTree.Find(v) != nil { // ref exists in rule tree
- return true, nil
- }
- }
- return isBuiltinRefOrVar(bs, unsafeMap, value)
-}
-
-func isInputRef(term *Term) bool {
- if ref, ok := term.Value.(Ref); ok {
- if ref.HasPrefix(InputRootRef) {
- return true
- }
- }
- return false
-}
-
-func isDataRef(term *Term) bool {
- if ref, ok := term.Value.(Ref); ok {
- if ref.HasPrefix(DefaultRootRef) {
- return true
- }
- }
- return false
-}
-
-func isBuiltinRefOrVar(bs map[string]*Builtin, unsafeBuiltinsMap map[string]struct{}, term *Term) (bool, *Error) {
- switch v := term.Value.(type) {
- case Ref, Var:
- if _, ok := unsafeBuiltinsMap[v.String()]; ok {
- return false, NewError(CompileErr, term.Location, "with keyword replacing built-in function: target must not be unsafe: %q", v)
- }
- _, ok := bs[v.String()]
- return ok, nil
- }
- return false, nil
-}
-
-func isVirtual(node *TreeNode, ref Ref) bool {
- for i := range ref {
- child := node.Child(ref[i].Value)
- if child == nil {
- return false
- } else if len(child.Values) > 0 {
- return true
- }
- node = child
- }
- return true
-}
-
-func safetyErrorSlice(unsafe unsafeVars, rewritten map[Var]Var) (result Errors) {
-
- if len(unsafe) == 0 {
- return
- }
-
- for _, pair := range unsafe.Vars() {
- v := pair.Var
- if w, ok := rewritten[v]; ok {
- v = w
- }
- if !v.IsGenerated() {
- if _, ok := futureKeywords[string(v)]; ok {
- result = append(result, NewError(UnsafeVarErr, pair.Loc,
- "var %[1]v is unsafe (hint: `import future.keywords.%[1]v` to import a future keyword)", v))
- continue
- }
- result = append(result, NewError(UnsafeVarErr, pair.Loc, "var %v is unsafe", v))
- }
- }
-
- if len(result) > 0 {
- return
- }
-
- // If the expression contains unsafe generated variables, report which
- // expressions are unsafe instead of the variables that are unsafe (since
- // the latter are not meaningful to the user.)
- pairs := unsafe.Slice()
-
- sort.Slice(pairs, func(i, j int) bool {
- return pairs[i].Expr.Location.Compare(pairs[j].Expr.Location) < 0
- })
-
- // Report at most one error per generated variable.
- seen := NewVarSet()
-
- for _, expr := range pairs {
- before := len(seen)
- for v := range expr.Vars {
- if v.IsGenerated() {
- seen.Add(v)
- }
- }
- if len(seen) > before {
- result = append(result, NewError(UnsafeVarErr, expr.Expr.Location, "expression is unsafe"))
- }
- }
-
- return
-}
-
-func checkUnsafeBuiltins(unsafeBuiltinsMap map[string]struct{}, node interface{}) Errors {
- errs := make(Errors, 0)
- WalkExprs(node, func(x *Expr) bool {
- if x.IsCall() {
- operator := x.Operator().String()
- if _, ok := unsafeBuiltinsMap[operator]; ok {
- errs = append(errs, NewError(TypeErr, x.Loc(), "unsafe built-in function calls in expression: %v", operator))
- }
- }
- return false
- })
- return errs
-}
-
-func rewriteVarsInRef(vars ...map[Var]Var) varRewriter {
- return func(node Ref) Ref {
- i, _ := TransformVars(node, func(v Var) (Value, error) {
- for _, m := range vars {
- if u, ok := m[v]; ok {
- return u, nil
- }
- }
- return v, nil
- })
- return i.(Ref)
- }
-}
-
-// NOTE(sr): This is duplicated with compile/compile.go; but moving it into another location
-// would cause a circular dependency -- the refSet definition needs ast.Ref. If we make it
-// public in the ast package, the compile package could take it from there, but it would also
-// increase our public interface. Let's reconsider if we need it in a third place.
-type refSet struct {
- s []Ref
-}
-
-func newRefSet(x ...Ref) *refSet {
- result := &refSet{}
- for i := range x {
- result.AddPrefix(x[i])
- }
- return result
-}
-
-// ContainsPrefix returns true if r is prefixed by any of the existing refs in the set.
-func (rs *refSet) ContainsPrefix(r Ref) bool {
- for i := range rs.s {
- if r.HasPrefix(rs.s[i]) {
- return true
- }
- }
- return false
-}
-
-// AddPrefix inserts r into the set if r is not prefixed by any existing
-// refs in the set. If any existing refs are prefixed by r, those existing
-// refs are removed.
-func (rs *refSet) AddPrefix(r Ref) {
- if rs.ContainsPrefix(r) {
- return
- }
- cpy := []Ref{r}
- for i := range rs.s {
- if !rs.s[i].HasPrefix(r) {
- cpy = append(cpy, rs.s[i])
- }
- }
- rs.s = cpy
-}
-
-// Sorted returns a sorted slice of terms for refs in the set.
-func (rs *refSet) Sorted() []*Term {
- terms := make([]*Term, len(rs.s))
- for i := range rs.s {
- terms[i] = NewTerm(rs.s[i])
- }
- sort.Slice(terms, func(i, j int) bool {
- return terms[i].Value.Compare(terms[j].Value) < 0
- })
- return terms
+// OutputVarsFromExpr returns all variables which are the "output" for
+// the given expression. For safety checks this means that they would be
+// made safe by the expr.
+func OutputVarsFromExpr(c *Compiler, expr *Expr, safe VarSet) VarSet {
+ return v1.OutputVarsFromExpr(c, expr, safe)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/compilehelper.go b/vendor/github.com/open-policy-agent/opa/ast/compilehelper.go
index dd48884f9d..37ede329ea 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/compilehelper.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/compilehelper.go
@@ -4,41 +4,29 @@
package ast
+import v1 "github.com/open-policy-agent/opa/v1/ast"
+
// CompileModules takes a set of Rego modules represented as strings and
// compiles them for evaluation. The keys of the map are used as filenames.
func CompileModules(modules map[string]string) (*Compiler, error) {
- return CompileModulesWithOpt(modules, CompileOpts{})
+ return CompileModulesWithOpt(modules, CompileOpts{
+ ParserOptions: ParserOptions{
+ RegoVersion: DefaultRegoVersion,
+ },
+ })
}
// CompileOpts defines a set of options for the compiler.
-type CompileOpts struct {
- EnablePrintStatements bool
- ParserOptions ParserOptions
-}
+type CompileOpts = v1.CompileOpts
// CompileModulesWithOpt takes a set of Rego modules represented as strings and
// compiles them for evaluation. The keys of the map are used as filenames.
func CompileModulesWithOpt(modules map[string]string, opts CompileOpts) (*Compiler, error) {
-
- parsed := make(map[string]*Module, len(modules))
-
- for f, module := range modules {
- var pm *Module
- var err error
- if pm, err = ParseModuleWithOpts(f, module, opts.ParserOptions); err != nil {
- return nil, err
- }
- parsed[f] = pm
- }
-
- compiler := NewCompiler().WithEnablePrintStatements(opts.EnablePrintStatements)
- compiler.Compile(parsed)
-
- if compiler.Failed() {
- return nil, compiler.Errors
+ if opts.ParserOptions.RegoVersion == RegoUndefined {
+ opts.ParserOptions.RegoVersion = DefaultRegoVersion
}
- return compiler, nil
+ return v1.CompileModulesWithOpt(modules, opts)
}
// MustCompileModules compiles a set of Rego modules represented as strings. If
diff --git a/vendor/github.com/open-policy-agent/opa/ast/conflicts.go b/vendor/github.com/open-policy-agent/opa/ast/conflicts.go
index c2713ad576..10edce382c 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/conflicts.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/conflicts.go
@@ -5,49 +5,11 @@
package ast
import (
- "strings"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// CheckPathConflicts returns a set of errors indicating paths that
// are in conflict with the result of the provided callable.
func CheckPathConflicts(c *Compiler, exists func([]string) (bool, error)) Errors {
- var errs Errors
-
- root := c.RuleTree.Child(DefaultRootDocument.Value)
- if root == nil {
- return nil
- }
-
- for _, node := range root.Children {
- errs = append(errs, checkDocumentConflicts(node, exists, nil)...)
- }
-
- return errs
-}
-
-func checkDocumentConflicts(node *TreeNode, exists func([]string) (bool, error), path []string) Errors {
-
- switch key := node.Key.(type) {
- case String:
- path = append(path, string(key))
- default: // other key types cannot conflict with data
- return nil
- }
-
- if len(node.Values) > 0 {
- s := strings.Join(path, "/")
- if ok, err := exists(path); err != nil {
- return Errors{NewError(CompileErr, node.Values[0].(*Rule).Loc(), "conflict check for data path %v: %v", s, err.Error())}
- } else if ok {
- return Errors{NewError(CompileErr, node.Values[0].(*Rule).Loc(), "conflicting rule for data path %v found", s)}
- }
- }
-
- var errs Errors
-
- for _, child := range node.Children {
- errs = append(errs, checkDocumentConflicts(child, exists, path)...)
- }
-
- return errs
+ return v1.CheckPathConflicts(c, exists)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/doc.go b/vendor/github.com/open-policy-agent/opa/ast/doc.go
index 62b04e301e..ba974e5ba6 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/doc.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/doc.go
@@ -1,36 +1,8 @@
-// Copyright 2016 The OPA Authors. All rights reserved.
+// Copyright 2024 The OPA Authors. All rights reserved.
// Use of this source code is governed by an Apache2
// license that can be found in the LICENSE file.
-// Package ast declares Rego syntax tree types and also includes a parser and compiler for preparing policies for execution in the policy engine.
-//
-// Rego policies are defined using a relatively small set of types: modules, package and import declarations, rules, expressions, and terms. At their core, policies consist of rules that are defined by one or more expressions over documents available to the policy engine. The expressions are defined by intrinsic values (terms) such as strings, objects, variables, etc.
-//
-// Rego policies are typically defined in text files and then parsed and compiled by the policy engine at runtime. The parsing stage takes the text or string representation of the policy and converts it into an abstract syntax tree (AST) that consists of the types mentioned above. The AST is organized as follows:
-//
-// Module
-// |
-// +--- Package (Reference)
-// |
-// +--- Imports
-// | |
-// | +--- Import (Term)
-// |
-// +--- Rules
-// |
-// +--- Rule
-// |
-// +--- Head
-// | |
-// | +--- Name (Variable)
-// | |
-// | +--- Key (Term)
-// | |
-// | +--- Value (Term)
-// |
-// +--- Body
-// |
-// +--- Expression (Term | Terms | Variable Declaration)
-//
-// At query time, the policy engine expects policies to have been compiled. The compilation stage takes one or more modules and compiles them into a format that the policy engine supports.
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
package ast
diff --git a/vendor/github.com/open-policy-agent/opa/ast/env.go b/vendor/github.com/open-policy-agent/opa/ast/env.go
index c767aafefb..ef0ccf89ce 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/env.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/env.go
@@ -5,522 +5,8 @@
package ast
import (
- "fmt"
- "strings"
-
- "github.com/open-policy-agent/opa/types"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// TypeEnv contains type info for static analysis such as type checking.
-type TypeEnv struct {
- tree *typeTreeNode
- next *TypeEnv
- newChecker func() *typeChecker
-}
-
-// newTypeEnv returns an empty TypeEnv. The constructor is not exported because
-// type environments should only be created by the type checker.
-func newTypeEnv(f func() *typeChecker) *TypeEnv {
- return &TypeEnv{
- tree: newTypeTree(),
- newChecker: f,
- }
-}
-
-// Get returns the type of x.
-func (env *TypeEnv) Get(x interface{}) types.Type {
-
- if term, ok := x.(*Term); ok {
- x = term.Value
- }
-
- switch x := x.(type) {
-
- // Scalars.
- case Null:
- return types.NewNull()
- case Boolean:
- return types.NewBoolean()
- case Number:
- return types.NewNumber()
- case String:
- return types.NewString()
-
- // Composites.
- case *Array:
- static := make([]types.Type, x.Len())
- for i := range static {
- tpe := env.Get(x.Elem(i).Value)
- static[i] = tpe
- }
-
- var dynamic types.Type
- if len(static) == 0 {
- dynamic = types.A
- }
-
- return types.NewArray(static, dynamic)
-
- case *lazyObj:
- return env.Get(x.force())
- case *object:
- static := []*types.StaticProperty{}
- var dynamic *types.DynamicProperty
-
- x.Foreach(func(k, v *Term) {
- if IsConstant(k.Value) {
- kjson, err := JSON(k.Value)
- if err == nil {
- tpe := env.Get(v)
- static = append(static, types.NewStaticProperty(kjson, tpe))
- return
- }
- }
- // Can't handle it as a static property, fallback to dynamic
- typeK := env.Get(k.Value)
- typeV := env.Get(v.Value)
- dynamic = types.NewDynamicProperty(typeK, typeV)
- })
-
- if len(static) == 0 && dynamic == nil {
- dynamic = types.NewDynamicProperty(types.A, types.A)
- }
-
- return types.NewObject(static, dynamic)
-
- case Set:
- var tpe types.Type
- x.Foreach(func(elem *Term) {
- other := env.Get(elem.Value)
- tpe = types.Or(tpe, other)
- })
- if tpe == nil {
- tpe = types.A
- }
- return types.NewSet(tpe)
-
- // Comprehensions.
- case *ArrayComprehension:
- cpy, errs := env.newChecker().CheckBody(env, x.Body)
- if len(errs) == 0 {
- return types.NewArray(nil, cpy.Get(x.Term))
- }
- return nil
- case *ObjectComprehension:
- cpy, errs := env.newChecker().CheckBody(env, x.Body)
- if len(errs) == 0 {
- return types.NewObject(nil, types.NewDynamicProperty(cpy.Get(x.Key), cpy.Get(x.Value)))
- }
- return nil
- case *SetComprehension:
- cpy, errs := env.newChecker().CheckBody(env, x.Body)
- if len(errs) == 0 {
- return types.NewSet(cpy.Get(x.Term))
- }
- return nil
-
- // Refs.
- case Ref:
- return env.getRef(x)
-
- // Vars.
- case Var:
- if node := env.tree.Child(x); node != nil {
- return node.Value()
- }
- if env.next != nil {
- return env.next.Get(x)
- }
- return nil
-
- // Calls.
- case Call:
- return nil
-
- default:
- panic("unreachable")
- }
-}
-
-func (env *TypeEnv) getRef(ref Ref) types.Type {
-
- node := env.tree.Child(ref[0].Value)
- if node == nil {
- return env.getRefFallback(ref)
- }
-
- return env.getRefRec(node, ref, ref[1:])
-}
-
-func (env *TypeEnv) getRefFallback(ref Ref) types.Type {
-
- if env.next != nil {
- return env.next.Get(ref)
- }
-
- if RootDocumentNames.Contains(ref[0]) {
- return types.A
- }
-
- return nil
-}
-
-func (env *TypeEnv) getRefRec(node *typeTreeNode, ref, tail Ref) types.Type {
- if len(tail) == 0 {
- return env.getRefRecExtent(node)
- }
-
- if node.Leaf() {
- if node.children.Len() > 0 {
- if child := node.Child(tail[0].Value); child != nil {
- return env.getRefRec(child, ref, tail[1:])
- }
- }
- return selectRef(node.Value(), tail)
- }
-
- if !IsConstant(tail[0].Value) {
- return selectRef(env.getRefRecExtent(node), tail)
- }
-
- child := node.Child(tail[0].Value)
- if child == nil {
- return env.getRefFallback(ref)
- }
-
- return env.getRefRec(child, ref, tail[1:])
-}
-
-func (env *TypeEnv) getRefRecExtent(node *typeTreeNode) types.Type {
-
- if node.Leaf() {
- return node.Value()
- }
-
- children := []*types.StaticProperty{}
-
- node.Children().Iter(func(k, v util.T) bool {
- key := k.(Value)
- child := v.(*typeTreeNode)
-
- tpe := env.getRefRecExtent(child)
-
- // NOTE(sr): Converting to Golang-native types here is an extension of what we did
- // before -- only supporting strings. But since we cannot differentiate sets and arrays
- // that way, we could reconsider.
- switch key.(type) {
- case String, Number, Boolean: // skip anything else
- propKey, err := JSON(key)
- if err != nil {
- panic(fmt.Errorf("unreachable, ValueToInterface: %w", err))
- }
- children = append(children, types.NewStaticProperty(propKey, tpe))
- }
- return false
- })
-
- // TODO(tsandall): for now, these objects can have any dynamic properties
- // because we don't have schema for base docs. Once schemas are supported
- // we can improve this.
- return types.NewObject(children, types.NewDynamicProperty(types.S, types.A))
-}
-
-func (env *TypeEnv) wrap() *TypeEnv {
- cpy := *env
- cpy.next = env
- cpy.tree = newTypeTree()
- return &cpy
-}
-
-// typeTreeNode is used to store type information in a tree.
-type typeTreeNode struct {
- key Value
- value types.Type
- children *util.HashMap
-}
-
-func newTypeTree() *typeTreeNode {
- return &typeTreeNode{
- key: nil,
- value: nil,
- children: util.NewHashMap(valueEq, valueHash),
- }
-}
-
-func (n *typeTreeNode) Child(key Value) *typeTreeNode {
- value, ok := n.children.Get(key)
- if !ok {
- return nil
- }
- return value.(*typeTreeNode)
-}
-
-func (n *typeTreeNode) Children() *util.HashMap {
- return n.children
-}
-
-func (n *typeTreeNode) Get(path Ref) types.Type {
- curr := n
- for _, term := range path {
- child, ok := curr.children.Get(term.Value)
- if !ok {
- return nil
- }
- curr = child.(*typeTreeNode)
- }
- return curr.Value()
-}
-
-func (n *typeTreeNode) Leaf() bool {
- return n.value != nil
-}
-
-func (n *typeTreeNode) PutOne(key Value, tpe types.Type) {
- c, ok := n.children.Get(key)
-
- var child *typeTreeNode
- if !ok {
- child = newTypeTree()
- child.key = key
- n.children.Put(key, child)
- } else {
- child = c.(*typeTreeNode)
- }
-
- child.value = tpe
-}
-
-func (n *typeTreeNode) Put(path Ref, tpe types.Type) {
- curr := n
- for _, term := range path {
- c, ok := curr.children.Get(term.Value)
-
- var child *typeTreeNode
- if !ok {
- child = newTypeTree()
- child.key = term.Value
- curr.children.Put(child.key, child)
- } else {
- child = c.(*typeTreeNode)
- }
-
- curr = child
- }
- curr.value = tpe
-}
-
-// Insert inserts tpe at path in the tree, but also merges the value into any types.Object present along that path.
-// If a types.Object is inserted, any leafs already present further down the tree are merged into the inserted object.
-// path must be ground.
-func (n *typeTreeNode) Insert(path Ref, tpe types.Type, env *TypeEnv) {
- curr := n
- for i, term := range path {
- c, ok := curr.children.Get(term.Value)
-
- var child *typeTreeNode
- if !ok {
- child = newTypeTree()
- child.key = term.Value
- curr.children.Put(child.key, child)
- } else {
- child = c.(*typeTreeNode)
-
- if child.value != nil && i+1 < len(path) {
- // If child has an object value, merge the new value into it.
- if o, ok := child.value.(*types.Object); ok {
- var err error
- child.value, err = insertIntoObject(o, path[i+1:], tpe, env)
- if err != nil {
- panic(fmt.Errorf("unreachable, insertIntoObject: %w", err))
- }
- }
- }
- }
-
- curr = child
- }
-
- curr.value = mergeTypes(curr.value, tpe)
-
- if _, ok := tpe.(*types.Object); ok && curr.children.Len() > 0 {
- // merge all leafs into the inserted object
- leafs := curr.Leafs()
- for p, t := range leafs {
- var err error
- curr.value, err = insertIntoObject(curr.value.(*types.Object), *p, t, env)
- if err != nil {
- panic(fmt.Errorf("unreachable, insertIntoObject: %w", err))
- }
- }
- }
-}
-
-// mergeTypes merges the types of 'a' and 'b'. If both are sets, their 'of' types are joined with an types.Or.
-// If both are objects, the key types of their dynamic properties are joined with types.Or:s, and their value types
-// are recursively merged (using mergeTypes).
-// If 'a' and 'b' are both objects, and at least one of them have static properties, they are joined
-// with an types.Or, instead of being merged.
-// If 'a' is an Any containing an Object, and 'b' is an Object (or vice versa); AND both objects have no
-// static properties, they are merged.
-// If 'a' and 'b' are different types, they are joined with an types.Or.
-func mergeTypes(a, b types.Type) types.Type {
- if a == nil {
- return b
- }
-
- if b == nil {
- return a
- }
-
- switch a := a.(type) {
- case *types.Object:
- if bObj, ok := b.(*types.Object); ok && len(a.StaticProperties()) == 0 && len(bObj.StaticProperties()) == 0 {
- if len(a.StaticProperties()) > 0 || len(bObj.StaticProperties()) > 0 {
- return types.Or(a, bObj)
- }
-
- aDynProps := a.DynamicProperties()
- bDynProps := bObj.DynamicProperties()
- dynProps := types.NewDynamicProperty(
- types.Or(aDynProps.Key, bDynProps.Key),
- mergeTypes(aDynProps.Value, bDynProps.Value))
- return types.NewObject(nil, dynProps)
- } else if bAny, ok := b.(types.Any); ok && len(a.StaticProperties()) == 0 {
- // If a is an object type with no static components ...
- for _, t := range bAny {
- if tObj, ok := t.(*types.Object); ok && len(tObj.StaticProperties()) == 0 {
- // ... and b is a types.Any containing an object with no static components, we merge them.
- aDynProps := a.DynamicProperties()
- tDynProps := tObj.DynamicProperties()
- tDynProps.Key = types.Or(tDynProps.Key, aDynProps.Key)
- tDynProps.Value = types.Or(tDynProps.Value, aDynProps.Value)
- return bAny
- }
- }
- }
- case *types.Set:
- if bSet, ok := b.(*types.Set); ok {
- return types.NewSet(types.Or(a.Of(), bSet.Of()))
- }
- case types.Any:
- if _, ok := b.(types.Any); !ok {
- return mergeTypes(b, a)
- }
- }
-
- return types.Or(a, b)
-}
-
-func (n *typeTreeNode) String() string {
- b := strings.Builder{}
-
- if k := n.key; k != nil {
- b.WriteString(k.String())
- } else {
- b.WriteString("-")
- }
-
- if v := n.value; v != nil {
- b.WriteString(": ")
- b.WriteString(v.String())
- }
-
- n.children.Iter(func(_, v util.T) bool {
- if child, ok := v.(*typeTreeNode); ok {
- b.WriteString("\n\t+ ")
- s := child.String()
- s = strings.ReplaceAll(s, "\n", "\n\t")
- b.WriteString(s)
- }
- return false
- })
-
- return b.String()
-}
-
-func insertIntoObject(o *types.Object, path Ref, tpe types.Type, env *TypeEnv) (*types.Object, error) {
- if len(path) == 0 {
- return o, nil
- }
-
- key := env.Get(path[0].Value)
-
- if len(path) == 1 {
- var dynamicProps *types.DynamicProperty
- if dp := o.DynamicProperties(); dp != nil {
- dynamicProps = types.NewDynamicProperty(types.Or(o.DynamicProperties().Key, key), types.Or(o.DynamicProperties().Value, tpe))
- } else {
- dynamicProps = types.NewDynamicProperty(key, tpe)
- }
- return types.NewObject(o.StaticProperties(), dynamicProps), nil
- }
-
- child, err := insertIntoObject(types.NewObject(nil, nil), path[1:], tpe, env)
- if err != nil {
- return nil, err
- }
-
- var dynamicProps *types.DynamicProperty
- if dp := o.DynamicProperties(); dp != nil {
- dynamicProps = types.NewDynamicProperty(types.Or(o.DynamicProperties().Key, key), types.Or(o.DynamicProperties().Value, child))
- } else {
- dynamicProps = types.NewDynamicProperty(key, child)
- }
- return types.NewObject(o.StaticProperties(), dynamicProps), nil
-}
-
-func (n *typeTreeNode) Leafs() map[*Ref]types.Type {
- leafs := map[*Ref]types.Type{}
- n.children.Iter(func(_, v util.T) bool {
- collectLeafs(v.(*typeTreeNode), nil, leafs)
- return false
- })
- return leafs
-}
-
-func collectLeafs(n *typeTreeNode, path Ref, leafs map[*Ref]types.Type) {
- nPath := append(path, NewTerm(n.key))
- if n.Leaf() {
- leafs[&nPath] = n.Value()
- return
- }
- n.children.Iter(func(_, v util.T) bool {
- collectLeafs(v.(*typeTreeNode), nPath, leafs)
- return false
- })
-}
-
-func (n *typeTreeNode) Value() types.Type {
- return n.value
-}
-
-// selectConstant returns the attribute of the type referred to by the term. If
-// the attribute type cannot be determined, nil is returned.
-func selectConstant(tpe types.Type, term *Term) types.Type {
- x, err := JSON(term.Value)
- if err == nil {
- return types.Select(tpe, x)
- }
- return nil
-}
-
-// selectRef returns the type of the nested attribute referred to by ref. If
-// the attribute type cannot be determined, nil is returned. If the ref
-// contains vars or refs, then the returned type will be a union of the
-// possible types.
-func selectRef(tpe types.Type, ref Ref) types.Type {
-
- if tpe == nil || len(ref) == 0 {
- return tpe
- }
-
- head, tail := ref[0], ref[1:]
-
- switch head.Value.(type) {
- case Var, Ref, *Array, Object, Set:
- return selectRef(types.Values(tpe), tail)
- default:
- return selectRef(selectConstant(tpe, head), tail)
- }
-}
+type TypeEnv = v1.TypeEnv
diff --git a/vendor/github.com/open-policy-agent/opa/ast/errors.go b/vendor/github.com/open-policy-agent/opa/ast/errors.go
index 066dfcdd68..722cfc0fb7 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/errors.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/errors.go
@@ -5,119 +5,42 @@
package ast
import (
- "fmt"
- "sort"
- "strings"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// Errors represents a series of errors encountered during parsing, compiling,
// etc.
-type Errors []*Error
-
-func (e Errors) Error() string {
-
- if len(e) == 0 {
- return "no error(s)"
- }
-
- if len(e) == 1 {
- return fmt.Sprintf("1 error occurred: %v", e[0].Error())
- }
-
- s := make([]string, len(e))
- for i, err := range e {
- s[i] = err.Error()
- }
-
- return fmt.Sprintf("%d errors occurred:\n%s", len(e), strings.Join(s, "\n"))
-}
-
-// Sort sorts the error slice by location. If the locations are equal then the
-// error message is compared.
-func (e Errors) Sort() {
- sort.Slice(e, func(i, j int) bool {
- a := e[i]
- b := e[j]
-
- if cmp := a.Location.Compare(b.Location); cmp != 0 {
- return cmp < 0
- }
-
- return a.Error() < b.Error()
- })
-}
+type Errors = v1.Errors
const (
// ParseErr indicates an unclassified parse error occurred.
- ParseErr = "rego_parse_error"
+ ParseErr = v1.ParseErr
// CompileErr indicates an unclassified compile error occurred.
- CompileErr = "rego_compile_error"
+ CompileErr = v1.CompileErr
// TypeErr indicates a type error was caught.
- TypeErr = "rego_type_error"
+ TypeErr = v1.TypeErr
// UnsafeVarErr indicates an unsafe variable was found during compilation.
- UnsafeVarErr = "rego_unsafe_var_error"
+ UnsafeVarErr = v1.UnsafeVarErr
// RecursionErr indicates recursion was found during compilation.
- RecursionErr = "rego_recursion_error"
+ RecursionErr = v1.RecursionErr
)
// IsError returns true if err is an AST error with code.
func IsError(code string, err error) bool {
- if err, ok := err.(*Error); ok {
- return err.Code == code
- }
- return false
+ return v1.IsError(code, err)
}
// ErrorDetails defines the interface for detailed error messages.
-type ErrorDetails interface {
- Lines() []string
-}
+type ErrorDetails = v1.ErrorDetails
// Error represents a single error caught during parsing, compiling, etc.
-type Error struct {
- Code string `json:"code"`
- Message string `json:"message"`
- Location *Location `json:"location,omitempty"`
- Details ErrorDetails `json:"details,omitempty"`
-}
-
-func (e *Error) Error() string {
-
- var prefix string
-
- if e.Location != nil {
-
- if len(e.Location.File) > 0 {
- prefix += e.Location.File + ":" + fmt.Sprint(e.Location.Row)
- } else {
- prefix += fmt.Sprint(e.Location.Row) + ":" + fmt.Sprint(e.Location.Col)
- }
- }
-
- msg := fmt.Sprintf("%v: %v", e.Code, e.Message)
-
- if len(prefix) > 0 {
- msg = prefix + ": " + msg
- }
-
- if e.Details != nil {
- for _, line := range e.Details.Lines() {
- msg += "\n\t" + line
- }
- }
-
- return msg
-}
+type Error = v1.Error
// NewError returns a new Error object.
-func NewError(code string, loc *Location, f string, a ...interface{}) *Error {
- return &Error{
- Code: code,
- Location: loc,
- Message: fmt.Sprintf(f, a...),
- }
+func NewError(code string, loc *Location, f string, a ...any) *Error {
+ return v1.NewError(code, loc, f, a...)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/index.go b/vendor/github.com/open-policy-agent/opa/ast/index.go
index cb0cbea323..7e80bb7716 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/index.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/index.go
@@ -5,904 +5,16 @@
package ast
import (
- "fmt"
- "sort"
- "strings"
-
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// RuleIndex defines the interface for rule indices.
-type RuleIndex interface {
-
- // Build tries to construct an index for the given rules. If the index was
- // constructed, it returns true, otherwise false.
- Build(rules []*Rule) bool
-
- // Lookup searches the index for rules that will match the provided
- // resolver. If the resolver returns an error, it is returned via err.
- Lookup(resolver ValueResolver) (*IndexResult, error)
-
- // AllRules traverses the index and returns all rules that will match
- // the provided resolver without any optimizations (effectively with
- // indexing disabled). If the resolver returns an error, it is returned
- // via err.
- AllRules(resolver ValueResolver) (*IndexResult, error)
-}
+type RuleIndex v1.RuleIndex
// IndexResult contains the result of an index lookup.
-type IndexResult struct {
- Kind RuleKind
- Rules []*Rule
- Else map[*Rule][]*Rule
- Default *Rule
- EarlyExit bool
- OnlyGroundRefs bool
-}
+type IndexResult = v1.IndexResult
// NewIndexResult returns a new IndexResult object.
func NewIndexResult(kind RuleKind) *IndexResult {
- return &IndexResult{
- Kind: kind,
- Else: map[*Rule][]*Rule{},
- }
-}
-
-// Empty returns true if there are no rules to evaluate.
-func (ir *IndexResult) Empty() bool {
- return len(ir.Rules) == 0 && ir.Default == nil
-}
-
-type baseDocEqIndex struct {
- skipIndexing Set
- isVirtual func(Ref) bool
- root *trieNode
- defaultRule *Rule
- kind RuleKind
- onlyGroundRefs bool
-}
-
-func newBaseDocEqIndex(isVirtual func(Ref) bool) *baseDocEqIndex {
- return &baseDocEqIndex{
- skipIndexing: NewSet(NewTerm(InternalPrint.Ref())),
- isVirtual: isVirtual,
- root: newTrieNodeImpl(),
- onlyGroundRefs: true,
- }
-}
-
-func (i *baseDocEqIndex) Build(rules []*Rule) bool {
- if len(rules) == 0 {
- return false
- }
-
- i.kind = rules[0].Head.RuleKind()
- indices := newrefindices(i.isVirtual)
-
- // build indices for each rule.
- for idx := range rules {
- WalkRules(rules[idx], func(rule *Rule) bool {
- if rule.Default {
- i.defaultRule = rule
- return false
- }
- if i.onlyGroundRefs {
- i.onlyGroundRefs = rule.Head.Reference.IsGround()
- }
- var skip bool
- for _, expr := range rule.Body {
- if op := expr.OperatorTerm(); op != nil && i.skipIndexing.Contains(op) {
- skip = true
- break
- }
- }
- if !skip {
- for _, expr := range rule.Body {
- indices.Update(rule, expr)
- }
- }
- return false
- })
- }
-
- // build trie out of indices.
- for idx := range rules {
- var prio int
- WalkRules(rules[idx], func(rule *Rule) bool {
- if rule.Default {
- return false
- }
- node := i.root
- if indices.Indexed(rule) {
- for _, ref := range indices.Sorted() {
- node = node.Insert(ref, indices.Value(rule, ref), indices.Mapper(rule, ref))
- }
- }
- // Insert rule into trie with (insertion order, priority order)
- // tuple. Retaining the insertion order allows us to return rules
- // in the order they were passed to this function.
- node.append([...]int{idx, prio}, rule)
- prio++
- return false
- })
- }
- return true
-}
-
-func (i *baseDocEqIndex) Lookup(resolver ValueResolver) (*IndexResult, error) {
-
- tr := newTrieTraversalResult()
-
- err := i.root.Traverse(resolver, tr)
- if err != nil {
- return nil, err
- }
-
- result := NewIndexResult(i.kind)
- result.Default = i.defaultRule
- result.OnlyGroundRefs = i.onlyGroundRefs
- result.Rules = make([]*Rule, 0, len(tr.ordering))
-
- for _, pos := range tr.ordering {
- sort.Slice(tr.unordered[pos], func(i, j int) bool {
- return tr.unordered[pos][i].prio[1] < tr.unordered[pos][j].prio[1]
- })
- nodes := tr.unordered[pos]
- root := nodes[0].rule
-
- result.Rules = append(result.Rules, root)
- if len(nodes) > 1 {
- result.Else[root] = make([]*Rule, len(nodes)-1)
- for i := 1; i < len(nodes); i++ {
- result.Else[root][i-1] = nodes[i].rule
- }
- }
- }
-
- result.EarlyExit = tr.values.Len() == 1 && tr.values.Slice()[0].IsGround()
-
- return result, nil
-}
-
-func (i *baseDocEqIndex) AllRules(_ ValueResolver) (*IndexResult, error) {
- tr := newTrieTraversalResult()
-
- // Walk over the rule trie and accumulate _all_ rules
- rw := &ruleWalker{result: tr}
- i.root.Do(rw)
-
- result := NewIndexResult(i.kind)
- result.Default = i.defaultRule
- result.OnlyGroundRefs = i.onlyGroundRefs
- result.Rules = make([]*Rule, 0, len(tr.ordering))
-
- for _, pos := range tr.ordering {
- sort.Slice(tr.unordered[pos], func(i, j int) bool {
- return tr.unordered[pos][i].prio[1] < tr.unordered[pos][j].prio[1]
- })
- nodes := tr.unordered[pos]
- root := nodes[0].rule
- result.Rules = append(result.Rules, root)
- if len(nodes) > 1 {
- result.Else[root] = make([]*Rule, len(nodes)-1)
- for i := 1; i < len(nodes); i++ {
- result.Else[root][i-1] = nodes[i].rule
- }
- }
- }
-
- result.EarlyExit = tr.values.Len() == 1 && tr.values.Slice()[0].IsGround()
-
- return result, nil
-}
-
-type ruleWalker struct {
- result *trieTraversalResult
-}
-
-func (r *ruleWalker) Do(x interface{}) trieWalker {
- tn := x.(*trieNode)
- r.result.Add(tn)
- return r
-}
-
-type valueMapper struct {
- Key string
- MapValue func(Value) Value
-}
-
-type refindex struct {
- Ref Ref
- Value Value
- Mapper *valueMapper
-}
-
-type refindices struct {
- isVirtual func(Ref) bool
- rules map[*Rule][]*refindex
- frequency *util.HashMap
- sorted []Ref
-}
-
-func newrefindices(isVirtual func(Ref) bool) *refindices {
- return &refindices{
- isVirtual: isVirtual,
- rules: map[*Rule][]*refindex{},
- frequency: util.NewHashMap(func(a, b util.T) bool {
- r1, r2 := a.(Ref), b.(Ref)
- return r1.Equal(r2)
- }, func(x util.T) int {
- return x.(Ref).Hash()
- }),
- }
-}
-
-// Update attempts to update the refindices for the given expression in the
-// given rule. If the expression cannot be indexed the update does not affect
-// the indices.
-func (i *refindices) Update(rule *Rule, expr *Expr) {
-
- if expr.Negated {
- return
- }
-
- if len(expr.With) > 0 {
- // NOTE(tsandall): In the future, we may need to consider expressions
- // that have with statements applied to them.
- return
- }
-
- op := expr.Operator()
-
- switch {
- case op.Equal(Equality.Ref()):
- i.updateEq(rule, expr)
-
- case op.Equal(Equal.Ref()) && len(expr.Operands()) == 2:
- // NOTE(tsandall): if equal() is called with more than two arguments the
- // output value is being captured in which case the indexer cannot
- // exclude the rule if the equal() call would return false (because the
- // false value must still be produced.)
- i.updateEq(rule, expr)
-
- case op.Equal(GlobMatch.Ref()) && len(expr.Operands()) == 3:
- // NOTE(sr): Same as with equal() above -- 4 operands means the output
- // of `glob.match` is captured and the rule can thus not be excluded.
- i.updateGlobMatch(rule, expr)
- }
-}
-
-// Sorted returns a sorted list of references that the indices were built from.
-// References that appear more frequently in the indexed rules are ordered
-// before less frequently appearing references.
-func (i *refindices) Sorted() []Ref {
-
- if i.sorted == nil {
- counts := make([]int, 0, i.frequency.Len())
- i.sorted = make([]Ref, 0, i.frequency.Len())
-
- i.frequency.Iter(func(k, v util.T) bool {
- counts = append(counts, v.(int))
- i.sorted = append(i.sorted, k.(Ref))
- return false
- })
-
- sort.Slice(i.sorted, func(a, b int) bool {
- if counts[a] > counts[b] {
- return true
- } else if counts[b] > counts[a] {
- return false
- }
- return i.sorted[a][0].Loc().Compare(i.sorted[b][0].Loc()) < 0
- })
- }
-
- return i.sorted
-}
-
-func (i *refindices) Indexed(rule *Rule) bool {
- return len(i.rules[rule]) > 0
-}
-
-func (i *refindices) Value(rule *Rule, ref Ref) Value {
- if index := i.index(rule, ref); index != nil {
- return index.Value
- }
- return nil
-}
-
-func (i *refindices) Mapper(rule *Rule, ref Ref) *valueMapper {
- if index := i.index(rule, ref); index != nil {
- return index.Mapper
- }
- return nil
-}
-
-func (i *refindices) updateEq(rule *Rule, expr *Expr) {
- a, b := expr.Operand(0), expr.Operand(1)
- args := rule.Head.Args
- if idx, ok := eqOperandsToRefAndValue(i.isVirtual, args, a, b); ok {
- i.insert(rule, idx)
- return
- }
- if idx, ok := eqOperandsToRefAndValue(i.isVirtual, args, b, a); ok {
- i.insert(rule, idx)
- return
- }
-}
-
-func (i *refindices) updateGlobMatch(rule *Rule, expr *Expr) {
- args := rule.Head.Args
-
- delim, ok := globDelimiterToString(expr.Operand(1))
- if !ok {
- return
- }
-
- if arr := globPatternToArray(expr.Operand(0), delim); arr != nil {
- // The 3rd operand of glob.match is the value to match. We assume the
- // 3rd operand was a reference that has been rewritten and bound to a
- // variable earlier in the query OR a function argument variable.
- match := expr.Operand(2)
- if _, ok := match.Value.(Var); ok {
- var ref Ref
- for _, other := range i.rules[rule] {
- if _, ok := other.Value.(Var); ok && other.Value.Compare(match.Value) == 0 {
- ref = other.Ref
- }
- }
- if ref == nil {
- for j, arg := range args {
- if arg.Equal(match) {
- ref = Ref{FunctionArgRootDocument, IntNumberTerm(j)}
- }
- }
- }
- if ref != nil {
- i.insert(rule, &refindex{
- Ref: ref,
- Value: arr.Value,
- Mapper: &valueMapper{
- Key: delim,
- MapValue: func(v Value) Value {
- if s, ok := v.(String); ok {
- return stringSliceToArray(splitStringEscaped(string(s), delim))
- }
- return v
- },
- },
- })
- }
- }
- }
-}
-
-func (i *refindices) insert(rule *Rule, index *refindex) {
-
- count, ok := i.frequency.Get(index.Ref)
- if !ok {
- count = 0
- }
-
- i.frequency.Put(index.Ref, count.(int)+1)
-
- for pos, other := range i.rules[rule] {
- if other.Ref.Equal(index.Ref) {
- i.rules[rule][pos] = index
- return
- }
- }
-
- i.rules[rule] = append(i.rules[rule], index)
-}
-
-func (i *refindices) index(rule *Rule, ref Ref) *refindex {
- for _, index := range i.rules[rule] {
- if index.Ref.Equal(ref) {
- return index
- }
- }
- return nil
-}
-
-type trieWalker interface {
- Do(x interface{}) trieWalker
-}
-
-type trieTraversalResult struct {
- unordered map[int][]*ruleNode
- ordering []int
- values Set
-}
-
-func newTrieTraversalResult() *trieTraversalResult {
- return &trieTraversalResult{
- unordered: map[int][]*ruleNode{},
- values: NewSet(),
- }
-}
-
-func (tr *trieTraversalResult) Add(t *trieNode) {
- for _, node := range t.rules {
- root := node.prio[0]
- nodes, ok := tr.unordered[root]
- if !ok {
- tr.ordering = append(tr.ordering, root)
- }
- tr.unordered[root] = append(nodes, node)
- }
- if t.values != nil {
- t.values.Foreach(func(v *Term) { tr.values.Add(v) })
- }
-}
-
-type trieNode struct {
- ref Ref
- values Set
- mappers []*valueMapper
- next *trieNode
- any *trieNode
- undefined *trieNode
- scalars *util.HashMap
- array *trieNode
- rules []*ruleNode
-}
-
-func (node *trieNode) String() string {
- var flags []string
- flags = append(flags, fmt.Sprintf("self:%p", node))
- if len(node.ref) > 0 {
- flags = append(flags, node.ref.String())
- }
- if node.next != nil {
- flags = append(flags, fmt.Sprintf("next:%p", node.next))
- }
- if node.any != nil {
- flags = append(flags, fmt.Sprintf("any:%p", node.any))
- }
- if node.undefined != nil {
- flags = append(flags, fmt.Sprintf("undefined:%p", node.undefined))
- }
- if node.array != nil {
- flags = append(flags, fmt.Sprintf("array:%p", node.array))
- }
- if node.scalars.Len() > 0 {
- buf := make([]string, 0, node.scalars.Len())
- node.scalars.Iter(func(k, v util.T) bool {
- key := k.(Value)
- val := v.(*trieNode)
- buf = append(buf, fmt.Sprintf("scalar(%v):%p", key, val))
- return false
- })
- sort.Strings(buf)
- flags = append(flags, strings.Join(buf, " "))
- }
- if len(node.rules) > 0 {
- flags = append(flags, fmt.Sprintf("%d rule(s)", len(node.rules)))
- }
- if len(node.mappers) > 0 {
- flags = append(flags, fmt.Sprintf("%d mapper(s)", len(node.mappers)))
- }
- if node.values != nil {
- if l := node.values.Len(); l > 0 {
- flags = append(flags, fmt.Sprintf("%d value(s)", l))
- }
- }
- return strings.Join(flags, " ")
-}
-
-func (node *trieNode) append(prio [2]int, rule *Rule) {
- node.rules = append(node.rules, &ruleNode{prio, rule})
-
- if node.values != nil && rule.Head.Value != nil {
- node.values.Add(rule.Head.Value)
- return
- }
-
- if node.values == nil && rule.Head.DocKind() == CompleteDoc {
- node.values = NewSet(rule.Head.Value)
- }
-}
-
-type ruleNode struct {
- prio [2]int
- rule *Rule
-}
-
-func newTrieNodeImpl() *trieNode {
- return &trieNode{
- scalars: util.NewHashMap(valueEq, valueHash),
- }
-}
-
-func (node *trieNode) Do(walker trieWalker) {
- next := walker.Do(node)
- if next == nil {
- return
- }
- if node.any != nil {
- node.any.Do(next)
- }
- if node.undefined != nil {
- node.undefined.Do(next)
- }
-
- node.scalars.Iter(func(_, v util.T) bool {
- child := v.(*trieNode)
- child.Do(next)
- return false
- })
-
- if node.array != nil {
- node.array.Do(next)
- }
- if node.next != nil {
- node.next.Do(next)
- }
-}
-
-func (node *trieNode) Insert(ref Ref, value Value, mapper *valueMapper) *trieNode {
-
- if node.next == nil {
- node.next = newTrieNodeImpl()
- node.next.ref = ref
- }
-
- if mapper != nil {
- node.next.addMapper(mapper)
- }
-
- return node.next.insertValue(value)
-}
-
-func (node *trieNode) Traverse(resolver ValueResolver, tr *trieTraversalResult) error {
-
- if node == nil {
- return nil
- }
-
- tr.Add(node)
-
- return node.next.traverse(resolver, tr)
-}
-
-func (node *trieNode) addMapper(mapper *valueMapper) {
- for i := range node.mappers {
- if node.mappers[i].Key == mapper.Key {
- return
- }
- }
- node.mappers = append(node.mappers, mapper)
-}
-
-func (node *trieNode) insertValue(value Value) *trieNode {
-
- switch value := value.(type) {
- case nil:
- if node.undefined == nil {
- node.undefined = newTrieNodeImpl()
- }
- return node.undefined
- case Var:
- if node.any == nil {
- node.any = newTrieNodeImpl()
- }
- return node.any
- case Null, Boolean, Number, String:
- child, ok := node.scalars.Get(value)
- if !ok {
- child = newTrieNodeImpl()
- node.scalars.Put(value, child)
- }
- return child.(*trieNode)
- case *Array:
- if node.array == nil {
- node.array = newTrieNodeImpl()
- }
- return node.array.insertArray(value)
- }
-
- panic("illegal value")
-}
-
-func (node *trieNode) insertArray(arr *Array) *trieNode {
-
- if arr.Len() == 0 {
- return node
- }
-
- switch head := arr.Elem(0).Value.(type) {
- case Var:
- if node.any == nil {
- node.any = newTrieNodeImpl()
- }
- return node.any.insertArray(arr.Slice(1, -1))
- case Null, Boolean, Number, String:
- child, ok := node.scalars.Get(head)
- if !ok {
- child = newTrieNodeImpl()
- node.scalars.Put(head, child)
- }
- return child.(*trieNode).insertArray(arr.Slice(1, -1))
- }
-
- panic("illegal value")
-}
-
-func (node *trieNode) traverse(resolver ValueResolver, tr *trieTraversalResult) error {
-
- if node == nil {
- return nil
- }
-
- v, err := resolver.Resolve(node.ref)
- if err != nil {
- if IsUnknownValueErr(err) {
- return node.traverseUnknown(resolver, tr)
- }
- return err
- }
-
- if node.undefined != nil {
- err = node.undefined.Traverse(resolver, tr)
- if err != nil {
- return err
- }
- }
-
- if v == nil {
- return nil
- }
-
- if node.any != nil {
- err = node.any.Traverse(resolver, tr)
- if err != nil {
- return err
- }
- }
-
- if err := node.traverseValue(resolver, tr, v); err != nil {
- return err
- }
-
- for i := range node.mappers {
- if err := node.traverseValue(resolver, tr, node.mappers[i].MapValue(v)); err != nil {
- return err
- }
- }
-
- return nil
-}
-
-func (node *trieNode) traverseValue(resolver ValueResolver, tr *trieTraversalResult, value Value) error {
-
- switch value := value.(type) {
- case *Array:
- if node.array == nil {
- return nil
- }
- return node.array.traverseArray(resolver, tr, value)
-
- case Null, Boolean, Number, String:
- child, ok := node.scalars.Get(value)
- if !ok {
- return nil
- }
- return child.(*trieNode).Traverse(resolver, tr)
- }
-
- return nil
-}
-
-func (node *trieNode) traverseArray(resolver ValueResolver, tr *trieTraversalResult, arr *Array) error {
-
- if arr.Len() == 0 {
- return node.Traverse(resolver, tr)
- }
-
- if node.any != nil {
- err := node.any.traverseArray(resolver, tr, arr.Slice(1, -1))
- if err != nil {
- return err
- }
- }
-
- head := arr.Elem(0).Value
-
- if !IsScalar(head) {
- return nil
- }
-
- child, ok := node.scalars.Get(head)
- if !ok {
- return nil
- }
- return child.(*trieNode).traverseArray(resolver, tr, arr.Slice(1, -1))
-}
-
-func (node *trieNode) traverseUnknown(resolver ValueResolver, tr *trieTraversalResult) error {
-
- if node == nil {
- return nil
- }
-
- if err := node.Traverse(resolver, tr); err != nil {
- return err
- }
-
- if err := node.undefined.traverseUnknown(resolver, tr); err != nil {
- return err
- }
-
- if err := node.any.traverseUnknown(resolver, tr); err != nil {
- return err
- }
-
- if err := node.array.traverseUnknown(resolver, tr); err != nil {
- return err
- }
-
- var iterErr error
- node.scalars.Iter(func(_, v util.T) bool {
- child := v.(*trieNode)
- if iterErr = child.traverseUnknown(resolver, tr); iterErr != nil {
- return true
- }
- return false
- })
-
- return iterErr
-}
-
-// If term `a` is one of the function's operands, we store a Ref: `args[0]`
-// for the argument number. So for `f(x, y) { x = 10; y = 12 }`, we'll
-// bind `args[0]` and `args[1]` to this rule when called for (x=10) and
-// (y=12) respectively.
-func eqOperandsToRefAndValue(isVirtual func(Ref) bool, args []*Term, a, b *Term) (*refindex, bool) {
- switch v := a.Value.(type) {
- case Var:
- for i, arg := range args {
- if arg.Value.Compare(v) == 0 {
- if bval, ok := indexValue(b); ok {
- return &refindex{Ref: Ref{FunctionArgRootDocument, IntNumberTerm(i)}, Value: bval}, true
- }
- }
- }
- case Ref:
- if !RootDocumentNames.Contains(v[0]) {
- return nil, false
- }
- if isVirtual(v) {
- return nil, false
- }
- if v.IsNested() || !v.IsGround() {
- return nil, false
- }
- if bval, ok := indexValue(b); ok {
- return &refindex{Ref: v, Value: bval}, true
- }
- }
- return nil, false
-}
-
-func indexValue(b *Term) (Value, bool) {
- switch b := b.Value.(type) {
- case Null, Boolean, Number, String, Var:
- return b, true
- case *Array:
- stop := false
- first := true
- vis := NewGenericVisitor(func(x interface{}) bool {
- if first {
- first = false
- return false
- }
- switch x.(type) {
- // No nested structures or values that require evaluation (other than var).
- case *Array, Object, Set, *ArrayComprehension, *ObjectComprehension, *SetComprehension, Ref:
- stop = true
- }
- return stop
- })
- vis.Walk(b)
- if !stop {
- return b, true
- }
- }
-
- return nil, false
-}
-
-func globDelimiterToString(delim *Term) (string, bool) {
-
- arr, ok := delim.Value.(*Array)
- if !ok {
- return "", false
- }
-
- var result string
-
- if arr.Len() == 0 {
- result = "."
- } else {
- for i := 0; i < arr.Len(); i++ {
- term := arr.Elem(i)
- s, ok := term.Value.(String)
- if !ok {
- return "", false
- }
- result += string(s)
- }
- }
-
- return result, true
-}
-
-func globPatternToArray(pattern *Term, delim string) *Term {
-
- s, ok := pattern.Value.(String)
- if !ok {
- return nil
- }
-
- parts := splitStringEscaped(string(s), delim)
- arr := make([]*Term, len(parts))
-
- for i := range parts {
- if parts[i] == "*" {
- arr[i] = VarTerm("$globwildcard")
- } else {
- var escaped bool
- for _, c := range parts[i] {
- if c == '\\' {
- escaped = !escaped
- continue
- }
- if !escaped {
- switch c {
- case '[', '?', '{', '*':
- // TODO(tsandall): super glob and character pattern
- // matching not supported yet.
- return nil
- }
- }
- escaped = false
- }
- arr[i] = StringTerm(parts[i])
- }
- }
-
- return NewTerm(NewArray(arr...))
-}
-
-// splits s on characters in delim except if delim characters have been escaped
-// with reverse solidus.
-func splitStringEscaped(s string, delim string) []string {
-
- var last, curr int
- var escaped bool
- var result []string
-
- for ; curr < len(s); curr++ {
- if s[curr] == '\\' || escaped {
- escaped = !escaped
- continue
- }
- if strings.ContainsRune(delim, rune(s[curr])) {
- result = append(result, s[last:curr])
- last = curr + 1
- }
- }
-
- result = append(result, s[last:])
-
- return result
-}
-
-func stringSliceToArray(s []string) *Array {
- arr := make([]*Term, len(s))
- for i, v := range s {
- arr[i] = StringTerm(v)
- }
- return NewArray(arr...)
+ return v1.NewIndexResult(kind)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/interning.go b/vendor/github.com/open-policy-agent/opa/ast/interning.go
new file mode 100644
index 0000000000..239293664b
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/ast/interning.go
@@ -0,0 +1,24 @@
+// Copyright 2024 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ v1 "github.com/open-policy-agent/opa/v1/ast"
+)
+
+func InternedBooleanTerm(b bool) *Term {
+ return v1.InternedBooleanTerm(b)
+}
+
+// InternedIntNumberTerm returns a term with the given integer value. The term is
+// cached between -1 to 512, and for values outside of that range, this function
+// is equivalent to ast.IntNumberTerm.
+func InternedIntNumberTerm(i int) *Term {
+ return v1.InternedIntNumberTerm(i)
+}
+
+func HasInternedIntNumberTerm(i int) bool {
+ return v1.HasInternedIntNumberTerm(i)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/json/doc.go b/vendor/github.com/open-policy-agent/opa/ast/json/doc.go
new file mode 100644
index 0000000000..26aee9b994
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/ast/json/doc.go
@@ -0,0 +1,8 @@
+// Copyright 2024 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
+package json
diff --git a/vendor/github.com/open-policy-agent/opa/ast/json/json.go b/vendor/github.com/open-policy-agent/opa/ast/json/json.go
index 565017d58e..8a3a36bb9b 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/json/json.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/json/json.go
@@ -1,36 +1,15 @@
package json
+import v1 "github.com/open-policy-agent/opa/v1/ast/json"
+
// Options defines the options for JSON operations,
// currently only marshaling can be configured
-type Options struct {
- MarshalOptions MarshalOptions
-}
+type Options = v1.Options
// MarshalOptions defines the options for JSON marshaling,
// currently only toggling the marshaling of location information is supported
-type MarshalOptions struct {
- // IncludeLocation toggles the marshaling of location information
- IncludeLocation NodeToggle
- // IncludeLocationText additionally/optionally includes the text of the location
- IncludeLocationText bool
- // ExcludeLocationFile additionally/optionally excludes the file of the location
- // Note that this is inverted (i.e. not "include" as the default needs to remain false)
- ExcludeLocationFile bool
-}
+type MarshalOptions = v1.MarshalOptions
// NodeToggle is a generic struct to allow the toggling of
// settings for different ast node types
-type NodeToggle struct {
- Term bool
- Package bool
- Comment bool
- Import bool
- Rule bool
- Head bool
- Expr bool
- SomeDecl bool
- Every bool
- With bool
- Annotations bool
- AnnotationsRef bool
-}
+type NodeToggle = v1.NodeToggle
diff --git a/vendor/github.com/open-policy-agent/opa/ast/map.go b/vendor/github.com/open-policy-agent/opa/ast/map.go
index b0cc9eb60f..070ad3e5de 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/map.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/map.go
@@ -5,129 +5,14 @@
package ast
import (
- "encoding/json"
-
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// ValueMap represents a key/value map between AST term values. Any type of term
// can be used as a key in the map.
-type ValueMap struct {
- hashMap *util.HashMap
-}
+type ValueMap = v1.ValueMap
// NewValueMap returns a new ValueMap.
func NewValueMap() *ValueMap {
- vs := &ValueMap{
- hashMap: util.NewHashMap(valueEq, valueHash),
- }
- return vs
-}
-
-// MarshalJSON provides a custom marshaller for the ValueMap which
-// will include the key, value, and value type.
-func (vs *ValueMap) MarshalJSON() ([]byte, error) {
- var tmp []map[string]interface{}
- vs.Iter(func(k Value, v Value) bool {
- tmp = append(tmp, map[string]interface{}{
- "name": k.String(),
- "type": TypeName(v),
- "value": v,
- })
- return false
- })
- return json.Marshal(tmp)
-}
-
-// Copy returns a shallow copy of the ValueMap.
-func (vs *ValueMap) Copy() *ValueMap {
- if vs == nil {
- return nil
- }
- cpy := NewValueMap()
- cpy.hashMap = vs.hashMap.Copy()
- return cpy
-}
-
-// Equal returns true if this ValueMap equals the other.
-func (vs *ValueMap) Equal(other *ValueMap) bool {
- if vs == nil {
- return other == nil || other.Len() == 0
- }
- if other == nil {
- return vs == nil || vs.Len() == 0
- }
- return vs.hashMap.Equal(other.hashMap)
-}
-
-// Len returns the number of elements in the map.
-func (vs *ValueMap) Len() int {
- if vs == nil {
- return 0
- }
- return vs.hashMap.Len()
-}
-
-// Get returns the value in the map for k.
-func (vs *ValueMap) Get(k Value) Value {
- if vs != nil {
- if v, ok := vs.hashMap.Get(k); ok {
- return v.(Value)
- }
- }
- return nil
-}
-
-// Hash returns a hash code for this ValueMap.
-func (vs *ValueMap) Hash() int {
- if vs == nil {
- return 0
- }
- return vs.hashMap.Hash()
-}
-
-// Iter calls the iter function for each key/value pair in the map. If the iter
-// function returns true, iteration stops.
-func (vs *ValueMap) Iter(iter func(Value, Value) bool) bool {
- if vs == nil {
- return false
- }
- return vs.hashMap.Iter(func(kt, vt util.T) bool {
- k := kt.(Value)
- v := vt.(Value)
- return iter(k, v)
- })
-}
-
-// Put inserts a key k into the map with value v.
-func (vs *ValueMap) Put(k, v Value) {
- if vs == nil {
- panic("put on nil value map")
- }
- vs.hashMap.Put(k, v)
-}
-
-// Delete removes a key k from the map.
-func (vs *ValueMap) Delete(k Value) {
- if vs == nil {
- return
- }
- vs.hashMap.Delete(k)
-}
-
-func (vs *ValueMap) String() string {
- if vs == nil {
- return "{}"
- }
- return vs.hashMap.String()
-}
-
-func valueHash(v util.T) int {
- return v.(Value).Hash()
-}
-
-func valueEq(a, b util.T) bool {
- av := a.(Value)
- bv := b.(Value)
- return av.Compare(bv) == 0
+ return v1.NewValueMap()
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/marshal.go b/vendor/github.com/open-policy-agent/opa/ast/marshal.go
deleted file mode 100644
index 53fb112044..0000000000
--- a/vendor/github.com/open-policy-agent/opa/ast/marshal.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package ast
-
-import (
- astJSON "github.com/open-policy-agent/opa/ast/json"
-)
-
-// customJSON is an interface that can be implemented by AST nodes that
-// allows the parser to set options for JSON operations on that node.
-type customJSON interface {
- setJSONOptions(astJSON.Options)
-}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/parser.go b/vendor/github.com/open-policy-agent/opa/ast/parser.go
index 09ede2baec..45cd4da06e 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/parser.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/parser.go
@@ -1,2733 +1,49 @@
-// Copyright 2020 The OPA Authors. All rights reserved.
+// Copyright 2024 The OPA Authors. All rights reserved.
// Use of this source code is governed by an Apache2
// license that can be found in the LICENSE file.
package ast
import (
- "bytes"
- "encoding/json"
- "fmt"
- "io"
- "math/big"
- "net/url"
- "regexp"
- "sort"
- "strconv"
- "strings"
- "unicode/utf8"
-
- "gopkg.in/yaml.v3"
-
- "github.com/open-policy-agent/opa/ast/internal/scanner"
- "github.com/open-policy-agent/opa/ast/internal/tokens"
- astJSON "github.com/open-policy-agent/opa/ast/json"
- "github.com/open-policy-agent/opa/ast/location"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
-var RegoV1CompatibleRef = Ref{VarTerm("rego"), StringTerm("v1")}
+var RegoV1CompatibleRef = v1.RegoV1CompatibleRef
// RegoVersion defines the Rego syntax requirements for a module.
-type RegoVersion int
+type RegoVersion = v1.RegoVersion
-const DefaultRegoVersion = RegoVersion(0)
+const DefaultRegoVersion = RegoV0
const (
+ RegoUndefined = v1.RegoUndefined
// RegoV0 is the default, original Rego syntax.
- RegoV0 RegoVersion = iota
+ RegoV0 = v1.RegoV0
// RegoV0CompatV1 requires modules to comply with both the RegoV0 and RegoV1 syntax (as when 'rego.v1' is imported in a module).
// Shortly, RegoV1 compatibility is required, but 'rego.v1' or 'future.keywords' must also be imported.
- RegoV0CompatV1
+ RegoV0CompatV1 = v1.RegoV0CompatV1
// RegoV1 is the Rego syntax enforced by OPA 1.0; e.g.:
// future.keywords part of default keyword set, and don't require imports;
// 'if' and 'contains' required in rule heads;
// (some) strict checks on by default.
- RegoV1
+ RegoV1 = v1.RegoV1
)
-func (v RegoVersion) Int() int {
- if v == RegoV1 {
- return 1
- }
- return 0
-}
-
-func (v RegoVersion) String() string {
- switch v {
- case RegoV0:
- return "v0"
- case RegoV1:
- return "v1"
- case RegoV0CompatV1:
- return "v0v1"
- default:
- return "unknown"
- }
-}
-
func RegoVersionFromInt(i int) RegoVersion {
- if i == 1 {
- return RegoV1
- }
- return RegoV0
-}
-
-// Note: This state is kept isolated from the parser so that we
-// can do efficient shallow copies of these values when doing a
-// save() and restore().
-type state struct {
- s *scanner.Scanner
- lastEnd int
- skippedNL bool
- tok tokens.Token
- tokEnd int
- lit string
- loc Location
- errors Errors
- hints []string
- comments []*Comment
- wildcard int
-}
-
-func (s *state) String() string {
- return fmt.Sprintf("", s.s, s.tok, s.lit, s.loc, len(s.errors), len(s.comments))
-}
-
-func (s *state) Loc() *location.Location {
- cpy := s.loc
- return &cpy
-}
-
-func (s *state) Text(offset, end int) []byte {
- bs := s.s.Bytes()
- if offset >= 0 && offset < len(bs) {
- if end >= offset && end <= len(bs) {
- return bs[offset:end]
- }
- }
- return nil
+ return v1.RegoVersionFromInt(i)
}
// Parser is used to parse Rego statements.
-type Parser struct {
- r io.Reader
- s *state
- po ParserOptions
- cache parsedTermCache
-}
-
-type parsedTermCacheItem struct {
- t *Term
- post *state // post is the post-state that's restored on a cache-hit
- offset int
- next *parsedTermCacheItem
-}
-
-type parsedTermCache struct {
- m *parsedTermCacheItem
-}
-
-func (c parsedTermCache) String() string {
- s := strings.Builder{}
- s.WriteRune('{')
- var e *parsedTermCacheItem
- for e = c.m; e != nil; e = e.next {
- s.WriteString(fmt.Sprintf("%v", e))
- }
- s.WriteRune('}')
- return s.String()
-}
-
-func (e *parsedTermCacheItem) String() string {
- return fmt.Sprintf("<%d:%v>", e.offset, e.t)
-}
+type Parser = v1.Parser
// ParserOptions defines the options for parsing Rego statements.
-type ParserOptions struct {
- Capabilities *Capabilities
- ProcessAnnotation bool
- AllFutureKeywords bool
- FutureKeywords []string
- SkipRules bool
- JSONOptions *astJSON.Options
- // RegoVersion is the version of Rego to parse for.
- RegoVersion RegoVersion
- unreleasedKeywords bool // TODO(sr): cleanup
-}
-
-// EffectiveRegoVersion returns the effective RegoVersion to use for parsing.
-// Deprecated: Use RegoVersion instead.
-func (po *ParserOptions) EffectiveRegoVersion() RegoVersion {
- return po.RegoVersion
-}
+type ParserOptions = v1.ParserOptions
// NewParser creates and initializes a Parser.
func NewParser() *Parser {
- p := &Parser{
- s: &state{},
- po: ParserOptions{},
- }
- return p
-}
-
-// WithFilename provides the filename for Location details
-// on parsed statements.
-func (p *Parser) WithFilename(filename string) *Parser {
- p.s.loc.File = filename
- return p
-}
-
-// WithReader provides the io.Reader that the parser will
-// use as its source.
-func (p *Parser) WithReader(r io.Reader) *Parser {
- p.r = r
- return p
-}
-
-// WithProcessAnnotation enables or disables the processing of
-// annotations by the Parser
-func (p *Parser) WithProcessAnnotation(processAnnotation bool) *Parser {
- p.po.ProcessAnnotation = processAnnotation
- return p
-}
-
-// WithFutureKeywords enables "future" keywords, i.e., keywords that can
-// be imported via
-//
-// import future.keywords.kw
-// import future.keywords.other
-//
-// but in a more direct way. The equivalent of this import would be
-//
-// WithFutureKeywords("kw", "other")
-func (p *Parser) WithFutureKeywords(kws ...string) *Parser {
- p.po.FutureKeywords = kws
- return p
-}
-
-// WithAllFutureKeywords enables all "future" keywords, i.e., the
-// ParserOption equivalent of
-//
-// import future.keywords
-func (p *Parser) WithAllFutureKeywords(yes bool) *Parser {
- p.po.AllFutureKeywords = yes
- return p
-}
-
-// withUnreleasedKeywords allows using keywords that haven't surfaced
-// as future keywords (see above) yet, but have tests that require
-// them to be parsed
-func (p *Parser) withUnreleasedKeywords(yes bool) *Parser {
- p.po.unreleasedKeywords = yes
- return p
-}
-
-// WithCapabilities sets the capabilities structure on the parser.
-func (p *Parser) WithCapabilities(c *Capabilities) *Parser {
- p.po.Capabilities = c
- return p
-}
-
-// WithSkipRules instructs the parser not to attempt to parse Rule statements.
-func (p *Parser) WithSkipRules(skip bool) *Parser {
- p.po.SkipRules = skip
- return p
-}
-
-// WithJSONOptions sets the Options which will be set on nodes to configure
-// their JSON marshaling behavior.
-func (p *Parser) WithJSONOptions(jsonOptions *astJSON.Options) *Parser {
- p.po.JSONOptions = jsonOptions
- return p
-}
-
-func (p *Parser) WithRegoVersion(version RegoVersion) *Parser {
- p.po.RegoVersion = version
- return p
-}
-
-func (p *Parser) parsedTermCacheLookup() (*Term, *state) {
- l := p.s.loc.Offset
- // stop comparing once the cached offsets are lower than l
- for h := p.cache.m; h != nil && h.offset >= l; h = h.next {
- if h.offset == l {
- return h.t, h.post
- }
- }
- return nil, nil
-}
-
-func (p *Parser) parsedTermCachePush(t *Term, s0 *state) {
- s1 := p.save()
- o0 := s0.loc.Offset
- entry := parsedTermCacheItem{t: t, post: s1, offset: o0}
-
- // find the first one whose offset is smaller than ours
- var e *parsedTermCacheItem
- for e = p.cache.m; e != nil; e = e.next {
- if e.offset < o0 {
- break
- }
- }
- entry.next = e
- p.cache.m = &entry
-}
-
-// futureParser returns a shallow copy of `p` with an empty
-// cache, and a scanner that knows all future keywords.
-// It's used to present hints in errors, when statements would
-// only parse successfully if some future keyword is enabled.
-func (p *Parser) futureParser() *Parser {
- q := *p
- q.s = p.save()
- q.s.s = p.s.s.WithKeywords(futureKeywords)
- q.cache = parsedTermCache{}
- return &q
-}
-
-// presentParser returns a shallow copy of `p` with an empty
-// cache, and a scanner that knows none of the future keywords.
-// It is used to successfully parse keyword imports, like
-//
-// import future.keywords.in
-//
-// even when the parser has already been informed about the
-// future keyword "in". This parser won't error out because
-// "in" is an identifier.
-func (p *Parser) presentParser() (*Parser, map[string]tokens.Token) {
- var cpy map[string]tokens.Token
- q := *p
- q.s = p.save()
- q.s.s, cpy = p.s.s.WithoutKeywords(futureKeywords)
- q.cache = parsedTermCache{}
- return &q, cpy
-}
-
-// Parse will read the Rego source and parse statements and
-// comments as they are found. Any errors encountered while
-// parsing will be accumulated and returned as a list of Errors.
-func (p *Parser) Parse() ([]Statement, []*Comment, Errors) {
-
- if p.po.Capabilities == nil {
- p.po.Capabilities = CapabilitiesForThisVersion()
- }
-
- allowedFutureKeywords := map[string]tokens.Token{}
-
- if p.po.RegoVersion == RegoV1 {
- // RegoV1 includes all future keywords in the default language definition
- for k, v := range futureKeywords {
- allowedFutureKeywords[k] = v
- }
-
- // For sake of error reporting, we still need to check that keywords in capabilities are known,
- for _, kw := range p.po.Capabilities.FutureKeywords {
- if _, ok := futureKeywords[kw]; !ok {
- return nil, nil, Errors{
- &Error{
- Code: ParseErr,
- Message: fmt.Sprintf("illegal capabilities: unknown keyword: %v", kw),
- Location: nil,
- },
- }
- }
- }
- // and that explicitly requested future keywords are known.
- for _, kw := range p.po.FutureKeywords {
- if _, ok := allowedFutureKeywords[kw]; !ok {
- return nil, nil, Errors{
- &Error{
- Code: ParseErr,
- Message: fmt.Sprintf("unknown future keyword: %v", kw),
- Location: nil,
- },
- }
- }
- }
- } else {
- for _, kw := range p.po.Capabilities.FutureKeywords {
- var ok bool
- allowedFutureKeywords[kw], ok = futureKeywords[kw]
- if !ok {
- return nil, nil, Errors{
- &Error{
- Code: ParseErr,
- Message: fmt.Sprintf("illegal capabilities: unknown keyword: %v", kw),
- Location: nil,
- },
- }
- }
- }
- }
-
- var err error
- p.s.s, err = scanner.New(p.r)
- if err != nil {
- return nil, nil, Errors{
- &Error{
- Code: ParseErr,
- Message: err.Error(),
- Location: nil,
- },
- }
- }
-
- selected := map[string]tokens.Token{}
- if p.po.AllFutureKeywords || p.po.RegoVersion == RegoV1 {
- for kw, tok := range allowedFutureKeywords {
- selected[kw] = tok
- }
- } else {
- for _, kw := range p.po.FutureKeywords {
- tok, ok := allowedFutureKeywords[kw]
- if !ok {
- return nil, nil, Errors{
- &Error{
- Code: ParseErr,
- Message: fmt.Sprintf("unknown future keyword: %v", kw),
- Location: nil,
- },
- }
- }
- selected[kw] = tok
- }
- }
- p.s.s = p.s.s.WithKeywords(selected)
-
- if p.po.RegoVersion == RegoV1 {
- for kw, tok := range allowedFutureKeywords {
- p.s.s.AddKeyword(kw, tok)
- }
- }
-
- // read the first token to initialize the parser
- p.scan()
-
- var stmts []Statement
-
- // Read from the scanner until the last token is reached or no statements
- // can be parsed. Attempt to parse package statements, import statements,
- // rule statements, and then body/query statements (in that order). If a
- // statement cannot be parsed, restore the parser state before trying the
- // next type of statement. If a statement can be parsed, continue from that
- // point trying to parse packages, imports, etc. in the same order.
- for p.s.tok != tokens.EOF {
-
- s := p.save()
-
- if pkg := p.parsePackage(); pkg != nil {
- stmts = append(stmts, pkg)
- continue
- } else if len(p.s.errors) > 0 {
- break
- }
-
- p.restore(s)
- s = p.save()
-
- if imp := p.parseImport(); imp != nil {
- if RegoRootDocument.Equal(imp.Path.Value.(Ref)[0]) {
- p.regoV1Import(imp)
- }
-
- if FutureRootDocument.Equal(imp.Path.Value.(Ref)[0]) {
- p.futureImport(imp, allowedFutureKeywords)
- }
-
- stmts = append(stmts, imp)
- continue
- } else if len(p.s.errors) > 0 {
- break
- }
-
- p.restore(s)
-
- if !p.po.SkipRules {
- s = p.save()
-
- if rules := p.parseRules(); rules != nil {
- for i := range rules {
- stmts = append(stmts, rules[i])
- }
- continue
- } else if len(p.s.errors) > 0 {
- break
- }
-
- p.restore(s)
- }
-
- if body := p.parseQuery(true, tokens.EOF); body != nil {
- stmts = append(stmts, body)
- continue
- }
-
- break
- }
-
- if p.po.ProcessAnnotation {
- stmts = p.parseAnnotations(stmts)
- }
-
- if p.po.JSONOptions != nil {
- for i := range stmts {
- vis := NewGenericVisitor(func(x interface{}) bool {
- if x, ok := x.(customJSON); ok {
- x.setJSONOptions(*p.po.JSONOptions)
- }
- return false
- })
-
- vis.Walk(stmts[i])
- }
- }
-
- return stmts, p.s.comments, p.s.errors
-}
-
-func (p *Parser) parseAnnotations(stmts []Statement) []Statement {
-
- annotStmts, errs := parseAnnotations(p.s.comments)
- for _, err := range errs {
- p.error(err.Location, err.Message)
- }
-
- for _, annotStmt := range annotStmts {
- stmts = append(stmts, annotStmt)
- }
-
- return stmts
-}
-
-func parseAnnotations(comments []*Comment) ([]*Annotations, Errors) {
-
- var hint = []byte("METADATA")
- var curr *metadataParser
- var blocks []*metadataParser
-
- for i := 0; i < len(comments); i++ {
- if curr != nil {
- if comments[i].Location.Row == comments[i-1].Location.Row+1 && comments[i].Location.Col == 1 {
- curr.Append(comments[i])
- continue
- }
- curr = nil
- }
- if bytes.HasPrefix(bytes.TrimSpace(comments[i].Text), hint) {
- curr = newMetadataParser(comments[i].Location)
- blocks = append(blocks, curr)
- }
- }
-
- var stmts []*Annotations
- var errs Errors
- for _, b := range blocks {
- a, err := b.Parse()
- if err != nil {
- errs = append(errs, &Error{
- Code: ParseErr,
- Message: err.Error(),
- Location: b.loc,
- })
- } else {
- stmts = append(stmts, a)
- }
- }
-
- return stmts, errs
-}
-
-func (p *Parser) parsePackage() *Package {
-
- var pkg Package
- pkg.SetLoc(p.s.Loc())
-
- if p.s.tok != tokens.Package {
- return nil
- }
-
- p.scan()
- if p.s.tok != tokens.Ident {
- p.illegalToken()
- return nil
- }
-
- term := p.parseTerm()
-
- if term != nil {
- switch v := term.Value.(type) {
- case Var:
- pkg.Path = Ref{
- DefaultRootDocument.Copy().SetLocation(term.Location),
- StringTerm(string(v)).SetLocation(term.Location),
- }
- case Ref:
- pkg.Path = make(Ref, len(v)+1)
- pkg.Path[0] = DefaultRootDocument.Copy().SetLocation(v[0].Location)
- first, ok := v[0].Value.(Var)
- if !ok {
- p.errorf(v[0].Location, "unexpected %v token: expecting var", TypeName(v[0].Value))
- return nil
- }
- pkg.Path[1] = StringTerm(string(first)).SetLocation(v[0].Location)
- for i := 2; i < len(pkg.Path); i++ {
- switch v[i-1].Value.(type) {
- case String:
- pkg.Path[i] = v[i-1]
- default:
- p.errorf(v[i-1].Location, "unexpected %v token: expecting string", TypeName(v[i-1].Value))
- return nil
- }
- }
- default:
- p.illegalToken()
- return nil
- }
- }
-
- if pkg.Path == nil {
- if len(p.s.errors) == 0 {
- p.error(p.s.Loc(), "expected path")
- }
- return nil
- }
-
- return &pkg
-}
-
-func (p *Parser) parseImport() *Import {
-
- var imp Import
- imp.SetLoc(p.s.Loc())
-
- if p.s.tok != tokens.Import {
- return nil
- }
-
- p.scan()
- if p.s.tok != tokens.Ident {
- p.error(p.s.Loc(), "expected ident")
- return nil
- }
- q, prev := p.presentParser()
- term := q.parseTerm()
- if term != nil {
- switch v := term.Value.(type) {
- case Var:
- imp.Path = RefTerm(term).SetLocation(term.Location)
- case Ref:
- for i := 1; i < len(v); i++ {
- if _, ok := v[i].Value.(String); !ok {
- p.errorf(v[i].Location, "unexpected %v token: expecting string", TypeName(v[i].Value))
- return nil
- }
- }
- imp.Path = term
- }
- }
- // keep advanced parser state, reset known keywords
- p.s = q.s
- p.s.s = q.s.s.WithKeywords(prev)
-
- if imp.Path == nil {
- p.error(p.s.Loc(), "expected path")
- return nil
- }
-
- path := imp.Path.Value.(Ref)
-
- switch {
- case RootDocumentNames.Contains(path[0]):
- case FutureRootDocument.Equal(path[0]):
- case RegoRootDocument.Equal(path[0]):
- default:
- p.hint("if this is unexpected, try updating OPA")
- p.errorf(imp.Path.Location, "unexpected import path, must begin with one of: %v, got: %v",
- RootDocumentNames.Union(NewSet(FutureRootDocument, RegoRootDocument)),
- path[0])
- return nil
- }
-
- if p.s.tok == tokens.As {
- p.scan()
-
- if p.s.tok != tokens.Ident {
- p.illegal("expected var")
- return nil
- }
-
- if alias := p.parseTerm(); alias != nil {
- v, ok := alias.Value.(Var)
- if ok {
- imp.Alias = v
- return &imp
- }
- }
- p.illegal("expected var")
- return nil
- }
-
- return &imp
-}
-
-func (p *Parser) parseRules() []*Rule {
-
- var rule Rule
- rule.SetLoc(p.s.Loc())
-
- if p.s.tok == tokens.Default {
- p.scan()
- rule.Default = true
- }
-
- if p.s.tok != tokens.Ident {
- return nil
- }
-
- usesContains := false
- if rule.Head, usesContains = p.parseHead(rule.Default); rule.Head == nil {
- return nil
- }
-
- if usesContains {
- rule.Head.keywords = append(rule.Head.keywords, tokens.Contains)
- }
-
- if rule.Default {
- if !p.validateDefaultRuleValue(&rule) {
- return nil
- }
-
- if len(rule.Head.Args) > 0 {
- if !p.validateDefaultRuleArgs(&rule) {
- return nil
- }
- }
-
- rule.Body = NewBody(NewExpr(BooleanTerm(true).SetLocation(rule.Location)).SetLocation(rule.Location))
- return []*Rule{&rule}
- }
-
- // back-compat with `p[x] { ... }``
- hasIf := p.s.tok == tokens.If
-
- // p[x] if ... becomes a single-value rule p[x]
- if hasIf && !usesContains && len(rule.Head.Ref()) == 2 {
- if !rule.Head.Ref()[1].IsGround() && len(rule.Head.Args) == 0 {
- rule.Head.Key = rule.Head.Ref()[1]
- }
-
- if rule.Head.Value == nil {
- rule.Head.generatedValue = true
- rule.Head.Value = BooleanTerm(true).SetLocation(rule.Head.Location)
- } else {
- // p[x] = y if becomes a single-value rule p[x] with value y, but needs name for compat
- v, ok := rule.Head.Ref()[0].Value.(Var)
- if !ok {
- return nil
- }
- rule.Head.Name = v
- }
- }
-
- // p[x] becomes a multi-value rule p
- if !hasIf && !usesContains &&
- len(rule.Head.Args) == 0 && // not a function
- len(rule.Head.Ref()) == 2 { // ref like 'p[x]'
- v, ok := rule.Head.Ref()[0].Value.(Var)
- if !ok {
- return nil
- }
- rule.Head.Name = v
- rule.Head.Key = rule.Head.Ref()[1]
- if rule.Head.Value == nil {
- rule.Head.SetRef(rule.Head.Ref()[:len(rule.Head.Ref())-1])
- }
- }
-
- switch {
- case hasIf:
- rule.Head.keywords = append(rule.Head.keywords, tokens.If)
- p.scan()
- s := p.save()
- if expr := p.parseLiteral(); expr != nil {
- // NOTE(sr): set literals are never false or undefined, so parsing this as
- // p if { true }
- // ^^^^^^^^ set of one element, `true`
- // isn't valid.
- isSetLiteral := false
- if t, ok := expr.Terms.(*Term); ok {
- _, isSetLiteral = t.Value.(Set)
- }
- // expr.Term is []*Term or Every
- if !isSetLiteral {
- rule.Body.Append(expr)
- break
- }
- }
-
- // parsing as literal didn't work out, expect '{ BODY }'
- p.restore(s)
- fallthrough
-
- case p.s.tok == tokens.LBrace:
- p.scan()
- if rule.Body = p.parseBody(tokens.RBrace); rule.Body == nil {
- return nil
- }
- p.scan()
-
- case usesContains:
- rule.Body = NewBody(NewExpr(BooleanTerm(true).SetLocation(rule.Location)).SetLocation(rule.Location))
- rule.generatedBody = true
- rule.Location = rule.Head.Location
-
- return []*Rule{&rule}
-
- default:
- return nil
- }
-
- if p.s.tok == tokens.Else {
- if r := rule.Head.Ref(); len(r) > 1 && !r.IsGround() {
- p.error(p.s.Loc(), "else keyword cannot be used on rules with variables in head")
- return nil
- }
- if rule.Head.Key != nil {
- p.error(p.s.Loc(), "else keyword cannot be used on multi-value rules")
- return nil
- }
-
- if rule.Else = p.parseElse(rule.Head); rule.Else == nil {
- return nil
- }
- }
-
- rule.Location.Text = p.s.Text(rule.Location.Offset, p.s.lastEnd)
-
- rules := []*Rule{&rule}
-
- for p.s.tok == tokens.LBrace {
-
- if rule.Else != nil {
- p.error(p.s.Loc(), "expected else keyword")
- return nil
- }
-
- loc := p.s.Loc()
-
- p.scan()
- var next Rule
-
- if next.Body = p.parseBody(tokens.RBrace); next.Body == nil {
- return nil
- }
- p.scan()
-
- loc.Text = p.s.Text(loc.Offset, p.s.lastEnd)
- next.SetLoc(loc)
-
- // Chained rule head's keep the original
- // rule's head AST but have their location
- // set to the rule body.
- next.Head = rule.Head.Copy()
- next.Head.keywords = rule.Head.keywords
- for i := range next.Head.Args {
- if v, ok := next.Head.Args[i].Value.(Var); ok && v.IsWildcard() {
- next.Head.Args[i].Value = Var(p.genwildcard())
- }
- }
- setLocRecursive(next.Head, loc)
-
- rules = append(rules, &next)
- }
-
- return rules
-}
-
-func (p *Parser) parseElse(head *Head) *Rule {
-
- var rule Rule
- rule.SetLoc(p.s.Loc())
-
- rule.Head = head.Copy()
- rule.Head.generatedValue = false
- for i := range rule.Head.Args {
- if v, ok := rule.Head.Args[i].Value.(Var); ok && v.IsWildcard() {
- rule.Head.Args[i].Value = Var(p.genwildcard())
- }
- }
- rule.Head.SetLoc(p.s.Loc())
-
- defer func() {
- rule.Location.Text = p.s.Text(rule.Location.Offset, p.s.lastEnd)
- }()
-
- p.scan()
-
- switch p.s.tok {
- case tokens.LBrace, tokens.If: // no value, but a body follows directly
- rule.Head.generatedValue = true
- rule.Head.Value = BooleanTerm(true)
- case tokens.Assign, tokens.Unify:
- rule.Head.Assign = tokens.Assign == p.s.tok
- p.scan()
- rule.Head.Value = p.parseTermInfixCall()
- if rule.Head.Value == nil {
- return nil
- }
- rule.Head.Location.Text = p.s.Text(rule.Head.Location.Offset, p.s.lastEnd)
- default:
- p.illegal("expected else value term or rule body")
- return nil
- }
-
- hasIf := p.s.tok == tokens.If
- hasLBrace := p.s.tok == tokens.LBrace
-
- if !hasIf && !hasLBrace {
- rule.Body = NewBody(NewExpr(BooleanTerm(true)))
- rule.generatedBody = true
- setLocRecursive(rule.Body, rule.Location)
- return &rule
- }
-
- if hasIf {
- rule.Head.keywords = append(rule.Head.keywords, tokens.If)
- p.scan()
- }
-
- if p.s.tok == tokens.LBrace {
- p.scan()
- if rule.Body = p.parseBody(tokens.RBrace); rule.Body == nil {
- return nil
- }
- p.scan()
- } else if p.s.tok != tokens.EOF {
- expr := p.parseLiteral()
- if expr == nil {
- return nil
- }
- rule.Body.Append(expr)
- setLocRecursive(rule.Body, rule.Location)
- } else {
- p.illegal("rule body expected")
- return nil
- }
-
- if p.s.tok == tokens.Else {
- if rule.Else = p.parseElse(head); rule.Else == nil {
- return nil
- }
- }
- return &rule
-}
-
-func (p *Parser) parseHead(defaultRule bool) (*Head, bool) {
- head := &Head{}
- loc := p.s.Loc()
- defer func() {
- if head != nil {
- head.SetLoc(loc)
- head.Location.Text = p.s.Text(head.Location.Offset, p.s.lastEnd)
- }
- }()
-
- term := p.parseVar()
- if term == nil {
- return nil, false
- }
-
- ref := p.parseTermFinish(term, true)
- if ref == nil {
- p.illegal("expected rule head name")
- return nil, false
- }
-
- switch x := ref.Value.(type) {
- case Var:
- // Modify the code to add the location to the head ref
- // and set the head ref's jsonOptions.
- head = VarHead(x, ref.Location, p.po.JSONOptions)
- case Ref:
- head = RefHead(x)
- case Call:
- op, args := x[0], x[1:]
- var ref Ref
- switch y := op.Value.(type) {
- case Var:
- ref = Ref{op}
- case Ref:
- if _, ok := y[0].Value.(Var); !ok {
- p.illegal("rule head ref %v invalid", y)
- return nil, false
- }
- ref = y
- }
- head = RefHead(ref)
- head.Args = append([]*Term{}, args...)
-
- default:
- return nil, false
- }
-
- name := head.Ref().String()
-
- switch p.s.tok {
- case tokens.Contains: // NOTE: no Value for `contains` heads, we return here
- // Catch error case of using 'contains' with a function definition rule head.
- if head.Args != nil {
- p.illegal("the contains keyword can only be used with multi-value rule definitions (e.g., %s contains { ... })", name)
- }
- p.scan()
- head.Key = p.parseTermInfixCall()
- if head.Key == nil {
- p.illegal("expected rule key term (e.g., %s contains { ... })", name)
- }
- return head, true
-
- case tokens.Unify:
- p.scan()
- head.Value = p.parseTermInfixCall()
- if head.Value == nil {
- // FIX HEAD.String()
- p.illegal("expected rule value term (e.g., %s[%s] = { ... })", name, head.Key)
- }
- case tokens.Assign:
- p.scan()
- head.Assign = true
- head.Value = p.parseTermInfixCall()
- if head.Value == nil {
- switch {
- case len(head.Args) > 0:
- p.illegal("expected function value term (e.g., %s(...) := { ... })", name)
- case head.Key != nil:
- p.illegal("expected partial rule value term (e.g., %s[...] := { ... })", name)
- case defaultRule:
- p.illegal("expected default rule value term (e.g., default %s := )", name)
- default:
- p.illegal("expected rule value term (e.g., %s := { ... })", name)
- }
- }
- }
-
- if head.Value == nil && head.Key == nil {
- if len(head.Ref()) != 2 || len(head.Args) > 0 {
- head.generatedValue = true
- head.Value = BooleanTerm(true).SetLocation(head.Location)
- }
- }
- return head, false
-}
-
-func (p *Parser) parseBody(end tokens.Token) Body {
- return p.parseQuery(false, end)
-}
-
-func (p *Parser) parseQuery(requireSemi bool, end tokens.Token) Body {
- body := Body{}
-
- if p.s.tok == end {
- p.error(p.s.Loc(), "found empty body")
- return nil
- }
-
- for {
- expr := p.parseLiteral()
- if expr == nil {
- return nil
- }
-
- body.Append(expr)
-
- if p.s.tok == tokens.Semicolon {
- p.scan()
- continue
- }
-
- if p.s.tok == end || requireSemi {
- return body
- }
-
- if !p.s.skippedNL {
- // If there was already an error then don't pile this one on
- if len(p.s.errors) == 0 {
- p.illegal(`expected \n or %s or %s`, tokens.Semicolon, end)
- }
- return nil
- }
- }
-}
-
-func (p *Parser) parseLiteral() (expr *Expr) {
-
- offset := p.s.loc.Offset
- loc := p.s.Loc()
-
- defer func() {
- if expr != nil {
- loc.Text = p.s.Text(offset, p.s.lastEnd)
- expr.SetLoc(loc)
- }
- }()
-
- var negated bool
- if p.s.tok == tokens.Not {
- p.scan()
- negated = true
- }
-
- switch p.s.tok {
- case tokens.Some:
- if negated {
- p.illegal("illegal negation of 'some'")
- return nil
- }
- return p.parseSome()
- case tokens.Every:
- if negated {
- p.illegal("illegal negation of 'every'")
- return nil
- }
- return p.parseEvery()
- default:
- s := p.save()
- expr := p.parseExpr()
- if expr != nil {
- expr.Negated = negated
- if p.s.tok == tokens.With {
- if expr.With = p.parseWith(); expr.With == nil {
- return nil
- }
- }
- // If we find a plain `every` identifier, attempt to parse an every expression,
- // add hint if it succeeds.
- if term, ok := expr.Terms.(*Term); ok && Var("every").Equal(term.Value) {
- var hint bool
- t := p.save()
- p.restore(s)
- if expr := p.futureParser().parseEvery(); expr != nil {
- _, hint = expr.Terms.(*Every)
- }
- p.restore(t)
- if hint {
- p.hint("`import future.keywords.every` for `every x in xs { ... }` expressions")
- }
- }
- return expr
- }
- return nil
- }
-}
-
-func (p *Parser) parseWith() []*With {
-
- withs := []*With{}
-
- for {
-
- with := With{
- Location: p.s.Loc(),
- }
- p.scan()
-
- if p.s.tok != tokens.Ident {
- p.illegal("expected ident")
- return nil
- }
-
- with.Target = p.parseTerm()
- if with.Target == nil {
- return nil
- }
-
- switch with.Target.Value.(type) {
- case Ref, Var:
- break
- default:
- p.illegal("expected with target path")
- }
-
- if p.s.tok != tokens.As {
- p.illegal("expected as keyword")
- return nil
- }
-
- p.scan()
-
- if with.Value = p.parseTermInfixCall(); with.Value == nil {
- return nil
- }
-
- with.Location.Text = p.s.Text(with.Location.Offset, p.s.lastEnd)
-
- withs = append(withs, &with)
-
- if p.s.tok != tokens.With {
- break
- }
- }
-
- return withs
-}
-
-func (p *Parser) parseSome() *Expr {
-
- decl := &SomeDecl{}
- decl.SetLoc(p.s.Loc())
-
- // Attempt to parse "some x in xs", which will end up in
- // SomeDecl{Symbols: ["member(x, xs)"]}
- s := p.save()
- p.scan()
- if term := p.parseTermInfixCall(); term != nil {
- if call, ok := term.Value.(Call); ok {
- switch call[0].String() {
- case Member.Name:
- if len(call) != 3 {
- p.illegal("illegal domain")
- return nil
- }
- case MemberWithKey.Name:
- if len(call) != 4 {
- p.illegal("illegal domain")
- return nil
- }
- default:
- p.illegal("expected `x in xs` or `x, y in xs` expression")
- return nil
- }
-
- decl.Symbols = []*Term{term}
- expr := NewExpr(decl).SetLocation(decl.Location)
- if p.s.tok == tokens.With {
- if expr.With = p.parseWith(); expr.With == nil {
- return nil
- }
- }
- return expr
- }
- }
-
- p.restore(s)
- s = p.save() // new copy for later
- var hint bool
- p.scan()
- if term := p.futureParser().parseTermInfixCall(); term != nil {
- if call, ok := term.Value.(Call); ok {
- switch call[0].String() {
- case Member.Name, MemberWithKey.Name:
- hint = true
- }
- }
- }
-
- // go on as before, it's `some x[...]` or illegal
- p.restore(s)
- if hint {
- p.hint("`import future.keywords.in` for `some x in xs` expressions")
- }
-
- for { // collecting var args
-
- p.scan()
-
- if p.s.tok != tokens.Ident {
- p.illegal("expected var")
- return nil
- }
-
- decl.Symbols = append(decl.Symbols, p.parseVar())
-
- p.scan()
-
- if p.s.tok != tokens.Comma {
- break
- }
- }
-
- return NewExpr(decl).SetLocation(decl.Location)
-}
-
-func (p *Parser) parseEvery() *Expr {
- qb := &Every{}
- qb.SetLoc(p.s.Loc())
-
- // TODO(sr): We'd get more accurate error messages if we didn't rely on
- // parseTermInfixCall here, but parsed "var [, var] in term" manually.
- p.scan()
- term := p.parseTermInfixCall()
- if term == nil {
- return nil
- }
- call, ok := term.Value.(Call)
- if !ok {
- p.illegal("expected `x[, y] in xs { ... }` expression")
- return nil
- }
- switch call[0].String() {
- case Member.Name: // x in xs
- if len(call) != 3 {
- p.illegal("illegal domain")
- return nil
- }
- qb.Value = call[1]
- qb.Domain = call[2]
- case MemberWithKey.Name: // k, v in xs
- if len(call) != 4 {
- p.illegal("illegal domain")
- return nil
- }
- qb.Key = call[1]
- qb.Value = call[2]
- qb.Domain = call[3]
- if _, ok := qb.Key.Value.(Var); !ok {
- p.illegal("expected key to be a variable")
- return nil
- }
- default:
- p.illegal("expected `x[, y] in xs { ... }` expression")
- return nil
- }
- if _, ok := qb.Value.Value.(Var); !ok {
- p.illegal("expected value to be a variable")
- return nil
- }
- if p.s.tok == tokens.LBrace { // every x in xs { ... }
- p.scan()
- body := p.parseBody(tokens.RBrace)
- if body == nil {
- return nil
- }
- p.scan()
- qb.Body = body
- expr := NewExpr(qb).SetLocation(qb.Location)
-
- if p.s.tok == tokens.With {
- if expr.With = p.parseWith(); expr.With == nil {
- return nil
- }
- }
- return expr
- }
-
- p.illegal("missing body")
- return nil
-}
-
-func (p *Parser) parseExpr() *Expr {
-
- lhs := p.parseTermInfixCall()
- if lhs == nil {
- return nil
- }
-
- if op := p.parseTermOp(tokens.Assign, tokens.Unify); op != nil {
- if rhs := p.parseTermInfixCall(); rhs != nil {
- return NewExpr([]*Term{op, lhs, rhs})
- }
- return nil
- }
-
- // NOTE(tsandall): the top-level call term is converted to an expr because
- // the evaluator does not support the call term type (nested calls are
- // rewritten by the compiler.)
- if call, ok := lhs.Value.(Call); ok {
- return NewExpr([]*Term(call))
- }
-
- return NewExpr(lhs)
-}
-
-// parseTermInfixCall consumes the next term from the input and returns it. If a
-// term cannot be parsed the return value is nil and error will be recorded. The
-// scanner will be advanced to the next token before returning.
-// By starting out with infix relations (==, !=, <, etc) and further calling the
-// other binary operators (|, &, arithmetics), it constitutes the binding
-// precedence.
-func (p *Parser) parseTermInfixCall() *Term {
- return p.parseTermIn(nil, true, p.s.loc.Offset)
-}
-
-func (p *Parser) parseTermInfixCallInList() *Term {
- return p.parseTermIn(nil, false, p.s.loc.Offset)
-}
-
-func (p *Parser) parseTermIn(lhs *Term, keyVal bool, offset int) *Term {
- // NOTE(sr): `in` is a bit special: besides `lhs in rhs`, it also
- // supports `key, val in rhs`, so it can have an optional second lhs.
- // `keyVal` triggers if we attempt to parse a second lhs argument (`mhs`).
- if lhs == nil {
- lhs = p.parseTermRelation(nil, offset)
- }
- if lhs != nil {
- if keyVal && p.s.tok == tokens.Comma { // second "lhs", or "middle hand side"
- s := p.save()
- p.scan()
- if mhs := p.parseTermRelation(nil, offset); mhs != nil {
- if op := p.parseTermOpName(MemberWithKey.Ref(), tokens.In); op != nil {
- if rhs := p.parseTermRelation(nil, p.s.loc.Offset); rhs != nil {
- call := p.setLoc(CallTerm(op, lhs, mhs, rhs), lhs.Location, offset, p.s.lastEnd)
- switch p.s.tok {
- case tokens.In:
- return p.parseTermIn(call, keyVal, offset)
- default:
- return call
- }
- }
- }
- }
- p.restore(s)
- }
- if op := p.parseTermOpName(Member.Ref(), tokens.In); op != nil {
- if rhs := p.parseTermRelation(nil, p.s.loc.Offset); rhs != nil {
- call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
- switch p.s.tok {
- case tokens.In:
- return p.parseTermIn(call, keyVal, offset)
- default:
- return call
- }
- }
- }
- }
- return lhs
-}
-
-func (p *Parser) parseTermRelation(lhs *Term, offset int) *Term {
- if lhs == nil {
- lhs = p.parseTermOr(nil, offset)
- }
- if lhs != nil {
- if op := p.parseTermOp(tokens.Equal, tokens.Neq, tokens.Lt, tokens.Gt, tokens.Lte, tokens.Gte); op != nil {
- if rhs := p.parseTermOr(nil, p.s.loc.Offset); rhs != nil {
- call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
- switch p.s.tok {
- case tokens.Equal, tokens.Neq, tokens.Lt, tokens.Gt, tokens.Lte, tokens.Gte:
- return p.parseTermRelation(call, offset)
- default:
- return call
- }
- }
- }
- }
- return lhs
-}
-
-func (p *Parser) parseTermOr(lhs *Term, offset int) *Term {
- if lhs == nil {
- lhs = p.parseTermAnd(nil, offset)
- }
- if lhs != nil {
- if op := p.parseTermOp(tokens.Or); op != nil {
- if rhs := p.parseTermAnd(nil, p.s.loc.Offset); rhs != nil {
- call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
- switch p.s.tok {
- case tokens.Or:
- return p.parseTermOr(call, offset)
- default:
- return call
- }
- }
- }
- return lhs
- }
- return nil
-}
-
-func (p *Parser) parseTermAnd(lhs *Term, offset int) *Term {
- if lhs == nil {
- lhs = p.parseTermArith(nil, offset)
- }
- if lhs != nil {
- if op := p.parseTermOp(tokens.And); op != nil {
- if rhs := p.parseTermArith(nil, p.s.loc.Offset); rhs != nil {
- call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
- switch p.s.tok {
- case tokens.And:
- return p.parseTermAnd(call, offset)
- default:
- return call
- }
- }
- }
- return lhs
- }
- return nil
-}
-
-func (p *Parser) parseTermArith(lhs *Term, offset int) *Term {
- if lhs == nil {
- lhs = p.parseTermFactor(nil, offset)
- }
- if lhs != nil {
- if op := p.parseTermOp(tokens.Add, tokens.Sub); op != nil {
- if rhs := p.parseTermFactor(nil, p.s.loc.Offset); rhs != nil {
- call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
- switch p.s.tok {
- case tokens.Add, tokens.Sub:
- return p.parseTermArith(call, offset)
- default:
- return call
- }
- }
- }
- }
- return lhs
-}
-
-func (p *Parser) parseTermFactor(lhs *Term, offset int) *Term {
- if lhs == nil {
- lhs = p.parseTerm()
- }
- if lhs != nil {
- if op := p.parseTermOp(tokens.Mul, tokens.Quo, tokens.Rem); op != nil {
- if rhs := p.parseTerm(); rhs != nil {
- call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
- switch p.s.tok {
- case tokens.Mul, tokens.Quo, tokens.Rem:
- return p.parseTermFactor(call, offset)
- default:
- return call
- }
- }
- }
- }
- return lhs
-}
-
-func (p *Parser) parseTerm() *Term {
- if term, s := p.parsedTermCacheLookup(); s != nil {
- p.restore(s)
- return term
- }
- s0 := p.save()
-
- var term *Term
- switch p.s.tok {
- case tokens.Null:
- term = NullTerm().SetLocation(p.s.Loc())
- case tokens.True:
- term = BooleanTerm(true).SetLocation(p.s.Loc())
- case tokens.False:
- term = BooleanTerm(false).SetLocation(p.s.Loc())
- case tokens.Sub, tokens.Dot, tokens.Number:
- term = p.parseNumber()
- case tokens.String:
- term = p.parseString()
- case tokens.Ident, tokens.Contains: // NOTE(sr): contains anywhere BUT in rule heads gets no special treatment
- term = p.parseVar()
- case tokens.LBrack:
- term = p.parseArray()
- case tokens.LBrace:
- term = p.parseSetOrObject()
- case tokens.LParen:
- offset := p.s.loc.Offset
- p.scan()
- if r := p.parseTermInfixCall(); r != nil {
- if p.s.tok == tokens.RParen {
- r.Location.Text = p.s.Text(offset, p.s.tokEnd)
- term = r
- } else {
- p.error(p.s.Loc(), "non-terminated expression")
- }
- }
- default:
- p.illegalToken()
- }
-
- term = p.parseTermFinish(term, false)
- p.parsedTermCachePush(term, s0)
- return term
-}
-
-func (p *Parser) parseTermFinish(head *Term, skipws bool) *Term {
- if head == nil {
- return nil
- }
- offset := p.s.loc.Offset
- p.doScan(skipws)
-
- switch p.s.tok {
- case tokens.LParen, tokens.Dot, tokens.LBrack:
- return p.parseRef(head, offset)
- case tokens.Whitespace:
- p.scan()
- fallthrough
- default:
- if _, ok := head.Value.(Var); ok && RootDocumentNames.Contains(head) {
- return RefTerm(head).SetLocation(head.Location)
- }
- return head
- }
-}
-
-func (p *Parser) parseNumber() *Term {
- var prefix string
- loc := p.s.Loc()
- if p.s.tok == tokens.Sub {
- prefix = "-"
- p.scan()
- switch p.s.tok {
- case tokens.Number, tokens.Dot:
- break
- default:
- p.illegal("expected number")
- return nil
- }
- }
- if p.s.tok == tokens.Dot {
- prefix += "."
- p.scan()
- if p.s.tok != tokens.Number {
- p.illegal("expected number")
- return nil
- }
- }
-
- // Check for multiple leading 0's, parsed by math/big.Float.Parse as decimal 0:
- // https://golang.org/pkg/math/big/#Float.Parse
- if ((len(prefix) != 0 && prefix[0] == '-') || len(prefix) == 0) &&
- len(p.s.lit) > 1 && p.s.lit[0] == '0' && p.s.lit[1] == '0' {
- p.illegal("expected number")
- return nil
- }
-
- // Ensure that the number is valid
- s := prefix + p.s.lit
- f, ok := new(big.Float).SetString(s)
- if !ok {
- p.illegal("invalid float")
- return nil
- }
-
- // Put limit on size of exponent to prevent non-linear cost of String()
- // function on big.Float from causing denial of service: https://github.com/golang/go/issues/11068
- //
- // n == sign * mantissa * 2^exp
- // 0.5 <= mantissa < 1.0
- //
- // The limit is arbitrary.
- exp := f.MantExp(nil)
- if exp > 1e5 || exp < -1e5 || f.IsInf() { // +/- inf, exp is 0
- p.error(p.s.Loc(), "number too big")
- return nil
- }
-
- // Note: Use the original string, do *not* round trip from
- // the big.Float as it can cause precision loss.
- r := NumberTerm(json.Number(s)).SetLocation(loc)
- return r
-}
-
-func (p *Parser) parseString() *Term {
- if p.s.lit[0] == '"' {
- var s string
- err := json.Unmarshal([]byte(p.s.lit), &s)
- if err != nil {
- p.errorf(p.s.Loc(), "illegal string literal: %s", p.s.lit)
- return nil
- }
- term := StringTerm(s).SetLocation(p.s.Loc())
- return term
- }
- return p.parseRawString()
-}
-
-func (p *Parser) parseRawString() *Term {
- if len(p.s.lit) < 2 {
- return nil
- }
- term := StringTerm(p.s.lit[1 : len(p.s.lit)-1]).SetLocation(p.s.Loc())
- return term
-}
-
-// this is the name to use for instantiating an empty set, e.g., `set()`.
-var setConstructor = RefTerm(VarTerm("set"))
-
-func (p *Parser) parseCall(operator *Term, offset int) (term *Term) {
-
- loc := operator.Location
- var end int
-
- defer func() {
- p.setLoc(term, loc, offset, end)
- }()
-
- p.scan() // steps over '('
-
- if p.s.tok == tokens.RParen { // no args, i.e. set() or any.func()
- end = p.s.tokEnd
- p.scanWS()
- if operator.Equal(setConstructor) {
- return SetTerm()
- }
- return CallTerm(operator)
- }
-
- if r := p.parseTermList(tokens.RParen, []*Term{operator}); r != nil {
- end = p.s.tokEnd
- p.scanWS()
- return CallTerm(r...)
- }
-
- return nil
-}
-
-func (p *Parser) parseRef(head *Term, offset int) (term *Term) {
-
- loc := head.Location
- var end int
-
- defer func() {
- p.setLoc(term, loc, offset, end)
- }()
-
- switch h := head.Value.(type) {
- case Var, *Array, Object, Set, *ArrayComprehension, *ObjectComprehension, *SetComprehension, Call:
- // ok
- default:
- p.errorf(loc, "illegal ref (head cannot be %v)", TypeName(h))
- }
-
- ref := []*Term{head}
-
- for {
- switch p.s.tok {
- case tokens.Dot:
- p.scanWS()
- if p.s.tok != tokens.Ident {
- p.illegal("expected %v", tokens.Ident)
- return nil
- }
- ref = append(ref, StringTerm(p.s.lit).SetLocation(p.s.Loc()))
- p.scanWS()
- case tokens.LParen:
- term = p.parseCall(p.setLoc(RefTerm(ref...), loc, offset, p.s.loc.Offset), offset)
- if term != nil {
- switch p.s.tok {
- case tokens.Whitespace:
- p.scan()
- end = p.s.lastEnd
- return term
- case tokens.Dot, tokens.LBrack:
- term = p.parseRef(term, offset)
- }
- }
- end = p.s.tokEnd
- return term
- case tokens.LBrack:
- p.scan()
- if term := p.parseTermInfixCall(); term != nil {
- if p.s.tok != tokens.RBrack {
- p.illegal("expected %v", tokens.LBrack)
- return nil
- }
- ref = append(ref, term)
- p.scanWS()
- } else {
- return nil
- }
- case tokens.Whitespace:
- end = p.s.lastEnd
- p.scan()
- return RefTerm(ref...)
- default:
- end = p.s.lastEnd
- return RefTerm(ref...)
- }
- }
-}
-
-func (p *Parser) parseArray() (term *Term) {
-
- loc := p.s.Loc()
- offset := p.s.loc.Offset
-
- defer func() {
- p.setLoc(term, loc, offset, p.s.tokEnd)
- }()
-
- p.scan()
-
- if p.s.tok == tokens.RBrack {
- return ArrayTerm()
- }
-
- potentialComprehension := true
-
- // Skip leading commas, eg [, x, y]
- // Supported for backwards compatibility. In the future
- // we should make this a parse error.
- if p.s.tok == tokens.Comma {
- potentialComprehension = false
- p.scan()
- }
-
- s := p.save()
-
- // NOTE(tsandall): The parser cannot attempt a relational term here because
- // of ambiguity around comprehensions. For example, given:
- //
- // {1 | 1}
- //
- // Does this represent a set comprehension or a set containing binary OR
- // call? We resolve the ambiguity by prioritizing comprehensions.
- head := p.parseTerm()
-
- if head == nil {
- return nil
- }
-
- switch p.s.tok {
- case tokens.RBrack:
- return ArrayTerm(head)
- case tokens.Comma:
- p.scan()
- if terms := p.parseTermList(tokens.RBrack, []*Term{head}); terms != nil {
- return NewTerm(NewArray(terms...))
- }
- return nil
- case tokens.Or:
- if potentialComprehension {
- // Try to parse as if it is an array comprehension
- p.scan()
- if body := p.parseBody(tokens.RBrack); body != nil {
- return ArrayComprehensionTerm(head, body)
- }
- if p.s.tok != tokens.Comma {
- return nil
- }
- }
- // fall back to parsing as a normal array definition
- }
-
- p.restore(s)
-
- if terms := p.parseTermList(tokens.RBrack, nil); terms != nil {
- return NewTerm(NewArray(terms...))
- }
- return nil
-}
-
-func (p *Parser) parseSetOrObject() (term *Term) {
- loc := p.s.Loc()
- offset := p.s.loc.Offset
-
- defer func() {
- p.setLoc(term, loc, offset, p.s.tokEnd)
- }()
-
- p.scan()
-
- if p.s.tok == tokens.RBrace {
- return ObjectTerm()
- }
-
- potentialComprehension := true
-
- // Skip leading commas, eg {, x, y}
- // Supported for backwards compatibility. In the future
- // we should make this a parse error.
- if p.s.tok == tokens.Comma {
- potentialComprehension = false
- p.scan()
- }
-
- s := p.save()
-
- // Try parsing just a single term first to give comprehensions higher
- // priority to "or" calls in ambiguous situations. Eg: { a | b }
- // will be a set comprehension.
- //
- // Note: We don't know yet if it is a set or object being defined.
- head := p.parseTerm()
- if head == nil {
- return nil
- }
-
- switch p.s.tok {
- case tokens.Or:
- if potentialComprehension {
- return p.parseSet(s, head, potentialComprehension)
- }
- case tokens.RBrace, tokens.Comma:
- return p.parseSet(s, head, potentialComprehension)
- case tokens.Colon:
- return p.parseObject(head, potentialComprehension)
- }
-
- p.restore(s)
-
- head = p.parseTermInfixCallInList()
- if head == nil {
- return nil
- }
-
- switch p.s.tok {
- case tokens.RBrace, tokens.Comma:
- return p.parseSet(s, head, false)
- case tokens.Colon:
- // It still might be an object comprehension, eg { a+1: b | ... }
- return p.parseObject(head, potentialComprehension)
- }
-
- p.illegal("non-terminated set")
- return nil
-}
-
-func (p *Parser) parseSet(s *state, head *Term, potentialComprehension bool) *Term {
- switch p.s.tok {
- case tokens.RBrace:
- return SetTerm(head)
- case tokens.Comma:
- p.scan()
- if terms := p.parseTermList(tokens.RBrace, []*Term{head}); terms != nil {
- return SetTerm(terms...)
- }
- case tokens.Or:
- if potentialComprehension {
- // Try to parse as if it is a set comprehension
- p.scan()
- if body := p.parseBody(tokens.RBrace); body != nil {
- return SetComprehensionTerm(head, body)
- }
- if p.s.tok != tokens.Comma {
- return nil
- }
- }
- // Fall back to parsing as normal set definition
- p.restore(s)
- if terms := p.parseTermList(tokens.RBrace, nil); terms != nil {
- return SetTerm(terms...)
- }
- }
- return nil
-}
-
-func (p *Parser) parseObject(k *Term, potentialComprehension bool) *Term {
- // NOTE(tsandall): Assumption: this function is called after parsing the key
- // of the head element and then receiving a colon token from the scanner.
- // Advance beyond the colon and attempt to parse an object.
- if p.s.tok != tokens.Colon {
- panic("expected colon")
- }
- p.scan()
-
- s := p.save()
-
- // NOTE(sr): We first try to parse the value as a term (`v`), and see
- // if we can parse `{ x: v | ...}` as a comprehension.
- // However, if we encounter either a Comma or an RBace, it cannot be
- // parsed as a comprehension -- so we save double work further down
- // where `parseObjectFinish(k, v, false)` would only exercise the
- // same code paths once more.
- v := p.parseTerm()
- if v == nil {
- return nil
- }
-
- potentialRelation := true
- if potentialComprehension {
- switch p.s.tok {
- case tokens.RBrace, tokens.Comma:
- potentialRelation = false
- fallthrough
- case tokens.Or:
- if term := p.parseObjectFinish(k, v, true); term != nil {
- return term
- }
- }
- }
-
- p.restore(s)
-
- if potentialRelation {
- v := p.parseTermInfixCallInList()
- if v == nil {
- return nil
- }
-
- switch p.s.tok {
- case tokens.RBrace, tokens.Comma:
- return p.parseObjectFinish(k, v, false)
- }
- }
-
- p.illegal("non-terminated object")
- return nil
-}
-
-func (p *Parser) parseObjectFinish(key, val *Term, potentialComprehension bool) *Term {
- switch p.s.tok {
- case tokens.RBrace:
- return ObjectTerm([2]*Term{key, val})
- case tokens.Or:
- if potentialComprehension {
- p.scan()
- if body := p.parseBody(tokens.RBrace); body != nil {
- return ObjectComprehensionTerm(key, val, body)
- }
- } else {
- p.illegal("non-terminated object")
- }
- case tokens.Comma:
- p.scan()
- if r := p.parseTermPairList(tokens.RBrace, [][2]*Term{{key, val}}); r != nil {
- return ObjectTerm(r...)
- }
- }
- return nil
-}
-
-func (p *Parser) parseTermList(end tokens.Token, r []*Term) []*Term {
- if p.s.tok == end {
- return r
- }
- for {
- term := p.parseTermInfixCallInList()
- if term != nil {
- r = append(r, term)
- switch p.s.tok {
- case end:
- return r
- case tokens.Comma:
- p.scan()
- if p.s.tok == end {
- return r
- }
- continue
- default:
- p.illegal(fmt.Sprintf("expected %q or %q", tokens.Comma, end))
- return nil
- }
- }
- return nil
- }
-}
-
-func (p *Parser) parseTermPairList(end tokens.Token, r [][2]*Term) [][2]*Term {
- if p.s.tok == end {
- return r
- }
- for {
- key := p.parseTermInfixCallInList()
- if key != nil {
- switch p.s.tok {
- case tokens.Colon:
- p.scan()
- if val := p.parseTermInfixCallInList(); val != nil {
- r = append(r, [2]*Term{key, val})
- switch p.s.tok {
- case end:
- return r
- case tokens.Comma:
- p.scan()
- if p.s.tok == end {
- return r
- }
- continue
- default:
- p.illegal(fmt.Sprintf("expected %q or %q", tokens.Comma, end))
- return nil
- }
- }
- default:
- p.illegal(fmt.Sprintf("expected %q", tokens.Colon))
- return nil
- }
- }
- return nil
- }
-}
-
-func (p *Parser) parseTermOp(values ...tokens.Token) *Term {
- for i := range values {
- if p.s.tok == values[i] {
- r := RefTerm(VarTerm(fmt.Sprint(p.s.tok)).SetLocation(p.s.Loc())).SetLocation(p.s.Loc())
- p.scan()
- return r
- }
- }
- return nil
-}
-
-func (p *Parser) parseTermOpName(ref Ref, values ...tokens.Token) *Term {
- for i := range values {
- if p.s.tok == values[i] {
- for _, r := range ref {
- r.SetLocation(p.s.Loc())
- }
- t := RefTerm(ref...)
- t.SetLocation(p.s.Loc())
- p.scan()
- return t
- }
- }
- return nil
-}
-
-func (p *Parser) parseVar() *Term {
-
- s := p.s.lit
-
- term := VarTerm(s).SetLocation(p.s.Loc())
-
- // Update wildcard values with unique identifiers
- if term.Equal(Wildcard) {
- term.Value = Var(p.genwildcard())
- }
-
- return term
-}
-
-func (p *Parser) genwildcard() string {
- c := p.s.wildcard
- p.s.wildcard++
- return fmt.Sprintf("%v%d", WildcardPrefix, c)
-}
-
-func (p *Parser) error(loc *location.Location, reason string) {
- p.errorf(loc, reason)
-}
-
-func (p *Parser) errorf(loc *location.Location, f string, a ...interface{}) {
- msg := strings.Builder{}
- msg.WriteString(fmt.Sprintf(f, a...))
-
- switch len(p.s.hints) {
- case 0: // nothing to do
- case 1:
- msg.WriteString(" (hint: ")
- msg.WriteString(p.s.hints[0])
- msg.WriteRune(')')
- default:
- msg.WriteString(" (hints: ")
- for i, h := range p.s.hints {
- if i > 0 {
- msg.WriteString(", ")
- }
- msg.WriteString(h)
- }
- msg.WriteRune(')')
- }
-
- p.s.errors = append(p.s.errors, &Error{
- Code: ParseErr,
- Message: msg.String(),
- Location: loc,
- Details: newParserErrorDetail(p.s.s.Bytes(), loc.Offset),
- })
- p.s.hints = nil
-}
-
-func (p *Parser) hint(f string, a ...interface{}) {
- p.s.hints = append(p.s.hints, fmt.Sprintf(f, a...))
-}
-
-func (p *Parser) illegal(note string, a ...interface{}) {
- tok := p.s.tok.String()
-
- if p.s.tok == tokens.Illegal {
- p.errorf(p.s.Loc(), "illegal token")
- return
- }
-
- tokType := "token"
- if tokens.IsKeyword(p.s.tok) {
- tokType = "keyword"
- }
- if _, ok := futureKeywords[p.s.tok.String()]; ok {
- tokType = "keyword"
- }
-
- note = fmt.Sprintf(note, a...)
- if len(note) > 0 {
- p.errorf(p.s.Loc(), "unexpected %s %s: %s", tok, tokType, note)
- } else {
- p.errorf(p.s.Loc(), "unexpected %s %s", tok, tokType)
- }
-}
-
-func (p *Parser) illegalToken() {
- p.illegal("")
-}
-
-func (p *Parser) scan() {
- p.doScan(true)
-}
-
-func (p *Parser) scanWS() {
- p.doScan(false)
-}
-
-func (p *Parser) doScan(skipws bool) {
-
- // NOTE(tsandall): the last position is used to compute the "text" field for
- // complex AST nodes. Whitespace never affects the last position of an AST
- // node so do not update it when scanning.
- if p.s.tok != tokens.Whitespace {
- p.s.lastEnd = p.s.tokEnd
- p.s.skippedNL = false
- }
-
- var errs []scanner.Error
- for {
- var pos scanner.Position
- p.s.tok, pos, p.s.lit, errs = p.s.s.Scan()
-
- p.s.tokEnd = pos.End
- p.s.loc.Row = pos.Row
- p.s.loc.Col = pos.Col
- p.s.loc.Offset = pos.Offset
- p.s.loc.Text = p.s.Text(pos.Offset, pos.End)
- p.s.loc.Tabs = pos.Tabs
-
- for _, err := range errs {
- p.error(p.s.Loc(), err.Message)
- }
-
- if len(errs) > 0 {
- p.s.tok = tokens.Illegal
- }
-
- if p.s.tok == tokens.Whitespace {
- if p.s.lit == "\n" {
- p.s.skippedNL = true
- }
- if skipws {
- continue
- }
- }
-
- if p.s.tok != tokens.Comment {
- break
- }
-
- // For backwards compatibility leave a nil
- // Text value if there is no text rather than
- // an empty string.
- var commentText []byte
- if len(p.s.lit) > 1 {
- commentText = []byte(p.s.lit[1:])
- }
- comment := NewComment(commentText)
- comment.SetLoc(p.s.Loc())
- p.s.comments = append(p.s.comments, comment)
- }
-}
-
-func (p *Parser) save() *state {
- cpy := *p.s
- s := *cpy.s
- cpy.s = &s
- return &cpy
-}
-
-func (p *Parser) restore(s *state) {
- p.s = s
-}
-
-func setLocRecursive(x interface{}, loc *location.Location) {
- NewGenericVisitor(func(x interface{}) bool {
- if node, ok := x.(Node); ok {
- node.SetLoc(loc)
- }
- return false
- }).Walk(x)
-}
-
-func (p *Parser) setLoc(term *Term, loc *location.Location, offset, end int) *Term {
- if term != nil {
- cpy := *loc
- term.Location = &cpy
- term.Location.Text = p.s.Text(offset, end)
- }
- return term
-}
-
-func (p *Parser) validateDefaultRuleValue(rule *Rule) bool {
- if rule.Head.Value == nil {
- p.error(rule.Loc(), "illegal default rule (must have a value)")
- return false
- }
-
- valid := true
- vis := NewGenericVisitor(func(x interface{}) bool {
- switch x.(type) {
- case *ArrayComprehension, *ObjectComprehension, *SetComprehension: // skip closures
- return true
- case Ref, Var, Call:
- p.error(rule.Loc(), fmt.Sprintf("illegal default rule (value cannot contain %v)", TypeName(x)))
- valid = false
- return true
- }
- return false
- })
-
- vis.Walk(rule.Head.Value.Value)
- return valid
-}
-
-func (p *Parser) validateDefaultRuleArgs(rule *Rule) bool {
-
- valid := true
- vars := NewVarSet()
-
- vis := NewGenericVisitor(func(x interface{}) bool {
- switch x := x.(type) {
- case Var:
- if vars.Contains(x) {
- p.error(rule.Loc(), fmt.Sprintf("illegal default rule (arguments cannot be repeated %v)", x))
- valid = false
- return true
- }
- vars.Add(x)
-
- case *Term:
- switch v := x.Value.(type) {
- case Var: // do nothing
- default:
- p.error(rule.Loc(), fmt.Sprintf("illegal default rule (arguments cannot contain %v)", TypeName(v)))
- valid = false
- return true
- }
- }
-
- return false
- })
-
- vis.Walk(rule.Head.Args)
- return valid
-}
-
-// We explicitly use yaml unmarshalling, to accommodate for the '_' in 'related_resources',
-// which isn't handled properly by json for some reason.
-type rawAnnotation struct {
- Scope string `yaml:"scope"`
- Title string `yaml:"title"`
- Entrypoint bool `yaml:"entrypoint"`
- Description string `yaml:"description"`
- Organizations []string `yaml:"organizations"`
- RelatedResources []interface{} `yaml:"related_resources"`
- Authors []interface{} `yaml:"authors"`
- Schemas []map[string]any `yaml:"schemas"`
- Custom map[string]interface{} `yaml:"custom"`
-}
-
-type metadataParser struct {
- buf *bytes.Buffer
- comments []*Comment
- loc *location.Location
-}
-
-func newMetadataParser(loc *Location) *metadataParser {
- return &metadataParser{loc: loc, buf: bytes.NewBuffer(nil)}
-}
-
-func (b *metadataParser) Append(c *Comment) {
- b.buf.Write(bytes.TrimPrefix(c.Text, []byte(" ")))
- b.buf.WriteByte('\n')
- b.comments = append(b.comments, c)
-}
-
-var yamlLineErrRegex = regexp.MustCompile(`^yaml:(?: unmarshal errors:[\n\s]*)? line ([[:digit:]]+):`)
-
-func (b *metadataParser) Parse() (*Annotations, error) {
-
- var raw rawAnnotation
-
- if len(bytes.TrimSpace(b.buf.Bytes())) == 0 {
- return nil, fmt.Errorf("expected METADATA block, found whitespace")
- }
-
- if err := yaml.Unmarshal(b.buf.Bytes(), &raw); err != nil {
- var comment *Comment
- match := yamlLineErrRegex.FindStringSubmatch(err.Error())
- if len(match) == 2 {
- index, err2 := strconv.Atoi(match[1])
- if err2 == nil {
- if index >= len(b.comments) {
- comment = b.comments[len(b.comments)-1]
- } else {
- comment = b.comments[index]
- }
- b.loc = comment.Location
- }
- }
-
- if match == nil && len(b.comments) > 0 {
- b.loc = b.comments[0].Location
- }
-
- return nil, augmentYamlError(err, b.comments)
- }
-
- var result Annotations
- result.comments = b.comments
- result.Scope = raw.Scope
- result.Entrypoint = raw.Entrypoint
- result.Title = raw.Title
- result.Description = raw.Description
- result.Organizations = raw.Organizations
-
- for _, v := range raw.RelatedResources {
- rr, err := parseRelatedResource(v)
- if err != nil {
- return nil, fmt.Errorf("invalid related-resource definition %s: %w", v, err)
- }
- result.RelatedResources = append(result.RelatedResources, rr)
- }
-
- for _, pair := range raw.Schemas {
- k, v := unwrapPair(pair)
-
- var a SchemaAnnotation
- var err error
-
- a.Path, err = ParseRef(k)
- if err != nil {
- return nil, fmt.Errorf("invalid document reference")
- }
-
- switch v := v.(type) {
- case string:
- a.Schema, err = parseSchemaRef(v)
- if err != nil {
- return nil, err
- }
- case map[string]any:
- w, err := convertYAMLMapKeyTypes(v, nil)
- if err != nil {
- return nil, fmt.Errorf("invalid schema definition: %w", err)
- }
- a.Definition = &w
- default:
- return nil, fmt.Errorf("invalid schema declaration for path %q", k)
- }
-
- result.Schemas = append(result.Schemas, &a)
- }
-
- for _, v := range raw.Authors {
- author, err := parseAuthor(v)
- if err != nil {
- return nil, fmt.Errorf("invalid author definition %s: %w", v, err)
- }
- result.Authors = append(result.Authors, author)
- }
-
- result.Custom = make(map[string]interface{})
- for k, v := range raw.Custom {
- val, err := convertYAMLMapKeyTypes(v, nil)
- if err != nil {
- return nil, err
- }
- result.Custom[k] = val
- }
-
- result.Location = b.loc
-
- // recreate original text of entire metadata block for location text attribute
- sb := strings.Builder{}
- sb.WriteString("# METADATA\n")
-
- lines := bytes.Split(b.buf.Bytes(), []byte{'\n'})
-
- for _, line := range lines[:len(lines)-1] {
- sb.WriteString("# ")
- sb.Write(line)
- sb.WriteByte('\n')
- }
-
- result.Location.Text = []byte(strings.TrimSuffix(sb.String(), "\n"))
-
- return &result, nil
-}
-
-// augmentYamlError augments a YAML error with hints intended to help the user figure out the cause of an otherwise
-// cryptic error. These are hints, instead of proper errors, because they are educated guesses, and aren't guaranteed
-// to be correct.
-func augmentYamlError(err error, comments []*Comment) error {
- // Adding hints for when key/value ':' separator isn't suffixed with a legal YAML space symbol
- for _, comment := range comments {
- txt := string(comment.Text)
- parts := strings.Split(txt, ":")
- if len(parts) > 1 {
- parts = parts[1:]
- var invalidSpaces []string
- for partIndex, part := range parts {
- if len(part) == 0 && partIndex == len(parts)-1 {
- invalidSpaces = []string{}
- break
- }
-
- r, _ := utf8.DecodeRuneInString(part)
- if r == ' ' || r == '\t' {
- invalidSpaces = []string{}
- break
- }
-
- invalidSpaces = append(invalidSpaces, fmt.Sprintf("%+q", r))
- }
- if len(invalidSpaces) > 0 {
- err = fmt.Errorf(
- "%s\n Hint: on line %d, symbol(s) %v immediately following a key/value separator ':' is not a legal yaml space character",
- err.Error(), comment.Location.Row, invalidSpaces)
- }
- }
- }
- return err
-}
-
-func unwrapPair(pair map[string]interface{}) (string, interface{}) {
- for k, v := range pair {
- return k, v
- }
- return "", nil
-}
-
-var errInvalidSchemaRef = fmt.Errorf("invalid schema reference")
-
-// NOTE(tsandall): 'schema' is not registered as a root because it's not
-// supported by the compiler or evaluator today. Once we fix that, we can remove
-// this function.
-func parseSchemaRef(s string) (Ref, error) {
-
- term, err := ParseTerm(s)
- if err == nil {
- switch v := term.Value.(type) {
- case Var:
- if term.Equal(SchemaRootDocument) {
- return SchemaRootRef.Copy(), nil
- }
- case Ref:
- if v.HasPrefix(SchemaRootRef) {
- return v, nil
- }
- }
- }
-
- return nil, errInvalidSchemaRef
-}
-
-func parseRelatedResource(rr interface{}) (*RelatedResourceAnnotation, error) {
- rr, err := convertYAMLMapKeyTypes(rr, nil)
- if err != nil {
- return nil, err
- }
-
- switch rr := rr.(type) {
- case string:
- if len(rr) > 0 {
- u, err := url.Parse(rr)
- if err != nil {
- return nil, err
- }
- return &RelatedResourceAnnotation{Ref: *u}, nil
- }
- return nil, fmt.Errorf("ref URL may not be empty string")
- case map[string]interface{}:
- description := strings.TrimSpace(getSafeString(rr, "description"))
- ref := strings.TrimSpace(getSafeString(rr, "ref"))
- if len(ref) > 0 {
- u, err := url.Parse(ref)
- if err != nil {
- return nil, err
- }
- return &RelatedResourceAnnotation{Description: description, Ref: *u}, nil
- }
- return nil, fmt.Errorf("'ref' value required in object")
- }
-
- return nil, fmt.Errorf("invalid value type, must be string or map")
-}
-
-func parseAuthor(a interface{}) (*AuthorAnnotation, error) {
- a, err := convertYAMLMapKeyTypes(a, nil)
- if err != nil {
- return nil, err
- }
-
- switch a := a.(type) {
- case string:
- return parseAuthorString(a)
- case map[string]interface{}:
- name := strings.TrimSpace(getSafeString(a, "name"))
- email := strings.TrimSpace(getSafeString(a, "email"))
- if len(name) > 0 || len(email) > 0 {
- return &AuthorAnnotation{name, email}, nil
- }
- return nil, fmt.Errorf("'name' and/or 'email' values required in object")
- }
-
- return nil, fmt.Errorf("invalid value type, must be string or map")
-}
-
-func getSafeString(m map[string]interface{}, k string) string {
- if v, found := m[k]; found {
- if s, ok := v.(string); ok {
- return s
- }
- }
- return ""
-}
-
-const emailPrefix = "<"
-const emailSuffix = ">"
-
-// parseAuthor parses a string into an AuthorAnnotation. If the last word of the input string is enclosed within <>,
-// it is extracted as the author's email. The email may not contain whitelines, as it then will be interpreted as
-// multiple words.
-func parseAuthorString(s string) (*AuthorAnnotation, error) {
- parts := strings.Fields(s)
-
- if len(parts) == 0 {
- return nil, fmt.Errorf("author is an empty string")
- }
-
- namePartCount := len(parts)
- trailing := parts[namePartCount-1]
- var email string
- if len(trailing) >= len(emailPrefix)+len(emailSuffix) && strings.HasPrefix(trailing, emailPrefix) &&
- strings.HasSuffix(trailing, emailSuffix) {
- email = trailing[len(emailPrefix):]
- email = email[0 : len(email)-len(emailSuffix)]
- namePartCount = namePartCount - 1
- }
-
- name := strings.Join(parts[0:namePartCount], " ")
-
- return &AuthorAnnotation{Name: name, Email: email}, nil
-}
-
-func convertYAMLMapKeyTypes(x any, path []string) (any, error) {
- var err error
- switch x := x.(type) {
- case map[any]any:
- result := make(map[string]any, len(x))
- for k, v := range x {
- str, ok := k.(string)
- if !ok {
- return nil, fmt.Errorf("invalid map key type(s): %v", strings.Join(path, "/"))
- }
- result[str], err = convertYAMLMapKeyTypes(v, append(path, str))
- if err != nil {
- return nil, err
- }
- }
- return result, nil
- case []any:
- for i := range x {
- x[i], err = convertYAMLMapKeyTypes(x[i], append(path, fmt.Sprintf("%d", i)))
- if err != nil {
- return nil, err
- }
- }
- return x, nil
- default:
- return x, nil
- }
-}
-
-// futureKeywords is the source of truth for future keywords that will
-// eventually become standard keywords inside of Rego.
-var futureKeywords = map[string]tokens.Token{
- "in": tokens.In,
- "every": tokens.Every,
- "contains": tokens.Contains,
- "if": tokens.If,
+ return v1.NewParser().WithRegoVersion(DefaultRegoVersion)
}
func IsFutureKeyword(s string) bool {
- _, ok := futureKeywords[s]
- return ok
-}
-
-func (p *Parser) futureImport(imp *Import, allowedFutureKeywords map[string]tokens.Token) {
- path := imp.Path.Value.(Ref)
-
- if len(path) == 1 || !path[1].Equal(StringTerm("keywords")) {
- p.errorf(imp.Path.Location, "invalid import, must be `future.keywords`")
- return
- }
-
- if imp.Alias != "" {
- p.errorf(imp.Path.Location, "`future` imports cannot be aliased")
- return
- }
-
- if p.s.s.RegoV1Compatible() {
- p.errorf(imp.Path.Location, "the `%s` import implies `future.keywords`, these are therefore mutually exclusive", RegoV1CompatibleRef)
- return
- }
-
- kwds := make([]string, 0, len(allowedFutureKeywords))
- for k := range allowedFutureKeywords {
- kwds = append(kwds, k)
- }
-
- switch len(path) {
- case 2: // all keywords imported, nothing to do
- case 3: // one keyword imported
- kw, ok := path[2].Value.(String)
- if !ok {
- p.errorf(imp.Path.Location, "invalid import, must be `future.keywords.x`, e.g. `import future.keywords.in`")
- return
- }
- keyword := string(kw)
- _, ok = allowedFutureKeywords[keyword]
- if !ok {
- sort.Strings(kwds) // so the error message is stable
- p.errorf(imp.Path.Location, "unexpected keyword, must be one of %v", kwds)
- return
- }
-
- kwds = []string{keyword} // overwrite
- }
- for _, kw := range kwds {
- p.s.s.AddKeyword(kw, allowedFutureKeywords[kw])
- }
-}
-
-func (p *Parser) regoV1Import(imp *Import) {
- if !p.po.Capabilities.ContainsFeature(FeatureRegoV1Import) {
- p.errorf(imp.Path.Location, "invalid import, `%s` is not supported by current capabilities", RegoV1CompatibleRef)
- return
- }
-
- path := imp.Path.Value.(Ref)
-
- // v1 is only valid option
- if len(path) == 1 || !path[1].Equal(RegoV1CompatibleRef[1]) || len(path) > 2 {
- p.errorf(imp.Path.Location, "invalid import `%s`, must be `%s`", path, RegoV1CompatibleRef)
- return
- }
-
- if p.po.RegoVersion == RegoV1 {
- // We're parsing for Rego v1, where the 'rego.v1' import is a no-op.
- return
- }
-
- if imp.Alias != "" {
- p.errorf(imp.Path.Location, "`rego` imports cannot be aliased")
- return
- }
-
- // import all future keywords with the rego.v1 import
- kwds := make([]string, 0, len(futureKeywords))
- for k := range futureKeywords {
- kwds = append(kwds, k)
- }
-
- if p.s.s.HasKeyword(futureKeywords) && !p.s.s.RegoV1Compatible() {
- // We have imported future keywords, but they didn't come from another `rego.v1` import.
- p.errorf(imp.Path.Location, "the `%s` import implies `future.keywords`, these are therefore mutually exclusive", RegoV1CompatibleRef)
- return
- }
-
- p.s.s.SetRegoV1Compatible()
- for _, kw := range kwds {
- p.s.s.AddKeyword(kw, futureKeywords[kw])
- }
+ return v1.IsFutureKeywordForRegoVersion(s, RegoV0)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/parser_ext.go b/vendor/github.com/open-policy-agent/opa/ast/parser_ext.go
index 83c87e47b1..2d59616932 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/parser_ext.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/parser_ext.go
@@ -1,24 +1,14 @@
-// Copyright 2016 The OPA Authors. All rights reserved.
+// Copyright 2024 The OPA Authors. All rights reserved.
// Use of this source code is governed by an Apache2
// license that can be found in the LICENSE file.
-// This file contains extra functions for parsing Rego.
-// Most of the parsing is handled by the code in parser.go,
-// however, there are additional utilities that are
-// helpful for dealing with Rego source inputs (e.g., REPL
-// statements, source files, etc.)
-
package ast
import (
- "bytes"
"errors"
"fmt"
- "strings"
- "unicode"
- "github.com/open-policy-agent/opa/ast/internal/tokens"
- astJSON "github.com/open-policy-agent/opa/ast/json"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// MustParseBody returns a parsed body.
@@ -30,11 +20,7 @@ func MustParseBody(input string) Body {
// MustParseBodyWithOpts returns a parsed body.
// If an error occurs during parsing, panic.
func MustParseBodyWithOpts(input string, opts ParserOptions) Body {
- parsed, err := ParseBodyWithOpts(input, opts)
- if err != nil {
- panic(err)
- }
- return parsed
+ return v1.MustParseBodyWithOpts(input, setDefaultRegoVersion(opts))
}
// MustParseExpr returns a parsed expression.
@@ -66,11 +52,7 @@ func MustParseModule(input string) *Module {
// MustParseModuleWithOpts returns a parsed module.
// If an error occurs during parsing, panic.
func MustParseModuleWithOpts(input string, opts ParserOptions) *Module {
- parsed, err := ParseModuleWithOpts("", input, opts)
- if err != nil {
- panic(err)
- }
- return parsed
+ return v1.MustParseModuleWithOpts(input, setDefaultRegoVersion(opts))
}
// MustParsePackage returns a Package.
@@ -104,11 +86,7 @@ func MustParseStatement(input string) Statement {
}
func MustParseStatementWithOpts(input string, popts ParserOptions) Statement {
- parsed, err := ParseStatementWithOpts(input, popts)
- if err != nil {
- panic(err)
- }
- return parsed
+ return v1.MustParseStatementWithOpts(input, setDefaultRegoVersion(popts))
}
// MustParseRef returns a parsed reference.
@@ -134,11 +112,7 @@ func MustParseRule(input string) *Rule {
// MustParseRuleWithOpts returns a parsed rule.
// If an error occurs during parsing, panic.
func MustParseRuleWithOpts(input string, opts ParserOptions) *Rule {
- parsed, err := ParseRuleWithOpts(input, opts)
- if err != nil {
- panic(err)
- }
- return parsed
+ return v1.MustParseRuleWithOpts(input, setDefaultRegoVersion(opts))
}
// MustParseTerm returns a parsed term.
@@ -154,331 +128,59 @@ func MustParseTerm(input string) *Term {
// ParseRuleFromBody returns a rule if the body can be interpreted as a rule
// definition. Otherwise, an error is returned.
func ParseRuleFromBody(module *Module, body Body) (*Rule, error) {
-
- if len(body) != 1 {
- return nil, fmt.Errorf("multiple expressions cannot be used for rule head")
- }
-
- return ParseRuleFromExpr(module, body[0])
+ return v1.ParseRuleFromBody(module, body)
}
// ParseRuleFromExpr returns a rule if the expression can be interpreted as a
// rule definition.
func ParseRuleFromExpr(module *Module, expr *Expr) (*Rule, error) {
-
- if len(expr.With) > 0 {
- return nil, fmt.Errorf("expressions using with keyword cannot be used for rule head")
- }
-
- if expr.Negated {
- return nil, fmt.Errorf("negated expressions cannot be used for rule head")
- }
-
- if _, ok := expr.Terms.(*SomeDecl); ok {
- return nil, errors.New("'some' declarations cannot be used for rule head")
- }
-
- if term, ok := expr.Terms.(*Term); ok {
- switch v := term.Value.(type) {
- case Ref:
- if len(v) > 2 { // 2+ dots
- return ParseCompleteDocRuleWithDotsFromTerm(module, term)
- }
- return ParsePartialSetDocRuleFromTerm(module, term)
- default:
- return nil, fmt.Errorf("%v cannot be used for rule name", TypeName(v))
- }
- }
-
- if _, ok := expr.Terms.([]*Term); !ok {
- // This is a defensive check in case other kinds of expression terms are
- // introduced in the future.
- return nil, errors.New("expression cannot be used for rule head")
- }
-
- if expr.IsEquality() {
- return parseCompleteRuleFromEq(module, expr)
- } else if expr.IsAssignment() {
- rule, err := parseCompleteRuleFromEq(module, expr)
- if err != nil {
- return nil, err
- }
- rule.Head.Assign = true
- return rule, nil
- }
-
- if _, ok := BuiltinMap[expr.Operator().String()]; ok {
- return nil, fmt.Errorf("rule name conflicts with built-in function")
- }
-
- return ParseRuleFromCallExpr(module, expr.Terms.([]*Term))
-}
-
-func parseCompleteRuleFromEq(module *Module, expr *Expr) (rule *Rule, err error) {
-
- // ensure the rule location is set to the expr location
- // the helper functions called below try to set the location based
- // on the terms they've been provided but that is not as accurate.
- defer func() {
- if rule != nil {
- rule.Location = expr.Location
- rule.Head.Location = expr.Location
- }
- }()
-
- lhs, rhs := expr.Operand(0), expr.Operand(1)
- if lhs == nil || rhs == nil {
- return nil, errors.New("assignment requires two operands")
- }
-
- rule, err = ParseRuleFromCallEqExpr(module, lhs, rhs)
- if err == nil {
- return rule, nil
- }
-
- rule, err = ParsePartialObjectDocRuleFromEqExpr(module, lhs, rhs)
- if err == nil {
- return rule, nil
- }
-
- return ParseCompleteDocRuleFromEqExpr(module, lhs, rhs)
+ return v1.ParseRuleFromExpr(module, expr)
}
// ParseCompleteDocRuleFromAssignmentExpr returns a rule if the expression can
// be interpreted as a complete document definition declared with the assignment
// operator.
func ParseCompleteDocRuleFromAssignmentExpr(module *Module, lhs, rhs *Term) (*Rule, error) {
-
- rule, err := ParseCompleteDocRuleFromEqExpr(module, lhs, rhs)
- if err != nil {
- return nil, err
- }
-
- rule.Head.Assign = true
-
- return rule, nil
+ return v1.ParseCompleteDocRuleFromAssignmentExpr(module, lhs, rhs)
}
// ParseCompleteDocRuleFromEqExpr returns a rule if the expression can be
// interpreted as a complete document definition.
func ParseCompleteDocRuleFromEqExpr(module *Module, lhs, rhs *Term) (*Rule, error) {
- var head *Head
-
- if v, ok := lhs.Value.(Var); ok {
- // Modify the code to add the location to the head ref
- // and set the head ref's jsonOptions.
- head = VarHead(v, lhs.Location, &lhs.jsonOptions)
- } else if r, ok := lhs.Value.(Ref); ok { // groundness ?
- if _, ok := r[0].Value.(Var); !ok {
- return nil, fmt.Errorf("invalid rule head: %v", r)
- }
- head = RefHead(r)
- if len(r) > 1 && !r[len(r)-1].IsGround() {
- return nil, fmt.Errorf("ref not ground")
- }
- } else {
- return nil, fmt.Errorf("%v cannot be used for rule name", TypeName(lhs.Value))
- }
- head.Value = rhs
- head.Location = lhs.Location
- head.setJSONOptions(lhs.jsonOptions)
-
- body := NewBody(NewExpr(BooleanTerm(true).SetLocation(rhs.Location)).SetLocation(rhs.Location))
- setJSONOptions(body, &rhs.jsonOptions)
-
- return &Rule{
- Location: lhs.Location,
- Head: head,
- Body: body,
- Module: module,
- jsonOptions: lhs.jsonOptions,
- generatedBody: true,
- }, nil
+ return v1.ParseCompleteDocRuleFromEqExpr(module, lhs, rhs)
}
func ParseCompleteDocRuleWithDotsFromTerm(module *Module, term *Term) (*Rule, error) {
- ref, ok := term.Value.(Ref)
- if !ok {
- return nil, fmt.Errorf("%v cannot be used for rule name", TypeName(term.Value))
- }
-
- if _, ok := ref[0].Value.(Var); !ok {
- return nil, fmt.Errorf("invalid rule head: %v", ref)
- }
- head := RefHead(ref, BooleanTerm(true).SetLocation(term.Location))
- head.generatedValue = true
- head.Location = term.Location
- head.jsonOptions = term.jsonOptions
-
- body := NewBody(NewExpr(BooleanTerm(true).SetLocation(term.Location)).SetLocation(term.Location))
- setJSONOptions(body, &term.jsonOptions)
-
- return &Rule{
- Location: term.Location,
- Head: head,
- Body: body,
- Module: module,
-
- jsonOptions: term.jsonOptions,
- }, nil
+ return v1.ParseCompleteDocRuleWithDotsFromTerm(module, term)
}
// ParsePartialObjectDocRuleFromEqExpr returns a rule if the expression can be
// interpreted as a partial object document definition.
func ParsePartialObjectDocRuleFromEqExpr(module *Module, lhs, rhs *Term) (*Rule, error) {
- ref, ok := lhs.Value.(Ref)
- if !ok {
- return nil, fmt.Errorf("%v cannot be used as rule name", TypeName(lhs.Value))
- }
-
- if _, ok := ref[0].Value.(Var); !ok {
- return nil, fmt.Errorf("invalid rule head: %v", ref)
- }
-
- head := RefHead(ref, rhs)
- if len(ref) == 2 { // backcompat for naked `foo.bar = "baz"` statements
- head.Name = ref[0].Value.(Var)
- head.Key = ref[1]
- }
- head.Location = rhs.Location
- head.jsonOptions = rhs.jsonOptions
-
- body := NewBody(NewExpr(BooleanTerm(true).SetLocation(rhs.Location)).SetLocation(rhs.Location))
- setJSONOptions(body, &rhs.jsonOptions)
-
- rule := &Rule{
- Location: rhs.Location,
- Head: head,
- Body: body,
- Module: module,
- jsonOptions: rhs.jsonOptions,
- }
-
- return rule, nil
+ return v1.ParsePartialObjectDocRuleFromEqExpr(module, lhs, rhs)
}
// ParsePartialSetDocRuleFromTerm returns a rule if the term can be interpreted
// as a partial set document definition.
func ParsePartialSetDocRuleFromTerm(module *Module, term *Term) (*Rule, error) {
-
- ref, ok := term.Value.(Ref)
- if !ok || len(ref) == 1 {
- return nil, fmt.Errorf("%vs cannot be used for rule head", TypeName(term.Value))
- }
- if _, ok := ref[0].Value.(Var); !ok {
- return nil, fmt.Errorf("invalid rule head: %v", ref)
- }
-
- head := RefHead(ref)
- if len(ref) == 2 {
- v, ok := ref[0].Value.(Var)
- if !ok {
- return nil, fmt.Errorf("%vs cannot be used for rule head", TypeName(term.Value))
- }
- // Modify the code to add the location to the head ref
- // and set the head ref's jsonOptions.
- head = VarHead(v, ref[0].Location, &ref[0].jsonOptions)
- head.Key = ref[1]
- }
- head.Location = term.Location
- head.jsonOptions = term.jsonOptions
-
- body := NewBody(NewExpr(BooleanTerm(true).SetLocation(term.Location)).SetLocation(term.Location))
- setJSONOptions(body, &term.jsonOptions)
-
- rule := &Rule{
- Location: term.Location,
- Head: head,
- Body: body,
- Module: module,
- jsonOptions: term.jsonOptions,
- }
-
- return rule, nil
+ return v1.ParsePartialSetDocRuleFromTerm(module, term)
}
// ParseRuleFromCallEqExpr returns a rule if the term can be interpreted as a
// function definition (e.g., f(x) = y => f(x) = y { true }).
func ParseRuleFromCallEqExpr(module *Module, lhs, rhs *Term) (*Rule, error) {
-
- call, ok := lhs.Value.(Call)
- if !ok {
- return nil, fmt.Errorf("must be call")
- }
-
- ref, ok := call[0].Value.(Ref)
- if !ok {
- return nil, fmt.Errorf("%vs cannot be used in function signature", TypeName(call[0].Value))
- }
- if _, ok := ref[0].Value.(Var); !ok {
- return nil, fmt.Errorf("invalid rule head: %v", ref)
- }
-
- head := RefHead(ref, rhs)
- head.Location = lhs.Location
- head.Args = Args(call[1:])
- head.jsonOptions = lhs.jsonOptions
-
- body := NewBody(NewExpr(BooleanTerm(true).SetLocation(rhs.Location)).SetLocation(rhs.Location))
- setJSONOptions(body, &rhs.jsonOptions)
-
- rule := &Rule{
- Location: lhs.Location,
- Head: head,
- Body: body,
- Module: module,
- jsonOptions: lhs.jsonOptions,
- }
-
- return rule, nil
+ return v1.ParseRuleFromCallEqExpr(module, lhs, rhs)
}
// ParseRuleFromCallExpr returns a rule if the terms can be interpreted as a
// function returning true or some value (e.g., f(x) => f(x) = true { true }).
func ParseRuleFromCallExpr(module *Module, terms []*Term) (*Rule, error) {
-
- if len(terms) <= 1 {
- return nil, fmt.Errorf("rule argument list must take at least one argument")
- }
-
- loc := terms[0].Location
- ref := terms[0].Value.(Ref)
- if _, ok := ref[0].Value.(Var); !ok {
- return nil, fmt.Errorf("invalid rule head: %v", ref)
- }
- head := RefHead(ref, BooleanTerm(true).SetLocation(loc))
- head.Location = loc
- head.Args = terms[1:]
- head.jsonOptions = terms[0].jsonOptions
-
- body := NewBody(NewExpr(BooleanTerm(true).SetLocation(loc)).SetLocation(loc))
- setJSONOptions(body, &terms[0].jsonOptions)
-
- rule := &Rule{
- Location: loc,
- Head: head,
- Module: module,
- Body: body,
- jsonOptions: terms[0].jsonOptions,
- }
- return rule, nil
+ return v1.ParseRuleFromCallExpr(module, terms)
}
// ParseImports returns a slice of Import objects.
func ParseImports(input string) ([]*Import, error) {
- stmts, _, err := ParseStatements("", input)
- if err != nil {
- return nil, err
- }
- result := []*Import{}
- for _, stmt := range stmts {
- if imp, ok := stmt.(*Import); ok {
- result = append(result, imp)
- } else {
- return nil, fmt.Errorf("expected import but got %T", stmt)
- }
- }
- return result, nil
+ return v1.ParseImports(input)
}
// ParseModule returns a parsed Module object.
@@ -492,11 +194,7 @@ func ParseModule(filename, input string) (*Module, error) {
// For details on Module objects and their fields, see policy.go.
// Empty input will return nil, nil.
func ParseModuleWithOpts(filename, input string, popts ParserOptions) (*Module, error) {
- stmts, comments, err := ParseStatementsWithOpts(filename, input, popts)
- if err != nil {
- return nil, err
- }
- return parseModule(filename, stmts, comments, popts.RegoVersion)
+ return v1.ParseModuleWithOpts(filename, input, setDefaultRegoVersion(popts))
}
// ParseBody returns exactly one body.
@@ -508,28 +206,7 @@ func ParseBody(input string) (Body, error) {
// ParseBodyWithOpts returns exactly one body. It does _not_ set SkipRules: true on its own,
// but respects whatever ParserOptions it's been given.
func ParseBodyWithOpts(input string, popts ParserOptions) (Body, error) {
-
- stmts, _, err := ParseStatementsWithOpts("", input, popts)
- if err != nil {
- return nil, err
- }
-
- result := Body{}
-
- for _, stmt := range stmts {
- switch stmt := stmt.(type) {
- case Body:
- for i := range stmt {
- result.Append(stmt[i])
- }
- case *Comment:
- // skip
- default:
- return nil, fmt.Errorf("expected body but got %T", stmt)
- }
- }
-
- return result, nil
+ return v1.ParseBodyWithOpts(input, setDefaultRegoVersion(popts))
}
// ParseExpr returns exactly one expression.
@@ -548,15 +225,7 @@ func ParseExpr(input string) (*Expr, error) {
// ParsePackage returns exactly one Package.
// If multiple statements are parsed, an error is returned.
func ParsePackage(input string) (*Package, error) {
- stmt, err := ParseStatement(input)
- if err != nil {
- return nil, err
- }
- pkg, ok := stmt.(*Package)
- if !ok {
- return nil, fmt.Errorf("expected package but got %T", stmt)
- }
- return pkg, nil
+ return v1.ParsePackage(input)
}
// ParseTerm returns exactly one term.
@@ -592,18 +261,7 @@ func ParseRef(input string) (Ref, error) {
// ParseRuleWithOpts returns exactly one rule.
// If multiple rules are parsed, an error is returned.
func ParseRuleWithOpts(input string, opts ParserOptions) (*Rule, error) {
- stmts, _, err := ParseStatementsWithOpts("", input, opts)
- if err != nil {
- return nil, err
- }
- if len(stmts) != 1 {
- return nil, fmt.Errorf("expected exactly one statement (rule), got %v = %T, %T", stmts, stmts[0], stmts[1])
- }
- rule, ok := stmts[0].(*Rule)
- if !ok {
- return nil, fmt.Errorf("expected rule but got %T", stmts[0])
- }
- return rule, nil
+ return v1.ParseRuleWithOpts(input, setDefaultRegoVersion(opts))
}
// ParseRule returns exactly one rule.
@@ -622,20 +280,13 @@ func ParseStatement(input string) (Statement, error) {
return nil, err
}
if len(stmts) != 1 {
- return nil, fmt.Errorf("expected exactly one statement")
+ return nil, errors.New("expected exactly one statement")
}
return stmts[0], nil
}
func ParseStatementWithOpts(input string, popts ParserOptions) (Statement, error) {
- stmts, _, err := ParseStatementsWithOpts("", input, popts)
- if err != nil {
- return nil, err
- }
- if len(stmts) != 1 {
- return nil, fmt.Errorf("expected exactly one statement")
- }
- return stmts[0], nil
+ return v1.ParseStatementWithOpts(input, setDefaultRegoVersion(popts))
}
// ParseStatements is deprecated. Use ParseStatementWithOpts instead.
@@ -646,204 +297,15 @@ func ParseStatements(filename, input string) ([]Statement, []*Comment, error) {
// ParseStatementsWithOpts returns a slice of parsed statements. This is the
// default return value from the parser.
func ParseStatementsWithOpts(filename, input string, popts ParserOptions) ([]Statement, []*Comment, error) {
-
- parser := NewParser().
- WithFilename(filename).
- WithReader(bytes.NewBufferString(input)).
- WithProcessAnnotation(popts.ProcessAnnotation).
- WithFutureKeywords(popts.FutureKeywords...).
- WithAllFutureKeywords(popts.AllFutureKeywords).
- WithCapabilities(popts.Capabilities).
- WithSkipRules(popts.SkipRules).
- WithJSONOptions(popts.JSONOptions).
- WithRegoVersion(popts.RegoVersion).
- withUnreleasedKeywords(popts.unreleasedKeywords)
-
- stmts, comments, errs := parser.Parse()
-
- if len(errs) > 0 {
- return nil, nil, errs
- }
-
- return stmts, comments, nil
-}
-
-func parseModule(filename string, stmts []Statement, comments []*Comment, regoCompatibilityMode RegoVersion) (*Module, error) {
-
- if len(stmts) == 0 {
- return nil, NewError(ParseErr, &Location{File: filename}, "empty module")
- }
-
- var errs Errors
-
- pkg, ok := stmts[0].(*Package)
- if !ok {
- loc := stmts[0].Loc()
- errs = append(errs, NewError(ParseErr, loc, "package expected"))
- }
-
- mod := &Module{
- Package: pkg,
- stmts: stmts,
- }
-
- // The comments slice only holds comments that were not their own statements.
- mod.Comments = append(mod.Comments, comments...)
- mod.regoVersion = regoCompatibilityMode
-
- for i, stmt := range stmts[1:] {
- switch stmt := stmt.(type) {
- case *Import:
- mod.Imports = append(mod.Imports, stmt)
- if mod.regoVersion == RegoV0 && Compare(stmt.Path.Value, RegoV1CompatibleRef) == 0 {
- mod.regoVersion = RegoV0CompatV1
- }
- case *Rule:
- setRuleModule(stmt, mod)
- mod.Rules = append(mod.Rules, stmt)
- case Body:
- rule, err := ParseRuleFromBody(mod, stmt)
- if err != nil {
- errs = append(errs, NewError(ParseErr, stmt[0].Location, err.Error()))
- continue
- }
- rule.generatedBody = true
- mod.Rules = append(mod.Rules, rule)
-
- // NOTE(tsandall): the statement should now be interpreted as a
- // rule so update the statement list. This is important for the
- // logic below that associates annotations with statements.
- stmts[i+1] = rule
- case *Package:
- errs = append(errs, NewError(ParseErr, stmt.Loc(), "unexpected package"))
- case *Annotations:
- mod.Annotations = append(mod.Annotations, stmt)
- case *Comment:
- // Ignore comments, they're handled above.
- default:
- panic("illegal value") // Indicates grammar is out-of-sync with code.
- }
- }
-
- if mod.regoVersion == RegoV0CompatV1 || mod.regoVersion == RegoV1 {
- for _, rule := range mod.Rules {
- for r := rule; r != nil; r = r.Else {
- errs = append(errs, CheckRegoV1(r)...)
- }
- }
- }
-
- if len(errs) > 0 {
- return nil, errs
- }
-
- errs = append(errs, attachAnnotationsNodes(mod)...)
-
- if len(errs) > 0 {
- return nil, errs
- }
-
- attachRuleAnnotations(mod)
-
- return mod, nil
-}
-
-func ruleDeclarationHasKeyword(rule *Rule, keyword tokens.Token) bool {
- for _, kw := range rule.Head.keywords {
- if kw == keyword {
- return true
- }
- }
- return false
-}
-
-func newScopeAttachmentErr(a *Annotations, want string) *Error {
- var have string
- if a.node != nil {
- have = fmt.Sprintf(" (have %v)", TypeName(a.node))
- }
- return NewError(ParseErr, a.Loc(), "annotation scope '%v' must be applied to %v%v", a.Scope, want, have)
-}
-
-func setRuleModule(rule *Rule, module *Module) {
- rule.Module = module
- if rule.Else != nil {
- setRuleModule(rule.Else, module)
- }
-}
-
-func setJSONOptions(x interface{}, jsonOptions *astJSON.Options) {
- vis := NewGenericVisitor(func(x interface{}) bool {
- if x, ok := x.(customJSON); ok {
- x.setJSONOptions(*jsonOptions)
- }
- return false
- })
- vis.Walk(x)
+ return v1.ParseStatementsWithOpts(filename, input, setDefaultRegoVersion(popts))
}
// ParserErrorDetail holds additional details for parser errors.
-type ParserErrorDetail struct {
- Line string `json:"line"`
- Idx int `json:"idx"`
-}
-
-func newParserErrorDetail(bs []byte, offset int) *ParserErrorDetail {
-
- // Find first non-space character at or before offset position.
- if offset >= len(bs) {
- offset = len(bs) - 1
- } else if offset < 0 {
- offset = 0
- }
-
- for offset > 0 && unicode.IsSpace(rune(bs[offset])) {
- offset--
- }
-
- // Find beginning of line containing offset.
- begin := offset
-
- for begin > 0 && !isNewLineChar(bs[begin]) {
- begin--
- }
+type ParserErrorDetail = v1.ParserErrorDetail
- if isNewLineChar(bs[begin]) {
- begin++
+func setDefaultRegoVersion(opts ParserOptions) ParserOptions {
+ if opts.RegoVersion == RegoUndefined {
+ opts.RegoVersion = DefaultRegoVersion
}
-
- // Find end of line containing offset.
- end := offset
-
- for end < len(bs) && !isNewLineChar(bs[end]) {
- end++
- }
-
- if begin > end {
- begin = end
- }
-
- // Extract line and compute index of offset byte in line.
- line := bs[begin:end]
- index := offset - begin
-
- return &ParserErrorDetail{
- Line: string(line),
- Idx: index,
- }
-}
-
-// Lines returns the pretty formatted line output for the error details.
-func (d ParserErrorDetail) Lines() []string {
- line := strings.TrimLeft(d.Line, "\t") // remove leading tabs
- tabCount := len(d.Line) - len(line)
- indent := d.Idx - tabCount
- if indent < 0 {
- indent = 0
- }
- return []string{line, strings.Repeat(" ", indent) + "^"}
-}
-
-func isNewLineChar(b byte) bool {
- return b == '\r' || b == '\n'
+ return opts
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/policy.go b/vendor/github.com/open-policy-agent/opa/ast/policy.go
index 43e9bba4a3..5055e8f23f 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/policy.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/policy.go
@@ -1,196 +1,113 @@
-// Copyright 2016 The OPA Authors. All rights reserved.
+// Copyright 2024 The OPA Authors. All rights reserved.
// Use of this source code is governed by an Apache2
// license that can be found in the LICENSE file.
package ast
import (
- "bytes"
- "encoding/json"
- "fmt"
- "math/rand"
- "strings"
- "time"
-
- "github.com/open-policy-agent/opa/ast/internal/tokens"
astJSON "github.com/open-policy-agent/opa/ast/json"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
-// Initialize seed for term hashing. This is intentionally placed before the
-// root document sets are constructed to ensure they use the same hash seed as
-// subsequent lookups. If the hash seeds are out of sync, lookups will fail.
-var hashSeed = rand.New(rand.NewSource(time.Now().UnixNano()))
-var hashSeed0 = (uint64(hashSeed.Uint32()) << 32) | uint64(hashSeed.Uint32())
-
// DefaultRootDocument is the default root document.
//
// All package directives inside source files are implicitly prefixed with the
// DefaultRootDocument value.
-var DefaultRootDocument = VarTerm("data")
+var DefaultRootDocument = v1.DefaultRootDocument
// InputRootDocument names the document containing query arguments.
-var InputRootDocument = VarTerm("input")
+var InputRootDocument = v1.InputRootDocument
// SchemaRootDocument names the document containing external data schemas.
-var SchemaRootDocument = VarTerm("schema")
+var SchemaRootDocument = v1.SchemaRootDocument
// FunctionArgRootDocument names the document containing function arguments.
// It's only for internal usage, for referencing function arguments between
// the index and topdown.
-var FunctionArgRootDocument = VarTerm("args")
+var FunctionArgRootDocument = v1.FunctionArgRootDocument
// FutureRootDocument names the document containing new, to-become-default,
// features.
-var FutureRootDocument = VarTerm("future")
+var FutureRootDocument = v1.FutureRootDocument
// RegoRootDocument names the document containing new, to-become-default,
// features in a future versioned release.
-var RegoRootDocument = VarTerm("rego")
+var RegoRootDocument = v1.RegoRootDocument
// RootDocumentNames contains the names of top-level documents that can be
// referred to in modules and queries.
//
// Note, the schema document is not currently implemented in the evaluator so it
// is not registered as a root document name (yet).
-var RootDocumentNames = NewSet(
- DefaultRootDocument,
- InputRootDocument,
-)
+var RootDocumentNames = v1.RootDocumentNames
// DefaultRootRef is a reference to the root of the default document.
//
// All refs to data in the policy engine's storage layer are prefixed with this ref.
-var DefaultRootRef = Ref{DefaultRootDocument}
+var DefaultRootRef = v1.DefaultRootRef
// InputRootRef is a reference to the root of the input document.
//
// All refs to query arguments are prefixed with this ref.
-var InputRootRef = Ref{InputRootDocument}
+var InputRootRef = v1.InputRootRef
// SchemaRootRef is a reference to the root of the schema document.
//
// All refs to schema documents are prefixed with this ref. Note, the schema
// document is not currently implemented in the evaluator so it is not
// registered as a root document ref (yet).
-var SchemaRootRef = Ref{SchemaRootDocument}
+var SchemaRootRef = v1.SchemaRootRef
// RootDocumentRefs contains the prefixes of top-level documents that all
// non-local references start with.
-var RootDocumentRefs = NewSet(
- NewTerm(DefaultRootRef),
- NewTerm(InputRootRef),
-)
+var RootDocumentRefs = v1.RootDocumentRefs
// SystemDocumentKey is the name of the top-level key that identifies the system
// document.
-var SystemDocumentKey = String("system")
+const SystemDocumentKey = v1.SystemDocumentKey
// ReservedVars is the set of names that refer to implicitly ground vars.
-var ReservedVars = NewVarSet(
- DefaultRootDocument.Value.(Var),
- InputRootDocument.Value.(Var),
-)
+var ReservedVars = v1.ReservedVars
// Wildcard represents the wildcard variable as defined in the language.
-var Wildcard = &Term{Value: Var("_")}
+var Wildcard = v1.Wildcard
// WildcardPrefix is the special character that all wildcard variables are
// prefixed with when the statement they are contained in is parsed.
-var WildcardPrefix = "$"
+const WildcardPrefix = v1.WildcardPrefix
// Keywords contains strings that map to language keywords.
-var Keywords = KeywordsForRegoVersion(DefaultRegoVersion)
+var Keywords = v1.Keywords
-var KeywordsV0 = [...]string{
- "not",
- "package",
- "import",
- "as",
- "default",
- "else",
- "with",
- "null",
- "true",
- "false",
- "some",
-}
+var KeywordsV0 = v1.KeywordsV0
-var KeywordsV1 = [...]string{
- "not",
- "package",
- "import",
- "as",
- "default",
- "else",
- "with",
- "null",
- "true",
- "false",
- "some",
- "if",
- "contains",
- "in",
- "every",
-}
+var KeywordsV1 = v1.KeywordsV1
func KeywordsForRegoVersion(v RegoVersion) []string {
- switch v {
- case RegoV0:
- return KeywordsV0[:]
- case RegoV1, RegoV0CompatV1:
- return KeywordsV1[:]
- }
- return nil
+ return v1.KeywordsForRegoVersion(v)
}
// IsKeyword returns true if s is a language keyword.
func IsKeyword(s string) bool {
- return IsInKeywords(s, Keywords)
+ return v1.IsKeyword(s)
}
func IsInKeywords(s string, keywords []string) bool {
- for _, x := range keywords {
- if x == s {
- return true
- }
- }
- return false
+ return v1.IsInKeywords(s, keywords)
}
// IsKeywordInRegoVersion returns true if s is a language keyword.
func IsKeywordInRegoVersion(s string, regoVersion RegoVersion) bool {
- switch regoVersion {
- case RegoV0:
- for _, x := range KeywordsV0 {
- if x == s {
- return true
- }
- }
- case RegoV1, RegoV0CompatV1:
- for _, x := range KeywordsV1 {
- if x == s {
- return true
- }
- }
- }
-
- return false
+ return v1.IsKeywordInRegoVersion(s, regoVersion)
}
type (
// Node represents a node in an AST. Nodes may be statements in a policy module
// or elements of an ad-hoc query, expression, etc.
- Node interface {
- fmt.Stringer
- Loc() *Location
- SetLoc(*Location)
- }
+ Node = v1.Node
// Statement represents a single statement in a policy module.
- Statement interface {
- Node
- }
+ Statement = v1.Statement
)
type (
@@ -198,1894 +115,121 @@ type (
// Module represents a collection of policies (defined by rules)
// within a namespace (defined by the package) and optional
// dependencies on external documents (defined by imports).
- Module struct {
- Package *Package `json:"package"`
- Imports []*Import `json:"imports,omitempty"`
- Annotations []*Annotations `json:"annotations,omitempty"`
- Rules []*Rule `json:"rules,omitempty"`
- Comments []*Comment `json:"comments,omitempty"`
- stmts []Statement
- regoVersion RegoVersion
- }
+ Module = v1.Module
// Comment contains the raw text from the comment in the definition.
- Comment struct {
- // TODO: these fields have inconsistent JSON keys with other structs in this package.
- Text []byte
- Location *Location
-
- jsonOptions astJSON.Options
- }
+ Comment = v1.Comment
// Package represents the namespace of the documents produced
// by rules inside the module.
- Package struct {
- Path Ref `json:"path"`
- Location *Location `json:"location,omitempty"`
-
- jsonOptions astJSON.Options
- }
+ Package = v1.Package
// Import represents a dependency on a document outside of the policy
// namespace. Imports are optional.
- Import struct {
- Path *Term `json:"path"`
- Alias Var `json:"alias,omitempty"`
- Location *Location `json:"location,omitempty"`
-
- jsonOptions astJSON.Options
- }
+ Import = v1.Import
// Rule represents a rule as defined in the language. Rules define the
// content of documents that represent policy decisions.
- Rule struct {
- Default bool `json:"default,omitempty"`
- Head *Head `json:"head"`
- Body Body `json:"body"`
- Else *Rule `json:"else,omitempty"`
- Location *Location `json:"location,omitempty"`
- Annotations []*Annotations `json:"annotations,omitempty"`
-
- // Module is a pointer to the module containing this rule. If the rule
- // was NOT created while parsing/constructing a module, this should be
- // left unset. The pointer is not included in any standard operations
- // on the rule (e.g., printing, comparison, visiting, etc.)
- Module *Module `json:"-"`
-
- generatedBody bool
- jsonOptions astJSON.Options
- }
+ Rule = v1.Rule
// Head represents the head of a rule.
- Head struct {
- Name Var `json:"name,omitempty"`
- Reference Ref `json:"ref,omitempty"`
- Args Args `json:"args,omitempty"`
- Key *Term `json:"key,omitempty"`
- Value *Term `json:"value,omitempty"`
- Assign bool `json:"assign,omitempty"`
- Location *Location `json:"location,omitempty"`
-
- keywords []tokens.Token
- generatedValue bool
- jsonOptions astJSON.Options
- }
+ Head = v1.Head
// Args represents zero or more arguments to a rule.
- Args []*Term
+ Args = v1.Args
// Body represents one or more expressions contained inside a rule or user
// function.
- Body []*Expr
+ Body = v1.Body
// Expr represents a single expression contained inside the body of a rule.
- Expr struct {
- With []*With `json:"with,omitempty"`
- Terms interface{} `json:"terms"`
- Index int `json:"index"`
- Generated bool `json:"generated,omitempty"`
- Negated bool `json:"negated,omitempty"`
- Location *Location `json:"location,omitempty"`
-
- jsonOptions astJSON.Options
- generatedFrom *Expr
- generates []*Expr
- }
+ Expr = v1.Expr
// SomeDecl represents a variable declaration statement. The symbols are variables.
- SomeDecl struct {
- Symbols []*Term `json:"symbols"`
- Location *Location `json:"location,omitempty"`
+ SomeDecl = v1.SomeDecl
- jsonOptions astJSON.Options
- }
-
- Every struct {
- Key *Term `json:"key"`
- Value *Term `json:"value"`
- Domain *Term `json:"domain"`
- Body Body `json:"body"`
- Location *Location `json:"location,omitempty"`
-
- jsonOptions astJSON.Options
- }
+ Every = v1.Every
// With represents a modifier on an expression.
- With struct {
- Target *Term `json:"target"`
- Value *Term `json:"value"`
- Location *Location `json:"location,omitempty"`
-
- jsonOptions astJSON.Options
- }
+ With = v1.With
)
-// Compare returns an integer indicating whether mod is less than, equal to,
-// or greater than other.
-func (mod *Module) Compare(other *Module) int {
- if mod == nil {
- if other == nil {
- return 0
- }
- return -1
- } else if other == nil {
- return 1
- }
- if cmp := mod.Package.Compare(other.Package); cmp != 0 {
- return cmp
- }
- if cmp := importsCompare(mod.Imports, other.Imports); cmp != 0 {
- return cmp
- }
- if cmp := annotationsCompare(mod.Annotations, other.Annotations); cmp != 0 {
- return cmp
- }
- return rulesCompare(mod.Rules, other.Rules)
-}
-
-// Copy returns a deep copy of mod.
-func (mod *Module) Copy() *Module {
- cpy := *mod
- cpy.Rules = make([]*Rule, len(mod.Rules))
-
- nodes := make(map[Node]Node, len(mod.Rules)+len(mod.Imports)+1 /* package */)
-
- for i := range mod.Rules {
- cpy.Rules[i] = mod.Rules[i].Copy()
- cpy.Rules[i].Module = &cpy
- nodes[mod.Rules[i]] = cpy.Rules[i]
- }
-
- cpy.Imports = make([]*Import, len(mod.Imports))
- for i := range mod.Imports {
- cpy.Imports[i] = mod.Imports[i].Copy()
- nodes[mod.Imports[i]] = cpy.Imports[i]
- }
-
- cpy.Package = mod.Package.Copy()
- nodes[mod.Package] = cpy.Package
-
- cpy.Annotations = make([]*Annotations, len(mod.Annotations))
- for i, a := range mod.Annotations {
- cpy.Annotations[i] = a.Copy(nodes[a.node])
- }
-
- cpy.Comments = make([]*Comment, len(mod.Comments))
- for i := range mod.Comments {
- cpy.Comments[i] = mod.Comments[i].Copy()
- }
-
- cpy.stmts = make([]Statement, len(mod.stmts))
- for i := range mod.stmts {
- cpy.stmts[i] = nodes[mod.stmts[i]]
- }
-
- return &cpy
-}
-
-// Equal returns true if mod equals other.
-func (mod *Module) Equal(other *Module) bool {
- return mod.Compare(other) == 0
-}
-
-func (mod *Module) String() string {
- byNode := map[Node][]*Annotations{}
- for _, a := range mod.Annotations {
- byNode[a.node] = append(byNode[a.node], a)
- }
-
- appendAnnotationStrings := func(buf []string, node Node) []string {
- if as, ok := byNode[node]; ok {
- for i := range as {
- buf = append(buf, "# METADATA")
- buf = append(buf, "# "+as[i].String())
- }
- }
- return buf
- }
-
- buf := []string{}
- buf = appendAnnotationStrings(buf, mod.Package)
- buf = append(buf, mod.Package.String())
-
- if len(mod.Imports) > 0 {
- buf = append(buf, "")
- for _, imp := range mod.Imports {
- buf = appendAnnotationStrings(buf, imp)
- buf = append(buf, imp.String())
- }
- }
- if len(mod.Rules) > 0 {
- buf = append(buf, "")
- for _, rule := range mod.Rules {
- buf = appendAnnotationStrings(buf, rule)
- buf = append(buf, rule.stringWithOpts(toStringOpts{regoVersion: mod.regoVersion}))
- }
- }
- return strings.Join(buf, "\n")
-}
-
-// RuleSet returns a RuleSet containing named rules in the mod.
-func (mod *Module) RuleSet(name Var) RuleSet {
- rs := NewRuleSet()
- for _, rule := range mod.Rules {
- if rule.Head.Name.Equal(name) {
- rs.Add(rule)
- }
- }
- return rs
-}
-
-// UnmarshalJSON parses bs and stores the result in mod. The rules in the module
-// will have their module pointer set to mod.
-func (mod *Module) UnmarshalJSON(bs []byte) error {
-
- // Declare a new type and use a type conversion to avoid recursively calling
- // Module#UnmarshalJSON.
- type module Module
-
- if err := util.UnmarshalJSON(bs, (*module)(mod)); err != nil {
- return err
- }
-
- WalkRules(mod, func(rule *Rule) bool {
- rule.Module = mod
- return false
- })
-
- return nil
-}
-
-func (mod *Module) regoV1Compatible() bool {
- return mod.regoVersion == RegoV1 || mod.regoVersion == RegoV0CompatV1
-}
-
-func (mod *Module) RegoVersion() RegoVersion {
- return mod.regoVersion
-}
-
-// SetRegoVersion sets the RegoVersion for the module.
-// Note: Setting a rego-version that does not match the module's rego-version might have unintended consequences.
-func (mod *Module) SetRegoVersion(v RegoVersion) {
- mod.regoVersion = v
-}
-
// NewComment returns a new Comment object.
func NewComment(text []byte) *Comment {
- return &Comment{
- Text: text,
- }
-}
-
-// Loc returns the location of the comment in the definition.
-func (c *Comment) Loc() *Location {
- if c == nil {
- return nil
- }
- return c.Location
-}
-
-// SetLoc sets the location on c.
-func (c *Comment) SetLoc(loc *Location) {
- c.Location = loc
-}
-
-func (c *Comment) String() string {
- return "#" + string(c.Text)
-}
-
-// Copy returns a deep copy of c.
-func (c *Comment) Copy() *Comment {
- cpy := *c
- cpy.Text = make([]byte, len(c.Text))
- copy(cpy.Text, c.Text)
- return &cpy
-}
-
-// Equal returns true if this comment equals the other comment.
-// Unlike other equality checks on AST nodes, comment equality
-// depends on location.
-func (c *Comment) Equal(other *Comment) bool {
- return c.Location.Equal(other.Location) && bytes.Equal(c.Text, other.Text)
-}
-
-func (c *Comment) setJSONOptions(opts astJSON.Options) {
- // Note: this is not used for location since Comments use default JSON marshaling
- // behavior with struct field names in JSON.
- c.jsonOptions = opts
- if c.Location != nil {
- c.Location.JSONOptions = opts
- }
-}
-
-// Compare returns an integer indicating whether pkg is less than, equal to,
-// or greater than other.
-func (pkg *Package) Compare(other *Package) int {
- return Compare(pkg.Path, other.Path)
-}
-
-// Copy returns a deep copy of pkg.
-func (pkg *Package) Copy() *Package {
- cpy := *pkg
- cpy.Path = pkg.Path.Copy()
- return &cpy
-}
-
-// Equal returns true if pkg is equal to other.
-func (pkg *Package) Equal(other *Package) bool {
- return pkg.Compare(other) == 0
-}
-
-// Loc returns the location of the Package in the definition.
-func (pkg *Package) Loc() *Location {
- if pkg == nil {
- return nil
- }
- return pkg.Location
-}
-
-// SetLoc sets the location on pkg.
-func (pkg *Package) SetLoc(loc *Location) {
- pkg.Location = loc
-}
-
-func (pkg *Package) String() string {
- if pkg == nil {
- return ""
- } else if len(pkg.Path) <= 1 {
- return fmt.Sprintf("package ", pkg.Path)
- }
- // Omit head as all packages have the DefaultRootDocument prepended at parse time.
- path := make(Ref, len(pkg.Path)-1)
- path[0] = VarTerm(string(pkg.Path[1].Value.(String)))
- copy(path[1:], pkg.Path[2:])
- return fmt.Sprintf("package %v", path)
-}
-
-func (pkg *Package) setJSONOptions(opts astJSON.Options) {
- pkg.jsonOptions = opts
- if pkg.Location != nil {
- pkg.Location.JSONOptions = opts
- }
-}
-
-func (pkg *Package) MarshalJSON() ([]byte, error) {
- data := map[string]interface{}{
- "path": pkg.Path,
- }
-
- if pkg.jsonOptions.MarshalOptions.IncludeLocation.Package {
- if pkg.Location != nil {
- data["location"] = pkg.Location
- }
- }
-
- return json.Marshal(data)
+ return v1.NewComment(text)
}
// IsValidImportPath returns an error indicating if the import path is invalid.
// If the import path is valid, err is nil.
func IsValidImportPath(v Value) (err error) {
- switch v := v.(type) {
- case Var:
- if !v.Equal(DefaultRootDocument.Value) && !v.Equal(InputRootDocument.Value) {
- return fmt.Errorf("invalid path %v: path must begin with input or data", v)
- }
- case Ref:
- if err := IsValidImportPath(v[0].Value); err != nil {
- return fmt.Errorf("invalid path %v: path must begin with input or data", v)
- }
- for _, e := range v[1:] {
- if _, ok := e.Value.(String); !ok {
- return fmt.Errorf("invalid path %v: path elements must be strings", v)
- }
- }
- default:
- return fmt.Errorf("invalid path %v: path must be ref or var", v)
- }
- return nil
-}
-
-// Compare returns an integer indicating whether imp is less than, equal to,
-// or greater than other.
-func (imp *Import) Compare(other *Import) int {
- if imp == nil {
- if other == nil {
- return 0
- }
- return -1
- } else if other == nil {
- return 1
- }
- if cmp := Compare(imp.Path, other.Path); cmp != 0 {
- return cmp
- }
- return Compare(imp.Alias, other.Alias)
-}
-
-// Copy returns a deep copy of imp.
-func (imp *Import) Copy() *Import {
- cpy := *imp
- cpy.Path = imp.Path.Copy()
- return &cpy
-}
-
-// Equal returns true if imp is equal to other.
-func (imp *Import) Equal(other *Import) bool {
- return imp.Compare(other) == 0
-}
-
-// Loc returns the location of the Import in the definition.
-func (imp *Import) Loc() *Location {
- if imp == nil {
- return nil
- }
- return imp.Location
-}
-
-// SetLoc sets the location on imp.
-func (imp *Import) SetLoc(loc *Location) {
- imp.Location = loc
-}
-
-// Name returns the variable that is used to refer to the imported virtual
-// document. This is the alias if defined otherwise the last element in the
-// path.
-func (imp *Import) Name() Var {
- if len(imp.Alias) != 0 {
- return imp.Alias
- }
- switch v := imp.Path.Value.(type) {
- case Var:
- return v
- case Ref:
- if len(v) == 1 {
- return v[0].Value.(Var)
- }
- return Var(v[len(v)-1].Value.(String))
- }
- panic("illegal import")
-}
-
-func (imp *Import) String() string {
- buf := []string{"import", imp.Path.String()}
- if len(imp.Alias) > 0 {
- buf = append(buf, "as "+imp.Alias.String())
- }
- return strings.Join(buf, " ")
-}
-
-func (imp *Import) setJSONOptions(opts astJSON.Options) {
- imp.jsonOptions = opts
- if imp.Location != nil {
- imp.Location.JSONOptions = opts
- }
-}
-
-func (imp *Import) MarshalJSON() ([]byte, error) {
- data := map[string]interface{}{
- "path": imp.Path,
- }
-
- if len(imp.Alias) != 0 {
- data["alias"] = imp.Alias
- }
-
- if imp.jsonOptions.MarshalOptions.IncludeLocation.Import {
- if imp.Location != nil {
- data["location"] = imp.Location
- }
- }
-
- return json.Marshal(data)
-}
-
-// Compare returns an integer indicating whether rule is less than, equal to,
-// or greater than other.
-func (rule *Rule) Compare(other *Rule) int {
- if rule == nil {
- if other == nil {
- return 0
- }
- return -1
- } else if other == nil {
- return 1
- }
- if cmp := rule.Head.Compare(other.Head); cmp != 0 {
- return cmp
- }
- if cmp := util.Compare(rule.Default, other.Default); cmp != 0 {
- return cmp
- }
- if cmp := rule.Body.Compare(other.Body); cmp != 0 {
- return cmp
- }
-
- if cmp := annotationsCompare(rule.Annotations, other.Annotations); cmp != 0 {
- return cmp
- }
-
- return rule.Else.Compare(other.Else)
-}
-
-// Copy returns a deep copy of rule.
-func (rule *Rule) Copy() *Rule {
- cpy := *rule
- cpy.Head = rule.Head.Copy()
- cpy.Body = rule.Body.Copy()
-
- cpy.Annotations = make([]*Annotations, len(rule.Annotations))
- for i, a := range rule.Annotations {
- cpy.Annotations[i] = a.Copy(&cpy)
- }
-
- if cpy.Else != nil {
- cpy.Else = rule.Else.Copy()
- }
- return &cpy
-}
-
-// Equal returns true if rule is equal to other.
-func (rule *Rule) Equal(other *Rule) bool {
- return rule.Compare(other) == 0
-}
-
-// Loc returns the location of the Rule in the definition.
-func (rule *Rule) Loc() *Location {
- if rule == nil {
- return nil
- }
- return rule.Location
-}
-
-// SetLoc sets the location on rule.
-func (rule *Rule) SetLoc(loc *Location) {
- rule.Location = loc
-}
-
-// Path returns a ref referring to the document produced by this rule. If rule
-// is not contained in a module, this function panics.
-// Deprecated: Poor handling of ref rules. Use `(*Rule).Ref()` instead.
-func (rule *Rule) Path() Ref {
- if rule.Module == nil {
- panic("assertion failed")
- }
- return rule.Module.Package.Path.Extend(rule.Head.Ref().GroundPrefix())
-}
-
-// Ref returns a ref referring to the document produced by this rule. If rule
-// is not contained in a module, this function panics. The returned ref may
-// contain variables in the last position.
-func (rule *Rule) Ref() Ref {
- if rule.Module == nil {
- panic("assertion failed")
- }
- return rule.Module.Package.Path.Extend(rule.Head.Ref())
-}
-
-func (rule *Rule) String() string {
- return rule.stringWithOpts(toStringOpts{})
-}
-
-type toStringOpts struct {
- regoVersion RegoVersion
-}
-
-func (rule *Rule) stringWithOpts(opts toStringOpts) string {
- buf := []string{}
- if rule.Default {
- buf = append(buf, "default")
- }
- buf = append(buf, rule.Head.stringWithOpts(opts))
- if !rule.Default {
- switch opts.regoVersion {
- case RegoV1, RegoV0CompatV1:
- buf = append(buf, "if")
- }
- buf = append(buf, "{")
- buf = append(buf, rule.Body.String())
- buf = append(buf, "}")
- }
- if rule.Else != nil {
- buf = append(buf, rule.Else.elseString(opts))
- }
- return strings.Join(buf, " ")
-}
-
-func (rule *Rule) isFunction() bool {
- return len(rule.Head.Args) > 0
-}
-
-func (rule *Rule) setJSONOptions(opts astJSON.Options) {
- rule.jsonOptions = opts
- if rule.Location != nil {
- rule.Location.JSONOptions = opts
- }
-}
-
-func (rule *Rule) MarshalJSON() ([]byte, error) {
- data := map[string]interface{}{
- "head": rule.Head,
- "body": rule.Body,
- }
-
- if rule.Default {
- data["default"] = true
- }
-
- if rule.Else != nil {
- data["else"] = rule.Else
- }
-
- if rule.jsonOptions.MarshalOptions.IncludeLocation.Rule {
- if rule.Location != nil {
- data["location"] = rule.Location
- }
- }
-
- if len(rule.Annotations) != 0 {
- data["annotations"] = rule.Annotations
- }
-
- return json.Marshal(data)
-}
-
-func (rule *Rule) elseString(opts toStringOpts) string {
- var buf []string
-
- buf = append(buf, "else")
-
- value := rule.Head.Value
- if value != nil {
- buf = append(buf, "=")
- buf = append(buf, value.String())
- }
-
- switch opts.regoVersion {
- case RegoV1, RegoV0CompatV1:
- buf = append(buf, "if")
- }
-
- buf = append(buf, "{")
- buf = append(buf, rule.Body.String())
- buf = append(buf, "}")
-
- if rule.Else != nil {
- buf = append(buf, rule.Else.elseString(opts))
- }
-
- return strings.Join(buf, " ")
+ return v1.IsValidImportPath(v)
}
// NewHead returns a new Head object. If args are provided, the first will be
// used for the key and the second will be used for the value.
func NewHead(name Var, args ...*Term) *Head {
- head := &Head{
- Name: name, // backcompat
- Reference: []*Term{NewTerm(name)},
- }
- if len(args) == 0 {
- return head
- }
- head.Key = args[0]
- if len(args) == 1 {
- return head
- }
- head.Value = args[1]
- if head.Key != nil && head.Value != nil {
- head.Reference = head.Reference.Append(args[0])
- }
- return head
+ return v1.NewHead(name, args...)
}
// VarHead creates a head object, initializes its Name, Location, and Options,
// and returns the new head.
func VarHead(name Var, location *Location, jsonOpts *astJSON.Options) *Head {
- h := NewHead(name)
- h.Reference[0].Location = location
- if jsonOpts != nil {
- h.Reference[0].setJSONOptions(*jsonOpts)
- }
- return h
+ return v1.VarHead(name, location, jsonOpts)
}
// RefHead returns a new Head object with the passed Ref. If args are provided,
// the first will be used for the value.
func RefHead(ref Ref, args ...*Term) *Head {
- head := &Head{}
- head.SetRef(ref)
- if len(ref) < 2 {
- head.Name = ref[0].Value.(Var)
- }
- if len(args) >= 1 {
- head.Value = args[0]
- }
- return head
+ return v1.RefHead(ref, args...)
}
// DocKind represents the collection of document types that can be produced by rules.
-type DocKind int
+type DocKind = v1.DocKind
const (
// CompleteDoc represents a document that is completely defined by the rule.
- CompleteDoc = iota
+ CompleteDoc = v1.CompleteDoc
// PartialSetDoc represents a set document that is partially defined by the rule.
- PartialSetDoc
+ PartialSetDoc = v1.PartialSetDoc
// PartialObjectDoc represents an object document that is partially defined by the rule.
- PartialObjectDoc
-) // TODO(sr): Deprecate?
-
-// DocKind returns the type of document produced by this rule.
-func (head *Head) DocKind() DocKind {
- if head.Key != nil {
- if head.Value != nil {
- return PartialObjectDoc
- }
- return PartialSetDoc
- }
- return CompleteDoc
-}
+ PartialObjectDoc = v1.PartialObjectDoc
+)
-type RuleKind int
+type RuleKind = v1.RuleKind
const (
- SingleValue = iota
- MultiValue
+ SingleValue = v1.SingleValue
+ MultiValue = v1.MultiValue
)
-// RuleKind returns the type of rule this is
-func (head *Head) RuleKind() RuleKind {
- // NOTE(sr): This is bit verbose, since the key is irrelevant for single vs
- // multi value, but as good a spot as to assert the invariant.
- switch {
- case head.Value != nil:
- return SingleValue
- case head.Key != nil:
- return MultiValue
- default:
- panic("unreachable")
- }
-}
-
-// Ref returns the Ref of the rule. If it doesn't have one, it's filled in
-// via the Head's Name.
-func (head *Head) Ref() Ref {
- if len(head.Reference) > 0 {
- return head.Reference
- }
- return Ref{&Term{Value: head.Name}}
-}
-
-// SetRef can be used to set a rule head's Reference
-func (head *Head) SetRef(r Ref) {
- head.Reference = r
-}
-
-// Compare returns an integer indicating whether head is less than, equal to,
-// or greater than other.
-func (head *Head) Compare(other *Head) int {
- if head == nil {
- if other == nil {
- return 0
- }
- return -1
- } else if other == nil {
- return 1
- }
- if head.Assign && !other.Assign {
- return -1
- } else if !head.Assign && other.Assign {
- return 1
- }
- if cmp := Compare(head.Args, other.Args); cmp != 0 {
- return cmp
- }
- if cmp := Compare(head.Reference, other.Reference); cmp != 0 {
- return cmp
- }
- if cmp := Compare(head.Name, other.Name); cmp != 0 {
- return cmp
- }
- if cmp := Compare(head.Key, other.Key); cmp != 0 {
- return cmp
- }
- return Compare(head.Value, other.Value)
-}
-
-// Copy returns a deep copy of head.
-func (head *Head) Copy() *Head {
- cpy := *head
- cpy.Reference = head.Reference.Copy()
- cpy.Args = head.Args.Copy()
- cpy.Key = head.Key.Copy()
- cpy.Value = head.Value.Copy()
- cpy.keywords = nil
- return &cpy
-}
-
-// Equal returns true if this head equals other.
-func (head *Head) Equal(other *Head) bool {
- return head.Compare(other) == 0
-}
-
-func (head *Head) String() string {
- return head.stringWithOpts(toStringOpts{})
-}
-
-func (head *Head) stringWithOpts(opts toStringOpts) string {
- buf := strings.Builder{}
- buf.WriteString(head.Ref().String())
- containsAdded := false
-
- switch {
- case len(head.Args) != 0:
- buf.WriteString(head.Args.String())
- case len(head.Reference) == 1 && head.Key != nil:
- switch opts.regoVersion {
- case RegoV0:
- buf.WriteRune('[')
- buf.WriteString(head.Key.String())
- buf.WriteRune(']')
- default:
- containsAdded = true
- buf.WriteString(" contains ")
- buf.WriteString(head.Key.String())
- }
- }
- if head.Value != nil {
- if head.Assign {
- buf.WriteString(" := ")
- } else {
- buf.WriteString(" = ")
- }
- buf.WriteString(head.Value.String())
- } else if !containsAdded && head.Name == "" && head.Key != nil {
- buf.WriteString(" contains ")
- buf.WriteString(head.Key.String())
- }
- return buf.String()
-}
-
-func (head *Head) setJSONOptions(opts astJSON.Options) {
- head.jsonOptions = opts
- if head.Location != nil {
- head.Location.JSONOptions = opts
- }
-}
-
-func (head *Head) MarshalJSON() ([]byte, error) {
- var loc *Location
- includeLoc := head.jsonOptions.MarshalOptions.IncludeLocation
- if includeLoc.Head {
- if head.Location != nil {
- loc = head.Location
- }
-
- for _, term := range head.Reference {
- if term.Location != nil {
- term.jsonOptions.MarshalOptions.IncludeLocation.Term = includeLoc.Term
- }
- }
- }
-
- // NOTE(sr): we do this to override the rendering of `head.Reference`.
- // It's still what'll be used via the default means of encoding/json
- // for unmarshaling a json object into a Head struct!
- type h Head
- return json.Marshal(struct {
- h
- Ref Ref `json:"ref"`
- Location *Location `json:"location,omitempty"`
- }{
- h: h(*head),
- Ref: head.Ref(),
- Location: loc,
- })
-}
-
-// Vars returns a set of vars found in the head.
-func (head *Head) Vars() VarSet {
- vis := &VarVisitor{vars: VarSet{}}
- // TODO: improve test coverage for this.
- if head.Args != nil {
- vis.Walk(head.Args)
- }
- if head.Key != nil {
- vis.Walk(head.Key)
- }
- if head.Value != nil {
- vis.Walk(head.Value)
- }
- if len(head.Reference) > 0 {
- vis.Walk(head.Reference[1:])
- }
- return vis.vars
-}
-
-// Loc returns the Location of head.
-func (head *Head) Loc() *Location {
- if head == nil {
- return nil
- }
- return head.Location
-}
-
-// SetLoc sets the location on head.
-func (head *Head) SetLoc(loc *Location) {
- head.Location = loc
-}
-
-func (head *Head) HasDynamicRef() bool {
- pos := head.Reference.Dynamic()
- // Ref is dynamic if it has one non-constant term that isn't the first or last term or if it's a partial set rule.
- return pos > 0 && (pos < len(head.Reference)-1 || head.RuleKind() == MultiValue)
-}
-
-// Copy returns a deep copy of a.
-func (a Args) Copy() Args {
- cpy := Args{}
- for _, t := range a {
- cpy = append(cpy, t.Copy())
- }
- return cpy
-}
-
-func (a Args) String() string {
- buf := make([]string, 0, len(a))
- for _, t := range a {
- buf = append(buf, t.String())
- }
- return "(" + strings.Join(buf, ", ") + ")"
-}
-
-// Loc returns the Location of a.
-func (a Args) Loc() *Location {
- if len(a) == 0 {
- return nil
- }
- return a[0].Location
-}
-
-// SetLoc sets the location on a.
-func (a Args) SetLoc(loc *Location) {
- if len(a) != 0 {
- a[0].SetLocation(loc)
- }
-}
-
-// Vars returns a set of vars that appear in a.
-func (a Args) Vars() VarSet {
- vis := &VarVisitor{vars: VarSet{}}
- vis.Walk(a)
- return vis.vars
-}
-
// NewBody returns a new Body containing the given expressions. The indices of
// the immediate expressions will be reset.
func NewBody(exprs ...*Expr) Body {
- for i, expr := range exprs {
- expr.Index = i
- }
- return Body(exprs)
-}
-
-// MarshalJSON returns JSON encoded bytes representing body.
-func (body Body) MarshalJSON() ([]byte, error) {
- // Serialize empty Body to empty array. This handles both the empty case and the
- // nil case (whereas by default the result would be null if body was nil.)
- if len(body) == 0 {
- return []byte(`[]`), nil
- }
- ret, err := json.Marshal([]*Expr(body))
- return ret, err
-}
-
-// Append adds the expr to the body and updates the expr's index accordingly.
-func (body *Body) Append(expr *Expr) {
- n := len(*body)
- expr.Index = n
- *body = append(*body, expr)
-}
-
-// Set sets the expr in the body at the specified position and updates the
-// expr's index accordingly.
-func (body Body) Set(expr *Expr, pos int) {
- body[pos] = expr
- expr.Index = pos
-}
-
-// Compare returns an integer indicating whether body is less than, equal to,
-// or greater than other.
-//
-// If body is a subset of other, it is considered less than (and vice versa).
-func (body Body) Compare(other Body) int {
- minLen := len(body)
- if len(other) < minLen {
- minLen = len(other)
- }
- for i := 0; i < minLen; i++ {
- if cmp := body[i].Compare(other[i]); cmp != 0 {
- return cmp
- }
- }
- if len(body) < len(other) {
- return -1
- }
- if len(other) < len(body) {
- return 1
- }
- return 0
-}
-
-// Copy returns a deep copy of body.
-func (body Body) Copy() Body {
- cpy := make(Body, len(body))
- for i := range body {
- cpy[i] = body[i].Copy()
- }
- return cpy
-}
-
-// Contains returns true if this body contains the given expression.
-func (body Body) Contains(x *Expr) bool {
- for _, e := range body {
- if e.Equal(x) {
- return true
- }
- }
- return false
-}
-
-// Equal returns true if this Body is equal to the other Body.
-func (body Body) Equal(other Body) bool {
- return body.Compare(other) == 0
-}
-
-// Hash returns the hash code for the Body.
-func (body Body) Hash() int {
- s := 0
- for _, e := range body {
- s += e.Hash()
- }
- return s
-}
-
-// IsGround returns true if all of the expressions in the Body are ground.
-func (body Body) IsGround() bool {
- for _, e := range body {
- if !e.IsGround() {
- return false
- }
- }
- return true
-}
-
-// Loc returns the location of the Body in the definition.
-func (body Body) Loc() *Location {
- if len(body) == 0 {
- return nil
- }
- return body[0].Location
-}
-
-// SetLoc sets the location on body.
-func (body Body) SetLoc(loc *Location) {
- if len(body) != 0 {
- body[0].SetLocation(loc)
- }
-}
-
-func (body Body) String() string {
- buf := make([]string, 0, len(body))
- for _, v := range body {
- buf = append(buf, v.String())
- }
- return strings.Join(buf, "; ")
-}
-
-// Vars returns a VarSet containing variables in body. The params can be set to
-// control which vars are included.
-func (body Body) Vars(params VarVisitorParams) VarSet {
- vis := NewVarVisitor().WithParams(params)
- vis.Walk(body)
- return vis.Vars()
+ return v1.NewBody(exprs...)
}
// NewExpr returns a new Expr object.
-func NewExpr(terms interface{}) *Expr {
- switch terms.(type) {
- case *SomeDecl, *Every, *Term, []*Term: // ok
- default:
- panic("unreachable")
- }
- return &Expr{
- Negated: false,
- Terms: terms,
- Index: 0,
- With: nil,
- }
-}
-
-// Complement returns a copy of this expression with the negation flag flipped.
-func (expr *Expr) Complement() *Expr {
- cpy := *expr
- cpy.Negated = !cpy.Negated
- return &cpy
-}
-
-// Equal returns true if this Expr equals the other Expr.
-func (expr *Expr) Equal(other *Expr) bool {
- return expr.Compare(other) == 0
-}
-
-// Compare returns an integer indicating whether expr is less than, equal to,
-// or greater than other.
-//
-// Expressions are compared as follows:
-//
-// 1. Declarations are always less than other expressions.
-// 2. Preceding expression (by Index) is always less than the other expression.
-// 3. Non-negated expressions are always less than negated expressions.
-// 4. Single term expressions are always less than built-in expressions.
-//
-// Otherwise, the expression terms are compared normally. If both expressions
-// have the same terms, the modifiers are compared.
-func (expr *Expr) Compare(other *Expr) int {
-
- if expr == nil {
- if other == nil {
- return 0
- }
- return -1
- } else if other == nil {
- return 1
- }
-
- o1 := expr.sortOrder()
- o2 := other.sortOrder()
- if o1 < o2 {
- return -1
- } else if o2 < o1 {
- return 1
- }
-
- switch {
- case expr.Index < other.Index:
- return -1
- case expr.Index > other.Index:
- return 1
- }
-
- switch {
- case expr.Negated && !other.Negated:
- return 1
- case !expr.Negated && other.Negated:
- return -1
- }
-
- switch t := expr.Terms.(type) {
- case *Term:
- if cmp := Compare(t.Value, other.Terms.(*Term).Value); cmp != 0 {
- return cmp
- }
- case []*Term:
- if cmp := termSliceCompare(t, other.Terms.([]*Term)); cmp != 0 {
- return cmp
- }
- case *SomeDecl:
- if cmp := Compare(t, other.Terms.(*SomeDecl)); cmp != 0 {
- return cmp
- }
- case *Every:
- if cmp := Compare(t, other.Terms.(*Every)); cmp != 0 {
- return cmp
- }
- }
-
- return withSliceCompare(expr.With, other.With)
-}
-
-func (expr *Expr) sortOrder() int {
- switch expr.Terms.(type) {
- case *SomeDecl:
- return 0
- case *Term:
- return 1
- case []*Term:
- return 2
- case *Every:
- return 3
- }
- return -1
-}
-
-// CopyWithoutTerms returns a deep copy of expr without its Terms
-func (expr *Expr) CopyWithoutTerms() *Expr {
- cpy := *expr
-
- cpy.With = make([]*With, len(expr.With))
- for i := range expr.With {
- cpy.With[i] = expr.With[i].Copy()
- }
-
- return &cpy
-}
-
-// Copy returns a deep copy of expr.
-func (expr *Expr) Copy() *Expr {
-
- cpy := expr.CopyWithoutTerms()
-
- switch ts := expr.Terms.(type) {
- case *SomeDecl:
- cpy.Terms = ts.Copy()
- case []*Term:
- cpyTs := make([]*Term, len(ts))
- for i := range ts {
- cpyTs[i] = ts[i].Copy()
- }
- cpy.Terms = cpyTs
- case *Term:
- cpy.Terms = ts.Copy()
- case *Every:
- cpy.Terms = ts.Copy()
- }
-
- return cpy
-}
-
-// Hash returns the hash code of the Expr.
-func (expr *Expr) Hash() int {
- s := expr.Index
- switch ts := expr.Terms.(type) {
- case *SomeDecl:
- s += ts.Hash()
- case []*Term:
- for _, t := range ts {
- s += t.Value.Hash()
- }
- case *Term:
- s += ts.Value.Hash()
- }
- if expr.Negated {
- s++
- }
- for _, w := range expr.With {
- s += w.Hash()
- }
- return s
-}
-
-// IncludeWith returns a copy of expr with the with modifier appended.
-func (expr *Expr) IncludeWith(target *Term, value *Term) *Expr {
- cpy := *expr
- cpy.With = append(cpy.With, &With{Target: target, Value: value})
- return &cpy
-}
-
-// NoWith returns a copy of expr where the with modifier has been removed.
-func (expr *Expr) NoWith() *Expr {
- cpy := *expr
- cpy.With = nil
- return &cpy
-}
-
-// IsEquality returns true if this is an equality expression.
-func (expr *Expr) IsEquality() bool {
- return isGlobalBuiltin(expr, Var(Equality.Name))
-}
-
-// IsAssignment returns true if this an assignment expression.
-func (expr *Expr) IsAssignment() bool {
- return isGlobalBuiltin(expr, Var(Assign.Name))
-}
-
-// IsCall returns true if this expression calls a function.
-func (expr *Expr) IsCall() bool {
- _, ok := expr.Terms.([]*Term)
- return ok
-}
-
-// IsEvery returns true if this expression is an 'every' expression.
-func (expr *Expr) IsEvery() bool {
- _, ok := expr.Terms.(*Every)
- return ok
-}
-
-// IsSome returns true if this expression is a 'some' expression.
-func (expr *Expr) IsSome() bool {
- _, ok := expr.Terms.(*SomeDecl)
- return ok
-}
-
-// Operator returns the name of the function or built-in this expression refers
-// to. If this expression is not a function call, returns nil.
-func (expr *Expr) Operator() Ref {
- op := expr.OperatorTerm()
- if op == nil {
- return nil
- }
- return op.Value.(Ref)
-}
-
-// OperatorTerm returns the name of the function or built-in this expression
-// refers to. If this expression is not a function call, returns nil.
-func (expr *Expr) OperatorTerm() *Term {
- terms, ok := expr.Terms.([]*Term)
- if !ok || len(terms) == 0 {
- return nil
- }
- return terms[0]
-}
-
-// Operand returns the term at the zero-based pos. If the expr does not include
-// at least pos+1 terms, this function returns nil.
-func (expr *Expr) Operand(pos int) *Term {
- terms, ok := expr.Terms.([]*Term)
- if !ok {
- return nil
- }
- idx := pos + 1
- if idx < len(terms) {
- return terms[idx]
- }
- return nil
-}
-
-// Operands returns the built-in function operands.
-func (expr *Expr) Operands() []*Term {
- terms, ok := expr.Terms.([]*Term)
- if !ok {
- return nil
- }
- return terms[1:]
-}
-
-// IsGround returns true if all of the expression terms are ground.
-func (expr *Expr) IsGround() bool {
- switch ts := expr.Terms.(type) {
- case []*Term:
- for _, t := range ts[1:] {
- if !t.IsGround() {
- return false
- }
- }
- case *Term:
- return ts.IsGround()
- }
- return true
-}
-
-// SetOperator sets the expr's operator and returns the expr itself. If expr is
-// not a call expr, this function will panic.
-func (expr *Expr) SetOperator(term *Term) *Expr {
- expr.Terms.([]*Term)[0] = term
- return expr
-}
-
-// SetLocation sets the expr's location and returns the expr itself.
-func (expr *Expr) SetLocation(loc *Location) *Expr {
- expr.Location = loc
- return expr
-}
-
-// Loc returns the Location of expr.
-func (expr *Expr) Loc() *Location {
- if expr == nil {
- return nil
- }
- return expr.Location
-}
-
-// SetLoc sets the location on expr.
-func (expr *Expr) SetLoc(loc *Location) {
- expr.SetLocation(loc)
-}
-
-func (expr *Expr) String() string {
- buf := make([]string, 0, 2+len(expr.With))
- if expr.Negated {
- buf = append(buf, "not")
- }
- switch t := expr.Terms.(type) {
- case []*Term:
- if expr.IsEquality() && validEqAssignArgCount(expr) {
- buf = append(buf, fmt.Sprintf("%v %v %v", t[1], Equality.Infix, t[2]))
- } else {
- buf = append(buf, Call(t).String())
- }
- case fmt.Stringer:
- buf = append(buf, t.String())
- }
-
- for i := range expr.With {
- buf = append(buf, expr.With[i].String())
- }
-
- return strings.Join(buf, " ")
-}
-
-func (expr *Expr) setJSONOptions(opts astJSON.Options) {
- expr.jsonOptions = opts
- if expr.Location != nil {
- expr.Location.JSONOptions = opts
- }
-}
-
-func (expr *Expr) MarshalJSON() ([]byte, error) {
- data := map[string]interface{}{
- "terms": expr.Terms,
- "index": expr.Index,
- }
-
- if len(expr.With) > 0 {
- data["with"] = expr.With
- }
-
- if expr.Generated {
- data["generated"] = true
- }
-
- if expr.Negated {
- data["negated"] = true
- }
-
- if expr.jsonOptions.MarshalOptions.IncludeLocation.Expr {
- if expr.Location != nil {
- data["location"] = expr.Location
- }
- }
-
- return json.Marshal(data)
-}
-
-// UnmarshalJSON parses the byte array and stores the result in expr.
-func (expr *Expr) UnmarshalJSON(bs []byte) error {
- v := map[string]interface{}{}
- if err := util.UnmarshalJSON(bs, &v); err != nil {
- return err
- }
- return unmarshalExpr(expr, v)
-}
-
-// Vars returns a VarSet containing variables in expr. The params can be set to
-// control which vars are included.
-func (expr *Expr) Vars(params VarVisitorParams) VarSet {
- vis := NewVarVisitor().WithParams(params)
- vis.Walk(expr)
- return vis.Vars()
+func NewExpr(terms any) *Expr {
+ return v1.NewExpr(terms)
}
// NewBuiltinExpr creates a new Expr object with the supplied terms.
// The builtin operator must be the first term.
func NewBuiltinExpr(terms ...*Term) *Expr {
- return &Expr{Terms: terms}
-}
-
-func (expr *Expr) CogeneratedExprs() []*Expr {
- visited := map[*Expr]struct{}{}
- visitCogeneratedExprs(expr, func(e *Expr) bool {
- if expr.Equal(e) {
- return true
- }
- if _, ok := visited[e]; ok {
- return true
- }
- visited[e] = struct{}{}
- return false
- })
-
- result := make([]*Expr, 0, len(visited))
- for e := range visited {
- result = append(result, e)
- }
- return result
-}
-
-func (expr *Expr) BaseCogeneratedExpr() *Expr {
- if expr.generatedFrom == nil {
- return expr
- }
- return expr.generatedFrom.BaseCogeneratedExpr()
-}
-
-func visitCogeneratedExprs(expr *Expr, f func(*Expr) bool) {
- if parent := expr.generatedFrom; parent != nil {
- if stop := f(parent); !stop {
- visitCogeneratedExprs(parent, f)
- }
- }
- for _, child := range expr.generates {
- if stop := f(child); !stop {
- visitCogeneratedExprs(child, f)
- }
- }
-}
-
-func (d *SomeDecl) String() string {
- if call, ok := d.Symbols[0].Value.(Call); ok {
- if len(call) == 4 {
- return "some " + call[1].String() + ", " + call[2].String() + " in " + call[3].String()
- }
- return "some " + call[1].String() + " in " + call[2].String()
- }
- buf := make([]string, len(d.Symbols))
- for i := range buf {
- buf[i] = d.Symbols[i].String()
- }
- return "some " + strings.Join(buf, ", ")
-}
-
-// SetLoc sets the Location on d.
-func (d *SomeDecl) SetLoc(loc *Location) {
- d.Location = loc
-}
-
-// Loc returns the Location of d.
-func (d *SomeDecl) Loc() *Location {
- return d.Location
-}
-
-// Copy returns a deep copy of d.
-func (d *SomeDecl) Copy() *SomeDecl {
- cpy := *d
- cpy.Symbols = termSliceCopy(d.Symbols)
- return &cpy
-}
-
-// Compare returns an integer indicating whether d is less than, equal to, or
-// greater than other.
-func (d *SomeDecl) Compare(other *SomeDecl) int {
- return termSliceCompare(d.Symbols, other.Symbols)
-}
-
-// Hash returns a hash code of d.
-func (d *SomeDecl) Hash() int {
- return termSliceHash(d.Symbols)
-}
-
-func (d *SomeDecl) setJSONOptions(opts astJSON.Options) {
- d.jsonOptions = opts
- if d.Location != nil {
- d.Location.JSONOptions = opts
- }
-}
-
-func (d *SomeDecl) MarshalJSON() ([]byte, error) {
- data := map[string]interface{}{
- "symbols": d.Symbols,
- }
-
- if d.jsonOptions.MarshalOptions.IncludeLocation.SomeDecl {
- if d.Location != nil {
- data["location"] = d.Location
- }
- }
-
- return json.Marshal(data)
-}
-
-func (q *Every) String() string {
- if q.Key != nil {
- return fmt.Sprintf("every %s, %s in %s { %s }",
- q.Key,
- q.Value,
- q.Domain,
- q.Body)
- }
- return fmt.Sprintf("every %s in %s { %s }",
- q.Value,
- q.Domain,
- q.Body)
-}
-
-func (q *Every) Loc() *Location {
- return q.Location
-}
-
-func (q *Every) SetLoc(l *Location) {
- q.Location = l
-}
-
-// Copy returns a deep copy of d.
-func (q *Every) Copy() *Every {
- cpy := *q
- cpy.Key = q.Key.Copy()
- cpy.Value = q.Value.Copy()
- cpy.Domain = q.Domain.Copy()
- cpy.Body = q.Body.Copy()
- return &cpy
-}
-
-func (q *Every) Compare(other *Every) int {
- for _, terms := range [][2]*Term{
- {q.Key, other.Key},
- {q.Value, other.Value},
- {q.Domain, other.Domain},
- } {
- if d := Compare(terms[0], terms[1]); d != 0 {
- return d
- }
- }
- return q.Body.Compare(other.Body)
-}
-
-// KeyValueVars returns the key and val arguments of an `every`
-// expression, if they are non-nil and not wildcards.
-func (q *Every) KeyValueVars() VarSet {
- vis := &VarVisitor{vars: VarSet{}}
- if q.Key != nil {
- vis.Walk(q.Key)
- }
- vis.Walk(q.Value)
- return vis.vars
-}
-
-func (q *Every) setJSONOptions(opts astJSON.Options) {
- q.jsonOptions = opts
- if q.Location != nil {
- q.Location.JSONOptions = opts
- }
-}
-
-func (q *Every) MarshalJSON() ([]byte, error) {
- data := map[string]interface{}{
- "key": q.Key,
- "value": q.Value,
- "domain": q.Domain,
- "body": q.Body,
- }
-
- if q.jsonOptions.MarshalOptions.IncludeLocation.Every {
- if q.Location != nil {
- data["location"] = q.Location
- }
- }
-
- return json.Marshal(data)
-}
-
-func (w *With) String() string {
- return "with " + w.Target.String() + " as " + w.Value.String()
-}
-
-// Equal returns true if this With is equals the other With.
-func (w *With) Equal(other *With) bool {
- return Compare(w, other) == 0
-}
-
-// Compare returns an integer indicating whether w is less than, equal to, or
-// greater than other.
-func (w *With) Compare(other *With) int {
- if w == nil {
- if other == nil {
- return 0
- }
- return -1
- } else if other == nil {
- return 1
- }
- if cmp := Compare(w.Target, other.Target); cmp != 0 {
- return cmp
- }
- return Compare(w.Value, other.Value)
-}
-
-// Copy returns a deep copy of w.
-func (w *With) Copy() *With {
- cpy := *w
- cpy.Value = w.Value.Copy()
- cpy.Target = w.Target.Copy()
- return &cpy
-}
-
-// Hash returns the hash code of the With.
-func (w With) Hash() int {
- return w.Target.Hash() + w.Value.Hash()
-}
-
-// SetLocation sets the location on w.
-func (w *With) SetLocation(loc *Location) *With {
- w.Location = loc
- return w
-}
-
-// Loc returns the Location of w.
-func (w *With) Loc() *Location {
- if w == nil {
- return nil
- }
- return w.Location
-}
-
-// SetLoc sets the location on w.
-func (w *With) SetLoc(loc *Location) {
- w.Location = loc
-}
-
-func (w *With) setJSONOptions(opts astJSON.Options) {
- w.jsonOptions = opts
- if w.Location != nil {
- w.Location.JSONOptions = opts
- }
-}
-
-func (w *With) MarshalJSON() ([]byte, error) {
- data := map[string]interface{}{
- "target": w.Target,
- "value": w.Value,
- }
-
- if w.jsonOptions.MarshalOptions.IncludeLocation.With {
- if w.Location != nil {
- data["location"] = w.Location
- }
- }
-
- return json.Marshal(data)
+ return v1.NewBuiltinExpr(terms...)
}
// Copy returns a deep copy of the AST node x. If x is not an AST node, x is returned unmodified.
-func Copy(x interface{}) interface{} {
- switch x := x.(type) {
- case *Module:
- return x.Copy()
- case *Package:
- return x.Copy()
- case *Import:
- return x.Copy()
- case *Rule:
- return x.Copy()
- case *Head:
- return x.Copy()
- case Args:
- return x.Copy()
- case Body:
- return x.Copy()
- case *Expr:
- return x.Copy()
- case *With:
- return x.Copy()
- case *SomeDecl:
- return x.Copy()
- case *Every:
- return x.Copy()
- case *Term:
- return x.Copy()
- case *ArrayComprehension:
- return x.Copy()
- case *SetComprehension:
- return x.Copy()
- case *ObjectComprehension:
- return x.Copy()
- case Set:
- return x.Copy()
- case *object:
- return x.Copy()
- case *Array:
- return x.Copy()
- case Ref:
- return x.Copy()
- case Call:
- return x.Copy()
- case *Comment:
- return x.Copy()
- }
- return x
+func Copy(x any) any {
+ return v1.Copy(x)
}
// RuleSet represents a collection of rules that produce a virtual document.
-type RuleSet []*Rule
+type RuleSet = v1.RuleSet
// NewRuleSet returns a new RuleSet containing the given rules.
func NewRuleSet(rules ...*Rule) RuleSet {
- rs := make(RuleSet, 0, len(rules))
- for _, rule := range rules {
- rs.Add(rule)
- }
- return rs
-}
-
-// Add inserts the rule into rs.
-func (rs *RuleSet) Add(rule *Rule) {
- for _, exist := range *rs {
- if exist.Equal(rule) {
- return
- }
- }
- *rs = append(*rs, rule)
-}
-
-// Contains returns true if rs contains rule.
-func (rs RuleSet) Contains(rule *Rule) bool {
- for i := range rs {
- if rs[i].Equal(rule) {
- return true
- }
- }
- return false
-}
-
-// Diff returns a new RuleSet containing rules in rs that are not in other.
-func (rs RuleSet) Diff(other RuleSet) RuleSet {
- result := NewRuleSet()
- for i := range rs {
- if !other.Contains(rs[i]) {
- result.Add(rs[i])
- }
- }
- return result
-}
-
-// Equal returns true if rs equals other.
-func (rs RuleSet) Equal(other RuleSet) bool {
- return len(rs.Diff(other)) == 0 && len(other.Diff(rs)) == 0
-}
-
-// Merge returns a ruleset containing the union of rules from rs an other.
-func (rs RuleSet) Merge(other RuleSet) RuleSet {
- result := NewRuleSet()
- for i := range rs {
- result.Add(rs[i])
- }
- for i := range other {
- result.Add(other[i])
- }
- return result
-}
-
-func (rs RuleSet) String() string {
- buf := make([]string, 0, len(rs))
- for _, rule := range rs {
- buf = append(buf, rule.String())
- }
- return "{" + strings.Join(buf, ", ") + "}"
-}
-
-// Returns true if the equality or assignment expression referred to by expr
-// has a valid number of arguments.
-func validEqAssignArgCount(expr *Expr) bool {
- return len(expr.Operands()) == 2
-}
-
-// this function checks if the expr refers to a non-namespaced (global) built-in
-// function like eq, gt, plus, etc.
-func isGlobalBuiltin(expr *Expr, name Var) bool {
- terms, ok := expr.Terms.([]*Term)
- if !ok {
- return false
- }
-
- // NOTE(tsandall): do not use Term#Equal or Value#Compare to avoid
- // allocation here.
- ref, ok := terms[0].Value.(Ref)
- if !ok || len(ref) != 1 {
- return false
- }
- if head, ok := ref[0].Value.(Var); ok {
- return head.Equal(name)
- }
- return false
+ return v1.NewRuleSet(rules...)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/pretty.go b/vendor/github.com/open-policy-agent/opa/ast/pretty.go
index b4f05ad501..84e42f9aec 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/pretty.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/pretty.go
@@ -5,78 +5,14 @@
package ast
import (
- "fmt"
"io"
- "strings"
+
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// Pretty writes a pretty representation of the AST rooted at x to w.
//
// This is function is intended for debug purposes when inspecting ASTs.
-func Pretty(w io.Writer, x interface{}) {
- pp := &prettyPrinter{
- depth: -1,
- w: w,
- }
- NewBeforeAfterVisitor(pp.Before, pp.After).Walk(x)
-}
-
-type prettyPrinter struct {
- depth int
- w io.Writer
-}
-
-func (pp *prettyPrinter) Before(x interface{}) bool {
- switch x.(type) {
- case *Term:
- default:
- pp.depth++
- }
-
- switch x := x.(type) {
- case *Term:
- return false
- case Args:
- if len(x) == 0 {
- return false
- }
- pp.writeType(x)
- case *Expr:
- extras := []string{}
- if x.Negated {
- extras = append(extras, "negated")
- }
- extras = append(extras, fmt.Sprintf("index=%d", x.Index))
- pp.writeIndent("%v %v", TypeName(x), strings.Join(extras, " "))
- case Null, Boolean, Number, String, Var:
- pp.writeValue(x)
- default:
- pp.writeType(x)
- }
- return false
-}
-
-func (pp *prettyPrinter) After(x interface{}) {
- switch x.(type) {
- case *Term:
- default:
- pp.depth--
- }
-}
-
-func (pp *prettyPrinter) writeValue(x interface{}) {
- pp.writeIndent(fmt.Sprint(x))
-}
-
-func (pp *prettyPrinter) writeType(x interface{}) {
- pp.writeIndent(TypeName(x))
-}
-
-func (pp *prettyPrinter) writeIndent(f string, a ...interface{}) {
- pad := strings.Repeat(" ", pp.depth)
- pp.write(pad+f, a...)
-}
-
-func (pp *prettyPrinter) write(f string, a ...interface{}) {
- fmt.Fprintf(pp.w, f+"\n", a...)
+func Pretty(w io.Writer, x any) {
+ v1.Pretty(w, x)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/schema.go b/vendor/github.com/open-policy-agent/opa/ast/schema.go
index 8c96ac624e..979958a3c0 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/schema.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/schema.go
@@ -5,59 +5,13 @@
package ast
import (
- "fmt"
-
- "github.com/open-policy-agent/opa/types"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// SchemaSet holds a map from a path to a schema.
-type SchemaSet struct {
- m *util.HashMap
-}
+type SchemaSet = v1.SchemaSet
// NewSchemaSet returns an empty SchemaSet.
func NewSchemaSet() *SchemaSet {
-
- eqFunc := func(a, b util.T) bool {
- return a.(Ref).Equal(b.(Ref))
- }
-
- hashFunc := func(x util.T) int { return x.(Ref).Hash() }
-
- return &SchemaSet{
- m: util.NewHashMap(eqFunc, hashFunc),
- }
-}
-
-// Put inserts a raw schema into the set.
-func (ss *SchemaSet) Put(path Ref, raw interface{}) {
- ss.m.Put(path, raw)
-}
-
-// Get returns the raw schema identified by the path.
-func (ss *SchemaSet) Get(path Ref) interface{} {
- if ss == nil {
- return nil
- }
- x, ok := ss.m.Get(path)
- if !ok {
- return nil
- }
- return x
-}
-
-func loadSchema(raw interface{}, allowNet []string) (types.Type, error) {
-
- jsonSchema, err := compileSchema(raw, allowNet)
- if err != nil {
- return nil, err
- }
-
- tpe, err := newSchemaParser().parseSchema(jsonSchema.RootSchema)
- if err != nil {
- return nil, fmt.Errorf("type checking: %w", err)
- }
-
- return tpe, nil
+ return v1.NewSchemaSet()
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/strings.go b/vendor/github.com/open-policy-agent/opa/ast/strings.go
index e489f6977c..c2c81de8b7 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/strings.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/strings.go
@@ -5,14 +5,10 @@
package ast
import (
- "reflect"
- "strings"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// TypeName returns a human readable name for the AST element type.
-func TypeName(x interface{}) string {
- if _, ok := x.(*lazyObj); ok {
- return "object"
- }
- return strings.ToLower(reflect.Indirect(reflect.ValueOf(x)).Type().Name())
+func TypeName(x any) string {
+ return v1.TypeName(x)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/term.go b/vendor/github.com/open-policy-agent/opa/ast/term.go
index ce8ee4853d..202355070f 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/term.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/term.go
@@ -1,40 +1,22 @@
-// Copyright 2016 The OPA Authors. All rights reserved.
+// Copyright 2024 The OPA Authors. All rights reserved.
// Use of this source code is governed by an Apache2
// license that can be found in the LICENSE file.
-// nolint: deadcode // Public API.
package ast
import (
- "bytes"
"encoding/json"
- "errors"
- "fmt"
"io"
- "math"
- "math/big"
- "net/url"
- "regexp"
- "sort"
- "strconv"
- "strings"
- "sync"
-
- "github.com/OneOfOne/xxhash"
-
- astJSON "github.com/open-policy-agent/opa/ast/json"
- "github.com/open-policy-agent/opa/ast/location"
- "github.com/open-policy-agent/opa/util"
-)
-var errFindNotFound = fmt.Errorf("find: not found")
+ v1 "github.com/open-policy-agent/opa/v1/ast"
+)
// Location records a position in source code.
-type Location = location.Location
+type Location = v1.Location
// NewLocation returns a new Location object.
func NewLocation(text []byte, file string, row int, col int) *Location {
- return location.NewLocation(text, file, row, col)
+ return v1.NewLocation(text, file, row, col)
}
// Value declares the common interface for all Term values. Every kind of Term value
@@ -45,3230 +27,280 @@ func NewLocation(text []byte, file string, row int, col int) *Location {
// - Variables, References
// - Array, Set, and Object Comprehensions
// - Calls
-type Value interface {
- Compare(other Value) int // Compare returns <0, 0, or >0 if this Value is less than, equal to, or greater than other, respectively.
- Find(path Ref) (Value, error) // Find returns value referred to by path or an error if path is not found.
- Hash() int // Returns hash code of the value.
- IsGround() bool // IsGround returns true if this value is not a variable or contains no variables.
- String() string // String returns a human readable string representation of the value.
-}
+type Value = v1.Value
// InterfaceToValue converts a native Go value x to a Value.
-func InterfaceToValue(x interface{}) (Value, error) {
- switch x := x.(type) {
- case nil:
- return Null{}, nil
- case bool:
- return Boolean(x), nil
- case json.Number:
- return Number(x), nil
- case int64:
- return int64Number(x), nil
- case uint64:
- return uint64Number(x), nil
- case float64:
- return floatNumber(x), nil
- case int:
- return intNumber(x), nil
- case string:
- return String(x), nil
- case []interface{}:
- r := make([]*Term, len(x))
- for i, e := range x {
- e, err := InterfaceToValue(e)
- if err != nil {
- return nil, err
- }
- r[i] = &Term{Value: e}
- }
- return NewArray(r...), nil
- case map[string]interface{}:
- r := newobject(len(x))
- for k, v := range x {
- k, err := InterfaceToValue(k)
- if err != nil {
- return nil, err
- }
- v, err := InterfaceToValue(v)
- if err != nil {
- return nil, err
- }
- r.Insert(NewTerm(k), NewTerm(v))
- }
- return r, nil
- case map[string]string:
- r := newobject(len(x))
- for k, v := range x {
- k, err := InterfaceToValue(k)
- if err != nil {
- return nil, err
- }
- v, err := InterfaceToValue(v)
- if err != nil {
- return nil, err
- }
- r.Insert(NewTerm(k), NewTerm(v))
- }
- return r, nil
- default:
- ptr := util.Reference(x)
- if err := util.RoundTrip(ptr); err != nil {
- return nil, fmt.Errorf("ast: interface conversion: %w", err)
- }
- return InterfaceToValue(*ptr)
- }
+func InterfaceToValue(x any) (Value, error) {
+ return v1.InterfaceToValue(x)
}
// ValueFromReader returns an AST value from a JSON serialized value in the reader.
func ValueFromReader(r io.Reader) (Value, error) {
- var x interface{}
- if err := util.NewJSONDecoder(r).Decode(&x); err != nil {
- return nil, err
- }
- return InterfaceToValue(x)
+ return v1.ValueFromReader(r)
}
// As converts v into a Go native type referred to by x.
-func As(v Value, x interface{}) error {
- return util.NewJSONDecoder(bytes.NewBufferString(v.String())).Decode(x)
+func As(v Value, x any) error {
+ return v1.As(v, x)
}
// Resolver defines the interface for resolving references to native Go values.
-type Resolver interface {
- Resolve(Ref) (interface{}, error)
-}
+type Resolver = v1.Resolver
// ValueResolver defines the interface for resolving references to AST values.
-type ValueResolver interface {
- Resolve(Ref) (Value, error)
-}
+type ValueResolver = v1.ValueResolver
// UnknownValueErr indicates a ValueResolver was unable to resolve a reference
// because the reference refers to an unknown value.
-type UnknownValueErr struct{}
-
-func (UnknownValueErr) Error() string {
- return "unknown value"
-}
+type UnknownValueErr = v1.UnknownValueErr
// IsUnknownValueErr returns true if the err is an UnknownValueErr.
func IsUnknownValueErr(err error) bool {
- _, ok := err.(UnknownValueErr)
- return ok
-}
-
-type illegalResolver struct{}
-
-func (illegalResolver) Resolve(ref Ref) (interface{}, error) {
- return nil, fmt.Errorf("illegal value: %v", ref)
+ return v1.IsUnknownValueErr(err)
}
// ValueToInterface returns the Go representation of an AST value. The AST
// value should not contain any values that require evaluation (e.g., vars,
// comprehensions, etc.)
-func ValueToInterface(v Value, resolver Resolver) (interface{}, error) {
- return valueToInterface(v, resolver, JSONOpt{})
-}
-
-func valueToInterface(v Value, resolver Resolver, opt JSONOpt) (interface{}, error) {
- switch v := v.(type) {
- case Null:
- return nil, nil
- case Boolean:
- return bool(v), nil
- case Number:
- return json.Number(v), nil
- case String:
- return string(v), nil
- case *Array:
- buf := []interface{}{}
- for i := 0; i < v.Len(); i++ {
- x1, err := valueToInterface(v.Elem(i).Value, resolver, opt)
- if err != nil {
- return nil, err
- }
- buf = append(buf, x1)
- }
- return buf, nil
- case *object:
- buf := make(map[string]interface{}, v.Len())
- err := v.Iter(func(k, v *Term) error {
- ki, err := valueToInterface(k.Value, resolver, opt)
- if err != nil {
- return err
- }
- var str string
- var ok bool
- if str, ok = ki.(string); !ok {
- var buf bytes.Buffer
- if err := json.NewEncoder(&buf).Encode(ki); err != nil {
- return err
- }
- str = strings.TrimSpace(buf.String())
- }
- vi, err := valueToInterface(v.Value, resolver, opt)
- if err != nil {
- return err
- }
- buf[str] = vi
- return nil
- })
- if err != nil {
- return nil, err
- }
- return buf, nil
- case *lazyObj:
- if opt.CopyMaps {
- return valueToInterface(v.force(), resolver, opt)
- }
- return v.native, nil
- case Set:
- buf := []interface{}{}
- iter := func(x *Term) error {
- x1, err := valueToInterface(x.Value, resolver, opt)
- if err != nil {
- return err
- }
- buf = append(buf, x1)
- return nil
- }
- var err error
- if opt.SortSets {
- err = v.Sorted().Iter(iter)
- } else {
- err = v.Iter(iter)
- }
- if err != nil {
- return nil, err
- }
- return buf, nil
- case Ref:
- return resolver.Resolve(v)
- default:
- return nil, fmt.Errorf("%v requires evaluation", TypeName(v))
- }
+func ValueToInterface(v Value, resolver Resolver) (any, error) {
+ return v1.ValueToInterface(v, resolver)
}
// JSON returns the JSON representation of v. The value must not contain any
// refs or terms that require evaluation (e.g., vars, comprehensions, etc.)
-func JSON(v Value) (interface{}, error) {
- return JSONWithOpt(v, JSONOpt{})
+func JSON(v Value) (any, error) {
+ return v1.JSON(v)
}
// JSONOpt defines parameters for AST to JSON conversion.
-type JSONOpt struct {
- SortSets bool // sort sets before serializing (this makes conversion more expensive)
- CopyMaps bool // enforces copying of map[string]interface{} read from the store
-}
+type JSONOpt = v1.JSONOpt
// JSONWithOpt returns the JSON representation of v. The value must not contain any
// refs or terms that require evaluation (e.g., vars, comprehensions, etc.)
-func JSONWithOpt(v Value, opt JSONOpt) (interface{}, error) {
- return valueToInterface(v, illegalResolver{}, opt)
+func JSONWithOpt(v Value, opt JSONOpt) (any, error) {
+ return v1.JSONWithOpt(v, opt)
}
// MustJSON returns the JSON representation of v. The value must not contain any
// refs or terms that require evaluation (e.g., vars, comprehensions, etc.) If
// the conversion fails, this function will panic. This function is mostly for
// test purposes.
-func MustJSON(v Value) interface{} {
- r, err := JSON(v)
- if err != nil {
- panic(err)
- }
- return r
+func MustJSON(v Value) any {
+ return v1.MustJSON(v)
}
// MustInterfaceToValue converts a native Go value x to a Value. If the
// conversion fails, this function will panic. This function is mostly for test
// purposes.
-func MustInterfaceToValue(x interface{}) Value {
- v, err := InterfaceToValue(x)
- if err != nil {
- panic(err)
- }
- return v
+func MustInterfaceToValue(x any) Value {
+ return v1.MustInterfaceToValue(x)
}
// Term is an argument to a function.
-type Term struct {
- Value Value `json:"value"` // the value of the Term as represented in Go
- Location *Location `json:"location,omitempty"` // the location of the Term in the source
-
- jsonOptions astJSON.Options
-}
+type Term = v1.Term
// NewTerm returns a new Term object.
func NewTerm(v Value) *Term {
- return &Term{
- Value: v,
- }
-}
-
-// SetLocation updates the term's Location and returns the term itself.
-func (term *Term) SetLocation(loc *Location) *Term {
- term.Location = loc
- return term
-}
-
-// Loc returns the Location of term.
-func (term *Term) Loc() *Location {
- if term == nil {
- return nil
- }
- return term.Location
-}
-
-// SetLoc sets the location on term.
-func (term *Term) SetLoc(loc *Location) {
- term.SetLocation(loc)
-}
-
-// Copy returns a deep copy of term.
-func (term *Term) Copy() *Term {
-
- if term == nil {
- return nil
- }
-
- cpy := *term
-
- switch v := term.Value.(type) {
- case Null, Boolean, Number, String, Var:
- cpy.Value = v
- case Ref:
- cpy.Value = v.Copy()
- case *Array:
- cpy.Value = v.Copy()
- case Set:
- cpy.Value = v.Copy()
- case *object:
- cpy.Value = v.Copy()
- case *ArrayComprehension:
- cpy.Value = v.Copy()
- case *ObjectComprehension:
- cpy.Value = v.Copy()
- case *SetComprehension:
- cpy.Value = v.Copy()
- case Call:
- cpy.Value = v.Copy()
- }
-
- return &cpy
-}
-
-// Equal returns true if this term equals the other term. Equality is
-// defined for each kind of term.
-func (term *Term) Equal(other *Term) bool {
- if term == nil && other != nil {
- return false
- }
- if term != nil && other == nil {
- return false
- }
- if term == other {
- return true
- }
-
- // TODO(tsandall): This early-exit avoids allocations for types that have
- // Equal() functions that just use == underneath. We should revisit the
- // other types and implement Equal() functions that do not require
- // allocations.
- switch v := term.Value.(type) {
- case Null:
- return v.Equal(other.Value)
- case Boolean:
- return v.Equal(other.Value)
- case Number:
- return v.Equal(other.Value)
- case String:
- return v.Equal(other.Value)
- case Var:
- return v.Equal(other.Value)
- }
-
- return term.Value.Compare(other.Value) == 0
-}
-
-// Get returns a value referred to by name from the term.
-func (term *Term) Get(name *Term) *Term {
- switch v := term.Value.(type) {
- case *object:
- return v.Get(name)
- case *Array:
- return v.Get(name)
- case interface {
- Get(*Term) *Term
- }:
- return v.Get(name)
- case Set:
- if v.Contains(name) {
- return name
- }
- }
- return nil
-}
-
-// Hash returns the hash code of the Term's Value. Its Location
-// is ignored.
-func (term *Term) Hash() int {
- return term.Value.Hash()
-}
-
-// IsGround returns true if this term's Value is ground.
-func (term *Term) IsGround() bool {
- return term.Value.IsGround()
-}
-
-func (term *Term) setJSONOptions(opts astJSON.Options) {
- term.jsonOptions = opts
- if term.Location != nil {
- term.Location.JSONOptions = opts
- }
-}
-
-// MarshalJSON returns the JSON encoding of the term.
-//
-// Specialized marshalling logic is required to include a type hint for Value.
-func (term *Term) MarshalJSON() ([]byte, error) {
- d := map[string]interface{}{
- "type": TypeName(term.Value),
- "value": term.Value,
- }
- if term.jsonOptions.MarshalOptions.IncludeLocation.Term {
- if term.Location != nil {
- d["location"] = term.Location
- }
- }
- return json.Marshal(d)
-}
-
-func (term *Term) String() string {
- return term.Value.String()
-}
-
-// UnmarshalJSON parses the byte array and stores the result in term.
-// Specialized unmarshalling is required to handle Value and Location.
-func (term *Term) UnmarshalJSON(bs []byte) error {
- v := map[string]interface{}{}
- if err := util.UnmarshalJSON(bs, &v); err != nil {
- return err
- }
- val, err := unmarshalValue(v)
- if err != nil {
- return err
- }
- term.Value = val
-
- if loc, ok := v["location"].(map[string]interface{}); ok {
- term.Location = &Location{}
- err := unmarshalLocation(term.Location, loc)
- if err != nil {
- return err
- }
- }
- return nil
-}
-
-// Vars returns a VarSet with variables contained in this term.
-func (term *Term) Vars() VarSet {
- vis := &VarVisitor{vars: VarSet{}}
- vis.Walk(term)
- return vis.vars
+ return v1.NewTerm(v)
}
// IsConstant returns true if the AST value is constant.
func IsConstant(v Value) bool {
- found := false
- vis := GenericVisitor{
- func(x interface{}) bool {
- switch x.(type) {
- case Var, Ref, *ArrayComprehension, *ObjectComprehension, *SetComprehension, Call:
- found = true
- return true
- }
- return false
- },
- }
- vis.Walk(v)
- return !found
+ return v1.IsConstant(v)
}
// IsComprehension returns true if the supplied value is a comprehension.
func IsComprehension(x Value) bool {
- switch x.(type) {
- case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
- return true
- }
- return false
+ return v1.IsComprehension(x)
}
// ContainsRefs returns true if the Value v contains refs.
-func ContainsRefs(v interface{}) bool {
- found := false
- WalkRefs(v, func(Ref) bool {
- found = true
- return found
- })
- return found
+func ContainsRefs(v any) bool {
+ return v1.ContainsRefs(v)
}
// ContainsComprehensions returns true if the Value v contains comprehensions.
-func ContainsComprehensions(v interface{}) bool {
- found := false
- WalkClosures(v, func(x interface{}) bool {
- switch x.(type) {
- case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
- found = true
- return found
- }
- return found
- })
- return found
+func ContainsComprehensions(v any) bool {
+ return v1.ContainsComprehensions(v)
}
// ContainsClosures returns true if the Value v contains closures.
-func ContainsClosures(v interface{}) bool {
- found := false
- WalkClosures(v, func(x interface{}) bool {
- switch x.(type) {
- case *ArrayComprehension, *ObjectComprehension, *SetComprehension, *Every:
- found = true
- return found
- }
- return found
- })
- return found
+func ContainsClosures(v any) bool {
+ return v1.ContainsClosures(v)
}
// IsScalar returns true if the AST value is a scalar.
func IsScalar(v Value) bool {
- switch v.(type) {
- case String:
- return true
- case Number:
- return true
- case Boolean:
- return true
- case Null:
- return true
- }
- return false
+ return v1.IsScalar(v)
}
// Null represents the null value defined by JSON.
-type Null struct{}
+type Null = v1.Null
// NullTerm creates a new Term with a Null value.
func NullTerm() *Term {
- return &Term{Value: Null{}}
-}
-
-// Equal returns true if the other term Value is also Null.
-func (null Null) Equal(other Value) bool {
- switch other.(type) {
- case Null:
- return true
- default:
- return false
- }
-}
-
-// Compare compares null to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (null Null) Compare(other Value) int {
- return Compare(null, other)
-}
-
-// Find returns the current value or a not found error.
-func (null Null) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return null, nil
- }
- return nil, errFindNotFound
-}
-
-// Hash returns the hash code for the Value.
-func (null Null) Hash() int {
- return 0
-}
-
-// IsGround always returns true.
-func (Null) IsGround() bool {
- return true
-}
-
-func (null Null) String() string {
- return "null"
+ return v1.NullTerm()
}
// Boolean represents a boolean value defined by JSON.
-type Boolean bool
+type Boolean = v1.Boolean
// BooleanTerm creates a new Term with a Boolean value.
func BooleanTerm(b bool) *Term {
- return &Term{Value: Boolean(b)}
-}
-
-// Equal returns true if the other Value is a Boolean and is equal.
-func (bol Boolean) Equal(other Value) bool {
- switch other := other.(type) {
- case Boolean:
- return bol == other
- default:
- return false
- }
-}
-
-// Compare compares bol to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (bol Boolean) Compare(other Value) int {
- return Compare(bol, other)
-}
-
-// Find returns the current value or a not found error.
-func (bol Boolean) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return bol, nil
- }
- return nil, errFindNotFound
-}
-
-// Hash returns the hash code for the Value.
-func (bol Boolean) Hash() int {
- if bol {
- return 1
- }
- return 0
-}
-
-// IsGround always returns true.
-func (Boolean) IsGround() bool {
- return true
-}
-
-func (bol Boolean) String() string {
- return strconv.FormatBool(bool(bol))
+ return v1.BooleanTerm(b)
}
// Number represents a numeric value as defined by JSON.
-type Number json.Number
+type Number = v1.Number
// NumberTerm creates a new Term with a Number value.
func NumberTerm(n json.Number) *Term {
- return &Term{Value: Number(n)}
+ return v1.NumberTerm(n)
}
// IntNumberTerm creates a new Term with an integer Number value.
func IntNumberTerm(i int) *Term {
- return &Term{Value: Number(strconv.Itoa(i))}
+ return v1.IntNumberTerm(i)
}
// UIntNumberTerm creates a new Term with an unsigned integer Number value.
func UIntNumberTerm(u uint64) *Term {
- return &Term{Value: uint64Number(u)}
+ return v1.UIntNumberTerm(u)
}
// FloatNumberTerm creates a new Term with a floating point Number value.
func FloatNumberTerm(f float64) *Term {
- s := strconv.FormatFloat(f, 'g', -1, 64)
- return &Term{Value: Number(s)}
-}
-
-// Equal returns true if the other Value is a Number and is equal.
-func (num Number) Equal(other Value) bool {
- switch other := other.(type) {
- case Number:
- return Compare(num, other) == 0
- default:
- return false
- }
-}
-
-// Compare compares num to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (num Number) Compare(other Value) int {
- return Compare(num, other)
-}
-
-// Find returns the current value or a not found error.
-func (num Number) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return num, nil
- }
- return nil, errFindNotFound
-}
-
-// Hash returns the hash code for the Value.
-func (num Number) Hash() int {
- f, err := json.Number(num).Float64()
- if err != nil {
- bs := []byte(num)
- h := xxhash.Checksum64(bs)
- return int(h)
- }
- return int(f)
-}
-
-// Int returns the int representation of num if possible.
-func (num Number) Int() (int, bool) {
- i64, ok := num.Int64()
- return int(i64), ok
-}
-
-// Int64 returns the int64 representation of num if possible.
-func (num Number) Int64() (int64, bool) {
- i, err := json.Number(num).Int64()
- if err != nil {
- return 0, false
- }
- return i, true
-}
-
-// Float64 returns the float64 representation of num if possible.
-func (num Number) Float64() (float64, bool) {
- f, err := json.Number(num).Float64()
- if err != nil {
- return 0, false
- }
- return f, true
-}
-
-// IsGround always returns true.
-func (Number) IsGround() bool {
- return true
-}
-
-// MarshalJSON returns JSON encoded bytes representing num.
-func (num Number) MarshalJSON() ([]byte, error) {
- return json.Marshal(json.Number(num))
-}
-
-func (num Number) String() string {
- return string(num)
-}
-
-func intNumber(i int) Number {
- return Number(strconv.Itoa(i))
-}
-
-func int64Number(i int64) Number {
- return Number(strconv.FormatInt(i, 10))
-}
-
-func uint64Number(u uint64) Number {
- return Number(strconv.FormatUint(u, 10))
-}
-
-func floatNumber(f float64) Number {
- return Number(strconv.FormatFloat(f, 'g', -1, 64))
+ return v1.FloatNumberTerm(f)
}
// String represents a string value as defined by JSON.
-type String string
+type String = v1.String
// StringTerm creates a new Term with a String value.
func StringTerm(s string) *Term {
- return &Term{Value: String(s)}
-}
-
-// Equal returns true if the other Value is a String and is equal.
-func (str String) Equal(other Value) bool {
- switch other := other.(type) {
- case String:
- return str == other
- default:
- return false
- }
-}
-
-// Compare compares str to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (str String) Compare(other Value) int {
- return Compare(str, other)
-}
-
-// Find returns the current value or a not found error.
-func (str String) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return str, nil
- }
- return nil, errFindNotFound
-}
-
-// IsGround always returns true.
-func (String) IsGround() bool {
- return true
-}
-
-func (str String) String() string {
- return strconv.Quote(string(str))
-}
-
-// Hash returns the hash code for the Value.
-func (str String) Hash() int {
- h := xxhash.ChecksumString64S(string(str), hashSeed0)
- return int(h)
+ return v1.StringTerm(s)
}
// Var represents a variable as defined by the language.
-type Var string
+type Var = v1.Var
// VarTerm creates a new Term with a Variable value.
func VarTerm(v string) *Term {
- return &Term{Value: Var(v)}
-}
-
-// Equal returns true if the other Value is a Variable and has the same value
-// (name).
-func (v Var) Equal(other Value) bool {
- switch other := other.(type) {
- case Var:
- return v == other
- default:
- return false
- }
-}
-
-// Compare compares v to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (v Var) Compare(other Value) int {
- return Compare(v, other)
-}
-
-// Find returns the current value or a not found error.
-func (v Var) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return v, nil
- }
- return nil, errFindNotFound
-}
-
-// Hash returns the hash code for the Value.
-func (v Var) Hash() int {
- h := xxhash.ChecksumString64S(string(v), hashSeed0)
- return int(h)
-}
-
-// IsGround always returns false.
-func (Var) IsGround() bool {
- return false
-}
-
-// IsWildcard returns true if this is a wildcard variable.
-func (v Var) IsWildcard() bool {
- return strings.HasPrefix(string(v), WildcardPrefix)
-}
-
-// IsGenerated returns true if this variable was generated during compilation.
-func (v Var) IsGenerated() bool {
- return strings.HasPrefix(string(v), "__local")
-}
-
-func (v Var) String() string {
- // Special case for wildcard so that string representation is parseable. The
- // parser mangles wildcard variables to make their names unique and uses an
- // illegal variable name character (WildcardPrefix) to avoid conflicts. When
- // we serialize the variable here, we need to make sure it's parseable.
- if v.IsWildcard() {
- return Wildcard.String()
- }
- return string(v)
+ return v1.VarTerm(v)
}
// Ref represents a reference as defined by the language.
-type Ref []*Term
+type Ref = v1.Ref
// EmptyRef returns a new, empty reference.
func EmptyRef() Ref {
- return Ref([]*Term{})
+ return v1.EmptyRef()
}
// PtrRef returns a new reference against the head for the pointer
// s. Path components in the pointer are unescaped.
func PtrRef(head *Term, s string) (Ref, error) {
- s = strings.Trim(s, "/")
- if s == "" {
- return Ref{head}, nil
- }
- parts := strings.Split(s, "/")
- if maxLen := math.MaxInt32; len(parts) >= maxLen {
- return nil, fmt.Errorf("path too long: %s, %d > %d (max)", s, len(parts), maxLen)
- }
- ref := make(Ref, uint(len(parts))+1)
- ref[0] = head
- for i := 0; i < len(parts); i++ {
- var err error
- parts[i], err = url.PathUnescape(parts[i])
- if err != nil {
- return nil, err
- }
- ref[i+1] = StringTerm(parts[i])
- }
- return ref, nil
+ return v1.PtrRef(head, s)
}
// RefTerm creates a new Term with a Ref value.
func RefTerm(r ...*Term) *Term {
- return &Term{Value: Ref(r)}
-}
-
-// Append returns a copy of ref with the term appended to the end.
-func (ref Ref) Append(term *Term) Ref {
- n := len(ref)
- dst := make(Ref, n+1)
- copy(dst, ref)
- dst[n] = term
- return dst
-}
-
-// Insert returns a copy of the ref with x inserted at pos. If pos < len(ref),
-// existing elements are shifted to the right. If pos > len(ref)+1 this
-// function panics.
-func (ref Ref) Insert(x *Term, pos int) Ref {
- switch {
- case pos == len(ref):
- return ref.Append(x)
- case pos > len(ref)+1:
- panic("illegal index")
- }
- cpy := make(Ref, len(ref)+1)
- copy(cpy, ref[:pos])
- cpy[pos] = x
- copy(cpy[pos+1:], ref[pos:])
- return cpy
-}
-
-// Extend returns a copy of ref with the terms from other appended. The head of
-// other will be converted to a string.
-func (ref Ref) Extend(other Ref) Ref {
- dst := make(Ref, len(ref)+len(other))
- copy(dst, ref)
-
- head := other[0].Copy()
- head.Value = String(head.Value.(Var))
- offset := len(ref)
- dst[offset] = head
-
- copy(dst[offset+1:], other[1:])
- return dst
-}
-
-// Concat returns a ref with the terms appended.
-func (ref Ref) Concat(terms []*Term) Ref {
- if len(terms) == 0 {
- return ref
- }
- cpy := make(Ref, len(ref)+len(terms))
- copy(cpy, ref)
- copy(cpy[len(ref):], terms)
- return cpy
-}
-
-// Dynamic returns the offset of the first non-constant operand of ref.
-func (ref Ref) Dynamic() int {
- switch ref[0].Value.(type) {
- case Call:
- return 0
- }
- for i := 1; i < len(ref); i++ {
- if !IsConstant(ref[i].Value) {
- return i
- }
- }
- return -1
-}
-
-// Copy returns a deep copy of ref.
-func (ref Ref) Copy() Ref {
- return termSliceCopy(ref)
-}
-
-// Equal returns true if ref is equal to other.
-func (ref Ref) Equal(other Value) bool {
- return Compare(ref, other) == 0
-}
-
-// Compare compares ref to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (ref Ref) Compare(other Value) int {
- return Compare(ref, other)
-}
-
-// Find returns the current value or a "not found" error.
-func (ref Ref) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return ref, nil
- }
- return nil, errFindNotFound
-}
-
-// Hash returns the hash code for the Value.
-func (ref Ref) Hash() int {
- return termSliceHash(ref)
-}
-
-// HasPrefix returns true if the other ref is a prefix of this ref.
-func (ref Ref) HasPrefix(other Ref) bool {
- if len(other) > len(ref) {
- return false
- }
- for i := range other {
- if !ref[i].Equal(other[i]) {
- return false
- }
- }
- return true
-}
-
-// ConstantPrefix returns the constant portion of the ref starting from the head.
-func (ref Ref) ConstantPrefix() Ref {
- ref = ref.Copy()
-
- i := ref.Dynamic()
- if i < 0 {
- return ref
- }
- return ref[:i]
-}
-
-func (ref Ref) StringPrefix() Ref {
- r := ref.Copy()
-
- for i := 1; i < len(ref); i++ {
- switch r[i].Value.(type) {
- case String: // pass
- default: // cut off
- return r[:i]
- }
- }
-
- return r
-}
-
-// GroundPrefix returns the ground portion of the ref starting from the head. By
-// definition, the head of the reference is always ground.
-func (ref Ref) GroundPrefix() Ref {
- prefix := make(Ref, 0, len(ref))
-
- for i, x := range ref {
- if i > 0 && !x.IsGround() {
- break
- }
- prefix = append(prefix, x)
- }
-
- return prefix
-}
-
-func (ref Ref) DynamicSuffix() Ref {
- i := ref.Dynamic()
- if i < 0 {
- return nil
- }
- return ref[i:]
-}
-
-// IsGround returns true if all of the parts of the Ref are ground.
-func (ref Ref) IsGround() bool {
- if len(ref) == 0 {
- return true
- }
- return termSliceIsGround(ref[1:])
-}
-
-// IsNested returns true if this ref contains other Refs.
-func (ref Ref) IsNested() bool {
- for _, x := range ref {
- if _, ok := x.Value.(Ref); ok {
- return true
- }
- }
- return false
-}
-
-// Ptr returns a slash-separated path string for this ref. If the ref
-// contains non-string terms this function returns an error. Path
-// components are escaped.
-func (ref Ref) Ptr() (string, error) {
- parts := make([]string, 0, len(ref)-1)
- for _, term := range ref[1:] {
- if str, ok := term.Value.(String); ok {
- parts = append(parts, url.PathEscape(string(str)))
- } else {
- return "", fmt.Errorf("invalid path value type")
- }
- }
- return strings.Join(parts, "/"), nil
+ return v1.RefTerm(r...)
}
-var varRegexp = regexp.MustCompile("^[[:alpha:]_][[:alpha:][:digit:]_]*$")
-
func IsVarCompatibleString(s string) bool {
- return varRegexp.MatchString(s)
-}
-
-func (ref Ref) String() string {
- if len(ref) == 0 {
- return ""
- }
- buf := []string{ref[0].Value.String()}
- path := ref[1:]
- for _, p := range path {
- switch p := p.Value.(type) {
- case String:
- str := string(p)
- if varRegexp.MatchString(str) && len(buf) > 0 && !IsKeyword(str) {
- buf = append(buf, "."+str)
- } else {
- buf = append(buf, "["+p.String()+"]")
- }
- default:
- buf = append(buf, "["+p.String()+"]")
- }
- }
- return strings.Join(buf, "")
-}
-
-// OutputVars returns a VarSet containing variables that would be bound by evaluating
-// this expression in isolation.
-func (ref Ref) OutputVars() VarSet {
- vis := NewVarVisitor().WithParams(VarVisitorParams{SkipRefHead: true})
- vis.Walk(ref)
- return vis.Vars()
-}
-
-func (ref Ref) toArray() *Array {
- a := NewArray()
- for _, term := range ref {
- if _, ok := term.Value.(String); ok {
- a = a.Append(term)
- } else {
- a = a.Append(StringTerm(term.Value.String()))
- }
- }
- return a
+ return v1.IsVarCompatibleString(s)
}
// QueryIterator defines the interface for querying AST documents with references.
-type QueryIterator func(map[Var]Value, Value) error
+type QueryIterator = v1.QueryIterator
// ArrayTerm creates a new Term with an Array value.
func ArrayTerm(a ...*Term) *Term {
- return NewTerm(NewArray(a...))
+ return v1.ArrayTerm(a...)
}
// NewArray creates an Array with the terms provided. The array will
// use the provided term slice.
func NewArray(a ...*Term) *Array {
- hs := make([]int, len(a))
- for i, e := range a {
- hs[i] = e.Value.Hash()
- }
- arr := &Array{elems: a, hashs: hs, ground: termSliceIsGround(a)}
- arr.rehash()
- return arr
+ return v1.NewArray(a...)
}
// Array represents an array as defined by the language. Arrays are similar to the
// same types as defined by JSON with the exception that they can contain Vars
// and References.
-type Array struct {
- elems []*Term
- hashs []int // element hashes
- hash int
- ground bool
-}
-
-// Copy returns a deep copy of arr.
-func (arr *Array) Copy() *Array {
- cpy := make([]int, len(arr.elems))
- copy(cpy, arr.hashs)
- return &Array{
- elems: termSliceCopy(arr.elems),
- hashs: cpy,
- hash: arr.hash,
- ground: arr.IsGround()}
-}
-
-// Equal returns true if arr is equal to other.
-func (arr *Array) Equal(other Value) bool {
- return Compare(arr, other) == 0
-}
-
-// Compare compares arr to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (arr *Array) Compare(other Value) int {
- return Compare(arr, other)
-}
-
-// Find returns the value at the index or an out-of-range error.
-func (arr *Array) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return arr, nil
- }
- num, ok := path[0].Value.(Number)
- if !ok {
- return nil, errFindNotFound
- }
- i, ok := num.Int()
- if !ok {
- return nil, errFindNotFound
- }
- if i < 0 || i >= arr.Len() {
- return nil, errFindNotFound
- }
- return arr.Elem(i).Value.Find(path[1:])
-}
-
-// Get returns the element at pos or nil if not possible.
-func (arr *Array) Get(pos *Term) *Term {
- num, ok := pos.Value.(Number)
- if !ok {
- return nil
- }
-
- i, ok := num.Int()
- if !ok {
- return nil
- }
-
- if i >= 0 && i < len(arr.elems) {
- return arr.elems[i]
- }
-
- return nil
-}
-
-// Sorted returns a new Array that contains the sorted elements of arr.
-func (arr *Array) Sorted() *Array {
- cpy := make([]*Term, len(arr.elems))
- for i := range cpy {
- cpy[i] = arr.elems[i]
- }
- sort.Sort(termSlice(cpy))
- a := NewArray(cpy...)
- a.hashs = arr.hashs
- return a
-}
-
-// Hash returns the hash code for the Value.
-func (arr *Array) Hash() int {
- return arr.hash
-}
-
-// IsGround returns true if all of the Array elements are ground.
-func (arr *Array) IsGround() bool {
- return arr.ground
-}
-
-// MarshalJSON returns JSON encoded bytes representing arr.
-func (arr *Array) MarshalJSON() ([]byte, error) {
- if len(arr.elems) == 0 {
- return []byte(`[]`), nil
- }
- return json.Marshal(arr.elems)
-}
-
-func (arr *Array) String() string {
- var b strings.Builder
- b.WriteRune('[')
- for i, e := range arr.elems {
- if i > 0 {
- b.WriteString(", ")
- }
- b.WriteString(e.String())
- }
- b.WriteRune(']')
- return b.String()
-}
-
-// Len returns the number of elements in the array.
-func (arr *Array) Len() int {
- return len(arr.elems)
-}
-
-// Elem returns the element i of arr.
-func (arr *Array) Elem(i int) *Term {
- return arr.elems[i]
-}
-
-// Set sets the element i of arr.
-func (arr *Array) Set(i int, v *Term) {
- arr.set(i, v)
-}
-
-// rehash updates the cached hash of arr.
-func (arr *Array) rehash() {
- arr.hash = 0
- for _, h := range arr.hashs {
- arr.hash += h
- }
-}
-
-// set sets the element i of arr.
-func (arr *Array) set(i int, v *Term) {
- arr.ground = arr.ground && v.IsGround()
- arr.elems[i] = v
- arr.hashs[i] = v.Value.Hash()
- arr.rehash()
-}
-
-// Slice returns a slice of arr starting from i index to j. -1
-// indicates the end of the array. The returned value array is not a
-// copy and any modifications to either of arrays may be reflected to
-// the other.
-func (arr *Array) Slice(i, j int) *Array {
- var elems []*Term
- var hashs []int
- if j == -1 {
- elems = arr.elems[i:]
- hashs = arr.hashs[i:]
- } else {
- elems = arr.elems[i:j]
- hashs = arr.hashs[i:j]
- }
- // If arr is ground, the slice is, too.
- // If it's not, the slice could still be.
- gr := arr.ground || termSliceIsGround(elems)
-
- s := &Array{elems: elems, hashs: hashs, ground: gr}
- s.rehash()
- return s
-}
-
-// Iter calls f on each element in arr. If f returns an error,
-// iteration stops and the return value is the error.
-func (arr *Array) Iter(f func(*Term) error) error {
- for i := range arr.elems {
- if err := f(arr.elems[i]); err != nil {
- return err
- }
- }
- return nil
-}
-
-// Until calls f on each element in arr. If f returns true, iteration stops.
-func (arr *Array) Until(f func(*Term) bool) bool {
- err := arr.Iter(func(t *Term) error {
- if f(t) {
- return errStop
- }
- return nil
- })
- return err != nil
-}
-
-// Foreach calls f on each element in arr.
-func (arr *Array) Foreach(f func(*Term)) {
- _ = arr.Iter(func(t *Term) error {
- f(t)
- return nil
- }) // ignore error
-}
-
-// Append appends a term to arr, returning the appended array.
-func (arr *Array) Append(v *Term) *Array {
- cpy := *arr
- cpy.elems = append(arr.elems, v)
- cpy.hashs = append(arr.hashs, v.Value.Hash())
- cpy.hash = arr.hash + v.Value.Hash()
- cpy.ground = arr.ground && v.IsGround()
- return &cpy
-}
+type Array = v1.Array
// Set represents a set as defined by the language.
-type Set interface {
- Value
- Len() int
- Copy() Set
- Diff(Set) Set
- Intersect(Set) Set
- Union(Set) Set
- Add(*Term)
- Iter(func(*Term) error) error
- Until(func(*Term) bool) bool
- Foreach(func(*Term))
- Contains(*Term) bool
- Map(func(*Term) (*Term, error)) (Set, error)
- Reduce(*Term, func(*Term, *Term) (*Term, error)) (*Term, error)
- Sorted() *Array
- Slice() []*Term
-}
+type Set = v1.Set
// NewSet returns a new Set containing t.
func NewSet(t ...*Term) Set {
- s := newset(len(t))
- for i := range t {
- s.Add(t[i])
- }
- return s
+ return v1.NewSet(t...)
}
-func newset(n int) *set {
- var keys []*Term
- if n > 0 {
- keys = make([]*Term, 0, n)
- }
- return &set{
- elems: make(map[int]*Term, n),
- keys: keys,
- hash: 0,
- ground: true,
- sortGuard: new(sync.Once),
- }
-}
-
-// SetTerm returns a new Term representing a set containing terms t.
func SetTerm(t ...*Term) *Term {
- set := NewSet(t...)
- return &Term{
- Value: set,
- }
-}
-
-type set struct {
- elems map[int]*Term
- keys []*Term
- hash int
- ground bool
- sortGuard *sync.Once // Prevents race condition around sorting.
-}
-
-// Copy returns a deep copy of s.
-func (s *set) Copy() Set {
- cpy := newset(s.Len())
- s.Foreach(func(x *Term) {
- cpy.Add(x.Copy())
- })
- cpy.hash = s.hash
- cpy.ground = s.ground
- return cpy
-}
-
-// IsGround returns true if all terms in s are ground.
-func (s *set) IsGround() bool {
- return s.ground
-}
-
-// Hash returns a hash code for s.
-func (s *set) Hash() int {
- return s.hash
-}
-
-func (s *set) String() string {
- if s.Len() == 0 {
- return "set()"
- }
- var b strings.Builder
- b.WriteRune('{')
- for i := range s.sortedKeys() {
- if i > 0 {
- b.WriteString(", ")
- }
- b.WriteString(s.keys[i].Value.String())
- }
- b.WriteRune('}')
- return b.String()
-}
-
-func (s *set) sortedKeys() []*Term {
- s.sortGuard.Do(func() {
- sort.Sort(termSlice(s.keys))
- })
- return s.keys
-}
-
-// Compare compares s to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (s *set) Compare(other Value) int {
- o1 := sortOrder(s)
- o2 := sortOrder(other)
- if o1 < o2 {
- return -1
- } else if o1 > o2 {
- return 1
- }
- t := other.(*set)
- return termSliceCompare(s.sortedKeys(), t.sortedKeys())
-}
-
-// Find returns the set or dereferences the element itself.
-func (s *set) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return s, nil
- }
- if !s.Contains(path[0]) {
- return nil, errFindNotFound
- }
- return path[0].Value.Find(path[1:])
-}
-
-// Diff returns elements in s that are not in other.
-func (s *set) Diff(other Set) Set {
- r := NewSet()
- s.Foreach(func(x *Term) {
- if !other.Contains(x) {
- r.Add(x)
- }
- })
- return r
-}
-
-// Intersect returns the set containing elements in both s and other.
-func (s *set) Intersect(other Set) Set {
- o := other.(*set)
- n, m := s.Len(), o.Len()
- ss := s
- so := o
- if m < n {
- ss = o
- so = s
- n = m
- }
-
- r := newset(n)
- ss.Foreach(func(x *Term) {
- if so.Contains(x) {
- r.Add(x)
- }
- })
- return r
-}
-
-// Union returns the set containing all elements of s and other.
-func (s *set) Union(other Set) Set {
- r := NewSet()
- s.Foreach(func(x *Term) {
- r.Add(x)
- })
- other.Foreach(func(x *Term) {
- r.Add(x)
- })
- return r
-}
-
-// Add updates s to include t.
-func (s *set) Add(t *Term) {
- s.insert(t)
-}
-
-// Iter calls f on each element in s. If f returns an error, iteration stops
-// and the return value is the error.
-func (s *set) Iter(f func(*Term) error) error {
- for i := range s.sortedKeys() {
- if err := f(s.keys[i]); err != nil {
- return err
- }
- }
- return nil
-}
-
-var errStop = errors.New("stop")
-
-// Until calls f on each element in s. If f returns true, iteration stops.
-func (s *set) Until(f func(*Term) bool) bool {
- err := s.Iter(func(t *Term) error {
- if f(t) {
- return errStop
- }
- return nil
- })
- return err != nil
-}
-
-// Foreach calls f on each element in s.
-func (s *set) Foreach(f func(*Term)) {
- _ = s.Iter(func(t *Term) error {
- f(t)
- return nil
- }) // ignore error
-}
-
-// Map returns a new Set obtained by applying f to each value in s.
-func (s *set) Map(f func(*Term) (*Term, error)) (Set, error) {
- set := NewSet()
- err := s.Iter(func(x *Term) error {
- term, err := f(x)
- if err != nil {
- return err
- }
- set.Add(term)
- return nil
- })
- if err != nil {
- return nil, err
- }
- return set, nil
-}
-
-// Reduce returns a Term produced by applying f to each value in s. The first
-// argument to f is the reduced value (starting with i) and the second argument
-// to f is the element in s.
-func (s *set) Reduce(i *Term, f func(*Term, *Term) (*Term, error)) (*Term, error) {
- err := s.Iter(func(x *Term) error {
- var err error
- i, err = f(i, x)
- if err != nil {
- return err
- }
- return nil
- })
- return i, err
-}
-
-// Contains returns true if t is in s.
-func (s *set) Contains(t *Term) bool {
- return s.get(t) != nil
-}
-
-// Len returns the number of elements in the set.
-func (s *set) Len() int {
- return len(s.keys)
-}
-
-// MarshalJSON returns JSON encoded bytes representing s.
-func (s *set) MarshalJSON() ([]byte, error) {
- if s.keys == nil {
- return []byte(`[]`), nil
- }
- return json.Marshal(s.sortedKeys())
-}
-
-// Sorted returns an Array that contains the sorted elements of s.
-func (s *set) Sorted() *Array {
- cpy := make([]*Term, len(s.keys))
- copy(cpy, s.sortedKeys())
- return NewArray(cpy...)
-}
-
-// Slice returns a slice of terms contained in the set.
-func (s *set) Slice() []*Term {
- return s.sortedKeys()
-}
-
-// NOTE(philipc): We assume a many-readers, single-writer model here.
-// This method should NOT be used concurrently, or else we risk data races.
-func (s *set) insert(x *Term) {
- hash := x.Hash()
- insertHash := hash
- // This `equal` utility is duplicated and manually inlined a number of
- // time in this file. Inlining it avoids heap allocations, so it makes
- // a big performance difference: some operations like lookup become twice
- // as slow without it.
- var equal func(v Value) bool
-
- switch x := x.Value.(type) {
- case Null, Boolean, String, Var:
- equal = func(y Value) bool { return x == y }
- case Number:
- if xi, err := json.Number(x).Int64(); err == nil {
- equal = func(y Value) bool {
- if y, ok := y.(Number); ok {
- if yi, err := json.Number(y).Int64(); err == nil {
- return xi == yi
- }
- }
-
- return false
- }
- break
- }
-
- // We use big.Rat for comparing big numbers.
- // It replaces big.Float due to following reason:
- // big.Float comes with a default precision of 64, and setting a
- // larger precision results in more memory being allocated
- // (regardless of the actual number we are parsing with SetString).
- //
- // Note: If we're so close to zero that big.Float says we are zero, do
- // *not* big.Rat).SetString on the original string it'll potentially
- // take very long.
- var a *big.Rat
- fa, ok := new(big.Float).SetString(string(x))
- if !ok {
- panic("illegal value")
- }
- if fa.IsInt() {
- if i, _ := fa.Int64(); i == 0 {
- a = new(big.Rat).SetInt64(0)
- }
- }
- if a == nil {
- a, ok = new(big.Rat).SetString(string(x))
- if !ok {
- panic("illegal value")
- }
- }
-
- equal = func(b Value) bool {
- if bNum, ok := b.(Number); ok {
- var b *big.Rat
- fb, ok := new(big.Float).SetString(string(bNum))
- if !ok {
- panic("illegal value")
- }
- if fb.IsInt() {
- if i, _ := fb.Int64(); i == 0 {
- b = new(big.Rat).SetInt64(0)
- }
- }
- if b == nil {
- b, ok = new(big.Rat).SetString(string(bNum))
- if !ok {
- panic("illegal value")
- }
- }
-
- return a.Cmp(b) == 0
- }
-
- return false
- }
- default:
- equal = func(y Value) bool { return Compare(x, y) == 0 }
- }
-
- for curr, ok := s.elems[insertHash]; ok; {
- if equal(curr.Value) {
- return
- }
-
- insertHash++
- curr, ok = s.elems[insertHash]
- }
-
- s.elems[insertHash] = x
- // O(1) insertion, but we'll have to re-sort the keys later.
- s.keys = append(s.keys, x)
- // Reset the sync.Once instance.
- // See https://github.com/golang/go/issues/25955 for why we do it this way.
- s.sortGuard = new(sync.Once)
-
- s.hash += hash
- s.ground = s.ground && x.IsGround()
-}
-
-func (s *set) get(x *Term) *Term {
- hash := x.Hash()
- // This `equal` utility is duplicated and manually inlined a number of
- // time in this file. Inlining it avoids heap allocations, so it makes
- // a big performance difference: some operations like lookup become twice
- // as slow without it.
- var equal func(v Value) bool
-
- switch x := x.Value.(type) {
- case Null, Boolean, String, Var:
- equal = func(y Value) bool { return x == y }
- case Number:
- if xi, err := json.Number(x).Int64(); err == nil {
- equal = func(y Value) bool {
- if y, ok := y.(Number); ok {
- if yi, err := json.Number(y).Int64(); err == nil {
- return xi == yi
- }
- }
-
- return false
- }
- break
- }
-
- // We use big.Rat for comparing big numbers.
- // It replaces big.Float due to following reason:
- // big.Float comes with a default precision of 64, and setting a
- // larger precision results in more memory being allocated
- // (regardless of the actual number we are parsing with SetString).
- //
- // Note: If we're so close to zero that big.Float says we are zero, do
- // *not* big.Rat).SetString on the original string it'll potentially
- // take very long.
- var a *big.Rat
- fa, ok := new(big.Float).SetString(string(x))
- if !ok {
- panic("illegal value")
- }
- if fa.IsInt() {
- if i, _ := fa.Int64(); i == 0 {
- a = new(big.Rat).SetInt64(0)
- }
- }
- if a == nil {
- a, ok = new(big.Rat).SetString(string(x))
- if !ok {
- panic("illegal value")
- }
- }
-
- equal = func(b Value) bool {
- if bNum, ok := b.(Number); ok {
- var b *big.Rat
- fb, ok := new(big.Float).SetString(string(bNum))
- if !ok {
- panic("illegal value")
- }
- if fb.IsInt() {
- if i, _ := fb.Int64(); i == 0 {
- b = new(big.Rat).SetInt64(0)
- }
- }
- if b == nil {
- b, ok = new(big.Rat).SetString(string(bNum))
- if !ok {
- panic("illegal value")
- }
- }
-
- return a.Cmp(b) == 0
- }
- return false
-
- }
-
- default:
- equal = func(y Value) bool { return Compare(x, y) == 0 }
- }
-
- for curr, ok := s.elems[hash]; ok; {
- if equal(curr.Value) {
- return curr
- }
-
- hash++
- curr, ok = s.elems[hash]
- }
- return nil
+ return v1.SetTerm(t...)
}
// Object represents an object as defined by the language.
-type Object interface {
- Value
- Len() int
- Get(*Term) *Term
- Copy() Object
- Insert(*Term, *Term)
- Iter(func(*Term, *Term) error) error
- Until(func(*Term, *Term) bool) bool
- Foreach(func(*Term, *Term))
- Map(func(*Term, *Term) (*Term, *Term, error)) (Object, error)
- Diff(other Object) Object
- Intersect(other Object) [][3]*Term
- Merge(other Object) (Object, bool)
- MergeWith(other Object, conflictResolver func(v1, v2 *Term) (*Term, bool)) (Object, bool)
- Filter(filter Object) (Object, error)
- Keys() []*Term
- KeysIterator() ObjectKeysIterator
- get(k *Term) *objectElem // To prevent external implementations
-}
+type Object = v1.Object
// NewObject creates a new Object with t.
func NewObject(t ...[2]*Term) Object {
- obj := newobject(len(t))
- for i := range t {
- obj.Insert(t[i][0], t[i][1])
- }
- return obj
+ return v1.NewObject(t...)
}
// ObjectTerm creates a new Term with an Object value.
func ObjectTerm(o ...[2]*Term) *Term {
- return &Term{Value: NewObject(o...)}
-}
-
-func LazyObject(blob map[string]interface{}) Object {
- return &lazyObj{native: blob, cache: map[string]Value{}}
-}
-
-type lazyObj struct {
- strict Object
- cache map[string]Value
- native map[string]interface{}
-}
-
-func (l *lazyObj) force() Object {
- if l.strict == nil {
- l.strict = MustInterfaceToValue(l.native).(Object)
- // NOTE(jf): a possible performance improvement here would be to check how many
- // entries have been realized to AST in the cache, and if some threshold compared to the
- // total number of keys is exceeded, realize the remaining entries and set l.strict to l.cache.
- l.cache = map[string]Value{} // We don't need the cache anymore; drop it to free up memory.
- }
- return l.strict
-}
-
-func (l *lazyObj) Compare(other Value) int {
- o1 := sortOrder(l)
- o2 := sortOrder(other)
- if o1 < o2 {
- return -1
- } else if o2 < o1 {
- return 1
- }
- return l.force().Compare(other)
-}
-
-func (l *lazyObj) Copy() Object {
- return l
-}
-
-func (l *lazyObj) Diff(other Object) Object {
- return l.force().Diff(other)
-}
-
-func (l *lazyObj) Intersect(other Object) [][3]*Term {
- return l.force().Intersect(other)
-}
-
-func (l *lazyObj) Iter(f func(*Term, *Term) error) error {
- return l.force().Iter(f)
-}
-
-func (l *lazyObj) Until(f func(*Term, *Term) bool) bool {
- // NOTE(sr): there could be benefits in not forcing here -- if we abort because
- // `f` returns true, we could save us from converting the rest of the object.
- return l.force().Until(f)
-}
-
-func (l *lazyObj) Foreach(f func(*Term, *Term)) {
- l.force().Foreach(f)
-}
-
-func (l *lazyObj) Filter(filter Object) (Object, error) {
- return l.force().Filter(filter)
-}
-
-func (l *lazyObj) Map(f func(*Term, *Term) (*Term, *Term, error)) (Object, error) {
- return l.force().Map(f)
-}
-
-func (l *lazyObj) MarshalJSON() ([]byte, error) {
- return l.force().(*object).MarshalJSON()
-}
-
-func (l *lazyObj) Merge(other Object) (Object, bool) {
- return l.force().Merge(other)
-}
-
-func (l *lazyObj) MergeWith(other Object, conflictResolver func(v1, v2 *Term) (*Term, bool)) (Object, bool) {
- return l.force().MergeWith(other, conflictResolver)
-}
-
-func (l *lazyObj) Len() int {
- return len(l.native)
+ return v1.ObjectTerm(o...)
}
-func (l *lazyObj) String() string {
- return l.force().String()
+func LazyObject(blob map[string]any) Object {
+ return v1.LazyObject(blob)
}
-// get is merely there to implement the Object interface -- `get` there serves the
-// purpose of prohibiting external implementations. It's never called for lazyObj.
-func (*lazyObj) get(*Term) *objectElem {
- return nil
-}
-
-func (l *lazyObj) Get(k *Term) *Term {
- if l.strict != nil {
- return l.strict.Get(k)
- }
- if s, ok := k.Value.(String); ok {
- if v, ok := l.cache[string(s)]; ok {
- return NewTerm(v)
- }
-
- if val, ok := l.native[string(s)]; ok {
- var converted Value
- switch val := val.(type) {
- case map[string]interface{}:
- converted = LazyObject(val)
- default:
- converted = MustInterfaceToValue(val)
- }
- l.cache[string(s)] = converted
- return NewTerm(converted)
- }
- }
- return nil
-}
-
-func (l *lazyObj) Insert(k, v *Term) {
- l.force().Insert(k, v)
-}
-
-func (*lazyObj) IsGround() bool {
- return true
-}
-
-func (l *lazyObj) Hash() int {
- return l.force().Hash()
-}
-
-func (l *lazyObj) Keys() []*Term {
- if l.strict != nil {
- return l.strict.Keys()
- }
- ret := make([]*Term, 0, len(l.native))
- for k := range l.native {
- ret = append(ret, StringTerm(k))
- }
- sort.Sort(termSlice(ret))
- return ret
-}
-
-func (l *lazyObj) KeysIterator() ObjectKeysIterator {
- return &lazyObjKeysIterator{keys: l.Keys()}
-}
-
-type lazyObjKeysIterator struct {
- current int
- keys []*Term
-}
-
-func (ki *lazyObjKeysIterator) Next() (*Term, bool) {
- if ki.current == len(ki.keys) {
- return nil, false
- }
- ki.current++
- return ki.keys[ki.current-1], true
-}
-
-func (l *lazyObj) Find(path Ref) (Value, error) {
- if l.strict != nil {
- return l.strict.Find(path)
- }
- if len(path) == 0 {
- return l, nil
- }
- if p0, ok := path[0].Value.(String); ok {
- if v, ok := l.cache[string(p0)]; ok {
- return v.Find(path[1:])
- }
-
- if v, ok := l.native[string(p0)]; ok {
- var converted Value
- switch v := v.(type) {
- case map[string]interface{}:
- converted = LazyObject(v)
- default:
- converted = MustInterfaceToValue(v)
- }
- l.cache[string(p0)] = converted
- return converted.Find(path[1:])
- }
- }
- return nil, errFindNotFound
-}
-
-type object struct {
- elems map[int]*objectElem
- keys objectElemSlice
- ground int // number of key and value grounds. Counting is
- // required to support insert's key-value replace.
- hash int
- sortGuard *sync.Once // Prevents race condition around sorting.
-}
-
-func newobject(n int) *object {
- var keys objectElemSlice
- if n > 0 {
- keys = make(objectElemSlice, 0, n)
- }
- return &object{
- elems: make(map[int]*objectElem, n),
- keys: keys,
- ground: 0,
- hash: 0,
- sortGuard: new(sync.Once),
- }
-}
-
-type objectElem struct {
- key *Term
- value *Term
- next *objectElem
-}
-
-type objectElemSlice []*objectElem
-
-func (s objectElemSlice) Less(i, j int) bool { return Compare(s[i].key.Value, s[j].key.Value) < 0 }
-func (s objectElemSlice) Swap(i, j int) { x := s[i]; s[i] = s[j]; s[j] = x }
-func (s objectElemSlice) Len() int { return len(s) }
-
// Item is a helper for constructing an tuple containing two Terms
// representing a key/value pair in an Object.
func Item(key, value *Term) [2]*Term {
- return [2]*Term{key, value}
-}
-
-func (obj *object) sortedKeys() objectElemSlice {
- obj.sortGuard.Do(func() {
- sort.Sort(obj.keys)
- })
- return obj.keys
-}
-
-// Compare compares obj to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (obj *object) Compare(other Value) int {
- if x, ok := other.(*lazyObj); ok {
- other = x.force()
- }
- o1 := sortOrder(obj)
- o2 := sortOrder(other)
- if o1 < o2 {
- return -1
- } else if o2 < o1 {
- return 1
- }
- a := obj
- b := other.(*object)
- // Ensure that keys are in canonical sorted order before use!
- akeys := a.sortedKeys()
- bkeys := b.sortedKeys()
- minLen := len(akeys)
- if len(b.keys) < len(akeys) {
- minLen = len(bkeys)
- }
- for i := 0; i < minLen; i++ {
- keysCmp := Compare(akeys[i].key, bkeys[i].key)
- if keysCmp < 0 {
- return -1
- }
- if keysCmp > 0 {
- return 1
- }
- valA := akeys[i].value
- valB := bkeys[i].value
- valCmp := Compare(valA, valB)
- if valCmp != 0 {
- return valCmp
- }
- }
- if len(akeys) < len(bkeys) {
- return -1
- }
- if len(bkeys) < len(akeys) {
- return 1
- }
- return 0
-}
-
-// Find returns the value at the key or undefined.
-func (obj *object) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return obj, nil
- }
- value := obj.Get(path[0])
- if value == nil {
- return nil, errFindNotFound
- }
- return value.Value.Find(path[1:])
-}
-
-func (obj *object) Insert(k, v *Term) {
- obj.insert(k, v)
-}
-
-// Get returns the value of k in obj if k exists, otherwise nil.
-func (obj *object) Get(k *Term) *Term {
- if elem := obj.get(k); elem != nil {
- return elem.value
- }
- return nil
-}
-
-// Hash returns the hash code for the Value.
-func (obj *object) Hash() int {
- return obj.hash
-}
-
-// IsGround returns true if all of the Object key/value pairs are ground.
-func (obj *object) IsGround() bool {
- return obj.ground == 2*len(obj.keys)
-}
-
-// Copy returns a deep copy of obj.
-func (obj *object) Copy() Object {
- cpy, _ := obj.Map(func(k, v *Term) (*Term, *Term, error) {
- return k.Copy(), v.Copy(), nil
- })
- cpy.(*object).hash = obj.hash
- return cpy
-}
-
-// Diff returns a new Object that contains only the key/value pairs that exist in obj.
-func (obj *object) Diff(other Object) Object {
- r := NewObject()
- obj.Foreach(func(k, v *Term) {
- if other.Get(k) == nil {
- r.Insert(k, v)
- }
- })
- return r
-}
-
-// Intersect returns a slice of term triplets that represent the intersection of keys
-// between obj and other. For each intersecting key, the values from obj and other are included
-// as the last two terms in the triplet (respectively).
-func (obj *object) Intersect(other Object) [][3]*Term {
- r := [][3]*Term{}
- obj.Foreach(func(k, v *Term) {
- if v2 := other.Get(k); v2 != nil {
- r = append(r, [3]*Term{k, v, v2})
- }
- })
- return r
-}
-
-// Iter calls the function f for each key-value pair in the object. If f
-// returns an error, iteration stops and the error is returned.
-func (obj *object) Iter(f func(*Term, *Term) error) error {
- for _, node := range obj.sortedKeys() {
- if err := f(node.key, node.value); err != nil {
- return err
- }
- }
- return nil
-}
-
-// Until calls f for each key-value pair in the object. If f returns
-// true, iteration stops and Until returns true. Otherwise, return
-// false.
-func (obj *object) Until(f func(*Term, *Term) bool) bool {
- err := obj.Iter(func(k, v *Term) error {
- if f(k, v) {
- return errStop
- }
- return nil
- })
- return err != nil
-}
-
-// Foreach calls f for each key-value pair in the object.
-func (obj *object) Foreach(f func(*Term, *Term)) {
- _ = obj.Iter(func(k, v *Term) error {
- f(k, v)
- return nil
- }) // ignore error
-}
-
-// Map returns a new Object constructed by mapping each element in the object
-// using the function f.
-func (obj *object) Map(f func(*Term, *Term) (*Term, *Term, error)) (Object, error) {
- cpy := newobject(obj.Len())
- err := obj.Iter(func(k, v *Term) error {
- var err error
- k, v, err = f(k, v)
- if err != nil {
- return err
- }
- cpy.insert(k, v)
- return nil
- })
- if err != nil {
- return nil, err
- }
- return cpy, nil
-}
-
-// Keys returns the keys of obj.
-func (obj *object) Keys() []*Term {
- keys := make([]*Term, len(obj.keys))
-
- for i, elem := range obj.sortedKeys() {
- keys[i] = elem.key
- }
-
- return keys
-}
-
-// Returns an iterator over the obj's keys.
-func (obj *object) KeysIterator() ObjectKeysIterator {
- return newobjectKeysIterator(obj)
-}
-
-// MarshalJSON returns JSON encoded bytes representing obj.
-func (obj *object) MarshalJSON() ([]byte, error) {
- sl := make([][2]*Term, obj.Len())
- for i, node := range obj.sortedKeys() {
- sl[i] = Item(node.key, node.value)
- }
- return json.Marshal(sl)
-}
-
-// Merge returns a new Object containing the non-overlapping keys of obj and other. If there are
-// overlapping keys between obj and other, the values of associated with the keys are merged. Only
-// objects can be merged with other objects. If the values cannot be merged, the second turn value
-// will be false.
-func (obj object) Merge(other Object) (Object, bool) {
- return obj.MergeWith(other, func(v1, v2 *Term) (*Term, bool) {
- obj1, ok1 := v1.Value.(Object)
- obj2, ok2 := v2.Value.(Object)
- if !ok1 || !ok2 {
- return nil, true
- }
- obj3, ok := obj1.Merge(obj2)
- if !ok {
- return nil, true
- }
- return NewTerm(obj3), false
- })
-}
-
-// MergeWith returns a new Object containing the merged keys of obj and other.
-// If there are overlapping keys between obj and other, the conflictResolver
-// is called. The conflictResolver can return a merged value and a boolean
-// indicating if the merge has failed and should stop.
-func (obj object) MergeWith(other Object, conflictResolver func(v1, v2 *Term) (*Term, bool)) (Object, bool) {
- result := NewObject()
- stop := obj.Until(func(k, v *Term) bool {
- v2 := other.Get(k)
- // The key didn't exist in other, keep the original value
- if v2 == nil {
- result.Insert(k, v)
- return false
- }
-
- // The key exists in both, resolve the conflict if possible
- merged, stop := conflictResolver(v, v2)
- if !stop {
- result.Insert(k, merged)
- }
- return stop
- })
-
- if stop {
- return nil, false
- }
-
- // Copy in any values from other for keys that don't exist in obj
- other.Foreach(func(k, v *Term) {
- if v2 := obj.Get(k); v2 == nil {
- result.Insert(k, v)
- }
- })
- return result, true
-}
-
-// Filter returns a new object from values in obj where the keys are
-// found in filter. Array indices for values can be specified as
-// number strings.
-func (obj *object) Filter(filter Object) (Object, error) {
- filtered, err := filterObject(obj, filter)
- if err != nil {
- return nil, err
- }
- return filtered.(Object), nil
-}
-
-// Len returns the number of elements in the object.
-func (obj object) Len() int {
- return len(obj.keys)
-}
-
-func (obj object) String() string {
- var b strings.Builder
- b.WriteRune('{')
-
- for i, elem := range obj.sortedKeys() {
- if i > 0 {
- b.WriteString(", ")
- }
- b.WriteString(elem.key.String())
- b.WriteString(": ")
- b.WriteString(elem.value.String())
- }
- b.WriteRune('}')
- return b.String()
-}
-
-func (obj *object) get(k *Term) *objectElem {
- hash := k.Hash()
-
- // This `equal` utility is duplicated and manually inlined a number of
- // time in this file. Inlining it avoids heap allocations, so it makes
- // a big performance difference: some operations like lookup become twice
- // as slow without it.
- var equal func(v Value) bool
-
- switch x := k.Value.(type) {
- case Null, Boolean, String, Var:
- equal = func(y Value) bool { return x == y }
- case Number:
- if xi, err := json.Number(x).Int64(); err == nil {
- equal = func(y Value) bool {
- if y, ok := y.(Number); ok {
- if yi, err := json.Number(y).Int64(); err == nil {
- return xi == yi
- }
- }
-
- return false
- }
- break
- }
-
- // We use big.Rat for comparing big numbers.
- // It replaces big.Float due to following reason:
- // big.Float comes with a default precision of 64, and setting a
- // larger precision results in more memory being allocated
- // (regardless of the actual number we are parsing with SetString).
- //
- // Note: If we're so close to zero that big.Float says we are zero, do
- // *not* big.Rat).SetString on the original string it'll potentially
- // take very long.
- var a *big.Rat
- fa, ok := new(big.Float).SetString(string(x))
- if !ok {
- panic("illegal value")
- }
- if fa.IsInt() {
- if i, _ := fa.Int64(); i == 0 {
- a = new(big.Rat).SetInt64(0)
- }
- }
- if a == nil {
- a, ok = new(big.Rat).SetString(string(x))
- if !ok {
- panic("illegal value")
- }
- }
-
- equal = func(b Value) bool {
- if bNum, ok := b.(Number); ok {
- var b *big.Rat
- fb, ok := new(big.Float).SetString(string(bNum))
- if !ok {
- panic("illegal value")
- }
- if fb.IsInt() {
- if i, _ := fb.Int64(); i == 0 {
- b = new(big.Rat).SetInt64(0)
- }
- }
- if b == nil {
- b, ok = new(big.Rat).SetString(string(bNum))
- if !ok {
- panic("illegal value")
- }
- }
-
- return a.Cmp(b) == 0
- }
-
- return false
- }
- default:
- equal = func(y Value) bool { return Compare(x, y) == 0 }
- }
-
- for curr := obj.elems[hash]; curr != nil; curr = curr.next {
- if equal(curr.key.Value) {
- return curr
- }
- }
- return nil
-}
-
-// NOTE(philipc): We assume a many-readers, single-writer model here.
-// This method should NOT be used concurrently, or else we risk data races.
-func (obj *object) insert(k, v *Term) {
- hash := k.Hash()
- head := obj.elems[hash]
- // This `equal` utility is duplicated and manually inlined a number of
- // time in this file. Inlining it avoids heap allocations, so it makes
- // a big performance difference: some operations like lookup become twice
- // as slow without it.
- var equal func(v Value) bool
-
- switch x := k.Value.(type) {
- case Null, Boolean, String, Var:
- equal = func(y Value) bool { return x == y }
- case Number:
- if xi, err := json.Number(x).Int64(); err == nil {
- equal = func(y Value) bool {
- if y, ok := y.(Number); ok {
- if yi, err := json.Number(y).Int64(); err == nil {
- return xi == yi
- }
- }
-
- return false
- }
- break
- }
-
- // We use big.Rat for comparing big numbers.
- // It replaces big.Float due to following reason:
- // big.Float comes with a default precision of 64, and setting a
- // larger precision results in more memory being allocated
- // (regardless of the actual number we are parsing with SetString).
- //
- // Note: If we're so close to zero that big.Float says we are zero, do
- // *not* big.Rat).SetString on the original string it'll potentially
- // take very long.
- var a *big.Rat
- fa, ok := new(big.Float).SetString(string(x))
- if !ok {
- panic("illegal value")
- }
- if fa.IsInt() {
- if i, _ := fa.Int64(); i == 0 {
- a = new(big.Rat).SetInt64(0)
- }
- }
- if a == nil {
- a, ok = new(big.Rat).SetString(string(x))
- if !ok {
- panic("illegal value")
- }
- }
-
- equal = func(b Value) bool {
- if bNum, ok := b.(Number); ok {
- var b *big.Rat
- fb, ok := new(big.Float).SetString(string(bNum))
- if !ok {
- panic("illegal value")
- }
- if fb.IsInt() {
- if i, _ := fb.Int64(); i == 0 {
- b = new(big.Rat).SetInt64(0)
- }
- }
- if b == nil {
- b, ok = new(big.Rat).SetString(string(bNum))
- if !ok {
- panic("illegal value")
- }
- }
-
- return a.Cmp(b) == 0
- }
-
- return false
- }
- default:
- equal = func(y Value) bool { return Compare(x, y) == 0 }
- }
-
- for curr := head; curr != nil; curr = curr.next {
- if equal(curr.key.Value) {
- // The ground bit of the value may change in
- // replace, hence adjust the counter per old
- // and new value.
-
- if curr.value.IsGround() {
- obj.ground--
- }
- if v.IsGround() {
- obj.ground++
- }
-
- curr.value = v
-
- obj.rehash()
- return
- }
- }
- elem := &objectElem{
- key: k,
- value: v,
- next: head,
- }
- obj.elems[hash] = elem
- // O(1) insertion, but we'll have to re-sort the keys later.
- obj.keys = append(obj.keys, elem)
- // Reset the sync.Once instance.
- // See https://github.com/golang/go/issues/25955 for why we do it this way.
- obj.sortGuard = new(sync.Once)
- obj.hash += hash + v.Hash()
-
- if k.IsGround() {
- obj.ground++
- }
- if v.IsGround() {
- obj.ground++
- }
-}
-
-func (obj *object) rehash() {
- // obj.keys is considered truth, from which obj.hash and obj.elems are recalculated.
-
- obj.hash = 0
- obj.elems = make(map[int]*objectElem, len(obj.keys))
-
- for _, elem := range obj.keys {
- hash := elem.key.Hash()
- obj.hash += hash + elem.value.Hash()
- obj.elems[hash] = elem
- }
-}
-
-func filterObject(o Value, filter Value) (Value, error) {
- if filter.Compare(Null{}) == 0 {
- return o, nil
- }
-
- filteredObj, ok := filter.(*object)
- if !ok {
- return nil, fmt.Errorf("invalid filter value %q, expected an object", filter)
- }
-
- switch v := o.(type) {
- case String, Number, Boolean, Null:
- return o, nil
- case *Array:
- values := NewArray()
- for i := 0; i < v.Len(); i++ {
- subFilter := filteredObj.Get(StringTerm(strconv.Itoa(i)))
- if subFilter != nil {
- filteredValue, err := filterObject(v.Elem(i).Value, subFilter.Value)
- if err != nil {
- return nil, err
- }
- values = values.Append(NewTerm(filteredValue))
- }
- }
- return values, nil
- case Set:
- values := NewSet()
- err := v.Iter(func(t *Term) error {
- if filteredObj.Get(t) != nil {
- filteredValue, err := filterObject(t.Value, filteredObj.Get(t).Value)
- if err != nil {
- return err
- }
- values.Add(NewTerm(filteredValue))
- }
- return nil
- })
- return values, err
- case *object:
- values := NewObject()
-
- iterObj := v
- other := filteredObj
- if v.Len() < filteredObj.Len() {
- iterObj = filteredObj
- other = v
- }
-
- err := iterObj.Iter(func(key *Term, _ *Term) error {
- if other.Get(key) != nil {
- filteredValue, err := filterObject(v.Get(key).Value, filteredObj.Get(key).Value)
- if err != nil {
- return err
- }
- values.Insert(key, NewTerm(filteredValue))
- }
- return nil
- })
- return values, err
- default:
- return nil, fmt.Errorf("invalid object value type %q", v)
- }
+ return v1.Item(key, value)
}
// NOTE(philipc): The only way to get an ObjectKeyIterator should be
// from an Object. This ensures that the iterator can have implementation-
// specific details internally, with no contracts except to the very
// limited interface.
-type ObjectKeysIterator interface {
- Next() (*Term, bool)
-}
-
-type objectKeysIterator struct {
- obj *object
- numKeys int
- index int
-}
-
-func newobjectKeysIterator(o *object) ObjectKeysIterator {
- return &objectKeysIterator{
- obj: o,
- numKeys: o.Len(),
- index: 0,
- }
-}
-
-func (oki *objectKeysIterator) Next() (*Term, bool) {
- if oki.index == oki.numKeys || oki.numKeys == 0 {
- return nil, false
- }
- oki.index++
- return oki.obj.sortedKeys()[oki.index-1].key, true
-}
+type ObjectKeysIterator = v1.ObjectKeysIterator
// ArrayComprehension represents an array comprehension as defined in the language.
-type ArrayComprehension struct {
- Term *Term `json:"term"`
- Body Body `json:"body"`
-}
+type ArrayComprehension = v1.ArrayComprehension
// ArrayComprehensionTerm creates a new Term with an ArrayComprehension value.
func ArrayComprehensionTerm(term *Term, body Body) *Term {
- return &Term{
- Value: &ArrayComprehension{
- Term: term,
- Body: body,
- },
- }
-}
-
-// Copy returns a deep copy of ac.
-func (ac *ArrayComprehension) Copy() *ArrayComprehension {
- cpy := *ac
- cpy.Body = ac.Body.Copy()
- cpy.Term = ac.Term.Copy()
- return &cpy
-}
-
-// Equal returns true if ac is equal to other.
-func (ac *ArrayComprehension) Equal(other Value) bool {
- return Compare(ac, other) == 0
-}
-
-// Compare compares ac to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (ac *ArrayComprehension) Compare(other Value) int {
- return Compare(ac, other)
-}
-
-// Find returns the current value or a not found error.
-func (ac *ArrayComprehension) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return ac, nil
- }
- return nil, errFindNotFound
-}
-
-// Hash returns the hash code of the Value.
-func (ac *ArrayComprehension) Hash() int {
- return ac.Term.Hash() + ac.Body.Hash()
-}
-
-// IsGround returns true if the Term and Body are ground.
-func (ac *ArrayComprehension) IsGround() bool {
- return ac.Term.IsGround() && ac.Body.IsGround()
-}
-
-func (ac *ArrayComprehension) String() string {
- return "[" + ac.Term.String() + " | " + ac.Body.String() + "]"
+ return v1.ArrayComprehensionTerm(term, body)
}
// ObjectComprehension represents an object comprehension as defined in the language.
-type ObjectComprehension struct {
- Key *Term `json:"key"`
- Value *Term `json:"value"`
- Body Body `json:"body"`
-}
+type ObjectComprehension = v1.ObjectComprehension
// ObjectComprehensionTerm creates a new Term with an ObjectComprehension value.
func ObjectComprehensionTerm(key, value *Term, body Body) *Term {
- return &Term{
- Value: &ObjectComprehension{
- Key: key,
- Value: value,
- Body: body,
- },
- }
-}
-
-// Copy returns a deep copy of oc.
-func (oc *ObjectComprehension) Copy() *ObjectComprehension {
- cpy := *oc
- cpy.Body = oc.Body.Copy()
- cpy.Key = oc.Key.Copy()
- cpy.Value = oc.Value.Copy()
- return &cpy
-}
-
-// Equal returns true if oc is equal to other.
-func (oc *ObjectComprehension) Equal(other Value) bool {
- return Compare(oc, other) == 0
-}
-
-// Compare compares oc to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (oc *ObjectComprehension) Compare(other Value) int {
- return Compare(oc, other)
-}
-
-// Find returns the current value or a not found error.
-func (oc *ObjectComprehension) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return oc, nil
- }
- return nil, errFindNotFound
-}
-
-// Hash returns the hash code of the Value.
-func (oc *ObjectComprehension) Hash() int {
- return oc.Key.Hash() + oc.Value.Hash() + oc.Body.Hash()
-}
-
-// IsGround returns true if the Key, Value and Body are ground.
-func (oc *ObjectComprehension) IsGround() bool {
- return oc.Key.IsGround() && oc.Value.IsGround() && oc.Body.IsGround()
-}
-
-func (oc *ObjectComprehension) String() string {
- return "{" + oc.Key.String() + ": " + oc.Value.String() + " | " + oc.Body.String() + "}"
+ return v1.ObjectComprehensionTerm(key, value, body)
}
// SetComprehension represents a set comprehension as defined in the language.
-type SetComprehension struct {
- Term *Term `json:"term"`
- Body Body `json:"body"`
-}
+type SetComprehension = v1.SetComprehension
// SetComprehensionTerm creates a new Term with an SetComprehension value.
func SetComprehensionTerm(term *Term, body Body) *Term {
- return &Term{
- Value: &SetComprehension{
- Term: term,
- Body: body,
- },
- }
-}
-
-// Copy returns a deep copy of sc.
-func (sc *SetComprehension) Copy() *SetComprehension {
- cpy := *sc
- cpy.Body = sc.Body.Copy()
- cpy.Term = sc.Term.Copy()
- return &cpy
-}
-
-// Equal returns true if sc is equal to other.
-func (sc *SetComprehension) Equal(other Value) bool {
- return Compare(sc, other) == 0
-}
-
-// Compare compares sc to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (sc *SetComprehension) Compare(other Value) int {
- return Compare(sc, other)
-}
-
-// Find returns the current value or a not found error.
-func (sc *SetComprehension) Find(path Ref) (Value, error) {
- if len(path) == 0 {
- return sc, nil
- }
- return nil, errFindNotFound
-}
-
-// Hash returns the hash code of the Value.
-func (sc *SetComprehension) Hash() int {
- return sc.Term.Hash() + sc.Body.Hash()
-}
-
-// IsGround returns true if the Term and Body are ground.
-func (sc *SetComprehension) IsGround() bool {
- return sc.Term.IsGround() && sc.Body.IsGround()
-}
-
-func (sc *SetComprehension) String() string {
- return "{" + sc.Term.String() + " | " + sc.Body.String() + "}"
+ return v1.SetComprehensionTerm(term, body)
}
// Call represents as function call in the language.
-type Call []*Term
+type Call = v1.Call
// CallTerm returns a new Term with a Call value defined by terms. The first
// term is the operator and the rest are operands.
func CallTerm(terms ...*Term) *Term {
- return NewTerm(Call(terms))
-}
-
-// Copy returns a deep copy of c.
-func (c Call) Copy() Call {
- return termSliceCopy(c)
-}
-
-// Compare compares c to other, return <0, 0, or >0 if it is less than, equal to,
-// or greater than other.
-func (c Call) Compare(other Value) int {
- return Compare(c, other)
-}
-
-// Find returns the current value or a not found error.
-func (c Call) Find(Ref) (Value, error) {
- return nil, errFindNotFound
-}
-
-// Hash returns the hash code for the Value.
-func (c Call) Hash() int {
- return termSliceHash(c)
-}
-
-// IsGround returns true if the Value is ground.
-func (c Call) IsGround() bool {
- return termSliceIsGround(c)
-}
-
-// MakeExpr returns an ew Expr from this call.
-func (c Call) MakeExpr(output *Term) *Expr {
- terms := []*Term(c)
- return NewExpr(append(terms, output))
-}
-
-func (c Call) String() string {
- args := make([]string, len(c)-1)
- for i := 1; i < len(c); i++ {
- args[i-1] = c[i].String()
- }
- return fmt.Sprintf("%v(%v)", c[0], strings.Join(args, ", "))
-}
-
-func termSliceCopy(a []*Term) []*Term {
- cpy := make([]*Term, len(a))
- for i := range a {
- cpy[i] = a[i].Copy()
- }
- return cpy
-}
-
-func termSliceEqual(a, b []*Term) bool {
- if len(a) == len(b) {
- for i := range a {
- if !a[i].Equal(b[i]) {
- return false
- }
- }
- return true
- }
- return false
-}
-
-func termSliceHash(a []*Term) int {
- var hash int
- for _, v := range a {
- hash += v.Value.Hash()
- }
- return hash
-}
-
-func termSliceIsGround(a []*Term) bool {
- for _, v := range a {
- if !v.IsGround() {
- return false
- }
- }
- return true
-}
-
-// NOTE(tsandall): The unmarshalling errors in these functions are not
-// helpful for callers because they do not identify the source of the
-// unmarshalling error. Because OPA doesn't accept JSON describing ASTs
-// from callers, this is acceptable (for now). If that changes in the future,
-// the error messages should be revisited. The current approach focuses
-// on the happy path and treats all errors the same. If better error
-// reporting is needed, the error paths will need to be fleshed out.
-
-func unmarshalBody(b []interface{}) (Body, error) {
- buf := Body{}
- for _, e := range b {
- if m, ok := e.(map[string]interface{}); ok {
- expr := &Expr{}
- if err := unmarshalExpr(expr, m); err == nil {
- buf = append(buf, expr)
- continue
- }
- }
- goto unmarshal_error
- }
- return buf, nil
-unmarshal_error:
- return nil, fmt.Errorf("ast: unable to unmarshal body")
-}
-
-func unmarshalExpr(expr *Expr, v map[string]interface{}) error {
- if x, ok := v["negated"]; ok {
- if b, ok := x.(bool); ok {
- expr.Negated = b
- } else {
- return fmt.Errorf("ast: unable to unmarshal negated field with type: %T (expected true or false)", v["negated"])
- }
- }
- if generatedRaw, ok := v["generated"]; ok {
- if b, ok := generatedRaw.(bool); ok {
- expr.Generated = b
- } else {
- return fmt.Errorf("ast: unable to unmarshal generated field with type: %T (expected true or false)", v["generated"])
- }
- }
-
- if err := unmarshalExprIndex(expr, v); err != nil {
- return err
- }
- switch ts := v["terms"].(type) {
- case map[string]interface{}:
- t, err := unmarshalTerm(ts)
- if err != nil {
- return err
- }
- expr.Terms = t
- case []interface{}:
- terms, err := unmarshalTermSlice(ts)
- if err != nil {
- return err
- }
- expr.Terms = terms
- default:
- return fmt.Errorf(`ast: unable to unmarshal terms field with type: %T (expected {"value": ..., "type": ...} or [{"value": ..., "type": ...}, ...])`, v["terms"])
- }
- if x, ok := v["with"]; ok {
- if sl, ok := x.([]interface{}); ok {
- ws := make([]*With, len(sl))
- for i := range sl {
- var err error
- ws[i], err = unmarshalWith(sl[i])
- if err != nil {
- return err
- }
- }
- expr.With = ws
- }
- }
- if loc, ok := v["location"].(map[string]interface{}); ok {
- expr.Location = &Location{}
- if err := unmarshalLocation(expr.Location, loc); err != nil {
- return err
- }
- }
- return nil
-}
-
-func unmarshalLocation(loc *Location, v map[string]interface{}) error {
- if x, ok := v["file"]; ok {
- if s, ok := x.(string); ok {
- loc.File = s
- } else {
- return fmt.Errorf("ast: unable to unmarshal file field with type: %T (expected string)", v["file"])
- }
- }
- if x, ok := v["row"]; ok {
- if n, ok := x.(json.Number); ok {
- i64, err := n.Int64()
- if err != nil {
- return err
- }
- loc.Row = int(i64)
- } else {
- return fmt.Errorf("ast: unable to unmarshal row field with type: %T (expected number)", v["row"])
- }
- }
- if x, ok := v["col"]; ok {
- if n, ok := x.(json.Number); ok {
- i64, err := n.Int64()
- if err != nil {
- return err
- }
- loc.Col = int(i64)
- } else {
- return fmt.Errorf("ast: unable to unmarshal col field with type: %T (expected number)", v["col"])
- }
- }
-
- return nil
-}
-
-func unmarshalExprIndex(expr *Expr, v map[string]interface{}) error {
- if x, ok := v["index"]; ok {
- if n, ok := x.(json.Number); ok {
- i, err := n.Int64()
- if err == nil {
- expr.Index = int(i)
- return nil
- }
- }
- }
- return fmt.Errorf("ast: unable to unmarshal index field with type: %T (expected integer)", v["index"])
-}
-
-func unmarshalTerm(m map[string]interface{}) (*Term, error) {
- var term Term
-
- v, err := unmarshalValue(m)
- if err != nil {
- return nil, err
- }
- term.Value = v
-
- if loc, ok := m["location"].(map[string]interface{}); ok {
- term.Location = &Location{}
- if err := unmarshalLocation(term.Location, loc); err != nil {
- return nil, err
- }
- }
-
- return &term, nil
-}
-
-func unmarshalTermSlice(s []interface{}) ([]*Term, error) {
- buf := []*Term{}
- for _, x := range s {
- if m, ok := x.(map[string]interface{}); ok {
- t, err := unmarshalTerm(m)
- if err == nil {
- buf = append(buf, t)
- continue
- }
- return nil, err
- }
- return nil, fmt.Errorf("ast: unable to unmarshal term")
- }
- return buf, nil
-}
-
-func unmarshalTermSliceValue(d map[string]interface{}) ([]*Term, error) {
- if s, ok := d["value"].([]interface{}); ok {
- return unmarshalTermSlice(s)
- }
- return nil, fmt.Errorf(`ast: unable to unmarshal term (expected {"value": [...], "type": ...} where type is one of: ref, array, or set)`)
-}
-
-func unmarshalWith(i interface{}) (*With, error) {
- if m, ok := i.(map[string]interface{}); ok {
- tgt, _ := m["target"].(map[string]interface{})
- target, err := unmarshalTerm(tgt)
- if err == nil {
- val, _ := m["value"].(map[string]interface{})
- value, err := unmarshalTerm(val)
- if err == nil {
- return &With{
- Target: target,
- Value: value,
- }, nil
- }
- return nil, err
- }
- return nil, err
- }
- return nil, fmt.Errorf(`ast: unable to unmarshal with modifier (expected {"target": {...}, "value": {...}})`)
-}
-
-func unmarshalValue(d map[string]interface{}) (Value, error) {
- v := d["value"]
- switch d["type"] {
- case "null":
- return Null{}, nil
- case "boolean":
- if b, ok := v.(bool); ok {
- return Boolean(b), nil
- }
- case "number":
- if n, ok := v.(json.Number); ok {
- return Number(n), nil
- }
- case "string":
- if s, ok := v.(string); ok {
- return String(s), nil
- }
- case "var":
- if s, ok := v.(string); ok {
- return Var(s), nil
- }
- case "ref":
- if s, err := unmarshalTermSliceValue(d); err == nil {
- return Ref(s), nil
- }
- case "array":
- if s, err := unmarshalTermSliceValue(d); err == nil {
- return NewArray(s...), nil
- }
- case "set":
- if s, err := unmarshalTermSliceValue(d); err == nil {
- set := NewSet()
- for _, x := range s {
- set.Add(x)
- }
- return set, nil
- }
- case "object":
- if s, ok := v.([]interface{}); ok {
- buf := NewObject()
- for _, x := range s {
- if i, ok := x.([]interface{}); ok && len(i) == 2 {
- p, err := unmarshalTermSlice(i)
- if err == nil {
- buf.Insert(p[0], p[1])
- continue
- }
- }
- goto unmarshal_error
- }
- return buf, nil
- }
- case "arraycomprehension", "setcomprehension":
- if m, ok := v.(map[string]interface{}); ok {
- t, ok := m["term"].(map[string]interface{})
- if !ok {
- goto unmarshal_error
- }
-
- term, err := unmarshalTerm(t)
- if err != nil {
- goto unmarshal_error
- }
-
- b, ok := m["body"].([]interface{})
- if !ok {
- goto unmarshal_error
- }
-
- body, err := unmarshalBody(b)
- if err != nil {
- goto unmarshal_error
- }
-
- if d["type"] == "arraycomprehension" {
- return &ArrayComprehension{Term: term, Body: body}, nil
- }
- return &SetComprehension{Term: term, Body: body}, nil
- }
- case "objectcomprehension":
- if m, ok := v.(map[string]interface{}); ok {
- k, ok := m["key"].(map[string]interface{})
- if !ok {
- goto unmarshal_error
- }
-
- key, err := unmarshalTerm(k)
- if err != nil {
- goto unmarshal_error
- }
-
- v, ok := m["value"].(map[string]interface{})
- if !ok {
- goto unmarshal_error
- }
-
- value, err := unmarshalTerm(v)
- if err != nil {
- goto unmarshal_error
- }
-
- b, ok := m["body"].([]interface{})
- if !ok {
- goto unmarshal_error
- }
-
- body, err := unmarshalBody(b)
- if err != nil {
- goto unmarshal_error
- }
-
- return &ObjectComprehension{Key: key, Value: value, Body: body}, nil
- }
- case "call":
- if s, err := unmarshalTermSliceValue(d); err == nil {
- return Call(s), nil
- }
- }
-unmarshal_error:
- return nil, fmt.Errorf("ast: unable to unmarshal term")
+ return v1.CallTerm(terms...)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/transform.go b/vendor/github.com/open-policy-agent/opa/ast/transform.go
index 391a164860..8c03c48663 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/transform.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/transform.go
@@ -5,427 +5,42 @@
package ast
import (
- "fmt"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// Transformer defines the interface for transforming AST elements. If the
// transformer returns nil and does not indicate an error, the AST element will
// be set to nil and no transformations will be applied to children of the
// element.
-type Transformer interface {
- Transform(interface{}) (interface{}, error)
-}
+type Transformer = v1.Transformer
// Transform iterates the AST and calls the Transform function on the
// Transformer t for x before recursing.
-func Transform(t Transformer, x interface{}) (interface{}, error) {
-
- if term, ok := x.(*Term); ok {
- return Transform(t, term.Value)
- }
-
- y, err := t.Transform(x)
- if err != nil {
- return x, err
- }
-
- if y == nil {
- return nil, nil
- }
-
- var ok bool
- switch y := y.(type) {
- case *Module:
- p, err := Transform(t, y.Package)
- if err != nil {
- return nil, err
- }
- if y.Package, ok = p.(*Package); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y.Package, p)
- }
- for i := range y.Imports {
- imp, err := Transform(t, y.Imports[i])
- if err != nil {
- return nil, err
- }
- if y.Imports[i], ok = imp.(*Import); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y.Imports[i], imp)
- }
- }
- for i := range y.Rules {
- rule, err := Transform(t, y.Rules[i])
- if err != nil {
- return nil, err
- }
- if y.Rules[i], ok = rule.(*Rule); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y.Rules[i], rule)
- }
- }
- for i := range y.Annotations {
- a, err := Transform(t, y.Annotations[i])
- if err != nil {
- return nil, err
- }
- if y.Annotations[i], ok = a.(*Annotations); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y.Annotations[i], a)
- }
- }
- for i := range y.Comments {
- comment, err := Transform(t, y.Comments[i])
- if err != nil {
- return nil, err
- }
- if y.Comments[i], ok = comment.(*Comment); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y.Comments[i], comment)
- }
- }
- return y, nil
- case *Package:
- ref, err := Transform(t, y.Path)
- if err != nil {
- return nil, err
- }
- if y.Path, ok = ref.(Ref); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y.Path, ref)
- }
- return y, nil
- case *Import:
- y.Path, err = transformTerm(t, y.Path)
- if err != nil {
- return nil, err
- }
- if y.Alias, err = transformVar(t, y.Alias); err != nil {
- return nil, err
- }
- return y, nil
- case *Rule:
- if y.Head, err = transformHead(t, y.Head); err != nil {
- return nil, err
- }
- if y.Body, err = transformBody(t, y.Body); err != nil {
- return nil, err
- }
- if y.Else != nil {
- rule, err := Transform(t, y.Else)
- if err != nil {
- return nil, err
- }
- if y.Else, ok = rule.(*Rule); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y.Else, rule)
- }
- }
- return y, nil
- case *Head:
- if y.Reference, err = transformRef(t, y.Reference); err != nil {
- return nil, err
- }
- if y.Name, err = transformVar(t, y.Name); err != nil {
- return nil, err
- }
- if y.Args, err = transformArgs(t, y.Args); err != nil {
- return nil, err
- }
- if y.Key != nil {
- if y.Key, err = transformTerm(t, y.Key); err != nil {
- return nil, err
- }
- }
- if y.Value != nil {
- if y.Value, err = transformTerm(t, y.Value); err != nil {
- return nil, err
- }
- }
- return y, nil
- case Args:
- for i := range y {
- if y[i], err = transformTerm(t, y[i]); err != nil {
- return nil, err
- }
- }
- return y, nil
- case Body:
- for i, e := range y {
- e, err := Transform(t, e)
- if err != nil {
- return nil, err
- }
- if y[i], ok = e.(*Expr); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y[i], e)
- }
- }
- return y, nil
- case *Expr:
- switch ts := y.Terms.(type) {
- case *SomeDecl:
- decl, err := Transform(t, ts)
- if err != nil {
- return nil, err
- }
- if y.Terms, ok = decl.(*SomeDecl); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y, decl)
- }
- return y, nil
- case []*Term:
- for i := range ts {
- if ts[i], err = transformTerm(t, ts[i]); err != nil {
- return nil, err
- }
- }
- case *Term:
- if y.Terms, err = transformTerm(t, ts); err != nil {
- return nil, err
- }
- case *Every:
- if ts.Key != nil {
- ts.Key, err = transformTerm(t, ts.Key)
- if err != nil {
- return nil, err
- }
- }
- ts.Value, err = transformTerm(t, ts.Value)
- if err != nil {
- return nil, err
- }
- ts.Domain, err = transformTerm(t, ts.Domain)
- if err != nil {
- return nil, err
- }
- ts.Body, err = transformBody(t, ts.Body)
- if err != nil {
- return nil, err
- }
- y.Terms = ts
- }
- for i, w := range y.With {
- w, err := Transform(t, w)
- if err != nil {
- return nil, err
- }
- if y.With[i], ok = w.(*With); !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", y.With[i], w)
- }
- }
- return y, nil
- case *With:
- if y.Target, err = transformTerm(t, y.Target); err != nil {
- return nil, err
- }
- if y.Value, err = transformTerm(t, y.Value); err != nil {
- return nil, err
- }
- return y, nil
- case Ref:
- for i, term := range y {
- if y[i], err = transformTerm(t, term); err != nil {
- return nil, err
- }
- }
- return y, nil
- case *object:
- return y.Map(func(k, v *Term) (*Term, *Term, error) {
- k, err := transformTerm(t, k)
- if err != nil {
- return nil, nil, err
- }
- v, err = transformTerm(t, v)
- if err != nil {
- return nil, nil, err
- }
- return k, v, nil
- })
- case *Array:
- for i := 0; i < y.Len(); i++ {
- v, err := transformTerm(t, y.Elem(i))
- if err != nil {
- return nil, err
- }
- y.set(i, v)
- }
- return y, nil
- case Set:
- y, err = y.Map(func(term *Term) (*Term, error) {
- return transformTerm(t, term)
- })
- if err != nil {
- return nil, err
- }
- return y, nil
- case *ArrayComprehension:
- if y.Term, err = transformTerm(t, y.Term); err != nil {
- return nil, err
- }
- if y.Body, err = transformBody(t, y.Body); err != nil {
- return nil, err
- }
- return y, nil
- case *ObjectComprehension:
- if y.Key, err = transformTerm(t, y.Key); err != nil {
- return nil, err
- }
- if y.Value, err = transformTerm(t, y.Value); err != nil {
- return nil, err
- }
- if y.Body, err = transformBody(t, y.Body); err != nil {
- return nil, err
- }
- return y, nil
- case *SetComprehension:
- if y.Term, err = transformTerm(t, y.Term); err != nil {
- return nil, err
- }
- if y.Body, err = transformBody(t, y.Body); err != nil {
- return nil, err
- }
- return y, nil
- case Call:
- for i := range y {
- if y[i], err = transformTerm(t, y[i]); err != nil {
- return nil, err
- }
- }
- return y, nil
- default:
- return y, nil
- }
+func Transform(t Transformer, x any) (any, error) {
+ return v1.Transform(t, x)
}
// TransformRefs calls the function f on all references under x.
-func TransformRefs(x interface{}, f func(Ref) (Value, error)) (interface{}, error) {
- t := &GenericTransformer{func(x interface{}) (interface{}, error) {
- if r, ok := x.(Ref); ok {
- return f(r)
- }
- return x, nil
- }}
- return Transform(t, x)
+func TransformRefs(x any, f func(Ref) (Value, error)) (any, error) {
+ return v1.TransformRefs(x, f)
}
// TransformVars calls the function f on all vars under x.
-func TransformVars(x interface{}, f func(Var) (Value, error)) (interface{}, error) {
- t := &GenericTransformer{func(x interface{}) (interface{}, error) {
- if v, ok := x.(Var); ok {
- return f(v)
- }
- return x, nil
- }}
- return Transform(t, x)
+func TransformVars(x any, f func(Var) (Value, error)) (any, error) {
+ return v1.TransformVars(x, f)
}
// TransformComprehensions calls the functio nf on all comprehensions under x.
-func TransformComprehensions(x interface{}, f func(interface{}) (Value, error)) (interface{}, error) {
- t := &GenericTransformer{func(x interface{}) (interface{}, error) {
- switch x := x.(type) {
- case *ArrayComprehension:
- return f(x)
- case *SetComprehension:
- return f(x)
- case *ObjectComprehension:
- return f(x)
- }
- return x, nil
- }}
- return Transform(t, x)
+func TransformComprehensions(x any, f func(any) (Value, error)) (any, error) {
+ return v1.TransformComprehensions(x, f)
}
// GenericTransformer implements the Transformer interface to provide a utility
// to transform AST nodes using a closure.
-type GenericTransformer struct {
- f func(interface{}) (interface{}, error)
-}
+type GenericTransformer = v1.GenericTransformer
// NewGenericTransformer returns a new GenericTransformer that will transform
// AST nodes using the function f.
-func NewGenericTransformer(f func(x interface{}) (interface{}, error)) *GenericTransformer {
- return &GenericTransformer{
- f: f,
- }
-}
-
-// Transform calls the function f on the GenericTransformer.
-func (t *GenericTransformer) Transform(x interface{}) (interface{}, error) {
- return t.f(x)
-}
-
-func transformHead(t Transformer, head *Head) (*Head, error) {
- y, err := Transform(t, head)
- if err != nil {
- return nil, err
- }
- h, ok := y.(*Head)
- if !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", head, y)
- }
- return h, nil
-}
-
-func transformArgs(t Transformer, args Args) (Args, error) {
- y, err := Transform(t, args)
- if err != nil {
- return nil, err
- }
- a, ok := y.(Args)
- if !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", args, y)
- }
- return a, nil
-}
-
-func transformBody(t Transformer, body Body) (Body, error) {
- y, err := Transform(t, body)
- if err != nil {
- return nil, err
- }
- r, ok := y.(Body)
- if !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", body, y)
- }
- return r, nil
-}
-
-func transformTerm(t Transformer, term *Term) (*Term, error) {
- v, err := transformValue(t, term.Value)
- if err != nil {
- return nil, err
- }
- r := &Term{
- Value: v,
- Location: term.Location,
- }
- return r, nil
-}
-
-func transformValue(t Transformer, v Value) (Value, error) {
- v1, err := Transform(t, v)
- if err != nil {
- return nil, err
- }
- r, ok := v1.(Value)
- if !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", v, v1)
- }
- return r, nil
-}
-
-func transformVar(t Transformer, v Var) (Var, error) {
- v1, err := Transform(t, v)
- if err != nil {
- return "", err
- }
- r, ok := v1.(Var)
- if !ok {
- return "", fmt.Errorf("illegal transform: %T != %T", v, v1)
- }
- return r, nil
-}
-
-func transformRef(t Transformer, r Ref) (Ref, error) {
- r1, err := Transform(t, r)
- if err != nil {
- return nil, err
- }
- r2, ok := r1.(Ref)
- if !ok {
- return nil, fmt.Errorf("illegal transform: %T != %T", r, r2)
- }
- return r2, nil
+func NewGenericTransformer(f func(x any) (any, error)) *GenericTransformer {
+ return v1.NewGenericTransformer(f)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/unify.go b/vendor/github.com/open-policy-agent/opa/ast/unify.go
index 60244974a9..3cb260272a 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/unify.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/unify.go
@@ -4,232 +4,11 @@
package ast
-func isRefSafe(ref Ref, safe VarSet) bool {
- switch head := ref[0].Value.(type) {
- case Var:
- return safe.Contains(head)
- case Call:
- return isCallSafe(head, safe)
- default:
- for v := range ref[0].Vars() {
- if !safe.Contains(v) {
- return false
- }
- }
- return true
- }
-}
-
-func isCallSafe(call Call, safe VarSet) bool {
- vis := NewVarVisitor().WithParams(SafetyCheckVisitorParams)
- vis.Walk(call)
- unsafe := vis.Vars().Diff(safe)
- return len(unsafe) == 0
-}
+import v1 "github.com/open-policy-agent/opa/v1/ast"
// Unify returns a set of variables that will be unified when the equality expression defined by
// terms a and b is evaluated. The unifier assumes that variables in the VarSet safe are already
// unified.
func Unify(safe VarSet, a *Term, b *Term) VarSet {
- u := &unifier{
- safe: safe,
- unified: VarSet{},
- unknown: map[Var]VarSet{},
- }
- u.unify(a, b)
- return u.unified
-}
-
-type unifier struct {
- safe VarSet
- unified VarSet
- unknown map[Var]VarSet
-}
-
-func (u *unifier) isSafe(x Var) bool {
- return u.safe.Contains(x) || u.unified.Contains(x)
-}
-
-func (u *unifier) unify(a *Term, b *Term) {
-
- switch a := a.Value.(type) {
-
- case Var:
- switch b := b.Value.(type) {
- case Var:
- if u.isSafe(b) {
- u.markSafe(a)
- } else if u.isSafe(a) {
- u.markSafe(b)
- } else {
- u.markUnknown(a, b)
- u.markUnknown(b, a)
- }
- case *Array, Object:
- u.unifyAll(a, b)
- case Ref:
- if isRefSafe(b, u.safe) {
- u.markSafe(a)
- }
- case Call:
- if isCallSafe(b, u.safe) {
- u.markSafe(a)
- }
- default:
- u.markSafe(a)
- }
-
- case Ref:
- if isRefSafe(a, u.safe) {
- switch b := b.Value.(type) {
- case Var:
- u.markSafe(b)
- case *Array, Object:
- u.markAllSafe(b)
- }
- }
-
- case Call:
- if isCallSafe(a, u.safe) {
- switch b := b.Value.(type) {
- case Var:
- u.markSafe(b)
- case *Array, Object:
- u.markAllSafe(b)
- }
- }
-
- case *ArrayComprehension:
- switch b := b.Value.(type) {
- case Var:
- u.markSafe(b)
- case *Array:
- u.markAllSafe(b)
- }
- case *ObjectComprehension:
- switch b := b.Value.(type) {
- case Var:
- u.markSafe(b)
- case *object:
- u.markAllSafe(b)
- }
- case *SetComprehension:
- switch b := b.Value.(type) {
- case Var:
- u.markSafe(b)
- }
-
- case *Array:
- switch b := b.Value.(type) {
- case Var:
- u.unifyAll(b, a)
- case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
- u.markAllSafe(a)
- case Ref:
- if isRefSafe(b, u.safe) {
- u.markAllSafe(a)
- }
- case Call:
- if isCallSafe(b, u.safe) {
- u.markAllSafe(a)
- }
- case *Array:
- if a.Len() == b.Len() {
- for i := 0; i < a.Len(); i++ {
- u.unify(a.Elem(i), b.Elem(i))
- }
- }
- }
-
- case *object:
- switch b := b.Value.(type) {
- case Var:
- u.unifyAll(b, a)
- case Ref:
- if isRefSafe(b, u.safe) {
- u.markAllSafe(a)
- }
- case Call:
- if isCallSafe(b, u.safe) {
- u.markAllSafe(a)
- }
- case *object:
- if a.Len() == b.Len() {
- _ = a.Iter(func(k, v *Term) error {
- if v2 := b.Get(k); v2 != nil {
- u.unify(v, v2)
- }
- return nil
- }) // impossible to return error
- }
- }
-
- default:
- switch b := b.Value.(type) {
- case Var:
- u.markSafe(b)
- }
- }
-}
-
-func (u *unifier) markAllSafe(x Value) {
- vis := u.varVisitor()
- vis.Walk(x)
- for v := range vis.Vars() {
- u.markSafe(v)
- }
-}
-
-func (u *unifier) markSafe(x Var) {
- u.unified.Add(x)
-
- // Add dependencies of 'x' to safe set
- vs := u.unknown[x]
- delete(u.unknown, x)
- for v := range vs {
- u.markSafe(v)
- }
-
- // Add dependants of 'x' to safe set if they have no more
- // dependencies.
- for v, deps := range u.unknown {
- if deps.Contains(x) {
- delete(deps, x)
- if len(deps) == 0 {
- u.markSafe(v)
- }
- }
- }
-}
-
-func (u *unifier) markUnknown(a, b Var) {
- if _, ok := u.unknown[a]; !ok {
- u.unknown[a] = NewVarSet()
- }
- u.unknown[a].Add(b)
-}
-
-func (u *unifier) unifyAll(a Var, b Value) {
- if u.isSafe(a) {
- u.markAllSafe(b)
- } else {
- vis := u.varVisitor()
- vis.Walk(b)
- unsafe := vis.Vars().Diff(u.safe).Diff(u.unified)
- if len(unsafe) == 0 {
- u.markSafe(a)
- } else {
- for v := range unsafe {
- u.markUnknown(a, v)
- }
- }
- }
-}
-
-func (u *unifier) varVisitor() *VarVisitor {
- return NewVarVisitor().WithParams(VarVisitorParams{
- SkipRefHead: true,
- SkipObjectKeys: true,
- SkipClosures: true,
- })
+ return v1.Unify(safe, a, b)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/varset.go b/vendor/github.com/open-policy-agent/opa/ast/varset.go
index 14f531494b..9e7db8efda 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/varset.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/varset.go
@@ -5,96 +5,13 @@
package ast
import (
- "fmt"
- "sort"
+ v1 "github.com/open-policy-agent/opa/v1/ast"
)
// VarSet represents a set of variables.
-type VarSet map[Var]struct{}
+type VarSet = v1.VarSet
// NewVarSet returns a new VarSet containing the specified variables.
func NewVarSet(vs ...Var) VarSet {
- s := VarSet{}
- for _, v := range vs {
- s.Add(v)
- }
- return s
-}
-
-// Add updates the set to include the variable "v".
-func (s VarSet) Add(v Var) {
- s[v] = struct{}{}
-}
-
-// Contains returns true if the set contains the variable "v".
-func (s VarSet) Contains(v Var) bool {
- _, ok := s[v]
- return ok
-}
-
-// Copy returns a shallow copy of the VarSet.
-func (s VarSet) Copy() VarSet {
- cpy := VarSet{}
- for v := range s {
- cpy.Add(v)
- }
- return cpy
-}
-
-// Diff returns a VarSet containing variables in s that are not in vs.
-func (s VarSet) Diff(vs VarSet) VarSet {
- r := VarSet{}
- for v := range s {
- if !vs.Contains(v) {
- r.Add(v)
- }
- }
- return r
-}
-
-// Equal returns true if s contains exactly the same elements as vs.
-func (s VarSet) Equal(vs VarSet) bool {
- if len(s.Diff(vs)) > 0 {
- return false
- }
- return len(vs.Diff(s)) == 0
-}
-
-// Intersect returns a VarSet containing variables in s that are in vs.
-func (s VarSet) Intersect(vs VarSet) VarSet {
- r := VarSet{}
- for v := range s {
- if vs.Contains(v) {
- r.Add(v)
- }
- }
- return r
-}
-
-// Sorted returns a sorted slice of vars from s.
-func (s VarSet) Sorted() []Var {
- sorted := make([]Var, 0, len(s))
- for v := range s {
- sorted = append(sorted, v)
- }
- sort.Slice(sorted, func(i, j int) bool {
- return sorted[i].Compare(sorted[j]) < 0
- })
- return sorted
-}
-
-// Update merges the other VarSet into this VarSet.
-func (s VarSet) Update(vs VarSet) {
- for v := range vs {
- s.Add(v)
- }
-}
-
-func (s VarSet) String() string {
- tmp := make([]string, 0, len(s))
- for v := range s {
- tmp = append(tmp, string(v))
- }
- sort.Strings(tmp)
- return fmt.Sprintf("%v", tmp)
+ return v1.NewVarSet(vs...)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/visit.go b/vendor/github.com/open-policy-agent/opa/ast/visit.go
index d83c31149e..f4f2459ecc 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/visit.go
+++ b/vendor/github.com/open-policy-agent/opa/ast/visit.go
@@ -4,780 +4,120 @@
package ast
+import v1 "github.com/open-policy-agent/opa/v1/ast"
+
// Visitor defines the interface for iterating AST elements. The Visit function
// can return a Visitor w which will be used to visit the children of the AST
// element v. If the Visit function returns nil, the children will not be
// visited.
// Deprecated: use GenericVisitor or another visitor implementation
-type Visitor interface {
- Visit(v interface{}) (w Visitor)
-}
+type Visitor = v1.Visitor
// BeforeAndAfterVisitor wraps Visitor to provide hooks for being called before
// and after the AST has been visited.
// Deprecated: use GenericVisitor or another visitor implementation
-type BeforeAndAfterVisitor interface {
- Visitor
- Before(x interface{})
- After(x interface{})
-}
+type BeforeAndAfterVisitor = v1.BeforeAndAfterVisitor
// Walk iterates the AST by calling the Visit function on the Visitor
// v for x before recursing.
// Deprecated: use GenericVisitor.Walk
-func Walk(v Visitor, x interface{}) {
- if bav, ok := v.(BeforeAndAfterVisitor); !ok {
- walk(v, x)
- } else {
- bav.Before(x)
- defer bav.After(x)
- walk(bav, x)
- }
+func Walk(v Visitor, x any) {
+ v1.Walk(v, x)
}
// WalkBeforeAndAfter iterates the AST by calling the Visit function on the
// Visitor v for x before recursing.
// Deprecated: use GenericVisitor.Walk
-func WalkBeforeAndAfter(v BeforeAndAfterVisitor, x interface{}) {
- Walk(v, x)
-}
-
-func walk(v Visitor, x interface{}) {
- w := v.Visit(x)
- if w == nil {
- return
- }
- switch x := x.(type) {
- case *Module:
- Walk(w, x.Package)
- for i := range x.Imports {
- Walk(w, x.Imports[i])
- }
- for i := range x.Rules {
- Walk(w, x.Rules[i])
- }
- for i := range x.Annotations {
- Walk(w, x.Annotations[i])
- }
- for i := range x.Comments {
- Walk(w, x.Comments[i])
- }
- case *Package:
- Walk(w, x.Path)
- case *Import:
- Walk(w, x.Path)
- Walk(w, x.Alias)
- case *Rule:
- Walk(w, x.Head)
- Walk(w, x.Body)
- if x.Else != nil {
- Walk(w, x.Else)
- }
- case *Head:
- Walk(w, x.Name)
- Walk(w, x.Args)
- if x.Key != nil {
- Walk(w, x.Key)
- }
- if x.Value != nil {
- Walk(w, x.Value)
- }
- case Body:
- for i := range x {
- Walk(w, x[i])
- }
- case Args:
- for i := range x {
- Walk(w, x[i])
- }
- case *Expr:
- switch ts := x.Terms.(type) {
- case *Term, *SomeDecl, *Every:
- Walk(w, ts)
- case []*Term:
- for i := range ts {
- Walk(w, ts[i])
- }
- }
- for i := range x.With {
- Walk(w, x.With[i])
- }
- case *With:
- Walk(w, x.Target)
- Walk(w, x.Value)
- case *Term:
- Walk(w, x.Value)
- case Ref:
- for i := range x {
- Walk(w, x[i])
- }
- case *object:
- x.Foreach(func(k, vv *Term) {
- Walk(w, k)
- Walk(w, vv)
- })
- case *Array:
- x.Foreach(func(t *Term) {
- Walk(w, t)
- })
- case Set:
- x.Foreach(func(t *Term) {
- Walk(w, t)
- })
- case *ArrayComprehension:
- Walk(w, x.Term)
- Walk(w, x.Body)
- case *ObjectComprehension:
- Walk(w, x.Key)
- Walk(w, x.Value)
- Walk(w, x.Body)
- case *SetComprehension:
- Walk(w, x.Term)
- Walk(w, x.Body)
- case Call:
- for i := range x {
- Walk(w, x[i])
- }
- case *Every:
- if x.Key != nil {
- Walk(w, x.Key)
- }
- Walk(w, x.Value)
- Walk(w, x.Domain)
- Walk(w, x.Body)
- case *SomeDecl:
- for i := range x.Symbols {
- Walk(w, x.Symbols[i])
- }
- }
+func WalkBeforeAndAfter(v BeforeAndAfterVisitor, x any) {
+ v1.WalkBeforeAndAfter(v, x)
}
// WalkVars calls the function f on all vars under x. If the function f
// returns true, AST nodes under the last node will not be visited.
-func WalkVars(x interface{}, f func(Var) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
- if v, ok := x.(Var); ok {
- return f(v)
- }
- return false
- }}
- vis.Walk(x)
+func WalkVars(x any, f func(Var) bool) {
+ v1.WalkVars(x, f)
}
// WalkClosures calls the function f on all closures under x. If the function f
// returns true, AST nodes under the last node will not be visited.
-func WalkClosures(x interface{}, f func(interface{}) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
- switch x := x.(type) {
- case *ArrayComprehension, *ObjectComprehension, *SetComprehension, *Every:
- return f(x)
- }
- return false
- }}
- vis.Walk(x)
+func WalkClosures(x any, f func(any) bool) {
+ v1.WalkClosures(x, f)
}
// WalkRefs calls the function f on all references under x. If the function f
// returns true, AST nodes under the last node will not be visited.
-func WalkRefs(x interface{}, f func(Ref) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
- if r, ok := x.(Ref); ok {
- return f(r)
- }
- return false
- }}
- vis.Walk(x)
+func WalkRefs(x any, f func(Ref) bool) {
+ v1.WalkRefs(x, f)
}
// WalkTerms calls the function f on all terms under x. If the function f
// returns true, AST nodes under the last node will not be visited.
-func WalkTerms(x interface{}, f func(*Term) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
- if term, ok := x.(*Term); ok {
- return f(term)
- }
- return false
- }}
- vis.Walk(x)
+func WalkTerms(x any, f func(*Term) bool) {
+ v1.WalkTerms(x, f)
}
// WalkWiths calls the function f on all with modifiers under x. If the function f
// returns true, AST nodes under the last node will not be visited.
-func WalkWiths(x interface{}, f func(*With) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
- if w, ok := x.(*With); ok {
- return f(w)
- }
- return false
- }}
- vis.Walk(x)
+func WalkWiths(x any, f func(*With) bool) {
+ v1.WalkWiths(x, f)
}
// WalkExprs calls the function f on all expressions under x. If the function f
// returns true, AST nodes under the last node will not be visited.
-func WalkExprs(x interface{}, f func(*Expr) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
- if r, ok := x.(*Expr); ok {
- return f(r)
- }
- return false
- }}
- vis.Walk(x)
+func WalkExprs(x any, f func(*Expr) bool) {
+ v1.WalkExprs(x, f)
}
// WalkBodies calls the function f on all bodies under x. If the function f
// returns true, AST nodes under the last node will not be visited.
-func WalkBodies(x interface{}, f func(Body) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
- if b, ok := x.(Body); ok {
- return f(b)
- }
- return false
- }}
- vis.Walk(x)
+func WalkBodies(x any, f func(Body) bool) {
+ v1.WalkBodies(x, f)
}
// WalkRules calls the function f on all rules under x. If the function f
// returns true, AST nodes under the last node will not be visited.
-func WalkRules(x interface{}, f func(*Rule) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
- if r, ok := x.(*Rule); ok {
- stop := f(r)
- // NOTE(tsandall): since rules cannot be embedded inside of queries
- // we can stop early if there is no else block.
- if stop || r.Else == nil {
- return true
- }
- }
- return false
- }}
- vis.Walk(x)
+func WalkRules(x any, f func(*Rule) bool) {
+ v1.WalkRules(x, f)
}
// WalkNodes calls the function f on all nodes under x. If the function f
// returns true, AST nodes under the last node will not be visited.
-func WalkNodes(x interface{}, f func(Node) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
- if n, ok := x.(Node); ok {
- return f(n)
- }
- return false
- }}
- vis.Walk(x)
+func WalkNodes(x any, f func(Node) bool) {
+ v1.WalkNodes(x, f)
}
// GenericVisitor provides a utility to walk over AST nodes using a
// closure. If the closure returns true, the visitor will not walk
// over AST nodes under x.
-type GenericVisitor struct {
- f func(x interface{}) bool
-}
+type GenericVisitor = v1.GenericVisitor
// NewGenericVisitor returns a new GenericVisitor that will invoke the function
// f on AST nodes.
-func NewGenericVisitor(f func(x interface{}) bool) *GenericVisitor {
- return &GenericVisitor{f}
-}
-
-// Walk iterates the AST by calling the function f on the
-// GenericVisitor before recursing. Contrary to the generic Walk, this
-// does not require allocating the visitor from heap.
-func (vis *GenericVisitor) Walk(x interface{}) {
- if vis.f(x) {
- return
- }
-
- switch x := x.(type) {
- case *Module:
- vis.Walk(x.Package)
- for i := range x.Imports {
- vis.Walk(x.Imports[i])
- }
- for i := range x.Rules {
- vis.Walk(x.Rules[i])
- }
- for i := range x.Annotations {
- vis.Walk(x.Annotations[i])
- }
- for i := range x.Comments {
- vis.Walk(x.Comments[i])
- }
- case *Package:
- vis.Walk(x.Path)
- case *Import:
- vis.Walk(x.Path)
- vis.Walk(x.Alias)
- case *Rule:
- vis.Walk(x.Head)
- vis.Walk(x.Body)
- if x.Else != nil {
- vis.Walk(x.Else)
- }
- case *Head:
- vis.Walk(x.Name)
- vis.Walk(x.Args)
- if x.Key != nil {
- vis.Walk(x.Key)
- }
- if x.Value != nil {
- vis.Walk(x.Value)
- }
- case Body:
- for i := range x {
- vis.Walk(x[i])
- }
- case Args:
- for i := range x {
- vis.Walk(x[i])
- }
- case *Expr:
- switch ts := x.Terms.(type) {
- case *Term, *SomeDecl, *Every:
- vis.Walk(ts)
- case []*Term:
- for i := range ts {
- vis.Walk(ts[i])
- }
- }
- for i := range x.With {
- vis.Walk(x.With[i])
- }
- case *With:
- vis.Walk(x.Target)
- vis.Walk(x.Value)
- case *Term:
- vis.Walk(x.Value)
- case Ref:
- for i := range x {
- vis.Walk(x[i])
- }
- case *object:
- x.Foreach(func(k, _ *Term) {
- vis.Walk(k)
- vis.Walk(x.Get(k))
- })
- case Object:
- x.Foreach(func(k, _ *Term) {
- vis.Walk(k)
- vis.Walk(x.Get(k))
- })
- case *Array:
- x.Foreach(func(t *Term) {
- vis.Walk(t)
- })
- case Set:
- xSlice := x.Slice()
- for i := range xSlice {
- vis.Walk(xSlice[i])
- }
- case *ArrayComprehension:
- vis.Walk(x.Term)
- vis.Walk(x.Body)
- case *ObjectComprehension:
- vis.Walk(x.Key)
- vis.Walk(x.Value)
- vis.Walk(x.Body)
- case *SetComprehension:
- vis.Walk(x.Term)
- vis.Walk(x.Body)
- case Call:
- for i := range x {
- vis.Walk(x[i])
- }
- case *Every:
- if x.Key != nil {
- vis.Walk(x.Key)
- }
- vis.Walk(x.Value)
- vis.Walk(x.Domain)
- vis.Walk(x.Body)
- case *SomeDecl:
- for i := range x.Symbols {
- vis.Walk(x.Symbols[i])
- }
- }
+func NewGenericVisitor(f func(x any) bool) *GenericVisitor {
+ return v1.NewGenericVisitor(f)
}
// BeforeAfterVisitor provides a utility to walk over AST nodes using
// closures. If the before closure returns true, the visitor will not
// walk over AST nodes under x. The after closure is invoked always
// after visiting a node.
-type BeforeAfterVisitor struct {
- before func(x interface{}) bool
- after func(x interface{})
-}
+type BeforeAfterVisitor = v1.BeforeAfterVisitor
// NewBeforeAfterVisitor returns a new BeforeAndAfterVisitor that
// will invoke the functions before and after AST nodes.
-func NewBeforeAfterVisitor(before func(x interface{}) bool, after func(x interface{})) *BeforeAfterVisitor {
- return &BeforeAfterVisitor{before, after}
-}
-
-// Walk iterates the AST by calling the functions on the
-// BeforeAndAfterVisitor before and after recursing. Contrary to the
-// generic Walk, this does not require allocating the visitor from
-// heap.
-func (vis *BeforeAfterVisitor) Walk(x interface{}) {
- defer vis.after(x)
- if vis.before(x) {
- return
- }
-
- switch x := x.(type) {
- case *Module:
- vis.Walk(x.Package)
- for i := range x.Imports {
- vis.Walk(x.Imports[i])
- }
- for i := range x.Rules {
- vis.Walk(x.Rules[i])
- }
- for i := range x.Annotations {
- vis.Walk(x.Annotations[i])
- }
- for i := range x.Comments {
- vis.Walk(x.Comments[i])
- }
- case *Package:
- vis.Walk(x.Path)
- case *Import:
- vis.Walk(x.Path)
- vis.Walk(x.Alias)
- case *Rule:
- vis.Walk(x.Head)
- vis.Walk(x.Body)
- if x.Else != nil {
- vis.Walk(x.Else)
- }
- case *Head:
- if len(x.Reference) > 0 {
- vis.Walk(x.Reference)
- } else {
- vis.Walk(x.Name)
- if x.Key != nil {
- vis.Walk(x.Key)
- }
- }
- vis.Walk(x.Args)
- if x.Value != nil {
- vis.Walk(x.Value)
- }
- case Body:
- for i := range x {
- vis.Walk(x[i])
- }
- case Args:
- for i := range x {
- vis.Walk(x[i])
- }
- case *Expr:
- switch ts := x.Terms.(type) {
- case *Term, *SomeDecl, *Every:
- vis.Walk(ts)
- case []*Term:
- for i := range ts {
- vis.Walk(ts[i])
- }
- }
- for i := range x.With {
- vis.Walk(x.With[i])
- }
- case *With:
- vis.Walk(x.Target)
- vis.Walk(x.Value)
- case *Term:
- vis.Walk(x.Value)
- case Ref:
- for i := range x {
- vis.Walk(x[i])
- }
- case *object:
- x.Foreach(func(k, _ *Term) {
- vis.Walk(k)
- vis.Walk(x.Get(k))
- })
- case Object:
- x.Foreach(func(k, _ *Term) {
- vis.Walk(k)
- vis.Walk(x.Get(k))
- })
- case *Array:
- x.Foreach(func(t *Term) {
- vis.Walk(t)
- })
- case Set:
- xSlice := x.Slice()
- for i := range xSlice {
- vis.Walk(xSlice[i])
- }
- case *ArrayComprehension:
- vis.Walk(x.Term)
- vis.Walk(x.Body)
- case *ObjectComprehension:
- vis.Walk(x.Key)
- vis.Walk(x.Value)
- vis.Walk(x.Body)
- case *SetComprehension:
- vis.Walk(x.Term)
- vis.Walk(x.Body)
- case Call:
- for i := range x {
- vis.Walk(x[i])
- }
- case *Every:
- if x.Key != nil {
- vis.Walk(x.Key)
- }
- vis.Walk(x.Value)
- vis.Walk(x.Domain)
- vis.Walk(x.Body)
- case *SomeDecl:
- for i := range x.Symbols {
- vis.Walk(x.Symbols[i])
- }
- }
+func NewBeforeAfterVisitor(before func(x any) bool, after func(x any)) *BeforeAfterVisitor {
+ return v1.NewBeforeAfterVisitor(before, after)
}
// VarVisitor walks AST nodes under a given node and collects all encountered
// variables. The collected variables can be controlled by specifying
// VarVisitorParams when creating the visitor.
-type VarVisitor struct {
- params VarVisitorParams
- vars VarSet
-}
+type VarVisitor = v1.VarVisitor
// VarVisitorParams contains settings for a VarVisitor.
-type VarVisitorParams struct {
- SkipRefHead bool
- SkipRefCallHead bool
- SkipObjectKeys bool
- SkipClosures bool
- SkipWithTarget bool
- SkipSets bool
-}
+type VarVisitorParams = v1.VarVisitorParams
// NewVarVisitor returns a new VarVisitor object.
func NewVarVisitor() *VarVisitor {
- return &VarVisitor{
- vars: NewVarSet(),
- }
-}
-
-// WithParams sets the parameters in params on vis.
-func (vis *VarVisitor) WithParams(params VarVisitorParams) *VarVisitor {
- vis.params = params
- return vis
-}
-
-// Vars returns a VarSet that contains collected vars.
-func (vis *VarVisitor) Vars() VarSet {
- return vis.vars
-}
-
-// visit determines if the VarVisitor will recurse into x: if it returns `true`,
-// the visitor will _skip_ that branch of the AST
-func (vis *VarVisitor) visit(v interface{}) bool {
- if vis.params.SkipObjectKeys {
- if o, ok := v.(Object); ok {
- o.Foreach(func(_, v *Term) {
- vis.Walk(v)
- })
- return true
- }
- }
- if vis.params.SkipRefHead {
- if r, ok := v.(Ref); ok {
- rSlice := r[1:]
- for i := range rSlice {
- vis.Walk(rSlice[i])
- }
- return true
- }
- }
- if vis.params.SkipClosures {
- switch v := v.(type) {
- case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
- return true
- case *Expr:
- if ev, ok := v.Terms.(*Every); ok {
- vis.Walk(ev.Domain)
- // We're _not_ walking ev.Body -- that's the closure here
- return true
- }
- }
- }
- if vis.params.SkipWithTarget {
- if v, ok := v.(*With); ok {
- vis.Walk(v.Value)
- return true
- }
- }
- if vis.params.SkipSets {
- if _, ok := v.(Set); ok {
- return true
- }
- }
- if vis.params.SkipRefCallHead {
- switch v := v.(type) {
- case *Expr:
- if terms, ok := v.Terms.([]*Term); ok {
- termSlice := terms[0].Value.(Ref)[1:]
- for i := range termSlice {
- vis.Walk(termSlice[i])
- }
- for i := 1; i < len(terms); i++ {
- vis.Walk(terms[i])
- }
- for i := range v.With {
- vis.Walk(v.With[i])
- }
- return true
- }
- case Call:
- operator := v[0].Value.(Ref)
- for i := 1; i < len(operator); i++ {
- vis.Walk(operator[i])
- }
- for i := 1; i < len(v); i++ {
- vis.Walk(v[i])
- }
- return true
- case *With:
- if ref, ok := v.Target.Value.(Ref); ok {
- refSlice := ref[1:]
- for i := range refSlice {
- vis.Walk(refSlice[i])
- }
- }
- if ref, ok := v.Value.Value.(Ref); ok {
- refSlice := ref[1:]
- for i := range refSlice {
- vis.Walk(refSlice[i])
- }
- } else {
- vis.Walk(v.Value)
- }
- return true
- }
- }
- if v, ok := v.(Var); ok {
- vis.vars.Add(v)
- }
- return false
-}
-
-// Walk iterates the AST by calling the function f on the
-// GenericVisitor before recursing. Contrary to the generic Walk, this
-// does not require allocating the visitor from heap.
-func (vis *VarVisitor) Walk(x interface{}) {
- if vis.visit(x) {
- return
- }
-
- switch x := x.(type) {
- case *Module:
- vis.Walk(x.Package)
- for i := range x.Imports {
- vis.Walk(x.Imports[i])
- }
- for i := range x.Rules {
- vis.Walk(x.Rules[i])
- }
- for i := range x.Comments {
- vis.Walk(x.Comments[i])
- }
- case *Package:
- vis.Walk(x.Path)
- case *Import:
- vis.Walk(x.Path)
- vis.Walk(x.Alias)
- case *Rule:
- vis.Walk(x.Head)
- vis.Walk(x.Body)
- if x.Else != nil {
- vis.Walk(x.Else)
- }
- case *Head:
- if len(x.Reference) > 0 {
- vis.Walk(x.Reference)
- } else {
- vis.Walk(x.Name)
- if x.Key != nil {
- vis.Walk(x.Key)
- }
- }
- vis.Walk(x.Args)
-
- if x.Value != nil {
- vis.Walk(x.Value)
- }
- case Body:
- for i := range x {
- vis.Walk(x[i])
- }
- case Args:
- for i := range x {
- vis.Walk(x[i])
- }
- case *Expr:
- switch ts := x.Terms.(type) {
- case *Term, *SomeDecl, *Every:
- vis.Walk(ts)
- case []*Term:
- for i := range ts {
- vis.Walk(ts[i])
- }
- }
- for i := range x.With {
- vis.Walk(x.With[i])
- }
- case *With:
- vis.Walk(x.Target)
- vis.Walk(x.Value)
- case *Term:
- vis.Walk(x.Value)
- case Ref:
- for i := range x {
- vis.Walk(x[i])
- }
- case *object:
- x.Foreach(func(k, _ *Term) {
- vis.Walk(k)
- vis.Walk(x.Get(k))
- })
- case *Array:
- x.Foreach(func(t *Term) {
- vis.Walk(t)
- })
- case Set:
- xSlice := x.Slice()
- for i := range xSlice {
- vis.Walk(xSlice[i])
- }
- case *ArrayComprehension:
- vis.Walk(x.Term)
- vis.Walk(x.Body)
- case *ObjectComprehension:
- vis.Walk(x.Key)
- vis.Walk(x.Value)
- vis.Walk(x.Body)
- case *SetComprehension:
- vis.Walk(x.Term)
- vis.Walk(x.Body)
- case Call:
- for i := range x {
- vis.Walk(x[i])
- }
- case *Every:
- if x.Key != nil {
- vis.Walk(x.Key)
- }
- vis.Walk(x.Value)
- vis.Walk(x.Domain)
- vis.Walk(x.Body)
- case *SomeDecl:
- for i := range x.Symbols {
- vis.Walk(x.Symbols[i])
- }
- }
+ return v1.NewVarVisitor()
}
diff --git a/vendor/github.com/open-policy-agent/opa/bundle/bundle.go b/vendor/github.com/open-policy-agent/opa/bundle/bundle.go
index 0e159384ef..50ad97349a 100644
--- a/vendor/github.com/open-policy-agent/opa/bundle/bundle.go
+++ b/vendor/github.com/open-policy-agent/opa/bundle/bundle.go
@@ -6,1386 +6,97 @@
package bundle
import (
- "archive/tar"
- "bytes"
- "compress/gzip"
- "encoding/hex"
- "encoding/json"
- "errors"
- "fmt"
"io"
- "net/url"
- "os"
- "path"
- "path/filepath"
- "reflect"
- "strings"
- "github.com/gobwas/glob"
"github.com/open-policy-agent/opa/ast"
- astJSON "github.com/open-policy-agent/opa/ast/json"
- "github.com/open-policy-agent/opa/format"
- "github.com/open-policy-agent/opa/internal/file/archive"
- "github.com/open-policy-agent/opa/internal/merge"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/bundle"
)
// Common file extensions and file names.
const (
- RegoExt = ".rego"
- WasmFile = "policy.wasm"
- PlanFile = "plan.json"
- ManifestExt = ".manifest"
- SignaturesFile = "signatures.json"
- patchFile = "patch.json"
- dataFile = "data.json"
- yamlDataFile = "data.yaml"
- ymlDataFile = "data.yml"
- defaultHashingAlg = "SHA-256"
- DefaultSizeLimitBytes = (1024 * 1024 * 1024) // limit bundle reads to 1GB to protect against gzip bombs
- DeltaBundleType = "delta"
- SnapshotBundleType = "snapshot"
+ RegoExt = v1.RegoExt
+ WasmFile = v1.WasmFile
+ PlanFile = v1.PlanFile
+ ManifestExt = v1.ManifestExt
+ SignaturesFile = v1.SignaturesFile
+
+ DefaultSizeLimitBytes = v1.DefaultSizeLimitBytes
+ DeltaBundleType = v1.DeltaBundleType
+ SnapshotBundleType = v1.SnapshotBundleType
)
// Bundle represents a loaded bundle. The bundle can contain data and policies.
-type Bundle struct {
- Signatures SignaturesConfig
- Manifest Manifest
- Data map[string]interface{}
- Modules []ModuleFile
- Wasm []byte // Deprecated. Use WasmModules instead
- WasmModules []WasmModuleFile
- PlanModules []PlanModuleFile
- Patch Patch
- Etag string
- Raw []Raw
-
- lazyLoadingMode bool
- sizeLimitBytes int64
-}
+type Bundle = v1.Bundle
// Raw contains raw bytes representing the bundle's content
-type Raw struct {
- Path string
- Value []byte
-}
+type Raw = v1.Raw
// Patch contains an array of objects wherein each object represents the patch operation to be
// applied to the bundle data.
-type Patch struct {
- Data []PatchOperation `json:"data,omitempty"`
-}
+type Patch = v1.Patch
// PatchOperation models a single patch operation against a document.
-type PatchOperation struct {
- Op string `json:"op"`
- Path string `json:"path"`
- Value interface{} `json:"value"`
-}
+type PatchOperation = v1.PatchOperation
// SignaturesConfig represents an array of JWTs that encapsulate the signatures for the bundle.
-type SignaturesConfig struct {
- Signatures []string `json:"signatures,omitempty"`
- Plugin string `json:"plugin,omitempty"`
-}
-
-// isEmpty returns if the SignaturesConfig is empty.
-func (s SignaturesConfig) isEmpty() bool {
- return reflect.DeepEqual(s, SignaturesConfig{})
-}
+type SignaturesConfig = v1.SignaturesConfig
// DecodedSignature represents the decoded JWT payload.
-type DecodedSignature struct {
- Files []FileInfo `json:"files"`
- KeyID string `json:"keyid"` // Deprecated, use kid in the JWT header instead.
- Scope string `json:"scope"`
- IssuedAt int64 `json:"iat"`
- Issuer string `json:"iss"`
-}
+type DecodedSignature = v1.DecodedSignature
// FileInfo contains the hashing algorithm used, resulting digest etc.
-type FileInfo struct {
- Name string `json:"name"`
- Hash string `json:"hash"`
- Algorithm string `json:"algorithm"`
-}
+type FileInfo = v1.FileInfo
// NewFile returns a new FileInfo.
func NewFile(name, hash, alg string) FileInfo {
- return FileInfo{
- Name: name,
- Hash: hash,
- Algorithm: alg,
- }
+ return v1.NewFile(name, hash, alg)
}
// Manifest represents the manifest from a bundle. The manifest may contain
// metadata such as the bundle revision.
-type Manifest struct {
- Revision string `json:"revision"`
- Roots *[]string `json:"roots,omitempty"`
- WasmResolvers []WasmResolver `json:"wasm,omitempty"`
- // RegoVersion is the global Rego version for the bundle described by this Manifest.
- // The Rego version of individual files can be overridden in FileRegoVersions.
- // We don't use ast.RegoVersion here, as this iota type's order isn't guaranteed to be stable over time.
- // We use a pointer so that we can support hand-made bundles that don't have an explicit version appropriately.
- // E.g. in OPA 0.x if --v1-compatible is used when consuming the bundle, and there is no specified version,
- // we should default to v1; if --v1-compatible isn't used, we should default to v0. In OPA 1.0, no --x-compatible
- // flag and no explicit bundle version should default to v1.
- RegoVersion *int `json:"rego_version,omitempty"`
- // FileRegoVersions is a map from file paths to Rego versions.
- // This allows individual files to override the global Rego version specified by RegoVersion.
- FileRegoVersions map[string]int `json:"file_rego_versions,omitempty"`
- Metadata map[string]interface{} `json:"metadata,omitempty"`
-
- compiledFileRegoVersions []fileRegoVersion
-}
-
-type fileRegoVersion struct {
- path glob.Glob
- version int
-}
+type Manifest = v1.Manifest
// WasmResolver maps a wasm module to an entrypoint ref.
-type WasmResolver struct {
- Entrypoint string `json:"entrypoint,omitempty"`
- Module string `json:"module,omitempty"`
- Annotations []*ast.Annotations `json:"annotations,omitempty"`
-}
-
-// Init initializes the manifest. If you instantiate a manifest
-// manually, call Init to ensure that the roots are set properly.
-func (m *Manifest) Init() {
- if m.Roots == nil {
- defaultRoots := []string{""}
- m.Roots = &defaultRoots
- }
-}
-
-// AddRoot adds r to the roots of m. This function is idempotent.
-func (m *Manifest) AddRoot(r string) {
- m.Init()
- if !RootPathsContain(*m.Roots, r) {
- *m.Roots = append(*m.Roots, r)
- }
-}
-
-func (m *Manifest) SetRegoVersion(v ast.RegoVersion) {
- m.Init()
- regoVersion := 0
- if v == ast.RegoV1 {
- regoVersion = 1
- }
- m.RegoVersion = ®oVersion
-}
-
-// Equal returns true if m is semantically equivalent to other.
-func (m Manifest) Equal(other Manifest) bool {
-
- // This is safe since both are passed by value.
- m.Init()
- other.Init()
-
- if m.Revision != other.Revision {
- return false
- }
-
- if m.RegoVersion == nil && other.RegoVersion != nil {
- return false
- }
- if m.RegoVersion != nil && other.RegoVersion == nil {
- return false
- }
- if m.RegoVersion != nil && other.RegoVersion != nil && *m.RegoVersion != *other.RegoVersion {
- return false
- }
-
- // If both are nil, or both are empty, we consider them equal.
- if !(len(m.FileRegoVersions) == 0 && len(other.FileRegoVersions) == 0) &&
- !reflect.DeepEqual(m.FileRegoVersions, other.FileRegoVersions) {
- return false
- }
-
- if !reflect.DeepEqual(m.Metadata, other.Metadata) {
- return false
- }
-
- return m.equalWasmResolversAndRoots(other)
-}
-
-func (m Manifest) Empty() bool {
- return m.Equal(Manifest{})
-}
-
-// Copy returns a deep copy of the manifest.
-func (m Manifest) Copy() Manifest {
- m.Init()
- roots := make([]string, len(*m.Roots))
- copy(roots, *m.Roots)
- m.Roots = &roots
-
- wasmModules := make([]WasmResolver, len(m.WasmResolvers))
- copy(wasmModules, m.WasmResolvers)
- m.WasmResolvers = wasmModules
-
- metadata := m.Metadata
-
- if metadata != nil {
- m.Metadata = make(map[string]interface{})
- for k, v := range metadata {
- m.Metadata[k] = v
- }
- }
-
- return m
-}
-
-func (m Manifest) String() string {
- m.Init()
- if m.RegoVersion != nil {
- return fmt.Sprintf("",
- m.Revision, *m.RegoVersion, *m.Roots, m.WasmResolvers, m.Metadata)
- }
- return fmt.Sprintf("",
- m.Revision, *m.Roots, m.WasmResolvers, m.Metadata)
-}
-
-func (m Manifest) rootSet() stringSet {
- rs := map[string]struct{}{}
-
- for _, r := range *m.Roots {
- rs[r] = struct{}{}
- }
-
- return stringSet(rs)
-}
-
-func (m Manifest) equalWasmResolversAndRoots(other Manifest) bool {
- if len(m.WasmResolvers) != len(other.WasmResolvers) {
- return false
- }
-
- for i := 0; i < len(m.WasmResolvers); i++ {
- if !m.WasmResolvers[i].Equal(&other.WasmResolvers[i]) {
- return false
- }
- }
-
- return m.rootSet().Equal(other.rootSet())
-}
-
-func (wr *WasmResolver) Equal(other *WasmResolver) bool {
- if wr == nil && other == nil {
- return true
- }
-
- if wr == nil || other == nil {
- return false
- }
-
- if wr.Module != other.Module {
- return false
- }
-
- if wr.Entrypoint != other.Entrypoint {
- return false
- }
-
- annotLen := len(wr.Annotations)
- if annotLen != len(other.Annotations) {
- return false
- }
-
- for i := 0; i < annotLen; i++ {
- if wr.Annotations[i].Compare(other.Annotations[i]) != 0 {
- return false
- }
- }
-
- return true
-}
-
-type stringSet map[string]struct{}
-
-func (ss stringSet) Equal(other stringSet) bool {
- if len(ss) != len(other) {
- return false
- }
- for k := range other {
- if _, ok := ss[k]; !ok {
- return false
- }
- }
- return true
-}
-
-func (m *Manifest) validateAndInjectDefaults(b Bundle) error {
-
- m.Init()
-
- // Validate roots in bundle.
- roots := *m.Roots
-
- // Standardize the roots (no starting or trailing slash)
- for i := range roots {
- roots[i] = strings.Trim(roots[i], "/")
- }
-
- for i := 0; i < len(roots)-1; i++ {
- for j := i + 1; j < len(roots); j++ {
- if RootPathsOverlap(roots[i], roots[j]) {
- return fmt.Errorf("manifest has overlapped roots: '%v' and '%v'", roots[i], roots[j])
- }
- }
- }
-
- // Validate modules in bundle.
- for _, module := range b.Modules {
- found := false
- if path, err := module.Parsed.Package.Path.Ptr(); err == nil {
- found = RootPathsContain(roots, path)
- }
- if !found {
- return fmt.Errorf("manifest roots %v do not permit '%v' in module '%v'", roots, module.Parsed.Package, module.Path)
- }
- }
-
- // Build a set of wasm module entrypoints to validate
- wasmModuleToEps := map[string]string{}
- seenEps := map[string]struct{}{}
- for _, wm := range b.WasmModules {
- wasmModuleToEps[wm.Path] = ""
- }
-
- for _, wmConfig := range b.Manifest.WasmResolvers {
- _, ok := wasmModuleToEps[wmConfig.Module]
- if !ok {
- return fmt.Errorf("manifest references wasm module '%s' but the module file does not exist", wmConfig.Module)
- }
-
- // Ensure wasm module entrypoint in within bundle roots
- if !RootPathsContain(roots, wmConfig.Entrypoint) {
- return fmt.Errorf("manifest roots %v do not permit '%v' entrypoint for wasm module '%v'", roots, wmConfig.Entrypoint, wmConfig.Module)
- }
-
- if _, ok := seenEps[wmConfig.Entrypoint]; ok {
- return fmt.Errorf("entrypoint '%s' cannot be used by more than one wasm module", wmConfig.Entrypoint)
- }
- seenEps[wmConfig.Entrypoint] = struct{}{}
-
- wasmModuleToEps[wmConfig.Module] = wmConfig.Entrypoint
- }
-
- // Validate data patches in bundle.
- for _, patch := range b.Patch.Data {
- path := strings.Trim(patch.Path, "/")
- if !RootPathsContain(roots, path) {
- return fmt.Errorf("manifest roots %v do not permit data patch at path '%s'", roots, path)
- }
- }
-
- if b.lazyLoadingMode {
- return nil
- }
-
- // Validate data in bundle.
- return dfs(b.Data, "", func(path string, node interface{}) (bool, error) {
- path = strings.Trim(path, "/")
- if RootPathsContain(roots, path) {
- return true, nil
- }
-
- if _, ok := node.(map[string]interface{}); ok {
- for i := range roots {
- if RootPathsContain(strings.Split(path, "/"), roots[i]) {
- return false, nil
- }
- }
- }
- return false, fmt.Errorf("manifest roots %v do not permit data at path '/%s' (hint: check bundle directory structure)", roots, path)
- })
-}
+type WasmResolver = v1.WasmResolver
// ModuleFile represents a single module contained in a bundle.
-type ModuleFile struct {
- URL string
- Path string
- RelativePath string
- Raw []byte
- Parsed *ast.Module
-}
+type ModuleFile = v1.ModuleFile
// WasmModuleFile represents a single wasm module contained in a bundle.
-type WasmModuleFile struct {
- URL string
- Path string
- Entrypoints []ast.Ref
- Raw []byte
-}
+type WasmModuleFile = v1.WasmModuleFile
// PlanModuleFile represents a single plan module contained in a bundle.
//
// NOTE(tsandall): currently the plans are just opaque binary blobs. In the
// future we could inject the entrypoints so that the plans could be executed
// inside of OPA proper like we do for Wasm modules.
-type PlanModuleFile struct {
- URL string
- Path string
- Raw []byte
-}
+type PlanModuleFile = v1.PlanModuleFile
// Reader contains the reader to load the bundle from.
-type Reader struct {
- loader DirectoryLoader
- includeManifestInData bool
- metrics metrics.Metrics
- baseDir string
- verificationConfig *VerificationConfig
- skipVerify bool
- processAnnotations bool
- jsonOptions *astJSON.Options
- capabilities *ast.Capabilities
- files map[string]FileInfo // files in the bundle signature payload
- sizeLimitBytes int64
- etag string
- lazyLoadingMode bool
- name string
- persist bool
- regoVersion ast.RegoVersion
- followSymlinks bool
-}
+type Reader = v1.Reader
// NewReader is deprecated. Use NewCustomReader instead.
func NewReader(r io.Reader) *Reader {
- return NewCustomReader(NewTarballLoader(r))
+ return v1.NewReader(r).WithRegoVersion(ast.DefaultRegoVersion)
}
// NewCustomReader returns a new Reader configured to use the
// specified DirectoryLoader.
func NewCustomReader(loader DirectoryLoader) *Reader {
- nr := Reader{
- loader: loader,
- metrics: metrics.New(),
- files: make(map[string]FileInfo),
- sizeLimitBytes: DefaultSizeLimitBytes + 1,
- }
- return &nr
-}
-
-// IncludeManifestInData sets whether the manifest metadata should be
-// included in the bundle's data.
-func (r *Reader) IncludeManifestInData(includeManifestInData bool) *Reader {
- r.includeManifestInData = includeManifestInData
- return r
-}
-
-// WithMetrics sets the metrics object to be used while loading bundles
-func (r *Reader) WithMetrics(m metrics.Metrics) *Reader {
- r.metrics = m
- return r
-}
-
-// WithBaseDir sets a base directory for file paths of loaded Rego
-// modules. This will *NOT* affect the loaded path of data files.
-func (r *Reader) WithBaseDir(dir string) *Reader {
- r.baseDir = dir
- return r
-}
-
-// WithBundleVerificationConfig sets the key configuration used to verify a signed bundle
-func (r *Reader) WithBundleVerificationConfig(config *VerificationConfig) *Reader {
- r.verificationConfig = config
- return r
-}
-
-// WithSkipBundleVerification skips verification of a signed bundle
-func (r *Reader) WithSkipBundleVerification(skipVerify bool) *Reader {
- r.skipVerify = skipVerify
- return r
-}
-
-// WithProcessAnnotations enables annotation processing during .rego file parsing.
-func (r *Reader) WithProcessAnnotations(yes bool) *Reader {
- r.processAnnotations = yes
- return r
-}
-
-// WithCapabilities sets the supported capabilities when loading the files
-func (r *Reader) WithCapabilities(caps *ast.Capabilities) *Reader {
- r.capabilities = caps
- return r
-}
-
-// WithJSONOptions sets the JSONOptions to use when parsing policy files
-func (r *Reader) WithJSONOptions(opts *astJSON.Options) *Reader {
- r.jsonOptions = opts
- return r
-}
-
-// WithSizeLimitBytes sets the size limit to apply to files in the bundle. If files are larger
-// than this, an error will be returned by the reader.
-func (r *Reader) WithSizeLimitBytes(n int64) *Reader {
- r.sizeLimitBytes = n + 1
- return r
-}
-
-// WithBundleEtag sets the given etag value on the bundle
-func (r *Reader) WithBundleEtag(etag string) *Reader {
- r.etag = etag
- return r
-}
-
-// WithBundleName specifies the bundle name
-func (r *Reader) WithBundleName(name string) *Reader {
- r.name = name
- return r
-}
-
-func (r *Reader) WithFollowSymlinks(yes bool) *Reader {
- r.followSymlinks = yes
- return r
-}
-
-// WithLazyLoadingMode sets the bundle loading mode. If true,
-// bundles will be read in lazy mode. In this mode, data files in the bundle will not be
-// deserialized and the check to validate that the bundle data does not contain paths
-// outside the bundle's roots will not be performed while reading the bundle.
-func (r *Reader) WithLazyLoadingMode(yes bool) *Reader {
- r.lazyLoadingMode = yes
- return r
-}
-
-// WithBundlePersistence specifies if the downloaded bundle will eventually be persisted to disk.
-func (r *Reader) WithBundlePersistence(persist bool) *Reader {
- r.persist = persist
- return r
-}
-
-func (r *Reader) WithRegoVersion(version ast.RegoVersion) *Reader {
- r.regoVersion = version
- return r
-}
-
-func (r *Reader) ParserOptions() ast.ParserOptions {
- return ast.ParserOptions{
- ProcessAnnotation: r.processAnnotations,
- Capabilities: r.capabilities,
- JSONOptions: r.jsonOptions,
- RegoVersion: r.regoVersion,
- }
-}
-
-// Read returns a new Bundle loaded from the reader.
-func (r *Reader) Read() (Bundle, error) {
-
- var bundle Bundle
- var descriptors []*Descriptor
- var err error
- var raw []Raw
-
- bundle.Signatures, bundle.Patch, descriptors, err = preProcessBundle(r.loader, r.skipVerify, r.sizeLimitBytes)
- if err != nil {
- return bundle, err
- }
-
- bundle.lazyLoadingMode = r.lazyLoadingMode
- bundle.sizeLimitBytes = r.sizeLimitBytes
-
- if bundle.Type() == SnapshotBundleType {
- err = r.checkSignaturesAndDescriptors(bundle.Signatures)
- if err != nil {
- return bundle, err
- }
-
- bundle.Data = map[string]interface{}{}
- }
-
- var modules []ModuleFile
- for _, f := range descriptors {
- buf, err := readFile(f, r.sizeLimitBytes)
- if err != nil {
- return bundle, err
- }
-
- // verify the file content
- if bundle.Type() == SnapshotBundleType && !bundle.Signatures.isEmpty() {
- path := f.Path()
- if r.baseDir != "" {
- path = f.URL()
- }
- path = strings.TrimPrefix(path, "/")
-
- // check if the file is to be excluded from bundle verification
- if r.isFileExcluded(path) {
- delete(r.files, path)
- } else {
- if err = r.verifyBundleFile(path, buf); err != nil {
- return bundle, err
- }
- }
- }
-
- // Normalize the paths to use `/` separators
- path := filepath.ToSlash(f.Path())
-
- if strings.HasSuffix(path, RegoExt) {
- fullPath := r.fullPath(path)
- bs := buf.Bytes()
-
- if r.lazyLoadingMode {
- p := fullPath
- if r.name != "" {
- p = modulePathWithPrefix(r.name, fullPath)
- }
-
- raw = append(raw, Raw{Path: p, Value: bs})
- }
-
- // Modules are parsed after we've had a chance to read the manifest
- mf := ModuleFile{
- URL: f.URL(),
- Path: fullPath,
- RelativePath: path,
- Raw: bs,
- }
- modules = append(modules, mf)
- } else if filepath.Base(path) == WasmFile {
- bundle.WasmModules = append(bundle.WasmModules, WasmModuleFile{
- URL: f.URL(),
- Path: r.fullPath(path),
- Raw: buf.Bytes(),
- })
- } else if filepath.Base(path) == PlanFile {
- bundle.PlanModules = append(bundle.PlanModules, PlanModuleFile{
- URL: f.URL(),
- Path: r.fullPath(path),
- Raw: buf.Bytes(),
- })
- } else if filepath.Base(path) == dataFile {
- if r.lazyLoadingMode {
- raw = append(raw, Raw{Path: path, Value: buf.Bytes()})
- continue
- }
-
- var value interface{}
-
- r.metrics.Timer(metrics.RegoDataParse).Start()
- err := util.UnmarshalJSON(buf.Bytes(), &value)
- r.metrics.Timer(metrics.RegoDataParse).Stop()
-
- if err != nil {
- return bundle, fmt.Errorf("bundle load failed on %v: %w", r.fullPath(path), err)
- }
-
- if err := insertValue(&bundle, path, value); err != nil {
- return bundle, err
- }
-
- } else if filepath.Base(path) == yamlDataFile || filepath.Base(path) == ymlDataFile {
- if r.lazyLoadingMode {
- raw = append(raw, Raw{Path: path, Value: buf.Bytes()})
- continue
- }
-
- var value interface{}
-
- r.metrics.Timer(metrics.RegoDataParse).Start()
- err := util.Unmarshal(buf.Bytes(), &value)
- r.metrics.Timer(metrics.RegoDataParse).Stop()
-
- if err != nil {
- return bundle, fmt.Errorf("bundle load failed on %v: %w", r.fullPath(path), err)
- }
-
- if err := insertValue(&bundle, path, value); err != nil {
- return bundle, err
- }
-
- } else if strings.HasSuffix(path, ManifestExt) {
- if err := util.NewJSONDecoder(&buf).Decode(&bundle.Manifest); err != nil {
- return bundle, fmt.Errorf("bundle load failed on manifest decode: %w", err)
- }
- }
- }
-
- // Parse modules
- popts := r.ParserOptions()
- popts.RegoVersion = bundle.RegoVersion(popts.RegoVersion)
- for _, mf := range modules {
- modulePopts := popts
- if modulePopts.RegoVersion, err = bundle.RegoVersionForFile(mf.RelativePath, popts.RegoVersion); err != nil {
- return bundle, err
- }
- r.metrics.Timer(metrics.RegoModuleParse).Start()
- mf.Parsed, err = ast.ParseModuleWithOpts(mf.Path, string(mf.Raw), modulePopts)
- r.metrics.Timer(metrics.RegoModuleParse).Stop()
- if err != nil {
- return bundle, err
- }
- bundle.Modules = append(bundle.Modules, mf)
- }
-
- if bundle.Type() == DeltaBundleType {
- if len(bundle.Data) != 0 {
- return bundle, fmt.Errorf("delta bundle expected to contain only patch file but data files found")
- }
-
- if len(bundle.Modules) != 0 {
- return bundle, fmt.Errorf("delta bundle expected to contain only patch file but policy files found")
- }
-
- if len(bundle.WasmModules) != 0 {
- return bundle, fmt.Errorf("delta bundle expected to contain only patch file but wasm files found")
- }
-
- if r.persist {
- return bundle, fmt.Errorf("'persist' property is true in config. persisting delta bundle to disk is not supported")
- }
- }
-
- // check if the bundle signatures specify any files that weren't found in the bundle
- if bundle.Type() == SnapshotBundleType && len(r.files) != 0 {
- extra := []string{}
- for k := range r.files {
- extra = append(extra, k)
- }
- return bundle, fmt.Errorf("file(s) %v specified in bundle signatures but not found in the target bundle", extra)
- }
-
- if err := bundle.Manifest.validateAndInjectDefaults(bundle); err != nil {
- return bundle, err
- }
-
- // Inject the wasm module entrypoint refs into the WasmModuleFile structs
- epMap := map[string][]string{}
- for _, r := range bundle.Manifest.WasmResolvers {
- epMap[r.Module] = append(epMap[r.Module], r.Entrypoint)
- }
- for i := 0; i < len(bundle.WasmModules); i++ {
- entrypoints := epMap[bundle.WasmModules[i].Path]
- for _, entrypoint := range entrypoints {
- ref, err := ast.PtrRef(ast.DefaultRootDocument, entrypoint)
- if err != nil {
- return bundle, fmt.Errorf("failed to parse wasm module entrypoint '%s': %s", entrypoint, err)
- }
- bundle.WasmModules[i].Entrypoints = append(bundle.WasmModules[i].Entrypoints, ref)
- }
- }
-
- if r.includeManifestInData {
- var metadata map[string]interface{}
-
- b, err := json.Marshal(&bundle.Manifest)
- if err != nil {
- return bundle, fmt.Errorf("bundle load failed on manifest marshal: %w", err)
- }
-
- err = util.UnmarshalJSON(b, &metadata)
- if err != nil {
- return bundle, fmt.Errorf("bundle load failed on manifest unmarshal: %w", err)
- }
-
- // For backwards compatibility always write to the old unnamed manifest path
- // This will *not* be correct if >1 bundle is in use...
- if err := bundle.insertData(legacyManifestStoragePath, metadata); err != nil {
- return bundle, fmt.Errorf("bundle load failed on %v: %w", legacyRevisionStoragePath, err)
- }
- }
-
- bundle.Etag = r.etag
- bundle.Raw = raw
-
- return bundle, nil
-}
-
-func (r *Reader) isFileExcluded(path string) bool {
- for _, e := range r.verificationConfig.Exclude {
- match, _ := filepath.Match(e, path)
- if match {
- return true
- }
- }
- return false
-}
-
-func (r *Reader) checkSignaturesAndDescriptors(signatures SignaturesConfig) error {
- if r.skipVerify {
- return nil
- }
-
- if signatures.isEmpty() && r.verificationConfig != nil && r.verificationConfig.KeyID != "" {
- return fmt.Errorf("bundle missing .signatures.json file")
- }
-
- if !signatures.isEmpty() {
- if r.verificationConfig == nil {
- return fmt.Errorf("verification key not provided")
- }
-
- // verify the JWT signatures included in the `.signatures.json` file
- if err := r.verifyBundleSignature(signatures); err != nil {
- return err
- }
- }
- return nil
-}
-
-func (r *Reader) verifyBundleSignature(sc SignaturesConfig) error {
- var err error
- r.files, err = VerifyBundleSignature(sc, r.verificationConfig)
- return err
-}
-
-func (r *Reader) verifyBundleFile(path string, data bytes.Buffer) error {
- return VerifyBundleFile(path, data, r.files)
-}
-
-func (r *Reader) fullPath(path string) string {
- if r.baseDir != "" {
- path = filepath.Join(r.baseDir, path)
- }
- return path
+ return v1.NewCustomReader(loader).WithRegoVersion(ast.DefaultRegoVersion)
}
// Write is deprecated. Use NewWriter instead.
func Write(w io.Writer, bundle Bundle) error {
- return NewWriter(w).
- UseModulePath(true).
- DisableFormat(true).
- Write(bundle)
+ return v1.Write(w, bundle)
}
// Writer implements bundle serialization.
-type Writer struct {
- usePath bool
- disableFormat bool
- w io.Writer
-}
+type Writer = v1.Writer
// NewWriter returns a bundle writer that writes to w.
func NewWriter(w io.Writer) *Writer {
- return &Writer{
- w: w,
- }
-}
-
-// UseModulePath configures the writer to use the module file path instead of the
-// module file URL during serialization. This is for backwards compatibility.
-func (w *Writer) UseModulePath(yes bool) *Writer {
- w.usePath = yes
- return w
-}
-
-// DisableFormat configures the writer to just write out raw bytes instead
-// of formatting modules before serialization.
-func (w *Writer) DisableFormat(yes bool) *Writer {
- w.disableFormat = yes
- return w
-}
-
-// Write writes the bundle to the writer's output stream.
-func (w *Writer) Write(bundle Bundle) error {
- gw := gzip.NewWriter(w.w)
- tw := tar.NewWriter(gw)
-
- bundleType := bundle.Type()
-
- if bundleType == SnapshotBundleType {
- var buf bytes.Buffer
-
- if err := json.NewEncoder(&buf).Encode(bundle.Data); err != nil {
- return err
- }
-
- if err := archive.WriteFile(tw, "data.json", buf.Bytes()); err != nil {
- return err
- }
-
- for _, module := range bundle.Modules {
- path := module.URL
- if w.usePath {
- path = module.Path
- }
-
- if err := archive.WriteFile(tw, path, module.Raw); err != nil {
- return err
- }
- }
-
- if err := w.writeWasm(tw, bundle); err != nil {
- return err
- }
-
- if err := writeSignatures(tw, bundle); err != nil {
- return err
- }
-
- if err := w.writePlan(tw, bundle); err != nil {
- return err
- }
- } else if bundleType == DeltaBundleType {
- if err := writePatch(tw, bundle); err != nil {
- return err
- }
- }
-
- if err := writeManifest(tw, bundle); err != nil {
- return err
- }
-
- if err := tw.Close(); err != nil {
- return err
- }
-
- return gw.Close()
-}
-
-func (w *Writer) writeWasm(tw *tar.Writer, bundle Bundle) error {
- for _, wm := range bundle.WasmModules {
- path := wm.URL
- if w.usePath {
- path = wm.Path
- }
-
- err := archive.WriteFile(tw, path, wm.Raw)
- if err != nil {
- return err
- }
- }
-
- if len(bundle.Wasm) > 0 {
- err := archive.WriteFile(tw, "/"+WasmFile, bundle.Wasm)
- if err != nil {
- return err
- }
- }
-
- return nil
-}
-
-func (w *Writer) writePlan(tw *tar.Writer, bundle Bundle) error {
- for _, wm := range bundle.PlanModules {
- path := wm.URL
- if w.usePath {
- path = wm.Path
- }
-
- err := archive.WriteFile(tw, path, wm.Raw)
- if err != nil {
- return err
- }
- }
-
- return nil
-}
-
-func writeManifest(tw *tar.Writer, bundle Bundle) error {
-
- if bundle.Manifest.Empty() {
- return nil
- }
-
- var buf bytes.Buffer
-
- if err := json.NewEncoder(&buf).Encode(bundle.Manifest); err != nil {
- return err
- }
-
- return archive.WriteFile(tw, ManifestExt, buf.Bytes())
-}
-
-func writePatch(tw *tar.Writer, bundle Bundle) error {
-
- var buf bytes.Buffer
-
- if err := json.NewEncoder(&buf).Encode(bundle.Patch); err != nil {
- return err
- }
-
- return archive.WriteFile(tw, patchFile, buf.Bytes())
-}
-
-func writeSignatures(tw *tar.Writer, bundle Bundle) error {
-
- if bundle.Signatures.isEmpty() {
- return nil
- }
-
- bs, err := json.MarshalIndent(bundle.Signatures, "", " ")
- if err != nil {
- return err
- }
-
- return archive.WriteFile(tw, fmt.Sprintf(".%v", SignaturesFile), bs)
-}
-
-func hashBundleFiles(hash SignatureHasher, b *Bundle) ([]FileInfo, error) {
-
- files := []FileInfo{}
-
- bs, err := hash.HashFile(b.Data)
- if err != nil {
- return files, err
- }
- files = append(files, NewFile(strings.TrimPrefix("data.json", "/"), hex.EncodeToString(bs), defaultHashingAlg))
-
- if len(b.Wasm) != 0 {
- bs, err := hash.HashFile(b.Wasm)
- if err != nil {
- return files, err
- }
- files = append(files, NewFile(strings.TrimPrefix(WasmFile, "/"), hex.EncodeToString(bs), defaultHashingAlg))
- }
-
- for _, wasmModule := range b.WasmModules {
- bs, err := hash.HashFile(wasmModule.Raw)
- if err != nil {
- return files, err
- }
- files = append(files, NewFile(strings.TrimPrefix(wasmModule.Path, "/"), hex.EncodeToString(bs), defaultHashingAlg))
- }
-
- for _, planmodule := range b.PlanModules {
- bs, err := hash.HashFile(planmodule.Raw)
- if err != nil {
- return files, err
- }
- files = append(files, NewFile(strings.TrimPrefix(planmodule.Path, "/"), hex.EncodeToString(bs), defaultHashingAlg))
- }
-
- // If the manifest is essentially empty, don't add it to the signatures since it
- // won't be written to the bundle. Otherwise:
- // parse the manifest into a JSON structure;
- // then recursively order the fields of all objects alphabetically and then apply
- // the hash function to result to compute the hash.
- if !b.Manifest.Empty() {
- mbs, err := json.Marshal(b.Manifest)
- if err != nil {
- return files, err
- }
-
- var result map[string]interface{}
- if err := util.Unmarshal(mbs, &result); err != nil {
- return files, err
- }
-
- bs, err = hash.HashFile(result)
- if err != nil {
- return files, err
- }
-
- files = append(files, NewFile(strings.TrimPrefix(ManifestExt, "/"), hex.EncodeToString(bs), defaultHashingAlg))
- }
-
- return files, err
-}
-
-// FormatModules formats Rego modules
-// Modules will be formatted to comply with rego-v0, but Rego compatibility of individual parsed modules will be respected (e.g. if 'rego.v1' is imported).
-func (b *Bundle) FormatModules(useModulePath bool) error {
- return b.FormatModulesForRegoVersion(ast.RegoV0, true, useModulePath)
-}
-
-// FormatModulesForRegoVersion formats Rego modules to comply with a given Rego version
-func (b *Bundle) FormatModulesForRegoVersion(version ast.RegoVersion, preserveModuleRegoVersion bool, useModulePath bool) error {
- var err error
-
- for i, module := range b.Modules {
- opts := format.Opts{}
- if preserveModuleRegoVersion {
- opts.RegoVersion = module.Parsed.RegoVersion()
- opts.ParserOptions = &ast.ParserOptions{
- RegoVersion: opts.RegoVersion,
- }
- } else {
- opts.RegoVersion = version
- }
-
- if module.Raw == nil {
- module.Raw, err = format.AstWithOpts(module.Parsed, opts)
- if err != nil {
- return err
- }
- } else {
- path := module.URL
- if useModulePath {
- path = module.Path
- }
-
- module.Raw, err = format.SourceWithOpts(path, module.Raw, opts)
- if err != nil {
- return err
- }
- }
- b.Modules[i].Raw = module.Raw
- }
- return nil
-}
-
-// GenerateSignature generates the signature for the given bundle.
-func (b *Bundle) GenerateSignature(signingConfig *SigningConfig, keyID string, useModulePath bool) error {
-
- hash, err := NewSignatureHasher(HashingAlgorithm(defaultHashingAlg))
- if err != nil {
- return err
- }
-
- files := []FileInfo{}
-
- for _, module := range b.Modules {
- bytes, err := hash.HashFile(module.Raw)
- if err != nil {
- return err
- }
-
- path := module.URL
- if useModulePath {
- path = module.Path
- }
- files = append(files, NewFile(strings.TrimPrefix(path, "/"), hex.EncodeToString(bytes), defaultHashingAlg))
- }
-
- result, err := hashBundleFiles(hash, b)
- if err != nil {
- return err
- }
- files = append(files, result...)
-
- // generate signed token
- token, err := GenerateSignedToken(files, signingConfig, keyID)
- if err != nil {
- return err
- }
-
- if b.Signatures.isEmpty() {
- b.Signatures = SignaturesConfig{}
- }
-
- if signingConfig.Plugin != "" {
- b.Signatures.Plugin = signingConfig.Plugin
- }
-
- b.Signatures.Signatures = []string{token}
-
- return nil
-}
-
-// ParsedModules returns a map of parsed modules with names that are
-// unique and human readable for the given a bundle name.
-func (b *Bundle) ParsedModules(bundleName string) map[string]*ast.Module {
-
- mods := make(map[string]*ast.Module, len(b.Modules))
-
- for _, mf := range b.Modules {
- mods[modulePathWithPrefix(bundleName, mf.Path)] = mf.Parsed
- }
-
- return mods
-}
-
-func (b *Bundle) RegoVersion(def ast.RegoVersion) ast.RegoVersion {
- if v := b.Manifest.RegoVersion; v != nil {
- if *v == 0 {
- return ast.RegoV0
- } else if *v == 1 {
- return ast.RegoV1
- }
- }
- return def
-}
-
-func (b *Bundle) SetRegoVersion(v ast.RegoVersion) {
- b.Manifest.SetRegoVersion(v)
-}
-
-// RegoVersionForFile returns the rego-version for the specified file path.
-// If there is no defined version for the given path, the default version def is returned.
-// If the version does not correspond to ast.RegoV0 or ast.RegoV1, an error is returned.
-func (b *Bundle) RegoVersionForFile(path string, def ast.RegoVersion) (ast.RegoVersion, error) {
- version, err := b.Manifest.numericRegoVersionForFile(path)
- if err != nil {
- return def, err
- } else if version == nil {
- return def, nil
- } else if *version == 0 {
- return ast.RegoV0, nil
- } else if *version == 1 {
- return ast.RegoV1, nil
- }
- return def, fmt.Errorf("unknown bundle rego-version %d for file '%s'", *version, path)
-}
-
-func (m *Manifest) numericRegoVersionForFile(path string) (*int, error) {
- var version *int
-
- if len(m.FileRegoVersions) != len(m.compiledFileRegoVersions) {
- m.compiledFileRegoVersions = make([]fileRegoVersion, 0, len(m.FileRegoVersions))
- for pattern, v := range m.FileRegoVersions {
- compiled, err := glob.Compile(pattern)
- if err != nil {
- return nil, fmt.Errorf("failed to compile glob pattern %s: %s", pattern, err)
- }
- m.compiledFileRegoVersions = append(m.compiledFileRegoVersions, fileRegoVersion{compiled, v})
- }
- }
-
- for _, fv := range m.compiledFileRegoVersions {
- if fv.path.Match(path) {
- version = &fv.version
- break
- }
- }
-
- if version == nil {
- version = m.RegoVersion
- }
- return version, nil
-}
-
-// Equal returns true if this bundle's contents equal the other bundle's
-// contents.
-func (b Bundle) Equal(other Bundle) bool {
- if !reflect.DeepEqual(b.Data, other.Data) {
- return false
- }
-
- if len(b.Modules) != len(other.Modules) {
- return false
- }
- for i := range b.Modules {
- // To support bundles built from rootless filesystems we ignore a "/" prefix
- // for URLs and Paths, such that "/file" and "file" are equivalent
- if strings.TrimPrefix(b.Modules[i].URL, string(filepath.Separator)) !=
- strings.TrimPrefix(other.Modules[i].URL, string(filepath.Separator)) {
- return false
- }
- if strings.TrimPrefix(b.Modules[i].Path, string(filepath.Separator)) !=
- strings.TrimPrefix(other.Modules[i].Path, string(filepath.Separator)) {
- return false
- }
- if !b.Modules[i].Parsed.Equal(other.Modules[i].Parsed) {
- return false
- }
- if !bytes.Equal(b.Modules[i].Raw, other.Modules[i].Raw) {
- return false
- }
- }
- if (b.Wasm == nil && other.Wasm != nil) || (b.Wasm != nil && other.Wasm == nil) {
- return false
- }
-
- return bytes.Equal(b.Wasm, other.Wasm)
-}
-
-// Copy returns a deep copy of the bundle.
-func (b Bundle) Copy() Bundle {
-
- // Copy data.
- var x interface{} = b.Data
-
- if err := util.RoundTrip(&x); err != nil {
- panic(err)
- }
-
- if x != nil {
- b.Data = x.(map[string]interface{})
- }
-
- // Copy modules.
- for i := range b.Modules {
- bs := make([]byte, len(b.Modules[i].Raw))
- copy(bs, b.Modules[i].Raw)
- b.Modules[i].Raw = bs
- b.Modules[i].Parsed = b.Modules[i].Parsed.Copy()
- }
-
- // Copy manifest.
- b.Manifest = b.Manifest.Copy()
-
- return b
-}
-
-func (b *Bundle) insertData(key []string, value interface{}) error {
- // Build an object with the full structure for the value
- obj, err := mktree(key, value)
- if err != nil {
- return err
- }
-
- // Merge the new data in with the current bundle data object
- merged, ok := merge.InterfaceMaps(b.Data, obj)
- if !ok {
- return fmt.Errorf("failed to insert data file from path %s", filepath.Join(key...))
- }
-
- b.Data = merged
-
- return nil
-}
-
-func (b *Bundle) readData(key []string) *interface{} {
-
- if len(key) == 0 {
- if len(b.Data) == 0 {
- return nil
- }
- var result interface{} = b.Data
- return &result
- }
-
- node := b.Data
-
- for i := 0; i < len(key)-1; i++ {
-
- child, ok := node[key[i]]
- if !ok {
- return nil
- }
-
- childObj, ok := child.(map[string]interface{})
- if !ok {
- return nil
- }
-
- node = childObj
- }
-
- child, ok := node[key[len(key)-1]]
- if !ok {
- return nil
- }
-
- return &child
-}
-
-// Type returns the type of the bundle.
-func (b *Bundle) Type() string {
- if len(b.Patch.Data) != 0 {
- return DeltaBundleType
- }
- return SnapshotBundleType
-}
-
-func mktree(path []string, value interface{}) (map[string]interface{}, error) {
- if len(path) == 0 {
- // For 0 length path the value is the full tree.
- obj, ok := value.(map[string]interface{})
- if !ok {
- return nil, fmt.Errorf("root value must be object")
- }
- return obj, nil
- }
-
- dir := map[string]interface{}{}
- for i := len(path) - 1; i > 0; i-- {
- dir[path[i]] = value
- value = dir
- dir = map[string]interface{}{}
- }
- dir[path[0]] = value
-
- return dir, nil
+ return v1.NewWriter(w)
}
// Merge accepts a set of bundles and merges them into a single result bundle. If there are
@@ -1393,7 +104,7 @@ func mktree(path []string, value interface{}) (map[string]interface{}, error) {
// will have an empty revision except in the special case where a single bundle is provided
// (and in that case the bundle is just returned unmodified.)
func Merge(bundles []*Bundle) (*Bundle, error) {
- return MergeWithRegoVersion(bundles, ast.RegoV0, false)
+ return MergeWithRegoVersion(bundles, ast.DefaultRegoVersion, false)
}
// MergeWithRegoVersion creates a merged bundle from the provided bundles, similar to Merge.
@@ -1405,348 +116,19 @@ func Merge(bundles []*Bundle) (*Bundle, error) {
// If usePath is true, per-file rego-versions will be calculated using the file's ModuleFile.Path; otherwise, the file's
// ModuleFile.URL will be used.
func MergeWithRegoVersion(bundles []*Bundle, regoVersion ast.RegoVersion, usePath bool) (*Bundle, error) {
-
- if len(bundles) == 0 {
- return nil, errors.New("expected at least one bundle")
- }
-
- if len(bundles) == 1 {
- result := bundles[0]
- // We respect the bundle rego-version, defaulting to the provided rego version if not set.
- result.SetRegoVersion(result.RegoVersion(regoVersion))
- fileRegoVersions, err := bundleRegoVersions(result, result.RegoVersion(regoVersion), usePath)
- if err != nil {
- return nil, err
- }
- result.Manifest.FileRegoVersions = fileRegoVersions
- return result, nil
+ if regoVersion == ast.RegoUndefined {
+ regoVersion = ast.DefaultRegoVersion
}
- var roots []string
- var result Bundle
-
- for _, b := range bundles {
-
- if b.Manifest.Roots == nil {
- return nil, errors.New("bundle manifest not initialized")
- }
-
- roots = append(roots, *b.Manifest.Roots...)
-
- result.Modules = append(result.Modules, b.Modules...)
-
- for _, root := range *b.Manifest.Roots {
- key := strings.Split(root, "/")
- if val := b.readData(key); val != nil {
- if err := result.insertData(key, *val); err != nil {
- return nil, err
- }
- }
- }
-
- result.Manifest.WasmResolvers = append(result.Manifest.WasmResolvers, b.Manifest.WasmResolvers...)
- result.WasmModules = append(result.WasmModules, b.WasmModules...)
- result.PlanModules = append(result.PlanModules, b.PlanModules...)
-
- if b.Manifest.RegoVersion != nil || len(b.Manifest.FileRegoVersions) > 0 {
- if result.Manifest.FileRegoVersions == nil {
- result.Manifest.FileRegoVersions = map[string]int{}
- }
-
- fileRegoVersions, err := bundleRegoVersions(b, regoVersion, usePath)
- if err != nil {
- return nil, err
- }
- for k, v := range fileRegoVersions {
- result.Manifest.FileRegoVersions[k] = v
- }
- }
- }
-
- // We respect the bundle rego-version, defaulting to the provided rego version if not set.
- result.SetRegoVersion(result.RegoVersion(regoVersion))
-
- if result.Data == nil {
- result.Data = map[string]interface{}{}
- }
-
- result.Manifest.Roots = &roots
-
- if err := result.Manifest.validateAndInjectDefaults(result); err != nil {
- return nil, err
- }
-
- return &result, nil
-}
-
-func bundleRegoVersions(bundle *Bundle, regoVersion ast.RegoVersion, usePath bool) (map[string]int, error) {
- fileRegoVersions := map[string]int{}
-
- // we drop the bundle-global rego versions and record individual rego versions for each module.
- for _, m := range bundle.Modules {
- // We fetch rego-version by the path relative to the bundle root, as the complete path of the module might
- // contain the path between OPA working directory and the bundle root.
- v, err := bundle.RegoVersionForFile(bundleRelativePath(m, usePath), bundle.RegoVersion(regoVersion))
- if err != nil {
- return nil, err
- }
- // only record the rego version if it's different from one applied globally to the result bundle
- if v != regoVersion {
- // We store the rego version by the absolute path to the bundle root, as this will be the - possibly new - path
- // to the module inside the merged bundle.
- fileRegoVersions[bundleAbsolutePath(m, usePath)] = v.Int()
- }
- }
-
- return fileRegoVersions, nil
-}
-
-func bundleRelativePath(m ModuleFile, usePath bool) string {
- p := m.RelativePath
- if p == "" {
- if usePath {
- p = m.Path
- } else {
- p = m.URL
- }
- }
- return p
-}
-
-func bundleAbsolutePath(m ModuleFile, usePath bool) string {
- var p string
- if usePath {
- p = m.Path
- } else {
- p = m.URL
- }
- if !path.IsAbs(p) {
- p = "/" + p
- }
- return path.Clean(p)
+ return v1.MergeWithRegoVersion(bundles, regoVersion, usePath)
}
// RootPathsOverlap takes in two bundle root paths and returns true if they overlap.
func RootPathsOverlap(pathA string, pathB string) bool {
- a := rootPathSegments(pathA)
- b := rootPathSegments(pathB)
- return rootContains(a, b) || rootContains(b, a)
+ return v1.RootPathsOverlap(pathA, pathB)
}
// RootPathsContain takes a set of bundle root paths and returns true if the path is contained.
func RootPathsContain(roots []string, path string) bool {
- segments := rootPathSegments(path)
- for i := range roots {
- if rootContains(rootPathSegments(roots[i]), segments) {
- return true
- }
- }
- return false
-}
-
-func rootPathSegments(path string) []string {
- return strings.Split(path, "/")
-}
-
-func rootContains(root []string, other []string) bool {
-
- // A single segment, empty string root always contains the other.
- if len(root) == 1 && root[0] == "" {
- return true
- }
-
- if len(root) > len(other) {
- return false
- }
-
- for j := range root {
- if root[j] != other[j] {
- return false
- }
- }
-
- return true
-}
-
-func insertValue(b *Bundle, path string, value interface{}) error {
- if err := b.insertData(getNormalizedPath(path), value); err != nil {
- return fmt.Errorf("bundle load failed on %v: %w", path, err)
- }
- return nil
-}
-
-func getNormalizedPath(path string) []string {
- // Remove leading / and . characters from the directory path. If the bundle
- // was written with OPA then the paths will contain a leading slash. On the
- // other hand, if the path is empty, filepath.Dir will return '.'.
- // Note: filepath.Dir can return paths with '\' separators, always use
- // filepath.ToSlash to keep them normalized.
- dirpath := strings.TrimLeft(normalizePath(filepath.Dir(path)), "/.")
- var key []string
- if dirpath != "" {
- key = strings.Split(dirpath, "/")
- }
- return key
-}
-
-func dfs(value interface{}, path string, fn func(string, interface{}) (bool, error)) error {
- if stop, err := fn(path, value); err != nil {
- return err
- } else if stop {
- return nil
- }
- obj, ok := value.(map[string]interface{})
- if !ok {
- return nil
- }
- for key := range obj {
- if err := dfs(obj[key], path+"/"+key, fn); err != nil {
- return err
- }
- }
- return nil
-}
-
-func modulePathWithPrefix(bundleName string, modulePath string) string {
- // Default prefix is just the bundle name
- prefix := bundleName
-
- // Bundle names are sometimes just file paths, some of which
- // are full urls (file:///foo/). Parse these and only use the path.
- parsed, err := url.Parse(bundleName)
- if err == nil {
- prefix = filepath.Join(parsed.Host, parsed.Path)
- }
-
- // Note: filepath.Join can return paths with '\' separators, always use
- // filepath.ToSlash to keep them normalized.
- return normalizePath(filepath.Join(prefix, modulePath))
-}
-
-// IsStructuredDoc checks if the file name equals a structured file extension ex. ".json"
-func IsStructuredDoc(name string) bool {
- return filepath.Base(name) == dataFile || filepath.Base(name) == yamlDataFile ||
- filepath.Base(name) == SignaturesFile || filepath.Base(name) == ManifestExt
-}
-
-func preProcessBundle(loader DirectoryLoader, skipVerify bool, sizeLimitBytes int64) (SignaturesConfig, Patch, []*Descriptor, error) {
- descriptors := []*Descriptor{}
- var signatures SignaturesConfig
- var patch Patch
-
- for {
- f, err := loader.NextFile()
- if err == io.EOF {
- break
- }
-
- if err != nil {
- return signatures, patch, nil, fmt.Errorf("bundle read failed: %w", err)
- }
-
- // check for the signatures file
- if !skipVerify && strings.HasSuffix(f.Path(), SignaturesFile) {
- buf, err := readFile(f, sizeLimitBytes)
- if err != nil {
- return signatures, patch, nil, err
- }
-
- if err := util.NewJSONDecoder(&buf).Decode(&signatures); err != nil {
- return signatures, patch, nil, fmt.Errorf("bundle load failed on signatures decode: %w", err)
- }
- } else if !strings.HasSuffix(f.Path(), SignaturesFile) {
- descriptors = append(descriptors, f)
-
- if filepath.Base(f.Path()) == patchFile {
-
- var b bytes.Buffer
- tee := io.TeeReader(f.reader, &b)
- f.reader = tee
-
- buf, err := readFile(f, sizeLimitBytes)
- if err != nil {
- return signatures, patch, nil, err
- }
-
- if err := util.NewJSONDecoder(&buf).Decode(&patch); err != nil {
- return signatures, patch, nil, fmt.Errorf("bundle load failed on patch decode: %w", err)
- }
-
- f.reader = &b
- }
- }
- }
- return signatures, patch, descriptors, nil
-}
-
-func readFile(f *Descriptor, sizeLimitBytes int64) (bytes.Buffer, error) {
- // Case for pre-loaded byte buffers, like those from the tarballLoader.
- if bb, ok := f.reader.(*bytes.Buffer); ok {
- _ = f.Close() // always close, even on error
-
- if int64(bb.Len()) >= sizeLimitBytes {
- return *bb, fmt.Errorf("bundle file '%v' size (%d bytes) exceeded max size (%v bytes)",
- strings.TrimPrefix(f.Path(), "/"), bb.Len(), sizeLimitBytes-1)
- }
-
- return *bb, nil
- }
-
- // Case for *lazyFile readers:
- if lf, ok := f.reader.(*lazyFile); ok {
- var buf bytes.Buffer
- if lf.file == nil {
- var err error
- if lf.file, err = os.Open(lf.path); err != nil {
- return buf, fmt.Errorf("failed to open file %s: %w", f.path, err)
- }
- }
- // Bail out if we can't read the whole file-- there's nothing useful we can do at that point!
- fileSize, _ := fstatFileSize(lf.file)
- if fileSize > sizeLimitBytes {
- return buf, fmt.Errorf(maxSizeLimitBytesErrMsg, strings.TrimPrefix(f.Path(), "/"), fileSize, sizeLimitBytes-1)
- }
- // Prealloc the buffer for the file read.
- buffer := make([]byte, fileSize)
- _, err := io.ReadFull(lf.file, buffer)
- if err != nil {
- return buf, err
- }
- _ = lf.file.Close() // always close, even on error
-
- // Note(philipc): Replace the lazyFile reader in the *Descriptor with a
- // pointer to the wrapping bytes.Buffer, so that we don't re-read the
- // file on disk again by accident.
- buf = *bytes.NewBuffer(buffer)
- f.reader = &buf
- return buf, nil
- }
-
- // Fallback case:
- var buf bytes.Buffer
- n, err := f.Read(&buf, sizeLimitBytes)
- _ = f.Close() // always close, even on error
-
- if err != nil && err != io.EOF {
- return buf, err
- } else if err == nil && n >= sizeLimitBytes {
- return buf, fmt.Errorf(maxSizeLimitBytesErrMsg, strings.TrimPrefix(f.Path(), "/"), n, sizeLimitBytes-1)
- }
-
- return buf, nil
-}
-
-// Takes an already open file handle and invokes the os.Stat system call on it
-// to determine the file's size. Passes any errors from *File.Stat on up to the
-// caller.
-func fstatFileSize(f *os.File) (int64, error) {
- fileInfo, err := f.Stat()
- if err != nil {
- return 0, err
- }
- return fileInfo.Size(), nil
-}
-
-func normalizePath(p string) string {
- return filepath.ToSlash(p)
+ return v1.RootPathsContain(roots, path)
}
diff --git a/vendor/github.com/open-policy-agent/opa/bundle/doc.go b/vendor/github.com/open-policy-agent/opa/bundle/doc.go
new file mode 100644
index 0000000000..7ec7c9b332
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/bundle/doc.go
@@ -0,0 +1,8 @@
+// Copyright 2024 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
+package bundle
diff --git a/vendor/github.com/open-policy-agent/opa/bundle/file.go b/vendor/github.com/open-policy-agent/opa/bundle/file.go
index 80b1a87eb1..ccb7b23510 100644
--- a/vendor/github.com/open-policy-agent/opa/bundle/file.go
+++ b/vendor/github.com/open-policy-agent/opa/bundle/file.go
@@ -1,508 +1,50 @@
package bundle
import (
- "archive/tar"
- "bytes"
- "compress/gzip"
- "fmt"
"io"
- "io/fs"
- "os"
- "path/filepath"
- "sort"
- "strings"
- "sync"
-
- "github.com/open-policy-agent/opa/loader/filter"
"github.com/open-policy-agent/opa/storage"
+ v1 "github.com/open-policy-agent/opa/v1/bundle"
)
-const maxSizeLimitBytesErrMsg = "bundle file %s size (%d bytes) exceeds configured size_limit_bytes (%d bytes)"
-
// Descriptor contains information about a file and
// can be used to read the file contents.
-type Descriptor struct {
- url string
- path string
- reader io.Reader
- closer io.Closer
- closeOnce *sync.Once
-}
-
-// lazyFile defers reading the file until the first call of Read
-type lazyFile struct {
- path string
- file *os.File
-}
-
-// newLazyFile creates a new instance of lazyFile
-func newLazyFile(path string) *lazyFile {
- return &lazyFile{path: path}
-}
-
-// Read implements io.Reader. It will check if the file has been opened
-// and open it if it has not before attempting to read using the file's
-// read method
-func (f *lazyFile) Read(b []byte) (int, error) {
- var err error
-
- if f.file == nil {
- if f.file, err = os.Open(f.path); err != nil {
- return 0, fmt.Errorf("failed to open file %s: %w", f.path, err)
- }
- }
-
- return f.file.Read(b)
-}
-
-// Close closes the lazy file if it has been opened using the file's
-// close method
-func (f *lazyFile) Close() error {
- if f.file != nil {
- return f.file.Close()
- }
-
- return nil
-}
+type Descriptor = v1.Descriptor
func NewDescriptor(url, path string, reader io.Reader) *Descriptor {
- return &Descriptor{
- url: url,
- path: path,
- reader: reader,
- }
-}
-
-func (d *Descriptor) WithCloser(closer io.Closer) *Descriptor {
- d.closer = closer
- d.closeOnce = new(sync.Once)
- return d
-}
-
-// Path returns the path of the file.
-func (d *Descriptor) Path() string {
- return d.path
-}
-
-// URL returns the url of the file.
-func (d *Descriptor) URL() string {
- return d.url
-}
-
-// Read will read all the contents from the file the Descriptor refers to
-// into the dest writer up n bytes. Will return an io.EOF error
-// if EOF is encountered before n bytes are read.
-func (d *Descriptor) Read(dest io.Writer, n int64) (int64, error) {
- n, err := io.CopyN(dest, d.reader, n)
- return n, err
+ return v1.NewDescriptor(url, path, reader)
}
-// Close the file, on some Loader implementations this might be a no-op.
-// It should *always* be called regardless of file.
-func (d *Descriptor) Close() error {
- var err error
- if d.closer != nil {
- d.closeOnce.Do(func() {
- err = d.closer.Close()
- })
- }
- return err
-}
-
-type PathFormat int64
+type PathFormat = v1.PathFormat
const (
- Chrooted PathFormat = iota
- SlashRooted
- Passthrough
+ Chrooted = v1.Chrooted
+ SlashRooted = v1.SlashRooted
+ Passthrough = v1.Passthrough
)
// DirectoryLoader defines an interface which can be used to load
// files from a directory by iterating over each one in the tree.
-type DirectoryLoader interface {
- // NextFile must return io.EOF if there is no next value. The returned
- // descriptor should *always* be closed when no longer needed.
- NextFile() (*Descriptor, error)
- WithFilter(filter filter.LoaderFilter) DirectoryLoader
- WithPathFormat(PathFormat) DirectoryLoader
- WithSizeLimitBytes(sizeLimitBytes int64) DirectoryLoader
- WithFollowSymlinks(followSymlinks bool) DirectoryLoader
-}
-
-type dirLoader struct {
- root string
- files []string
- idx int
- filter filter.LoaderFilter
- pathFormat PathFormat
- maxSizeLimitBytes int64
- followSymlinks bool
-}
-
-// Normalize root directory, ex "./src/bundle" -> "src/bundle"
-// We don't need an absolute path, but this makes the joined/trimmed
-// paths more uniform.
-func normalizeRootDirectory(root string) string {
- if len(root) > 1 {
- if root[0] == '.' && root[1] == filepath.Separator {
- if len(root) == 2 {
- root = root[:1] // "./" -> "."
- } else {
- root = root[2:] // remove leading "./"
- }
- }
- }
- return root
-}
+type DirectoryLoader = v1.DirectoryLoader
// NewDirectoryLoader returns a basic DirectoryLoader implementation
// that will load files from a given root directory path.
func NewDirectoryLoader(root string) DirectoryLoader {
- d := dirLoader{
- root: normalizeRootDirectory(root),
- pathFormat: Chrooted,
- }
- return &d
-}
-
-// WithFilter specifies the filter object to use to filter files while loading bundles
-func (d *dirLoader) WithFilter(filter filter.LoaderFilter) DirectoryLoader {
- d.filter = filter
- return d
-}
-
-// WithPathFormat specifies how a path is formatted in a Descriptor
-func (d *dirLoader) WithPathFormat(pathFormat PathFormat) DirectoryLoader {
- d.pathFormat = pathFormat
- return d
-}
-
-// WithSizeLimitBytes specifies the maximum size of any file in the directory to read
-func (d *dirLoader) WithSizeLimitBytes(sizeLimitBytes int64) DirectoryLoader {
- d.maxSizeLimitBytes = sizeLimitBytes
- return d
-}
-
-// WithFollowSymlinks specifies whether to follow symlinks when loading files from the directory
-func (d *dirLoader) WithFollowSymlinks(followSymlinks bool) DirectoryLoader {
- d.followSymlinks = followSymlinks
- return d
-}
-
-func formatPath(fileName string, root string, pathFormat PathFormat) string {
- switch pathFormat {
- case SlashRooted:
- if !strings.HasPrefix(fileName, string(filepath.Separator)) {
- return string(filepath.Separator) + fileName
- }
- return fileName
- case Chrooted:
- // Trim off the root directory and return path as if chrooted
- result := strings.TrimPrefix(fileName, filepath.FromSlash(root))
- if root == "." && filepath.Base(fileName) == ManifestExt {
- result = fileName
- }
- if !strings.HasPrefix(result, string(filepath.Separator)) {
- result = string(filepath.Separator) + result
- }
- return result
- case Passthrough:
- fallthrough
- default:
- return fileName
- }
-}
-
-// NextFile iterates to the next file in the directory tree
-// and returns a file Descriptor for the file.
-func (d *dirLoader) NextFile() (*Descriptor, error) {
- // build a list of all files we will iterate over and read, but only one time
- if d.files == nil {
- d.files = []string{}
- err := filepath.Walk(d.root, func(path string, info os.FileInfo, _ error) error {
- if info == nil {
- return nil
- }
-
- if info.Mode().IsRegular() {
- if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, false)) {
- return nil
- }
- if d.maxSizeLimitBytes > 0 && info.Size() > d.maxSizeLimitBytes {
- return fmt.Errorf(maxSizeLimitBytesErrMsg, strings.TrimPrefix(path, "/"), info.Size(), d.maxSizeLimitBytes)
- }
- d.files = append(d.files, path)
- } else if d.followSymlinks && info.Mode().Type()&fs.ModeSymlink == fs.ModeSymlink {
- if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, false)) {
- return nil
- }
- if d.maxSizeLimitBytes > 0 && info.Size() > d.maxSizeLimitBytes {
- return fmt.Errorf(maxSizeLimitBytesErrMsg, strings.TrimPrefix(path, "/"), info.Size(), d.maxSizeLimitBytes)
- }
- d.files = append(d.files, path)
- } else if info.Mode().IsDir() {
- if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, true)) {
- return filepath.SkipDir
- }
- }
- return nil
- })
- if err != nil {
- return nil, fmt.Errorf("failed to list files: %w", err)
- }
- }
-
- // If done reading files then just return io.EOF
- // errors for each NextFile() call
- if d.idx >= len(d.files) {
- return nil, io.EOF
- }
-
- fileName := d.files[d.idx]
- d.idx++
- fh := newLazyFile(fileName)
-
- cleanedPath := formatPath(fileName, d.root, d.pathFormat)
- f := NewDescriptor(filepath.Join(d.root, cleanedPath), cleanedPath, fh).WithCloser(fh)
- return f, nil
-}
-
-type tarballLoader struct {
- baseURL string
- r io.Reader
- tr *tar.Reader
- files []file
- idx int
- filter filter.LoaderFilter
- skipDir map[string]struct{}
- pathFormat PathFormat
- maxSizeLimitBytes int64
-}
-
-type file struct {
- name string
- reader io.Reader
- path storage.Path
- raw []byte
+ return v1.NewDirectoryLoader(root)
}
// NewTarballLoader is deprecated. Use NewTarballLoaderWithBaseURL instead.
func NewTarballLoader(r io.Reader) DirectoryLoader {
- l := tarballLoader{
- r: r,
- pathFormat: Passthrough,
- }
- return &l
+ return v1.NewTarballLoader(r)
}
// NewTarballLoaderWithBaseURL returns a new DirectoryLoader that reads
// files out of a gzipped tar archive. The file URLs will be prefixed
// with the baseURL.
func NewTarballLoaderWithBaseURL(r io.Reader, baseURL string) DirectoryLoader {
- l := tarballLoader{
- baseURL: strings.TrimSuffix(baseURL, "/"),
- r: r,
- pathFormat: Passthrough,
- }
- return &l
-}
-
-// WithFilter specifies the filter object to use to filter files while loading bundles
-func (t *tarballLoader) WithFilter(filter filter.LoaderFilter) DirectoryLoader {
- t.filter = filter
- return t
-}
-
-// WithPathFormat specifies how a path is formatted in a Descriptor
-func (t *tarballLoader) WithPathFormat(pathFormat PathFormat) DirectoryLoader {
- t.pathFormat = pathFormat
- return t
-}
-
-// WithSizeLimitBytes specifies the maximum size of any file in the tarball to read
-func (t *tarballLoader) WithSizeLimitBytes(sizeLimitBytes int64) DirectoryLoader {
- t.maxSizeLimitBytes = sizeLimitBytes
- return t
-}
-
-// WithFollowSymlinks is a no-op for tarballLoader
-func (t *tarballLoader) WithFollowSymlinks(_ bool) DirectoryLoader {
- return t
-}
-
-// NextFile iterates to the next file in the directory tree
-// and returns a file Descriptor for the file.
-func (t *tarballLoader) NextFile() (*Descriptor, error) {
- if t.tr == nil {
- gr, err := gzip.NewReader(t.r)
- if err != nil {
- return nil, fmt.Errorf("archive read failed: %w", err)
- }
-
- t.tr = tar.NewReader(gr)
- }
-
- if t.files == nil {
- t.files = []file{}
-
- if t.skipDir == nil {
- t.skipDir = map[string]struct{}{}
- }
-
- for {
- header, err := t.tr.Next()
-
- if err == io.EOF {
- break
- }
-
- if err != nil {
- return nil, err
- }
-
- // Keep iterating on the archive until we find a normal file
- if header.Typeflag == tar.TypeReg {
-
- if t.filter != nil {
-
- if t.filter(filepath.ToSlash(header.Name), header.FileInfo(), getdepth(header.Name, false)) {
- continue
- }
-
- basePath := strings.Trim(filepath.Dir(filepath.ToSlash(header.Name)), "/")
-
- // check if the directory is to be skipped
- if _, ok := t.skipDir[basePath]; ok {
- continue
- }
-
- match := false
- for p := range t.skipDir {
- if strings.HasPrefix(basePath, p) {
- match = true
- break
- }
- }
-
- if match {
- continue
- }
- }
-
- if t.maxSizeLimitBytes > 0 && header.Size > t.maxSizeLimitBytes {
- return nil, fmt.Errorf(maxSizeLimitBytesErrMsg, header.Name, header.Size, t.maxSizeLimitBytes)
- }
-
- f := file{name: header.Name}
-
- // Note(philipc): We rely on the previous size check in this loop for safety.
- buf := bytes.NewBuffer(make([]byte, 0, header.Size))
- if _, err := io.Copy(buf, t.tr); err != nil {
- return nil, fmt.Errorf("failed to copy file %s: %w", header.Name, err)
- }
-
- f.reader = buf
-
- t.files = append(t.files, f)
- } else if header.Typeflag == tar.TypeDir {
- cleanedPath := filepath.ToSlash(header.Name)
- if t.filter != nil && t.filter(cleanedPath, header.FileInfo(), getdepth(header.Name, true)) {
- t.skipDir[strings.Trim(cleanedPath, "/")] = struct{}{}
- }
- }
- }
- }
-
- // If done reading files then just return io.EOF
- // errors for each NextFile() call
- if t.idx >= len(t.files) {
- return nil, io.EOF
- }
-
- f := t.files[t.idx]
- t.idx++
-
- cleanedPath := formatPath(f.name, "", t.pathFormat)
- d := NewDescriptor(filepath.Join(t.baseURL, cleanedPath), cleanedPath, f.reader)
- return d, nil
-}
-
-// Next implements the storage.Iterator interface.
-// It iterates to the next policy or data file in the directory tree
-// and returns a storage.Update for the file.
-func (it *iterator) Next() (*storage.Update, error) {
- if it.files == nil {
- it.files = []file{}
-
- for _, item := range it.raw {
- f := file{name: item.Path}
-
- fpath := strings.TrimLeft(normalizePath(filepath.Dir(f.name)), "/.")
- if strings.HasSuffix(f.name, RegoExt) {
- fpath = strings.Trim(normalizePath(f.name), "/")
- }
-
- p, ok := storage.ParsePathEscaped("/" + fpath)
- if !ok {
- return nil, fmt.Errorf("storage path invalid: %v", f.name)
- }
- f.path = p
-
- f.raw = item.Value
-
- it.files = append(it.files, f)
- }
-
- sortFilePathAscend(it.files)
- }
-
- // If done reading files then just return io.EOF
- // errors for each NextFile() call
- if it.idx >= len(it.files) {
- return nil, io.EOF
- }
-
- f := it.files[it.idx]
- it.idx++
-
- isPolicy := false
- if strings.HasSuffix(f.name, RegoExt) {
- isPolicy = true
- }
-
- return &storage.Update{
- Path: f.path,
- Value: f.raw,
- IsPolicy: isPolicy,
- }, nil
-}
-
-type iterator struct {
- raw []Raw
- files []file
- idx int
+ return v1.NewTarballLoaderWithBaseURL(r, baseURL)
}
func NewIterator(raw []Raw) storage.Iterator {
- it := iterator{
- raw: raw,
- }
- return &it
-}
-
-func sortFilePathAscend(files []file) {
- sort.Slice(files, func(i, j int) bool {
- return len(files[i].path) < len(files[j].path)
- })
-}
-
-func getdepth(path string, isDir bool) int {
- if isDir {
- cleanedPath := strings.Trim(filepath.ToSlash(path), "/")
- return len(strings.Split(cleanedPath, "/"))
- }
-
- basePath := strings.Trim(filepath.Dir(filepath.ToSlash(path)), "/")
- return len(strings.Split(basePath, "/"))
+ return v1.NewIterator(raw)
}
diff --git a/vendor/github.com/open-policy-agent/opa/bundle/filefs.go b/vendor/github.com/open-policy-agent/opa/bundle/filefs.go
index a3a0dbf204..16e00928da 100644
--- a/vendor/github.com/open-policy-agent/opa/bundle/filefs.go
+++ b/vendor/github.com/open-policy-agent/opa/bundle/filefs.go
@@ -4,140 +4,19 @@
package bundle
import (
- "fmt"
- "io"
"io/fs"
- "path/filepath"
- "sync"
- "github.com/open-policy-agent/opa/loader/filter"
+ v1 "github.com/open-policy-agent/opa/v1/bundle"
)
-const (
- defaultFSLoaderRoot = "."
-)
-
-type dirLoaderFS struct {
- sync.Mutex
- filesystem fs.FS
- files []string
- idx int
- filter filter.LoaderFilter
- root string
- pathFormat PathFormat
- maxSizeLimitBytes int64
- followSymlinks bool
-}
-
// NewFSLoader returns a basic DirectoryLoader implementation
// that will load files from a fs.FS interface
func NewFSLoader(filesystem fs.FS) (DirectoryLoader, error) {
- return NewFSLoaderWithRoot(filesystem, defaultFSLoaderRoot), nil
+ return v1.NewFSLoader(filesystem)
}
// NewFSLoaderWithRoot returns a basic DirectoryLoader implementation
// that will load files from a fs.FS interface at the supplied root
func NewFSLoaderWithRoot(filesystem fs.FS, root string) DirectoryLoader {
- d := dirLoaderFS{
- filesystem: filesystem,
- root: normalizeRootDirectory(root),
- pathFormat: Chrooted,
- }
-
- return &d
-}
-
-func (d *dirLoaderFS) walkDir(path string, dirEntry fs.DirEntry, err error) error {
- if err != nil {
- return err
- }
-
- if dirEntry != nil {
- info, err := dirEntry.Info()
- if err != nil {
- return err
- }
-
- if dirEntry.Type().IsRegular() {
- if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, false)) {
- return nil
- }
-
- if d.maxSizeLimitBytes > 0 && info.Size() > d.maxSizeLimitBytes {
- return fmt.Errorf("file %s size %d exceeds limit of %d", path, info.Size(), d.maxSizeLimitBytes)
- }
-
- d.files = append(d.files, path)
- } else if dirEntry.Type()&fs.ModeSymlink != 0 && d.followSymlinks {
- if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, false)) {
- return nil
- }
-
- if d.maxSizeLimitBytes > 0 && info.Size() > d.maxSizeLimitBytes {
- return fmt.Errorf("file %s size %d exceeds limit of %d", path, info.Size(), d.maxSizeLimitBytes)
- }
-
- d.files = append(d.files, path)
- } else if dirEntry.Type().IsDir() {
- if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, true)) {
- return fs.SkipDir
- }
- }
- }
- return nil
-}
-
-// WithFilter specifies the filter object to use to filter files while loading bundles
-func (d *dirLoaderFS) WithFilter(filter filter.LoaderFilter) DirectoryLoader {
- d.filter = filter
- return d
-}
-
-// WithPathFormat specifies how a path is formatted in a Descriptor
-func (d *dirLoaderFS) WithPathFormat(pathFormat PathFormat) DirectoryLoader {
- d.pathFormat = pathFormat
- return d
-}
-
-// WithSizeLimitBytes specifies the maximum size of any file in the filesystem directory to read
-func (d *dirLoaderFS) WithSizeLimitBytes(sizeLimitBytes int64) DirectoryLoader {
- d.maxSizeLimitBytes = sizeLimitBytes
- return d
-}
-
-func (d *dirLoaderFS) WithFollowSymlinks(followSymlinks bool) DirectoryLoader {
- d.followSymlinks = followSymlinks
- return d
-}
-
-// NextFile iterates to the next file in the directory tree
-// and returns a file Descriptor for the file.
-func (d *dirLoaderFS) NextFile() (*Descriptor, error) {
- d.Lock()
- defer d.Unlock()
-
- if d.files == nil {
- err := fs.WalkDir(d.filesystem, d.root, d.walkDir)
- if err != nil {
- return nil, fmt.Errorf("failed to list files: %w", err)
- }
- }
-
- // If done reading files then just return io.EOF
- // errors for each NextFile() call
- if d.idx >= len(d.files) {
- return nil, io.EOF
- }
-
- fileName := d.files[d.idx]
- d.idx++
-
- fh, err := d.filesystem.Open(fileName)
- if err != nil {
- return nil, fmt.Errorf("failed to open file %s: %w", fileName, err)
- }
-
- cleanedPath := formatPath(fileName, d.root, d.pathFormat)
- f := NewDescriptor(cleanedPath, cleanedPath, fh).WithCloser(fh)
- return f, nil
+ return v1.NewFSLoaderWithRoot(filesystem, root)
}
diff --git a/vendor/github.com/open-policy-agent/opa/bundle/hash.go b/vendor/github.com/open-policy-agent/opa/bundle/hash.go
index 021801bb0a..d4cc601dea 100644
--- a/vendor/github.com/open-policy-agent/opa/bundle/hash.go
+++ b/vendor/github.com/open-policy-agent/opa/bundle/hash.go
@@ -5,137 +5,28 @@
package bundle
import (
- "bytes"
- "crypto/md5"
- "crypto/sha1"
- "crypto/sha256"
- "crypto/sha512"
- "encoding/json"
- "fmt"
- "hash"
- "io"
- "sort"
- "strings"
+ v1 "github.com/open-policy-agent/opa/v1/bundle"
)
// HashingAlgorithm represents a subset of hashing algorithms implemented in Go
-type HashingAlgorithm string
+type HashingAlgorithm = v1.HashingAlgorithm
// Supported values for HashingAlgorithm
const (
- MD5 HashingAlgorithm = "MD5"
- SHA1 HashingAlgorithm = "SHA-1"
- SHA224 HashingAlgorithm = "SHA-224"
- SHA256 HashingAlgorithm = "SHA-256"
- SHA384 HashingAlgorithm = "SHA-384"
- SHA512 HashingAlgorithm = "SHA-512"
- SHA512224 HashingAlgorithm = "SHA-512-224"
- SHA512256 HashingAlgorithm = "SHA-512-256"
+ MD5 = v1.MD5
+ SHA1 = v1.SHA1
+ SHA224 = v1.SHA224
+ SHA256 = v1.SHA256
+ SHA384 = v1.SHA384
+ SHA512 = v1.SHA512
+ SHA512224 = v1.SHA512224
+ SHA512256 = v1.SHA512256
)
-// String returns the string representation of a HashingAlgorithm
-func (alg HashingAlgorithm) String() string {
- return string(alg)
-}
-
// SignatureHasher computes a signature digest for a file with (structured or unstructured) data and policy
-type SignatureHasher interface {
- HashFile(v interface{}) ([]byte, error)
-}
-
-type hasher struct {
- h func() hash.Hash // hash function factory
-}
+type SignatureHasher = v1.SignatureHasher
// NewSignatureHasher returns a signature hasher suitable for a particular hashing algorithm
func NewSignatureHasher(alg HashingAlgorithm) (SignatureHasher, error) {
- h := &hasher{}
-
- switch alg {
- case MD5:
- h.h = md5.New
- case SHA1:
- h.h = sha1.New
- case SHA224:
- h.h = sha256.New224
- case SHA256:
- h.h = sha256.New
- case SHA384:
- h.h = sha512.New384
- case SHA512:
- h.h = sha512.New
- case SHA512224:
- h.h = sha512.New512_224
- case SHA512256:
- h.h = sha512.New512_256
- default:
- return nil, fmt.Errorf("unsupported hashing algorithm: %s", alg)
- }
-
- return h, nil
-}
-
-// HashFile hashes the file content, JSON or binary, both in golang native format.
-func (h *hasher) HashFile(v interface{}) ([]byte, error) {
- hf := h.h()
- walk(v, hf)
- return hf.Sum(nil), nil
-}
-
-// walk hashes the file content, JSON or binary, both in golang native format.
-//
-// Computation for unstructured documents is a hash of the document.
-//
-// Computation for the types of structured JSON document is as follows:
-//
-// object: Hash {, then each key (in alphabetical order) and digest of the value, then comma (between items) and finally }.
-//
-// array: Hash [, then digest of the value, then comma (between items) and finally ].
-func walk(v interface{}, h io.Writer) {
-
- switch x := v.(type) {
- case map[string]interface{}:
- _, _ = h.Write([]byte("{"))
-
- var keys []string
- for k := range x {
- keys = append(keys, k)
- }
- sort.Strings(keys)
-
- for i, key := range keys {
- if i > 0 {
- _, _ = h.Write([]byte(","))
- }
-
- _, _ = h.Write(encodePrimitive(key))
- _, _ = h.Write([]byte(":"))
- walk(x[key], h)
- }
-
- _, _ = h.Write([]byte("}"))
- case []interface{}:
- _, _ = h.Write([]byte("["))
-
- for i, e := range x {
- if i > 0 {
- _, _ = h.Write([]byte(","))
- }
- walk(e, h)
- }
-
- _, _ = h.Write([]byte("]"))
- case []byte:
- _, _ = h.Write(x)
- default:
- _, _ = h.Write(encodePrimitive(x))
- }
-}
-
-func encodePrimitive(v interface{}) []byte {
- var buf bytes.Buffer
- encoder := json.NewEncoder(&buf)
- encoder.SetEscapeHTML(false)
- _ = encoder.Encode(v)
- return []byte(strings.Trim(buf.String(), "\n"))
+ return v1.NewSignatureHasher(alg)
}
diff --git a/vendor/github.com/open-policy-agent/opa/bundle/keys.go b/vendor/github.com/open-policy-agent/opa/bundle/keys.go
index 810bee4b72..99f9b0f165 100644
--- a/vendor/github.com/open-policy-agent/opa/bundle/keys.go
+++ b/vendor/github.com/open-policy-agent/opa/bundle/keys.go
@@ -6,139 +6,25 @@
package bundle
import (
- "encoding/pem"
- "fmt"
- "os"
-
- "github.com/open-policy-agent/opa/internal/jwx/jwa"
- "github.com/open-policy-agent/opa/internal/jwx/jws/sign"
- "github.com/open-policy-agent/opa/keys"
-
- "github.com/open-policy-agent/opa/util"
-)
-
-const (
- defaultTokenSigningAlg = "RS256"
+ v1 "github.com/open-policy-agent/opa/v1/bundle"
)
// KeyConfig holds the keys used to sign or verify bundles and tokens
// Moved to own package, alias kept for backwards compatibility
-type KeyConfig = keys.Config
+type KeyConfig = v1.KeyConfig
// VerificationConfig represents the key configuration used to verify a signed bundle
-type VerificationConfig struct {
- PublicKeys map[string]*KeyConfig
- KeyID string `json:"keyid"`
- Scope string `json:"scope"`
- Exclude []string `json:"exclude_files"`
-}
+type VerificationConfig = v1.VerificationConfig
// NewVerificationConfig return a new VerificationConfig
func NewVerificationConfig(keys map[string]*KeyConfig, id, scope string, exclude []string) *VerificationConfig {
- return &VerificationConfig{
- PublicKeys: keys,
- KeyID: id,
- Scope: scope,
- Exclude: exclude,
- }
-}
-
-// ValidateAndInjectDefaults validates the config and inserts default values
-func (vc *VerificationConfig) ValidateAndInjectDefaults(keys map[string]*KeyConfig) error {
- vc.PublicKeys = keys
-
- if vc.KeyID != "" {
- found := false
- for key := range keys {
- if key == vc.KeyID {
- found = true
- break
- }
- }
-
- if !found {
- return fmt.Errorf("key id %s not found", vc.KeyID)
- }
- }
- return nil
-}
-
-// GetPublicKey returns the public key corresponding to the given key id
-func (vc *VerificationConfig) GetPublicKey(id string) (*KeyConfig, error) {
- var kc *KeyConfig
- var ok bool
-
- if kc, ok = vc.PublicKeys[id]; !ok {
- return nil, fmt.Errorf("verification key corresponding to ID %v not found", id)
- }
- return kc, nil
+ return v1.NewVerificationConfig(keys, id, scope, exclude)
}
// SigningConfig represents the key configuration used to generate a signed bundle
-type SigningConfig struct {
- Plugin string
- Key string
- Algorithm string
- ClaimsPath string
-}
+type SigningConfig = v1.SigningConfig
// NewSigningConfig return a new SigningConfig
func NewSigningConfig(key, alg, claimsPath string) *SigningConfig {
- if alg == "" {
- alg = defaultTokenSigningAlg
- }
-
- return &SigningConfig{
- Plugin: defaultSignerID,
- Key: key,
- Algorithm: alg,
- ClaimsPath: claimsPath,
- }
-}
-
-// WithPlugin sets the signing plugin in the signing config
-func (s *SigningConfig) WithPlugin(plugin string) *SigningConfig {
- if plugin != "" {
- s.Plugin = plugin
- }
- return s
-}
-
-// GetPrivateKey returns the private key or secret from the signing config
-func (s *SigningConfig) GetPrivateKey() (interface{}, error) {
-
- block, _ := pem.Decode([]byte(s.Key))
- if block != nil {
- return sign.GetSigningKey(s.Key, jwa.SignatureAlgorithm(s.Algorithm))
- }
-
- var priv string
- if _, err := os.Stat(s.Key); err == nil {
- bs, err := os.ReadFile(s.Key)
- if err != nil {
- return nil, err
- }
- priv = string(bs)
- } else if os.IsNotExist(err) {
- priv = s.Key
- } else {
- return nil, err
- }
-
- return sign.GetSigningKey(priv, jwa.SignatureAlgorithm(s.Algorithm))
-}
-
-// GetClaims returns the claims by reading the file specified in the signing config
-func (s *SigningConfig) GetClaims() (map[string]interface{}, error) {
- var claims map[string]interface{}
-
- bs, err := os.ReadFile(s.ClaimsPath)
- if err != nil {
- return claims, err
- }
-
- if err := util.UnmarshalJSON(bs, &claims); err != nil {
- return claims, err
- }
- return claims, nil
+ return v1.NewSigningConfig(key, alg, claimsPath)
}
diff --git a/vendor/github.com/open-policy-agent/opa/bundle/sign.go b/vendor/github.com/open-policy-agent/opa/bundle/sign.go
index cf9a3e183a..56e25eec9c 100644
--- a/vendor/github.com/open-policy-agent/opa/bundle/sign.go
+++ b/vendor/github.com/open-policy-agent/opa/bundle/sign.go
@@ -6,130 +6,30 @@
package bundle
import (
- "crypto/rand"
- "encoding/json"
- "fmt"
-
- "github.com/open-policy-agent/opa/internal/jwx/jwa"
- "github.com/open-policy-agent/opa/internal/jwx/jws"
+ v1 "github.com/open-policy-agent/opa/v1/bundle"
)
-const defaultSignerID = "_default"
-
-var signers map[string]Signer
-
// Signer is the interface expected for implementations that generate bundle signatures.
-type Signer interface {
- GenerateSignedToken([]FileInfo, *SigningConfig, string) (string, error)
-}
+type Signer v1.Signer
// GenerateSignedToken will retrieve the Signer implementation based on the Plugin specified
// in SigningConfig, and call its implementation of GenerateSignedToken. The signer generates
// a signed token given the list of files to be included in the payload and the bundle
// signing config. The keyID if non-empty, represents the value for the "keyid" claim in the token.
func GenerateSignedToken(files []FileInfo, sc *SigningConfig, keyID string) (string, error) {
- var plugin string
- // for backwards compatibility, check if there is no plugin specified, and use default
- if sc.Plugin == "" {
- plugin = defaultSignerID
- } else {
- plugin = sc.Plugin
- }
- signer, err := GetSigner(plugin)
- if err != nil {
- return "", err
- }
- return signer.GenerateSignedToken(files, sc, keyID)
+ return v1.GenerateSignedToken(files, sc, keyID)
}
// DefaultSigner is the default bundle signing implementation. It signs bundles by generating
// a JWT and signing it using a locally-accessible private key.
-type DefaultSigner struct{}
-
-// GenerateSignedToken generates a signed token given the list of files to be
-// included in the payload and the bundle signing config. The keyID if non-empty,
-// represents the value for the "keyid" claim in the token
-func (*DefaultSigner) GenerateSignedToken(files []FileInfo, sc *SigningConfig, keyID string) (string, error) {
- payload, err := generatePayload(files, sc, keyID)
- if err != nil {
- return "", err
- }
-
- privateKey, err := sc.GetPrivateKey()
- if err != nil {
- return "", err
- }
-
- var headers jws.StandardHeaders
-
- if err := headers.Set(jws.AlgorithmKey, jwa.SignatureAlgorithm(sc.Algorithm)); err != nil {
- return "", err
- }
-
- if keyID != "" {
- if err := headers.Set(jws.KeyIDKey, keyID); err != nil {
- return "", err
- }
- }
-
- hdr, err := json.Marshal(headers)
- if err != nil {
- return "", err
- }
-
- token, err := jws.SignLiteral(payload,
- jwa.SignatureAlgorithm(sc.Algorithm),
- privateKey,
- hdr,
- rand.Reader)
- if err != nil {
- return "", err
- }
- return string(token), nil
-}
-
-func generatePayload(files []FileInfo, sc *SigningConfig, keyID string) ([]byte, error) {
- payload := make(map[string]interface{})
- payload["files"] = files
-
- if sc.ClaimsPath != "" {
- claims, err := sc.GetClaims()
- if err != nil {
- return nil, err
- }
-
- for claim, value := range claims {
- payload[claim] = value
- }
- } else {
- if keyID != "" {
- // keyid claim is deprecated but include it for backwards compatibility.
- payload["keyid"] = keyID
- }
- }
- return json.Marshal(payload)
-}
+type DefaultSigner v1.DefaultSigner
// GetSigner returns the Signer registered under the given id
func GetSigner(id string) (Signer, error) {
- signer, ok := signers[id]
- if !ok {
- return nil, fmt.Errorf("no signer exists under id %s", id)
- }
- return signer, nil
+ return v1.GetSigner(id)
}
// RegisterSigner registers a Signer under the given id
func RegisterSigner(id string, s Signer) error {
- if id == defaultSignerID {
- return fmt.Errorf("signer id %s is reserved, use a different id", id)
- }
- signers[id] = s
- return nil
-}
-
-func init() {
- signers = map[string]Signer{
- defaultSignerID: &DefaultSigner{},
- }
+ return v1.RegisterSigner(id, s)
}
diff --git a/vendor/github.com/open-policy-agent/opa/bundle/store.go b/vendor/github.com/open-policy-agent/opa/bundle/store.go
index 9a49f025e8..9659d67bde 100644
--- a/vendor/github.com/open-policy-agent/opa/bundle/store.go
+++ b/vendor/github.com/open-policy-agent/opa/bundle/store.go
@@ -6,1031 +6,147 @@ package bundle
import (
"context"
- "encoding/base64"
- "encoding/json"
- "fmt"
- "path/filepath"
- "strings"
"github.com/open-policy-agent/opa/ast"
- iCompiler "github.com/open-policy-agent/opa/internal/compiler"
- "github.com/open-policy-agent/opa/internal/json/patch"
- "github.com/open-policy-agent/opa/metrics"
"github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/bundle"
)
// BundlesBasePath is the storage path used for storing bundle metadata
-var BundlesBasePath = storage.MustParsePath("/system/bundles")
+var BundlesBasePath = v1.BundlesBasePath
// Note: As needed these helpers could be memoized.
// ManifestStoragePath is the storage path used for the given named bundle manifest.
func ManifestStoragePath(name string) storage.Path {
- return append(BundlesBasePath, name, "manifest")
+ return v1.ManifestStoragePath(name)
}
// EtagStoragePath is the storage path used for the given named bundle etag.
func EtagStoragePath(name string) storage.Path {
- return append(BundlesBasePath, name, "etag")
-}
-
-func namedBundlePath(name string) storage.Path {
- return append(BundlesBasePath, name)
-}
-
-func rootsPath(name string) storage.Path {
- return append(BundlesBasePath, name, "manifest", "roots")
-}
-
-func revisionPath(name string) storage.Path {
- return append(BundlesBasePath, name, "manifest", "revision")
-}
-
-func wasmModulePath(name string) storage.Path {
- return append(BundlesBasePath, name, "wasm")
-}
-
-func wasmEntrypointsPath(name string) storage.Path {
- return append(BundlesBasePath, name, "manifest", "wasm")
-}
-
-func metadataPath(name string) storage.Path {
- return append(BundlesBasePath, name, "manifest", "metadata")
-}
-
-func read(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path) (interface{}, error) {
- value, err := store.Read(ctx, txn, path)
- if err != nil {
- return nil, err
- }
-
- if astValue, ok := value.(ast.Value); ok {
- value, err = ast.JSON(astValue)
- if err != nil {
- return nil, err
- }
- }
-
- return value, nil
+ return v1.EtagStoragePath(name)
}
// ReadBundleNamesFromStore will return a list of bundle names which have had their metadata stored.
func ReadBundleNamesFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) ([]string, error) {
- value, err := read(ctx, store, txn, BundlesBasePath)
- if err != nil {
- return nil, err
- }
-
- bundleMap, ok := value.(map[string]interface{})
- if !ok {
- return nil, fmt.Errorf("corrupt manifest roots")
- }
-
- bundles := make([]string, len(bundleMap))
- idx := 0
- for name := range bundleMap {
- bundles[idx] = name
- idx++
- }
- return bundles, nil
+ return v1.ReadBundleNamesFromStore(ctx, store, txn)
}
// WriteManifestToStore will write the manifest into the storage. This function is called when
// the bundle is activated.
func WriteManifestToStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string, manifest Manifest) error {
- return write(ctx, store, txn, ManifestStoragePath(name), manifest)
+ return v1.WriteManifestToStore(ctx, store, txn, name, manifest)
}
// WriteEtagToStore will write the bundle etag into the storage. This function is called when the bundle is activated.
func WriteEtagToStore(ctx context.Context, store storage.Store, txn storage.Transaction, name, etag string) error {
- return write(ctx, store, txn, EtagStoragePath(name), etag)
-}
-
-func write(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path, value interface{}) error {
- if err := util.RoundTrip(&value); err != nil {
- return err
- }
-
- var dir []string
- if len(path) > 1 {
- dir = path[:len(path)-1]
- }
-
- if err := storage.MakeDir(ctx, store, txn, dir); err != nil {
- return err
- }
-
- return store.Write(ctx, txn, storage.AddOp, path, value)
+ return v1.WriteEtagToStore(ctx, store, txn, name, etag)
}
// EraseManifestFromStore will remove the manifest from storage. This function is called
// when the bundle is deactivated.
func EraseManifestFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) error {
- path := namedBundlePath(name)
- err := store.Write(ctx, txn, storage.RemoveOp, path, nil)
- return suppressNotFound(err)
-}
-
-// eraseBundleEtagFromStore will remove the bundle etag from storage. This function is called
-// when the bundle is deactivated.
-func eraseBundleEtagFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) error {
- path := EtagStoragePath(name)
- err := store.Write(ctx, txn, storage.RemoveOp, path, nil)
- return suppressNotFound(err)
-}
-
-func suppressNotFound(err error) error {
- if err == nil || storage.IsNotFound(err) {
- return nil
- }
- return err
-}
-
-func writeWasmModulesToStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string, b *Bundle) error {
- basePath := wasmModulePath(name)
- for _, wm := range b.WasmModules {
- path := append(basePath, wm.Path)
- err := write(ctx, store, txn, path, base64.StdEncoding.EncodeToString(wm.Raw))
- if err != nil {
- return err
- }
- }
- return nil
-}
-
-func eraseWasmModulesFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) error {
- path := wasmModulePath(name)
-
- err := store.Write(ctx, txn, storage.RemoveOp, path, nil)
- return suppressNotFound(err)
-}
-
-// ReadWasmMetadataFromStore will read Wasm module resolver metadata from the store.
-func ReadWasmMetadataFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) ([]WasmResolver, error) {
- path := wasmEntrypointsPath(name)
- value, err := read(ctx, store, txn, path)
- if err != nil {
- return nil, err
- }
-
- bs, err := json.Marshal(value)
- if err != nil {
- return nil, fmt.Errorf("corrupt wasm manifest data")
- }
-
- var wasmMetadata []WasmResolver
-
- err = util.UnmarshalJSON(bs, &wasmMetadata)
- if err != nil {
- return nil, fmt.Errorf("corrupt wasm manifest data")
- }
-
- return wasmMetadata, nil
+ return v1.EraseManifestFromStore(ctx, store, txn, name)
}
// ReadWasmModulesFromStore will write Wasm module resolver metadata from the store.
func ReadWasmModulesFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) (map[string][]byte, error) {
- path := wasmModulePath(name)
- value, err := read(ctx, store, txn, path)
- if err != nil {
- return nil, err
- }
-
- encodedModules, ok := value.(map[string]interface{})
- if !ok {
- return nil, fmt.Errorf("corrupt wasm modules")
- }
-
- rawModules := map[string][]byte{}
- for path, enc := range encodedModules {
- encStr, ok := enc.(string)
- if !ok {
- return nil, fmt.Errorf("corrupt wasm modules")
- }
- bs, err := base64.StdEncoding.DecodeString(encStr)
- if err != nil {
- return nil, err
- }
- rawModules[path] = bs
- }
- return rawModules, nil
+ return v1.ReadWasmModulesFromStore(ctx, store, txn, name)
}
// ReadBundleRootsFromStore returns the roots in the specified bundle.
// If the bundle is not activated, this function will return
// storage NotFound error.
func ReadBundleRootsFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) ([]string, error) {
- value, err := read(ctx, store, txn, rootsPath(name))
- if err != nil {
- return nil, err
- }
-
- sl, ok := value.([]interface{})
- if !ok {
- return nil, fmt.Errorf("corrupt manifest roots")
- }
-
- roots := make([]string, len(sl))
-
- for i := range sl {
- roots[i], ok = sl[i].(string)
- if !ok {
- return nil, fmt.Errorf("corrupt manifest root")
- }
- }
-
- return roots, nil
+ return v1.ReadBundleRootsFromStore(ctx, store, txn, name)
}
// ReadBundleRevisionFromStore returns the revision in the specified bundle.
// If the bundle is not activated, this function will return
// storage NotFound error.
func ReadBundleRevisionFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) (string, error) {
- return readRevisionFromStore(ctx, store, txn, revisionPath(name))
-}
-
-func readRevisionFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path) (string, error) {
- value, err := read(ctx, store, txn, path)
- if err != nil {
- return "", err
- }
-
- str, ok := value.(string)
- if !ok {
- return "", fmt.Errorf("corrupt manifest revision")
- }
-
- return str, nil
+ return v1.ReadBundleRevisionFromStore(ctx, store, txn, name)
}
// ReadBundleMetadataFromStore returns the metadata in the specified bundle.
// If the bundle is not activated, this function will return
// storage NotFound error.
-func ReadBundleMetadataFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) (map[string]interface{}, error) {
- return readMetadataFromStore(ctx, store, txn, metadataPath(name))
-}
-
-func readMetadataFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path) (map[string]interface{}, error) {
- value, err := read(ctx, store, txn, path)
- if err != nil {
- return nil, suppressNotFound(err)
- }
-
- data, ok := value.(map[string]interface{})
- if !ok {
- return nil, fmt.Errorf("corrupt manifest metadata")
- }
-
- return data, nil
+func ReadBundleMetadataFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) (map[string]any, error) {
+ return v1.ReadBundleMetadataFromStore(ctx, store, txn, name)
}
// ReadBundleEtagFromStore returns the etag for the specified bundle.
// If the bundle is not activated, this function will return
// storage NotFound error.
func ReadBundleEtagFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) (string, error) {
- return readEtagFromStore(ctx, store, txn, EtagStoragePath(name))
-}
-
-func readEtagFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path) (string, error) {
- value, err := read(ctx, store, txn, path)
- if err != nil {
- return "", err
- }
-
- str, ok := value.(string)
- if !ok {
- return "", fmt.Errorf("corrupt bundle etag")
- }
-
- return str, nil
+ return v1.ReadBundleEtagFromStore(ctx, store, txn, name)
}
// ActivateOpts defines options for the Activate API call.
-type ActivateOpts struct {
- Ctx context.Context
- Store storage.Store
- Txn storage.Transaction
- TxnCtx *storage.Context
- Compiler *ast.Compiler
- Metrics metrics.Metrics
- Bundles map[string]*Bundle // Optional
- ExtraModules map[string]*ast.Module // Optional
- AuthorizationDecisionRef ast.Ref
- ParserOptions ast.ParserOptions
-
- legacy bool
-}
+type ActivateOpts = v1.ActivateOpts
// Activate the bundle(s) by loading into the given Store. This will load policies, data, and record
// the manifest in storage. The compiler provided will have had the polices compiled on it.
func Activate(opts *ActivateOpts) error {
- opts.legacy = false
- return activateBundles(opts)
+ return v1.Activate(setActivateDefaultRegoVersion(opts))
}
// DeactivateOpts defines options for the Deactivate API call
-type DeactivateOpts struct {
- Ctx context.Context
- Store storage.Store
- Txn storage.Transaction
- BundleNames map[string]struct{}
- ParserOptions ast.ParserOptions
-}
+type DeactivateOpts = v1.DeactivateOpts
// Deactivate the bundle(s). This will erase associated data, policies, and the manifest entry from the store.
func Deactivate(opts *DeactivateOpts) error {
- erase := map[string]struct{}{}
- for name := range opts.BundleNames {
- roots, err := ReadBundleRootsFromStore(opts.Ctx, opts.Store, opts.Txn, name)
- if suppressNotFound(err) != nil {
- return err
- }
- for _, root := range roots {
- erase[root] = struct{}{}
- }
- }
- _, err := eraseBundles(opts.Ctx, opts.Store, opts.Txn, opts.ParserOptions, opts.BundleNames, erase)
- return err
-}
-
-func activateBundles(opts *ActivateOpts) error {
-
- // Build collections of bundle names, modules, and roots to erase
- erase := map[string]struct{}{}
- names := map[string]struct{}{}
- deltaBundles := map[string]*Bundle{}
- snapshotBundles := map[string]*Bundle{}
-
- for name, b := range opts.Bundles {
- if b.Type() == DeltaBundleType {
- deltaBundles[name] = b
- } else {
- snapshotBundles[name] = b
- names[name] = struct{}{}
-
- roots, err := ReadBundleRootsFromStore(opts.Ctx, opts.Store, opts.Txn, name)
- if suppressNotFound(err) != nil {
- return err
- }
- for _, root := range roots {
- erase[root] = struct{}{}
- }
-
- // Erase data at new roots to prepare for writing the new data
- for _, root := range *b.Manifest.Roots {
- erase[root] = struct{}{}
- }
- }
- }
-
- // Before changing anything make sure the roots don't collide with any
- // other bundles that already are activated or other bundles being activated.
- err := hasRootsOverlap(opts.Ctx, opts.Store, opts.Txn, opts.Bundles)
- if err != nil {
- return err
- }
-
- if len(deltaBundles) != 0 {
- err := activateDeltaBundles(opts, deltaBundles)
- if err != nil {
- return err
- }
- }
-
- // Erase data and policies at new + old roots, and remove the old
- // manifests before activating a new snapshot bundle.
- remaining, err := eraseBundles(opts.Ctx, opts.Store, opts.Txn, opts.ParserOptions, names, erase)
- if err != nil {
- return err
- }
-
- // Validate data in bundle does not contain paths outside the bundle's roots.
- for _, b := range snapshotBundles {
-
- if b.lazyLoadingMode {
-
- for _, item := range b.Raw {
- path := filepath.ToSlash(item.Path)
-
- if filepath.Base(path) == dataFile || filepath.Base(path) == yamlDataFile {
- var val map[string]json.RawMessage
- err = util.Unmarshal(item.Value, &val)
- if err == nil {
- err = doDFS(val, filepath.Dir(strings.Trim(path, "/")), *b.Manifest.Roots)
- if err != nil {
- return err
- }
- } else {
- // Build an object for the value
- p := getNormalizedPath(path)
-
- if len(p) == 0 {
- return fmt.Errorf("root value must be object")
- }
-
- // verify valid YAML or JSON value
- var x interface{}
- err := util.Unmarshal(item.Value, &x)
- if err != nil {
- return err
- }
-
- value := item.Value
- dir := map[string]json.RawMessage{}
- for i := len(p) - 1; i > 0; i-- {
- dir[p[i]] = value
-
- bs, err := json.Marshal(dir)
- if err != nil {
- return err
- }
-
- value = bs
- dir = map[string]json.RawMessage{}
- }
- dir[p[0]] = value
-
- err = doDFS(dir, filepath.Dir(strings.Trim(path, "/")), *b.Manifest.Roots)
- if err != nil {
- return err
- }
- }
- }
- }
- }
- }
-
- // Compile the modules all at once to avoid having to re-do work.
- remainingAndExtra := make(map[string]*ast.Module)
- for name, mod := range remaining {
- remainingAndExtra[name] = mod
- }
- for name, mod := range opts.ExtraModules {
- remainingAndExtra[name] = mod
- }
-
- err = compileModules(opts.Compiler, opts.Metrics, snapshotBundles, remainingAndExtra, opts.legacy, opts.AuthorizationDecisionRef)
- if err != nil {
- return err
- }
-
- if err := writeDataAndModules(opts.Ctx, opts.Store, opts.Txn, opts.TxnCtx, snapshotBundles, opts.legacy); err != nil {
- return err
- }
-
- if err := ast.CheckPathConflicts(opts.Compiler, storage.NonEmpty(opts.Ctx, opts.Store, opts.Txn)); len(err) > 0 {
- return err
- }
-
- for name, b := range snapshotBundles {
- if err := writeManifestToStore(opts, name, b.Manifest); err != nil {
- return err
- }
-
- if err := writeEtagToStore(opts, name, b.Etag); err != nil {
- return err
- }
-
- if err := writeWasmModulesToStore(opts.Ctx, opts.Store, opts.Txn, name, b); err != nil {
- return err
- }
- }
-
- return nil
+ return v1.Deactivate(setDeactivateDefaultRegoVersion(opts))
}
-func doDFS(obj map[string]json.RawMessage, path string, roots []string) error {
- if len(roots) == 1 && roots[0] == "" {
- return nil
- }
-
- for key := range obj {
-
- newPath := filepath.Join(strings.Trim(path, "/"), key)
-
- // Note: filepath.Join can return paths with '\' separators, always use
- // filepath.ToSlash to keep them normalized.
- newPath = strings.TrimLeft(normalizePath(newPath), "/.")
-
- contains := false
- prefix := false
- if RootPathsContain(roots, newPath) {
- contains = true
- } else {
- for i := range roots {
- if strings.HasPrefix(strings.Trim(roots[i], "/"), newPath) {
- prefix = true
- break
- }
- }
- }
-
- if !contains && !prefix {
- return fmt.Errorf("manifest roots %v do not permit data at path '/%s' (hint: check bundle directory structure)", roots, newPath)
- }
-
- if contains {
- continue
- }
-
- var next map[string]json.RawMessage
- err := util.Unmarshal(obj[key], &next)
- if err != nil {
- return fmt.Errorf("manifest roots %v do not permit data at path '/%s' (hint: check bundle directory structure)", roots, newPath)
- }
-
- if err := doDFS(next, newPath, roots); err != nil {
- return err
- }
- }
- return nil
-}
-
-func activateDeltaBundles(opts *ActivateOpts, bundles map[string]*Bundle) error {
-
- // Check that the manifest roots and wasm resolvers in the delta bundle
- // match with those currently in the store
- for name, b := range bundles {
- value, err := opts.Store.Read(opts.Ctx, opts.Txn, ManifestStoragePath(name))
- if err != nil {
- if storage.IsNotFound(err) {
- continue
- }
- return err
- }
-
- manifest, err := valueToManifest(value)
- if err != nil {
- return fmt.Errorf("corrupt manifest data: %w", err)
- }
-
- if !b.Manifest.equalWasmResolversAndRoots(manifest) {
- return fmt.Errorf("delta bundle '%s' has wasm resolvers or manifest roots that are different from those in the store", name)
- }
- }
-
- for _, b := range bundles {
- err := applyPatches(opts.Ctx, opts.Store, opts.Txn, b.Patch.Data)
- if err != nil {
- return err
- }
- }
-
- if err := ast.CheckPathConflicts(opts.Compiler, storage.NonEmpty(opts.Ctx, opts.Store, opts.Txn)); len(err) > 0 {
- return err
- }
-
- for name, b := range bundles {
- if err := writeManifestToStore(opts, name, b.Manifest); err != nil {
- return err
- }
-
- if err := writeEtagToStore(opts, name, b.Etag); err != nil {
- return err
- }
- }
-
- return nil
-}
-
-func valueToManifest(v interface{}) (Manifest, error) {
- if astV, ok := v.(ast.Value); ok {
- var err error
- v, err = ast.JSON(astV)
- if err != nil {
- return Manifest{}, err
- }
- }
-
- var manifest Manifest
-
- bs, err := json.Marshal(v)
- if err != nil {
- return Manifest{}, err
- }
-
- err = util.UnmarshalJSON(bs, &manifest)
- if err != nil {
- return Manifest{}, err
- }
-
- return manifest, nil
-}
-
-// erase bundles by name and roots. This will clear all policies and data at its roots and remove its
-// manifest from storage.
-func eraseBundles(ctx context.Context, store storage.Store, txn storage.Transaction, parserOpts ast.ParserOptions, names map[string]struct{}, roots map[string]struct{}) (map[string]*ast.Module, error) {
-
- if err := eraseData(ctx, store, txn, roots); err != nil {
- return nil, err
- }
-
- remaining, err := erasePolicies(ctx, store, txn, parserOpts, roots)
- if err != nil {
- return nil, err
- }
-
- for name := range names {
- if err := EraseManifestFromStore(ctx, store, txn, name); suppressNotFound(err) != nil {
- return nil, err
- }
-
- if err := LegacyEraseManifestFromStore(ctx, store, txn); suppressNotFound(err) != nil {
- return nil, err
- }
-
- if err := eraseBundleEtagFromStore(ctx, store, txn, name); suppressNotFound(err) != nil {
- return nil, err
- }
-
- if err := eraseWasmModulesFromStore(ctx, store, txn, name); suppressNotFound(err) != nil {
- return nil, err
- }
- }
-
- return remaining, nil
-}
-
-func eraseData(ctx context.Context, store storage.Store, txn storage.Transaction, roots map[string]struct{}) error {
- for root := range roots {
- path, ok := storage.ParsePathEscaped("/" + root)
- if !ok {
- return fmt.Errorf("manifest root path invalid: %v", root)
- }
-
- if len(path) > 0 {
- if err := store.Write(ctx, txn, storage.RemoveOp, path, nil); suppressNotFound(err) != nil {
- return err
- }
- }
- }
- return nil
-}
-
-func erasePolicies(ctx context.Context, store storage.Store, txn storage.Transaction, parserOpts ast.ParserOptions, roots map[string]struct{}) (map[string]*ast.Module, error) {
-
- ids, err := store.ListPolicies(ctx, txn)
- if err != nil {
- return nil, err
- }
-
- remaining := map[string]*ast.Module{}
-
- for _, id := range ids {
- bs, err := store.GetPolicy(ctx, txn, id)
- if err != nil {
- return nil, err
- }
- module, err := ast.ParseModuleWithOpts(id, string(bs), parserOpts)
- if err != nil {
- return nil, err
- }
- path, err := module.Package.Path.Ptr()
- if err != nil {
- return nil, err
- }
- deleted := false
- for root := range roots {
- if RootPathsContain([]string{root}, path) {
- if err := store.DeletePolicy(ctx, txn, id); err != nil {
- return nil, err
- }
- deleted = true
- break
- }
- }
- if !deleted {
- remaining[id] = module
- }
- }
-
- return remaining, nil
-}
-
-func writeManifestToStore(opts *ActivateOpts, name string, manifest Manifest) error {
- // Always write manifests to the named location. If the plugin is in the older style config
- // then also write to the old legacy unnamed location.
- if err := WriteManifestToStore(opts.Ctx, opts.Store, opts.Txn, name, manifest); err != nil {
- return err
- }
-
- if opts.legacy {
- if err := LegacyWriteManifestToStore(opts.Ctx, opts.Store, opts.Txn, manifest); err != nil {
- return err
- }
- }
-
- return nil
+// LegacyWriteManifestToStore will write the bundle manifest to the older single (unnamed) bundle manifest location.
+// Deprecated: Use WriteManifestToStore and named bundles instead.
+func LegacyWriteManifestToStore(ctx context.Context, store storage.Store, txn storage.Transaction, manifest Manifest) error {
+ return v1.LegacyWriteManifestToStore(ctx, store, txn, manifest)
}
-func writeEtagToStore(opts *ActivateOpts, name, etag string) error {
- if err := WriteEtagToStore(opts.Ctx, opts.Store, opts.Txn, name, etag); err != nil {
- return err
- }
-
- return nil
+// LegacyEraseManifestFromStore will erase the bundle manifest from the older single (unnamed) bundle manifest location.
+// Deprecated: Use WriteManifestToStore and named bundles instead.
+func LegacyEraseManifestFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) error {
+ return v1.LegacyEraseManifestFromStore(ctx, store, txn)
}
-func writeDataAndModules(ctx context.Context, store storage.Store, txn storage.Transaction, txnCtx *storage.Context, bundles map[string]*Bundle, legacy bool) error {
- params := storage.WriteParams
- params.Context = txnCtx
-
- for name, b := range bundles {
- if len(b.Raw) == 0 {
- // Write data from each new bundle into the store. Only write under the
- // roots contained in their manifest.
- if err := writeData(ctx, store, txn, *b.Manifest.Roots, b.Data); err != nil {
- return err
- }
-
- for _, mf := range b.Modules {
- var path string
-
- // For backwards compatibility, in legacy mode, upsert policies to
- // the unprefixed path.
- if legacy {
- path = mf.Path
- } else {
- path = modulePathWithPrefix(name, mf.Path)
- }
-
- if err := store.UpsertPolicy(ctx, txn, path, mf.Raw); err != nil {
- return err
- }
- }
- } else {
- params.BasePaths = *b.Manifest.Roots
-
- err := store.Truncate(ctx, txn, params, NewIterator(b.Raw))
- if err != nil {
- return fmt.Errorf("store truncate failed for bundle '%s': %v", name, err)
- }
- }
- }
-
- return nil
+// LegacyReadRevisionFromStore will read the bundle manifest revision from the older single (unnamed) bundle manifest location.
+// Deprecated: Use ReadBundleRevisionFromStore and named bundles instead.
+func LegacyReadRevisionFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) (string, error) {
+ return v1.LegacyReadRevisionFromStore(ctx, store, txn)
}
-func writeData(ctx context.Context, store storage.Store, txn storage.Transaction, roots []string, data map[string]interface{}) error {
- for _, root := range roots {
- path, ok := storage.ParsePathEscaped("/" + root)
- if !ok {
- return fmt.Errorf("manifest root path invalid: %v", root)
- }
- if value, ok := lookup(path, data); ok {
- if len(path) > 0 {
- if err := storage.MakeDir(ctx, store, txn, path[:len(path)-1]); err != nil {
- return err
- }
- }
- if err := store.Write(ctx, txn, storage.AddOp, path, value); err != nil {
- return err
- }
- }
- }
- return nil
+// ActivateLegacy calls Activate for the bundles but will also write their manifest to the older unnamed store location.
+// Deprecated: Use Activate with named bundles instead.
+func ActivateLegacy(opts *ActivateOpts) error {
+ return v1.ActivateLegacy(opts)
}
-func compileModules(compiler *ast.Compiler, m metrics.Metrics, bundles map[string]*Bundle, extraModules map[string]*ast.Module, legacy bool, authorizationDecisionRef ast.Ref) error {
-
- m.Timer(metrics.RegoModuleCompile).Start()
- defer m.Timer(metrics.RegoModuleCompile).Stop()
-
- modules := map[string]*ast.Module{}
-
- // preserve any modules already on the compiler
- for name, module := range compiler.Modules {
- modules[name] = module
- }
-
- // preserve any modules passed in from the store
- for name, module := range extraModules {
- modules[name] = module
- }
-
- // include all the new bundle modules
- for bundleName, b := range bundles {
- if legacy {
- for _, mf := range b.Modules {
- modules[mf.Path] = mf.Parsed
- }
- } else {
- for name, module := range b.ParsedModules(bundleName) {
- modules[name] = module
- }
- }
- }
-
- if compiler.Compile(modules); compiler.Failed() {
- return compiler.Errors
- }
-
- if authorizationDecisionRef.Equal(ast.EmptyRef()) {
+func setActivateDefaultRegoVersion(opts *ActivateOpts) *ActivateOpts {
+ if opts == nil {
return nil
}
- return iCompiler.VerifyAuthorizationPolicySchema(compiler, authorizationDecisionRef)
-}
-
-func writeModules(ctx context.Context, store storage.Store, txn storage.Transaction, compiler *ast.Compiler, m metrics.Metrics, bundles map[string]*Bundle, extraModules map[string]*ast.Module, legacy bool) error {
-
- m.Timer(metrics.RegoModuleCompile).Start()
- defer m.Timer(metrics.RegoModuleCompile).Stop()
-
- modules := map[string]*ast.Module{}
-
- // preserve any modules already on the compiler
- for name, module := range compiler.Modules {
- modules[name] = module
+ if opts.ParserOptions.RegoVersion == ast.RegoUndefined {
+ cpy := *opts
+ cpy.ParserOptions.RegoVersion = ast.DefaultRegoVersion
+ return &cpy
}
- // preserve any modules passed in from the store
- for name, module := range extraModules {
- modules[name] = module
- }
-
- // include all the new bundle modules
- for bundleName, b := range bundles {
- if legacy {
- for _, mf := range b.Modules {
- modules[mf.Path] = mf.Parsed
- }
- } else {
- for name, module := range b.ParsedModules(bundleName) {
- modules[name] = module
- }
- }
- }
-
- if compiler.Compile(modules); compiler.Failed() {
- return compiler.Errors
- }
- for bundleName, b := range bundles {
- for _, mf := range b.Modules {
- var path string
-
- // For backwards compatibility, in legacy mode, upsert policies to
- // the unprefixed path.
- if legacy {
- path = mf.Path
- } else {
- path = modulePathWithPrefix(bundleName, mf.Path)
- }
-
- if err := store.UpsertPolicy(ctx, txn, path, mf.Raw); err != nil {
- return err
- }
- }
- }
- return nil
+ return opts
}
-func lookup(path storage.Path, data map[string]interface{}) (interface{}, bool) {
- if len(path) == 0 {
- return data, true
- }
- for i := 0; i < len(path)-1; i++ {
- value, ok := data[path[i]]
- if !ok {
- return nil, false
- }
- obj, ok := value.(map[string]interface{})
- if !ok {
- return nil, false
- }
- data = obj
- }
- value, ok := data[path[len(path)-1]]
- return value, ok
-}
-
-func hasRootsOverlap(ctx context.Context, store storage.Store, txn storage.Transaction, bundles map[string]*Bundle) error {
- collisions := map[string][]string{}
- allBundles, err := ReadBundleNamesFromStore(ctx, store, txn)
- if suppressNotFound(err) != nil {
- return err
- }
-
- allRoots := map[string][]string{}
-
- // Build a map of roots for existing bundles already in the system
- for _, name := range allBundles {
- roots, err := ReadBundleRootsFromStore(ctx, store, txn, name)
- if suppressNotFound(err) != nil {
- return err
- }
- allRoots[name] = roots
- }
-
- // Add in any bundles that are being activated, overwrite existing roots
- // with new ones where bundles are in both groups.
- for name, bundle := range bundles {
- allRoots[name] = *bundle.Manifest.Roots
- }
-
- // Now check for each new bundle if it conflicts with any of the others
- for name, bundle := range bundles {
- for otherBundle, otherRoots := range allRoots {
- if name == otherBundle {
- // Skip the current bundle being checked
- continue
- }
-
- // Compare the "new" roots with other existing (or a different bundles new roots)
- for _, newRoot := range *bundle.Manifest.Roots {
- for _, otherRoot := range otherRoots {
- if RootPathsOverlap(newRoot, otherRoot) {
- collisions[otherBundle] = append(collisions[otherBundle], newRoot)
- }
- }
- }
- }
- }
-
- if len(collisions) > 0 {
- var bundleNames []string
- for name := range collisions {
- bundleNames = append(bundleNames, name)
- }
- return fmt.Errorf("detected overlapping roots in bundle manifest with: %s", bundleNames)
- }
- return nil
-}
-
-func applyPatches(ctx context.Context, store storage.Store, txn storage.Transaction, patches []PatchOperation) error {
- for _, pat := range patches {
-
- // construct patch path
- path, ok := patch.ParsePatchPathEscaped("/" + strings.Trim(pat.Path, "/"))
- if !ok {
- return fmt.Errorf("error parsing patch path")
- }
-
- var op storage.PatchOp
- switch pat.Op {
- case "upsert":
- op = storage.AddOp
-
- _, err := store.Read(ctx, txn, path[:len(path)-1])
- if err != nil {
- if !storage.IsNotFound(err) {
- return err
- }
-
- if err := storage.MakeDir(ctx, store, txn, path[:len(path)-1]); err != nil {
- return err
- }
- }
- case "remove":
- op = storage.RemoveOp
- case "replace":
- op = storage.ReplaceOp
- default:
- return fmt.Errorf("bad patch operation: %v", pat.Op)
- }
-
- // apply the patch
- if err := store.Write(ctx, txn, op, path, pat.Value); err != nil {
- return err
- }
+func setDeactivateDefaultRegoVersion(opts *DeactivateOpts) *DeactivateOpts {
+ if opts == nil {
+ return nil
}
- return nil
-}
-
-// Helpers for the older single (unnamed) bundle style manifest storage.
-
-// LegacyManifestStoragePath is the older unnamed bundle path for manifests to be stored.
-// Deprecated: Use ManifestStoragePath and named bundles instead.
-var legacyManifestStoragePath = storage.MustParsePath("/system/bundle/manifest")
-var legacyRevisionStoragePath = append(legacyManifestStoragePath, "revision")
-
-// LegacyWriteManifestToStore will write the bundle manifest to the older single (unnamed) bundle manifest location.
-// Deprecated: Use WriteManifestToStore and named bundles instead.
-func LegacyWriteManifestToStore(ctx context.Context, store storage.Store, txn storage.Transaction, manifest Manifest) error {
- return write(ctx, store, txn, legacyManifestStoragePath, manifest)
-}
-
-// LegacyEraseManifestFromStore will erase the bundle manifest from the older single (unnamed) bundle manifest location.
-// Deprecated: Use WriteManifestToStore and named bundles instead.
-func LegacyEraseManifestFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) error {
- err := store.Write(ctx, txn, storage.RemoveOp, legacyManifestStoragePath, nil)
- if err != nil {
- return err
+ if opts.ParserOptions.RegoVersion == ast.RegoUndefined {
+ cpy := *opts
+ cpy.ParserOptions.RegoVersion = ast.DefaultRegoVersion
+ return &cpy
}
- return nil
-}
-// LegacyReadRevisionFromStore will read the bundle manifest revision from the older single (unnamed) bundle manifest location.
-// Deprecated: Use ReadBundleRevisionFromStore and named bundles instead.
-func LegacyReadRevisionFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) (string, error) {
- return readRevisionFromStore(ctx, store, txn, legacyRevisionStoragePath)
-}
-
-// ActivateLegacy calls Activate for the bundles but will also write their manifest to the older unnamed store location.
-// Deprecated: Use Activate with named bundles instead.
-func ActivateLegacy(opts *ActivateOpts) error {
- opts.legacy = true
- return activateBundles(opts)
+ return opts
}
diff --git a/vendor/github.com/open-policy-agent/opa/bundle/verify.go b/vendor/github.com/open-policy-agent/opa/bundle/verify.go
index e85be835be..ef2e1e32db 100644
--- a/vendor/github.com/open-policy-agent/opa/bundle/verify.go
+++ b/vendor/github.com/open-policy-agent/opa/bundle/verify.go
@@ -6,26 +6,11 @@
package bundle
import (
- "bytes"
- "encoding/base64"
- "encoding/hex"
- "encoding/json"
- "fmt"
-
- "github.com/open-policy-agent/opa/internal/jwx/jwa"
- "github.com/open-policy-agent/opa/internal/jwx/jws"
- "github.com/open-policy-agent/opa/internal/jwx/jws/verify"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/bundle"
)
-const defaultVerifierID = "_default"
-
-var verifiers map[string]Verifier
-
// Verifier is the interface expected for implementations that verify bundle signatures.
-type Verifier interface {
- VerifyBundleSignature(SignaturesConfig, *VerificationConfig) (map[string]FileInfo, error)
-}
+type Verifier v1.Verifier
// VerifyBundleSignature will retrieve the Verifier implementation based
// on the Plugin specified in SignaturesConfig, and call its implementation
@@ -33,199 +18,19 @@ type Verifier interface {
// using the given public keys or secret. If a signature is verified, it keeps
// track of the files specified in the JWT payload
func VerifyBundleSignature(sc SignaturesConfig, bvc *VerificationConfig) (map[string]FileInfo, error) {
- // default implementation does not return a nil for map, so don't
- // do it here either
- files := make(map[string]FileInfo)
- var plugin string
- // for backwards compatibility, check if there is no plugin specified, and use default
- if sc.Plugin == "" {
- plugin = defaultVerifierID
- } else {
- plugin = sc.Plugin
- }
- verifier, err := GetVerifier(plugin)
- if err != nil {
- return files, err
- }
- return verifier.VerifyBundleSignature(sc, bvc)
+ return v1.VerifyBundleSignature(sc, bvc)
}
// DefaultVerifier is the default bundle verification implementation. It verifies bundles by checking
// the JWT signature using a locally-accessible public key.
-type DefaultVerifier struct{}
-
-// VerifyBundleSignature verifies the bundle signature using the given public keys or secret.
-// If a signature is verified, it keeps track of the files specified in the JWT payload
-func (*DefaultVerifier) VerifyBundleSignature(sc SignaturesConfig, bvc *VerificationConfig) (map[string]FileInfo, error) {
- files := make(map[string]FileInfo)
-
- if len(sc.Signatures) == 0 {
- return files, fmt.Errorf(".signatures.json: missing JWT (expected exactly one)")
- }
-
- if len(sc.Signatures) > 1 {
- return files, fmt.Errorf(".signatures.json: multiple JWTs not supported (expected exactly one)")
- }
-
- for _, token := range sc.Signatures {
- payload, err := verifyJWTSignature(token, bvc)
- if err != nil {
- return files, err
- }
-
- for _, file := range payload.Files {
- files[file.Name] = file
- }
- }
- return files, nil
-}
-
-func verifyJWTSignature(token string, bvc *VerificationConfig) (*DecodedSignature, error) {
- // decode JWT to check if the header specifies the key to use and/or if claims have the scope.
-
- parts, err := jws.SplitCompact(token)
- if err != nil {
- return nil, err
- }
-
- var decodedHeader []byte
- if decodedHeader, err = base64.RawURLEncoding.DecodeString(parts[0]); err != nil {
- return nil, fmt.Errorf("failed to base64 decode JWT headers: %w", err)
- }
-
- var hdr jws.StandardHeaders
- if err := json.Unmarshal(decodedHeader, &hdr); err != nil {
- return nil, fmt.Errorf("failed to parse JWT headers: %w", err)
- }
-
- payload, err := base64.RawURLEncoding.DecodeString(parts[1])
- if err != nil {
- return nil, err
- }
-
- var ds DecodedSignature
- if err := json.Unmarshal(payload, &ds); err != nil {
- return nil, err
- }
-
- // check for the id of the key to use for JWT signature verification
- // first in the OPA config. If not found, then check the JWT kid.
- keyID := bvc.KeyID
- if keyID == "" {
- keyID = hdr.KeyID
- }
- if keyID == "" {
- // If header has no key id, check the deprecated key claim.
- keyID = ds.KeyID
- }
-
- if keyID == "" {
- return nil, fmt.Errorf("verification key ID is empty")
- }
-
- // now that we have the keyID, fetch the actual key
- keyConfig, err := bvc.GetPublicKey(keyID)
- if err != nil {
- return nil, err
- }
-
- // verify JWT signature
- alg := jwa.SignatureAlgorithm(keyConfig.Algorithm)
- key, err := verify.GetSigningKey(keyConfig.Key, alg)
- if err != nil {
- return nil, err
- }
-
- _, err = jws.Verify([]byte(token), alg, key)
- if err != nil {
- return nil, err
- }
-
- // verify the scope
- scope := bvc.Scope
- if scope == "" {
- scope = keyConfig.Scope
- }
-
- if ds.Scope != scope {
- return nil, fmt.Errorf("scope mismatch")
- }
- return &ds, nil
-}
-
-// VerifyBundleFile verifies the hash of a file in the bundle matches to that provided in the bundle's signature
-func VerifyBundleFile(path string, data bytes.Buffer, files map[string]FileInfo) error {
- var file FileInfo
- var ok bool
-
- if file, ok = files[path]; !ok {
- return fmt.Errorf("file %v not included in bundle signature", path)
- }
-
- if file.Algorithm == "" {
- return fmt.Errorf("no hashing algorithm provided for file %v", path)
- }
-
- hash, err := NewSignatureHasher(HashingAlgorithm(file.Algorithm))
- if err != nil {
- return err
- }
-
- // hash the file content
- // For unstructured files, hash the byte stream of the file
- // For structured files, read the byte stream and parse into a JSON structure;
- // then recursively order the fields of all objects alphabetically and then apply
- // the hash function to result to compute the hash. This ensures that the digital signature is
- // independent of whitespace and other non-semantic JSON features.
- var value interface{}
- if IsStructuredDoc(path) {
- err := util.Unmarshal(data.Bytes(), &value)
- if err != nil {
- return err
- }
- } else {
- value = data.Bytes()
- }
-
- bs, err := hash.HashFile(value)
- if err != nil {
- return err
- }
-
- // compare file hash with same file in the JWT payloads
- fb, err := hex.DecodeString(file.Hash)
- if err != nil {
- return err
- }
-
- if !bytes.Equal(fb, bs) {
- return fmt.Errorf("%v: digest mismatch (want: %x, got: %x)", path, fb, bs)
- }
-
- delete(files, path)
- return nil
-}
+type DefaultVerifier = v1.DefaultVerifier
// GetVerifier returns the Verifier registered under the given id
func GetVerifier(id string) (Verifier, error) {
- verifier, ok := verifiers[id]
- if !ok {
- return nil, fmt.Errorf("no verifier exists under id %s", id)
- }
- return verifier, nil
+ return v1.GetVerifier(id)
}
// RegisterVerifier registers a Verifier under the given id
func RegisterVerifier(id string, v Verifier) error {
- if id == defaultVerifierID {
- return fmt.Errorf("verifier id %s is reserved, use a different id", id)
- }
- verifiers[id] = v
- return nil
-}
-
-func init() {
- verifiers = map[string]Verifier{
- defaultVerifierID: &DefaultVerifier{},
- }
+ return v1.RegisterVerifier(id, v)
}
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/doc.go b/vendor/github.com/open-policy-agent/opa/capabilities/doc.go
new file mode 100644
index 0000000000..189c2e727a
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/doc.go
@@ -0,0 +1,8 @@
+// Copyright 2024 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
+package capabilities
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.0.0.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.0.0.json
new file mode 100644
index 0000000000..48a87b0c35
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.0.0.json
@@ -0,0 +1,4835 @@
+{
+ "builtins": [
+ {
+ "name": "abs",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "all",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "and",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "\u0026"
+ },
+ {
+ "name": "any",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.concat",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.reverse",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.slice",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "assign",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": ":="
+ },
+ {
+ "name": "base64.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode_no_pad",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.and",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.lsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.negate",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.or",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.rsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.xor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "null"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "ceil",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "concat",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "count",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.equal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.parse_private_keys",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificate_request",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_keypair",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_rsa_private_key",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "div",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "/"
+ },
+ {
+ "name": "endswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "eq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "="
+ },
+ {
+ "name": "equal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "=="
+ },
+ {
+ "name": "floor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "format_int",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.quote_meta",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable_paths",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_and_verify",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_query",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_schema",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.schema_is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "gt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e"
+ },
+ {
+ "name": "gte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e="
+ },
+ {
+ "name": "hex.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "hex.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "http.send",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "indexof",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "indexof_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.member_2",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.member_3",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.print",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "intersection",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode_verify",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign_raw",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.verify_es256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_number",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "indent",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "prefix",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "pretty",
+ "value": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.match_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "static": [
+ {
+ "key": "desc",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "error",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "field",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "type",
+ "value": {
+ "type": "string"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.patch",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "op",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "path",
+ "value": {
+ "type": "any"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.verify_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lower",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c"
+ },
+ {
+ "name": "lte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c="
+ },
+ {
+ "name": "max",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "min",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "minus",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "function"
+ },
+ "infix": "-"
+ },
+ {
+ "name": "mul",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "*"
+ },
+ {
+ "name": "neq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "!="
+ },
+ {
+ "name": "net.cidr_contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_contains_matches",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "static": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_expand",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_intersects",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_merge",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_overlap",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.lookup_ip_addr",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "numbers.range",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "numbers.range_step",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.get",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.keys",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.subset",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "opa.runtime",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "or",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "|"
+ },
+ {
+ "name": "plus",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "+"
+ },
+ {
+ "name": "print",
+ "decl": {
+ "type": "function",
+ "variadic": {
+ "type": "any"
+ }
+ }
+ },
+ {
+ "name": "product",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "providers.aws.sign_req",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rand.intn",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "re_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_all_string_submatch_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.globs_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.template_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.chain",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.rule",
+ "decl": {
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.parse_module",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rem",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "%"
+ },
+ {
+ "name": "replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "round",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.compare",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "set_diff",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sort",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sprintf",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "startswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_prefix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_suffix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.count",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.render_template",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.replace_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.reverse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "substring",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sum",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.add_date",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.clock",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.date",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.diff",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.format",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.now_ns",
+ "decl": {
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "time.parse_duration_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_rfc3339_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.weekday",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "to_number",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "boolean"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_left",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_prefix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_right",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_space",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_suffix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "type_name",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "union",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse_bytes",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "upper",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode_object",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode_object",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.rfc4122",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "walk",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "relation": true
+ },
+ {
+ "name": "yaml.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ }
+ ],
+ "wasm_abi_versions": [
+ {
+ "version": 1,
+ "minor_version": 1
+ },
+ {
+ "version": 1,
+ "minor_version": 2
+ }
+ ],
+ "features": [
+ "rego_v1"
+ ]
+}
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.0.1.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.0.1.json
new file mode 100644
index 0000000000..48a87b0c35
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.0.1.json
@@ -0,0 +1,4835 @@
+{
+ "builtins": [
+ {
+ "name": "abs",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "all",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "and",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "\u0026"
+ },
+ {
+ "name": "any",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.concat",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.reverse",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.slice",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "assign",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": ":="
+ },
+ {
+ "name": "base64.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode_no_pad",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.and",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.lsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.negate",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.or",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.rsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.xor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "null"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "ceil",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "concat",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "count",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.equal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.parse_private_keys",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificate_request",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_keypair",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_rsa_private_key",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "div",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "/"
+ },
+ {
+ "name": "endswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "eq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "="
+ },
+ {
+ "name": "equal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "=="
+ },
+ {
+ "name": "floor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "format_int",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.quote_meta",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable_paths",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_and_verify",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_query",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_schema",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.schema_is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "gt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e"
+ },
+ {
+ "name": "gte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e="
+ },
+ {
+ "name": "hex.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "hex.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "http.send",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "indexof",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "indexof_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.member_2",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.member_3",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.print",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "intersection",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode_verify",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign_raw",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.verify_es256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_number",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "indent",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "prefix",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "pretty",
+ "value": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.match_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "static": [
+ {
+ "key": "desc",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "error",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "field",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "type",
+ "value": {
+ "type": "string"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.patch",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "op",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "path",
+ "value": {
+ "type": "any"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.verify_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lower",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c"
+ },
+ {
+ "name": "lte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c="
+ },
+ {
+ "name": "max",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "min",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "minus",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "function"
+ },
+ "infix": "-"
+ },
+ {
+ "name": "mul",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "*"
+ },
+ {
+ "name": "neq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "!="
+ },
+ {
+ "name": "net.cidr_contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_contains_matches",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "static": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_expand",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_intersects",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_merge",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_overlap",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.lookup_ip_addr",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "numbers.range",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "numbers.range_step",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.get",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.keys",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.subset",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "opa.runtime",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "or",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "|"
+ },
+ {
+ "name": "plus",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "+"
+ },
+ {
+ "name": "print",
+ "decl": {
+ "type": "function",
+ "variadic": {
+ "type": "any"
+ }
+ }
+ },
+ {
+ "name": "product",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "providers.aws.sign_req",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rand.intn",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "re_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_all_string_submatch_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.globs_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.template_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.chain",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.rule",
+ "decl": {
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.parse_module",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rem",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "%"
+ },
+ {
+ "name": "replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "round",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.compare",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "set_diff",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sort",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sprintf",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "startswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_prefix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_suffix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.count",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.render_template",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.replace_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.reverse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "substring",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sum",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.add_date",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.clock",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.date",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.diff",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.format",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.now_ns",
+ "decl": {
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "time.parse_duration_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_rfc3339_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.weekday",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "to_number",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "boolean"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_left",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_prefix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_right",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_space",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_suffix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "type_name",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "union",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse_bytes",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "upper",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode_object",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode_object",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.rfc4122",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "walk",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "relation": true
+ },
+ {
+ "name": "yaml.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ }
+ ],
+ "wasm_abi_versions": [
+ {
+ "version": 1,
+ "minor_version": 1
+ },
+ {
+ "version": 1,
+ "minor_version": 2
+ }
+ ],
+ "features": [
+ "rego_v1"
+ ]
+}
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.1.0.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.1.0.json
new file mode 100644
index 0000000000..48a87b0c35
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.1.0.json
@@ -0,0 +1,4835 @@
+{
+ "builtins": [
+ {
+ "name": "abs",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "all",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "and",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "\u0026"
+ },
+ {
+ "name": "any",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.concat",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.reverse",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.slice",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "assign",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": ":="
+ },
+ {
+ "name": "base64.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode_no_pad",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.and",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.lsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.negate",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.or",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.rsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.xor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "null"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "ceil",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "concat",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "count",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.equal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.parse_private_keys",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificate_request",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_keypair",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_rsa_private_key",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "div",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "/"
+ },
+ {
+ "name": "endswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "eq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "="
+ },
+ {
+ "name": "equal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "=="
+ },
+ {
+ "name": "floor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "format_int",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.quote_meta",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable_paths",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_and_verify",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_query",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_schema",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.schema_is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "gt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e"
+ },
+ {
+ "name": "gte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e="
+ },
+ {
+ "name": "hex.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "hex.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "http.send",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "indexof",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "indexof_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.member_2",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.member_3",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.print",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "intersection",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode_verify",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign_raw",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.verify_es256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_number",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "indent",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "prefix",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "pretty",
+ "value": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.match_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "static": [
+ {
+ "key": "desc",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "error",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "field",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "type",
+ "value": {
+ "type": "string"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.patch",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "op",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "path",
+ "value": {
+ "type": "any"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.verify_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lower",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c"
+ },
+ {
+ "name": "lte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c="
+ },
+ {
+ "name": "max",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "min",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "minus",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "function"
+ },
+ "infix": "-"
+ },
+ {
+ "name": "mul",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "*"
+ },
+ {
+ "name": "neq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "!="
+ },
+ {
+ "name": "net.cidr_contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_contains_matches",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "static": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_expand",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_intersects",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_merge",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_overlap",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.lookup_ip_addr",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "numbers.range",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "numbers.range_step",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.get",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.keys",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.subset",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "opa.runtime",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "or",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "|"
+ },
+ {
+ "name": "plus",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "+"
+ },
+ {
+ "name": "print",
+ "decl": {
+ "type": "function",
+ "variadic": {
+ "type": "any"
+ }
+ }
+ },
+ {
+ "name": "product",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "providers.aws.sign_req",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rand.intn",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "re_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_all_string_submatch_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.globs_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.template_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.chain",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.rule",
+ "decl": {
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.parse_module",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rem",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "%"
+ },
+ {
+ "name": "replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "round",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.compare",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "set_diff",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sort",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sprintf",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "startswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_prefix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_suffix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.count",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.render_template",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.replace_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.reverse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "substring",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sum",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.add_date",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.clock",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.date",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.diff",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.format",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.now_ns",
+ "decl": {
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "time.parse_duration_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_rfc3339_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.weekday",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "to_number",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "boolean"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_left",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_prefix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_right",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_space",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_suffix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "type_name",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "union",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse_bytes",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "upper",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode_object",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode_object",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.rfc4122",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "walk",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "relation": true
+ },
+ {
+ "name": "yaml.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ }
+ ],
+ "wasm_abi_versions": [
+ {
+ "version": 1,
+ "minor_version": 1
+ },
+ {
+ "version": 1,
+ "minor_version": 2
+ }
+ ],
+ "features": [
+ "rego_v1"
+ ]
+}
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.2.0.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.2.0.json
new file mode 100644
index 0000000000..1253c88b30
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.2.0.json
@@ -0,0 +1,4849 @@
+{
+ "builtins": [
+ {
+ "name": "abs",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "all",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "and",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "\u0026"
+ },
+ {
+ "name": "any",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.concat",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.reverse",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.slice",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "assign",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": ":="
+ },
+ {
+ "name": "base64.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode_no_pad",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.and",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.lsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.negate",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.or",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.rsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.xor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "null"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "ceil",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "concat",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "count",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.equal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.parse_private_keys",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificate_request",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_keypair",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_rsa_private_key",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "div",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "/"
+ },
+ {
+ "name": "endswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "eq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "="
+ },
+ {
+ "name": "equal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "=="
+ },
+ {
+ "name": "floor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "format_int",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.quote_meta",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable_paths",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_and_verify",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_query",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_schema",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.schema_is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "gt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e"
+ },
+ {
+ "name": "gte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e="
+ },
+ {
+ "name": "hex.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "hex.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "http.send",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "indexof",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "indexof_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.member_2",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.member_3",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.print",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.test_case",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "intersection",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode_verify",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign_raw",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.verify_es256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_number",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "indent",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "prefix",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "pretty",
+ "value": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.match_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "static": [
+ {
+ "key": "desc",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "error",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "field",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "type",
+ "value": {
+ "type": "string"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.patch",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "op",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "path",
+ "value": {
+ "type": "any"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.verify_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lower",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c"
+ },
+ {
+ "name": "lte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c="
+ },
+ {
+ "name": "max",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "min",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "minus",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "function"
+ },
+ "infix": "-"
+ },
+ {
+ "name": "mul",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "*"
+ },
+ {
+ "name": "neq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "!="
+ },
+ {
+ "name": "net.cidr_contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_contains_matches",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "static": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_expand",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_intersects",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_merge",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_overlap",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.lookup_ip_addr",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "numbers.range",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "numbers.range_step",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.get",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.keys",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.subset",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "opa.runtime",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "or",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "|"
+ },
+ {
+ "name": "plus",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "+"
+ },
+ {
+ "name": "print",
+ "decl": {
+ "type": "function",
+ "variadic": {
+ "type": "any"
+ }
+ }
+ },
+ {
+ "name": "product",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "providers.aws.sign_req",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rand.intn",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "re_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_all_string_submatch_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.globs_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.template_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.chain",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.rule",
+ "decl": {
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.parse_module",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rem",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "%"
+ },
+ {
+ "name": "replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "round",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.compare",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "set_diff",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sort",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sprintf",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "startswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_prefix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_suffix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.count",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.render_template",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.replace_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.reverse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "substring",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sum",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.add_date",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.clock",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.date",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.diff",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.format",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.now_ns",
+ "decl": {
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "time.parse_duration_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_rfc3339_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.weekday",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "to_number",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "boolean"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_left",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_prefix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_right",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_space",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_suffix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "type_name",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "union",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse_bytes",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "upper",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode_object",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode_object",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.rfc4122",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "walk",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "relation": true
+ },
+ {
+ "name": "yaml.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ }
+ ],
+ "wasm_abi_versions": [
+ {
+ "version": 1,
+ "minor_version": 1
+ },
+ {
+ "version": 1,
+ "minor_version": 2
+ }
+ ],
+ "features": [
+ "rego_v1"
+ ]
+}
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.3.0.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.3.0.json
new file mode 100644
index 0000000000..1253c88b30
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.3.0.json
@@ -0,0 +1,4849 @@
+{
+ "builtins": [
+ {
+ "name": "abs",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "all",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "and",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "\u0026"
+ },
+ {
+ "name": "any",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.concat",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.reverse",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.slice",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "assign",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": ":="
+ },
+ {
+ "name": "base64.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode_no_pad",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.and",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.lsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.negate",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.or",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.rsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.xor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "null"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "ceil",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "concat",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "count",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.equal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.parse_private_keys",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificate_request",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_keypair",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_rsa_private_key",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "div",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "/"
+ },
+ {
+ "name": "endswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "eq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "="
+ },
+ {
+ "name": "equal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "=="
+ },
+ {
+ "name": "floor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "format_int",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.quote_meta",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable_paths",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_and_verify",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_query",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_schema",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.schema_is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "gt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e"
+ },
+ {
+ "name": "gte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e="
+ },
+ {
+ "name": "hex.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "hex.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "http.send",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "indexof",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "indexof_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.member_2",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.member_3",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.print",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.test_case",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "intersection",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode_verify",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign_raw",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.verify_es256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_number",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "indent",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "prefix",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "pretty",
+ "value": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.match_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "static": [
+ {
+ "key": "desc",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "error",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "field",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "type",
+ "value": {
+ "type": "string"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.patch",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "op",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "path",
+ "value": {
+ "type": "any"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.verify_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lower",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c"
+ },
+ {
+ "name": "lte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c="
+ },
+ {
+ "name": "max",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "min",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "minus",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "function"
+ },
+ "infix": "-"
+ },
+ {
+ "name": "mul",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "*"
+ },
+ {
+ "name": "neq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "!="
+ },
+ {
+ "name": "net.cidr_contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_contains_matches",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "static": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_expand",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_intersects",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_merge",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_overlap",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.lookup_ip_addr",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "numbers.range",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "numbers.range_step",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.get",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.keys",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.subset",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "opa.runtime",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "or",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "|"
+ },
+ {
+ "name": "plus",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "+"
+ },
+ {
+ "name": "print",
+ "decl": {
+ "type": "function",
+ "variadic": {
+ "type": "any"
+ }
+ }
+ },
+ {
+ "name": "product",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "providers.aws.sign_req",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rand.intn",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "re_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_all_string_submatch_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.globs_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.template_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.chain",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.rule",
+ "decl": {
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.parse_module",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rem",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "%"
+ },
+ {
+ "name": "replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "round",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.compare",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "set_diff",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sort",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sprintf",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "startswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_prefix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_suffix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.count",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.render_template",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.replace_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.reverse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "substring",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sum",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.add_date",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.clock",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.date",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.diff",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.format",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.now_ns",
+ "decl": {
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "time.parse_duration_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_rfc3339_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.weekday",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "to_number",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "boolean"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_left",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_prefix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_right",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_space",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_suffix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "type_name",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "union",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse_bytes",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "upper",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode_object",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode_object",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.rfc4122",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "walk",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "relation": true
+ },
+ {
+ "name": "yaml.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ }
+ ],
+ "wasm_abi_versions": [
+ {
+ "version": 1,
+ "minor_version": 1
+ },
+ {
+ "version": 1,
+ "minor_version": 2
+ }
+ ],
+ "features": [
+ "rego_v1"
+ ]
+}
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.4.0.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.4.0.json
new file mode 100644
index 0000000000..1253c88b30
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.4.0.json
@@ -0,0 +1,4849 @@
+{
+ "builtins": [
+ {
+ "name": "abs",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "all",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "and",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "\u0026"
+ },
+ {
+ "name": "any",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.concat",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.reverse",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.slice",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "assign",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": ":="
+ },
+ {
+ "name": "base64.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode_no_pad",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.and",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.lsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.negate",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.or",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.rsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.xor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "null"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "ceil",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "concat",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "count",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.equal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.parse_private_keys",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificate_request",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_keypair",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_rsa_private_key",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "div",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "/"
+ },
+ {
+ "name": "endswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "eq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "="
+ },
+ {
+ "name": "equal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "=="
+ },
+ {
+ "name": "floor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "format_int",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.quote_meta",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable_paths",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_and_verify",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_query",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_schema",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.schema_is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "gt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e"
+ },
+ {
+ "name": "gte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e="
+ },
+ {
+ "name": "hex.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "hex.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "http.send",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "indexof",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "indexof_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.member_2",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.member_3",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.print",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.test_case",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "intersection",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode_verify",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign_raw",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.verify_es256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_number",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "indent",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "prefix",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "pretty",
+ "value": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.match_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "static": [
+ {
+ "key": "desc",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "error",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "field",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "type",
+ "value": {
+ "type": "string"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.patch",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "op",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "path",
+ "value": {
+ "type": "any"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.verify_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lower",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c"
+ },
+ {
+ "name": "lte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c="
+ },
+ {
+ "name": "max",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "min",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "minus",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "function"
+ },
+ "infix": "-"
+ },
+ {
+ "name": "mul",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "*"
+ },
+ {
+ "name": "neq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "!="
+ },
+ {
+ "name": "net.cidr_contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_contains_matches",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "static": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_expand",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_intersects",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_merge",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_overlap",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.lookup_ip_addr",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "numbers.range",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "numbers.range_step",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.get",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.keys",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.subset",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "opa.runtime",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "or",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "|"
+ },
+ {
+ "name": "plus",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "+"
+ },
+ {
+ "name": "print",
+ "decl": {
+ "type": "function",
+ "variadic": {
+ "type": "any"
+ }
+ }
+ },
+ {
+ "name": "product",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "providers.aws.sign_req",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rand.intn",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "re_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_all_string_submatch_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.globs_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.template_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.chain",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.rule",
+ "decl": {
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.parse_module",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rem",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "%"
+ },
+ {
+ "name": "replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "round",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.compare",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "set_diff",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sort",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sprintf",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "startswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_prefix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_suffix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.count",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.render_template",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.replace_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.reverse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "substring",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sum",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.add_date",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.clock",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.date",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.diff",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.format",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.now_ns",
+ "decl": {
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "time.parse_duration_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_rfc3339_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.weekday",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "to_number",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "boolean"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_left",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_prefix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_right",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_space",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_suffix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "type_name",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "union",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse_bytes",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "upper",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode_object",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode_object",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.rfc4122",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "walk",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "relation": true
+ },
+ {
+ "name": "yaml.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ }
+ ],
+ "wasm_abi_versions": [
+ {
+ "version": 1,
+ "minor_version": 1
+ },
+ {
+ "version": 1,
+ "minor_version": 2
+ }
+ ],
+ "features": [
+ "rego_v1"
+ ]
+}
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.4.1.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.4.1.json
new file mode 100644
index 0000000000..1253c88b30
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.4.1.json
@@ -0,0 +1,4849 @@
+{
+ "builtins": [
+ {
+ "name": "abs",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "all",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "and",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "\u0026"
+ },
+ {
+ "name": "any",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.concat",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.reverse",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.slice",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "assign",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": ":="
+ },
+ {
+ "name": "base64.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode_no_pad",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.and",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.lsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.negate",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.or",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.rsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.xor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "null"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "ceil",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "concat",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "count",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.equal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.parse_private_keys",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificate_request",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_keypair",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_rsa_private_key",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "div",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "/"
+ },
+ {
+ "name": "endswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "eq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "="
+ },
+ {
+ "name": "equal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "=="
+ },
+ {
+ "name": "floor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "format_int",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.quote_meta",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable_paths",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_and_verify",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_query",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_schema",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.schema_is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "gt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e"
+ },
+ {
+ "name": "gte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e="
+ },
+ {
+ "name": "hex.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "hex.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "http.send",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "indexof",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "indexof_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.member_2",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.member_3",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.print",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.test_case",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "intersection",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode_verify",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign_raw",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.verify_es256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_number",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "indent",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "prefix",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "pretty",
+ "value": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.match_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "static": [
+ {
+ "key": "desc",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "error",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "field",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "type",
+ "value": {
+ "type": "string"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.patch",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "op",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "path",
+ "value": {
+ "type": "any"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.verify_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lower",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c"
+ },
+ {
+ "name": "lte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c="
+ },
+ {
+ "name": "max",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "min",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "minus",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "function"
+ },
+ "infix": "-"
+ },
+ {
+ "name": "mul",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "*"
+ },
+ {
+ "name": "neq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "!="
+ },
+ {
+ "name": "net.cidr_contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_contains_matches",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "static": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_expand",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_intersects",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_merge",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_overlap",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.lookup_ip_addr",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "numbers.range",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "numbers.range_step",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.get",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.keys",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.subset",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "opa.runtime",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "or",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "|"
+ },
+ {
+ "name": "plus",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "+"
+ },
+ {
+ "name": "print",
+ "decl": {
+ "type": "function",
+ "variadic": {
+ "type": "any"
+ }
+ }
+ },
+ {
+ "name": "product",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "providers.aws.sign_req",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rand.intn",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "re_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_all_string_submatch_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.globs_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.template_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.chain",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.rule",
+ "decl": {
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.parse_module",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rem",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "%"
+ },
+ {
+ "name": "replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "round",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.compare",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "set_diff",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sort",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sprintf",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "startswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_prefix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_suffix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.count",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.render_template",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.replace_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.reverse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "substring",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sum",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.add_date",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.clock",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.date",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.diff",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.format",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.now_ns",
+ "decl": {
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "time.parse_duration_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_rfc3339_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.weekday",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "to_number",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "boolean"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_left",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_prefix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_right",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_space",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_suffix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "type_name",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "union",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse_bytes",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "upper",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode_object",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode_object",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.rfc4122",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "walk",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "relation": true
+ },
+ {
+ "name": "yaml.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ }
+ ],
+ "wasm_abi_versions": [
+ {
+ "version": 1,
+ "minor_version": 1
+ },
+ {
+ "version": 1,
+ "minor_version": 2
+ }
+ ],
+ "features": [
+ "rego_v1"
+ ]
+}
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.4.2.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.4.2.json
new file mode 100644
index 0000000000..1253c88b30
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.4.2.json
@@ -0,0 +1,4849 @@
+{
+ "builtins": [
+ {
+ "name": "abs",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "all",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "and",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "\u0026"
+ },
+ {
+ "name": "any",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.concat",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.reverse",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.slice",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "assign",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": ":="
+ },
+ {
+ "name": "base64.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode_no_pad",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.and",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.lsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.negate",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.or",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.rsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.xor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "null"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "ceil",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "concat",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "count",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.equal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.parse_private_keys",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificate_request",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_keypair",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_rsa_private_key",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "div",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "/"
+ },
+ {
+ "name": "endswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "eq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "="
+ },
+ {
+ "name": "equal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "=="
+ },
+ {
+ "name": "floor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "format_int",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.quote_meta",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable_paths",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_and_verify",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_query",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_schema",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.schema_is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "gt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e"
+ },
+ {
+ "name": "gte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e="
+ },
+ {
+ "name": "hex.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "hex.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "http.send",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "indexof",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "indexof_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.member_2",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.member_3",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.print",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.test_case",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "intersection",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode_verify",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign_raw",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.verify_es256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_number",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "indent",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "prefix",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "pretty",
+ "value": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.match_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "static": [
+ {
+ "key": "desc",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "error",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "field",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "type",
+ "value": {
+ "type": "string"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.patch",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "op",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "path",
+ "value": {
+ "type": "any"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.verify_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lower",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c"
+ },
+ {
+ "name": "lte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c="
+ },
+ {
+ "name": "max",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "min",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "minus",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "function"
+ },
+ "infix": "-"
+ },
+ {
+ "name": "mul",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "*"
+ },
+ {
+ "name": "neq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "!="
+ },
+ {
+ "name": "net.cidr_contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_contains_matches",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "static": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_expand",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_intersects",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_merge",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_overlap",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.lookup_ip_addr",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "numbers.range",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "numbers.range_step",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.get",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.keys",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.subset",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "opa.runtime",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "or",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "|"
+ },
+ {
+ "name": "plus",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "+"
+ },
+ {
+ "name": "print",
+ "decl": {
+ "type": "function",
+ "variadic": {
+ "type": "any"
+ }
+ }
+ },
+ {
+ "name": "product",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "providers.aws.sign_req",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rand.intn",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "re_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_all_string_submatch_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.globs_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.template_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.chain",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.rule",
+ "decl": {
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.parse_module",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rem",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "%"
+ },
+ {
+ "name": "replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "round",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.compare",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "set_diff",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sort",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sprintf",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "startswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_prefix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_suffix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.count",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.render_template",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.replace_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.reverse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "substring",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sum",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.add_date",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.clock",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.date",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.diff",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.format",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.now_ns",
+ "decl": {
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "time.parse_duration_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_rfc3339_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.weekday",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "to_number",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "boolean"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_left",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_prefix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_right",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_space",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_suffix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "type_name",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "union",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse_bytes",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "upper",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode_object",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode_object",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.rfc4122",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "walk",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "relation": true
+ },
+ {
+ "name": "yaml.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ }
+ ],
+ "wasm_abi_versions": [
+ {
+ "version": 1,
+ "minor_version": 1
+ },
+ {
+ "version": 1,
+ "minor_version": 2
+ }
+ ],
+ "features": [
+ "rego_v1"
+ ]
+}
diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.5.0.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.5.0.json
new file mode 100644
index 0000000000..1253c88b30
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.5.0.json
@@ -0,0 +1,4849 @@
+{
+ "builtins": [
+ {
+ "name": "abs",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "all",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "and",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "\u0026"
+ },
+ {
+ "name": "any",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.concat",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.reverse",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "array.slice",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "assign",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": ":="
+ },
+ {
+ "name": "base64.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "base64url.encode_no_pad",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.and",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.lsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.negate",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.or",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.rsh",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "bits.xor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "null"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "cast_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "ceil",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "concat",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "count",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.equal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.hmac.sha512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.md5",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.parse_private_keys",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha1",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.sha256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_and_verify_certificates_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificate_request",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_certificates",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_keypair",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "crypto.x509.parse_rsa_private_key",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "div",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "/"
+ },
+ {
+ "name": "endswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "eq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "="
+ },
+ {
+ "name": "equal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "=="
+ },
+ {
+ "name": "floor",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "format_int",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "glob.quote_meta",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graph.reachable_paths",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_and_verify",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_query",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.parse_schema",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "graphql.schema_is_valid",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "gt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e"
+ },
+ {
+ "name": "gte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003e="
+ },
+ {
+ "name": "hex.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "hex.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "http.send",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "indexof",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "indexof_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.member_2",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.member_3",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "in"
+ },
+ {
+ "name": "internal.print",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "internal.test_case",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "function"
+ }
+ },
+ {
+ "name": "intersection",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.decode_verify",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.encode_sign_raw",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "io.jwt.verify_es256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_es512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_hs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_ps512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs256",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs384",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "io.jwt.verify_rs512",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_array",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_boolean",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_null",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_number",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_object",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_set",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "is_string",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.marshal_with_options",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "indent",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "prefix",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "pretty",
+ "value": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.match_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "dynamic": {
+ "static": [
+ {
+ "key": "desc",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "error",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "field",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "type",
+ "value": {
+ "type": "string"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.patch",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "static": [
+ {
+ "key": "op",
+ "value": {
+ "type": "string"
+ }
+ },
+ {
+ "key": "path",
+ "value": {
+ "type": "any"
+ }
+ }
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "json.verify_schema",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "boolean"
+ },
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lower",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "lt",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c"
+ },
+ {
+ "name": "lte",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "\u003c="
+ },
+ {
+ "name": "max",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "min",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "minus",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "function"
+ },
+ "infix": "-"
+ },
+ {
+ "name": "mul",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "*"
+ },
+ {
+ "name": "neq",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ },
+ "infix": "!="
+ },
+ {
+ "name": "net.cidr_contains",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_contains_matches",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "static": [
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_expand",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_intersects",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_merge",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "of": [
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.cidr_overlap",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "net.lookup_ip_addr",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "numbers.range",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "numbers.range_step",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.filter",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.get",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "any"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.keys",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.remove",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.subset",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "object.union_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "opa.runtime",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "or",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ },
+ "infix": "|"
+ },
+ {
+ "name": "plus",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "+"
+ },
+ {
+ "name": "print",
+ "decl": {
+ "type": "function",
+ "variadic": {
+ "type": "any"
+ }
+ }
+ },
+ {
+ "name": "product",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "providers.aws.sign_req",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "any"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rand.intn",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "re_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_all_string_submatch_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.find_n",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.globs_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "regex.template_match",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.chain",
+ "decl": {
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.metadata.rule",
+ "decl": {
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rego.parse_module",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "rem",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "infix": "%"
+ },
+ {
+ "name": "replace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "round",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.compare",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "semver.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "set_diff",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sort",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "split",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sprintf",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "startswith",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_prefix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.any_suffix_match",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.count",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.render_template",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.replace_n",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "strings.reverse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "substring",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "sum",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "dynamic": {
+ "type": "number"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "number"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.add_date",
+ "decl": {
+ "args": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.clock",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.date",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.diff",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ },
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "number"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.format",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.now_ns",
+ "decl": {
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "time.parse_duration_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.parse_rfc3339_ns",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "time.weekday",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "number"
+ },
+ {
+ "static": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "array"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "to_number",
+ "decl": {
+ "args": [
+ {
+ "of": [
+ {
+ "type": "null"
+ },
+ {
+ "type": "boolean"
+ },
+ {
+ "type": "number"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trace",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_left",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_prefix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_right",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_space",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "trim_suffix",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "type_name",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "union",
+ "decl": {
+ "args": [
+ {
+ "of": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "set"
+ }
+ ],
+ "result": {
+ "of": {
+ "type": "any"
+ },
+ "type": "set"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "units.parse_bytes",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "number"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "upper",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.decode_object",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "urlquery.encode_object",
+ "decl": {
+ "args": [
+ {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "of": [
+ {
+ "type": "string"
+ },
+ {
+ "dynamic": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "of": {
+ "type": "string"
+ },
+ "type": "set"
+ }
+ ],
+ "type": "any"
+ }
+ },
+ "type": "object"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.parse",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "dynamic": {
+ "key": {
+ "type": "string"
+ },
+ "value": {
+ "type": "any"
+ }
+ },
+ "type": "object"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "uuid.rfc4122",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ },
+ "nondeterministic": true
+ },
+ {
+ "name": "walk",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "static": [
+ {
+ "dynamic": {
+ "type": "any"
+ },
+ "type": "array"
+ },
+ {
+ "type": "any"
+ }
+ ],
+ "type": "array"
+ },
+ "type": "function"
+ },
+ "relation": true
+ },
+ {
+ "name": "yaml.is_valid",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "boolean"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.marshal",
+ "decl": {
+ "args": [
+ {
+ "type": "any"
+ }
+ ],
+ "result": {
+ "type": "string"
+ },
+ "type": "function"
+ }
+ },
+ {
+ "name": "yaml.unmarshal",
+ "decl": {
+ "args": [
+ {
+ "type": "string"
+ }
+ ],
+ "result": {
+ "type": "any"
+ },
+ "type": "function"
+ }
+ }
+ ],
+ "wasm_abi_versions": [
+ {
+ "version": 1,
+ "minor_version": 1
+ },
+ {
+ "version": 1,
+ "minor_version": 2
+ }
+ ],
+ "features": [
+ "rego_v1"
+ ]
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/bundle/utils.go b/vendor/github.com/open-policy-agent/opa/internal/bundle/utils.go
index 064649733a..836aa586b9 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/bundle/utils.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/bundle/utils.go
@@ -6,15 +6,16 @@ package bundle
import (
"context"
+ "errors"
"fmt"
"io"
"os"
"path/filepath"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/bundle"
- "github.com/open-policy-agent/opa/resolver/wasm"
- "github.com/open-policy-agent/opa/storage"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/bundle"
+ "github.com/open-policy-agent/opa/v1/resolver/wasm"
+ "github.com/open-policy-agent/opa/v1/storage"
)
// LoadWasmResolversFromStore will lookup all Wasm modules from the store along with the
@@ -97,7 +98,7 @@ func LoadBundleFromDiskForRegoVersion(regoVersion ast.RegoVersion, path, name st
_, err := os.Stat(bundlePath)
if err == nil {
- f, err := os.Open(filepath.Join(bundlePath))
+ f, err := os.Open(bundlePath)
if err != nil {
return nil, err
}
@@ -132,7 +133,7 @@ func SaveBundleToDisk(path string, raw io.Reader) (string, error) {
}
if raw == nil {
- return "", fmt.Errorf("no raw bundle bytes to persist to disk")
+ return "", errors.New("no raw bundle bytes to persist to disk")
}
dest, err := os.CreateTemp(path, ".bundle.tar.gz.*.tmp")
diff --git a/vendor/github.com/open-policy-agent/opa/internal/cidr/merge/merge.go b/vendor/github.com/open-policy-agent/opa/internal/cidr/merge/merge.go
index a019cde128..c2392b6775 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/cidr/merge/merge.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/cidr/merge/merge.go
@@ -114,7 +114,7 @@ func GetAddressRange(ipNet net.IPNet) (net.IP, net.IP) {
copy(lastIPMask, ipNet.Mask)
for i := range lastIPMask {
lastIPMask[len(lastIPMask)-i-1] = ^lastIPMask[len(lastIPMask)-i-1]
- lastIP[net.IPv6len-i-1] = lastIP[net.IPv6len-i-1] | lastIPMask[len(lastIPMask)-i-1]
+ lastIP[net.IPv6len-i-1] |= lastIPMask[len(lastIPMask)-i-1]
}
return firstIP, lastIP
diff --git a/vendor/github.com/open-policy-agent/opa/internal/compiler/utils.go b/vendor/github.com/open-policy-agent/opa/internal/compiler/utils.go
index 4d80aeeef9..5d2e778b13 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/compiler/utils.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/compiler/utils.go
@@ -5,9 +5,12 @@
package compiler
import (
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/schemas"
- "github.com/open-policy-agent/opa/util"
+ "errors"
+ "sync"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/schemas"
+ "github.com/open-policy-agent/opa/v1/util"
)
type SchemaFile string
@@ -16,12 +19,35 @@ const (
AuthorizationPolicySchema SchemaFile = "authorizationPolicy.json"
)
-var schemaDefinitions = map[SchemaFile]interface{}{}
+var schemaDefinitions = map[SchemaFile]any{}
+
+var loadOnce = sync.OnceValue(func() error {
+ cont, err := schemas.FS.ReadFile(string(AuthorizationPolicySchema))
+ if err != nil {
+ return err
+ }
+
+ if len(cont) == 0 {
+ return errors.New("expected authorization policy schema file to be present")
+ }
+
+ var schema any
+ if err := util.Unmarshal(cont, &schema); err != nil {
+ return err
+ }
+
+ schemaDefinitions[AuthorizationPolicySchema] = schema
+
+ return nil
+})
// VerifyAuthorizationPolicySchema performs type checking on rules against the schema for the Authorization Policy
// Input document.
// NOTE: The provided compiler should have already run the compilation process on the input modules
func VerifyAuthorizationPolicySchema(compiler *ast.Compiler, ref ast.Ref) error {
+ if err := loadOnce(); err != nil {
+ panic(err)
+ }
rules := getRulesWithDependencies(compiler, ref)
@@ -32,7 +58,10 @@ func VerifyAuthorizationPolicySchema(compiler *ast.Compiler, ref ast.Ref) error
schemaSet := ast.NewSchemaSet()
schemaSet.Put(ast.SchemaRootRef, schemaDefinitions[AuthorizationPolicySchema])
- errs := ast.NewCompiler().WithSchemas(schemaSet).PassesTypeCheckRules(rules)
+ errs := ast.NewCompiler().
+ WithDefaultRegoVersion(compiler.DefaultRegoVersion()).
+ WithSchemas(schemaSet).
+ PassesTypeCheckRules(rules)
if len(errs) > 0 {
return errs
@@ -64,26 +93,3 @@ func transitiveDependencies(compiler *ast.Compiler, rule *ast.Rule, deps map[*as
transitiveDependencies(compiler, other, deps)
}
}
-
-func loadAuthorizationPolicySchema() {
-
- cont, err := schemas.FS.ReadFile(string(AuthorizationPolicySchema))
- if err != nil {
- panic(err)
- }
-
- if len(cont) == 0 {
- panic("expected authorization policy schema file to be present")
- }
-
- var schema interface{}
- if err := util.Unmarshal(cont, &schema); err != nil {
- panic(err)
- }
-
- schemaDefinitions[AuthorizationPolicySchema] = schema
-}
-
-func init() {
- loadAuthorizationPolicySchema()
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/compiler/wasm/wasm.go b/vendor/github.com/open-policy-agent/opa/internal/compiler/wasm/wasm.go
index 9a5cebec54..25cbc13b47 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/compiler/wasm/wasm.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/compiler/wasm/wasm.go
@@ -12,7 +12,6 @@ import (
"fmt"
"io"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/compiler/wasm/opa"
"github.com/open-policy-agent/opa/internal/debug"
"github.com/open-policy-agent/opa/internal/wasm/encoding"
@@ -20,8 +19,9 @@ import (
"github.com/open-policy-agent/opa/internal/wasm/module"
"github.com/open-policy-agent/opa/internal/wasm/types"
"github.com/open-policy-agent/opa/internal/wasm/util"
- "github.com/open-policy-agent/opa/ir"
- opatypes "github.com/open-policy-agent/opa/types"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/ir"
+ opatypes "github.com/open-policy-agent/opa/v1/types"
)
// Record Wasm ABI version in exported global variable
@@ -340,7 +340,7 @@ func (c *Compiler) initModule() error {
// two times. But let's deal with that when it happens.
if _, ok := c.funcs[name]; ok { // already seen
c.debug.Printf("function name duplicate: %s (%d)", name, fn.Index)
- name = name + ".1"
+ name += ".1"
}
c.funcs[name] = fn.Index
}
@@ -348,7 +348,7 @@ func (c *Compiler) initModule() error {
for _, fn := range c.policy.Funcs.Funcs {
params := make([]types.ValueType, len(fn.Params))
- for i := 0; i < len(params); i++ {
+ for i := range params {
params[i] = types.I32
}
@@ -827,7 +827,7 @@ func (c *Compiler) compileFunc(fn *ir.Func) error {
memoize := len(fn.Params) == 2
if len(fn.Params) == 0 {
- return fmt.Errorf("illegal function: zero args")
+ return errors.New("illegal function: zero args")
}
c.nextLocal = 0
@@ -996,12 +996,16 @@ func (c *Compiler) compileBlock(block *ir.Block) ([]instruction.Instruction, err
for _, stmt := range block.Stmts {
switch stmt := stmt.(type) {
case *ir.ResultSetAddStmt:
- instrs = append(instrs, instruction.GetLocal{Index: c.lrs})
- instrs = append(instrs, instruction.GetLocal{Index: c.local(stmt.Value)})
- instrs = append(instrs, instruction.Call{Index: c.function(opaSetAdd)})
+ instrs = append(instrs,
+ instruction.GetLocal{Index: c.lrs},
+ instruction.GetLocal{Index: c.local(stmt.Value)},
+ instruction.Call{Index: c.function(opaSetAdd)},
+ )
case *ir.ReturnLocalStmt:
- instrs = append(instrs, instruction.GetLocal{Index: c.local(stmt.Source)})
- instrs = append(instrs, instruction.Return{})
+ instrs = append(instrs,
+ instruction.GetLocal{Index: c.local(stmt.Source)},
+ instruction.Return{},
+ )
case *ir.BlockStmt:
for i := range stmt.Blocks {
block, err := c.compileBlock(stmt.Blocks[i])
@@ -1029,8 +1033,10 @@ func (c *Compiler) compileBlock(block *ir.Block) ([]instruction.Instruction, err
return instrs, err
}
case *ir.AssignVarStmt:
- instrs = append(instrs, c.instrRead(stmt.Source))
- instrs = append(instrs, instruction.SetLocal{Index: c.local(stmt.Target)})
+ instrs = append(instrs,
+ c.instrRead(stmt.Source),
+ instruction.SetLocal{Index: c.local(stmt.Target)},
+ )
case *ir.AssignVarOnceStmt:
instrs = append(instrs, instruction.Block{
Instrs: []instruction.Instruction{
@@ -1360,7 +1366,7 @@ func (c *Compiler) compileUpsert(local ir.Local, path []int, value ir.Operand, _
// Initialize the locals that specify the path of the upsert operation.
lpath := make(map[int]uint32, len(path))
- for i := 0; i < len(path); i++ {
+ for i := range path {
lpath[i] = c.genLocal()
instrs = append(instrs, instruction.I32Const{Value: c.opaStringAddr(path[i])})
instrs = append(instrs, instruction.SetLocal{Index: lpath[i]})
@@ -1369,10 +1375,10 @@ func (c *Compiler) compileUpsert(local ir.Local, path []int, value ir.Operand, _
// Generate a block that traverses the path of the upsert operation,
// shallowing copying values at each step as needed. Stop before the final
// segment that will only be inserted.
- var inner []instruction.Instruction
+ inner := make([]instruction.Instruction, 0, len(path)*21+1)
ltemp := c.genLocal()
- for i := 0; i < len(path)-1; i++ {
+ for i := range len(path) - 1 {
// Lookup the next part of the path.
inner = append(inner, instruction.GetLocal{Index: lcopy})
@@ -1408,10 +1414,10 @@ func (c *Compiler) compileUpsert(local ir.Local, path []int, value ir.Operand, _
inner = append(inner, instruction.Br{Index: uint32(len(path) - 1)})
// Generate blocks that handle missing nodes during traversal.
- var block []instruction.Instruction
+ block := make([]instruction.Instruction, 0, len(path)*10)
lval := c.genLocal()
- for i := 0; i < len(path)-1; i++ {
+ for i := range len(path) - 1 {
block = append(block, instruction.Block{Instrs: inner})
block = append(block, instruction.Call{Index: c.function(opaObject)})
block = append(block, instruction.SetLocal{Index: lval})
@@ -1535,8 +1541,7 @@ func (c *Compiler) compileExternalCall(stmt *ir.CallStmt, ef externalFunc, resul
}
instrs := *result
- instrs = append(instrs, instruction.I32Const{Value: ef.ID})
- instrs = append(instrs, instruction.I32Const{Value: 0}) // unused context parameter
+ instrs = append(instrs, instruction.I32Const{Value: ef.ID}, instruction.I32Const{Value: 0}) // unused context parameter
for _, arg := range stmt.Args {
instrs = append(instrs, c.instrRead(arg))
@@ -1545,9 +1550,11 @@ func (c *Compiler) compileExternalCall(stmt *ir.CallStmt, ef externalFunc, resul
instrs = append(instrs, instruction.Call{Index: c.function(builtinDispatchers[len(stmt.Args)])})
if ef.Decl.Result() != nil {
- instrs = append(instrs, instruction.TeeLocal{Index: c.local(stmt.Result)})
- instrs = append(instrs, instruction.I32Eqz{})
- instrs = append(instrs, instruction.BrIf{Index: 0})
+ instrs = append(instrs,
+ instruction.TeeLocal{Index: c.local(stmt.Result)},
+ instruction.I32Eqz{},
+ instruction.BrIf{Index: 0},
+ )
} else {
instrs = append(instrs, instruction.Drop{})
}
@@ -1678,7 +1685,7 @@ func (c *Compiler) genLocal() uint32 {
func (c *Compiler) function(name string) uint32 {
fidx, ok := c.funcs[name]
if !ok {
- panic(fmt.Sprintf("function not found: %s", name))
+ panic("function not found: " + name)
}
return fidx
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/config/config.go b/vendor/github.com/open-policy-agent/opa/internal/config/config.go
index b1a9731f65..d4fae5fa65 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/config/config.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/config/config.go
@@ -15,11 +15,11 @@ import (
"sigs.k8s.io/yaml"
"github.com/open-policy-agent/opa/internal/strvals"
- "github.com/open-policy-agent/opa/keys"
- "github.com/open-policy-agent/opa/logging"
- "github.com/open-policy-agent/opa/plugins/rest"
- "github.com/open-policy-agent/opa/tracing"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/keys"
+ "github.com/open-policy-agent/opa/v1/logging"
+ "github.com/open-policy-agent/opa/v1/plugins/rest"
+ "github.com/open-policy-agent/opa/v1/tracing"
+ "github.com/open-policy-agent/opa/v1/util"
)
// ServiceOptions stores the options passed to ParseServicesConfig
@@ -70,7 +70,7 @@ func ParseServicesConfig(opts ServiceOptions) (map[string]rest.Client, error) {
// read from disk (if specified) and overrides will be applied. If no config file is
// specified, the overrides can still be applied to an empty config.
func Load(configFile string, overrides []string, overrideFiles []string) ([]byte, error) {
- baseConf := map[string]interface{}{}
+ baseConf := map[string]any{}
// User specified config file
if configFile != "" {
@@ -88,7 +88,7 @@ func Load(configFile string, overrides []string, overrideFiles []string) ([]byte
}
}
- overrideConf := map[string]interface{}{}
+ overrideConf := map[string]any{}
// User specified a config override via --set
for _, override := range overrides {
@@ -100,7 +100,7 @@ func Load(configFile string, overrides []string, overrideFiles []string) ([]byte
// User specified a config override value via --set-file
for _, override := range overrideFiles {
- reader := func(rs []rune) (interface{}, error) {
+ reader := func(rs []rune) (any, error) {
bytes, err := os.ReadFile(string(rs))
value := strings.TrimSpace(string(bytes))
return value, err
@@ -141,21 +141,21 @@ func subEnvVars(s string) string {
}
// mergeValues will merge source and destination map, preferring values from the source map
-func mergeValues(dest map[string]interface{}, src map[string]interface{}) map[string]interface{} {
+func mergeValues(dest map[string]any, src map[string]any) map[string]any {
for k, v := range src {
// If the key doesn't exist already, then just set the key to that value
if _, exists := dest[k]; !exists {
dest[k] = v
continue
}
- nextMap, ok := v.(map[string]interface{})
+ nextMap, ok := v.(map[string]any)
// If it isn't another map, overwrite the value
if !ok {
dest[k] = v
continue
}
// Edge case: If the key exists in the destination, but isn't a map
- destMap, isMap := dest[k].(map[string]interface{})
+ destMap, isMap := dest[k].(map[string]any)
// If the source map has a map for this key, prefer it
if !isMap {
dest[k] = v
diff --git a/vendor/github.com/open-policy-agent/opa/internal/debug/debug.go b/vendor/github.com/open-policy-agent/opa/internal/debug/debug.go
index 7b90bd1bb0..9448aeb288 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/debug/debug.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/debug/debug.go
@@ -8,7 +8,7 @@ import (
// Debug allows printing debug messages.
type Debug interface {
// Printf prints, with a short file:line-number prefix
- Printf(format string, args ...interface{})
+ Printf(format string, args ...any)
// Writer returns the writer being written to, which may be
// `io.Discard` if no debug output is requested.
Writer() io.Writer
diff --git a/vendor/github.com/open-policy-agent/opa/internal/deepcopy/deepcopy.go b/vendor/github.com/open-policy-agent/opa/internal/deepcopy/deepcopy.go
index 00e8df6f88..dc3a231bc1 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/deepcopy/deepcopy.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/deepcopy/deepcopy.go
@@ -5,25 +5,25 @@
package deepcopy
// DeepCopy performs a recursive deep copy for nested slices/maps and
-// returns the copied object. Supports []interface{}
-// and map[string]interface{} only
-func DeepCopy(val interface{}) interface{} {
+// returns the copied object. Supports []any
+// and map[string]any only
+func DeepCopy(val any) any {
switch val := val.(type) {
- case []interface{}:
- cpy := make([]interface{}, len(val))
+ case []any:
+ cpy := make([]any, len(val))
for i := range cpy {
cpy[i] = DeepCopy(val[i])
}
return cpy
- case map[string]interface{}:
+ case map[string]any:
return Map(val)
default:
return val
}
}
-func Map(val map[string]interface{}) map[string]interface{} {
- cpy := make(map[string]interface{}, len(val))
+func Map(val map[string]any) map[string]any {
+ cpy := make(map[string]any, len(val))
for k := range val {
cpy[k] = DeepCopy(val[k])
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/edittree/bitvector/bitvector.go b/vendor/github.com/open-policy-agent/opa/internal/edittree/bitvector/bitvector.go
index 89e7e137b7..bfacf3bcea 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/edittree/bitvector/bitvector.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/edittree/bitvector/bitvector.go
@@ -36,7 +36,7 @@ func (vector *BitVector) Length() int {
// position of the last byte in the slice.
// This returns the bit that was shifted off of the last byte.
func shiftLower(bit byte, b []byte) byte {
- bit = bit << 7
+ bit <<= 7
for i := len(b) - 1; i >= 0; i-- {
newByte := b[i] >> 1
newByte |= bit
@@ -51,7 +51,7 @@ func shiftLower(bit byte, b []byte) byte {
// position of the first byte in the slice.
// This returns the bit that was shifted off the last byte.
func shiftHigher(bit byte, b []byte) byte {
- for i := 0; i < len(b); i++ {
+ for i := range b {
newByte := b[i] << 1
newByte |= bit
bit = (b[i] & 0x80) >> 7
diff --git a/vendor/github.com/open-policy-agent/opa/internal/edittree/edittree.go b/vendor/github.com/open-policy-agent/opa/internal/edittree/edittree.go
index 9cfaee8baf..b8b6572f2a 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/edittree/edittree.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/edittree/edittree.go
@@ -146,14 +146,14 @@
package edittree
import (
- "encoding/json"
+ "errors"
"fmt"
"math/big"
"sort"
"strings"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/edittree/bitvector"
+ "github.com/open-policy-agent/opa/v1/ast"
)
// Deletions are encoded with a nil value pointer.
@@ -213,10 +213,10 @@ func (e *EditTree) getKeyHash(key *ast.Term) (int, bool) {
case ast.Null, ast.Boolean, ast.String, ast.Var:
equal = func(y ast.Value) bool { return x == y }
case ast.Number:
- if xi, err := json.Number(x).Int64(); err == nil {
+ if xi, ok := x.Int64(); ok {
equal = func(y ast.Value) bool {
if y, ok := y.(ast.Number); ok {
- if yi, err := json.Number(y).Int64(); err == nil {
+ if yi, ok := y.Int64(); ok {
return xi == yi
}
}
@@ -336,13 +336,13 @@ func (e *EditTree) deleteChildValue(hash int) {
// Insert creates a new child of e, and returns the new child EditTree node.
func (e *EditTree) Insert(key, value *ast.Term) (*EditTree, error) {
if e.value == nil {
- return nil, fmt.Errorf("deleted node encountered during insert operation")
+ return nil, errors.New("deleted node encountered during insert operation")
}
if key == nil {
- return nil, fmt.Errorf("nil key provided for insert operation")
+ return nil, errors.New("nil key provided for insert operation")
}
if value == nil {
- return nil, fmt.Errorf("nil value provided for insert operation")
+ return nil, errors.New("nil value provided for insert operation")
}
switch x := e.value.Value.(type) {
@@ -368,7 +368,7 @@ func (e *EditTree) Insert(key, value *ast.Term) (*EditTree, error) {
return nil, err
}
if idx < 0 || idx > e.insertions.Length() {
- return nil, fmt.Errorf("index for array insertion out of bounds")
+ return nil, errors.New("index for array insertion out of bounds")
}
return e.unsafeInsertArray(idx, value), nil
default:
@@ -458,10 +458,10 @@ func (e *EditTree) unsafeInsertArray(idx int, value *ast.Term) *EditTree {
// already present in e. It then returns the deleted child EditTree node.
func (e *EditTree) Delete(key *ast.Term) (*EditTree, error) {
if e.value == nil {
- return nil, fmt.Errorf("deleted node encountered during delete operation")
+ return nil, errors.New("deleted node encountered during delete operation")
}
if key == nil {
- return nil, fmt.Errorf("nil key provided for delete operation")
+ return nil, errors.New("nil key provided for delete operation")
}
switch e.value.Value.(type) {
@@ -532,7 +532,7 @@ func (e *EditTree) Delete(key *ast.Term) (*EditTree, error) {
return nil, err
}
if idx < 0 || idx > e.insertions.Length()-1 {
- return nil, fmt.Errorf("index for array delete out of bounds")
+ return nil, errors.New("index for array delete out of bounds")
}
// Collect insertion indexes above the delete site for rewriting.
@@ -553,14 +553,14 @@ func (e *EditTree) Delete(key *ast.Term) (*EditTree, error) {
}
// Do rewrites to clear out the newly-removed element.
e.deleteChildValue(idx)
- for i := 0; i < len(rewritesScalars); i++ {
+ for i := range rewritesScalars {
originalIdx := rewritesScalars[i]
rewriteIdx := rewritesScalars[i] - 1
v := e.childScalarValues[originalIdx]
e.deleteChildValue(originalIdx)
e.setChildScalarValue(rewriteIdx, v)
}
- for i := 0; i < len(rewritesComposites); i++ {
+ for i := range rewritesComposites {
originalIdx := rewritesComposites[i]
rewriteIdx := rewritesComposites[i] - 1
v := e.childCompositeValues[originalIdx]
@@ -592,7 +592,7 @@ func (e *EditTree) Delete(key *ast.Term) (*EditTree, error) {
//gcassert:inline
func sumZeroesBelowIndex(index int, bv *bitvector.BitVector) int {
zeroesSeen := 0
- for i := 0; i < index; i++ {
+ for i := range index {
if bv.Element(i) == 0 {
zeroesSeen++
}
@@ -602,7 +602,7 @@ func sumZeroesBelowIndex(index int, bv *bitvector.BitVector) int {
func findIndexOfNthZero(n int, bv *bitvector.BitVector) (int, bool) {
zeroesSeen := 0
- for i := 0; i < bv.Length(); i++ {
+ for i := range bv.Length() {
if bv.Element(i) == 0 {
zeroesSeen++
}
@@ -638,7 +638,7 @@ func (e *EditTree) Unfold(path ast.Ref) (*EditTree, error) {
}
// 1+ path segment case.
if e.value == nil {
- return nil, fmt.Errorf("nil value encountered where composite value was expected")
+ return nil, errors.New("nil value encountered where composite value was expected")
}
// Switch behavior based on types.
@@ -723,15 +723,17 @@ func (e *EditTree) Unfold(path ast.Ref) (*EditTree, error) {
return child.Unfold(path[1:])
}
+ idxt := ast.InternedIntNumberTerm(idx)
+
// Fall back to looking up the key in e.value.
// Extend the tree if key is present. Error otherwise.
- if v, err := x.Find(ast.Ref{ast.IntNumberTerm(idx)}); err == nil {
+ if v, err := x.Find(ast.Ref{idxt}); err == nil {
// TODO: Consider a more efficient "Replace" function that special-cases this for arrays instead?
- _, err := e.Delete(ast.IntNumberTerm(idx))
+ _, err := e.Delete(idxt)
if err != nil {
return nil, err
}
- child, err := e.Insert(ast.IntNumberTerm(idx), ast.NewTerm(v))
+ child, err := e.Insert(idxt, ast.NewTerm(v))
if err != nil {
return nil, err
}
@@ -832,7 +834,7 @@ func (e *EditTree) Render() *ast.Term {
// original array. We build a new Array with modified/deleted keys.
out := make([]*ast.Term, 0, e.insertions.Length())
eIdx := 0
- for i := 0; i < e.insertions.Length(); i++ {
+ for i := range e.insertions.Length() {
// If the index == 0, that indicates we should look up the next
// surviving original element.
// If the index == 1, that indicates we should look up that
@@ -880,7 +882,7 @@ func (e *EditTree) Render() *ast.Term {
// Returns the inserted EditTree node.
func (e *EditTree) InsertAtPath(path ast.Ref, value *ast.Term) (*EditTree, error) {
if value == nil {
- return nil, fmt.Errorf("cannot insert nil value into EditTree")
+ return nil, errors.New("cannot insert nil value into EditTree")
}
if len(path) == 0 {
@@ -911,7 +913,7 @@ func (e *EditTree) DeleteAtPath(path ast.Ref) (*EditTree, error) {
// Root document case:
if len(path) == 0 {
if e.value == nil {
- return nil, fmt.Errorf("deleted node encountered during delete operation")
+ return nil, errors.New("deleted node encountered during delete operation")
}
e.value = nil
e.childKeys = nil
@@ -1026,8 +1028,7 @@ func (e *EditTree) Exists(path ast.Ref) bool {
}
// Fallback if child lookup failed.
// We have to ensure that the lookup term is a number here, or Find will fail.
- k := ast.Ref{ast.IntNumberTerm(idx)}.Concat(path[1:])
- _, err = x.Find(k)
+ _, err = x.Find(ast.Ref{ast.InternedIntNumberTerm(idx)}.Concat(path[1:]))
return err == nil
default:
// Catch all primitive types.
@@ -1048,7 +1049,7 @@ func toIndex(arrayLength int, term *ast.Term) (int, error) {
switch v := term.Value.(type) {
case ast.Number:
if i, ok = v.Int(); !ok {
- return 0, fmt.Errorf("invalid number type for indexing")
+ return 0, errors.New("invalid number type for indexing")
}
case ast.String:
if v == "-" {
@@ -1056,13 +1057,13 @@ func toIndex(arrayLength int, term *ast.Term) (int, error) {
}
num := ast.Number(v)
if i, ok = num.Int(); !ok {
- return 0, fmt.Errorf("invalid string for indexing")
+ return 0, errors.New("invalid string for indexing")
}
if v != "0" && strings.HasPrefix(string(v), "0") {
- return 0, fmt.Errorf("leading zeros are not allowed in JSON paths")
+ return 0, errors.New("leading zeros are not allowed in JSON paths")
}
default:
- return 0, fmt.Errorf("invalid type for indexing")
+ return 0, errors.New("invalid type for indexing")
}
return i, nil
@@ -1181,5 +1182,5 @@ func (e *EditTree) Filter(paths []ast.Ref) *ast.Term {
type termSlice []*ast.Term
func (s termSlice) Less(i, j int) bool { return ast.Compare(s[i].Value, s[j].Value) < 0 }
-func (s termSlice) Swap(i, j int) { x := s[i]; s[i] = s[j]; s[j] = x }
+func (s termSlice) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
func (s termSlice) Len() int { return len(s) }
diff --git a/vendor/github.com/open-policy-agent/opa/internal/future/filter_imports.go b/vendor/github.com/open-policy-agent/opa/internal/future/filter_imports.go
index cf5721101a..1586a216a8 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/future/filter_imports.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/future/filter_imports.go
@@ -4,7 +4,7 @@
package future
-import "github.com/open-policy-agent/opa/ast"
+import "github.com/open-policy-agent/opa/v1/ast"
// FilterFutureImports filters OUT any future imports from the passed slice of
// `*ast.Import`s.
@@ -24,7 +24,7 @@ func IsAllFutureKeywords(imp *ast.Import) bool {
path := imp.Path.Value.(ast.Ref)
return len(path) == 2 &&
ast.FutureRootDocument.Equal(path[0]) &&
- path[1].Equal(ast.StringTerm("keywords"))
+ path[1].Equal(ast.InternedStringTerm("keywords"))
}
// IsFutureKeyword returns true if the passed *ast.Import is `future.keywords.{kw}`
@@ -32,7 +32,7 @@ func IsFutureKeyword(imp *ast.Import, kw string) bool {
path := imp.Path.Value.(ast.Ref)
return len(path) == 3 &&
ast.FutureRootDocument.Equal(path[0]) &&
- path[1].Equal(ast.StringTerm("keywords")) &&
+ path[1].Equal(ast.InternedStringTerm("keywords")) &&
path[2].Equal(ast.StringTerm(kw))
}
@@ -40,7 +40,7 @@ func WhichFutureKeyword(imp *ast.Import) (string, bool) {
path := imp.Path.Value.(ast.Ref)
if len(path) == 3 &&
ast.FutureRootDocument.Equal(path[0]) &&
- path[1].Equal(ast.StringTerm("keywords")) {
+ path[1].Equal(ast.InternedStringTerm("keywords")) {
if str, ok := path[2].Value.(ast.String); ok {
return string(str), true
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/future/parser_opts.go b/vendor/github.com/open-policy-agent/opa/internal/future/parser_opts.go
index 804702b945..eaeb87e296 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/future/parser_opts.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/future/parser_opts.go
@@ -5,9 +5,10 @@
package future
import (
+ "errors"
"fmt"
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
)
// ParserOptionsFromFutureImports transforms a slice of `ast.Import`s into the
@@ -33,7 +34,7 @@ func ParserOptionsFromFutureImports(imports []*ast.Import) (ast.ParserOptions, e
}
if len(path) == 3 {
if imp.Alias != "" {
- return popts, fmt.Errorf("alias not supported")
+ return popts, errors.New("alias not supported")
}
popts.FutureKeywords = append(popts.FutureKeywords, string(path[2].Value.(ast.String)))
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/draft.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/draft.go
index dac1aafdac..656804acb7 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/draft.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/draft.go
@@ -86,12 +86,12 @@ func (dc draftConfigs) GetSchemaURL(draft Draft) string {
return ""
}
-func parseSchemaURL(documentNode interface{}) (string, *Draft, error) {
+func parseSchemaURL(documentNode any) (string, *Draft, error) {
if _, ok := documentNode.(bool); ok {
return "", nil, nil
}
- m, ok := documentNode.(map[string]interface{})
+ m, ok := documentNode.(map[string]any)
if !ok {
return "", nil, errors.New("schema is invalid")
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/errors.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/errors.go
index f7aaf90306..a937d9b3b9 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/errors.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/errors.go
@@ -212,7 +212,7 @@ type (
)
// newError takes a ResultError type and sets the type, context, description, details, value, and field
-func newError(err ResultError, context *JSONContext, value interface{}, locale locale, details ErrorDetails) {
+func newError(err ResultError, context *JSONContext, value any, locale locale, details ErrorDetails) {
var t string
var d string
switch err.(type) {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/format_checkers.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/format_checkers.go
index 1e770464e8..c078e9862f 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/format_checkers.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/format_checkers.go
@@ -14,7 +14,7 @@ type (
// FormatChecker is the interface all formatters added to FormatCheckerChain must implement
FormatChecker interface {
// IsFormat checks if input has the correct format
- IsFormat(input interface{}) bool
+ IsFormat(input any) bool
}
// FormatCheckerChain holds the formatters
@@ -174,7 +174,7 @@ func (c *FormatCheckerChain) Has(name string) bool {
// IsFormat will check an input against a FormatChecker with the given name
// to see if it is the correct format
-func (c *FormatCheckerChain) IsFormat(name string, input interface{}) bool {
+func (c *FormatCheckerChain) IsFormat(name string, input any) bool {
lock.RLock()
f, ok := c.formatters[name]
lock.RUnlock()
@@ -188,7 +188,7 @@ func (c *FormatCheckerChain) IsFormat(name string, input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted e-mail address
-func (f EmailFormatChecker) IsFormat(input interface{}) bool {
+func (f EmailFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -199,7 +199,7 @@ func (f EmailFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted IPv4-address
-func (f IPV4FormatChecker) IsFormat(input interface{}) bool {
+func (f IPV4FormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -211,7 +211,7 @@ func (f IPV4FormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted IPv6=address
-func (f IPV6FormatChecker) IsFormat(input interface{}) bool {
+func (f IPV6FormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -223,7 +223,7 @@ func (f IPV6FormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted date/time per RFC3339 5.6
-func (f DateTimeFormatChecker) IsFormat(input interface{}) bool {
+func (f DateTimeFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -247,7 +247,7 @@ func (f DateTimeFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted date (YYYY-MM-DD)
-func (f DateFormatChecker) IsFormat(input interface{}) bool {
+func (f DateFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -257,7 +257,7 @@ func (f DateFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input correctly formatted time (HH:MM:SS or HH:MM:SSZ-07:00)
-func (f TimeFormatChecker) IsFormat(input interface{}) bool {
+func (f TimeFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -272,7 +272,7 @@ func (f TimeFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is correctly formatted URI with a valid Scheme per RFC3986
-func (f URIFormatChecker) IsFormat(input interface{}) bool {
+func (f URIFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -288,7 +288,7 @@ func (f URIFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted URI or relative-reference per RFC3986
-func (f URIReferenceFormatChecker) IsFormat(input interface{}) bool {
+func (f URIReferenceFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -299,7 +299,7 @@ func (f URIReferenceFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted URI template per RFC6570
-func (f URITemplateFormatChecker) IsFormat(input interface{}) bool {
+func (f URITemplateFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -314,7 +314,7 @@ func (f URITemplateFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted hostname
-func (f HostnameFormatChecker) IsFormat(input interface{}) bool {
+func (f HostnameFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -324,7 +324,7 @@ func (f HostnameFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted UUID
-func (f UUIDFormatChecker) IsFormat(input interface{}) bool {
+func (f UUIDFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -334,7 +334,7 @@ func (f UUIDFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted regular expression
-func (f RegexFormatChecker) IsFormat(input interface{}) bool {
+func (f RegexFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -348,7 +348,7 @@ func (f RegexFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted JSON Pointer per RFC6901
-func (f JSONPointerFormatChecker) IsFormat(input interface{}) bool {
+func (f JSONPointerFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
@@ -358,7 +358,7 @@ func (f JSONPointerFormatChecker) IsFormat(input interface{}) bool {
}
// IsFormat checks if input is a correctly formatted relative JSON Pointer
-func (f RelativeJSONPointerFormatChecker) IsFormat(input interface{}) bool {
+func (f RelativeJSONPointerFormatChecker) IsFormat(input any) bool {
asString, ok := input.(string)
if !ok {
return true
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/internalLog.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/internalLog.go
index 4ef7a8d03e..bab75112eb 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/internalLog.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/internalLog.go
@@ -32,6 +32,6 @@ import (
const internalLogEnabled = false
-func internalLog(format string, v ...interface{}) {
+func internalLog(format string, v ...any) {
log.Printf(format, v...)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/jsonLoader.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/jsonLoader.go
index 1011552dee..73f25e3b7f 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/jsonLoader.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/jsonLoader.go
@@ -77,8 +77,8 @@ var osFS = osFileSystem(os.Open)
// JSONLoader defines the JSON loader interface
type JSONLoader interface {
- JSONSource() interface{}
- LoadJSON() (interface{}, error)
+ JSONSource() any
+ LoadJSON() (any, error)
JSONReference() (gojsonreference.JsonReference, error)
LoaderFactory() JSONLoaderFactory
}
@@ -130,7 +130,7 @@ type jsonReferenceLoader struct {
source string
}
-func (l *jsonReferenceLoader) JSONSource() interface{} {
+func (l *jsonReferenceLoader) JSONSource() any {
return l.source
}
@@ -160,7 +160,7 @@ func NewReferenceLoaderFileSystem(source string, fs http.FileSystem) JSONLoader
}
}
-func (l *jsonReferenceLoader) LoadJSON() (interface{}, error) {
+func (l *jsonReferenceLoader) LoadJSON() (any, error) {
var err error
@@ -207,7 +207,7 @@ func (l *jsonReferenceLoader) LoadJSON() (interface{}, error) {
return nil, fmt.Errorf("remote reference loading disabled: %s", reference.String())
}
-func (l *jsonReferenceLoader) loadFromHTTP(address string) (interface{}, error) {
+func (l *jsonReferenceLoader) loadFromHTTP(address string) (any, error) {
resp, err := http.Get(address)
if err != nil {
@@ -227,7 +227,7 @@ func (l *jsonReferenceLoader) loadFromHTTP(address string) (interface{}, error)
return decodeJSONUsingNumber(bytes.NewReader(bodyBuff))
}
-func (l *jsonReferenceLoader) loadFromFile(path string) (interface{}, error) {
+func (l *jsonReferenceLoader) loadFromFile(path string) (any, error) {
f, err := l.fs.Open(path)
if err != nil {
return nil, err
@@ -249,7 +249,7 @@ type jsonStringLoader struct {
source string
}
-func (l *jsonStringLoader) JSONSource() interface{} {
+func (l *jsonStringLoader) JSONSource() any {
return l.source
}
@@ -266,7 +266,7 @@ func NewStringLoader(source string) JSONLoader {
return &jsonStringLoader{source: source}
}
-func (l *jsonStringLoader) LoadJSON() (interface{}, error) {
+func (l *jsonStringLoader) LoadJSON() (any, error) {
return decodeJSONUsingNumber(strings.NewReader(l.JSONSource().(string)))
@@ -278,7 +278,7 @@ type jsonBytesLoader struct {
source []byte
}
-func (l *jsonBytesLoader) JSONSource() interface{} {
+func (l *jsonBytesLoader) JSONSource() any {
return l.source
}
@@ -295,18 +295,18 @@ func NewBytesLoader(source []byte) JSONLoader {
return &jsonBytesLoader{source: source}
}
-func (l *jsonBytesLoader) LoadJSON() (interface{}, error) {
+func (l *jsonBytesLoader) LoadJSON() (any, error) {
return decodeJSONUsingNumber(bytes.NewReader(l.JSONSource().([]byte)))
}
// JSON Go (types) loader
-// used to load JSONs from the code as maps, interface{}, structs ...
+// used to load JSONs from the code as maps, any, structs ...
type jsonGoLoader struct {
- source interface{}
+ source any
}
-func (l *jsonGoLoader) JSONSource() interface{} {
+func (l *jsonGoLoader) JSONSource() any {
return l.source
}
@@ -319,11 +319,11 @@ func (l *jsonGoLoader) LoaderFactory() JSONLoaderFactory {
}
// NewGoLoader creates a new JSONLoader from a given Go struct
-func NewGoLoader(source interface{}) JSONLoader {
+func NewGoLoader(source any) JSONLoader {
return &jsonGoLoader{source: source}
}
-func (l *jsonGoLoader) LoadJSON() (interface{}, error) {
+func (l *jsonGoLoader) LoadJSON() (any, error) {
// convert it to a compliant JSON first to avoid types "mismatches"
@@ -352,11 +352,11 @@ func NewWriterLoader(source io.Writer) (JSONLoader, io.Writer) {
return &jsonIOLoader{buf: buf}, io.MultiWriter(source, buf)
}
-func (l *jsonIOLoader) JSONSource() interface{} {
+func (l *jsonIOLoader) JSONSource() any {
return l.buf.String()
}
-func (l *jsonIOLoader) LoadJSON() (interface{}, error) {
+func (l *jsonIOLoader) LoadJSON() (any, error) {
return decodeJSONUsingNumber(l.buf)
}
@@ -369,21 +369,21 @@ func (l *jsonIOLoader) LoaderFactory() JSONLoaderFactory {
}
// JSON raw loader
-// In case the JSON is already marshalled to interface{} use this loader
+// In case the JSON is already marshalled to any use this loader
// This is used for testing as otherwise there is no guarantee the JSON is marshalled
// "properly" by using https://golang.org/pkg/encoding/json/#Decoder.UseNumber
type jsonRawLoader struct {
- source interface{}
+ source any
}
// NewRawLoader creates a new JSON raw loader for the given source
-func NewRawLoader(source interface{}) JSONLoader {
+func NewRawLoader(source any) JSONLoader {
return &jsonRawLoader{source: source}
}
-func (l *jsonRawLoader) JSONSource() interface{} {
+func (l *jsonRawLoader) JSONSource() any {
return l.source
}
-func (l *jsonRawLoader) LoadJSON() (interface{}, error) {
+func (l *jsonRawLoader) LoadJSON() (any, error) {
return l.source, nil
}
func (l *jsonRawLoader) JSONReference() (gojsonreference.JsonReference, error) {
@@ -393,9 +393,9 @@ func (l *jsonRawLoader) LoaderFactory() JSONLoaderFactory {
return &DefaultJSONLoaderFactory{}
}
-func decodeJSONUsingNumber(r io.Reader) (interface{}, error) {
+func decodeJSONUsingNumber(r io.Reader) (any, error) {
- var document interface{}
+ var document any
decoder := json.NewDecoder(r)
decoder.UseNumber()
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/result.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/result.go
index 8baff07179..0329721c20 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/result.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/result.go
@@ -33,7 +33,7 @@ import (
type (
// ErrorDetails is a map of details specific to each error.
// While the values will vary, every error will contain a "field" value
- ErrorDetails map[string]interface{}
+ ErrorDetails map[string]any
// ResultError is the interface that library errors must implement
ResultError interface {
@@ -57,9 +57,9 @@ type (
// DescriptionFormat returns the format for the description in the default text/template format
DescriptionFormat() string
// SetValue sets the value related to the error
- SetValue(interface{})
+ SetValue(any)
// Value returns the value related to the error
- Value() interface{}
+ Value() any
// SetDetails sets the details specific to the error
SetDetails(ErrorDetails)
// Details returns details about the error
@@ -76,7 +76,7 @@ type (
context *JSONContext // Tree like notation of the part that failed the validation. ex (root).a.b ...
description string // A human readable error message
descriptionFormat string // A format for human readable error message
- value interface{} // Value given by the JSON file that is the source of the error
+ value any // Value given by the JSON file that is the source of the error
details ErrorDetails
}
@@ -136,12 +136,12 @@ func (v *ResultErrorFields) DescriptionFormat() string {
}
// SetValue sets the value related to the error
-func (v *ResultErrorFields) SetValue(value interface{}) {
+func (v *ResultErrorFields) SetValue(value any) {
v.value = value
}
// Value returns the value related to the error
-func (v *ResultErrorFields) Value() interface{} {
+func (v *ResultErrorFields) Value() any {
return v.value
}
@@ -203,7 +203,7 @@ func (v *Result) AddError(err ResultError, details ErrorDetails) {
v.errors = append(v.errors, err)
}
-func (v *Result) addInternalError(err ResultError, context *JSONContext, value interface{}, details ErrorDetails) {
+func (v *Result) addInternalError(err ResultError, context *JSONContext, value any, details ErrorDetails) {
newError(err, context, value, Locale, details)
v.errors = append(v.errors, err)
v.score -= 2 // results in a net -1 when added to the +1 we get at the end of the validation function
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schema.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schema.go
index 8e035013c2..e8007ee2b6 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schema.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schema.go
@@ -58,7 +58,7 @@ type Schema struct {
ReferencePool *schemaReferencePool
}
-func (d *Schema) parse(document interface{}, draft Draft) error {
+func (d *Schema) parse(document any, draft Draft) error {
d.RootSchema = &SubSchema{Property: StringRootSchemaProperty, Draft: &draft}
return d.parseSchema(document, d.RootSchema)
}
@@ -73,7 +73,7 @@ func (d *Schema) SetRootSchemaName(name string) {
// Pretty long function ( sorry :) )... but pretty straight forward, repetitive and boring
// Not much magic involved here, most of the job is to validate the key names and their values,
// then the values are copied into SubSchema struct
-func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema) error {
+func (d *Schema) parseSchema(documentNode any, currentSchema *SubSchema) error {
if currentSchema.Draft == nil {
if currentSchema.Parent == nil {
@@ -90,7 +90,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
}
}
- m, isMap := documentNode.(map[string]interface{})
+ m, isMap := documentNode.(map[string]any)
if !isMap {
return errors.New(formatErrorDescription(
Locale.ParseError(),
@@ -146,10 +146,10 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
// definitions
if v, ok := m[KeyDefinitions]; ok {
switch mt := v.(type) {
- case map[string]interface{}:
+ case map[string]any:
for _, dv := range mt {
switch dv.(type) {
- case bool, map[string]interface{}:
+ case bool, map[string]any:
newSchema := &SubSchema{Property: KeyDefinitions, Parent: currentSchema}
err := d.parseSchema(dv, newSchema)
if err != nil {
@@ -203,7 +203,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
if err != nil {
return err
}
- case []interface{}:
+ case []any:
for _, typeInArray := range t {
s, isString := typeInArray.(string)
if !isString {
@@ -231,7 +231,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
switch v := additionalProperties.(type) {
case bool:
currentSchema.additionalProperties = v
- case map[string]interface{}:
+ case map[string]any:
newSchema := &SubSchema{Property: KeyAdditionalProperties, Parent: currentSchema, Ref: currentSchema.Ref}
currentSchema.additionalProperties = newSchema
err := d.parseSchema(v, newSchema)
@@ -270,7 +270,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
// propertyNames
if propertyNames, found := m[KeyPropertyNames]; found && *currentSchema.Draft >= Draft6 {
switch propertyNames.(type) {
- case bool, map[string]interface{}:
+ case bool, map[string]any:
newSchema := &SubSchema{Property: KeyPropertyNames, Parent: currentSchema, Ref: currentSchema.Ref}
currentSchema.propertyNames = newSchema
err := d.parseSchema(propertyNames, newSchema)
@@ -299,10 +299,10 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
// items
if items, found := m[KeyItems]; found {
switch i := items.(type) {
- case []interface{}:
+ case []any:
for _, itemElement := range i {
switch itemElement.(type) {
- case map[string]interface{}, bool:
+ case map[string]any, bool:
newSchema := &SubSchema{Parent: currentSchema, Property: KeyItems}
newSchema.Ref = currentSchema.Ref
currentSchema.ItemsChildren = append(currentSchema.ItemsChildren, newSchema)
@@ -315,7 +315,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
}
currentSchema.ItemsChildrenIsSingleSchema = false
}
- case map[string]interface{}, bool:
+ case map[string]any, bool:
newSchema := &SubSchema{Parent: currentSchema, Property: KeyItems}
newSchema.Ref = currentSchema.Ref
currentSchema.ItemsChildren = append(currentSchema.ItemsChildren, newSchema)
@@ -334,7 +334,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
switch i := additionalItems.(type) {
case bool:
currentSchema.additionalItems = i
- case map[string]interface{}:
+ case map[string]any:
newSchema := &SubSchema{Property: KeyAdditionalItems, Parent: currentSchema, Ref: currentSchema.Ref}
currentSchema.additionalItems = newSchema
err := d.parseSchema(additionalItems, newSchema)
@@ -717,7 +717,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
if vNot, found := m[KeyNot]; found {
switch vNot.(type) {
- case bool, map[string]interface{}:
+ case bool, map[string]any:
newSchema := &SubSchema{Property: KeyNot, Parent: currentSchema, Ref: currentSchema.Ref}
currentSchema.not = newSchema
err := d.parseSchema(vNot, newSchema)
@@ -735,7 +735,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
if *currentSchema.Draft >= Draft7 {
if vIf, found := m[KeyIf]; found {
switch vIf.(type) {
- case bool, map[string]interface{}:
+ case bool, map[string]any:
newSchema := &SubSchema{Property: KeyIf, Parent: currentSchema, Ref: currentSchema.Ref}
currentSchema._if = newSchema
err := d.parseSchema(vIf, newSchema)
@@ -752,7 +752,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
if then, found := m[KeyThen]; found {
switch then.(type) {
- case bool, map[string]interface{}:
+ case bool, map[string]any:
newSchema := &SubSchema{Property: KeyThen, Parent: currentSchema, Ref: currentSchema.Ref}
currentSchema._then = newSchema
err := d.parseSchema(then, newSchema)
@@ -769,7 +769,7 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
if vElse, found := m[KeyElse]; found {
switch vElse.(type) {
- case bool, map[string]interface{}:
+ case bool, map[string]any:
newSchema := &SubSchema{Property: KeyElse, Parent: currentSchema, Ref: currentSchema.Ref}
currentSchema._else = newSchema
err := d.parseSchema(vElse, newSchema)
@@ -788,9 +788,9 @@ func (d *Schema) parseSchema(documentNode interface{}, currentSchema *SubSchema)
return nil
}
-func (d *Schema) parseReference(_ interface{}, currentSchema *SubSchema) error {
+func (d *Schema) parseReference(_ any, currentSchema *SubSchema) error {
var (
- refdDocumentNode interface{}
+ refdDocumentNode any
dsp *schemaPoolDocument
err error
)
@@ -809,7 +809,7 @@ func (d *Schema) parseReference(_ interface{}, currentSchema *SubSchema) error {
newSchema.Draft = dsp.Draft
switch refdDocumentNode.(type) {
- case bool, map[string]interface{}:
+ case bool, map[string]any:
// expected
default:
return errors.New(formatErrorDescription(
@@ -829,8 +829,8 @@ func (d *Schema) parseReference(_ interface{}, currentSchema *SubSchema) error {
}
-func (d *Schema) parseProperties(documentNode interface{}, currentSchema *SubSchema) error {
- m, isMap := documentNode.(map[string]interface{})
+func (d *Schema) parseProperties(documentNode any, currentSchema *SubSchema) error {
+ m, isMap := documentNode.(map[string]any)
if !isMap {
return errors.New(formatErrorDescription(
Locale.MustBeOfType(),
@@ -851,19 +851,19 @@ func (d *Schema) parseProperties(documentNode interface{}, currentSchema *SubSch
return nil
}
-func (d *Schema) parseDependencies(documentNode interface{}, currentSchema *SubSchema) error {
- m, isMap := documentNode.(map[string]interface{})
+func (d *Schema) parseDependencies(documentNode any, currentSchema *SubSchema) error {
+ m, isMap := documentNode.(map[string]any)
if !isMap {
return errors.New(formatErrorDescription(
Locale.MustBeOfType(),
ErrorDetails{"key": KeyDependencies, "type": TypeObject},
))
}
- currentSchema.dependencies = make(map[string]interface{})
+ currentSchema.dependencies = make(map[string]any)
for k := range m {
switch values := m[k].(type) {
- case []interface{}:
+ case []any:
var valuesToRegister []string
for _, value := range values {
str, isString := value.(string)
@@ -880,7 +880,7 @@ func (d *Schema) parseDependencies(documentNode interface{}, currentSchema *SubS
currentSchema.dependencies[k] = valuesToRegister
}
- case bool, map[string]interface{}:
+ case bool, map[string]any:
depSchema := &SubSchema{Property: k, Parent: currentSchema, Ref: currentSchema.Ref}
err := d.parseSchema(m[k], depSchema)
if err != nil {
@@ -913,7 +913,7 @@ func invalidType(expected, given string) error {
))
}
-func getString(m map[string]interface{}, key string) (*string, error) {
+func getString(m map[string]any, key string) (*string, error) {
v, found := m[key]
if !found {
// not found
@@ -927,13 +927,13 @@ func getString(m map[string]interface{}, key string) (*string, error) {
return &s, nil
}
-func getMap(m map[string]interface{}, key string) (map[string]interface{}, error) {
+func getMap(m map[string]any, key string) (map[string]any, error) {
v, found := m[key]
if !found {
// not found
return nil, nil
}
- s, isMap := v.(map[string]interface{})
+ s, isMap := v.(map[string]any)
if !isMap {
// wrong type
return nil, invalidType(StringSchema, key)
@@ -941,12 +941,12 @@ func getMap(m map[string]interface{}, key string) (map[string]interface{}, error
return s, nil
}
-func getSlice(m map[string]interface{}, key string) ([]interface{}, error) {
+func getSlice(m map[string]any, key string) ([]any, error) {
v, found := m[key]
if !found {
return nil, nil
}
- s, isArray := v.([]interface{})
+ s, isArray := v.([]any)
if !isArray {
return nil, errors.New(formatErrorDescription(
Locale.MustBeOfAn(),
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaLoader.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaLoader.go
index 8cc6dc03b8..88caa65de2 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaLoader.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaLoader.go
@@ -45,7 +45,7 @@ func NewSchemaLoader() *SchemaLoader {
return ps
}
-func (sl *SchemaLoader) validateMetaschema(documentNode interface{}) error {
+func (sl *SchemaLoader) validateMetaschema(documentNode any) error {
var (
schema string
@@ -158,7 +158,7 @@ func (sl *SchemaLoader) Compile(rootSchema JSONLoader) (*Schema, error) {
d.DocumentReference = ref
d.ReferencePool = newSchemaReferencePool()
- var doc interface{}
+ var doc any
if ref.String() != "" {
// Get document from schema pool
spd, err := d.Pool.GetDocument(d.DocumentReference)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaPool.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaPool.go
index ed8ff688b5..513f8df2cc 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaPool.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaPool.go
@@ -34,7 +34,7 @@ import (
)
type schemaPoolDocument struct {
- Document interface{}
+ Document any
Draft *Draft
}
@@ -44,7 +44,7 @@ type schemaPool struct {
autoDetect *bool
}
-func (p *schemaPool) parseReferences(document interface{}, ref gojsonreference.JsonReference, pooled bool) error {
+func (p *schemaPool) parseReferences(document any, ref gojsonreference.JsonReference, pooled bool) error {
var (
draft *Draft
@@ -72,7 +72,7 @@ func (p *schemaPool) parseReferences(document interface{}, ref gojsonreference.J
return err
}
-func (p *schemaPool) parseReferencesRecursive(document interface{}, ref gojsonreference.JsonReference, draft *Draft) error {
+func (p *schemaPool) parseReferencesRecursive(document any, ref gojsonreference.JsonReference, draft *Draft) error {
// parseReferencesRecursive parses a JSON document and resolves all $id and $ref references.
// For $ref references it takes into account the $id scope it is in and replaces
// the reference by the absolute resolved reference
@@ -80,14 +80,14 @@ func (p *schemaPool) parseReferencesRecursive(document interface{}, ref gojsonre
// When encountering errors it fails silently. Error handling is done when the schema
// is syntactically parsed and any error encountered here should also come up there.
switch m := document.(type) {
- case []interface{}:
+ case []any:
for _, v := range m {
err := p.parseReferencesRecursive(v, ref, draft)
if err != nil {
return err
}
}
- case map[string]interface{}:
+ case map[string]any:
localRef := &ref
keyID := KeyIDNew
@@ -129,7 +129,7 @@ func (p *schemaPool) parseReferencesRecursive(document interface{}, ref gojsonre
// Something like a property or a dependency is not a valid schema, as it might describe properties named "$ref", "$id" or "const", etc
// Therefore don't treat it like a schema.
if k == KeyProperties || k == KeyDependencies || k == KeyPatternProperties {
- if child, ok := v.(map[string]interface{}); ok {
+ if child, ok := v.(map[string]any); ok {
for _, v := range child {
err := p.parseReferencesRecursive(v, *localRef, draft)
if err != nil {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaReferencePool.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaReferencePool.go
index 876419f56c..515702095b 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaReferencePool.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaReferencePool.go
@@ -25,10 +25,6 @@
package gojsonschema
-import (
- "fmt"
-)
-
type schemaReferencePool struct {
documents map[string]*SubSchema
}
@@ -44,7 +40,7 @@ func newSchemaReferencePool() *schemaReferencePool {
func (p *schemaReferencePool) Get(ref string) (r *SubSchema, o bool) {
if internalLogEnabled {
- internalLog(fmt.Sprintf("Schema Reference ( %s )", ref))
+ internalLog("Schema Reference ( %s )", ref)
}
if sch, ok := p.documents[ref]; ok {
@@ -60,7 +56,7 @@ func (p *schemaReferencePool) Get(ref string) (r *SubSchema, o bool) {
func (p *schemaReferencePool) Add(ref string, sch *SubSchema) {
if internalLogEnabled {
- internalLog(fmt.Sprintf("Add Schema Reference %s to pool", ref))
+ internalLog("Add Schema Reference %s to pool", ref)
}
if _, ok := p.documents[ref]; !ok {
p.documents[ref] = sch
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaType.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaType.go
index 271832d334..4abcc6814e 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaType.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/schemaType.go
@@ -28,6 +28,7 @@ package gojsonschema
import (
"errors"
"fmt"
+ "slices"
"strings"
)
@@ -58,13 +59,7 @@ func (t *jsonSchemaType) Add(etype string) error {
func (t *jsonSchemaType) Contains(etype string) bool {
- for _, v := range t.types {
- if v == etype {
- return true
- }
- }
-
- return false
+ return slices.Contains(t.types, etype)
}
func (t *jsonSchemaType) String() string {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/subSchema.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/subSchema.go
index d8bc0cb568..b7ceb3136e 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/subSchema.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/subSchema.go
@@ -123,8 +123,8 @@ type SubSchema struct {
maxProperties *int
required []string
- dependencies map[string]interface{}
- additionalProperties interface{}
+ dependencies map[string]any
+ additionalProperties any
patternProperties map[string]*SubSchema
propertyNames *SubSchema
@@ -134,7 +134,7 @@ type SubSchema struct {
uniqueItems bool
contains *SubSchema
- additionalItems interface{}
+ additionalItems any
// validation : all
_const *string //const is a golang keyword
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/utils.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/utils.go
index fd0f1870f9..ca071930f2 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/utils.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/utils.go
@@ -29,18 +29,14 @@ package gojsonschema
import (
"encoding/json"
"math/big"
+ "slices"
)
func isStringInSlice(s []string, what string) bool {
- for i := range s {
- if s[i] == what {
- return true
- }
- }
- return false
+ return slices.Contains(s, what)
}
-func marshalToJSONString(value interface{}) (*string, error) {
+func marshalToJSONString(value any) (*string, error) {
mBytes, err := json.Marshal(value)
if err != nil {
@@ -51,7 +47,7 @@ func marshalToJSONString(value interface{}) (*string, error) {
return &sBytes, nil
}
-func marshalWithoutNumber(value interface{}) (*string, error) {
+func marshalWithoutNumber(value any) (*string, error) {
// The JSON is decoded using https://golang.org/pkg/encoding/json/#Decoder.UseNumber
// This means the numbers are internally still represented as strings and therefore 1.00 is unequal to 1
@@ -63,7 +59,7 @@ func marshalWithoutNumber(value interface{}) (*string, error) {
return nil, err
}
- var document interface{}
+ var document any
err = json.Unmarshal([]byte(*jsonString), &document)
if err != nil {
@@ -73,7 +69,7 @@ func marshalWithoutNumber(value interface{}) (*string, error) {
return marshalToJSONString(document)
}
-func isJSONNumber(what interface{}) bool {
+func isJSONNumber(what any) bool {
switch what.(type) {
@@ -84,7 +80,7 @@ func isJSONNumber(what interface{}) bool {
return false
}
-func checkJSONInteger(what interface{}) (isInt bool) {
+func checkJSONInteger(what any) (isInt bool) {
jsonNumber := what.(json.Number)
@@ -100,7 +96,7 @@ const (
minJSONFloat = -float64(1<<53 - 1) //-9007199254740991.0 -2^53 - 1
)
-func mustBeInteger(what interface{}) *int {
+func mustBeInteger(what any) *int {
number, ok := what.(json.Number)
if !ok {
return nil
@@ -123,7 +119,7 @@ func mustBeInteger(what interface{}) *int {
return &int32Value
}
-func mustBeNumber(what interface{}) *big.Rat {
+func mustBeNumber(what any) *big.Rat {
number, ok := what.(json.Number)
if !ok {
return nil
@@ -136,11 +132,11 @@ func mustBeNumber(what interface{}) *big.Rat {
return nil
}
-func convertDocumentNode(val interface{}) interface{} {
+func convertDocumentNode(val any) any {
- if lval, ok := val.([]interface{}); ok {
+ if lval, ok := val.([]any); ok {
- res := []interface{}{}
+ res := []any{}
for _, v := range lval {
res = append(res, convertDocumentNode(v))
}
@@ -149,9 +145,9 @@ func convertDocumentNode(val interface{}) interface{} {
}
- if mval, ok := val.(map[interface{}]interface{}); ok {
+ if mval, ok := val.(map[any]any); ok {
- res := map[string]interface{}{}
+ res := map[string]any{}
for k, v := range mval {
res[k.(string)] = convertDocumentNode(v)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/validation.go b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/validation.go
index 7c86e37245..e33a0f3d27 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/validation.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/validation.go
@@ -54,21 +54,21 @@ func (v *Schema) Validate(l JSONLoader) (*Result, error) {
return v.validateDocument(root), nil
}
-func (v *Schema) validateDocument(root interface{}) *Result {
+func (v *Schema) validateDocument(root any) *Result {
result := &Result{}
context := NewJSONContext(StringContextRoot, nil)
v.RootSchema.validateRecursive(v.RootSchema, root, result, context)
return result
}
-func (v *SubSchema) subValidateWithContext(document interface{}, context *JSONContext) *Result {
+func (v *SubSchema) subValidateWithContext(document any, context *JSONContext) *Result {
result := &Result{}
v.validateRecursive(v, document, result, context)
return result
}
// Walker function to validate the json recursively against the SubSchema
-func (v *SubSchema) validateRecursive(currentSubSchema *SubSchema, currentNode interface{}, result *Result, context *JSONContext) {
+func (v *SubSchema) validateRecursive(currentSubSchema *SubSchema, currentNode any, result *Result, context *JSONContext) {
if internalLogEnabled {
internalLog("validateRecursive %s", context.String())
@@ -167,7 +167,7 @@ func (v *SubSchema) validateRecursive(currentSubSchema *SubSchema, currentNode i
return
}
- castCurrentNode := currentNode.([]interface{})
+ castCurrentNode := currentNode.([]any)
currentSubSchema.validateSchema(currentSubSchema, castCurrentNode, result, context)
@@ -190,9 +190,9 @@ func (v *SubSchema) validateRecursive(currentSubSchema *SubSchema, currentNode i
return
}
- castCurrentNode, ok := currentNode.(map[string]interface{})
+ castCurrentNode, ok := currentNode.(map[string]any)
if !ok {
- castCurrentNode = convertDocumentNode(currentNode).(map[string]interface{})
+ castCurrentNode = convertDocumentNode(currentNode).(map[string]any)
}
currentSubSchema.validateSchema(currentSubSchema, castCurrentNode, result, context)
@@ -264,7 +264,7 @@ func (v *SubSchema) validateRecursive(currentSubSchema *SubSchema, currentNode i
}
// Different kinds of validation there, SubSchema / common / array / object / string...
-func (v *SubSchema) validateSchema(currentSubSchema *SubSchema, currentNode interface{}, result *Result, context *JSONContext) {
+func (v *SubSchema) validateSchema(currentSubSchema *SubSchema, currentNode any, result *Result, context *JSONContext) {
if internalLogEnabled {
internalLog("validateSchema %s", context.String())
@@ -348,15 +348,15 @@ func (v *SubSchema) validateSchema(currentSubSchema *SubSchema, currentNode inte
}
}
- if currentSubSchema.dependencies != nil && len(currentSubSchema.dependencies) > 0 {
- if currentNodeMap, ok := currentNode.(map[string]interface{}); ok {
+ if len(currentSubSchema.dependencies) > 0 {
+ if currentNodeMap, ok := currentNode.(map[string]any); ok {
for elementKey := range currentNodeMap {
if dependency, ok := currentSubSchema.dependencies[elementKey]; ok {
switch dependency := dependency.(type) {
case []string:
for _, dependOnKey := range dependency {
- if _, dependencyResolved := currentNode.(map[string]interface{})[dependOnKey]; !dependencyResolved {
+ if _, dependencyResolved := currentNode.(map[string]any)[dependOnKey]; !dependencyResolved {
result.addInternalError(
new(MissingDependencyError),
context,
@@ -395,7 +395,7 @@ func (v *SubSchema) validateSchema(currentSubSchema *SubSchema, currentNode inte
result.incrementScore()
}
-func (v *SubSchema) validateCommon(currentSubSchema *SubSchema, value interface{}, result *Result, context *JSONContext) {
+func (v *SubSchema) validateCommon(currentSubSchema *SubSchema, value any, result *Result, context *JSONContext) {
if internalLogEnabled {
internalLog("validateCommon %s", context.String())
@@ -452,7 +452,7 @@ func (v *SubSchema) validateCommon(currentSubSchema *SubSchema, value interface{
result.incrementScore()
}
-func (v *SubSchema) validateArray(currentSubSchema *SubSchema, value []interface{}, result *Result, context *JSONContext) {
+func (v *SubSchema) validateArray(currentSubSchema *SubSchema, value []any, result *Result, context *JSONContext) {
if internalLogEnabled {
internalLog("validateArray %s", context.String())
@@ -469,7 +469,7 @@ func (v *SubSchema) validateArray(currentSubSchema *SubSchema, value []interface
result.mergeErrors(validationResult)
}
} else {
- if currentSubSchema.ItemsChildren != nil && len(currentSubSchema.ItemsChildren) > 0 {
+ if len(currentSubSchema.ItemsChildren) > 0 {
nbItems := len(currentSubSchema.ItemsChildren)
@@ -578,7 +578,7 @@ func (v *SubSchema) validateArray(currentSubSchema *SubSchema, value []interface
result.incrementScore()
}
-func (v *SubSchema) validateObject(currentSubSchema *SubSchema, value map[string]interface{}, result *Result, context *JSONContext) {
+func (v *SubSchema) validateObject(currentSubSchema *SubSchema, value map[string]any, result *Result, context *JSONContext) {
if internalLogEnabled {
internalLog("validateObject %s", context.String())
@@ -675,7 +675,7 @@ func (v *SubSchema) validateObject(currentSubSchema *SubSchema, value map[string
result.incrementScore()
}
-func (v *SubSchema) validatePatternProperty(currentSubSchema *SubSchema, key string, value interface{}, result *Result, context *JSONContext) bool {
+func (v *SubSchema) validatePatternProperty(currentSubSchema *SubSchema, key string, value any, result *Result, context *JSONContext) bool {
if internalLogEnabled {
internalLog("validatePatternProperty %s", context.String())
@@ -701,7 +701,7 @@ func (v *SubSchema) validatePatternProperty(currentSubSchema *SubSchema, key str
return true
}
-func (v *SubSchema) validateString(currentSubSchema *SubSchema, value interface{}, result *Result, context *JSONContext) {
+func (v *SubSchema) validateString(currentSubSchema *SubSchema, value any, result *Result, context *JSONContext) {
// Ignore JSON numbers
stringValue, isString := value.(string)
@@ -752,7 +752,7 @@ func (v *SubSchema) validateString(currentSubSchema *SubSchema, value interface{
result.incrementScore()
}
-func (v *SubSchema) validateNumber(currentSubSchema *SubSchema, value interface{}, result *Result, context *JSONContext) {
+func (v *SubSchema) validateNumber(currentSubSchema *SubSchema, value any, result *Result, context *JSONContext) {
// Ignore non numbers
number, isNumber := value.(json.Number)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/prelude.graphql b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/prelude.graphql
deleted file mode 100644
index bdca0096a5..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/prelude.graphql
+++ /dev/null
@@ -1,121 +0,0 @@
-# This file defines all the implicitly declared types that are required by the graphql spec. It is implicitly included by calls to LoadSchema
-
-"The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1."
-scalar Int
-
-"The `Float` scalar type represents signed double-precision fractional values as specified by [IEEE 754](http://en.wikipedia.org/wiki/IEEE_floating_point)."
-scalar Float
-
-"The `String`scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text."
-scalar String
-
-"The `Boolean` scalar type represents `true` or `false`."
-scalar Boolean
-
-"""The `ID` scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID."""
-scalar ID
-
-"The @include directive may be provided for fields, fragment spreads, and inline fragments, and allows for conditional inclusion during execution as described by the if argument."
-directive @include(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT
-
-"The @skip directive may be provided for fields, fragment spreads, and inline fragments, and allows for conditional exclusion during execution as described by the if argument."
-directive @skip(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT
-
-"The @deprecated built-in directive is used within the type system definition language to indicate deprecated portions of a GraphQL service's schema, such as deprecated fields on a type, arguments on a field, input fields on an input type, or values of an enum type."
-directive @deprecated(reason: String = "No longer supported") on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | ENUM_VALUE
-
-"The @specifiedBy built-in directive is used within the type system definition language to provide a scalar specification URL for specifying the behavior of custom scalar types."
-directive @specifiedBy(url: String!) on SCALAR
-
-type __Schema {
- description: String
- types: [__Type!]!
- queryType: __Type!
- mutationType: __Type
- subscriptionType: __Type
- directives: [__Directive!]!
-}
-
-type __Type {
- kind: __TypeKind!
- name: String
- description: String
- # must be non-null for OBJECT and INTERFACE, otherwise null.
- fields(includeDeprecated: Boolean = false): [__Field!]
- # must be non-null for OBJECT and INTERFACE, otherwise null.
- interfaces: [__Type!]
- # must be non-null for INTERFACE and UNION, otherwise null.
- possibleTypes: [__Type!]
- # must be non-null for ENUM, otherwise null.
- enumValues(includeDeprecated: Boolean = false): [__EnumValue!]
- # must be non-null for INPUT_OBJECT, otherwise null.
- inputFields: [__InputValue!]
- # must be non-null for NON_NULL and LIST, otherwise null.
- ofType: __Type
- # may be non-null for custom SCALAR, otherwise null.
- specifiedByURL: String
-}
-
-type __Field {
- name: String!
- description: String
- args: [__InputValue!]!
- type: __Type!
- isDeprecated: Boolean!
- deprecationReason: String
-}
-
-type __InputValue {
- name: String!
- description: String
- type: __Type!
- defaultValue: String
-}
-
-type __EnumValue {
- name: String!
- description: String
- isDeprecated: Boolean!
- deprecationReason: String
-}
-
-enum __TypeKind {
- SCALAR
- OBJECT
- INTERFACE
- UNION
- ENUM
- INPUT_OBJECT
- LIST
- NON_NULL
-}
-
-type __Directive {
- name: String!
- description: String
- locations: [__DirectiveLocation!]!
- args: [__InputValue!]!
- isRepeatable: Boolean!
-}
-
-enum __DirectiveLocation {
- QUERY
- MUTATION
- SUBSCRIPTION
- FIELD
- FRAGMENT_DEFINITION
- FRAGMENT_SPREAD
- INLINE_FRAGMENT
- VARIABLE_DEFINITION
- SCHEMA
- SCALAR
- OBJECT
- FIELD_DEFINITION
- ARGUMENT_DEFINITION
- INTERFACE
- UNION
- ENUM
- ENUM_VALUE
- INPUT_OBJECT
- INPUT_FIELD_DEFINITION
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_argument_names.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_argument_names.go
deleted file mode 100644
index 36b2d057c9..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_argument_names.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("KnownArgumentNames", func(observers *Events, addError AddErrFunc) {
- // A GraphQL field is only valid if all supplied arguments are defined by that field.
- observers.OnField(func(_ *Walker, field *ast.Field) {
- if field.Definition == nil || field.ObjectDefinition == nil {
- return
- }
- for _, arg := range field.Arguments {
- def := field.Definition.Arguments.ForName(arg.Name)
- if def != nil {
- continue
- }
-
- var suggestions []string
- for _, argDef := range field.Definition.Arguments {
- suggestions = append(suggestions, argDef.Name)
- }
-
- addError(
- Message(`Unknown argument "%s" on field "%s.%s".`, arg.Name, field.ObjectDefinition.Name, field.Name),
- SuggestListQuoted("Did you mean", arg.Name, suggestions),
- At(field.Position),
- )
- }
- })
-
- observers.OnDirective(func(_ *Walker, directive *ast.Directive) {
- if directive.Definition == nil {
- return
- }
- for _, arg := range directive.Arguments {
- def := directive.Definition.Arguments.ForName(arg.Name)
- if def != nil {
- continue
- }
-
- var suggestions []string
- for _, argDef := range directive.Definition.Arguments {
- suggestions = append(suggestions, argDef.Name)
- }
-
- addError(
- Message(`Unknown argument "%s" on directive "@%s".`, arg.Name, directive.Name),
- SuggestListQuoted("Did you mean", arg.Name, suggestions),
- At(directive.Position),
- )
- }
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_fragment_names.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_fragment_names.go
deleted file mode 100644
index 8ae1fc33f4..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_fragment_names.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("KnownFragmentNames", func(observers *Events, addError AddErrFunc) {
- observers.OnFragmentSpread(func(_ *Walker, fragmentSpread *ast.FragmentSpread) {
- if fragmentSpread.Definition == nil {
- addError(
- Message(`Unknown fragment "%s".`, fragmentSpread.Name),
- At(fragmentSpread.Position),
- )
- }
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_type_names.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_type_names.go
deleted file mode 100644
index aa9809be34..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_type_names.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("KnownTypeNames", func(observers *Events, addError AddErrFunc) {
- observers.OnVariable(func(walker *Walker, variable *ast.VariableDefinition) {
- typeName := variable.Type.Name()
- typdef := walker.Schema.Types[typeName]
- if typdef != nil {
- return
- }
-
- addError(
- Message(`Unknown type "%s".`, typeName),
- At(variable.Position),
- )
- })
-
- observers.OnInlineFragment(func(walker *Walker, inlineFragment *ast.InlineFragment) {
- typedName := inlineFragment.TypeCondition
- if typedName == "" {
- return
- }
-
- def := walker.Schema.Types[typedName]
- if def != nil {
- return
- }
-
- addError(
- Message(`Unknown type "%s".`, typedName),
- At(inlineFragment.Position),
- )
- })
-
- observers.OnFragment(func(walker *Walker, fragment *ast.FragmentDefinition) {
- typeName := fragment.TypeCondition
- def := walker.Schema.Types[typeName]
- if def != nil {
- return
- }
-
- var possibleTypes []string
- for _, t := range walker.Schema.Types {
- possibleTypes = append(possibleTypes, t.Name)
- }
-
- addError(
- Message(`Unknown type "%s".`, typeName),
- SuggestListQuoted("Did you mean", typeName, possibleTypes),
- At(fragment.Position),
- )
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/lone_anonymous_operation.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/lone_anonymous_operation.go
deleted file mode 100644
index 2af7b5a038..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/lone_anonymous_operation.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("LoneAnonymousOperation", func(observers *Events, addError AddErrFunc) {
- observers.OnOperation(func(walker *Walker, operation *ast.OperationDefinition) {
- if operation.Name == "" && len(walker.Document.Operations) > 1 {
- addError(
- Message(`This anonymous operation must be the only defined operation.`),
- At(operation.Position),
- )
- }
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_unused_fragments.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_unused_fragments.go
deleted file mode 100644
index f6ba046a1c..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_unused_fragments.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("NoUnusedFragments", func(observers *Events, addError AddErrFunc) {
-
- inFragmentDefinition := false
- fragmentNameUsed := make(map[string]bool)
-
- observers.OnFragmentSpread(func(_ *Walker, fragmentSpread *ast.FragmentSpread) {
- if !inFragmentDefinition {
- fragmentNameUsed[fragmentSpread.Name] = true
- }
- })
-
- observers.OnFragment(func(_ *Walker, fragment *ast.FragmentDefinition) {
- inFragmentDefinition = true
- if !fragmentNameUsed[fragment.Name] {
- addError(
- Message(`Fragment "%s" is never used.`, fragment.Name),
- At(fragment.Position),
- )
- }
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_unused_variables.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_unused_variables.go
deleted file mode 100644
index 163ac895b5..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_unused_variables.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("NoUnusedVariables", func(observers *Events, addError AddErrFunc) {
- observers.OnOperation(func(_ *Walker, operation *ast.OperationDefinition) {
- for _, varDef := range operation.VariableDefinitions {
- if varDef.Used {
- continue
- }
-
- if operation.Name != "" {
- addError(
- Message(`Variable "$%s" is never used in operation "%s".`, varDef.Variable, operation.Name),
- At(varDef.Position),
- )
- } else {
- addError(
- Message(`Variable "$%s" is never used.`, varDef.Variable),
- At(varDef.Position),
- )
- }
- }
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_argument_names.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_argument_names.go
deleted file mode 100644
index 7458c5f6cb..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_argument_names.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("UniqueArgumentNames", func(observers *Events, addError AddErrFunc) {
- observers.OnField(func(_ *Walker, field *ast.Field) {
- checkUniqueArgs(field.Arguments, addError)
- })
-
- observers.OnDirective(func(_ *Walker, directive *ast.Directive) {
- checkUniqueArgs(directive.Arguments, addError)
- })
- })
-}
-
-func checkUniqueArgs(args ast.ArgumentList, addError AddErrFunc) {
- knownArgNames := map[string]int{}
-
- for _, arg := range args {
- if knownArgNames[arg.Name] == 1 {
- addError(
- Message(`There can be only one argument named "%s".`, arg.Name),
- At(arg.Position),
- )
- }
-
- knownArgNames[arg.Name]++
- }
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_directives_per_location.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_directives_per_location.go
deleted file mode 100644
index ecf5a0a82e..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_directives_per_location.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("UniqueDirectivesPerLocation", func(observers *Events, addError AddErrFunc) {
- observers.OnDirectiveList(func(_ *Walker, directives []*ast.Directive) {
- seen := map[string]bool{}
-
- for _, dir := range directives {
- if dir.Name != "repeatable" && seen[dir.Name] {
- addError(
- Message(`The directive "@%s" can only be used once at this location.`, dir.Name),
- At(dir.Position),
- )
- }
- seen[dir.Name] = true
- }
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_fragment_names.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_fragment_names.go
deleted file mode 100644
index c94f3ad27c..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_fragment_names.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("UniqueFragmentNames", func(observers *Events, addError AddErrFunc) {
- seenFragments := map[string]bool{}
-
- observers.OnFragment(func(_ *Walker, fragment *ast.FragmentDefinition) {
- if seenFragments[fragment.Name] {
- addError(
- Message(`There can be only one fragment named "%s".`, fragment.Name),
- At(fragment.Position),
- )
- }
- seenFragments[fragment.Name] = true
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_input_field_names.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_input_field_names.go
deleted file mode 100644
index a93d63bd1e..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_input_field_names.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("UniqueInputFieldNames", func(observers *Events, addError AddErrFunc) {
- observers.OnValue(func(_ *Walker, value *ast.Value) {
- if value.Kind != ast.ObjectValue {
- return
- }
-
- seen := map[string]bool{}
- for _, field := range value.Children {
- if seen[field.Name] {
- addError(
- Message(`There can be only one input field named "%s".`, field.Name),
- At(field.Position),
- )
- }
- seen[field.Name] = true
- }
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_operation_names.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_operation_names.go
deleted file mode 100644
index dcd404dadf..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_operation_names.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("UniqueOperationNames", func(observers *Events, addError AddErrFunc) {
- seen := map[string]bool{}
-
- observers.OnOperation(func(_ *Walker, operation *ast.OperationDefinition) {
- if seen[operation.Name] {
- addError(
- Message(`There can be only one operation named "%s".`, operation.Name),
- At(operation.Position),
- )
- }
- seen[operation.Name] = true
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_variable_names.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_variable_names.go
deleted file mode 100644
index 7a214dbe4c..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/unique_variable_names.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("UniqueVariableNames", func(observers *Events, addError AddErrFunc) {
- observers.OnOperation(func(_ *Walker, operation *ast.OperationDefinition) {
- seen := map[string]int{}
- for _, def := range operation.VariableDefinitions {
- // add the same error only once per a variable.
- if seen[def.Variable] == 1 {
- addError(
- Message(`There can be only one variable named "$%s".`, def.Variable),
- At(def.Position),
- )
- }
- seen[def.Variable]++
- }
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/values_of_correct_type.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/values_of_correct_type.go
deleted file mode 100644
index 8858023d4e..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/values_of_correct_type.go
+++ /dev/null
@@ -1,170 +0,0 @@
-package validator
-
-import (
- "errors"
- "fmt"
- "strconv"
-
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("ValuesOfCorrectType", func(observers *Events, addError AddErrFunc) {
- observers.OnValue(func(_ *Walker, value *ast.Value) {
- if value.Definition == nil || value.ExpectedType == nil {
- return
- }
-
- if value.Kind == ast.NullValue && value.ExpectedType.NonNull {
- addError(
- Message(`Expected value of type "%s", found %s.`, value.ExpectedType.String(), value.String()),
- At(value.Position),
- )
- }
-
- if value.Definition.Kind == ast.Scalar {
- // Skip custom validating scalars
- if !value.Definition.OneOf("Int", "Float", "String", "Boolean", "ID") {
- return
- }
- }
-
- var possibleEnums []string
- if value.Definition.Kind == ast.Enum {
- for _, val := range value.Definition.EnumValues {
- possibleEnums = append(possibleEnums, val.Name)
- }
- }
-
- rawVal, err := value.Value(nil)
- if err != nil {
- unexpectedTypeMessage(addError, value)
- }
-
- switch value.Kind {
- case ast.NullValue:
- return
- case ast.ListValue:
- if value.ExpectedType.Elem == nil {
- unexpectedTypeMessage(addError, value)
- return
- }
-
- case ast.IntValue:
- if !value.Definition.OneOf("Int", "Float", "ID") {
- unexpectedTypeMessage(addError, value)
- }
-
- case ast.FloatValue:
- if !value.Definition.OneOf("Float") {
- unexpectedTypeMessage(addError, value)
- }
-
- case ast.StringValue, ast.BlockValue:
- if value.Definition.Kind == ast.Enum {
- rawValStr := fmt.Sprint(rawVal)
- addError(
- Message(`Enum "%s" cannot represent non-enum value: %s.`, value.ExpectedType.String(), value.String()),
- SuggestListQuoted("Did you mean the enum value", rawValStr, possibleEnums),
- At(value.Position),
- )
- } else if !value.Definition.OneOf("String", "ID") {
- unexpectedTypeMessage(addError, value)
- }
-
- case ast.EnumValue:
- if value.Definition.Kind != ast.Enum {
- rawValStr := fmt.Sprint(rawVal)
- addError(
- unexpectedTypeMessageOnly(value),
- SuggestListUnquoted("Did you mean the enum value", rawValStr, possibleEnums),
- At(value.Position),
- )
- } else if value.Definition.EnumValues.ForName(value.Raw) == nil {
- rawValStr := fmt.Sprint(rawVal)
- addError(
- Message(`Value "%s" does not exist in "%s" enum.`, value.String(), value.ExpectedType.String()),
- SuggestListQuoted("Did you mean the enum value", rawValStr, possibleEnums),
- At(value.Position),
- )
- }
-
- case ast.BooleanValue:
- if !value.Definition.OneOf("Boolean") {
- unexpectedTypeMessage(addError, value)
- }
-
- case ast.ObjectValue:
-
- for _, field := range value.Definition.Fields {
- if field.Type.NonNull {
- fieldValue := value.Children.ForName(field.Name)
- if fieldValue == nil && field.DefaultValue == nil {
- addError(
- Message(`Field "%s.%s" of required type "%s" was not provided.`, value.Definition.Name, field.Name, field.Type.String()),
- At(value.Position),
- )
- continue
- }
- }
- }
-
- for _, fieldValue := range value.Children {
- if value.Definition.Fields.ForName(fieldValue.Name) == nil {
- var suggestions []string
- for _, fieldValue := range value.Definition.Fields {
- suggestions = append(suggestions, fieldValue.Name)
- }
-
- addError(
- Message(`Field "%s" is not defined by type "%s".`, fieldValue.Name, value.Definition.Name),
- SuggestListQuoted("Did you mean", fieldValue.Name, suggestions),
- At(fieldValue.Position),
- )
- }
- }
-
- case ast.Variable:
- return
-
- default:
- panic(fmt.Errorf("unhandled %T", value))
- }
- })
- })
-}
-
-func unexpectedTypeMessage(addError AddErrFunc, v *ast.Value) {
- addError(
- unexpectedTypeMessageOnly(v),
- At(v.Position),
- )
-}
-
-func unexpectedTypeMessageOnly(v *ast.Value) ErrorOption {
- switch v.ExpectedType.String() {
- case "Int", "Int!":
- if _, err := strconv.ParseInt(v.Raw, 10, 32); err != nil && errors.Is(err, strconv.ErrRange) {
- return Message(`Int cannot represent non 32-bit signed integer value: %s`, v.String())
- }
- return Message(`Int cannot represent non-integer value: %s`, v.String())
- case "String", "String!", "[String]":
- return Message(`String cannot represent a non string value: %s`, v.String())
- case "Boolean", "Boolean!":
- return Message(`Boolean cannot represent a non boolean value: %s`, v.String())
- case "Float", "Float!":
- return Message(`Float cannot represent non numeric value: %s`, v.String())
- case "ID", "ID!":
- return Message(`ID cannot represent a non-string and non-integer value: %s`, v.String())
- //case "Enum":
- // return Message(`Enum "%s" cannot represent non-enum value: %s`, v.ExpectedType.String(), v.String())
- default:
- if v.Definition.Kind == ast.Enum {
- return Message(`Enum "%s" cannot represent non-enum value: %s.`, v.ExpectedType.String(), v.String())
- }
- return Message(`Expected value of type "%s", found %s.`, v.ExpectedType.String(), v.String())
- }
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/variables_are_input_types.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/variables_are_input_types.go
deleted file mode 100644
index ea4dfcc5ab..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/variables_are_input_types.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package validator
-
-import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
-)
-
-func init() {
- AddRule("VariablesAreInputTypes", func(observers *Events, addError AddErrFunc) {
- observers.OnOperation(func(_ *Walker, operation *ast.OperationDefinition) {
- for _, def := range operation.VariableDefinitions {
- if def.Definition == nil {
- continue
- }
- if !def.Definition.IsInputType() {
- addError(
- Message(
- `Variable "$%s" cannot be non-input type "%s".`,
- def.Variable,
- def.Type.String(),
- ),
- At(def.Position),
- )
- }
- }
- })
- })
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/validator.go b/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/validator.go
deleted file mode 100644
index 05f5b91669..0000000000
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/validator.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package validator
-
-import (
- //nolint:revive
- . "github.com/open-policy-agent/opa/internal/gqlparser/ast"
- "github.com/open-policy-agent/opa/internal/gqlparser/gqlerror"
-)
-
-type AddErrFunc func(options ...ErrorOption)
-
-type ruleFunc func(observers *Events, addError AddErrFunc)
-
-type rule struct {
- name string
- rule ruleFunc
-}
-
-var rules []rule
-
-// addRule to rule set.
-// f is called once each time `Validate` is executed.
-func AddRule(name string, f ruleFunc) {
- rules = append(rules, rule{name: name, rule: f})
-}
-
-func Validate(schema *Schema, doc *QueryDocument) gqlerror.List {
- var errs gqlerror.List
-
- observers := &Events{}
- for i := range rules {
- rule := rules[i]
- rule.rule(observers, func(options ...ErrorOption) {
- err := &gqlerror.Error{
- Rule: rule.name,
- }
- for _, o := range options {
- o(err)
- }
- errs = append(errs, err)
- })
- }
-
- Walk(schema, doc, observers)
- return errs
-}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/json/patch/patch.go b/vendor/github.com/open-policy-agent/opa/internal/json/patch/patch.go
index 31c89869da..9ddb93506e 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/json/patch/patch.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/json/patch/patch.go
@@ -7,7 +7,7 @@ package patch
import (
"strings"
- "github.com/open-policy-agent/opa/storage"
+ "github.com/open-policy-agent/opa/v1/storage"
)
// ParsePatchPathEscaped returns a new path for the given escaped str.
@@ -37,8 +37,8 @@ func ParsePatchPathEscaped(str string) (path storage.Path, ok bool) {
// the substitutions in this order, an implementation avoids the error of
// turning '~01' first into '~1' and then into '/', which would be
// incorrect (the string '~01' correctly becomes '~1' after transformation)."
- path[i] = strings.Replace(path[i], "~1", "/", -1)
- path[i] = strings.Replace(path[i], "~0", "~", -1)
+ path[i] = strings.ReplaceAll(path[i], "~1", "/")
+ path[i] = strings.ReplaceAll(path[i], "~0", "~")
}
return
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwa/key_type.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwa/key_type.go
index 98f0cc42e2..61d23844a1 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwa/key_type.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwa/key_type.go
@@ -21,7 +21,7 @@ const (
// Accept is used when conversion from values given by
// outside sources (such as JSON payloads) is required
-func (keyType *KeyType) Accept(value interface{}) error {
+func (keyType *KeyType) Accept(value any) error {
var tmp KeyType
switch x := value.(type) {
case string:
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwa/signature.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwa/signature.go
index 45e400176d..c601c46ea9 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwa/signature.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwa/signature.go
@@ -32,7 +32,7 @@ const (
// Accept is used when conversion from values given by
// outside sources (such as JSON payloads) is required
-func (signature *SignatureAlgorithm) Accept(value interface{}) error {
+func (signature *SignatureAlgorithm) Accept(value any) error {
var tmp SignatureAlgorithm
switch x := value.(type) {
case string:
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/ecdsa.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/ecdsa.go
index b46689f037..0677f4dc30 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/ecdsa.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/ecdsa.go
@@ -39,12 +39,12 @@ func newECDSAPrivateKey(key *ecdsa.PrivateKey) (*ECDSAPrivateKey, error) {
}
// Materialize returns the EC-DSA public key represented by this JWK
-func (k ECDSAPublicKey) Materialize() (interface{}, error) {
+func (k ECDSAPublicKey) Materialize() (any, error) {
return k.key, nil
}
// Materialize returns the EC-DSA private key represented by this JWK
-func (k ECDSAPrivateKey) Materialize() (interface{}, error) {
+func (k ECDSAPrivateKey) Materialize() (any, error) {
return k.key, nil
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/headers.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/headers.go
index b0fd51e901..b1a6763dda 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/headers.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/headers.go
@@ -18,15 +18,15 @@ const (
// Headers provides a common interface to all future possible headers
type Headers interface {
- Get(string) (interface{}, bool)
- Set(string, interface{}) error
- Walk(func(string, interface{}) error) error
+ Get(string) (any, bool)
+ Set(string, any) error
+ Walk(func(string, any) error) error
GetAlgorithm() jwa.SignatureAlgorithm
GetKeyID() string
GetKeyOps() KeyOperationList
GetKeyType() jwa.KeyType
GetKeyUsage() string
- GetPrivateParams() map[string]interface{}
+ GetPrivateParams() map[string]any
}
// StandardHeaders stores the common JWK parameters
@@ -36,7 +36,7 @@ type StandardHeaders struct {
KeyOps KeyOperationList `json:"key_ops,omitempty"` // https://tools.ietf.org/html/rfc7517#section-4.3
KeyType jwa.KeyType `json:"kty,omitempty"` // https://tools.ietf.org/html/rfc7517#section-4.1
KeyUsage string `json:"use,omitempty"` // https://tools.ietf.org/html/rfc7517#section-4.2
- PrivateParams map[string]interface{} `json:"privateParams,omitempty"` // https://tools.ietf.org/html/rfc7515#section-4.1.4
+ PrivateParams map[string]any `json:"privateParams,omitempty"` // https://tools.ietf.org/html/rfc7515#section-4.1.4
}
// GetAlgorithm is a convenience function to retrieve the corresponding value stored in the StandardHeaders
@@ -68,12 +68,12 @@ func (h *StandardHeaders) GetKeyUsage() string {
}
// GetPrivateParams is a convenience function to retrieve the corresponding value stored in the StandardHeaders
-func (h *StandardHeaders) GetPrivateParams() map[string]interface{} {
+func (h *StandardHeaders) GetPrivateParams() map[string]any {
return h.PrivateParams
}
// Get is a general getter function for JWK StandardHeaders structure
-func (h *StandardHeaders) Get(name string) (interface{}, bool) {
+func (h *StandardHeaders) Get(name string) (any, bool) {
switch name {
case AlgorithmKey:
alg := h.GetAlgorithm()
@@ -117,7 +117,7 @@ func (h *StandardHeaders) Get(name string) (interface{}, bool) {
}
// Set is a general getter function for JWK StandardHeaders structure
-func (h *StandardHeaders) Set(name string, value interface{}) error {
+func (h *StandardHeaders) Set(name string, value any) error {
switch name {
case AlgorithmKey:
var acceptor jwa.SignatureAlgorithm
@@ -149,7 +149,7 @@ func (h *StandardHeaders) Set(name string, value interface{}) error {
}
return fmt.Errorf("invalid value for %s key: %T", KeyUsageKey, value)
case PrivateParamsKey:
- if v, ok := value.(map[string]interface{}); ok {
+ if v, ok := value.(map[string]any); ok {
h.PrivateParams = v
return nil
}
@@ -160,7 +160,7 @@ func (h *StandardHeaders) Set(name string, value interface{}) error {
}
// Walk iterates over all JWK standard headers fields while applying a function to its value.
-func (h StandardHeaders) Walk(f func(string, interface{}) error) error {
+func (h StandardHeaders) Walk(f func(string, any) error) error {
for _, key := range []string{AlgorithmKey, KeyIDKey, KeyOpsKey, KeyTypeKey, KeyUsageKey, PrivateParamsKey} {
if v, ok := h.Get(key); ok {
if err := f(key, v); err != nil {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/interface.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/interface.go
index 7a7d03ef1c..9c7846269e 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/interface.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/interface.go
@@ -24,7 +24,7 @@ type Key interface {
// RSA types would create *rsa.PublicKey or *rsa.PrivateKey,
// EC types would create *ecdsa.PublicKey or *ecdsa.PrivateKey,
// and OctetSeq types create a []byte key.
- Materialize() (interface{}, error)
+ Materialize() (any, error)
GenerateKey(*RawKeyJSON) error
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/jwk.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/jwk.go
index aa22a3830f..b13245d172 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/jwk.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/jwk.go
@@ -15,7 +15,7 @@ import (
// For rsa key types *rsa.PublicKey is returned; for ecdsa key types *ecdsa.PublicKey;
// for byte slice (raw) keys, the key itself is returned. If the corresponding
// public key cannot be deduced, an error is returned
-func GetPublicKey(key interface{}) (interface{}, error) {
+func GetPublicKey(key any) (any, error) {
if key == nil {
return nil, errors.New("jwk.New requires a non-nil key")
}
@@ -23,7 +23,7 @@ func GetPublicKey(key interface{}) (interface{}, error) {
switch v := key.(type) {
// Mental note: although Public() is defined in both types,
// you can not coalesce the clauses for rsa.PrivateKey and
- // ecdsa.PrivateKey, as then `v` becomes interface{}
+ // ecdsa.PrivateKey, as then `v` becomes any
// b/c the compiler cannot deduce the exact type.
case *rsa.PrivateKey:
return v.Public(), nil
@@ -37,7 +37,7 @@ func GetPublicKey(key interface{}) (interface{}, error) {
}
// GetKeyTypeFromKey creates a jwk.Key from the given key.
-func GetKeyTypeFromKey(key interface{}) jwa.KeyType {
+func GetKeyTypeFromKey(key any) jwa.KeyType {
switch key.(type) {
case *rsa.PrivateKey, *rsa.PublicKey:
@@ -52,7 +52,7 @@ func GetKeyTypeFromKey(key interface{}) jwa.KeyType {
}
// New creates a jwk.Key from the given key.
-func New(key interface{}) (Key, error) {
+func New(key any) (Key, error) {
if key == nil {
return nil, errors.New("jwk.New requires a non-nil key")
}
@@ -114,7 +114,7 @@ func parse(jwkSrc string) (*Set, error) {
// ParseBytes parses JWK from the incoming byte buffer.
func ParseBytes(buf []byte) (*Set, error) {
- return parse(string(buf[:]))
+ return parse(string(buf))
}
// ParseString parses JWK from the incoming string.
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/key_ops.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/key_ops.go
index e8fe4cd854..628caae4ad 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/key_ops.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/key_ops.go
@@ -2,6 +2,7 @@ package jwk
import (
"encoding/json"
+ "errors"
"fmt"
)
@@ -38,7 +39,7 @@ const (
)
// Accept determines if Key Operation is valid
-func (keyOperationList *KeyOperationList) Accept(v interface{}) error {
+func (keyOperationList *KeyOperationList) Accept(v any) error {
switch x := v.(type) {
case KeyOperationList:
*keyOperationList = x
@@ -53,12 +54,12 @@ func (keyOperationList *KeyOperationList) UnmarshalJSON(data []byte) error {
var tempKeyOperationList []string
err := json.Unmarshal(data, &tempKeyOperationList)
if err != nil {
- return fmt.Errorf("invalid key operation")
+ return errors.New("invalid key operation")
}
for _, value := range tempKeyOperationList {
_, ok := keyOps[value]
if !ok {
- return fmt.Errorf("unknown key operation")
+ return errors.New("unknown key operation")
}
*keyOperationList = append(*keyOperationList, KeyOperation(value))
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/rsa.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/rsa.go
index 11b8e3b56b..d7b5089418 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/rsa.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/rsa.go
@@ -65,7 +65,7 @@ func newRSAPrivateKey(key *rsa.PrivateKey) (*RSAPrivateKey, error) {
}
// Materialize returns the standard RSA Public Key representation stored in the internal representation
-func (k *RSAPublicKey) Materialize() (interface{}, error) {
+func (k *RSAPublicKey) Materialize() (any, error) {
if k.key == nil {
return nil, errors.New("key has no rsa.PublicKey associated with it")
}
@@ -73,7 +73,7 @@ func (k *RSAPublicKey) Materialize() (interface{}, error) {
}
// Materialize returns the standard RSA Private Key representation stored in the internal representation
-func (k *RSAPrivateKey) Materialize() (interface{}, error) {
+func (k *RSAPrivateKey) Materialize() (any, error) {
if k.key == nil {
return nil, errors.New("key has no rsa.PrivateKey associated with it")
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/symmetric.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/symmetric.go
index e0cc0751e6..e76189f523 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/symmetric.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jwk/symmetric.go
@@ -21,7 +21,7 @@ func newSymmetricKey(key []byte) (*SymmetricKey, error) {
// Materialize returns the octets for this symmetric key.
// Since this is a symmetric key, this just calls Octets
-func (s SymmetricKey) Materialize() (interface{}, error) {
+func (s SymmetricKey) Materialize() (any, error) {
return s.Octets(), nil
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/headers.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/headers.go
index 0c8b355087..dcadea43e2 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/headers.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/headers.go
@@ -20,8 +20,8 @@ const (
// Headers provides a common interface for common header parameters
type Headers interface {
- Get(string) (interface{}, bool)
- Set(string, interface{}) error
+ Get(string) (any, bool)
+ Set(string, any) error
GetAlgorithm() jwa.SignatureAlgorithm
}
@@ -33,7 +33,7 @@ type StandardHeaders struct {
JWK string `json:"jwk,omitempty"` // https://tools.ietf.org/html/rfc7515#section-4.1.3
JWKSetURL string `json:"jku,omitempty"` // https://tools.ietf.org/html/rfc7515#section-4.1.2
KeyID string `json:"kid,omitempty"` // https://tools.ietf.org/html/rfc7515#section-4.1.4
- PrivateParams map[string]interface{} `json:"privateParams,omitempty"` // https://tools.ietf.org/html/rfc7515#section-4.1.9
+ PrivateParams map[string]any `json:"privateParams,omitempty"` // https://tools.ietf.org/html/rfc7515#section-4.1.9
Type string `json:"typ,omitempty"` // https://tools.ietf.org/html/rfc7515#section-4.1.9
}
@@ -43,7 +43,7 @@ func (h *StandardHeaders) GetAlgorithm() jwa.SignatureAlgorithm {
}
// Get is a general getter function for StandardHeaders structure
-func (h *StandardHeaders) Get(name string) (interface{}, bool) {
+func (h *StandardHeaders) Get(name string) (any, bool) {
switch name {
case AlgorithmKey:
v := h.Algorithm
@@ -99,7 +99,7 @@ func (h *StandardHeaders) Get(name string) (interface{}, bool) {
}
// Set is a general setter function for StandardHeaders structure
-func (h *StandardHeaders) Set(name string, value interface{}) error {
+func (h *StandardHeaders) Set(name string, value any) error {
switch name {
case AlgorithmKey:
if err := h.Algorithm.Accept(value); err != nil {
@@ -137,7 +137,7 @@ func (h *StandardHeaders) Set(name string, value interface{}) error {
}
return fmt.Errorf("invalid value for %s key: %T", KeyIDKey, value)
case PrivateParamsKey:
- if v, ok := value.(map[string]interface{}); ok {
+ if v, ok := value.(map[string]any); ok {
h.PrivateParams = v
return nil
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/jws.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/jws.go
index 2a5fe3c173..b2b2248306 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/jws.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/jws.go
@@ -38,7 +38,7 @@ import (
// SignLiteral generates a Signature for the given Payload and Headers, and serializes
// it in compact serialization format. In this format you may NOT use
// multiple signers.
-func SignLiteral(payload []byte, alg jwa.SignatureAlgorithm, key interface{}, hdrBuf []byte, rnd io.Reader) ([]byte, error) {
+func SignLiteral(payload []byte, alg jwa.SignatureAlgorithm, key any, hdrBuf []byte, rnd io.Reader) ([]byte, error) {
encodedHdr := base64.RawURLEncoding.EncodeToString(hdrBuf)
encodedPayload := base64.RawURLEncoding.EncodeToString(payload)
signingInput := strings.Join(
@@ -77,7 +77,7 @@ func SignLiteral(payload []byte, alg jwa.SignatureAlgorithm, key interface{}, hd
// multiple signers.
//
// If you would like to pass custom Headers, use the WithHeaders option.
-func SignWithOption(payload []byte, alg jwa.SignatureAlgorithm, key interface{}) ([]byte, error) {
+func SignWithOption(payload []byte, alg jwa.SignatureAlgorithm, key any) ([]byte, error) {
var headers Headers = &StandardHeaders{}
err := headers.Set(AlgorithmKey, alg)
@@ -99,7 +99,7 @@ func SignWithOption(payload []byte, alg jwa.SignatureAlgorithm, key interface{})
// Payload that was signed is returned. If you need more fine-grained
// control of the verification process, manually call `Parse`, generate a
// verifier, and call `Verify` on the parsed JWS message object.
-func Verify(buf []byte, alg jwa.SignatureAlgorithm, key interface{}) (ret []byte, err error) {
+func Verify(buf []byte, alg jwa.SignatureAlgorithm, key any) (ret []byte, err error) {
verifier, err := verify.New(alg)
if err != nil {
@@ -111,7 +111,7 @@ func Verify(buf []byte, alg jwa.SignatureAlgorithm, key interface{}) (ret []byte
return nil, errors.New(`attempt to verify empty buffer`)
}
- parts, err := SplitCompact(string(buf[:]))
+ parts, err := SplitCompact(string(buf))
if err != nil {
return nil, fmt.Errorf("failed extract from compact serialization format: %w", err)
}
@@ -164,7 +164,7 @@ func VerifyWithJWKSet(buf []byte, keyset *jwk.Set) (payload []byte, err error) {
// ParseByte parses a JWS value serialized via compact serialization and provided as []byte.
func ParseByte(jwsCompact []byte) (m *Message, err error) {
- return parseCompact(string(jwsCompact[:]))
+ return parseCompact(string(jwsCompact))
}
// ParseString parses a JWS value serialized via compact serialization and provided as string.
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/ecdsa.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/ecdsa.go
index db1aadec67..5f3e8accad 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/ecdsa.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/ecdsa.go
@@ -72,7 +72,7 @@ func (s ECDSASigner) Algorithm() jwa.SignatureAlgorithm {
// SignWithRand signs payload with a ECDSA private key and a provided randomness
// source (such as `rand.Reader`).
-func (s ECDSASigner) SignWithRand(payload []byte, key interface{}, r io.Reader) ([]byte, error) {
+func (s ECDSASigner) SignWithRand(payload []byte, key any, r io.Reader) ([]byte, error) {
if key == nil {
return nil, errors.New("missing private key while signing payload")
}
@@ -85,6 +85,6 @@ func (s ECDSASigner) SignWithRand(payload []byte, key interface{}, r io.Reader)
}
// Sign signs payload with a ECDSA private key
-func (s ECDSASigner) Sign(payload []byte, key interface{}) ([]byte, error) {
+func (s ECDSASigner) Sign(payload []byte, key any) ([]byte, error) {
return s.SignWithRand(payload, key, rand.Reader)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/hmac.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/hmac.go
index a4fad4208b..de541755ef 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/hmac.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/hmac.go
@@ -52,7 +52,7 @@ func (s HMACSigner) Algorithm() jwa.SignatureAlgorithm {
}
// Sign signs payload with a Symmetric key
-func (s HMACSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
+func (s HMACSigner) Sign(payload []byte, key any) ([]byte, error) {
hmackey, ok := key.([]byte)
if !ok {
return nil, fmt.Errorf(`invalid key type %T. []byte is required`, key)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/interface.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/interface.go
index 2ef2bee486..25b592ed4e 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/interface.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/interface.go
@@ -16,7 +16,7 @@ type Signer interface {
// for `jwa.RSXXX` and `jwa.PSXXX` types, you need to pass the
// `*"crypto/rsa".PrivateKey` type.
// Check the documentation for each signer for details
- Sign(payload []byte, key interface{}) ([]byte, error)
+ Sign(payload []byte, key any) ([]byte, error)
Algorithm() jwa.SignatureAlgorithm
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/rsa.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/rsa.go
index 1e02993eb0..a671b7318a 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/rsa.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/rsa.go
@@ -84,7 +84,7 @@ func (s RSASigner) Algorithm() jwa.SignatureAlgorithm {
// Sign creates a signature using crypto/rsa. key must be a non-nil instance of
// `*"crypto/rsa".PrivateKey`.
-func (s RSASigner) Sign(payload []byte, key interface{}) ([]byte, error) {
+func (s RSASigner) Sign(payload []byte, key any) ([]byte, error) {
if key == nil {
return nil, errors.New(`missing private key while signing payload`)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/sign.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/sign.go
index 7db7bbd69c..c1432236fb 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/sign.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/sign/sign.go
@@ -3,6 +3,7 @@ package sign
import (
"crypto/x509"
"encoding/pem"
+ "errors"
"fmt"
"github.com/open-policy-agent/opa/internal/jwx/jwa"
@@ -25,12 +26,12 @@ func New(alg jwa.SignatureAlgorithm) (Signer, error) {
// GetSigningKey returns a *rsa.PrivateKey or *ecdsa.PrivateKey typically encoded in PEM blocks of type "RSA PRIVATE KEY"
// or "EC PRIVATE KEY" for RSA and ECDSA family of algorithms.
// For HMAC family, it return a []byte value
-func GetSigningKey(key string, alg jwa.SignatureAlgorithm) (interface{}, error) {
+func GetSigningKey(key string, alg jwa.SignatureAlgorithm) (any, error) {
switch alg {
case jwa.RS256, jwa.RS384, jwa.RS512, jwa.PS256, jwa.PS384, jwa.PS512:
block, _ := pem.Decode([]byte(key))
if block == nil {
- return nil, fmt.Errorf("failed to parse PEM block containing the key")
+ return nil, errors.New("failed to parse PEM block containing the key")
}
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
@@ -45,7 +46,7 @@ func GetSigningKey(key string, alg jwa.SignatureAlgorithm) (interface{}, error)
case jwa.ES256, jwa.ES384, jwa.ES512:
block, _ := pem.Decode([]byte(key))
if block == nil {
- return nil, fmt.Errorf("failed to parse PEM block containing the key")
+ return nil, errors.New("failed to parse PEM block containing the key")
}
priv, err := x509.ParseECPrivateKey(block.Bytes)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/ecdsa.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/ecdsa.go
index 0d4971dc19..ba32078ac9 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/ecdsa.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/ecdsa.go
@@ -54,7 +54,7 @@ func newECDSA(alg jwa.SignatureAlgorithm) (*ECDSAVerifier, error) {
}
// Verify checks whether the signature for a given input and key is correct
-func (v ECDSAVerifier) Verify(payload []byte, signature []byte, key interface{}) error {
+func (v ECDSAVerifier) Verify(payload []byte, signature []byte, key any) error {
if key == nil {
return errors.New(`missing public key while verifying payload`)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/hmac.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/hmac.go
index d8498f50f2..25651a0f8d 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/hmac.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/hmac.go
@@ -19,7 +19,7 @@ func newHMAC(alg jwa.SignatureAlgorithm) (*HMACVerifier, error) {
}
// Verify checks whether the signature for a given input and key is correct
-func (v HMACVerifier) Verify(signingInput, signature []byte, key interface{}) (err error) {
+func (v HMACVerifier) Verify(signingInput, signature []byte, key any) (err error) {
expected, err := v.signer.Sign(signingInput, key)
if err != nil {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/interface.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/interface.go
index f5beb69741..e72c3ed7f7 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/interface.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/interface.go
@@ -16,7 +16,7 @@ type Verifier interface {
// for `jwa.RSXXX` and `jwa.PSXXX` types, you need to pass the
// `*"crypto/rsa".PublicKey` type.
// Check the documentation for each verifier for details
- Verify(payload []byte, signature []byte, key interface{}) error
+ Verify(payload []byte, signature []byte, key any) error
}
type rsaVerifyFunc func([]byte, []byte, *rsa.PublicKey) error
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/rsa.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/rsa.go
index edc560dfa6..163ff84bcf 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/rsa.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/rsa.go
@@ -75,7 +75,7 @@ func newRSA(alg jwa.SignatureAlgorithm) (*RSAVerifier, error) {
}
// Verify checks if a JWS is valid.
-func (v RSAVerifier) Verify(payload, signature []byte, key interface{}) error {
+func (v RSAVerifier) Verify(payload, signature []byte, key any) error {
if key == nil {
return errors.New(`missing public key while verifying payload`)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/verify.go b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/verify.go
index 05720a64e0..7370b4a2f1 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/verify.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/jwx/jws/verify/verify.go
@@ -5,6 +5,7 @@ import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
+ "errors"
"fmt"
"github.com/open-policy-agent/opa/internal/jwx/jwa"
@@ -28,12 +29,12 @@ func New(alg jwa.SignatureAlgorithm) (Verifier, error) {
// GetSigningKey returns a *rsa.PublicKey or *ecdsa.PublicKey typically encoded in PEM blocks of type "PUBLIC KEY",
// for RSA and ECDSA family of algorithms.
// For HMAC family, it return a []byte value
-func GetSigningKey(key string, alg jwa.SignatureAlgorithm) (interface{}, error) {
+func GetSigningKey(key string, alg jwa.SignatureAlgorithm) (any, error) {
switch alg {
case jwa.RS256, jwa.RS384, jwa.RS512, jwa.PS256, jwa.PS384, jwa.PS512, jwa.ES256, jwa.ES384, jwa.ES512:
block, _ := pem.Decode([]byte(key))
if block == nil {
- return nil, fmt.Errorf("failed to parse PEM block containing the key")
+ return nil, errors.New("failed to parse PEM block containing the key")
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/merge/merge.go b/vendor/github.com/open-policy-agent/opa/internal/merge/merge.go
index 16f39350be..ba1a09c329 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/merge/merge.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/merge/merge.go
@@ -8,7 +8,7 @@ package merge
// InterfaceMaps returns the result of merging a and b. If a and b cannot be
// merged because of conflicting key-value pairs, ok is false.
-func InterfaceMaps(a map[string]interface{}, b map[string]interface{}) (map[string]interface{}, bool) {
+func InterfaceMaps(a map[string]any, b map[string]any) (map[string]any, bool) {
if a == nil {
return b, true
@@ -21,7 +21,7 @@ func InterfaceMaps(a map[string]interface{}, b map[string]interface{}) (map[stri
return merge(a, b), true
}
-func merge(a, b map[string]interface{}) map[string]interface{} {
+func merge(a, b map[string]any) map[string]any {
for k := range b {
@@ -32,8 +32,8 @@ func merge(a, b map[string]interface{}) map[string]interface{} {
continue
}
- existObj := exist.(map[string]interface{})
- addObj := add.(map[string]interface{})
+ existObj := exist.(map[string]any)
+ addObj := add.(map[string]any)
a[k] = merge(existObj, addObj)
}
@@ -41,7 +41,7 @@ func merge(a, b map[string]interface{}) map[string]interface{} {
return a
}
-func hasConflicts(a, b map[string]interface{}) bool {
+func hasConflicts(a, b map[string]any) bool {
for k := range b {
add := b[k]
@@ -50,8 +50,8 @@ func hasConflicts(a, b map[string]interface{}) bool {
continue
}
- existObj, existOk := exist.(map[string]interface{})
- addObj, addOk := add.(map[string]interface{})
+ existObj, existOk := exist.(map[string]any)
+ addObj, addOk := add.(map[string]any)
if !existOk || !addOk {
return true
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/planner/planner.go b/vendor/github.com/open-policy-agent/opa/internal/planner/planner.go
index b75d26ddab..8d59158717 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/planner/planner.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/planner/planner.go
@@ -11,10 +11,10 @@ import (
"io"
"sort"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/ast/location"
"github.com/open-policy-agent/opa/internal/debug"
- "github.com/open-policy-agent/opa/ir"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/ast/location"
+ "github.com/open-policy-agent/opa/v1/ir"
)
// QuerySet represents the input to the planner.
@@ -51,10 +51,10 @@ type Planner struct {
// debugf prepends the planner location. We're passing callstack depth 2 because
// it should still log the file location of p.debugf.
-func (p *Planner) debugf(format string, args ...interface{}) {
+func (p *Planner) debugf(format string, args ...any) {
var msg string
if p.loc != nil {
- msg = fmt.Sprintf("%s: "+format, append([]interface{}{p.loc}, args...)...)
+ msg = fmt.Sprintf("%s: "+format, append([]any{p.loc}, args...)...)
} else {
msg = fmt.Sprintf(format, args...)
}
@@ -211,23 +211,28 @@ func (p *Planner) planRules(rules []*ast.Rule) (string, error) {
// Set the location to the rule head.
p.loc = rules[0].Head.Loc()
+ pcount := p.funcs.argVars()
+ params := make([]ir.Local, 0, pcount+len(rules[0].Head.Args))
+ for range pcount {
+ params = append(params, p.newLocal())
+ }
// Create function definition for rules.
fn := &ir.Func{
- Name: fmt.Sprintf("g%d.%s", p.funcs.gen(), path),
- Params: []ir.Local{
- p.newLocal(), // input document
- p.newLocal(), // data document
- },
+ Name: fmt.Sprintf("g%d.%s", p.funcs.gen(), path),
+ Params: params,
Return: p.newLocal(),
Path: append([]string{fmt.Sprintf("g%d", p.funcs.gen())}, pathPieces...),
}
// Initialize parameters for functions.
- for i := 0; i < len(rules[0].Head.Args); i++ {
+ for range len(rules[0].Head.Args) {
fn.Params = append(fn.Params, p.newLocal())
}
- params := fn.Params[2:]
+ // only those added as formal parameters:
+ // f(x, y) is planned as f(data, input, x, y)
+ // pcount > 2 means there are vars passed along through with replacements by variables
+ params = fn.Params[pcount:]
// Initialize return value for partial set/object rules. Complete document
// rules assign directly to `fn.Return`.
@@ -301,10 +306,11 @@ func (p *Planner) planRules(rules []*ast.Rule) (string, error) {
// Setup planner for block.
p.lnext = lnext
- p.vars = newVarstack(map[ast.Var]ir.Local{
- ast.InputRootDocument.Value.(ast.Var): fn.Params[0],
- ast.DefaultRootDocument.Value.(ast.Var): fn.Params[1],
- })
+ vs := make(map[ast.Var]ir.Local, p.funcs.argVars())
+ for i, v := range p.funcs.vars() {
+ vs[v] = fn.Params[i]
+ }
+ p.vars = newVarstack(vs)
curr := &ir.Block{}
*blocks = append(*blocks, curr)
@@ -385,7 +391,7 @@ func (p *Planner) planRules(rules []*ast.Rule) (string, error) {
return nil
})
default:
- return fmt.Errorf("illegal rule kind")
+ return errors.New("illegal rule kind")
}
})
})
@@ -497,7 +503,6 @@ func (p *Planner) planDotOr(obj ir.Local, key ir.Operand, or stmtFactory, iter p
func (p *Planner) planNestedObjects(obj ir.Local, ref ast.Ref, iter planLocalIter) error {
if len(ref) == 0 {
- //return fmt.Errorf("nested object construction didn't create object")
return iter(obj)
}
@@ -673,13 +678,17 @@ func (p *Planner) planWith(e *ast.Expr, iter planiter) error {
values := make([]*ast.Term, 0, len(e.With)) // NOTE(sr): we could be overallocating if there are builtin replacements
targets := make([]ast.Ref, 0, len(e.With))
+ vars := []ast.Var{}
mocks := frame{}
for _, w := range e.With {
v := w.Target.Value.(ast.Ref)
switch {
- case p.isFunction(v): // nothing to do
+ case p.isFunctionOrBuiltin(v): // track var values
+ if wvar, ok := w.Value.Value.(ast.Var); ok {
+ vars = append(vars, wvar)
+ }
case ast.DefaultRootDocument.Equal(v[0]) ||
ast.InputRootDocument.Equal(v[0]):
@@ -736,7 +745,7 @@ func (p *Planner) planWith(e *ast.Expr, iter planiter) error {
// planning of this expression (transitively).
shadowing := p.dataRefsShadowRuletrie(dataRefs) || len(mocks) > 0
if shadowing {
- p.funcs.Push(map[string]string{})
+ p.funcs.Push(map[string]string{}, vars)
for _, ref := range dataRefs {
p.rules.Push(ref)
}
@@ -757,7 +766,7 @@ func (p *Planner) planWith(e *ast.Expr, iter planiter) error {
p.mocks.PushFrame(mocks)
if shadowing {
- p.funcs.Push(map[string]string{})
+ p.funcs.Push(map[string]string{}, vars)
for _, ref := range dataRefs {
p.rules.Push(ref)
}
@@ -991,8 +1000,16 @@ func (p *Planner) planExprCall(e *ast.Expr, iter planiter) error {
op := e.Operator()
if replacement := p.mocks.Lookup(operator); replacement != nil {
- switch r := replacement.Value.(type) {
- case ast.Ref:
+ if _, ok := replacement.Value.(ast.Var); ok {
+ var arity int
+ if node := p.rules.Lookup(op); node != nil {
+ arity = node.Arity() // NB(sr): We don't need to plan what isn't called, only lookup arity
+ } else if bi, ok := p.decls[operator]; ok {
+ arity = bi.Decl.Arity()
+ }
+ return p.planExprCallValue(replacement, arity, operands, iter)
+ }
+ if r, ok := replacement.Value.(ast.Ref); ok {
if !r.HasPrefix(ast.DefaultRootRef) && !r.HasPrefix(ast.InputRootRef) {
// replacement is builtin
operator = r.String()
@@ -1020,7 +1037,7 @@ func (p *Planner) planExprCall(e *ast.Expr, iter planiter) error {
// replacement is a value, or ref
if bi, ok := p.decls[operator]; ok {
- return p.planExprCallValue(replacement, len(bi.Decl.FuncArgs().Args), operands, iter)
+ return p.planExprCallValue(replacement, bi.Decl.Arity(), operands, iter)
}
if node := p.rules.Lookup(op); node != nil {
return p.planExprCallValue(replacement, node.Arity(), operands, iter)
@@ -1037,7 +1054,7 @@ func (p *Planner) planExprCall(e *ast.Expr, iter planiter) error {
args = p.defaultOperands()
} else if decl, ok := p.decls[operator]; ok {
relation = decl.Relation
- arity = len(decl.Decl.Args())
+ arity = decl.Decl.Arity()
void = decl.Decl.Result() == nil
name = operator
p.externs[operator] = decl
@@ -1147,7 +1164,7 @@ func (p *Planner) planExprCallFunc(name string, arity int, void bool, operands [
})
default:
- return fmt.Errorf("impossible replacement, arity mismatch")
+ return errors.New("impossible replacement, arity mismatch")
}
}
@@ -1173,7 +1190,7 @@ func (p *Planner) planExprCallValue(value *ast.Term, arity int, operands []*ast.
})
})
default:
- return fmt.Errorf("impossible replacement, arity mismatch")
+ return errors.New("impossible replacement, arity mismatch")
}
}
@@ -1519,7 +1536,7 @@ func (p *Planner) planValue(t ast.Value, loc *ast.Location, iter planiter) error
p.loc = loc
return p.planObjectComprehension(v, iter)
default:
- return fmt.Errorf("%v term not implemented", ast.TypeName(v))
+ return fmt.Errorf("%v term not implemented", ast.ValueName(v))
}
}
@@ -1564,9 +1581,7 @@ func (p *Planner) planString(str ast.String, iter planiter) error {
}
func (p *Planner) planVar(v ast.Var, iter planiter) error {
- p.ltarget = op(p.vars.GetOrElse(v, func() ir.Local {
- return p.newLocal()
- }))
+ p.ltarget = op(p.vars.GetOrElse(v, p.newLocal))
return iter()
}
@@ -1750,7 +1765,7 @@ func (p *Planner) planRef(ref ast.Ref, iter planiter) error {
head, ok := ref[0].Value.(ast.Var)
if !ok {
- return fmt.Errorf("illegal ref: non-var head")
+ return errors.New("illegal ref: non-var head")
}
if head.Compare(ast.DefaultRootDocument.Value) == 0 {
@@ -1767,7 +1782,7 @@ func (p *Planner) planRef(ref ast.Ref, iter planiter) error {
p.ltarget, ok = p.vars.GetOp(head)
if !ok {
- return fmt.Errorf("illegal ref: unsafe head")
+ return errors.New("illegal ref: unsafe head")
}
return p.planRefRec(ref, 1, iter)
@@ -1924,12 +1939,15 @@ func (p *Planner) planRefData(virtual *ruletrie, base *baseptr, ref ast.Ref, ind
if err != nil {
return err
}
-
- p.appendStmt(&ir.CallStmt{
+ call := ir.CallStmt{
Func: funcName,
- Args: p.defaultOperands(),
+ Args: make([]ir.Operand, 0, p.funcs.argVars()),
Result: p.ltarget.Value.(ir.Local),
- })
+ }
+ for _, v := range p.funcs.vars() {
+ call.Args = append(call.Args, p.vars.GetOpOrEmpty(v))
+ }
+ p.appendStmt(&call)
return p.planRefRec(ref, index+1, iter)
}
@@ -2365,6 +2383,10 @@ func rewrittenVar(vars map[ast.Var]ast.Var, k ast.Var) ast.Var {
return rw
}
+func dont() ([][]*ast.Rule, []ir.Operand, int, bool) {
+ return nil, nil, 0, false
+}
+
// optimizeLookup returns a set of rulesets and required statements planning
// the locals (strings) needed with the used local variables, and the index
// into ref's parth that is still to be planned; if the passed ref's vars
@@ -2381,9 +2403,6 @@ func rewrittenVar(vars map[ast.Var]ast.Var, k ast.Var) ast.Var {
// var actually matched_ -- so we don't know which subtree to evaluate
// with the results.
func (p *Planner) optimizeLookup(t *ruletrie, ref ast.Ref) ([][]*ast.Rule, []ir.Operand, int, bool) {
- dont := func() ([][]*ast.Rule, []ir.Operand, int, bool) {
- return nil, nil, 0, false
- }
if t == nil {
p.debugf("no optimization of %s: trie is nil", ref)
return dont()
@@ -2411,6 +2430,10 @@ outer:
opt = true
// take all children, they might match
for _, node := range nodes {
+ if nr := node.Rules(); len(nr) > 0 {
+ p.debugf("no optimization of %s: node with rules (%v)", ref, refsOfRules(nr))
+ return dont()
+ }
for _, child := range node.Children() {
if node := node.Get(child); node != nil {
nextNodes = append(nextNodes, node)
@@ -2418,8 +2441,12 @@ outer:
}
}
case ast.String:
- // take all children that either match or have a var key
+ // take all children that either match or have a var key // TODO(sr): Where's the code for the second part, having a var key?
for _, node := range nodes {
+ if nr := node.Rules(); len(nr) > 0 {
+ p.debugf("no optimization of %s: node with rules (%v)", ref, refsOfRules(nr))
+ return dont()
+ }
if node := node.Get(r); node != nil {
nextNodes = append(nextNodes, node)
}
@@ -2438,10 +2465,20 @@ outer:
// let us break, too.
all := 0
for _, node := range nodes {
- all += node.ChildrenCount()
+ if i < len(ref)-1 {
+ // Look ahead one term to only count those children relevant to your planned ref.
+ switch ref[i+1].Value.(type) {
+ case ast.Var:
+ all += node.ChildrenCount()
+ default:
+ if relChildren := node.Get(ref[i+1].Value); relChildren != nil {
+ all++
+ }
+ }
+ }
}
if all == 0 {
- p.debugf("ref %s: all nodes have 0 children, break", ref[0:index+1])
+ p.debugf("ref %s: all nodes have 0 relevant children, break", ref[0:index+1])
break
}
@@ -2534,19 +2571,30 @@ func (p *Planner) unseenVars(t *ast.Term) bool {
}
func (p *Planner) defaultOperands() []ir.Operand {
- return []ir.Operand{
- p.vars.GetOpOrEmpty(ast.InputRootDocument.Value.(ast.Var)),
- p.vars.GetOpOrEmpty(ast.DefaultRootDocument.Value.(ast.Var)),
+ pcount := p.funcs.argVars()
+ operands := make([]ir.Operand, pcount)
+ for i, v := range p.funcs.vars() {
+ operands[i] = p.vars.GetOpOrEmpty(v)
}
+ return operands
}
-func (p *Planner) isFunction(r ast.Ref) bool {
+func (p *Planner) isFunctionOrBuiltin(r ast.Ref) bool {
if node := p.rules.Lookup(r); node != nil {
return node.Arity() > 0
}
- return false
+ _, ok := p.decls[r.String()]
+ return ok
}
func op(v ir.Val) ir.Operand {
return ir.Operand{Value: v}
}
+
+func refsOfRules(rs []*ast.Rule) []string {
+ refs := make([]string, len(rs))
+ for i := range rs {
+ refs[i] = rs[i].Head.Ref().String()
+ }
+ return refs
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/planner/rules.go b/vendor/github.com/open-policy-agent/opa/internal/planner/rules.go
index f5d6f3fc6c..9f3d115293 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/planner/rules.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/planner/rules.go
@@ -4,7 +4,7 @@ import (
"fmt"
"sort"
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
)
// funcstack implements a simple map structure used to keep track of virtual
@@ -20,20 +20,44 @@ type funcstack struct {
}
type taggedPairs struct {
- pairs map[string]string
- gen int
+ pairs map[string]string
+ vars []ast.Var
+ vcount int
+ gen int
}
func newFuncstack() *funcstack {
return &funcstack{
- stack: []taggedPairs{{pairs: map[string]string{}, gen: 0}},
- next: 1}
+ stack: []taggedPairs{
+ {
+ pairs: map[string]string{},
+ gen: 0,
+ vars: []ast.Var{
+ ast.InputRootDocument.Value.(ast.Var),
+ ast.DefaultRootDocument.Value.(ast.Var),
+ },
+ vcount: 2,
+ },
+ },
+ next: 1}
}
func (p funcstack) last() taggedPairs {
return p.stack[len(p.stack)-1]
}
+func (p funcstack) argVars() int {
+ return p.last().vcount
+}
+
+func (p funcstack) vars() []ast.Var {
+ ret := make([]ast.Var, 0, p.last().vcount)
+ for i := range p.stack {
+ ret = append(ret, p.stack[i].vars...)
+ }
+ return ret
+}
+
func (p funcstack) Add(key, value string) {
p.last().pairs[key] = value
}
@@ -43,8 +67,13 @@ func (p funcstack) Get(key string) (string, bool) {
return value, ok
}
-func (p *funcstack) Push(funcs map[string]string) {
- p.stack = append(p.stack, taggedPairs{pairs: funcs, gen: p.next})
+func (p *funcstack) Push(funcs map[string]string, vars []ast.Var) {
+ p.stack = append(p.stack, taggedPairs{
+ pairs: funcs,
+ gen: p.next,
+ vars: vars,
+ vcount: p.last().vcount + len(vars),
+ })
p.next++
}
@@ -111,7 +140,7 @@ func (t *ruletrie) Rules() []*ast.Rule {
func (t *ruletrie) Push(key ast.Ref) {
node := t
- for i := 0; i < len(key)-1; i++ {
+ for i := range len(key) - 1 {
node = node.Get(key[i].Value)
if node == nil {
return
@@ -123,7 +152,7 @@ func (t *ruletrie) Push(key ast.Ref) {
func (t *ruletrie) Pop(key ast.Ref) {
node := t
- for i := 0; i < len(key)-1; i++ {
+ for i := range len(key) - 1 {
node = node.Get(key[i].Value)
if node == nil {
return
diff --git a/vendor/github.com/open-policy-agent/opa/internal/planner/varstack.go b/vendor/github.com/open-policy-agent/opa/internal/planner/varstack.go
index dccff1b5c1..0df6bcd8b2 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/planner/varstack.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/planner/varstack.go
@@ -5,8 +5,8 @@
package planner
import (
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/ir"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/ir"
)
type varstack []map[ast.Var]ir.Local
diff --git a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/crypto/compare.go b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/crypto/compare.go
index 1d0f25f8c2..e2514423b7 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/crypto/compare.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/crypto/compare.go
@@ -1,6 +1,6 @@
package crypto
-import "fmt"
+import "errors"
// ConstantTimeByteCompare is a constant-time byte comparison of x and y. This function performs an absolute comparison
// if the two byte slices assuming they represent a big-endian number.
@@ -11,12 +11,12 @@ import "fmt"
// +1 if x > y
func ConstantTimeByteCompare(x, y []byte) (int, error) {
if len(x) != len(y) {
- return 0, fmt.Errorf("slice lengths do not match")
+ return 0, errors.New("slice lengths do not match")
}
xLarger, yLarger := 0, 0
- for i := 0; i < len(x); i++ {
+ for i := range x {
xByte, yByte := int(x[i]), int(y[i])
x := ((yByte - xByte) >> 8) & 1
diff --git a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/crypto/ecc.go b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/crypto/ecc.go
index 758c73fcb3..12679a15be 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/crypto/ecc.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/crypto/ecc.go
@@ -7,6 +7,7 @@ import (
"crypto/hmac"
"encoding/asn1"
"encoding/binary"
+ "errors"
"fmt"
"hash"
"math"
@@ -82,7 +83,7 @@ func HMACKeyDerivation(hash func() hash.Hash, bitLen int, key []byte, label, con
// verify the requested bit length is not larger then the length encoding size
if int64(bitLen) > 0x7FFFFFFF {
- return nil, fmt.Errorf("bitLen is greater than 32-bits")
+ return nil, errors.New("bitLen is greater than 32-bits")
}
fixedInput := bytes.NewBuffer(nil)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/ecr.go b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/ecr.go
index 179b5b5d5e..55e587e9f5 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/ecr.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/ecr.go
@@ -11,7 +11,7 @@ import (
"time"
"github.com/open-policy-agent/opa/internal/version"
- "github.com/open-policy-agent/opa/logging"
+ "github.com/open-policy-agent/opa/v1/logging"
)
// Values taken from
diff --git a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/kms.go b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/kms.go
index 77c0bc9349..6dfb06a496 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/kms.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/kms.go
@@ -10,7 +10,7 @@ import (
"time"
"github.com/open-policy-agent/opa/internal/version"
- "github.com/open-policy-agent/opa/logging"
+ "github.com/open-policy-agent/opa/v1/logging"
)
// Values taken from
diff --git a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/signing_v4.go b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/signing_v4.go
index bfb780754b..07aa568fa2 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/signing_v4.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/signing_v4.go
@@ -8,18 +8,19 @@ import (
"bytes"
"crypto/hmac"
"crypto/sha256"
+ "encoding/hex"
"errors"
"fmt"
"io"
"net/http"
"net/url"
- "sort"
"strings"
"time"
v4 "github.com/open-policy-agent/opa/internal/providers/aws/v4"
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/util"
)
func stringFromTerm(t *ast.Term) string {
@@ -67,19 +68,6 @@ func sha256MAC(message string, key []byte) []byte {
return mac.Sum(nil)
}
-func sortKeys(strMap map[string][]string) []string {
- keys := make([]string, len(strMap))
-
- i := 0
- for k := range strMap {
- keys[i] = k
- i++
- }
- sort.Strings(keys)
-
- return keys
-}
-
// SignRequest modifies an http.Request to include an AWS V4 signature based on the provided credentials.
func SignRequest(req *http.Request, service string, creds Credentials, theTime time.Time, sigVersion string) error {
// General ref. https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
@@ -168,7 +156,7 @@ func SignV4(headers map[string][]string, method string, theURL *url.URL, body []
canonicalReq += theURL.RawQuery + "\n" // RAW Query String
// include the values for the signed headers
- orderedKeys := sortKeys(headersToSign)
+ orderedKeys := util.KeysSorted(headersToSign)
for _, k := range orderedKeys {
canonicalReq += k + ":" + strings.Join(headersToSign[k], ",") + "\n"
}
@@ -202,7 +190,7 @@ func SignV4(headers map[string][]string, method string, theURL *url.URL, body []
authHeader := "AWS4-HMAC-SHA256 Credential=" + awsCreds.AccessKey + "/" + dateNow
authHeader += "/" + awsCreds.RegionName + "/" + service + "/aws4_request,"
authHeader += "SignedHeaders=" + headerList + ","
- authHeader += "Signature=" + fmt.Sprintf("%x", signature)
+ authHeader += "Signature=" + hex.EncodeToString(signature)
return authHeader, awsHeaders
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/signing_v4a.go b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/signing_v4a.go
index 929f2006e7..8f6d760e82 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/signing_v4a.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/signing_v4a.go
@@ -9,7 +9,7 @@ import (
"crypto/rand"
"crypto/sha256"
"encoding/hex"
- "fmt"
+ "errors"
"hash"
"io"
"math/big"
@@ -107,7 +107,7 @@ func deriveKeyFromAccessKeyPair(accessKey, secretKey string) (*ecdsa.PrivateKey,
counter++
if counter > 0xFF {
- return nil, fmt.Errorf("exhausted single byte external counter")
+ return nil, errors.New("exhausted single byte external counter")
}
}
d = d.Add(d, one)
@@ -146,7 +146,7 @@ func retrievePrivateKey(symmetric Credentials) (v4aCredentials, error) {
privateKey, err := deriveKeyFromAccessKeyPair(symmetric.AccessKey, symmetric.SecretKey)
if err != nil {
- return v4aCredentials{}, fmt.Errorf("failed to derive asymmetric key from credentials")
+ return v4aCredentials{}, errors.New("failed to derive asymmetric key from credentials")
}
creds := v4aCredentials{
@@ -216,7 +216,7 @@ func (s *httpSigner) Build() (signedRequest, error) {
signedHeaders, signedHeadersStr, canonicalHeaderStr := s.buildCanonicalHeaders(host, v4Internal.IgnoredHeaders, unsignedHeaders, s.Request.ContentLength)
- rawQuery := strings.Replace(query.Encode(), "+", "%20", -1)
+ rawQuery := strings.ReplaceAll(query.Encode(), "+", "%20")
canonicalURI := v4Internal.GetURIPath(req.URL)
@@ -280,7 +280,7 @@ func buildAuthorizationHeader(credentialStr, signedHeadersStr, signingSignature
return parts.String()
}
-func (s *httpSigner) buildCanonicalHeaders(host string, rule v4Internal.Rule, header http.Header, length int64) (signed http.Header, signedHeaders, canonicalHeadersStr string) {
+func (*httpSigner) buildCanonicalHeaders(host string, rule v4Internal.Rule, header http.Header, length int64) (signed http.Header, signedHeaders, canonicalHeadersStr string) {
signed = make(http.Header)
const hostHeader = "host"
@@ -314,7 +314,7 @@ func (s *httpSigner) buildCanonicalHeaders(host string, rule v4Internal.Rule, he
var canonicalHeaders strings.Builder
n := len(headers)
const colon = ':'
- for i := 0; i < n; i++ {
+ for i := range n {
if headers[i] == hostHeader {
canonicalHeaders.WriteString(hostHeader)
canonicalHeaders.WriteRune(colon)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/util.go b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/util.go
index e033da7460..d43339c961 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/providers/aws/util.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/providers/aws/util.go
@@ -5,7 +5,7 @@ import (
"io"
"net/http"
- "github.com/open-policy-agent/opa/logging"
+ "github.com/open-policy-agent/opa/v1/logging"
)
// DoRequestWithClient is a convenience function to get the body of an HTTP response with
@@ -18,7 +18,7 @@ func DoRequestWithClient(req *http.Request, client *http.Client, desc string, lo
}
defer resp.Body.Close()
- logger.WithFields(map[string]interface{}{
+ logger.WithFields(map[string]any{
"url": req.URL.String(),
"status": resp.Status,
"headers": resp.Header,
diff --git a/vendor/github.com/open-policy-agent/opa/internal/ref/ref.go b/vendor/github.com/open-policy-agent/opa/internal/ref/ref.go
index 6e84df4b08..653794b0a9 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/ref/ref.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/ref/ref.go
@@ -9,17 +9,14 @@ import (
"errors"
"strings"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/storage"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/storage"
)
// ParseDataPath returns a ref from the slash separated path s rooted at data.
// All path segments are treated as identifier strings.
func ParseDataPath(s string) (ast.Ref, error) {
-
- s = "/" + strings.TrimPrefix(s, "/")
-
- path, ok := storage.ParsePath(s)
+ path, ok := storage.ParsePath("/" + strings.TrimPrefix(s, "/"))
if !ok {
return nil, errors.New("invalid path")
}
@@ -29,7 +26,7 @@ func ParseDataPath(s string) (ast.Ref, error) {
// ArrayPath will take an ast.Array and build an ast.Ref using the ast.Terms in the Array
func ArrayPath(a *ast.Array) ast.Ref {
- var ref ast.Ref
+ ref := make(ast.Ref, 0, a.Len())
a.Foreach(func(term *ast.Term) {
ref = append(ref, term)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/rego/opa/engine.go b/vendor/github.com/open-policy-agent/opa/internal/rego/opa/engine.go
index 36ee844504..7defdf788c 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/rego/opa/engine.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/rego/opa/engine.go
@@ -36,10 +36,10 @@ type EvalEngine interface {
Init() (EvalEngine, error)
Entrypoints(context.Context) (map[string]int32, error)
WithPolicyBytes([]byte) EvalEngine
- WithDataJSON(interface{}) EvalEngine
+ WithDataJSON(any) EvalEngine
Eval(context.Context, EvalOpts) (*Result, error)
- SetData(context.Context, interface{}) error
- SetDataPath(context.Context, []string, interface{}) error
+ SetData(context.Context, any) error
+ SetDataPath(context.Context, []string, any) error
RemoveDataPath(context.Context, []string) error
Close()
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/rego/opa/options.go b/vendor/github.com/open-policy-agent/opa/internal/rego/opa/options.go
index b58a05ee8e..97aa41bf0e 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/rego/opa/options.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/rego/opa/options.go
@@ -4,11 +4,11 @@ import (
"io"
"time"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/topdown/builtins"
- "github.com/open-policy-agent/opa/topdown/cache"
- "github.com/open-policy-agent/opa/topdown/print"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
+ "github.com/open-policy-agent/opa/v1/topdown/print"
)
// Result holds the evaluation result.
@@ -18,7 +18,7 @@ type Result struct {
// EvalOpts define options for performing an evaluation.
type EvalOpts struct {
- Input *interface{}
+ Input *any
Metrics metrics.Metrics
Entrypoint int32
Time time.Time
diff --git a/vendor/github.com/open-policy-agent/opa/internal/report/report.go b/vendor/github.com/open-policy-agent/opa/internal/report/report.go
index 145d0a9465..b517864ed3 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/report/report.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/report/report.go
@@ -17,12 +17,12 @@ import (
"sync"
"time"
- "github.com/open-policy-agent/opa/keys"
- "github.com/open-policy-agent/opa/logging"
+ "github.com/open-policy-agent/opa/v1/keys"
+ "github.com/open-policy-agent/opa/v1/logging"
+ "github.com/open-policy-agent/opa/v1/version"
- "github.com/open-policy-agent/opa/plugins/rest"
- "github.com/open-policy-agent/opa/util"
- "github.com/open-policy-agent/opa/version"
+ "github.com/open-policy-agent/opa/v1/plugins/rest"
+ "github.com/open-policy-agent/opa/v1/util"
)
// ExternalServiceURL is the base HTTP URL for a telemetry service.
@@ -81,9 +81,9 @@ func New(id string, opts Options) (*Reporter, error) {
url = ExternalServiceURL
}
- restConfig := []byte(fmt.Sprintf(`{
+ restConfig := fmt.Appendf(nil, `{
"url": %q,
- }`, url))
+ }`, url)
client, err := rest.New(restConfig, map[string]*keys.Config{}, rest.Logger(opts.Logger))
if err != nil {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/runtime/init/init.go b/vendor/github.com/open-policy-agent/opa/internal/runtime/init/init.go
index b1a5b71577..814847a12a 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/runtime/init/init.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/runtime/init/init.go
@@ -12,12 +12,12 @@ import (
"path/filepath"
"strings"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/bundle"
storedversion "github.com/open-policy-agent/opa/internal/version"
- "github.com/open-policy-agent/opa/loader"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/storage"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/bundle"
+ "github.com/open-policy-agent/opa/v1/loader"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/storage"
)
// InsertAndCompileOptions contains the input for the operation.
@@ -53,6 +53,7 @@ func InsertAndCompile(ctx context.Context, opts InsertAndCompileOptions) (*Inser
}
compiler := ast.NewCompiler().
+ WithDefaultRegoVersion(opts.ParserOptions.RegoVersion).
SetErrorLimit(opts.MaxErrors).
WithPathConflictsCheck(storage.NonEmpty(ctx, opts.Store, opts.Txn)).
WithEnablePrintStatements(opts.EnablePrintStatements)
diff --git a/vendor/github.com/open-policy-agent/opa/internal/strings/strings.go b/vendor/github.com/open-policy-agent/opa/internal/strings/strings.go
index 08f3bf9182..f2838ac36a 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/strings/strings.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/strings/strings.go
@@ -57,7 +57,7 @@ func TruncateFilePaths(maxIdealWidth, maxWidth int, path ...string) (map[string]
}
// Drop the overall length down to match our substitution
- longestLocation = longestLocation - (len(lcs) - 3)
+ longestLocation -= (len(lcs) - 3)
}
return result, longestLocation
diff --git a/vendor/github.com/open-policy-agent/opa/internal/strvals/parser.go b/vendor/github.com/open-policy-agent/opa/internal/strvals/parser.go
index 1fc07f68c3..6d867262f5 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/strvals/parser.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/strvals/parser.go
@@ -31,7 +31,7 @@ var ErrNotList = errors.New("not a list")
// MaxIndex is the maximum index that will be allowed by setIndex.
// The default value 65536 = 1024 * 64
-var MaxIndex = 65536
+const MaxIndex = 65536
// ToYAML takes a string of arguments and converts to a YAML document.
func ToYAML(s string) (string, error) {
@@ -46,8 +46,8 @@ func ToYAML(s string) (string, error) {
// Parse parses a set line.
//
// A set line is of the form name1=value1,name2=value2
-func Parse(s string) (map[string]interface{}, error) {
- vals := map[string]interface{}{}
+func Parse(s string) (map[string]any, error) {
+ vals := map[string]any{}
scanner := bytes.NewBufferString(s)
t := newParser(scanner, vals, false)
err := t.parse()
@@ -57,8 +57,8 @@ func Parse(s string) (map[string]interface{}, error) {
// ParseString parses a set line and forces a string value.
//
// A set line is of the form name1=value1,name2=value2
-func ParseString(s string) (map[string]interface{}, error) {
- vals := map[string]interface{}{}
+func ParseString(s string) (map[string]any, error) {
+ vals := map[string]any{}
scanner := bytes.NewBufferString(s)
t := newParser(scanner, vals, true)
err := t.parse()
@@ -69,7 +69,7 @@ func ParseString(s string) (map[string]interface{}, error) {
//
// If the strval string has a key that exists in dest, it overwrites the
// dest version.
-func ParseInto(s string, dest map[string]interface{}) error {
+func ParseInto(s string, dest map[string]any) error {
scanner := bytes.NewBufferString(s)
t := newParser(scanner, dest, false)
return t.parse()
@@ -78,7 +78,7 @@ func ParseInto(s string, dest map[string]interface{}) error {
// ParseIntoFile parses a filevals line and merges the result into dest.
//
// This method always returns a string as the value.
-func ParseIntoFile(s string, dest map[string]interface{}, runesToVal runesToVal) error {
+func ParseIntoFile(s string, dest map[string]any, runesToVal runesToVal) error {
scanner := bytes.NewBufferString(s)
t := newFileParser(scanner, dest, runesToVal)
return t.parse()
@@ -87,7 +87,7 @@ func ParseIntoFile(s string, dest map[string]interface{}, runesToVal runesToVal)
// ParseIntoString parses a strvals line and merges the result into dest.
//
// This method always returns a string as the value.
-func ParseIntoString(s string, dest map[string]interface{}) error {
+func ParseIntoString(s string, dest map[string]any) error {
scanner := bytes.NewBufferString(s)
t := newParser(scanner, dest, true)
return t.parse()
@@ -101,20 +101,20 @@ func ParseIntoString(s string, dest map[string]interface{}) error {
// where st is a boolean to figure out if we're forcing it to parse values as string
type parser struct {
sc *bytes.Buffer
- data map[string]interface{}
+ data map[string]any
runesToVal runesToVal
}
-type runesToVal func([]rune) (interface{}, error)
+type runesToVal func([]rune) (any, error)
-func newParser(sc *bytes.Buffer, data map[string]interface{}, stringBool bool) *parser {
- rs2v := func(rs []rune) (interface{}, error) {
+func newParser(sc *bytes.Buffer, data map[string]any, stringBool bool) *parser {
+ rs2v := func(rs []rune) (any, error) {
return typedVal(rs, stringBool), nil
}
return &parser{sc: sc, data: data, runesToVal: rs2v}
}
-func newFileParser(sc *bytes.Buffer, data map[string]interface{}, runesToVal runesToVal) *parser {
+func newFileParser(sc *bytes.Buffer, data map[string]any, runesToVal runesToVal) *parser {
return &parser{sc: sc, data: data, runesToVal: runesToVal}
}
@@ -139,7 +139,7 @@ func runeSet(r []rune) map[rune]bool {
return s
}
-func (t *parser) key(data map[string]interface{}) error {
+func (t *parser) key(data map[string]any) error {
stop := runeSet([]rune{'=', '[', ',', '.'})
for {
switch k, last, err := runesUntil(t.sc, stop); {
@@ -148,8 +148,6 @@ func (t *parser) key(data map[string]interface{}) error {
return err
}
return fmt.Errorf("key %q has no value", string(k))
- //set(data, string(k), "")
- //return err
case last == '[':
// We are in a list index context, so we need to set an index.
i, err := t.keyIndex()
@@ -158,9 +156,9 @@ func (t *parser) key(data map[string]interface{}) error {
}
kk := string(k)
// Find or create target list
- list := []interface{}{}
+ list := []any{}
if _, ok := data[kk]; ok {
- list = data[kk].([]interface{})
+ list = data[kk].([]any)
}
// Now we need to get the value after the ].
@@ -168,7 +166,7 @@ func (t *parser) key(data map[string]interface{}) error {
set(data, kk, list)
return err
case last == '=':
- //End of key. Consume =, Get value.
+ // End of key. Consume =, Get value.
// FIXME: Get value list first
vl, e := t.valList()
switch e {
@@ -196,9 +194,9 @@ func (t *parser) key(data map[string]interface{}) error {
return fmt.Errorf("key %q has no value (cannot end with ,)", string(k))
case last == '.':
// First, create or find the target map.
- inner := map[string]interface{}{}
+ inner := map[string]any{}
if _, ok := data[string(k)]; ok {
- inner = data[string(k)].(map[string]interface{})
+ inner = data[string(k)].(map[string]any)
}
// Recurse
@@ -212,7 +210,7 @@ func (t *parser) key(data map[string]interface{}) error {
}
}
-func set(data map[string]interface{}, key string, val interface{}) {
+func set(data map[string]any, key string, val any) {
// If key is empty, don't set it.
if len(key) == 0 {
return
@@ -220,7 +218,7 @@ func set(data map[string]interface{}, key string, val interface{}) {
data[key] = val
}
-func setIndex(list []interface{}, index int, val interface{}) (l2 []interface{}, err error) {
+func setIndex(list []any, index int, val any) (l2 []any, err error) {
// There are possible index values that are out of range on a target system
// causing a panic. This will catch the panic and return an error instead.
// The value of the index that causes a panic varies from system to system.
@@ -237,7 +235,7 @@ func setIndex(list []interface{}, index int, val interface{}) (l2 []interface{},
return list, fmt.Errorf("index of %d is greater than maximum supported index of %d", index, MaxIndex)
}
if len(list) <= index {
- newlist := make([]interface{}, index+1)
+ newlist := make([]any, index+1)
copy(newlist, list)
list = newlist
}
@@ -256,7 +254,7 @@ func (t *parser) keyIndex() (int, error) {
return strconv.Atoi(string(v))
}
-func (t *parser) listItem(list []interface{}, i int) ([]interface{}, error) {
+func (t *parser) listItem(list []any, i int) ([]any, error) {
if i < 0 {
return list, fmt.Errorf("negative %d index not allowed", i)
}
@@ -300,14 +298,14 @@ func (t *parser) listItem(list []interface{}, i int) ([]interface{}, error) {
return setIndex(list, i, list2)
case last == '.':
// We have a nested object. Send to t.key
- inner := map[string]interface{}{}
+ inner := map[string]any{}
if len(list) > i {
var ok bool
- inner, ok = list[i].(map[string]interface{})
+ inner, ok = list[i].(map[string]any)
if !ok {
// We have indices out of order. Initialize empty value.
- list[i] = map[string]interface{}{}
- inner = list[i].(map[string]interface{})
+ list[i] = map[string]any{}
+ inner = list[i].(map[string]any)
}
}
@@ -328,21 +326,21 @@ func (t *parser) val() ([]rune, error) {
return v, err
}
-func (t *parser) valList() ([]interface{}, error) {
+func (t *parser) valList() ([]any, error) {
r, _, e := t.sc.ReadRune()
if e != nil {
- return []interface{}{}, e
+ return []any{}, e
}
if r != '{' {
e = t.sc.UnreadRune()
if e != nil {
- return []interface{}{}, e
+ return []any{}, e
}
- return []interface{}{}, ErrNotList
+ return []any{}, ErrNotList
}
- list := []interface{}{}
+ list := []any{}
stop := runeSet([]rune{',', '}'})
for {
switch rs, last, err := runesUntil(t.sc, stop); {
@@ -356,7 +354,7 @@ func (t *parser) valList() ([]interface{}, error) {
if r, _, e := t.sc.ReadRune(); e == nil && r != ',' {
e = t.sc.UnreadRune()
if e != nil {
- return []interface{}{}, e
+ return []any{}, e
}
}
v, e := t.runesToVal(rs)
@@ -397,7 +395,7 @@ func inMap(k rune, m map[rune]bool) bool {
return ok
}
-func typedVal(v []rune, st bool) interface{} {
+func typedVal(v []rune, st bool) any {
val := string(v)
if st {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/uuid/uuid.go b/vendor/github.com/open-policy-agent/opa/internal/uuid/uuid.go
index 5d925e68df..a18f024a25 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/uuid/uuid.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/uuid/uuid.go
@@ -32,12 +32,12 @@ func New(r io.Reader) (string, error) {
// if parsing fails, it will return an empty map. It will fill the map
// with some decoded values with fillMap
// ref: https://datatracker.ietf.org/doc/html/rfc4122
-func Parse(s string) (map[string]interface{}, error) {
+func Parse(s string) (map[string]any, error) {
uuid, err := uuid.Parse(s)
if err != nil {
return nil, err
}
- out := make(map[string]interface{}, getVersionLen(int(uuid.Version())))
+ out := make(map[string]any, getVersionLen(int(uuid.Version())))
fillMap(out, uuid)
return out, nil
}
@@ -46,7 +46,7 @@ func Parse(s string) (map[string]interface{}, error) {
// Version 1-2 has decodable values that could be of use, version 4 is random,
// and version 3,5 is not feasible to extract data. Generated with either MD5 or SHA1 hash
// ref: https://datatracker.ietf.org/doc/html/rfc4122 about creation of UUIDs
-func fillMap(m map[string]interface{}, u uuid.UUID) {
+func fillMap(m map[string]any, u uuid.UUID) {
m["version"] = int(u.Version())
m["variant"] = u.Variant().String()
switch version := m["version"]; version {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/version/version.go b/vendor/github.com/open-policy-agent/opa/internal/version/version.go
index 1c2e9ecd01..1264278e44 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/version/version.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/version/version.go
@@ -10,8 +10,8 @@ import (
"fmt"
"runtime"
- "github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/version"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/version"
)
var versionPath = storage.MustParsePath("/system/version")
@@ -24,7 +24,7 @@ func Write(ctx context.Context, store storage.Store, txn storage.Transaction) er
return err
}
- return store.Write(ctx, txn, storage.AddOp, versionPath, map[string]interface{}{
+ return store.Write(ctx, txn, storage.AddOp, versionPath, map[string]any{
"version": version.Version,
"build_commit": version.Vcs,
"build_timestamp": version.Timestamp,
diff --git a/vendor/github.com/open-policy-agent/opa/internal/wasm/encoding/reader.go b/vendor/github.com/open-policy-agent/opa/internal/wasm/encoding/reader.go
index 35e6059c72..0695ce94fe 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/wasm/encoding/reader.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/wasm/encoding/reader.go
@@ -7,6 +7,7 @@ package encoding
import (
"bytes"
"encoding/binary"
+ "errors"
"fmt"
"io"
@@ -105,7 +106,7 @@ func readMagic(r io.Reader) error {
if err := binary.Read(r, binary.LittleEndian, &v); err != nil {
return err
} else if v != constant.Magic {
- return fmt.Errorf("illegal magic value")
+ return errors.New("illegal magic value")
}
return nil
}
@@ -115,7 +116,7 @@ func readVersion(r io.Reader) error {
if err := binary.Read(r, binary.LittleEndian, &v); err != nil {
return err
} else if v != constant.Version {
- return fmt.Errorf("illegal wasm version")
+ return errors.New("illegal wasm version")
}
return nil
}
@@ -199,7 +200,7 @@ func readSections(r io.Reader, m *module.Module) error {
return fmt.Errorf("code section: %w", err)
}
default:
- return fmt.Errorf("illegal section id")
+ return errors.New("illegal section id")
}
}
}
@@ -269,7 +270,7 @@ func readNameMap(r io.Reader) ([]module.NameMap, error) {
return nil, err
}
nm := make([]module.NameMap, n)
- for i := uint32(0); i < n; i++ {
+ for i := range n {
var name string
id, err := leb128.ReadVarUint32(r)
if err != nil {
@@ -289,7 +290,7 @@ func readNameSectionLocals(r io.Reader, s *module.NameSection) error {
if err != nil {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
id, err := leb128.ReadVarUint32(r) // func index
if err != nil {
return err
@@ -326,7 +327,7 @@ func readTypeSection(r io.Reader, s *module.TypeSection) error {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
var ftype module.FunctionType
if err := readFunctionType(r, &ftype); err != nil {
@@ -346,7 +347,7 @@ func readImportSection(r io.Reader, s *module.ImportSection) error {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
var imp module.Import
@@ -367,14 +368,14 @@ func readTableSection(r io.Reader, s *module.TableSection) error {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
var table module.Table
if elem, err := readByte(r); err != nil {
return err
} else if elem != constant.ElementTypeAnyFunc {
- return fmt.Errorf("illegal element type")
+ return errors.New("illegal element type")
}
table.Type = types.Anyfunc
@@ -396,7 +397,7 @@ func readMemorySection(r io.Reader, s *module.MemorySection) error {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
var mem module.Memory
@@ -417,7 +418,7 @@ func readGlobalSection(r io.Reader, s *module.GlobalSection) error {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
var global module.Global
@@ -442,7 +443,7 @@ func readExportSection(r io.Reader, s *module.ExportSection) error {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
var exp module.Export
@@ -463,7 +464,7 @@ func readElementSection(r io.Reader, s *module.ElementSection) error {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
var seg module.ElementSegment
@@ -484,7 +485,7 @@ func readDataSection(r io.Reader, s *module.DataSection) error {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
var seg module.DataSegment
@@ -505,7 +506,7 @@ func readRawCodeSection(r io.Reader, s *module.RawCodeSection) error {
return err
}
- for i := uint32(0); i < n; i++ {
+ for range n {
var seg module.RawCodeSegment
if err := readRawCodeSegment(r, &seg); err != nil {
@@ -547,7 +548,7 @@ func readGlobal(r io.Reader, global *module.Global) error {
if b == 1 {
global.Mutable = true
} else if b != 0 {
- return fmt.Errorf("illegal mutability flag")
+ return errors.New("illegal mutability flag")
}
return readConstantExpr(r, &global.Init)
@@ -584,7 +585,7 @@ func readImport(r io.Reader, imp *module.Import) error {
if elem, err := readByte(r); err != nil {
return err
} else if elem != constant.ElementTypeAnyFunc {
- return fmt.Errorf("illegal element type")
+ return errors.New("illegal element type")
}
desc := module.TableImport{
Type: types.Anyfunc,
@@ -617,12 +618,12 @@ func readImport(r io.Reader, imp *module.Import) error {
if b == 1 {
desc.Mutable = true
} else if b != 0 {
- return fmt.Errorf("illegal mutability flag")
+ return errors.New("illegal mutability flag")
}
return nil
}
- return fmt.Errorf("illegal import descriptor type")
+ return errors.New("illegal import descriptor type")
}
func readExport(r io.Reader, exp *module.Export) error {
@@ -646,7 +647,7 @@ func readExport(r io.Reader, exp *module.Export) error {
case constant.ExportDescGlobal:
exp.Descriptor.Type = module.GlobalExportType
default:
- return fmt.Errorf("illegal export descriptor type")
+ return errors.New("illegal export descriptor type")
}
exp.Descriptor.Index, err = leb128.ReadVarUint32(r)
@@ -727,7 +728,7 @@ func readExpr(r io.Reader, expr *module.Expr) (err error) {
case error:
err = r
default:
- err = fmt.Errorf("unknown panic")
+ err = errors.New("unknown panic")
}
}
}()
@@ -809,21 +810,21 @@ func readLimits(r io.Reader, l *module.Limit) error {
return err
}
- min, err := leb128.ReadVarUint32(r)
+ minLim, err := leb128.ReadVarUint32(r)
if err != nil {
return err
}
- l.Min = min
+ l.Min = minLim
if b == 1 {
- max, err := leb128.ReadVarUint32(r)
+ maxLim, err := leb128.ReadVarUint32(r)
if err != nil {
return err
}
- l.Max = &max
+ l.Max = &maxLim
} else if b != 0 {
- return fmt.Errorf("illegal limit flag")
+ return errors.New("illegal limit flag")
}
return nil
@@ -838,7 +839,7 @@ func readLocals(r io.Reader, locals *[]module.LocalDeclaration) error {
ret := make([]module.LocalDeclaration, n)
- for i := uint32(0); i < n; i++ {
+ for i := range n {
if err := readVarUint32(r, &ret[i].Count); err != nil {
return err
}
@@ -888,7 +889,7 @@ func readVarUint32Vector(r io.Reader, v *[]uint32) error {
ret := make([]uint32, n)
- for i := uint32(0); i < n; i++ {
+ for i := range n {
if err := readVarUint32(r, &ret[i]); err != nil {
return err
}
@@ -907,7 +908,7 @@ func readValueTypeVector(r io.Reader, v *[]types.ValueType) error {
ret := make([]types.ValueType, n)
- for i := uint32(0); i < n; i++ {
+ for i := range n {
if err := readValueType(r, &ret[i]); err != nil {
return err
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/wasm/encoding/writer.go b/vendor/github.com/open-policy-agent/opa/internal/wasm/encoding/writer.go
index 6917b8d1d1..19df3bd6e6 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/wasm/encoding/writer.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/wasm/encoding/writer.go
@@ -7,6 +7,7 @@ package encoding
import (
"bytes"
"encoding/binary"
+ "errors"
"fmt"
"io"
"math"
@@ -260,7 +261,7 @@ func writeTableSection(w io.Writer, s module.TableSection) error {
return err
}
default:
- return fmt.Errorf("illegal table element type")
+ return errors.New("illegal table element type")
}
if err := writeLimits(&buf, table.Lim); err != nil {
return err
@@ -588,7 +589,7 @@ func writeImport(w io.Writer, imp module.Import) error {
}
return writeByte(w, constant.Const)
default:
- return fmt.Errorf("illegal import descriptor type")
+ return errors.New("illegal import descriptor type")
}
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/control.go b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/control.go
index 38f030982d..0b2805247f 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/control.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/control.go
@@ -112,8 +112,8 @@ func (Br) Op() opcode.Opcode {
}
// ImmediateArgs returns the block index to break to.
-func (i Br) ImmediateArgs() []interface{} {
- return []interface{}{i.Index}
+func (i Br) ImmediateArgs() []any {
+ return []any{i.Index}
}
// BrIf represents a WASM br_if instruction.
@@ -127,8 +127,8 @@ func (BrIf) Op() opcode.Opcode {
}
// ImmediateArgs returns the block index to break to.
-func (i BrIf) ImmediateArgs() []interface{} {
- return []interface{}{i.Index}
+func (i BrIf) ImmediateArgs() []any {
+ return []any{i.Index}
}
// Call represents a WASM call instruction.
@@ -142,8 +142,8 @@ func (Call) Op() opcode.Opcode {
}
// ImmediateArgs returns the function index.
-func (i Call) ImmediateArgs() []interface{} {
- return []interface{}{i.Index}
+func (i Call) ImmediateArgs() []any {
+ return []any{i.Index}
}
// CallIndirect represents a WASM call_indirect instruction.
@@ -158,8 +158,8 @@ func (CallIndirect) Op() opcode.Opcode {
}
// ImmediateArgs returns the function index.
-func (i CallIndirect) ImmediateArgs() []interface{} {
- return []interface{}{i.Index, i.Reserved}
+func (i CallIndirect) ImmediateArgs() []any {
+ return []any{i.Index, i.Reserved}
}
// Return represents a WASM return instruction.
diff --git a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/instruction.go b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/instruction.go
index 066be77c44..a0ab5953b8 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/instruction.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/instruction.go
@@ -15,14 +15,14 @@ type NoImmediateArgs struct {
}
// ImmediateArgs returns the immedate arguments of an instruction.
-func (NoImmediateArgs) ImmediateArgs() []interface{} {
+func (NoImmediateArgs) ImmediateArgs() []any {
return nil
}
// Instruction represents a single WASM instruction.
type Instruction interface {
Op() opcode.Opcode
- ImmediateArgs() []interface{}
+ ImmediateArgs() []any
}
// StructuredInstruction represents a structured control instruction like br_if.
diff --git a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/memory.go b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/memory.go
index c449cb1b6a..5a052bb764 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/memory.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/memory.go
@@ -18,8 +18,8 @@ func (I32Load) Op() opcode.Opcode {
}
// ImmediateArgs returns the static offset and alignment operands.
-func (i I32Load) ImmediateArgs() []interface{} {
- return []interface{}{i.Align, i.Offset}
+func (i I32Load) ImmediateArgs() []any {
+ return []any{i.Align, i.Offset}
}
// I32Store represents the WASM i32.store instruction.
@@ -34,6 +34,6 @@ func (I32Store) Op() opcode.Opcode {
}
// ImmediateArgs returns the static offset and alignment operands.
-func (i I32Store) ImmediateArgs() []interface{} {
- return []interface{}{i.Align, i.Offset}
+func (i I32Store) ImmediateArgs() []any {
+ return []any{i.Align, i.Offset}
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/numeric.go b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/numeric.go
index 03f33752a2..bbba1f0bcb 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/numeric.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/numeric.go
@@ -19,8 +19,8 @@ func (I32Const) Op() opcode.Opcode {
}
// ImmediateArgs returns the i32 value to push onto the stack.
-func (i I32Const) ImmediateArgs() []interface{} {
- return []interface{}{i.Value}
+func (i I32Const) ImmediateArgs() []any {
+ return []any{i.Value}
}
// I64Const represents the WASM i64.const instruction.
@@ -34,8 +34,8 @@ func (I64Const) Op() opcode.Opcode {
}
// ImmediateArgs returns the i64 value to push onto the stack.
-func (i I64Const) ImmediateArgs() []interface{} {
- return []interface{}{i.Value}
+func (i I64Const) ImmediateArgs() []any {
+ return []any{i.Value}
}
// F32Const represents the WASM f32.const instruction.
@@ -49,8 +49,8 @@ func (F32Const) Op() opcode.Opcode {
}
// ImmediateArgs returns the f32 value to push onto the stack.
-func (i F32Const) ImmediateArgs() []interface{} {
- return []interface{}{i.Value}
+func (i F32Const) ImmediateArgs() []any {
+ return []any{i.Value}
}
// F64Const represents the WASM f64.const instruction.
@@ -64,8 +64,8 @@ func (F64Const) Op() opcode.Opcode {
}
// ImmediateArgs returns the f64 value to push onto the stack.
-func (i F64Const) ImmediateArgs() []interface{} {
- return []interface{}{i.Value}
+func (i F64Const) ImmediateArgs() []any {
+ return []any{i.Value}
}
// I32Eqz represents the WASM i32.eqz instruction.
diff --git a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/variable.go b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/variable.go
index 063ffdb96d..68be486af1 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/variable.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/wasm/instruction/variable.go
@@ -17,8 +17,8 @@ func (GetLocal) Op() opcode.Opcode {
}
// ImmediateArgs returns the index of the local variable to push onto the stack.
-func (i GetLocal) ImmediateArgs() []interface{} {
- return []interface{}{i.Index}
+func (i GetLocal) ImmediateArgs() []any {
+ return []any{i.Index}
}
// SetLocal represents the WASM set_local instruction.
@@ -33,8 +33,8 @@ func (SetLocal) Op() opcode.Opcode {
// ImmediateArgs returns the index of the local variable to set with the top of
// the stack.
-func (i SetLocal) ImmediateArgs() []interface{} {
- return []interface{}{i.Index}
+func (i SetLocal) ImmediateArgs() []any {
+ return []any{i.Index}
}
// TeeLocal represents the WASM tee_local instruction.
@@ -49,6 +49,6 @@ func (TeeLocal) Op() opcode.Opcode {
// ImmediateArgs returns the index of the local variable to "tee" with the top of
// the stack (like set, but retaining the top of the stack).
-func (i TeeLocal) ImmediateArgs() []interface{} {
- return []interface{}{i.Index}
+func (i TeeLocal) ImmediateArgs() []any {
+ return []any{i.Index}
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/wasm/module/module.go b/vendor/github.com/open-policy-agent/opa/internal/wasm/module/module.go
index 913863c10c..033d429c89 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/wasm/module/module.go
+++ b/vendor/github.com/open-policy-agent/opa/internal/wasm/module/module.go
@@ -288,7 +288,7 @@ func (x ExportDescriptorType) String() string {
}
// Kind returns the function import type kind.
-func (i FunctionImport) Kind() ImportDescriptorType {
+func (FunctionImport) Kind() ImportDescriptorType {
return FunctionImportType
}
@@ -297,7 +297,7 @@ func (i FunctionImport) String() string {
}
// Kind returns the memory import type kind.
-func (i MemoryImport) Kind() ImportDescriptorType {
+func (MemoryImport) Kind() ImportDescriptorType {
return MemoryImportType
}
@@ -306,7 +306,7 @@ func (i MemoryImport) String() string {
}
// Kind returns the table import type kind.
-func (i TableImport) Kind() ImportDescriptorType {
+func (TableImport) Kind() ImportDescriptorType {
return TableImportType
}
@@ -315,7 +315,7 @@ func (i TableImport) String() string {
}
// Kind returns the global import type kind.
-func (i GlobalImport) Kind() ImportDescriptorType {
+func (GlobalImport) Kind() ImportDescriptorType {
return GlobalImportType
}
diff --git a/vendor/github.com/open-policy-agent/opa/loader/doc.go b/vendor/github.com/open-policy-agent/opa/loader/doc.go
new file mode 100644
index 0000000000..9f60920d95
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/loader/doc.go
@@ -0,0 +1,8 @@
+// Copyright 2024 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
+package loader
diff --git a/vendor/github.com/open-policy-agent/opa/loader/errors.go b/vendor/github.com/open-policy-agent/opa/loader/errors.go
index b8aafb1421..8dc70b8673 100644
--- a/vendor/github.com/open-policy-agent/opa/loader/errors.go
+++ b/vendor/github.com/open-policy-agent/opa/loader/errors.go
@@ -5,58 +5,8 @@
package loader
import (
- "fmt"
- "strings"
-
- "github.com/open-policy-agent/opa/ast"
+ v1 "github.com/open-policy-agent/opa/v1/loader"
)
// Errors is a wrapper for multiple loader errors.
-type Errors []error
-
-func (e Errors) Error() string {
- if len(e) == 0 {
- return "no error(s)"
- }
- if len(e) == 1 {
- return "1 error occurred during loading: " + e[0].Error()
- }
- buf := make([]string, len(e))
- for i := range buf {
- buf[i] = e[i].Error()
- }
- return fmt.Sprintf("%v errors occurred during loading:\n", len(e)) + strings.Join(buf, "\n")
-}
-
-func (e *Errors) add(err error) {
- if errs, ok := err.(ast.Errors); ok {
- for i := range errs {
- *e = append(*e, errs[i])
- }
- } else {
- *e = append(*e, err)
- }
-}
-
-type unsupportedDocumentType string
-
-func (path unsupportedDocumentType) Error() string {
- return string(path) + ": document must be of type object"
-}
-
-type unrecognizedFile string
-
-func (path unrecognizedFile) Error() string {
- return string(path) + ": can't recognize file type"
-}
-
-func isUnrecognizedFile(err error) bool {
- _, ok := err.(unrecognizedFile)
- return ok
-}
-
-type mergeError string
-
-func (e mergeError) Error() string {
- return string(e) + ": merge error"
-}
+type Errors = v1.Errors
diff --git a/vendor/github.com/open-policy-agent/opa/loader/loader.go b/vendor/github.com/open-policy-agent/opa/loader/loader.go
index 461639ed19..9b2f91d4e9 100644
--- a/vendor/github.com/open-policy-agent/opa/loader/loader.go
+++ b/vendor/github.com/open-policy-agent/opa/loader/loader.go
@@ -6,478 +6,74 @@
package loader
import (
- "bytes"
- "fmt"
- "io"
"io/fs"
"os"
- "path/filepath"
- "sort"
"strings"
- "sigs.k8s.io/yaml"
-
"github.com/open-policy-agent/opa/ast"
- astJSON "github.com/open-policy-agent/opa/ast/json"
"github.com/open-policy-agent/opa/bundle"
- fileurl "github.com/open-policy-agent/opa/internal/file/url"
- "github.com/open-policy-agent/opa/internal/merge"
- "github.com/open-policy-agent/opa/loader/filter"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/storage/inmem"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/loader"
)
// Result represents the result of successfully loading zero or more files.
-type Result struct {
- Documents map[string]interface{}
- Modules map[string]*RegoFile
- path []string
-}
-
-// ParsedModules returns the parsed modules stored on the result.
-func (l *Result) ParsedModules() map[string]*ast.Module {
- modules := make(map[string]*ast.Module)
- for _, module := range l.Modules {
- modules[module.Name] = module.Parsed
- }
- return modules
-}
-
-// Compiler returns a Compiler object with the compiled modules from this loader
-// result.
-func (l *Result) Compiler() (*ast.Compiler, error) {
- compiler := ast.NewCompiler()
- compiler.Compile(l.ParsedModules())
- if compiler.Failed() {
- return nil, compiler.Errors
- }
- return compiler, nil
-}
-
-// Store returns a Store object with the documents from this loader result.
-func (l *Result) Store() (storage.Store, error) {
- return l.StoreWithOpts()
-}
-
-// StoreWithOpts returns a Store object with the documents from this loader result,
-// instantiated with the passed options.
-func (l *Result) StoreWithOpts(opts ...inmem.Opt) (storage.Store, error) {
- return inmem.NewFromObjectWithOpts(l.Documents, opts...), nil
-}
+type Result = v1.Result
// RegoFile represents the result of loading a single Rego source file.
-type RegoFile struct {
- Name string
- Parsed *ast.Module
- Raw []byte
-}
+type RegoFile = v1.RegoFile
// Filter defines the interface for filtering files during loading. If the
// filter returns true, the file should be excluded from the result.
-type Filter = filter.LoaderFilter
+type Filter = v1.Filter
// GlobExcludeName excludes files and directories whose names do not match the
// shell style pattern at minDepth or greater.
func GlobExcludeName(pattern string, minDepth int) Filter {
- return func(_ string, info fs.FileInfo, depth int) bool {
- match, _ := filepath.Match(pattern, info.Name())
- return match && depth >= minDepth
- }
+ return v1.GlobExcludeName(pattern, minDepth)
}
// FileLoader defines an interface for loading OPA data files
// and Rego policies.
-type FileLoader interface {
- All(paths []string) (*Result, error)
- Filtered(paths []string, filter Filter) (*Result, error)
- AsBundle(path string) (*bundle.Bundle, error)
- WithReader(io.Reader) FileLoader
- WithFS(fs.FS) FileLoader
- WithMetrics(metrics.Metrics) FileLoader
- WithFilter(Filter) FileLoader
- WithBundleVerificationConfig(*bundle.VerificationConfig) FileLoader
- WithSkipBundleVerification(bool) FileLoader
- WithProcessAnnotation(bool) FileLoader
- WithCapabilities(*ast.Capabilities) FileLoader
- WithJSONOptions(*astJSON.Options) FileLoader
- WithRegoVersion(ast.RegoVersion) FileLoader
- WithFollowSymlinks(bool) FileLoader
-}
+type FileLoader = v1.FileLoader
// NewFileLoader returns a new FileLoader instance.
func NewFileLoader() FileLoader {
- return &fileLoader{
- metrics: metrics.New(),
- files: make(map[string]bundle.FileInfo),
- }
-}
-
-type fileLoader struct {
- metrics metrics.Metrics
- filter Filter
- bvc *bundle.VerificationConfig
- skipVerify bool
- files map[string]bundle.FileInfo
- opts ast.ParserOptions
- fsys fs.FS
- reader io.Reader
- followSymlinks bool
-}
-
-// WithFS provides an fs.FS to use for loading files. You can pass nil to
-// use plain IO calls (e.g. os.Open, os.Stat, etc.), this is the default
-// behaviour.
-func (fl *fileLoader) WithFS(fsys fs.FS) FileLoader {
- fl.fsys = fsys
- return fl
-}
-
-// WithReader provides an io.Reader to use for loading the bundle tarball.
-// An io.Reader passed via WithReader takes precedence over an fs.FS passed
-// via WithFS.
-func (fl *fileLoader) WithReader(rdr io.Reader) FileLoader {
- fl.reader = rdr
- return fl
-}
-
-// WithMetrics provides the metrics instance to use while loading
-func (fl *fileLoader) WithMetrics(m metrics.Metrics) FileLoader {
- fl.metrics = m
- return fl
-}
-
-// WithFilter specifies the filter object to use to filter files while loading
-func (fl *fileLoader) WithFilter(filter Filter) FileLoader {
- fl.filter = filter
- return fl
-}
-
-// WithBundleVerificationConfig sets the key configuration used to verify a signed bundle
-func (fl *fileLoader) WithBundleVerificationConfig(config *bundle.VerificationConfig) FileLoader {
- fl.bvc = config
- return fl
-}
-
-// WithSkipBundleVerification skips verification of a signed bundle
-func (fl *fileLoader) WithSkipBundleVerification(skipVerify bool) FileLoader {
- fl.skipVerify = skipVerify
- return fl
-}
-
-// WithProcessAnnotation enables or disables processing of schema annotations on rules
-func (fl *fileLoader) WithProcessAnnotation(processAnnotation bool) FileLoader {
- fl.opts.ProcessAnnotation = processAnnotation
- return fl
-}
-
-// WithCapabilities sets the supported capabilities when loading the files
-func (fl *fileLoader) WithCapabilities(caps *ast.Capabilities) FileLoader {
- fl.opts.Capabilities = caps
- return fl
-}
-
-// WithJSONOptions sets the JSONOptions for use when parsing files
-func (fl *fileLoader) WithJSONOptions(opts *astJSON.Options) FileLoader {
- fl.opts.JSONOptions = opts
- return fl
-}
-
-// WithRegoVersion sets the ast.RegoVersion to use when parsing and compiling modules.
-func (fl *fileLoader) WithRegoVersion(version ast.RegoVersion) FileLoader {
- fl.opts.RegoVersion = version
- return fl
-}
-
-// WithFollowSymlinks enables or disables following symlinks when loading files
-func (fl *fileLoader) WithFollowSymlinks(followSymlinks bool) FileLoader {
- fl.followSymlinks = followSymlinks
- return fl
-}
-
-// All returns a Result object loaded (recursively) from the specified paths.
-func (fl fileLoader) All(paths []string) (*Result, error) {
- return fl.Filtered(paths, nil)
-}
-
-// Filtered returns a Result object loaded (recursively) from the specified
-// paths while applying the given filters. If any filter returns true, the
-// file/directory is excluded.
-func (fl fileLoader) Filtered(paths []string, filter Filter) (*Result, error) {
- return all(fl.fsys, paths, filter, func(curr *Result, path string, depth int) error {
-
- var (
- bs []byte
- err error
- )
- if fl.fsys != nil {
- bs, err = fs.ReadFile(fl.fsys, path)
- } else {
- bs, err = os.ReadFile(path)
- }
- if err != nil {
- return err
- }
-
- result, err := loadKnownTypes(path, bs, fl.metrics, fl.opts)
- if err != nil {
- if !isUnrecognizedFile(err) {
- return err
- }
- if depth > 0 {
- return nil
- }
- result, err = loadFileForAnyType(path, bs, fl.metrics, fl.opts)
- if err != nil {
- return err
- }
- }
-
- return curr.merge(path, result)
- })
-}
-
-// AsBundle loads a path as a bundle. If it is a single file
-// it will be treated as a normal tarball bundle. If a directory
-// is supplied it will be loaded as an unzipped bundle tree.
-func (fl fileLoader) AsBundle(path string) (*bundle.Bundle, error) {
- path, err := fileurl.Clean(path)
- if err != nil {
- return nil, err
- }
-
- if err := checkForUNCPath(path); err != nil {
- return nil, err
- }
-
- var bundleLoader bundle.DirectoryLoader
- var isDir bool
- if fl.reader != nil {
- bundleLoader = bundle.NewTarballLoaderWithBaseURL(fl.reader, path).WithFilter(fl.filter)
- } else {
- bundleLoader, isDir, err = GetBundleDirectoryLoaderFS(fl.fsys, path, fl.filter)
- }
-
- if err != nil {
- return nil, err
- }
- bundleLoader = bundleLoader.WithFollowSymlinks(fl.followSymlinks)
-
- br := bundle.NewCustomReader(bundleLoader).
- WithMetrics(fl.metrics).
- WithBundleVerificationConfig(fl.bvc).
- WithSkipBundleVerification(fl.skipVerify).
- WithProcessAnnotations(fl.opts.ProcessAnnotation).
- WithCapabilities(fl.opts.Capabilities).
- WithJSONOptions(fl.opts.JSONOptions).
- WithFollowSymlinks(fl.followSymlinks).
- WithRegoVersion(fl.opts.RegoVersion)
-
- // For bundle directories add the full path in front of module file names
- // to simplify debugging.
- if isDir {
- br.WithBaseDir(path)
- }
-
- b, err := br.Read()
- if err != nil {
- err = fmt.Errorf("bundle %s: %w", path, err)
- }
-
- return &b, err
+ return v1.NewFileLoader().WithRegoVersion(ast.DefaultRegoVersion)
}
// GetBundleDirectoryLoader returns a bundle directory loader which can be used to load
// files in the directory
func GetBundleDirectoryLoader(path string) (bundle.DirectoryLoader, bool, error) {
- return GetBundleDirectoryLoaderFS(nil, path, nil)
+ return v1.GetBundleDirectoryLoader(path)
}
// GetBundleDirectoryLoaderWithFilter returns a bundle directory loader which can be used to load
// files in the directory after applying the given filter.
func GetBundleDirectoryLoaderWithFilter(path string, filter Filter) (bundle.DirectoryLoader, bool, error) {
- return GetBundleDirectoryLoaderFS(nil, path, filter)
+ return v1.GetBundleDirectoryLoaderWithFilter(path, filter)
}
// GetBundleDirectoryLoaderFS returns a bundle directory loader which can be used to load
// files in the directory.
func GetBundleDirectoryLoaderFS(fsys fs.FS, path string, filter Filter) (bundle.DirectoryLoader, bool, error) {
- path, err := fileurl.Clean(path)
- if err != nil {
- return nil, false, err
- }
-
- if err := checkForUNCPath(path); err != nil {
- return nil, false, err
- }
-
- var fi fs.FileInfo
- if fsys != nil {
- fi, err = fs.Stat(fsys, path)
- } else {
- fi, err = os.Stat(path)
- }
- if err != nil {
- return nil, false, fmt.Errorf("error reading %q: %s", path, err)
- }
-
- var bundleLoader bundle.DirectoryLoader
- if fi.IsDir() {
- if fsys != nil {
- bundleLoader = bundle.NewFSLoaderWithRoot(fsys, path)
- } else {
- bundleLoader = bundle.NewDirectoryLoader(path)
- }
- } else {
- var fh fs.File
- if fsys != nil {
- fh, err = fsys.Open(path)
- } else {
- fh, err = os.Open(path)
- }
- if err != nil {
- return nil, false, err
- }
- bundleLoader = bundle.NewTarballLoaderWithBaseURL(fh, path)
- }
-
- if filter != nil {
- bundleLoader = bundleLoader.WithFilter(filter)
- }
- return bundleLoader, fi.IsDir(), nil
+ return v1.GetBundleDirectoryLoaderFS(fsys, path, filter)
}
// FilteredPaths is the same as FilterPathsFS using the current diretory file
// system
func FilteredPaths(paths []string, filter Filter) ([]string, error) {
- return FilteredPathsFS(nil, paths, filter)
+ return v1.FilteredPaths(paths, filter)
}
// FilteredPathsFS return a list of files from the specified
// paths while applying the given filters. If any filter returns true, the
// file/directory is excluded.
func FilteredPathsFS(fsys fs.FS, paths []string, filter Filter) ([]string, error) {
- result := []string{}
-
- _, err := all(fsys, paths, filter, func(_ *Result, path string, _ int) error {
- result = append(result, path)
- return nil
- })
- if err != nil {
- return nil, err
- }
- return result, nil
+ return v1.FilteredPathsFS(fsys, paths, filter)
}
// Schemas loads a schema set from the specified file path.
func Schemas(schemaPath string) (*ast.SchemaSet, error) {
-
- var errs Errors
- ss, err := loadSchemas(schemaPath)
- if err != nil {
- errs.add(err)
- return nil, errs
- }
-
- return ss, nil
-}
-
-func loadSchemas(schemaPath string) (*ast.SchemaSet, error) {
-
- if schemaPath == "" {
- return nil, nil
- }
-
- ss := ast.NewSchemaSet()
- path, err := fileurl.Clean(schemaPath)
- if err != nil {
- return nil, err
- }
-
- info, err := os.Stat(path)
- if err != nil {
- return nil, err
- }
-
- // Handle single file case.
- if !info.IsDir() {
- schema, err := loadOneSchema(path)
- if err != nil {
- return nil, err
- }
- ss.Put(ast.SchemaRootRef, schema)
- return ss, nil
-
- }
-
- // Handle directory case.
- rootDir := path
-
- err = filepath.Walk(path,
- func(path string, info os.FileInfo, err error) error {
- if err != nil {
- return err
- } else if info.IsDir() {
- return nil
- }
-
- schema, err := loadOneSchema(path)
- if err != nil {
- return err
- }
-
- relPath, err := filepath.Rel(rootDir, path)
- if err != nil {
- return err
- }
-
- key := getSchemaSetByPathKey(relPath)
- ss.Put(key, schema)
- return nil
- })
-
- if err != nil {
- return nil, err
- }
-
- return ss, nil
-}
-
-func getSchemaSetByPathKey(path string) ast.Ref {
-
- front := filepath.Dir(path)
- last := strings.TrimSuffix(filepath.Base(path), filepath.Ext(path))
-
- var parts []string
-
- if front != "." {
- parts = append(strings.Split(filepath.ToSlash(front), "/"), last)
- } else {
- parts = []string{last}
- }
-
- key := make(ast.Ref, 1+len(parts))
- key[0] = ast.SchemaRootDocument
- for i := range parts {
- key[i+1] = ast.StringTerm(parts[i])
- }
-
- return key
-}
-
-func loadOneSchema(path string) (interface{}, error) {
- bs, err := os.ReadFile(path)
- if err != nil {
- return nil, err
- }
-
- var schema interface{}
- if err := util.Unmarshal(bs, &schema); err != nil {
- return nil, fmt.Errorf("%s: %w", path, err)
- }
-
- return schema, nil
+ return v1.Schemas(schemaPath)
}
// All returns a Result object loaded (recursively) from the specified paths.
@@ -517,321 +113,33 @@ func Rego(path string) (*RegoFile, error) {
// RegoWithOpts returns a RegoFile object loaded from the given path.
func RegoWithOpts(path string, opts ast.ParserOptions) (*RegoFile, error) {
- path, err := fileurl.Clean(path)
- if err != nil {
- return nil, err
+ if opts.RegoVersion == ast.RegoUndefined {
+ opts.RegoVersion = ast.DefaultRegoVersion
}
- bs, err := os.ReadFile(path)
- if err != nil {
- return nil, err
- }
- return loadRego(path, bs, metrics.New(), opts)
+
+ return v1.RegoWithOpts(path, opts)
}
// CleanPath returns the normalized version of a path that can be used as an identifier.
func CleanPath(path string) string {
- return strings.Trim(path, "/")
+ return v1.CleanPath(path)
}
// Paths returns a sorted list of files contained at path. If recurse is true
// and path is a directory, then Paths will walk the directory structure
// recursively and list files at each level.
func Paths(path string, recurse bool) (paths []string, err error) {
- path, err = fileurl.Clean(path)
- if err != nil {
- return nil, err
- }
- err = filepath.Walk(path, func(f string, _ os.FileInfo, _ error) error {
- if !recurse {
- if path != f && path != filepath.Dir(f) {
- return filepath.SkipDir
- }
- }
- paths = append(paths, f)
- return nil
- })
- return paths, err
+ return v1.Paths(path, recurse)
}
// Dirs resolves filepaths to directories. It will return a list of unique
// directories.
func Dirs(paths []string) []string {
- unique := map[string]struct{}{}
-
- for _, path := range paths {
- // TODO: /dir/dir will register top level directory /dir
- dir := filepath.Dir(path)
- unique[dir] = struct{}{}
- }
-
- u := make([]string, 0, len(unique))
- for k := range unique {
- u = append(u, k)
- }
- sort.Strings(u)
- return u
+ return v1.Dirs(paths)
}
// SplitPrefix returns a tuple specifying the document prefix and the file
// path.
func SplitPrefix(path string) ([]string, string) {
- // Non-prefixed URLs can be returned without modification and their contents
- // can be rooted directly under data.
- if strings.Index(path, "://") == strings.Index(path, ":") {
- return nil, path
- }
- parts := strings.SplitN(path, ":", 2)
- if len(parts) == 2 && len(parts[0]) > 0 {
- return strings.Split(parts[0], "."), parts[1]
- }
- return nil, path
-}
-
-func (l *Result) merge(path string, result interface{}) error {
- switch result := result.(type) {
- case bundle.Bundle:
- for _, module := range result.Modules {
- l.Modules[module.Path] = &RegoFile{
- Name: module.Path,
- Parsed: module.Parsed,
- Raw: module.Raw,
- }
- }
- return l.mergeDocument(path, result.Data)
- case *RegoFile:
- l.Modules[CleanPath(path)] = result
- return nil
- default:
- return l.mergeDocument(path, result)
- }
-}
-
-func (l *Result) mergeDocument(path string, doc interface{}) error {
- obj, ok := makeDir(l.path, doc)
- if !ok {
- return unsupportedDocumentType(path)
- }
- merged, ok := merge.InterfaceMaps(l.Documents, obj)
- if !ok {
- return mergeError(path)
- }
- for k := range merged {
- l.Documents[k] = merged[k]
- }
- return nil
-}
-
-func (l *Result) withParent(p string) *Result {
- path := append(l.path, p)
- return &Result{
- Documents: l.Documents,
- Modules: l.Modules,
- path: path,
- }
-}
-
-func newResult() *Result {
- return &Result{
- Documents: map[string]interface{}{},
- Modules: map[string]*RegoFile{},
- }
-}
-
-func all(fsys fs.FS, paths []string, filter Filter, f func(*Result, string, int) error) (*Result, error) {
- errs := Errors{}
- root := newResult()
-
- for _, path := range paths {
-
- // Paths can be prefixed with a string that specifies where content should be
- // loaded under data. E.g., foo.bar:/path/to/some.json will load the content
- // of some.json under {"foo": {"bar": ...}}.
- loaded := root
- prefix, path := SplitPrefix(path)
- if len(prefix) > 0 {
- for _, part := range prefix {
- loaded = loaded.withParent(part)
- }
- }
-
- allRec(fsys, path, filter, &errs, loaded, 0, f)
- }
-
- if len(errs) > 0 {
- return nil, errs
- }
-
- return root, nil
-}
-
-func allRec(fsys fs.FS, path string, filter Filter, errors *Errors, loaded *Result, depth int, f func(*Result, string, int) error) {
-
- path, err := fileurl.Clean(path)
- if err != nil {
- errors.add(err)
- return
- }
-
- if err := checkForUNCPath(path); err != nil {
- errors.add(err)
- return
- }
-
- var info fs.FileInfo
- if fsys != nil {
- info, err = fs.Stat(fsys, path)
- } else {
- info, err = os.Stat(path)
- }
-
- if err != nil {
- errors.add(err)
- return
- }
-
- if filter != nil && filter(path, info, depth) {
- return
- }
-
- if !info.IsDir() {
- if err := f(loaded, path, depth); err != nil {
- errors.add(err)
- }
- return
- }
-
- // If we are recursing on directories then content must be loaded under path
- // specified by directory hierarchy.
- if depth > 0 {
- loaded = loaded.withParent(info.Name())
- }
-
- var files []fs.DirEntry
- if fsys != nil {
- files, err = fs.ReadDir(fsys, path)
- } else {
- files, err = os.ReadDir(path)
- }
- if err != nil {
- errors.add(err)
- return
- }
-
- for _, file := range files {
- allRec(fsys, filepath.Join(path, file.Name()), filter, errors, loaded, depth+1, f)
- }
-}
-
-func loadKnownTypes(path string, bs []byte, m metrics.Metrics, opts ast.ParserOptions) (interface{}, error) {
- switch filepath.Ext(path) {
- case ".json":
- return loadJSON(path, bs, m)
- case ".rego":
- return loadRego(path, bs, m, opts)
- case ".yaml", ".yml":
- return loadYAML(path, bs, m)
- default:
- if strings.HasSuffix(path, ".tar.gz") {
- r, err := loadBundleFile(path, bs, m, opts)
- if err != nil {
- err = fmt.Errorf("bundle %s: %w", path, err)
- }
- return r, err
- }
- }
- return nil, unrecognizedFile(path)
-}
-
-func loadFileForAnyType(path string, bs []byte, m metrics.Metrics, opts ast.ParserOptions) (interface{}, error) {
- module, err := loadRego(path, bs, m, opts)
- if err == nil {
- return module, nil
- }
- doc, err := loadJSON(path, bs, m)
- if err == nil {
- return doc, nil
- }
- doc, err = loadYAML(path, bs, m)
- if err == nil {
- return doc, nil
- }
- return nil, unrecognizedFile(path)
-}
-
-func loadBundleFile(path string, bs []byte, m metrics.Metrics, opts ast.ParserOptions) (bundle.Bundle, error) {
- tl := bundle.NewTarballLoaderWithBaseURL(bytes.NewBuffer(bs), path)
- br := bundle.NewCustomReader(tl).
- WithRegoVersion(opts.RegoVersion).
- WithJSONOptions(opts.JSONOptions).
- WithProcessAnnotations(opts.ProcessAnnotation).
- WithMetrics(m).
- WithSkipBundleVerification(true).
- IncludeManifestInData(true)
- return br.Read()
-}
-
-func loadRego(path string, bs []byte, m metrics.Metrics, opts ast.ParserOptions) (*RegoFile, error) {
- m.Timer(metrics.RegoModuleParse).Start()
- var module *ast.Module
- var err error
- module, err = ast.ParseModuleWithOpts(path, string(bs), opts)
- m.Timer(metrics.RegoModuleParse).Stop()
- if err != nil {
- return nil, err
- }
- result := &RegoFile{
- Name: path,
- Parsed: module,
- Raw: bs,
- }
- return result, nil
-}
-
-func loadJSON(path string, bs []byte, m metrics.Metrics) (interface{}, error) {
- m.Timer(metrics.RegoDataParse).Start()
- var x interface{}
- err := util.UnmarshalJSON(bs, &x)
- m.Timer(metrics.RegoDataParse).Stop()
-
- if err != nil {
- return nil, fmt.Errorf("%s: %w", path, err)
- }
- return x, nil
-}
-
-func loadYAML(path string, bs []byte, m metrics.Metrics) (interface{}, error) {
- m.Timer(metrics.RegoDataParse).Start()
- bs, err := yaml.YAMLToJSON(bs)
- m.Timer(metrics.RegoDataParse).Stop()
- if err != nil {
- return nil, fmt.Errorf("%v: error converting YAML to JSON: %v", path, err)
- }
- return loadJSON(path, bs, m)
-}
-
-func makeDir(path []string, x interface{}) (map[string]interface{}, bool) {
- if len(path) == 0 {
- obj, ok := x.(map[string]interface{})
- if !ok {
- return nil, false
- }
- return obj, true
- }
- return makeDir(path[:len(path)-1], map[string]interface{}{path[len(path)-1]: x})
-}
-
-// isUNC reports whether path is a UNC path.
-func isUNC(path string) bool {
- return len(path) > 1 && isSlash(path[0]) && isSlash(path[1])
-}
-
-func isSlash(c uint8) bool {
- return c == '\\' || c == '/'
-}
-
-func checkForUNCPath(path string) error {
- if isUNC(path) {
- return fmt.Errorf("UNC path read is not allowed: %s", path)
- }
- return nil
+ return v1.SplitPrefix(path)
}
diff --git a/vendor/github.com/open-policy-agent/opa/rego/doc.go b/vendor/github.com/open-policy-agent/opa/rego/doc.go
new file mode 100644
index 0000000000..febe75696c
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/rego/doc.go
@@ -0,0 +1,8 @@
+// Copyright 2024 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
+package rego
diff --git a/vendor/github.com/open-policy-agent/opa/rego/errors.go b/vendor/github.com/open-policy-agent/opa/rego/errors.go
index dcc5e2679d..bcbd2efedd 100644
--- a/vendor/github.com/open-policy-agent/opa/rego/errors.go
+++ b/vendor/github.com/open-policy-agent/opa/rego/errors.go
@@ -1,24 +1,17 @@
package rego
+import v1 "github.com/open-policy-agent/opa/v1/rego"
+
// HaltError is an error type to return from a custom function implementation
// that will abort the evaluation process (analogous to topdown.Halt).
-type HaltError struct {
- err error
-}
-
-// Error delegates to the wrapped error
-func (h *HaltError) Error() string {
- return h.err.Error()
-}
+type HaltError = v1.HaltError
// NewHaltError wraps an error such that the evaluation process will stop
// when it occurs.
func NewHaltError(err error) error {
- return &HaltError{err: err}
+ return v1.NewHaltError(err)
}
// ErrorDetails interface is satisfied by an error that provides further
// details.
-type ErrorDetails interface {
- Lines() []string
-}
+type ErrorDetails = v1.ErrorDetails
diff --git a/vendor/github.com/open-policy-agent/opa/rego/plugins.go b/vendor/github.com/open-policy-agent/opa/rego/plugins.go
index abaa910341..38ef84416f 100644
--- a/vendor/github.com/open-policy-agent/opa/rego/plugins.go
+++ b/vendor/github.com/open-policy-agent/opa/rego/plugins.go
@@ -5,39 +5,13 @@
package rego
import (
- "context"
- "sync"
-
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/ir"
+ v1 "github.com/open-policy-agent/opa/v1/rego"
)
-var targetPlugins = map[string]TargetPlugin{}
-var pluginMtx sync.Mutex
-
-type TargetPlugin interface {
- IsTarget(string) bool
- PrepareForEval(context.Context, *ir.Policy, ...PrepareOption) (TargetPluginEval, error)
-}
-
-type TargetPluginEval interface {
- Eval(context.Context, *EvalContext, ast.Value) (ast.Value, error)
-}
+type TargetPlugin = v1.TargetPlugin
-func (r *Rego) targetPlugin(tgt string) TargetPlugin {
- for _, p := range targetPlugins {
- if p.IsTarget(tgt) {
- return p
- }
- }
- return nil
-}
+type TargetPluginEval = v1.TargetPluginEval
func RegisterPlugin(name string, p TargetPlugin) {
- pluginMtx.Lock()
- defer pluginMtx.Unlock()
- if _, ok := targetPlugins[name]; ok {
- panic("plugin already registered " + name)
- }
- targetPlugins[name] = p
+ v1.RegisterPlugin(name, p)
}
diff --git a/vendor/github.com/open-policy-agent/opa/rego/rego.go b/vendor/github.com/open-policy-agent/opa/rego/rego.go
index 64b4b9b93e..bdcf6c291a 100644
--- a/vendor/github.com/open-policy-agent/opa/rego/rego.go
+++ b/vendor/github.com/open-policy-agent/opa/rego/rego.go
@@ -6,958 +6,367 @@
package rego
import (
- "bytes"
- "context"
- "errors"
- "fmt"
"io"
- "strings"
"time"
"github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/bundle"
- bundleUtils "github.com/open-policy-agent/opa/internal/bundle"
- "github.com/open-policy-agent/opa/internal/compiler/wasm"
- "github.com/open-policy-agent/opa/internal/future"
- "github.com/open-policy-agent/opa/internal/planner"
- "github.com/open-policy-agent/opa/internal/rego/opa"
- "github.com/open-policy-agent/opa/internal/wasm/encoding"
- "github.com/open-policy-agent/opa/ir"
"github.com/open-policy-agent/opa/loader"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/plugins"
- "github.com/open-policy-agent/opa/resolver"
"github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/storage/inmem"
- "github.com/open-policy-agent/opa/topdown"
- "github.com/open-policy-agent/opa/topdown/builtins"
- "github.com/open-policy-agent/opa/topdown/cache"
- "github.com/open-policy-agent/opa/topdown/print"
- "github.com/open-policy-agent/opa/tracing"
- "github.com/open-policy-agent/opa/types"
- "github.com/open-policy-agent/opa/util"
-)
-
-const (
- defaultPartialNamespace = "partial"
- wasmVarPrefix = "^"
-)
-
-// nolint: deadcode,varcheck
-const (
- targetWasm = "wasm"
- targetRego = "rego"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ v1 "github.com/open-policy-agent/opa/v1/rego"
+ "github.com/open-policy-agent/opa/v1/resolver"
+ "github.com/open-policy-agent/opa/v1/topdown"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
+ "github.com/open-policy-agent/opa/v1/topdown/print"
+ "github.com/open-policy-agent/opa/v1/tracing"
)
// CompileResult represents the result of compiling a Rego query, zero or more
// Rego modules, and arbitrary contextual data into an executable.
-type CompileResult struct {
- Bytes []byte `json:"bytes"`
-}
+type CompileResult = v1.CompileResult
// PartialQueries contains the queries and support modules produced by partial
// evaluation.
-type PartialQueries struct {
- Queries []ast.Body `json:"queries,omitempty"`
- Support []*ast.Module `json:"modules,omitempty"`
-}
+type PartialQueries = v1.PartialQueries
// PartialResult represents the result of partial evaluation. The result can be
// used to generate a new query that can be run when inputs are known.
-type PartialResult struct {
- compiler *ast.Compiler
- store storage.Store
- body ast.Body
- builtinDecls map[string]*ast.Builtin
- builtinFuncs map[string]*topdown.Builtin
-}
-
-// Rego returns an object that can be evaluated to produce a query result.
-func (pr PartialResult) Rego(options ...func(*Rego)) *Rego {
- options = append(options, Compiler(pr.compiler), Store(pr.store), ParsedQuery(pr.body))
- r := New(options...)
-
- // Propagate any custom builtins.
- for k, v := range pr.builtinDecls {
- r.builtinDecls[k] = v
- }
- for k, v := range pr.builtinFuncs {
- r.builtinFuncs[k] = v
- }
- return r
-}
-
-// preparedQuery is a wrapper around a Rego object which has pre-processed
-// state stored on it. Once prepared there are a more limited number of actions
-// that can be taken with it. It will, however, be able to evaluate faster since
-// it will not have to re-parse or compile as much.
-type preparedQuery struct {
- r *Rego
- cfg *PrepareConfig
-}
+type PartialResult = v1.PartialResult
// EvalContext defines the set of options allowed to be set at evaluation
// time. Any other options will need to be set on a new Rego object.
-type EvalContext struct {
- hasInput bool
- time time.Time
- seed io.Reader
- rawInput *interface{}
- parsedInput ast.Value
- metrics metrics.Metrics
- txn storage.Transaction
- instrument bool
- instrumentation *topdown.Instrumentation
- partialNamespace string
- queryTracers []topdown.QueryTracer
- compiledQuery compiledQuery
- unknowns []string
- disableInlining []ast.Ref
- parsedUnknowns []*ast.Term
- indexing bool
- earlyExit bool
- interQueryBuiltinCache cache.InterQueryCache
- interQueryBuiltinValueCache cache.InterQueryValueCache
- ndBuiltinCache builtins.NDBCache
- resolvers []refResolver
- sortSets bool
- copyMaps bool
- printHook print.Hook
- capabilities *ast.Capabilities
- strictBuiltinErrors bool
- virtualCache topdown.VirtualCache
-}
-
-func (e *EvalContext) RawInput() *interface{} {
- return e.rawInput
-}
-
-func (e *EvalContext) ParsedInput() ast.Value {
- return e.parsedInput
-}
-
-func (e *EvalContext) Time() time.Time {
- return e.time
-}
-
-func (e *EvalContext) Seed() io.Reader {
- return e.seed
-}
-
-func (e *EvalContext) InterQueryBuiltinCache() cache.InterQueryCache {
- return e.interQueryBuiltinCache
-}
-
-func (e *EvalContext) InterQueryBuiltinValueCache() cache.InterQueryValueCache {
- return e.interQueryBuiltinValueCache
-}
-
-func (e *EvalContext) PrintHook() print.Hook {
- return e.printHook
-}
-
-func (e *EvalContext) Metrics() metrics.Metrics {
- return e.metrics
-}
-
-func (e *EvalContext) StrictBuiltinErrors() bool {
- return e.strictBuiltinErrors
-}
-
-func (e *EvalContext) NDBCache() builtins.NDBCache {
- return e.ndBuiltinCache
-}
-
-func (e *EvalContext) CompiledQuery() ast.Body {
- return e.compiledQuery.query
-}
-
-func (e *EvalContext) Capabilities() *ast.Capabilities {
- return e.capabilities
-}
-
-func (e *EvalContext) Transaction() storage.Transaction {
- return e.txn
-}
+type EvalContext = v1.EvalContext
// EvalOption defines a function to set an option on an EvalConfig
-type EvalOption func(*EvalContext)
+type EvalOption = v1.EvalOption
// EvalInput configures the input for a Prepared Query's evaluation
-func EvalInput(input interface{}) EvalOption {
- return func(e *EvalContext) {
- e.rawInput = &input
- e.hasInput = true
- }
+func EvalInput(input any) EvalOption {
+ return v1.EvalInput(input)
}
// EvalParsedInput configures the input for a Prepared Query's evaluation
func EvalParsedInput(input ast.Value) EvalOption {
- return func(e *EvalContext) {
- e.parsedInput = input
- e.hasInput = true
- }
+ return v1.EvalParsedInput(input)
}
// EvalMetrics configures the metrics for a Prepared Query's evaluation
func EvalMetrics(metric metrics.Metrics) EvalOption {
- return func(e *EvalContext) {
- e.metrics = metric
- }
+ return v1.EvalMetrics(metric)
}
// EvalTransaction configures the Transaction for a Prepared Query's evaluation
func EvalTransaction(txn storage.Transaction) EvalOption {
- return func(e *EvalContext) {
- e.txn = txn
- }
+ return v1.EvalTransaction(txn)
}
// EvalInstrument enables or disables instrumenting for a Prepared Query's evaluation
func EvalInstrument(instrument bool) EvalOption {
- return func(e *EvalContext) {
- e.instrument = instrument
- }
+ return v1.EvalInstrument(instrument)
}
// EvalTracer configures a tracer for a Prepared Query's evaluation
// Deprecated: Use EvalQueryTracer instead.
func EvalTracer(tracer topdown.Tracer) EvalOption {
- return func(e *EvalContext) {
- if tracer != nil {
- e.queryTracers = append(e.queryTracers, topdown.WrapLegacyTracer(tracer))
- }
- }
+ return v1.EvalTracer(tracer)
}
// EvalQueryTracer configures a tracer for a Prepared Query's evaluation
func EvalQueryTracer(tracer topdown.QueryTracer) EvalOption {
- return func(e *EvalContext) {
- if tracer != nil {
- e.queryTracers = append(e.queryTracers, tracer)
- }
- }
+ return v1.EvalQueryTracer(tracer)
}
// EvalPartialNamespace returns an argument that sets the namespace to use for
// partial evaluation results. The namespace must be a valid package path
// component.
func EvalPartialNamespace(ns string) EvalOption {
- return func(e *EvalContext) {
- e.partialNamespace = ns
- }
+ return v1.EvalPartialNamespace(ns)
}
// EvalUnknowns returns an argument that sets the values to treat as
// unknown during partial evaluation.
func EvalUnknowns(unknowns []string) EvalOption {
- return func(e *EvalContext) {
- e.unknowns = unknowns
- }
+ return v1.EvalUnknowns(unknowns)
}
// EvalDisableInlining returns an argument that adds a set of paths to exclude from
// partial evaluation inlining.
func EvalDisableInlining(paths []ast.Ref) EvalOption {
- return func(e *EvalContext) {
- e.disableInlining = paths
- }
+ return v1.EvalDisableInlining(paths)
}
// EvalParsedUnknowns returns an argument that sets the values to treat
// as unknown during partial evaluation.
func EvalParsedUnknowns(unknowns []*ast.Term) EvalOption {
- return func(e *EvalContext) {
- e.parsedUnknowns = unknowns
- }
+ return v1.EvalParsedUnknowns(unknowns)
}
// EvalRuleIndexing will disable indexing optimizations for the
// evaluation. This should only be used when tracing in debug mode.
func EvalRuleIndexing(enabled bool) EvalOption {
- return func(e *EvalContext) {
- e.indexing = enabled
- }
+ return v1.EvalRuleIndexing(enabled)
}
// EvalEarlyExit will disable 'early exit' optimizations for the
// evaluation. This should only be used when tracing in debug mode.
func EvalEarlyExit(enabled bool) EvalOption {
- return func(e *EvalContext) {
- e.earlyExit = enabled
- }
+ return v1.EvalEarlyExit(enabled)
}
// EvalTime sets the wall clock time to use during policy evaluation.
// time.now_ns() calls will return this value.
func EvalTime(x time.Time) EvalOption {
- return func(e *EvalContext) {
- e.time = x
- }
+ return v1.EvalTime(x)
}
// EvalSeed sets a reader that will seed randomization required by built-in functions.
// If a seed is not provided crypto/rand.Reader is used.
func EvalSeed(r io.Reader) EvalOption {
- return func(e *EvalContext) {
- e.seed = r
- }
+ return v1.EvalSeed(r)
}
// EvalInterQueryBuiltinCache sets the inter-query cache that built-in functions can utilize
// during evaluation.
func EvalInterQueryBuiltinCache(c cache.InterQueryCache) EvalOption {
- return func(e *EvalContext) {
- e.interQueryBuiltinCache = c
- }
+ return v1.EvalInterQueryBuiltinCache(c)
}
// EvalInterQueryBuiltinValueCache sets the inter-query value cache that built-in functions can utilize
// during evaluation.
func EvalInterQueryBuiltinValueCache(c cache.InterQueryValueCache) EvalOption {
- return func(e *EvalContext) {
- e.interQueryBuiltinValueCache = c
- }
+ return v1.EvalInterQueryBuiltinValueCache(c)
}
// EvalNDBuiltinCache sets the non-deterministic builtin cache that built-in functions can
// use during evaluation.
func EvalNDBuiltinCache(c builtins.NDBCache) EvalOption {
- return func(e *EvalContext) {
- e.ndBuiltinCache = c
- }
+ return v1.EvalNDBuiltinCache(c)
}
// EvalResolver sets a Resolver for a specified ref path for this evaluation.
func EvalResolver(ref ast.Ref, r resolver.Resolver) EvalOption {
- return func(e *EvalContext) {
- e.resolvers = append(e.resolvers, refResolver{ref, r})
- }
+ return v1.EvalResolver(ref, r)
}
// EvalSortSets causes the evaluator to sort sets before returning them as JSON arrays.
func EvalSortSets(yes bool) EvalOption {
- return func(e *EvalContext) {
- e.sortSets = yes
- }
+ return v1.EvalSortSets(yes)
}
-// EvalCopyMaps causes the evaluator to copy `map[string]interface{}`s before returning them.
+// EvalCopyMaps causes the evaluator to copy `map[string]any`s before returning them.
func EvalCopyMaps(yes bool) EvalOption {
- return func(e *EvalContext) {
- e.copyMaps = yes
- }
+ return v1.EvalCopyMaps(yes)
}
// EvalPrintHook sets the object to use for handling print statement outputs.
func EvalPrintHook(ph print.Hook) EvalOption {
- return func(e *EvalContext) {
- e.printHook = ph
- }
+ return v1.EvalPrintHook(ph)
}
// EvalVirtualCache sets the topdown.VirtualCache to use for evaluation. This is
// optional, and if not set, the default cache is used.
func EvalVirtualCache(vc topdown.VirtualCache) EvalOption {
- return func(e *EvalContext) {
- e.virtualCache = vc
- }
-}
-
-func (pq preparedQuery) Modules() map[string]*ast.Module {
- mods := make(map[string]*ast.Module)
-
- for name, mod := range pq.r.parsedModules {
- mods[name] = mod
- }
-
- for _, b := range pq.r.bundles {
- for _, mod := range b.Modules {
- mods[mod.Path] = mod.Parsed
- }
- }
-
- return mods
-}
-
-// newEvalContext creates a new EvalContext overlaying any EvalOptions over top
-// the Rego object on the preparedQuery. The returned function should be called
-// once the evaluation is complete to close any transactions that might have
-// been opened.
-func (pq preparedQuery) newEvalContext(ctx context.Context, options []EvalOption) (*EvalContext, func(context.Context), error) {
- ectx := &EvalContext{
- hasInput: false,
- rawInput: nil,
- parsedInput: nil,
- metrics: nil,
- txn: nil,
- instrument: false,
- instrumentation: nil,
- partialNamespace: pq.r.partialNamespace,
- queryTracers: nil,
- unknowns: pq.r.unknowns,
- parsedUnknowns: pq.r.parsedUnknowns,
- compiledQuery: compiledQuery{},
- indexing: true,
- earlyExit: true,
- resolvers: pq.r.resolvers,
- printHook: pq.r.printHook,
- capabilities: pq.r.capabilities,
- strictBuiltinErrors: pq.r.strictBuiltinErrors,
- }
-
- for _, o := range options {
- o(ectx)
- }
-
- if ectx.metrics == nil {
- ectx.metrics = metrics.New()
- }
-
- if ectx.instrument {
- ectx.instrumentation = topdown.NewInstrumentation(ectx.metrics)
- }
-
- // Default to an empty "finish" function
- finishFunc := func(context.Context) {}
-
- var err error
- ectx.disableInlining, err = parseStringsToRefs(pq.r.disableInlining)
- if err != nil {
- return nil, finishFunc, err
- }
-
- if ectx.txn == nil {
- ectx.txn, err = pq.r.store.NewTransaction(ctx)
- if err != nil {
- return nil, finishFunc, err
- }
- finishFunc = func(ctx context.Context) {
- pq.r.store.Abort(ctx, ectx.txn)
- }
- }
-
- // If we didn't get an input specified in the Eval options
- // then fall back to the Rego object's input fields.
- if !ectx.hasInput {
- ectx.rawInput = pq.r.rawInput
- ectx.parsedInput = pq.r.parsedInput
- }
-
- if ectx.parsedInput == nil {
- if ectx.rawInput == nil {
- // Fall back to the original Rego objects input if none was specified
- // Note that it could still be nil
- ectx.rawInput = pq.r.rawInput
- }
-
- if pq.r.targetPlugin(pq.r.target) == nil && // no plugin claims this target
- pq.r.target != targetWasm {
- ectx.parsedInput, err = pq.r.parseRawInput(ectx.rawInput, ectx.metrics)
- if err != nil {
- return nil, finishFunc, err
- }
- }
- }
-
- return ectx, finishFunc, nil
+ return v1.EvalVirtualCache(vc)
}
// PreparedEvalQuery holds the prepared Rego state that has been pre-processed
// for subsequent evaluations.
-type PreparedEvalQuery struct {
- preparedQuery
-}
-
-// Eval evaluates this PartialResult's Rego object with additional eval options
-// and returns a ResultSet.
-// If options are provided they will override the original Rego options respective value.
-// The original Rego object transaction will *not* be re-used. A new transaction will be opened
-// if one is not provided with an EvalOption.
-func (pq PreparedEvalQuery) Eval(ctx context.Context, options ...EvalOption) (ResultSet, error) {
- ectx, finish, err := pq.newEvalContext(ctx, options)
- if err != nil {
- return nil, err
- }
- defer finish(ctx)
-
- ectx.compiledQuery = pq.r.compiledQueries[evalQueryType]
-
- return pq.r.eval(ctx, ectx)
-}
+type PreparedEvalQuery = v1.PreparedEvalQuery
// PreparedPartialQuery holds the prepared Rego state that has been pre-processed
// for partial evaluations.
-type PreparedPartialQuery struct {
- preparedQuery
-}
-
-// Partial runs partial evaluation on the prepared query and returns the result.
-// The original Rego object transaction will *not* be re-used. A new transaction will be opened
-// if one is not provided with an EvalOption.
-func (pq PreparedPartialQuery) Partial(ctx context.Context, options ...EvalOption) (*PartialQueries, error) {
- ectx, finish, err := pq.newEvalContext(ctx, options)
- if err != nil {
- return nil, err
- }
- defer finish(ctx)
-
- ectx.compiledQuery = pq.r.compiledQueries[partialQueryType]
-
- return pq.r.partial(ctx, ectx)
-}
+type PreparedPartialQuery = v1.PreparedPartialQuery
// Errors represents a collection of errors returned when evaluating Rego.
-type Errors []error
-
-func (errs Errors) Error() string {
- if len(errs) == 0 {
- return "no error"
- }
- if len(errs) == 1 {
- return fmt.Sprintf("1 error occurred: %v", errs[0].Error())
- }
- buf := []string{fmt.Sprintf("%v errors occurred", len(errs))}
- for _, err := range errs {
- buf = append(buf, err.Error())
- }
- return strings.Join(buf, "\n")
-}
-
-var errPartialEvaluationNotEffective = errors.New("partial evaluation not effective")
+type Errors = v1.Errors
// IsPartialEvaluationNotEffectiveErr returns true if err is an error returned by
// this package to indicate that partial evaluation was ineffective.
func IsPartialEvaluationNotEffectiveErr(err error) bool {
- errs, ok := err.(Errors)
- if !ok {
- return false
- }
- return len(errs) == 1 && errs[0] == errPartialEvaluationNotEffective
-}
-
-type compiledQuery struct {
- query ast.Body
- compiler ast.QueryCompiler
-}
-
-type queryType int
-
-// Define a query type for each of the top level Rego
-// API's that compile queries differently.
-const (
- evalQueryType queryType = iota
- partialResultQueryType
- partialQueryType
- compileQueryType
-)
-
-type loadPaths struct {
- paths []string
- filter loader.Filter
+ return v1.IsPartialEvaluationNotEffectiveErr(err)
}
// Rego constructs a query and can be evaluated to obtain results.
-type Rego struct {
- query string
- parsedQuery ast.Body
- compiledQueries map[queryType]compiledQuery
- pkg string
- parsedPackage *ast.Package
- imports []string
- parsedImports []*ast.Import
- rawInput *interface{}
- parsedInput ast.Value
- unknowns []string
- parsedUnknowns []*ast.Term
- disableInlining []string
- shallowInlining bool
- skipPartialNamespace bool
- partialNamespace string
- modules []rawModule
- parsedModules map[string]*ast.Module
- compiler *ast.Compiler
- store storage.Store
- ownStore bool
- ownStoreReadAst bool
- txn storage.Transaction
- metrics metrics.Metrics
- queryTracers []topdown.QueryTracer
- tracebuf *topdown.BufferTracer
- trace bool
- instrumentation *topdown.Instrumentation
- instrument bool
- capture map[*ast.Expr]ast.Var // map exprs to generated capture vars
- termVarID int
- dump io.Writer
- runtime *ast.Term
- time time.Time
- seed io.Reader
- capabilities *ast.Capabilities
- builtinDecls map[string]*ast.Builtin
- builtinFuncs map[string]*topdown.Builtin
- unsafeBuiltins map[string]struct{}
- loadPaths loadPaths
- bundlePaths []string
- bundles map[string]*bundle.Bundle
- skipBundleVerification bool
- interQueryBuiltinCache cache.InterQueryCache
- interQueryBuiltinValueCache cache.InterQueryValueCache
- ndBuiltinCache builtins.NDBCache
- strictBuiltinErrors bool
- builtinErrorList *[]topdown.Error
- resolvers []refResolver
- schemaSet *ast.SchemaSet
- target string // target type (wasm, rego, etc.)
- opa opa.EvalEngine
- generateJSON func(*ast.Term, *EvalContext) (interface{}, error)
- printHook print.Hook
- enablePrintStatements bool
- distributedTacingOpts tracing.Options
- strict bool
- pluginMgr *plugins.Manager
- plugins []TargetPlugin
- targetPrepState TargetPluginEval
- regoVersion ast.RegoVersion
-}
+type Rego = v1.Rego
// Function represents a built-in function that is callable in Rego.
-type Function struct {
- Name string
- Description string
- Decl *types.Function
- Memoize bool
- Nondeterministic bool
-}
+type Function = v1.Function
// BuiltinContext contains additional attributes from the evaluator that
// built-in functions can use, e.g., the request context.Context, caches, etc.
-type BuiltinContext = topdown.BuiltinContext
+type BuiltinContext = v1.BuiltinContext
type (
// Builtin1 defines a built-in function that accepts 1 argument.
- Builtin1 func(bctx BuiltinContext, op1 *ast.Term) (*ast.Term, error)
+ Builtin1 = v1.Builtin1
// Builtin2 defines a built-in function that accepts 2 arguments.
- Builtin2 func(bctx BuiltinContext, op1, op2 *ast.Term) (*ast.Term, error)
+ Builtin2 = v1.Builtin2
// Builtin3 defines a built-in function that accepts 3 argument.
- Builtin3 func(bctx BuiltinContext, op1, op2, op3 *ast.Term) (*ast.Term, error)
+ Builtin3 = v1.Builtin3
// Builtin4 defines a built-in function that accepts 4 argument.
- Builtin4 func(bctx BuiltinContext, op1, op2, op3, op4 *ast.Term) (*ast.Term, error)
+ Builtin4 = v1.Builtin4
// BuiltinDyn defines a built-in function that accepts a list of arguments.
- BuiltinDyn func(bctx BuiltinContext, terms []*ast.Term) (*ast.Term, error)
+ BuiltinDyn = v1.BuiltinDyn
)
// RegisterBuiltin1 adds a built-in function globally inside the OPA runtime.
func RegisterBuiltin1(decl *Function, impl Builtin1) {
- ast.RegisterBuiltin(&ast.Builtin{
- Name: decl.Name,
- Description: decl.Description,
- Decl: decl.Decl,
- Nondeterministic: decl.Nondeterministic,
- })
- topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms[0]) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ v1.RegisterBuiltin1(decl, impl)
}
// RegisterBuiltin2 adds a built-in function globally inside the OPA runtime.
func RegisterBuiltin2(decl *Function, impl Builtin2) {
- ast.RegisterBuiltin(&ast.Builtin{
- Name: decl.Name,
- Description: decl.Description,
- Decl: decl.Decl,
- Nondeterministic: decl.Nondeterministic,
- })
- topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms[0], terms[1]) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ v1.RegisterBuiltin2(decl, impl)
}
// RegisterBuiltin3 adds a built-in function globally inside the OPA runtime.
func RegisterBuiltin3(decl *Function, impl Builtin3) {
- ast.RegisterBuiltin(&ast.Builtin{
- Name: decl.Name,
- Description: decl.Description,
- Decl: decl.Decl,
- Nondeterministic: decl.Nondeterministic,
- })
- topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms[0], terms[1], terms[2]) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ v1.RegisterBuiltin3(decl, impl)
}
// RegisterBuiltin4 adds a built-in function globally inside the OPA runtime.
func RegisterBuiltin4(decl *Function, impl Builtin4) {
- ast.RegisterBuiltin(&ast.Builtin{
- Name: decl.Name,
- Description: decl.Description,
- Decl: decl.Decl,
- Nondeterministic: decl.Nondeterministic,
- })
- topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms[0], terms[1], terms[2], terms[3]) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ v1.RegisterBuiltin4(decl, impl)
}
// RegisterBuiltinDyn adds a built-in function globally inside the OPA runtime.
func RegisterBuiltinDyn(decl *Function, impl BuiltinDyn) {
- ast.RegisterBuiltin(&ast.Builtin{
- Name: decl.Name,
- Description: decl.Description,
- Decl: decl.Decl,
- Nondeterministic: decl.Nondeterministic,
- })
- topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ v1.RegisterBuiltinDyn(decl, impl)
}
// Function1 returns an option that adds a built-in function to the Rego object.
func Function1(decl *Function, f Builtin1) func(*Rego) {
- return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms[0]) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ return v1.Function1(decl, f)
}
// Function2 returns an option that adds a built-in function to the Rego object.
func Function2(decl *Function, f Builtin2) func(*Rego) {
- return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms[0], terms[1]) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ return v1.Function2(decl, f)
}
// Function3 returns an option that adds a built-in function to the Rego object.
func Function3(decl *Function, f Builtin3) func(*Rego) {
- return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms[0], terms[1], terms[2]) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ return v1.Function3(decl, f)
}
// Function4 returns an option that adds a built-in function to the Rego object.
func Function4(decl *Function, f Builtin4) func(*Rego) {
- return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms[0], terms[1], terms[2], terms[3]) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ return v1.Function4(decl, f)
}
// FunctionDyn returns an option that adds a built-in function to the Rego object.
func FunctionDyn(decl *Function, f BuiltinDyn) func(*Rego) {
- return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
- result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms) })
- return finishFunction(decl.Name, bctx, result, err, iter)
- })
+ return v1.FunctionDyn(decl, f)
}
// FunctionDecl returns an option that adds a custom-built-in function
// __declaration__. NO implementation is provided. This is used for
// non-interpreter execution envs (e.g., Wasm).
func FunctionDecl(decl *Function) func(*Rego) {
- return newDecl(decl)
-}
-
-func newDecl(decl *Function) func(*Rego) {
- return func(r *Rego) {
- r.builtinDecls[decl.Name] = &ast.Builtin{
- Name: decl.Name,
- Decl: decl.Decl,
- }
- }
-}
-
-type memo struct {
- term *ast.Term
- err error
-}
-
-type memokey string
-
-func memoize(decl *Function, bctx BuiltinContext, terms []*ast.Term, ifEmpty func() (*ast.Term, error)) (*ast.Term, error) {
-
- if !decl.Memoize {
- return ifEmpty()
- }
-
- // NOTE(tsandall): we assume memoization is applied to infrequent built-in
- // calls that do things like fetch data from remote locations. As such,
- // converting the terms to strings is acceptable for now.
- var b strings.Builder
- if _, err := b.WriteString(decl.Name); err != nil {
- return nil, err
- }
-
- // The term slice _may_ include an output term depending on how the caller
- // referred to the built-in function. Only use the arguments as the cache
- // key. Unification ensures we don't get false positive matches.
- for i := 0; i < len(decl.Decl.Args()); i++ {
- if _, err := b.WriteString(terms[i].String()); err != nil {
- return nil, err
- }
- }
-
- key := memokey(b.String())
- hit, ok := bctx.Cache.Get(key)
- var m memo
- if ok {
- m = hit.(memo)
- } else {
- m.term, m.err = ifEmpty()
- bctx.Cache.Put(key, m)
- }
-
- return m.term, m.err
+ return v1.FunctionDecl(decl)
}
// Dump returns an argument that sets the writer to dump debugging information to.
func Dump(w io.Writer) func(r *Rego) {
- return func(r *Rego) {
- r.dump = w
- }
+ return v1.Dump(w)
}
// Query returns an argument that sets the Rego query.
func Query(q string) func(r *Rego) {
- return func(r *Rego) {
- r.query = q
- }
+ return v1.Query(q)
}
// ParsedQuery returns an argument that sets the Rego query.
func ParsedQuery(q ast.Body) func(r *Rego) {
- return func(r *Rego) {
- r.parsedQuery = q
- }
+ return v1.ParsedQuery(q)
}
// Package returns an argument that sets the Rego package on the query's
// context.
func Package(p string) func(r *Rego) {
- return func(r *Rego) {
- r.pkg = p
- }
+ return v1.Package(p)
}
// ParsedPackage returns an argument that sets the Rego package on the query's
// context.
func ParsedPackage(pkg *ast.Package) func(r *Rego) {
- return func(r *Rego) {
- r.parsedPackage = pkg
- }
+ return v1.ParsedPackage(pkg)
}
// Imports returns an argument that adds a Rego import to the query's context.
func Imports(p []string) func(r *Rego) {
- return func(r *Rego) {
- r.imports = append(r.imports, p...)
- }
+ return v1.Imports(p)
}
// ParsedImports returns an argument that adds Rego imports to the query's
// context.
func ParsedImports(imp []*ast.Import) func(r *Rego) {
- return func(r *Rego) {
- r.parsedImports = append(r.parsedImports, imp...)
- }
+ return v1.ParsedImports(imp)
}
// Input returns an argument that sets the Rego input document. Input should be
// a native Go value representing the input document.
-func Input(x interface{}) func(r *Rego) {
- return func(r *Rego) {
- r.rawInput = &x
- }
+func Input(x any) func(r *Rego) {
+ return v1.Input(x)
}
// ParsedInput returns an argument that sets the Rego input document.
func ParsedInput(x ast.Value) func(r *Rego) {
- return func(r *Rego) {
- r.parsedInput = x
- }
+ return v1.ParsedInput(x)
}
// Unknowns returns an argument that sets the values to treat as unknown during
// partial evaluation.
func Unknowns(unknowns []string) func(r *Rego) {
- return func(r *Rego) {
- r.unknowns = unknowns
- }
+ return v1.Unknowns(unknowns)
}
// ParsedUnknowns returns an argument that sets the values to treat as unknown
// during partial evaluation.
func ParsedUnknowns(unknowns []*ast.Term) func(r *Rego) {
- return func(r *Rego) {
- r.parsedUnknowns = unknowns
- }
+ return v1.ParsedUnknowns(unknowns)
}
// DisableInlining adds a set of paths to exclude from partial evaluation inlining.
func DisableInlining(paths []string) func(r *Rego) {
- return func(r *Rego) {
- r.disableInlining = paths
- }
+ return v1.DisableInlining(paths)
}
// ShallowInlining prevents rules that depend on unknown values from being inlined.
// Rules that only depend on known values are inlined.
func ShallowInlining(yes bool) func(r *Rego) {
- return func(r *Rego) {
- r.shallowInlining = yes
- }
+ return v1.ShallowInlining(yes)
}
// SkipPartialNamespace disables namespacing of partial evalution results for support
// rules generated from policy. Synthetic support rules are still namespaced.
func SkipPartialNamespace(yes bool) func(r *Rego) {
- return func(r *Rego) {
- r.skipPartialNamespace = yes
- }
+ return v1.SkipPartialNamespace(yes)
}
// PartialNamespace returns an argument that sets the namespace to use for
// partial evaluation results. The namespace must be a valid package path
// component.
func PartialNamespace(ns string) func(r *Rego) {
- return func(r *Rego) {
- r.partialNamespace = ns
- }
+ return v1.PartialNamespace(ns)
}
// Module returns an argument that adds a Rego module.
func Module(filename, input string) func(r *Rego) {
- return func(r *Rego) {
- r.modules = append(r.modules, rawModule{
- filename: filename,
- module: input,
- })
- }
+ return v1.Module(filename, input)
}
// ParsedModule returns an argument that adds a parsed Rego module. If a string
// module with the same filename name is added, it will override the parsed
// module.
func ParsedModule(module *ast.Module) func(*Rego) {
- return func(r *Rego) {
- var filename string
- if module.Package.Location != nil {
- filename = module.Package.Location.File
- } else {
- filename = fmt.Sprintf("module_%p.rego", module)
- }
- r.parsedModules[filename] = module
- }
+ return v1.ParsedModule(module)
}
// Load returns an argument that adds a filesystem path to load data
@@ -968,9 +377,7 @@ func ParsedModule(module *ast.Module) func(*Rego) {
// The Load option can only be used once.
// Note: Loading files will require a write transaction on the store.
func Load(paths []string, filter loader.Filter) func(r *Rego) {
- return func(r *Rego) {
- r.loadPaths = loadPaths{paths, filter}
- }
+ return v1.Load(paths, filter)
}
// LoadBundle returns an argument that adds a filesystem path to load
@@ -978,23 +385,17 @@ func Load(paths []string, filter loader.Filter) func(r *Rego) {
// to be loaded as a bundle.
// Note: Loading bundles will require a write transaction on the store.
func LoadBundle(path string) func(r *Rego) {
- return func(r *Rego) {
- r.bundlePaths = append(r.bundlePaths, path)
- }
+ return v1.LoadBundle(path)
}
// ParsedBundle returns an argument that adds a bundle to be loaded.
func ParsedBundle(name string, b *bundle.Bundle) func(r *Rego) {
- return func(r *Rego) {
- r.bundles[name] = b
- }
+ return v1.ParsedBundle(name, b)
}
// Compiler returns an argument that sets the Rego compiler.
func Compiler(c *ast.Compiler) func(r *Rego) {
- return func(r *Rego) {
- r.compiler = c
- }
+ return v1.Compiler(c)
}
// Store returns an argument that sets the policy engine's data storage layer.
@@ -1003,18 +404,14 @@ func Compiler(c *ast.Compiler) func(r *Rego) {
// must also be provided via the Transaction() option. After loading files
// or bundles the transaction should be aborted or committed.
func Store(s storage.Store) func(r *Rego) {
- return func(r *Rego) {
- r.store = s
- }
+ return v1.Store(s)
}
// StoreReadAST returns an argument that sets whether the store should eagerly convert data to AST values.
//
// Only applicable when no store has been set on the Rego object through the Store option.
func StoreReadAST(enabled bool) func(r *Rego) {
- return func(r *Rego) {
- r.ownStoreReadAst = enabled
- }
+ return v1.StoreReadAST(enabled)
}
// Transaction returns an argument that sets the transaction to use for storage
@@ -1024,93 +421,65 @@ func StoreReadAST(enabled bool) func(r *Rego) {
// Store() option. If using Load(), LoadBundle(), or ParsedBundle() options
// the transaction will likely require write params.
func Transaction(txn storage.Transaction) func(r *Rego) {
- return func(r *Rego) {
- r.txn = txn
- }
+ return v1.Transaction(txn)
}
// Metrics returns an argument that sets the metrics collection.
func Metrics(m metrics.Metrics) func(r *Rego) {
- return func(r *Rego) {
- r.metrics = m
- }
+ return v1.Metrics(m)
}
// Instrument returns an argument that enables instrumentation for diagnosing
// performance issues.
func Instrument(yes bool) func(r *Rego) {
- return func(r *Rego) {
- r.instrument = yes
- }
+ return v1.Instrument(yes)
}
// Trace returns an argument that enables tracing on r.
func Trace(yes bool) func(r *Rego) {
- return func(r *Rego) {
- r.trace = yes
- }
+ return v1.Trace(yes)
}
// Tracer returns an argument that adds a query tracer to r.
// Deprecated: Use QueryTracer instead.
func Tracer(t topdown.Tracer) func(r *Rego) {
- return func(r *Rego) {
- if t != nil {
- r.queryTracers = append(r.queryTracers, topdown.WrapLegacyTracer(t))
- }
- }
+ return v1.Tracer(t)
}
// QueryTracer returns an argument that adds a query tracer to r.
func QueryTracer(t topdown.QueryTracer) func(r *Rego) {
- return func(r *Rego) {
- if t != nil {
- r.queryTracers = append(r.queryTracers, t)
- }
- }
+ return v1.QueryTracer(t)
}
// Runtime returns an argument that sets the runtime data to provide to the
// evaluation engine.
func Runtime(term *ast.Term) func(r *Rego) {
- return func(r *Rego) {
- r.runtime = term
- }
+ return v1.Runtime(term)
}
// Time sets the wall clock time to use during policy evaluation. Prepared queries
// do not inherit this parameter. Use EvalTime to set the wall clock time when
// executing a prepared query.
func Time(x time.Time) func(r *Rego) {
- return func(r *Rego) {
- r.time = x
- }
+ return v1.Time(x)
}
// Seed sets a reader that will seed randomization required by built-in functions.
// If a seed is not provided crypto/rand.Reader is used.
func Seed(r io.Reader) func(*Rego) {
- return func(e *Rego) {
- e.seed = r
- }
+ return v1.Seed(r)
}
// PrintTrace is a helper function to write a human-readable version of the
// trace to the writer w.
func PrintTrace(w io.Writer, r *Rego) {
- if r == nil || r.tracebuf == nil {
- return
- }
- topdown.PrettyTrace(w, *r.tracebuf)
+ v1.PrintTrace(w, r)
}
// PrintTraceWithLocation is a helper function to write a human-readable version of the
// trace to the writer w.
func PrintTraceWithLocation(w io.Writer, r *Rego) {
- if r == nil || r.tracebuf == nil {
- return
- }
- topdown.PrettyTraceWithLocation(w, *r.tracebuf)
+ v1.PrintTraceWithLocation(w, r)
}
// UnsafeBuiltins sets the built-in functions to treat as unsafe and not allow.
@@ -1118,104 +487,76 @@ func PrintTraceWithLocation(w io.Writer, r *Rego) {
// compiler. This option is always honored for query compilation. Provide an
// empty (non-nil) map to disable checks on queries.
func UnsafeBuiltins(unsafeBuiltins map[string]struct{}) func(r *Rego) {
- return func(r *Rego) {
- r.unsafeBuiltins = unsafeBuiltins
- }
+ return v1.UnsafeBuiltins(unsafeBuiltins)
}
// SkipBundleVerification skips verification of a signed bundle.
func SkipBundleVerification(yes bool) func(r *Rego) {
- return func(r *Rego) {
- r.skipBundleVerification = yes
- }
+ return v1.SkipBundleVerification(yes)
}
// InterQueryBuiltinCache sets the inter-query cache that built-in functions can utilize
// during evaluation.
func InterQueryBuiltinCache(c cache.InterQueryCache) func(r *Rego) {
- return func(r *Rego) {
- r.interQueryBuiltinCache = c
- }
+ return v1.InterQueryBuiltinCache(c)
}
// InterQueryBuiltinValueCache sets the inter-query value cache that built-in functions can utilize
// during evaluation.
func InterQueryBuiltinValueCache(c cache.InterQueryValueCache) func(r *Rego) {
- return func(r *Rego) {
- r.interQueryBuiltinValueCache = c
- }
+ return v1.InterQueryBuiltinValueCache(c)
}
// NDBuiltinCache sets the non-deterministic builtins cache.
func NDBuiltinCache(c builtins.NDBCache) func(r *Rego) {
- return func(r *Rego) {
- r.ndBuiltinCache = c
- }
+ return v1.NDBuiltinCache(c)
}
// StrictBuiltinErrors tells the evaluator to treat all built-in function errors as fatal errors.
func StrictBuiltinErrors(yes bool) func(r *Rego) {
- return func(r *Rego) {
- r.strictBuiltinErrors = yes
- }
+ return v1.StrictBuiltinErrors(yes)
}
// BuiltinErrorList supplies an error slice to store built-in function errors.
func BuiltinErrorList(list *[]topdown.Error) func(r *Rego) {
- return func(r *Rego) {
- r.builtinErrorList = list
- }
+ return v1.BuiltinErrorList(list)
}
// Resolver sets a Resolver for a specified ref path.
func Resolver(ref ast.Ref, r resolver.Resolver) func(r *Rego) {
- return func(rego *Rego) {
- rego.resolvers = append(rego.resolvers, refResolver{ref, r})
- }
+ return v1.Resolver(ref, r)
}
// Schemas sets the schemaSet
func Schemas(x *ast.SchemaSet) func(r *Rego) {
- return func(r *Rego) {
- r.schemaSet = x
- }
+ return v1.Schemas(x)
}
// Capabilities configures the underlying compiler's capabilities.
// This option is ignored for module compilation if the caller supplies the
// compiler.
func Capabilities(c *ast.Capabilities) func(r *Rego) {
- return func(r *Rego) {
- r.capabilities = c
- }
+ return v1.Capabilities(c)
}
// Target sets the runtime to exercise.
func Target(t string) func(r *Rego) {
- return func(r *Rego) {
- r.target = t
- }
+ return v1.Target(t)
}
// GenerateJSON sets the AST to JSON converter for the results.
-func GenerateJSON(f func(*ast.Term, *EvalContext) (interface{}, error)) func(r *Rego) {
- return func(r *Rego) {
- r.generateJSON = f
- }
+func GenerateJSON(f func(*ast.Term, *EvalContext) (any, error)) func(r *Rego) {
+ return v1.GenerateJSON(f)
}
// PrintHook sets the object to use for handling print statement outputs.
func PrintHook(h print.Hook) func(r *Rego) {
- return func(r *Rego) {
- r.printHook = h
- }
+ return v1.PrintHook(h)
}
// DistributedTracingOpts sets the options to be used by distributed tracing.
func DistributedTracingOpts(tr tracing.Options) func(r *Rego) {
- return func(r *Rego) {
- r.distributedTacingOpts = tr
- }
+ return v1.DistributedTracingOpts(tr)
}
// EnablePrintStatements enables print() calls. If this option is not provided,
@@ -1223,1667 +564,65 @@ func DistributedTracingOpts(tr tracing.Options) func(r *Rego) {
// queries and policies that passed as raw strings, i.e., this function will not
// have any affect if the caller supplies the ast.Compiler instance.
func EnablePrintStatements(yes bool) func(r *Rego) {
- return func(r *Rego) {
- r.enablePrintStatements = yes
- }
+ return v1.EnablePrintStatements(yes)
}
// Strict enables or disables strict-mode in the compiler
func Strict(yes bool) func(r *Rego) {
- return func(r *Rego) {
- r.strict = yes
- }
+ return v1.Strict(yes)
}
func SetRegoVersion(version ast.RegoVersion) func(r *Rego) {
- return func(r *Rego) {
- r.regoVersion = version
- }
+ return v1.SetRegoVersion(version)
}
// New returns a new Rego object.
func New(options ...func(r *Rego)) *Rego {
-
- r := &Rego{
- parsedModules: map[string]*ast.Module{},
- capture: map[*ast.Expr]ast.Var{},
- compiledQueries: map[queryType]compiledQuery{},
- builtinDecls: map[string]*ast.Builtin{},
- builtinFuncs: map[string]*topdown.Builtin{},
- bundles: map[string]*bundle.Bundle{},
- }
-
- for _, option := range options {
- option(r)
- }
-
- if r.compiler == nil {
- r.compiler = ast.NewCompiler().
- WithUnsafeBuiltins(r.unsafeBuiltins).
- WithBuiltins(r.builtinDecls).
- WithDebug(r.dump).
- WithSchemas(r.schemaSet).
- WithCapabilities(r.capabilities).
- WithEnablePrintStatements(r.enablePrintStatements).
- WithStrict(r.strict).
- WithUseTypeCheckAnnotations(true)
-
- // topdown could be target "" or "rego", but both could be overridden by
- // a target plugin (checked below)
- if r.target == targetWasm {
- r.compiler = r.compiler.WithEvalMode(ast.EvalModeIR)
+ opts := make([]func(r *Rego), 0, len(options)+1)
+ opts = append(opts, options...)
+ opts = append(opts, func(r *Rego) {
+ if r.RegoVersion() == ast.RegoUndefined {
+ SetRegoVersion(ast.DefaultRegoVersion)(r)
}
- }
-
- if r.store == nil {
- r.store = inmem.NewWithOpts(inmem.OptReturnASTValuesOnRead(r.ownStoreReadAst))
- r.ownStore = true
- } else {
- r.ownStore = false
- }
-
- if r.metrics == nil {
- r.metrics = metrics.New()
- }
-
- if r.instrument {
- r.instrumentation = topdown.NewInstrumentation(r.metrics)
- r.compiler.WithMetrics(r.metrics)
- }
-
- if r.trace {
- r.tracebuf = topdown.NewBufferTracer()
- r.queryTracers = append(r.queryTracers, r.tracebuf)
- }
-
- if r.partialNamespace == "" {
- r.partialNamespace = defaultPartialNamespace
- }
-
- if r.generateJSON == nil {
- r.generateJSON = generateJSON
- }
-
- if r.pluginMgr != nil {
- for _, name := range r.pluginMgr.Plugins() {
- p := r.pluginMgr.Plugin(name)
- if p0, ok := p.(TargetPlugin); ok {
- r.plugins = append(r.plugins, p0)
- }
- }
- }
-
- if t := r.targetPlugin(r.target); t != nil {
- r.compiler = r.compiler.WithEvalMode(ast.EvalModeIR)
- }
-
- return r
-}
-
-// Eval evaluates this Rego object and returns a ResultSet.
-func (r *Rego) Eval(ctx context.Context) (ResultSet, error) {
- var err error
- var txnClose transactionCloser
- r.txn, txnClose, err = r.getTxn(ctx)
- if err != nil {
- return nil, err
- }
-
- pq, err := r.PrepareForEval(ctx)
- if err != nil {
- _ = txnClose(ctx, err) // Ignore error
- return nil, err
- }
-
- evalArgs := []EvalOption{
- EvalTransaction(r.txn),
- EvalMetrics(r.metrics),
- EvalInstrument(r.instrument),
- EvalTime(r.time),
- EvalInterQueryBuiltinCache(r.interQueryBuiltinCache),
- EvalInterQueryBuiltinValueCache(r.interQueryBuiltinValueCache),
- EvalSeed(r.seed),
- }
-
- if r.ndBuiltinCache != nil {
- evalArgs = append(evalArgs, EvalNDBuiltinCache(r.ndBuiltinCache))
- }
-
- for _, qt := range r.queryTracers {
- evalArgs = append(evalArgs, EvalQueryTracer(qt))
- }
-
- for i := range r.resolvers {
- evalArgs = append(evalArgs, EvalResolver(r.resolvers[i].ref, r.resolvers[i].r))
- }
-
- rs, err := pq.Eval(ctx, evalArgs...)
- txnErr := txnClose(ctx, err) // Always call closer
- if err == nil {
- err = txnErr
- }
- return rs, err
-}
-
-// PartialEval has been deprecated and renamed to PartialResult.
-func (r *Rego) PartialEval(ctx context.Context) (PartialResult, error) {
- return r.PartialResult(ctx)
-}
-
-// PartialResult partially evaluates this Rego object and returns a PartialResult.
-func (r *Rego) PartialResult(ctx context.Context) (PartialResult, error) {
- var err error
- var txnClose transactionCloser
- r.txn, txnClose, err = r.getTxn(ctx)
- if err != nil {
- return PartialResult{}, err
- }
-
- pq, err := r.PrepareForEval(ctx, WithPartialEval())
- txnErr := txnClose(ctx, err) // Always call closer
- if err != nil {
- return PartialResult{}, err
- }
- if txnErr != nil {
- return PartialResult{}, txnErr
- }
-
- pr := PartialResult{
- compiler: pq.r.compiler,
- store: pq.r.store,
- body: pq.r.parsedQuery,
- builtinDecls: pq.r.builtinDecls,
- builtinFuncs: pq.r.builtinFuncs,
- }
-
- return pr, nil
-}
-
-// Partial runs partial evaluation on r and returns the result.
-func (r *Rego) Partial(ctx context.Context) (*PartialQueries, error) {
- var err error
- var txnClose transactionCloser
- r.txn, txnClose, err = r.getTxn(ctx)
- if err != nil {
- return nil, err
- }
-
- pq, err := r.PrepareForPartial(ctx)
- if err != nil {
- _ = txnClose(ctx, err) // Ignore error
- return nil, err
- }
-
- evalArgs := []EvalOption{
- EvalTransaction(r.txn),
- EvalMetrics(r.metrics),
- EvalInstrument(r.instrument),
- EvalInterQueryBuiltinCache(r.interQueryBuiltinCache),
- EvalInterQueryBuiltinValueCache(r.interQueryBuiltinValueCache),
- }
-
- if r.ndBuiltinCache != nil {
- evalArgs = append(evalArgs, EvalNDBuiltinCache(r.ndBuiltinCache))
- }
-
- for _, t := range r.queryTracers {
- evalArgs = append(evalArgs, EvalQueryTracer(t))
- }
-
- for i := range r.resolvers {
- evalArgs = append(evalArgs, EvalResolver(r.resolvers[i].ref, r.resolvers[i].r))
- }
-
- pqs, err := pq.Partial(ctx, evalArgs...)
- txnErr := txnClose(ctx, err) // Always call closer
- if err == nil {
- err = txnErr
- }
- return pqs, err
+ })
+
+ return v1.New(opts...)
}
// CompileOption defines a function to set options on Compile calls.
-type CompileOption func(*CompileContext)
+type CompileOption = v1.CompileOption
// CompileContext contains options for Compile calls.
-type CompileContext struct {
- partial bool
-}
+type CompileContext = v1.CompileContext
// CompilePartial defines an option to control whether partial evaluation is run
// before the query is planned and compiled.
func CompilePartial(yes bool) CompileOption {
- return func(cfg *CompileContext) {
- cfg.partial = yes
- }
-}
-
-// Compile returns a compiled policy query.
-func (r *Rego) Compile(ctx context.Context, opts ...CompileOption) (*CompileResult, error) {
-
- var cfg CompileContext
-
- for _, opt := range opts {
- opt(&cfg)
- }
-
- var queries []ast.Body
- modules := make([]*ast.Module, 0, len(r.compiler.Modules))
-
- if cfg.partial {
-
- pq, err := r.Partial(ctx)
- if err != nil {
- return nil, err
- }
- if r.dump != nil {
- if len(pq.Queries) != 0 {
- msg := fmt.Sprintf("QUERIES (%d total):", len(pq.Queries))
- fmt.Fprintln(r.dump, msg)
- fmt.Fprintln(r.dump, strings.Repeat("-", len(msg)))
- for i := range pq.Queries {
- fmt.Println(pq.Queries[i])
- }
- fmt.Fprintln(r.dump)
- }
- if len(pq.Support) != 0 {
- msg := fmt.Sprintf("SUPPORT (%d total):", len(pq.Support))
- fmt.Fprintln(r.dump, msg)
- fmt.Fprintln(r.dump, strings.Repeat("-", len(msg)))
- for i := range pq.Support {
- fmt.Println(pq.Support[i])
- }
- fmt.Fprintln(r.dump)
- }
- }
-
- queries = pq.Queries
- modules = pq.Support
-
- for _, module := range r.compiler.Modules {
- modules = append(modules, module)
- }
- } else {
- var err error
- // If creating a new transaction it should be closed before calling the
- // planner to avoid holding open the transaction longer than needed.
- //
- // TODO(tsandall): in future, planner could make use of store, in which
- // case this will need to change.
- var txnClose transactionCloser
- r.txn, txnClose, err = r.getTxn(ctx)
- if err != nil {
- return nil, err
- }
-
- err = r.prepare(ctx, compileQueryType, nil)
- txnErr := txnClose(ctx, err) // Always call closer
- if err != nil {
- return nil, err
- }
- if txnErr != nil {
- return nil, err
- }
-
- for _, module := range r.compiler.Modules {
- modules = append(modules, module)
- }
-
- queries = []ast.Body{r.compiledQueries[compileQueryType].query}
- }
-
- if tgt := r.targetPlugin(r.target); tgt != nil {
- return nil, fmt.Errorf("unsupported for rego target plugins")
- }
-
- return r.compileWasm(modules, queries, compileQueryType) // TODO(sr) control flow is funky here
-}
-
-func (r *Rego) compileWasm(_ []*ast.Module, queries []ast.Body, qType queryType) (*CompileResult, error) {
- policy, err := r.planQuery(queries, qType)
- if err != nil {
- return nil, err
- }
-
- m, err := wasm.New().WithPolicy(policy).Compile()
- if err != nil {
- return nil, err
- }
-
- var out bytes.Buffer
- if err := encoding.WriteModule(&out, m); err != nil {
- return nil, err
- }
-
- return &CompileResult{
- Bytes: out.Bytes(),
- }, nil
+ return v1.CompilePartial(yes)
}
// PrepareOption defines a function to set an option to control
// the behavior of the Prepare call.
-type PrepareOption func(*PrepareConfig)
+type PrepareOption = v1.PrepareOption
// PrepareConfig holds settings to control the behavior of the
// Prepare call.
-type PrepareConfig struct {
- doPartialEval bool
- disableInlining *[]string
- builtinFuncs map[string]*topdown.Builtin
-}
+type PrepareConfig = v1.PrepareConfig
// WithPartialEval configures an option for PrepareForEval
// which will have it perform partial evaluation while preparing
// the query (similar to rego.Rego#PartialResult)
func WithPartialEval() PrepareOption {
- return func(p *PrepareConfig) {
- p.doPartialEval = true
- }
+ return v1.WithPartialEval()
}
// WithNoInline adds a set of paths to exclude from partial evaluation inlining.
func WithNoInline(paths []string) PrepareOption {
- return func(p *PrepareConfig) {
- p.disableInlining = &paths
- }
+ return v1.WithNoInline(paths)
}
// WithBuiltinFuncs carries the rego.Function{1,2,3} per-query function definitions
// to the target plugins.
func WithBuiltinFuncs(bis map[string]*topdown.Builtin) PrepareOption {
- return func(p *PrepareConfig) {
- if p.builtinFuncs == nil {
- p.builtinFuncs = make(map[string]*topdown.Builtin, len(bis))
- }
- for k, v := range bis {
- p.builtinFuncs[k] = v
- }
- }
-}
-
-// BuiltinFuncs allows retrieving the builtin funcs set via PrepareOption
-// WithBuiltinFuncs.
-func (p *PrepareConfig) BuiltinFuncs() map[string]*topdown.Builtin {
- return p.builtinFuncs
-}
-
-// PrepareForEval will parse inputs, modules, and query arguments in preparation
-// of evaluating them.
-func (r *Rego) PrepareForEval(ctx context.Context, opts ...PrepareOption) (PreparedEvalQuery, error) {
- if !r.hasQuery() {
- return PreparedEvalQuery{}, fmt.Errorf("cannot evaluate empty query")
- }
-
- pCfg := &PrepareConfig{}
- for _, o := range opts {
- o(pCfg)
- }
-
- var err error
- var txnClose transactionCloser
- r.txn, txnClose, err = r.getTxn(ctx)
- if err != nil {
- return PreparedEvalQuery{}, err
- }
-
- // If the caller wanted to do partial evaluation as part of preparation
- // do it now and use the new Rego object.
- if pCfg.doPartialEval {
-
- pr, err := r.partialResult(ctx, pCfg)
- if err != nil {
- _ = txnClose(ctx, err) // Ignore error
- return PreparedEvalQuery{}, err
- }
-
- // Prepare the new query using the result of partial evaluation
- pq, err := pr.Rego(Transaction(r.txn)).PrepareForEval(ctx)
- txnErr := txnClose(ctx, err)
- if err != nil {
- return pq, err
- }
- return pq, txnErr
- }
-
- err = r.prepare(ctx, evalQueryType, []extraStage{
- {
- after: "ResolveRefs",
- stage: ast.QueryCompilerStageDefinition{
- Name: "RewriteToCaptureValue",
- MetricName: "query_compile_stage_rewrite_to_capture_value",
- Stage: r.rewriteQueryToCaptureValue,
- },
- },
- })
- if err != nil {
- _ = txnClose(ctx, err) // Ignore error
- return PreparedEvalQuery{}, err
- }
-
- switch r.target {
- case targetWasm: // TODO(sr): make wasm a target plugin, too
-
- if r.hasWasmModule() {
- _ = txnClose(ctx, err) // Ignore error
- return PreparedEvalQuery{}, fmt.Errorf("wasm target not supported")
- }
-
- var modules []*ast.Module
- for _, module := range r.compiler.Modules {
- modules = append(modules, module)
- }
-
- queries := []ast.Body{r.compiledQueries[evalQueryType].query}
-
- e, err := opa.LookupEngine(targetWasm)
- if err != nil {
- return PreparedEvalQuery{}, err
- }
-
- // nolint: staticcheck // SA4006 false positive
- cr, err := r.compileWasm(modules, queries, evalQueryType)
- if err != nil {
- _ = txnClose(ctx, err) // Ignore error
- return PreparedEvalQuery{}, err
- }
-
- // nolint: staticcheck // SA4006 false positive
- data, err := r.store.Read(ctx, r.txn, storage.Path{})
- if err != nil {
- _ = txnClose(ctx, err) // Ignore error
- return PreparedEvalQuery{}, err
- }
-
- o, err := e.New().WithPolicyBytes(cr.Bytes).WithDataJSON(data).Init()
- if err != nil {
- _ = txnClose(ctx, err) // Ignore error
- return PreparedEvalQuery{}, err
- }
- r.opa = o
-
- case targetRego: // do nothing, don't lookup default plugin
- default: // either a specific plugin target, or one that is default
- if tgt := r.targetPlugin(r.target); tgt != nil {
- queries := []ast.Body{r.compiledQueries[evalQueryType].query}
- pol, err := r.planQuery(queries, evalQueryType)
- if err != nil {
- return PreparedEvalQuery{}, err
- }
- // always add the builtins provided via rego.FunctionN options
- opts = append(opts, WithBuiltinFuncs(r.builtinFuncs))
- r.targetPrepState, err = tgt.PrepareForEval(ctx, pol, opts...)
- if err != nil {
- return PreparedEvalQuery{}, err
- }
- }
- }
-
- txnErr := txnClose(ctx, err) // Always call closer
- if err != nil {
- return PreparedEvalQuery{}, err
- }
- if txnErr != nil {
- return PreparedEvalQuery{}, txnErr
- }
-
- return PreparedEvalQuery{preparedQuery{r, pCfg}}, err
-}
-
-// PrepareForPartial will parse inputs, modules, and query arguments in preparation
-// of partially evaluating them.
-func (r *Rego) PrepareForPartial(ctx context.Context, opts ...PrepareOption) (PreparedPartialQuery, error) {
- if !r.hasQuery() {
- return PreparedPartialQuery{}, fmt.Errorf("cannot evaluate empty query")
- }
-
- pCfg := &PrepareConfig{}
- for _, o := range opts {
- o(pCfg)
- }
-
- var err error
- var txnClose transactionCloser
- r.txn, txnClose, err = r.getTxn(ctx)
- if err != nil {
- return PreparedPartialQuery{}, err
- }
-
- err = r.prepare(ctx, partialQueryType, []extraStage{
- {
- after: "CheckSafety",
- stage: ast.QueryCompilerStageDefinition{
- Name: "RewriteEquals",
- MetricName: "query_compile_stage_rewrite_equals",
- Stage: r.rewriteEqualsForPartialQueryCompile,
- },
- },
- })
- txnErr := txnClose(ctx, err) // Always call closer
- if err != nil {
- return PreparedPartialQuery{}, err
- }
- if txnErr != nil {
- return PreparedPartialQuery{}, txnErr
- }
-
- return PreparedPartialQuery{preparedQuery{r, pCfg}}, err
-}
-
-func (r *Rego) prepare(ctx context.Context, qType queryType, extras []extraStage) error {
- var err error
-
- r.parsedInput, err = r.parseInput()
- if err != nil {
- return err
- }
-
- err = r.loadFiles(ctx, r.txn, r.metrics)
- if err != nil {
- return err
- }
-
- err = r.loadBundles(ctx, r.txn, r.metrics)
- if err != nil {
- return err
- }
-
- err = r.parseModules(ctx, r.txn, r.metrics)
- if err != nil {
- return err
- }
-
- // Compile the modules *before* the query, else functions
- // defined in the module won't be found...
- err = r.compileModules(ctx, r.txn, r.metrics)
- if err != nil {
- return err
- }
-
- imports, err := r.prepareImports()
- if err != nil {
- return err
- }
-
- queryImports := []*ast.Import{}
- for _, imp := range imports {
- path := imp.Path.Value.(ast.Ref)
- if path.HasPrefix([]*ast.Term{ast.FutureRootDocument}) || path.HasPrefix([]*ast.Term{ast.RegoRootDocument}) {
- queryImports = append(queryImports, imp)
- }
- }
-
- r.parsedQuery, err = r.parseQuery(queryImports, r.metrics)
- if err != nil {
- return err
- }
-
- err = r.compileAndCacheQuery(qType, r.parsedQuery, imports, r.metrics, extras)
- if err != nil {
- return err
- }
-
- return nil
-}
-
-func (r *Rego) parseModules(ctx context.Context, txn storage.Transaction, m metrics.Metrics) error {
- if len(r.modules) == 0 {
- return nil
- }
-
- ids, err := r.store.ListPolicies(ctx, txn)
- if err != nil {
- return err
- }
-
- m.Timer(metrics.RegoModuleParse).Start()
- defer m.Timer(metrics.RegoModuleParse).Stop()
- var errs Errors
-
- // Parse any modules that are saved to the store, but only if
- // another compile step is going to occur (ie. we have parsed modules
- // that need to be compiled).
- for _, id := range ids {
- // if it is already on the compiler we're using
- // then don't bother to re-parse it from source
- if _, haveMod := r.compiler.Modules[id]; haveMod {
- continue
- }
-
- bs, err := r.store.GetPolicy(ctx, txn, id)
- if err != nil {
- return err
- }
-
- parsed, err := ast.ParseModuleWithOpts(id, string(bs), ast.ParserOptions{RegoVersion: r.regoVersion})
- if err != nil {
- errs = append(errs, err)
- }
-
- r.parsedModules[id] = parsed
- }
-
- // Parse any passed in as arguments to the Rego object
- for _, module := range r.modules {
- p, err := module.ParseWithOpts(ast.ParserOptions{RegoVersion: r.regoVersion})
- if err != nil {
- switch errorWithType := err.(type) {
- case ast.Errors:
- for _, e := range errorWithType {
- errs = append(errs, e)
- }
- default:
- errs = append(errs, errorWithType)
- }
- }
- r.parsedModules[module.filename] = p
- }
-
- if len(errs) > 0 {
- return errs
- }
-
- return nil
-}
-
-func (r *Rego) loadFiles(ctx context.Context, txn storage.Transaction, m metrics.Metrics) error {
- if len(r.loadPaths.paths) == 0 {
- return nil
- }
-
- m.Timer(metrics.RegoLoadFiles).Start()
- defer m.Timer(metrics.RegoLoadFiles).Stop()
-
- result, err := loader.NewFileLoader().
- WithMetrics(m).
- WithProcessAnnotation(true).
- WithRegoVersion(r.regoVersion).
- Filtered(r.loadPaths.paths, r.loadPaths.filter)
- if err != nil {
- return err
- }
- for name, mod := range result.Modules {
- r.parsedModules[name] = mod.Parsed
- }
-
- if len(result.Documents) > 0 {
- err = r.store.Write(ctx, txn, storage.AddOp, storage.Path{}, result.Documents)
- if err != nil {
- return err
- }
- }
- return nil
-}
-
-func (r *Rego) loadBundles(_ context.Context, _ storage.Transaction, m metrics.Metrics) error {
- if len(r.bundlePaths) == 0 {
- return nil
- }
-
- m.Timer(metrics.RegoLoadBundles).Start()
- defer m.Timer(metrics.RegoLoadBundles).Stop()
-
- for _, path := range r.bundlePaths {
- bndl, err := loader.NewFileLoader().
- WithMetrics(m).
- WithProcessAnnotation(true).
- WithSkipBundleVerification(r.skipBundleVerification).
- WithRegoVersion(r.regoVersion).
- AsBundle(path)
- if err != nil {
- return fmt.Errorf("loading error: %s", err)
- }
- r.bundles[path] = bndl
- }
- return nil
-}
-
-func (r *Rego) parseInput() (ast.Value, error) {
- if r.parsedInput != nil {
- return r.parsedInput, nil
- }
- return r.parseRawInput(r.rawInput, r.metrics)
-}
-
-func (r *Rego) parseRawInput(rawInput *interface{}, m metrics.Metrics) (ast.Value, error) {
- var input ast.Value
-
- if rawInput == nil {
- return input, nil
- }
-
- m.Timer(metrics.RegoInputParse).Start()
- defer m.Timer(metrics.RegoInputParse).Stop()
-
- rawPtr := util.Reference(rawInput)
-
- // roundtrip through json: this turns slices (e.g. []string, []bool) into
- // []interface{}, the only array type ast.InterfaceToValue can work with
- if err := util.RoundTrip(rawPtr); err != nil {
- return nil, err
- }
-
- return ast.InterfaceToValue(*rawPtr)
-}
-
-func (r *Rego) parseQuery(queryImports []*ast.Import, m metrics.Metrics) (ast.Body, error) {
- if r.parsedQuery != nil {
- return r.parsedQuery, nil
- }
-
- m.Timer(metrics.RegoQueryParse).Start()
- defer m.Timer(metrics.RegoQueryParse).Stop()
-
- popts, err := future.ParserOptionsFromFutureImports(queryImports)
- if err != nil {
- return nil, err
- }
- popts.RegoVersion = r.regoVersion
- popts, err = parserOptionsFromRegoVersionImport(queryImports, popts)
- if err != nil {
- return nil, err
- }
- popts.SkipRules = true
- return ast.ParseBodyWithOpts(r.query, popts)
-}
-
-func parserOptionsFromRegoVersionImport(imports []*ast.Import, popts ast.ParserOptions) (ast.ParserOptions, error) {
- for _, imp := range imports {
- path := imp.Path.Value.(ast.Ref)
- if ast.Compare(path, ast.RegoV1CompatibleRef) == 0 {
- popts.RegoVersion = ast.RegoV1
- return popts, nil
- }
- }
- return popts, nil
-}
-
-func (r *Rego) compileModules(ctx context.Context, txn storage.Transaction, m metrics.Metrics) error {
-
- // Only compile again if there are new modules.
- if len(r.bundles) > 0 || len(r.parsedModules) > 0 {
-
- // The bundle.Activate call will activate any bundles passed in
- // (ie compile + handle data store changes), and include any of
- // the additional modules passed in. If no bundles are provided
- // it will only compile the passed in modules.
- // Use this as the single-point of compiling everything only a
- // single time.
- opts := &bundle.ActivateOpts{
- Ctx: ctx,
- Store: r.store,
- Txn: txn,
- Compiler: r.compilerForTxn(ctx, r.store, txn),
- Metrics: m,
- Bundles: r.bundles,
- ExtraModules: r.parsedModules,
- ParserOptions: ast.ParserOptions{RegoVersion: r.regoVersion},
- }
- err := bundle.Activate(opts)
- if err != nil {
- return err
- }
- }
-
- // Ensure all configured resolvers from the store are loaded. Skip if any were explicitly provided.
- if len(r.resolvers) == 0 {
- resolvers, err := bundleUtils.LoadWasmResolversFromStore(ctx, r.store, txn, r.bundles)
- if err != nil {
- return err
- }
-
- for _, rslvr := range resolvers {
- for _, ep := range rslvr.Entrypoints() {
- r.resolvers = append(r.resolvers, refResolver{ep, rslvr})
- }
- }
- }
- return nil
-}
-
-func (r *Rego) compileAndCacheQuery(qType queryType, query ast.Body, imports []*ast.Import, m metrics.Metrics, extras []extraStage) error {
- m.Timer(metrics.RegoQueryCompile).Start()
- defer m.Timer(metrics.RegoQueryCompile).Stop()
-
- cachedQuery, ok := r.compiledQueries[qType]
- if ok && cachedQuery.query != nil && cachedQuery.compiler != nil {
- return nil
- }
-
- qc, compiled, err := r.compileQuery(query, imports, m, extras)
- if err != nil {
- return err
- }
-
- // cache the query for future use
- r.compiledQueries[qType] = compiledQuery{
- query: compiled,
- compiler: qc,
- }
- return nil
-}
-
-func (r *Rego) prepareImports() ([]*ast.Import, error) {
- imports := r.parsedImports
-
- if len(r.imports) > 0 {
- s := make([]string, len(r.imports))
- for i := range r.imports {
- s[i] = fmt.Sprintf("import %v", r.imports[i])
- }
- parsed, err := ast.ParseImports(strings.Join(s, "\n"))
- if err != nil {
- return nil, err
- }
- imports = append(imports, parsed...)
- }
- return imports, nil
-}
-
-func (r *Rego) compileQuery(query ast.Body, imports []*ast.Import, _ metrics.Metrics, extras []extraStage) (ast.QueryCompiler, ast.Body, error) {
- var pkg *ast.Package
-
- if r.pkg != "" {
- var err error
- pkg, err = ast.ParsePackage(fmt.Sprintf("package %v", r.pkg))
- if err != nil {
- return nil, nil, err
- }
- } else {
- pkg = r.parsedPackage
- }
-
- qctx := ast.NewQueryContext().
- WithPackage(pkg).
- WithImports(imports)
-
- qc := r.compiler.QueryCompiler().
- WithContext(qctx).
- WithUnsafeBuiltins(r.unsafeBuiltins).
- WithEnablePrintStatements(r.enablePrintStatements).
- WithStrict(false)
-
- for _, extra := range extras {
- qc = qc.WithStageAfter(extra.after, extra.stage)
- }
-
- compiled, err := qc.Compile(query)
-
- return qc, compiled, err
-
-}
-
-func (r *Rego) eval(ctx context.Context, ectx *EvalContext) (ResultSet, error) {
- switch {
- case r.targetPrepState != nil: // target plugin flow
- var val ast.Value
- if r.runtime != nil {
- val = r.runtime.Value
- }
- s, err := r.targetPrepState.Eval(ctx, ectx, val)
- if err != nil {
- return nil, err
- }
- return r.valueToQueryResult(s, ectx)
- case r.target == targetWasm:
- return r.evalWasm(ctx, ectx)
- case r.target == targetRego: // continue
- }
-
- q := topdown.NewQuery(ectx.compiledQuery.query).
- WithQueryCompiler(ectx.compiledQuery.compiler).
- WithCompiler(r.compiler).
- WithStore(r.store).
- WithTransaction(ectx.txn).
- WithBuiltins(r.builtinFuncs).
- WithMetrics(ectx.metrics).
- WithInstrumentation(ectx.instrumentation).
- WithRuntime(r.runtime).
- WithIndexing(ectx.indexing).
- WithEarlyExit(ectx.earlyExit).
- WithInterQueryBuiltinCache(ectx.interQueryBuiltinCache).
- WithInterQueryBuiltinValueCache(ectx.interQueryBuiltinValueCache).
- WithStrictBuiltinErrors(r.strictBuiltinErrors).
- WithBuiltinErrorList(r.builtinErrorList).
- WithSeed(ectx.seed).
- WithPrintHook(ectx.printHook).
- WithDistributedTracingOpts(r.distributedTacingOpts).
- WithVirtualCache(ectx.virtualCache)
-
- if !ectx.time.IsZero() {
- q = q.WithTime(ectx.time)
- }
-
- if ectx.ndBuiltinCache != nil {
- q = q.WithNDBuiltinCache(ectx.ndBuiltinCache)
- }
-
- for i := range ectx.queryTracers {
- q = q.WithQueryTracer(ectx.queryTracers[i])
- }
-
- if ectx.parsedInput != nil {
- q = q.WithInput(ast.NewTerm(ectx.parsedInput))
- }
-
- for i := range ectx.resolvers {
- q = q.WithResolver(ectx.resolvers[i].ref, ectx.resolvers[i].r)
- }
-
- // Cancel query if context is cancelled or deadline is reached.
- c := topdown.NewCancel()
- q = q.WithCancel(c)
- exit := make(chan struct{})
- defer close(exit)
- go waitForDone(ctx, exit, func() {
- c.Cancel()
- })
-
- var rs ResultSet
- err := q.Iter(ctx, func(qr topdown.QueryResult) error {
- result, err := r.generateResult(qr, ectx)
- if err != nil {
- return err
- }
- rs = append(rs, result)
- return nil
- })
-
- if err != nil {
- return nil, err
- }
-
- if len(rs) == 0 {
- return nil, nil
- }
-
- return rs, nil
-}
-
-func (r *Rego) evalWasm(ctx context.Context, ectx *EvalContext) (ResultSet, error) {
- input := ectx.rawInput
- if ectx.parsedInput != nil {
- i := interface{}(ectx.parsedInput)
- input = &i
- }
- result, err := r.opa.Eval(ctx, opa.EvalOpts{
- Metrics: r.metrics,
- Input: input,
- Time: ectx.time,
- Seed: ectx.seed,
- InterQueryBuiltinCache: ectx.interQueryBuiltinCache,
- NDBuiltinCache: ectx.ndBuiltinCache,
- PrintHook: ectx.printHook,
- Capabilities: ectx.capabilities,
- })
- if err != nil {
- return nil, err
- }
-
- parsed, err := ast.ParseTerm(string(result.Result))
- if err != nil {
- return nil, err
- }
-
- return r.valueToQueryResult(parsed.Value, ectx)
-}
-
-func (r *Rego) valueToQueryResult(res ast.Value, ectx *EvalContext) (ResultSet, error) {
- resultSet, ok := res.(ast.Set)
- if !ok {
- return nil, fmt.Errorf("illegal result type")
- }
-
- if resultSet.Len() == 0 {
- return nil, nil
- }
-
- var rs ResultSet
- err := resultSet.Iter(func(term *ast.Term) error {
- obj, ok := term.Value.(ast.Object)
- if !ok {
- return fmt.Errorf("illegal result type")
- }
- qr := topdown.QueryResult{}
- obj.Foreach(func(k, v *ast.Term) {
- kvt := ast.VarTerm(string(k.Value.(ast.String)))
- qr[kvt.Value.(ast.Var)] = v
- })
- result, err := r.generateResult(qr, ectx)
- if err != nil {
- return err
- }
- rs = append(rs, result)
- return nil
- })
-
- return rs, err
-}
-
-func (r *Rego) generateResult(qr topdown.QueryResult, ectx *EvalContext) (Result, error) {
-
- rewritten := ectx.compiledQuery.compiler.RewrittenVars()
-
- result := newResult()
- for k, term := range qr {
- v, err := r.generateJSON(term, ectx)
- if err != nil {
- return result, err
- }
-
- if rw, ok := rewritten[k]; ok {
- k = rw
- }
- if isTermVar(k) || isTermWasmVar(k) || k.IsGenerated() || k.IsWildcard() {
- continue
- }
- result.Bindings[string(k)] = v
- }
-
- for _, expr := range ectx.compiledQuery.query {
- if expr.Generated {
- continue
- }
-
- if k, ok := r.capture[expr]; ok {
- v, err := r.generateJSON(qr[k], ectx)
- if err != nil {
- return result, err
- }
- result.Expressions = append(result.Expressions, newExpressionValue(expr, v))
- } else {
- result.Expressions = append(result.Expressions, newExpressionValue(expr, true))
- }
-
- }
- return result, nil
-}
-
-func (r *Rego) partialResult(ctx context.Context, pCfg *PrepareConfig) (PartialResult, error) {
-
- err := r.prepare(ctx, partialResultQueryType, []extraStage{
- {
- after: "ResolveRefs",
- stage: ast.QueryCompilerStageDefinition{
- Name: "RewriteForPartialEval",
- MetricName: "query_compile_stage_rewrite_for_partial_eval",
- Stage: r.rewriteQueryForPartialEval,
- },
- },
- })
- if err != nil {
- return PartialResult{}, err
- }
-
- ectx := &EvalContext{
- parsedInput: r.parsedInput,
- metrics: r.metrics,
- txn: r.txn,
- partialNamespace: r.partialNamespace,
- queryTracers: r.queryTracers,
- compiledQuery: r.compiledQueries[partialResultQueryType],
- instrumentation: r.instrumentation,
- indexing: true,
- resolvers: r.resolvers,
- capabilities: r.capabilities,
- strictBuiltinErrors: r.strictBuiltinErrors,
- }
-
- disableInlining := r.disableInlining
-
- if pCfg.disableInlining != nil {
- disableInlining = *pCfg.disableInlining
- }
-
- ectx.disableInlining, err = parseStringsToRefs(disableInlining)
- if err != nil {
- return PartialResult{}, err
- }
-
- pq, err := r.partial(ctx, ectx)
- if err != nil {
- return PartialResult{}, err
- }
-
- // Construct module for queries.
- id := fmt.Sprintf("__partialresult__%s__", ectx.partialNamespace)
-
- module, err := ast.ParseModule(id, "package "+ectx.partialNamespace)
- if err != nil {
- return PartialResult{}, fmt.Errorf("bad partial namespace")
- }
-
- module.Rules = make([]*ast.Rule, len(pq.Queries))
- for i, body := range pq.Queries {
- rule := &ast.Rule{
- Head: ast.NewHead(ast.Var("__result__"), nil, ast.Wildcard),
- Body: body,
- Module: module,
- }
- module.Rules[i] = rule
- if checkPartialResultForRecursiveRefs(body, rule.Path()) {
- return PartialResult{}, Errors{errPartialEvaluationNotEffective}
- }
- }
-
- // Update compiler with partial evaluation output.
- r.compiler.Modules[id] = module
- for i, module := range pq.Support {
- r.compiler.Modules[fmt.Sprintf("__partialsupport__%s__%d__", ectx.partialNamespace, i)] = module
- }
-
- r.metrics.Timer(metrics.RegoModuleCompile).Start()
- r.compilerForTxn(ctx, r.store, r.txn).Compile(r.compiler.Modules)
- r.metrics.Timer(metrics.RegoModuleCompile).Stop()
-
- if r.compiler.Failed() {
- return PartialResult{}, r.compiler.Errors
- }
-
- result := PartialResult{
- compiler: r.compiler,
- store: r.store,
- body: ast.MustParseBody(fmt.Sprintf("data.%v.__result__", ectx.partialNamespace)),
- builtinDecls: r.builtinDecls,
- builtinFuncs: r.builtinFuncs,
- }
-
- return result, nil
-}
-
-func (r *Rego) partial(ctx context.Context, ectx *EvalContext) (*PartialQueries, error) {
-
- var unknowns []*ast.Term
-
- switch {
- case ectx.parsedUnknowns != nil:
- unknowns = ectx.parsedUnknowns
- case ectx.unknowns != nil:
- unknowns = make([]*ast.Term, len(ectx.unknowns))
- for i := range ectx.unknowns {
- var err error
- unknowns[i], err = ast.ParseTerm(ectx.unknowns[i])
- if err != nil {
- return nil, err
- }
- }
- default:
- // Use input document as unknown if caller has not specified any.
- unknowns = []*ast.Term{ast.NewTerm(ast.InputRootRef)}
- }
-
- q := topdown.NewQuery(ectx.compiledQuery.query).
- WithQueryCompiler(ectx.compiledQuery.compiler).
- WithCompiler(r.compiler).
- WithStore(r.store).
- WithTransaction(ectx.txn).
- WithBuiltins(r.builtinFuncs).
- WithMetrics(ectx.metrics).
- WithInstrumentation(ectx.instrumentation).
- WithUnknowns(unknowns).
- WithDisableInlining(ectx.disableInlining).
- WithRuntime(r.runtime).
- WithIndexing(ectx.indexing).
- WithEarlyExit(ectx.earlyExit).
- WithPartialNamespace(ectx.partialNamespace).
- WithSkipPartialNamespace(r.skipPartialNamespace).
- WithShallowInlining(r.shallowInlining).
- WithInterQueryBuiltinCache(ectx.interQueryBuiltinCache).
- WithInterQueryBuiltinValueCache(ectx.interQueryBuiltinValueCache).
- WithStrictBuiltinErrors(ectx.strictBuiltinErrors).
- WithSeed(ectx.seed).
- WithPrintHook(ectx.printHook)
-
- if !ectx.time.IsZero() {
- q = q.WithTime(ectx.time)
- }
-
- if ectx.ndBuiltinCache != nil {
- q = q.WithNDBuiltinCache(ectx.ndBuiltinCache)
- }
-
- for i := range ectx.queryTracers {
- q = q.WithQueryTracer(ectx.queryTracers[i])
- }
-
- if ectx.parsedInput != nil {
- q = q.WithInput(ast.NewTerm(ectx.parsedInput))
- }
-
- for i := range ectx.resolvers {
- q = q.WithResolver(ectx.resolvers[i].ref, ectx.resolvers[i].r)
- }
-
- // Cancel query if context is cancelled or deadline is reached.
- c := topdown.NewCancel()
- q = q.WithCancel(c)
- exit := make(chan struct{})
- defer close(exit)
- go waitForDone(ctx, exit, func() {
- c.Cancel()
- })
-
- queries, support, err := q.PartialRun(ctx)
- if err != nil {
- return nil, err
- }
-
- // If the target rego-version is v0, and the rego.v1 import is available, then we attempt to apply it to support modules.
- if r.regoVersion == ast.RegoV0 && (r.capabilities == nil || r.capabilities.ContainsFeature(ast.FeatureRegoV1Import)) {
-
- for i, mod := range support {
- // We can't apply the RegoV0CompatV1 version to the support module if it contains rules or vars that
- // conflict with future keywords.
- applyRegoVersion := true
-
- ast.WalkRules(mod, func(r *ast.Rule) bool {
- name := r.Head.Name
- if name == "" && len(r.Head.Reference) > 0 {
- name = r.Head.Reference[0].Value.(ast.Var)
- }
- if ast.IsFutureKeyword(name.String()) {
- applyRegoVersion = false
- return true
- }
- return false
- })
-
- if applyRegoVersion {
- ast.WalkVars(mod, func(v ast.Var) bool {
- if ast.IsFutureKeyword(v.String()) {
- applyRegoVersion = false
- return true
- }
- return false
- })
- }
-
- if applyRegoVersion {
- support[i].SetRegoVersion(ast.RegoV0CompatV1)
- } else {
- support[i].SetRegoVersion(r.regoVersion)
- }
- }
- } else {
- // If the target rego-version is not v0, then we apply the target rego-version to the support modules.
- for i := range support {
- support[i].SetRegoVersion(r.regoVersion)
- }
- }
-
- pq := &PartialQueries{
- Queries: queries,
- Support: support,
- }
-
- return pq, nil
-}
-
-func (r *Rego) rewriteQueryToCaptureValue(_ ast.QueryCompiler, query ast.Body) (ast.Body, error) {
-
- checkCapture := iteration(query) || len(query) > 1
-
- for _, expr := range query {
-
- if expr.Negated {
- continue
- }
-
- if expr.IsAssignment() || expr.IsEquality() {
- continue
- }
-
- var capture *ast.Term
-
- // If the expression can be evaluated as a function, rewrite it to
- // capture the return value. E.g., neq(1,2) becomes neq(1,2,x) but
- // plus(1,2,x) does not get rewritten.
- switch terms := expr.Terms.(type) {
- case *ast.Term:
- capture = r.generateTermVar()
- expr.Terms = ast.Equality.Expr(terms, capture).Terms
- r.capture[expr] = capture.Value.(ast.Var)
- case []*ast.Term:
- tpe := r.compiler.TypeEnv.Get(terms[0])
- if !types.Void(tpe) && types.Arity(tpe) == len(terms)-1 {
- capture = r.generateTermVar()
- expr.Terms = append(terms, capture)
- r.capture[expr] = capture.Value.(ast.Var)
- }
- }
-
- if capture != nil && checkCapture {
- cpy := expr.Copy()
- cpy.Terms = capture
- cpy.Generated = true
- cpy.With = nil
- query.Append(cpy)
- }
- }
-
- return query, nil
-}
-
-func (r *Rego) rewriteQueryForPartialEval(_ ast.QueryCompiler, query ast.Body) (ast.Body, error) {
- if len(query) != 1 {
- return nil, fmt.Errorf("partial evaluation requires single ref (not multiple expressions)")
- }
-
- term, ok := query[0].Terms.(*ast.Term)
- if !ok {
- return nil, fmt.Errorf("partial evaluation requires ref (not expression)")
- }
-
- ref, ok := term.Value.(ast.Ref)
- if !ok {
- return nil, fmt.Errorf("partial evaluation requires ref (not %v)", ast.TypeName(term.Value))
- }
-
- if !ref.IsGround() {
- return nil, fmt.Errorf("partial evaluation requires ground ref")
- }
-
- return ast.NewBody(ast.Equality.Expr(ast.Wildcard, term)), nil
-}
-
-// rewriteEqualsForPartialQueryCompile will rewrite == to = in queries. Normally
-// this wouldn't be done, except for handling queries with the `Partial` API
-// where rewriting them can substantially simplify the result, and it is unlikely
-// that the caller would need expression values.
-func (r *Rego) rewriteEqualsForPartialQueryCompile(_ ast.QueryCompiler, query ast.Body) (ast.Body, error) {
- doubleEq := ast.Equal.Ref()
- unifyOp := ast.Equality.Ref()
- ast.WalkExprs(query, func(x *ast.Expr) bool {
- if x.IsCall() {
- operator := x.Operator()
- if operator.Equal(doubleEq) && len(x.Operands()) == 2 {
- x.SetOperator(ast.NewTerm(unifyOp))
- }
- }
- return false
- })
- return query, nil
-}
-
-func (r *Rego) generateTermVar() *ast.Term {
- r.termVarID++
- prefix := ast.WildcardPrefix
- if p := r.targetPlugin(r.target); p != nil {
- prefix = wasmVarPrefix
- } else if r.target == targetWasm {
- prefix = wasmVarPrefix
- }
- return ast.VarTerm(fmt.Sprintf("%sterm%v", prefix, r.termVarID))
-}
-
-func (r Rego) hasQuery() bool {
- return len(r.query) != 0 || len(r.parsedQuery) != 0
-}
-
-func (r Rego) hasWasmModule() bool {
- for _, b := range r.bundles {
- if len(b.WasmModules) > 0 {
- return true
- }
- }
- return false
-}
-
-type transactionCloser func(ctx context.Context, err error) error
-
-// getTxn will conditionally create a read or write transaction suitable for
-// the configured Rego object. The returned function should be used to close the txn
-// regardless of status.
-func (r *Rego) getTxn(ctx context.Context) (storage.Transaction, transactionCloser, error) {
-
- noopCloser := func(_ context.Context, _ error) error {
- return nil // no-op default
- }
-
- if r.txn != nil {
- // Externally provided txn
- return r.txn, noopCloser, nil
- }
-
- // Create a new transaction..
- params := storage.TransactionParams{}
-
- // Bundles and data paths may require writing data files or manifests to storage
- if len(r.bundles) > 0 || len(r.bundlePaths) > 0 || len(r.loadPaths.paths) > 0 {
-
- // If we were given a store we will *not* write to it, only do that on one
- // which was created automatically on behalf of the user.
- if !r.ownStore {
- return nil, noopCloser, errors.New("unable to start write transaction when store was provided")
- }
-
- params.Write = true
- }
-
- txn, err := r.store.NewTransaction(ctx, params)
- if err != nil {
- return nil, noopCloser, err
- }
-
- // Setup a closer function that will abort or commit as needed.
- closer := func(ctx context.Context, txnErr error) error {
- var err error
-
- if txnErr == nil && params.Write {
- err = r.store.Commit(ctx, txn)
- } else {
- r.store.Abort(ctx, txn)
- }
-
- // Clear the auto created transaction now that it is closed.
- r.txn = nil
-
- return err
- }
-
- return txn, closer, nil
-}
-
-func (r *Rego) compilerForTxn(ctx context.Context, store storage.Store, txn storage.Transaction) *ast.Compiler {
- // Update the compiler to have a valid path conflict check
- // for the current context and transaction.
- return r.compiler.WithPathConflictsCheck(storage.NonEmpty(ctx, store, txn))
-}
-
-func checkPartialResultForRecursiveRefs(body ast.Body, path ast.Ref) bool {
- var stop bool
- ast.WalkRefs(body, func(x ast.Ref) bool {
- if !stop {
- if path.HasPrefix(x) {
- stop = true
- }
- }
- return stop
- })
- return stop
-}
-
-func isTermVar(v ast.Var) bool {
- return strings.HasPrefix(string(v), ast.WildcardPrefix+"term")
-}
-
-func isTermWasmVar(v ast.Var) bool {
- return strings.HasPrefix(string(v), wasmVarPrefix+"term")
-}
-
-func waitForDone(ctx context.Context, exit chan struct{}, f func()) {
- select {
- case <-exit:
- return
- case <-ctx.Done():
- f()
- return
- }
-}
-
-type rawModule struct {
- filename string
- module string
-}
-
-func (m rawModule) Parse() (*ast.Module, error) {
- return ast.ParseModule(m.filename, m.module)
-}
-
-func (m rawModule) ParseWithOpts(opts ast.ParserOptions) (*ast.Module, error) {
- return ast.ParseModuleWithOpts(m.filename, m.module, opts)
-}
-
-type extraStage struct {
- after string
- stage ast.QueryCompilerStageDefinition
-}
-
-type refResolver struct {
- ref ast.Ref
- r resolver.Resolver
-}
-
-func iteration(x interface{}) bool {
-
- var stopped bool
-
- vis := ast.NewGenericVisitor(func(x interface{}) bool {
- switch x := x.(type) {
- case *ast.Term:
- if ast.IsComprehension(x.Value) {
- return true
- }
- case ast.Ref:
- if !stopped {
- if bi := ast.BuiltinMap[x.String()]; bi != nil {
- if bi.Relation {
- stopped = true
- return stopped
- }
- }
- for i := 1; i < len(x); i++ {
- if _, ok := x[i].Value.(ast.Var); ok {
- stopped = true
- return stopped
- }
- }
- }
- return stopped
- }
- return stopped
- })
-
- vis.Walk(x)
-
- return stopped
-}
-
-func parseStringsToRefs(s []string) ([]ast.Ref, error) {
-
- refs := make([]ast.Ref, len(s))
- for i := range refs {
- var err error
- refs[i], err = ast.ParseRef(s[i])
- if err != nil {
- return nil, err
- }
- }
-
- return refs, nil
-}
-
-// helper function to finish a built-in function call. If an error occurred,
-// wrap the error and return it. Otherwise, invoke the iterator if the result
-// was defined.
-func finishFunction(name string, bctx topdown.BuiltinContext, result *ast.Term, err error, iter func(*ast.Term) error) error {
- if err != nil {
- var e *HaltError
- if errors.As(err, &e) {
- tdErr := &topdown.Error{
- Code: topdown.BuiltinErr,
- Message: fmt.Sprintf("%v: %v", name, e.Error()),
- Location: bctx.Location,
- }
- return topdown.Halt{Err: tdErr.Wrap(e)}
- }
- tdErr := &topdown.Error{
- Code: topdown.BuiltinErr,
- Message: fmt.Sprintf("%v: %v", name, err.Error()),
- Location: bctx.Location,
- }
- return tdErr.Wrap(err)
- }
- if result == nil {
- return nil
- }
- return iter(result)
-}
-
-// helper function to return an option that sets a custom built-in function.
-func newFunction(decl *Function, f topdown.BuiltinFunc) func(*Rego) {
- return func(r *Rego) {
- r.builtinDecls[decl.Name] = &ast.Builtin{
- Name: decl.Name,
- Decl: decl.Decl,
- Nondeterministic: decl.Nondeterministic,
- }
- r.builtinFuncs[decl.Name] = &topdown.Builtin{
- Decl: r.builtinDecls[decl.Name],
- Func: f,
- }
- }
-}
-
-func generateJSON(term *ast.Term, ectx *EvalContext) (interface{}, error) {
- return ast.JSONWithOpt(term.Value,
- ast.JSONOpt{
- SortSets: ectx.sortSets,
- CopyMaps: ectx.copyMaps,
- })
-}
-
-func (r *Rego) planQuery(queries []ast.Body, evalQueryType queryType) (*ir.Policy, error) {
- modules := make([]*ast.Module, 0, len(r.compiler.Modules))
- for _, module := range r.compiler.Modules {
- modules = append(modules, module)
- }
-
- decls := make(map[string]*ast.Builtin, len(r.builtinDecls)+len(ast.BuiltinMap))
-
- for k, v := range ast.BuiltinMap {
- decls[k] = v
- }
-
- for k, v := range r.builtinDecls {
- decls[k] = v
- }
-
- const queryName = "eval" // NOTE(tsandall): the query name is arbitrary
-
- p := planner.New().
- WithQueries([]planner.QuerySet{
- {
- Name: queryName,
- Queries: queries,
- RewrittenVars: r.compiledQueries[evalQueryType].compiler.RewrittenVars(),
- },
- }).
- WithModules(modules).
- WithBuiltinDecls(decls).
- WithDebug(r.dump)
-
- policy, err := p.Plan()
- if err != nil {
- return nil, err
- }
- if r.dump != nil {
- fmt.Fprintln(r.dump, "PLAN:")
- fmt.Fprintln(r.dump, "-----")
- err = ir.Pretty(r.dump, policy)
- if err != nil {
- return nil, err
- }
- fmt.Fprintln(r.dump)
- }
- return policy, nil
+ return v1.WithBuiltinFuncs(bis)
}
diff --git a/vendor/github.com/open-policy-agent/opa/rego/resultset.go b/vendor/github.com/open-policy-agent/opa/rego/resultset.go
index e60fa6fbe4..5c03360dfa 100644
--- a/vendor/github.com/open-policy-agent/opa/rego/resultset.go
+++ b/vendor/github.com/open-policy-agent/opa/rego/resultset.go
@@ -1,90 +1,22 @@
package rego
import (
- "fmt"
-
- "github.com/open-policy-agent/opa/ast"
+ v1 "github.com/open-policy-agent/opa/v1/rego"
)
// ResultSet represents a collection of output from Rego evaluation. An empty
// result set represents an undefined query.
-type ResultSet []Result
+type ResultSet = v1.ResultSet
// Vars represents a collection of variable bindings. The keys are the variable
// names and the values are the binding values.
-type Vars map[string]interface{}
-
-// WithoutWildcards returns a copy of v with wildcard variables removed.
-func (v Vars) WithoutWildcards() Vars {
- n := Vars{}
- for k, v := range v {
- if ast.Var(k).IsWildcard() || ast.Var(k).IsGenerated() {
- continue
- }
- n[k] = v
- }
- return n
-}
+type Vars = v1.Vars
// Result defines the output of Rego evaluation.
-type Result struct {
- Expressions []*ExpressionValue `json:"expressions"`
- Bindings Vars `json:"bindings,omitempty"`
-}
-
-func newResult() Result {
- return Result{
- Bindings: Vars{},
- }
-}
+type Result = v1.Result
// Location defines a position in a Rego query or module.
-type Location struct {
- Row int `json:"row"`
- Col int `json:"col"`
-}
+type Location = v1.Location
// ExpressionValue defines the value of an expression in a Rego query.
-type ExpressionValue struct {
- Value interface{} `json:"value"`
- Text string `json:"text"`
- Location *Location `json:"location"`
-}
-
-func newExpressionValue(expr *ast.Expr, value interface{}) *ExpressionValue {
- result := &ExpressionValue{
- Value: value,
- }
- if expr.Location != nil {
- result.Text = string(expr.Location.Text)
- result.Location = &Location{
- Row: expr.Location.Row,
- Col: expr.Location.Col,
- }
- }
- return result
-}
-
-func (ev *ExpressionValue) String() string {
- return fmt.Sprint(ev.Value)
-}
-
-// Allowed is a helper method that'll return true if all of these conditions hold:
-// - the result set only has one element
-// - there is only one expression in the result set's only element
-// - that expression has the value `true`
-// - there are no bindings.
-//
-// If bindings are present, this will yield `false`: it would be a pitfall to
-// return `true` for a query like `data.authz.allow = x`, which always has result
-// set element with value true, but could also have a binding `x: false`.
-func (rs ResultSet) Allowed() bool {
- if len(rs) == 1 && len(rs[0].Bindings) == 0 {
- if exprs := rs[0].Expressions; len(exprs) == 1 {
- if b, ok := exprs[0].Value.(bool); ok {
- return b
- }
- }
- }
- return false
-}
+type ExpressionValue = v1.ExpressionValue
diff --git a/vendor/github.com/open-policy-agent/opa/storage/doc.go b/vendor/github.com/open-policy-agent/opa/storage/doc.go
index 6fa2f86d98..c33db689ed 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/doc.go
+++ b/vendor/github.com/open-policy-agent/opa/storage/doc.go
@@ -3,4 +3,8 @@
// license that can be found in the LICENSE file.
// Package storage exposes the policy engine's storage layer.
+//
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
package storage
diff --git a/vendor/github.com/open-policy-agent/opa/storage/errors.go b/vendor/github.com/open-policy-agent/opa/storage/errors.go
index 8c789052ed..1403b3a988 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/errors.go
+++ b/vendor/github.com/open-policy-agent/opa/storage/errors.go
@@ -5,118 +5,69 @@
package storage
import (
- "fmt"
+ v1 "github.com/open-policy-agent/opa/v1/storage"
)
const (
// InternalErr indicates an unknown, internal error has occurred.
- InternalErr = "storage_internal_error"
+ InternalErr = v1.InternalErr
// NotFoundErr indicates the path used in the storage operation does not
// locate a document.
- NotFoundErr = "storage_not_found_error"
+ NotFoundErr = v1.NotFoundErr
// WriteConflictErr indicates a write on the path enocuntered a conflicting
// value inside the transaction.
- WriteConflictErr = "storage_write_conflict_error"
+ WriteConflictErr = v1.WriteConflictErr
// InvalidPatchErr indicates an invalid patch/write was issued. The patch
// was rejected.
- InvalidPatchErr = "storage_invalid_patch_error"
+ InvalidPatchErr = v1.InvalidPatchErr
// InvalidTransactionErr indicates an invalid operation was performed
// inside of the transaction.
- InvalidTransactionErr = "storage_invalid_txn_error"
+ InvalidTransactionErr = v1.InvalidTransactionErr
// TriggersNotSupportedErr indicates the caller attempted to register a
// trigger against a store that does not support them.
- TriggersNotSupportedErr = "storage_triggers_not_supported_error"
+ TriggersNotSupportedErr = v1.TriggersNotSupportedErr
// WritesNotSupportedErr indicate the caller attempted to perform a write
// against a store that does not support them.
- WritesNotSupportedErr = "storage_writes_not_supported_error"
+ WritesNotSupportedErr = v1.WritesNotSupportedErr
// PolicyNotSupportedErr indicate the caller attempted to perform a policy
// management operation against a store that does not support them.
- PolicyNotSupportedErr = "storage_policy_not_supported_error"
+ PolicyNotSupportedErr = v1.PolicyNotSupportedErr
)
// Error is the error type returned by the storage layer.
-type Error struct {
- Code string `json:"code"`
- Message string `json:"message"`
-}
-
-func (err *Error) Error() string {
- if err.Message != "" {
- return fmt.Sprintf("%v: %v", err.Code, err.Message)
- }
- return err.Code
-}
+type Error = v1.Error
// IsNotFound returns true if this error is a NotFoundErr.
func IsNotFound(err error) bool {
- switch err := err.(type) {
- case *Error:
- return err.Code == NotFoundErr
- }
- return false
+ return v1.IsNotFound(err)
}
// IsWriteConflictError returns true if this error a WriteConflictErr.
func IsWriteConflictError(err error) bool {
- switch err := err.(type) {
- case *Error:
- return err.Code == WriteConflictErr
- }
- return false
+ return v1.IsWriteConflictError(err)
}
// IsInvalidPatch returns true if this error is a InvalidPatchErr.
func IsInvalidPatch(err error) bool {
- switch err := err.(type) {
- case *Error:
- return err.Code == InvalidPatchErr
- }
- return false
+ return v1.IsInvalidPatch(err)
}
// IsInvalidTransaction returns true if this error is a InvalidTransactionErr.
func IsInvalidTransaction(err error) bool {
- switch err := err.(type) {
- case *Error:
- return err.Code == InvalidTransactionErr
- }
- return false
+ return v1.IsInvalidTransaction(err)
}
// IsIndexingNotSupported is a stub for backwards-compatibility.
//
// Deprecated: We no longer return IndexingNotSupported errors, so it is
// unnecessary to check for them.
-func IsIndexingNotSupported(error) bool { return false }
-
-func writeConflictError(path Path) *Error {
- return &Error{
- Code: WriteConflictErr,
- Message: path.String(),
- }
-}
-
-func triggersNotSupportedError() *Error {
- return &Error{
- Code: TriggersNotSupportedErr,
- }
-}
-
-func writesNotSupportedError() *Error {
- return &Error{
- Code: WritesNotSupportedErr,
- }
-}
-
-func policyNotSupportedError() *Error {
- return &Error{
- Code: PolicyNotSupportedErr,
- }
+func IsIndexingNotSupported(err error) bool {
+ return v1.IsIndexingNotSupported(err)
}
diff --git a/vendor/github.com/open-policy-agent/opa/storage/inmem/doc.go b/vendor/github.com/open-policy-agent/opa/storage/inmem/doc.go
new file mode 100644
index 0000000000..5f536b66dd
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/storage/inmem/doc.go
@@ -0,0 +1,8 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
+package inmem
diff --git a/vendor/github.com/open-policy-agent/opa/storage/inmem/inmem.go b/vendor/github.com/open-policy-agent/opa/storage/inmem/inmem.go
index 9f5b8ba258..dabedd4ef8 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/inmem/inmem.go
+++ b/vendor/github.com/open-policy-agent/opa/storage/inmem/inmem.go
@@ -16,443 +16,41 @@
package inmem
import (
- "context"
- "fmt"
"io"
- "path/filepath"
- "strings"
- "sync"
- "sync/atomic"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/internal/merge"
"github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/storage/inmem"
)
// New returns an empty in-memory store.
func New() storage.Store {
- return NewWithOpts()
+ return v1.New()
}
// NewWithOpts returns an empty in-memory store, with extra options passed.
func NewWithOpts(opts ...Opt) storage.Store {
- s := &store{
- triggers: map[*handle]storage.TriggerConfig{},
- policies: map[string][]byte{},
- roundTripOnWrite: true,
- returnASTValuesOnRead: false,
- }
-
- for _, opt := range opts {
- opt(s)
- }
-
- if s.returnASTValuesOnRead {
- s.data = ast.NewObject()
- } else {
- s.data = map[string]interface{}{}
- }
-
- return s
+ return v1.NewWithOpts(opts...)
}
// NewFromObject returns a new in-memory store from the supplied data object.
-func NewFromObject(data map[string]interface{}) storage.Store {
- return NewFromObjectWithOpts(data)
+func NewFromObject(data map[string]any) storage.Store {
+ return v1.NewFromObject(data)
}
// NewFromObjectWithOpts returns a new in-memory store from the supplied data object, with the
// options passed.
-func NewFromObjectWithOpts(data map[string]interface{}, opts ...Opt) storage.Store {
- db := NewWithOpts(opts...)
- ctx := context.Background()
- txn, err := db.NewTransaction(ctx, storage.WriteParams)
- if err != nil {
- panic(err)
- }
- if err := db.Write(ctx, txn, storage.AddOp, storage.Path{}, data); err != nil {
- panic(err)
- }
- if err := db.Commit(ctx, txn); err != nil {
- panic(err)
- }
- return db
+func NewFromObjectWithOpts(data map[string]any, opts ...Opt) storage.Store {
+ return v1.NewFromObjectWithOpts(data, opts...)
}
// NewFromReader returns a new in-memory store from a reader that produces a
// JSON serialized object. This function is for test purposes.
func NewFromReader(r io.Reader) storage.Store {
- return NewFromReaderWithOpts(r)
+ return v1.NewFromReader(r)
}
// NewFromReader returns a new in-memory store from a reader that produces a
// JSON serialized object, with extra options. This function is for test purposes.
func NewFromReaderWithOpts(r io.Reader, opts ...Opt) storage.Store {
- d := util.NewJSONDecoder(r)
- var data map[string]interface{}
- if err := d.Decode(&data); err != nil {
- panic(err)
- }
- return NewFromObjectWithOpts(data, opts...)
-}
-
-type store struct {
- rmu sync.RWMutex // reader-writer lock
- wmu sync.Mutex // writer lock
- xid uint64 // last generated transaction id
- data interface{} // raw or AST data
- policies map[string][]byte // raw policies
- triggers map[*handle]storage.TriggerConfig // registered triggers
-
- // roundTripOnWrite, if true, means that every call to Write round trips the
- // data through JSON before adding the data to the store. Defaults to true.
- roundTripOnWrite bool
-
- // returnASTValuesOnRead, if true, means that the store will eagerly convert data to AST values,
- // and return them on Read.
- // FIXME: naming(?)
- returnASTValuesOnRead bool
-}
-
-type handle struct {
- db *store
-}
-
-func (db *store) NewTransaction(_ context.Context, params ...storage.TransactionParams) (storage.Transaction, error) {
- var write bool
- var ctx *storage.Context
- if len(params) > 0 {
- write = params[0].Write
- ctx = params[0].Context
- }
- xid := atomic.AddUint64(&db.xid, uint64(1))
- if write {
- db.wmu.Lock()
- } else {
- db.rmu.RLock()
- }
- return newTransaction(xid, write, ctx, db), nil
-}
-
-// Truncate implements the storage.Store interface. This method must be called within a transaction.
-func (db *store) Truncate(ctx context.Context, txn storage.Transaction, params storage.TransactionParams, it storage.Iterator) error {
- var update *storage.Update
- var err error
- mergedData := map[string]interface{}{}
-
- underlying, err := db.underlying(txn)
- if err != nil {
- return err
- }
-
- for {
- update, err = it.Next()
- if err != nil {
- break
- }
-
- if update.IsPolicy {
- err = underlying.UpsertPolicy(strings.TrimLeft(update.Path.String(), "/"), update.Value)
- if err != nil {
- return err
- }
- } else {
- var value interface{}
- err = util.Unmarshal(update.Value, &value)
- if err != nil {
- return err
- }
-
- var key []string
- dirpath := strings.TrimLeft(update.Path.String(), "/")
- if len(dirpath) > 0 {
- key = strings.Split(dirpath, "/")
- }
-
- if value != nil {
- obj, err := mktree(key, value)
- if err != nil {
- return err
- }
-
- merged, ok := merge.InterfaceMaps(mergedData, obj)
- if !ok {
- return fmt.Errorf("failed to insert data file from path %s", filepath.Join(key...))
- }
- mergedData = merged
- }
- }
- }
-
- if err != nil && err != io.EOF {
- return err
- }
-
- // For backwards compatibility, check if `RootOverwrite` was configured.
- if params.RootOverwrite {
- newPath, ok := storage.ParsePathEscaped("/")
- if !ok {
- return fmt.Errorf("storage path invalid: %v", newPath)
- }
- return underlying.Write(storage.AddOp, newPath, mergedData)
- }
-
- for _, root := range params.BasePaths {
- newPath, ok := storage.ParsePathEscaped("/" + root)
- if !ok {
- return fmt.Errorf("storage path invalid: %v", newPath)
- }
-
- if value, ok := lookup(newPath, mergedData); ok {
- if len(newPath) > 0 {
- if err := storage.MakeDir(ctx, db, txn, newPath[:len(newPath)-1]); err != nil {
- return err
- }
- }
- if err := underlying.Write(storage.AddOp, newPath, value); err != nil {
- return err
- }
- }
- }
- return nil
-}
-
-func (db *store) Commit(ctx context.Context, txn storage.Transaction) error {
- underlying, err := db.underlying(txn)
- if err != nil {
- return err
- }
- if underlying.write {
- db.rmu.Lock()
- event := underlying.Commit()
- db.runOnCommitTriggers(ctx, txn, event)
- // Mark the transaction stale after executing triggers, so they can
- // perform store operations if needed.
- underlying.stale = true
- db.rmu.Unlock()
- db.wmu.Unlock()
- } else {
- db.rmu.RUnlock()
- }
- return nil
-}
-
-func (db *store) Abort(_ context.Context, txn storage.Transaction) {
- underlying, err := db.underlying(txn)
- if err != nil {
- panic(err)
- }
- underlying.stale = true
- if underlying.write {
- db.wmu.Unlock()
- } else {
- db.rmu.RUnlock()
- }
-}
-
-func (db *store) ListPolicies(_ context.Context, txn storage.Transaction) ([]string, error) {
- underlying, err := db.underlying(txn)
- if err != nil {
- return nil, err
- }
- return underlying.ListPolicies(), nil
-}
-
-func (db *store) GetPolicy(_ context.Context, txn storage.Transaction, id string) ([]byte, error) {
- underlying, err := db.underlying(txn)
- if err != nil {
- return nil, err
- }
- return underlying.GetPolicy(id)
-}
-
-func (db *store) UpsertPolicy(_ context.Context, txn storage.Transaction, id string, bs []byte) error {
- underlying, err := db.underlying(txn)
- if err != nil {
- return err
- }
- return underlying.UpsertPolicy(id, bs)
-}
-
-func (db *store) DeletePolicy(_ context.Context, txn storage.Transaction, id string) error {
- underlying, err := db.underlying(txn)
- if err != nil {
- return err
- }
- if _, err := underlying.GetPolicy(id); err != nil {
- return err
- }
- return underlying.DeletePolicy(id)
-}
-
-func (db *store) Register(_ context.Context, txn storage.Transaction, config storage.TriggerConfig) (storage.TriggerHandle, error) {
- underlying, err := db.underlying(txn)
- if err != nil {
- return nil, err
- }
- if !underlying.write {
- return nil, &storage.Error{
- Code: storage.InvalidTransactionErr,
- Message: "triggers must be registered with a write transaction",
- }
- }
- h := &handle{db}
- db.triggers[h] = config
- return h, nil
-}
-
-func (db *store) Read(_ context.Context, txn storage.Transaction, path storage.Path) (interface{}, error) {
- underlying, err := db.underlying(txn)
- if err != nil {
- return nil, err
- }
-
- v, err := underlying.Read(path)
- if err != nil {
- return nil, err
- }
-
- return v, nil
-}
-
-func (db *store) Write(_ context.Context, txn storage.Transaction, op storage.PatchOp, path storage.Path, value interface{}) error {
- underlying, err := db.underlying(txn)
- if err != nil {
- return err
- }
- val := util.Reference(value)
- if db.roundTripOnWrite {
- if err := util.RoundTrip(val); err != nil {
- return err
- }
- }
- return underlying.Write(op, path, *val)
-}
-
-func (h *handle) Unregister(_ context.Context, txn storage.Transaction) {
- underlying, err := h.db.underlying(txn)
- if err != nil {
- panic(err)
- }
- if !underlying.write {
- panic(&storage.Error{
- Code: storage.InvalidTransactionErr,
- Message: "triggers must be unregistered with a write transaction",
- })
- }
- delete(h.db.triggers, h)
-}
-
-func (db *store) runOnCommitTriggers(ctx context.Context, txn storage.Transaction, event storage.TriggerEvent) {
- if db.returnASTValuesOnRead && len(db.triggers) > 0 {
- // FIXME: Not very performant for large data.
-
- dataEvents := make([]storage.DataEvent, 0, len(event.Data))
-
- for _, dataEvent := range event.Data {
- if astData, ok := dataEvent.Data.(ast.Value); ok {
- jsn, err := ast.ValueToInterface(astData, illegalResolver{})
- if err != nil {
- panic(err)
- }
- dataEvents = append(dataEvents, storage.DataEvent{
- Path: dataEvent.Path,
- Data: jsn,
- Removed: dataEvent.Removed,
- })
- } else {
- dataEvents = append(dataEvents, dataEvent)
- }
- }
-
- event = storage.TriggerEvent{
- Policy: event.Policy,
- Data: dataEvents,
- Context: event.Context,
- }
- }
-
- for _, t := range db.triggers {
- t.OnCommit(ctx, txn, event)
- }
-}
-
-type illegalResolver struct{}
-
-func (illegalResolver) Resolve(ref ast.Ref) (interface{}, error) {
- return nil, fmt.Errorf("illegal value: %v", ref)
-}
-
-func (db *store) underlying(txn storage.Transaction) (*transaction, error) {
- underlying, ok := txn.(*transaction)
- if !ok {
- return nil, &storage.Error{
- Code: storage.InvalidTransactionErr,
- Message: fmt.Sprintf("unexpected transaction type %T", txn),
- }
- }
- if underlying.db != db {
- return nil, &storage.Error{
- Code: storage.InvalidTransactionErr,
- Message: "unknown transaction",
- }
- }
- if underlying.stale {
- return nil, &storage.Error{
- Code: storage.InvalidTransactionErr,
- Message: "stale transaction",
- }
- }
- return underlying, nil
-}
-
-const rootMustBeObjectMsg = "root must be object"
-const rootCannotBeRemovedMsg = "root cannot be removed"
-
-func invalidPatchError(f string, a ...interface{}) *storage.Error {
- return &storage.Error{
- Code: storage.InvalidPatchErr,
- Message: fmt.Sprintf(f, a...),
- }
-}
-
-func mktree(path []string, value interface{}) (map[string]interface{}, error) {
- if len(path) == 0 {
- // For 0 length path the value is the full tree.
- obj, ok := value.(map[string]interface{})
- if !ok {
- return nil, invalidPatchError(rootMustBeObjectMsg)
- }
- return obj, nil
- }
-
- dir := map[string]interface{}{}
- for i := len(path) - 1; i > 0; i-- {
- dir[path[i]] = value
- value = dir
- dir = map[string]interface{}{}
- }
- dir[path[0]] = value
-
- return dir, nil
-}
-
-func lookup(path storage.Path, data map[string]interface{}) (interface{}, bool) {
- if len(path) == 0 {
- return data, true
- }
- for i := 0; i < len(path)-1; i++ {
- value, ok := data[path[i]]
- if !ok {
- return nil, false
- }
- obj, ok := value.(map[string]interface{})
- if !ok {
- return nil, false
- }
- data = obj
- }
- value, ok := data[path[len(path)-1]]
- return value, ok
+ return v1.NewFromReaderWithOpts(r, opts...)
}
diff --git a/vendor/github.com/open-policy-agent/opa/storage/inmem/opts.go b/vendor/github.com/open-policy-agent/opa/storage/inmem/opts.go
index 2239fc73a3..43f03ef27b 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/inmem/opts.go
+++ b/vendor/github.com/open-policy-agent/opa/storage/inmem/opts.go
@@ -1,7 +1,9 @@
package inmem
+import v1 "github.com/open-policy-agent/opa/v1/storage/inmem"
+
// An Opt modifies store at instantiation.
-type Opt func(*store)
+type Opt = v1.Opt
// OptRoundTripOnWrite sets whether incoming objects written to store are
// round-tripped through JSON to ensure they are serializable to JSON.
@@ -19,9 +21,7 @@ type Opt func(*store)
// and that mutations happening to the objects after they have been passed into
// Write() don't affect their logic.
func OptRoundTripOnWrite(enabled bool) Opt {
- return func(s *store) {
- s.roundTripOnWrite = enabled
- }
+ return v1.OptRoundTripOnWrite(enabled)
}
// OptReturnASTValuesOnRead sets whether data values added to the store should be
@@ -31,7 +31,5 @@ func OptRoundTripOnWrite(enabled bool) Opt {
// which may result in panics if the data is not valid. Callers should ensure that passed data
// can be serialized to AST values; otherwise, it's recommended to also enable OptRoundTripOnWrite.
func OptReturnASTValuesOnRead(enabled bool) Opt {
- return func(s *store) {
- s.returnASTValuesOnRead = enabled
- }
+ return v1.OptReturnASTValuesOnRead(enabled)
}
diff --git a/vendor/github.com/open-policy-agent/opa/storage/interface.go b/vendor/github.com/open-policy-agent/opa/storage/interface.go
index 6baca9a59f..0192c459c8 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/interface.go
+++ b/vendor/github.com/open-policy-agent/opa/storage/interface.go
@@ -5,243 +5,82 @@
package storage
import (
- "context"
-
- "github.com/open-policy-agent/opa/metrics"
+ v1 "github.com/open-policy-agent/opa/v1/storage"
)
// Transaction defines the interface that identifies a consistent snapshot over
// the policy engine's storage layer.
-type Transaction interface {
- ID() uint64
-}
+type Transaction = v1.Transaction
// Store defines the interface for the storage layer's backend.
-type Store interface {
- Trigger
- Policy
-
- // NewTransaction is called create a new transaction in the store.
- NewTransaction(context.Context, ...TransactionParams) (Transaction, error)
-
- // Read is called to fetch a document referred to by path.
- Read(context.Context, Transaction, Path) (interface{}, error)
-
- // Write is called to modify a document referred to by path.
- Write(context.Context, Transaction, PatchOp, Path, interface{}) error
-
- // Commit is called to finish the transaction. If Commit returns an error, the
- // transaction must be automatically aborted by the Store implementation.
- Commit(context.Context, Transaction) error
-
- // Truncate is called to make a copy of the underlying store, write documents in the new store
- // by creating multiple transactions in the new store as needed and finally swapping
- // over to the new storage instance. This method must be called within a transaction on the original store.
- Truncate(context.Context, Transaction, TransactionParams, Iterator) error
-
- // Abort is called to cancel the transaction.
- Abort(context.Context, Transaction)
-}
+type Store = v1.Store
// MakeDirer defines the interface a Store could realize to override the
// generic MakeDir functionality in storage.MakeDir
-type MakeDirer interface {
- MakeDir(context.Context, Transaction, Path) error
-}
+type MakeDirer = v1.MakeDirer
// TransactionParams describes a new transaction.
-type TransactionParams struct {
-
- // BasePaths indicates the top-level paths where write operations will be performed in this transaction.
- BasePaths []string
-
- // RootOverwrite is deprecated. Use BasePaths instead.
- RootOverwrite bool
-
- // Write indicates if this transaction will perform any write operations.
- Write bool
-
- // Context contains key/value pairs passed to triggers.
- Context *Context
-}
+type TransactionParams = v1.TransactionParams
// Context is a simple container for key/value pairs.
-type Context struct {
- values map[interface{}]interface{}
-}
+type Context = v1.Context
// NewContext returns a new context object.
func NewContext() *Context {
- return &Context{
- values: map[interface{}]interface{}{},
- }
-}
-
-// Get returns the key value in the context.
-func (ctx *Context) Get(key interface{}) interface{} {
- if ctx == nil {
- return nil
- }
- return ctx.values[key]
-}
-
-// Put adds a key/value pair to the context.
-func (ctx *Context) Put(key, value interface{}) {
- ctx.values[key] = value
-}
-
-var metricsKey = struct{}{}
-
-// WithMetrics allows passing metrics via the Context.
-// It puts the metrics object in the ctx, and returns the same
-// ctx (not a copy) for convenience.
-func (ctx *Context) WithMetrics(m metrics.Metrics) *Context {
- ctx.values[metricsKey] = m
- return ctx
-}
-
-// Metrics() allows using a Context's metrics. Returns nil if metrics
-// were not attached to the Context.
-func (ctx *Context) Metrics() metrics.Metrics {
- if m, ok := ctx.values[metricsKey]; ok {
- if met, ok := m.(metrics.Metrics); ok {
- return met
- }
- }
- return nil
+ return v1.NewContext()
}
// WriteParams specifies the TransactionParams for a write transaction.
-var WriteParams = TransactionParams{
- Write: true,
-}
+var WriteParams = v1.WriteParams
// PatchOp is the enumeration of supposed modifications.
-type PatchOp int
+type PatchOp = v1.PatchOp
// Patch supports add, remove, and replace operations.
const (
- AddOp PatchOp = iota
- RemoveOp = iota
- ReplaceOp = iota
+ AddOp = v1.AddOp
+ RemoveOp = v1.RemoveOp
+ ReplaceOp = v1.ReplaceOp
)
// WritesNotSupported provides a default implementation of the write
// interface which may be used if the backend does not support writes.
-type WritesNotSupported struct{}
-
-func (WritesNotSupported) Write(context.Context, Transaction, PatchOp, Path, interface{}) error {
- return writesNotSupportedError()
-}
+type WritesNotSupported = v1.WritesNotSupported
// Policy defines the interface for policy module storage.
-type Policy interface {
- ListPolicies(context.Context, Transaction) ([]string, error)
- GetPolicy(context.Context, Transaction, string) ([]byte, error)
- UpsertPolicy(context.Context, Transaction, string, []byte) error
- DeletePolicy(context.Context, Transaction, string) error
-}
+type Policy = v1.Policy
// PolicyNotSupported provides a default implementation of the policy interface
// which may be used if the backend does not support policy storage.
-type PolicyNotSupported struct{}
-
-// ListPolicies always returns a PolicyNotSupportedErr.
-func (PolicyNotSupported) ListPolicies(context.Context, Transaction) ([]string, error) {
- return nil, policyNotSupportedError()
-}
-
-// GetPolicy always returns a PolicyNotSupportedErr.
-func (PolicyNotSupported) GetPolicy(context.Context, Transaction, string) ([]byte, error) {
- return nil, policyNotSupportedError()
-}
-
-// UpsertPolicy always returns a PolicyNotSupportedErr.
-func (PolicyNotSupported) UpsertPolicy(context.Context, Transaction, string, []byte) error {
- return policyNotSupportedError()
-}
-
-// DeletePolicy always returns a PolicyNotSupportedErr.
-func (PolicyNotSupported) DeletePolicy(context.Context, Transaction, string) error {
- return policyNotSupportedError()
-}
+type PolicyNotSupported = v1.PolicyNotSupported
// PolicyEvent describes a change to a policy.
-type PolicyEvent struct {
- ID string
- Data []byte
- Removed bool
-}
+type PolicyEvent = v1.PolicyEvent
// DataEvent describes a change to a base data document.
-type DataEvent struct {
- Path Path
- Data interface{}
- Removed bool
-}
+type DataEvent = v1.DataEvent
// TriggerEvent describes the changes that caused the trigger to be invoked.
-type TriggerEvent struct {
- Policy []PolicyEvent
- Data []DataEvent
- Context *Context
-}
-
-// IsZero returns true if the TriggerEvent indicates no changes occurred. This
-// function is primarily for test purposes.
-func (e TriggerEvent) IsZero() bool {
- return !e.PolicyChanged() && !e.DataChanged()
-}
-
-// PolicyChanged returns true if the trigger was caused by a policy change.
-func (e TriggerEvent) PolicyChanged() bool {
- return len(e.Policy) > 0
-}
-
-// DataChanged returns true if the trigger was caused by a data change.
-func (e TriggerEvent) DataChanged() bool {
- return len(e.Data) > 0
-}
+type TriggerEvent = v1.TriggerEvent
// TriggerConfig contains the trigger registration configuration.
-type TriggerConfig struct {
-
- // OnCommit is invoked when a transaction is successfully committed. The
- // callback is invoked with a handle to the write transaction that
- // successfully committed before other clients see the changes.
- OnCommit func(context.Context, Transaction, TriggerEvent)
-}
+type TriggerConfig = v1.TriggerConfig
// Trigger defines the interface that stores implement to register for change
// notifications when the store is changed.
-type Trigger interface {
- Register(context.Context, Transaction, TriggerConfig) (TriggerHandle, error)
-}
+type Trigger = v1.Trigger
// TriggersNotSupported provides default implementations of the Trigger
// interface which may be used if the backend does not support triggers.
-type TriggersNotSupported struct{}
-
-// Register always returns an error indicating triggers are not supported.
-func (TriggersNotSupported) Register(context.Context, Transaction, TriggerConfig) (TriggerHandle, error) {
- return nil, triggersNotSupportedError()
-}
+type TriggersNotSupported = v1.TriggersNotSupported
// TriggerHandle defines the interface that can be used to unregister triggers that have
// been registered on a Store.
-type TriggerHandle interface {
- Unregister(context.Context, Transaction)
-}
+type TriggerHandle = v1.TriggerHandle
// Iterator defines the interface that can be used to read files from a directory starting with
// files at the base of the directory, then sub-directories etc.
-type Iterator interface {
- Next() (*Update, error)
-}
+type Iterator = v1.Iterator
// Update contains information about a file
-type Update struct {
- Path Path
- Value []byte
- IsPolicy bool
-}
+type Update = v1.Update
diff --git a/vendor/github.com/open-policy-agent/opa/storage/path.go b/vendor/github.com/open-policy-agent/opa/storage/path.go
index 02ef4cab40..91d4f34f2b 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/path.go
+++ b/vendor/github.com/open-policy-agent/opa/storage/path.go
@@ -5,150 +5,30 @@
package storage
import (
- "fmt"
- "net/url"
- "strconv"
- "strings"
-
"github.com/open-policy-agent/opa/ast"
+ v1 "github.com/open-policy-agent/opa/v1/storage"
)
// Path refers to a document in storage.
-type Path []string
+type Path = v1.Path
// ParsePath returns a new path for the given str.
func ParsePath(str string) (path Path, ok bool) {
- if len(str) == 0 {
- return nil, false
- }
- if str[0] != '/' {
- return nil, false
- }
- if len(str) == 1 {
- return Path{}, true
- }
- parts := strings.Split(str[1:], "/")
- return parts, true
+ return v1.ParsePath(str)
}
// ParsePathEscaped returns a new path for the given escaped str.
func ParsePathEscaped(str string) (path Path, ok bool) {
- path, ok = ParsePath(str)
- if !ok {
- return
- }
- for i := range path {
- segment, err := url.PathUnescape(path[i])
- if err == nil {
- path[i] = segment
- }
- }
- return
+ return v1.ParsePathEscaped(str)
}
// NewPathForRef returns a new path for the given ref.
func NewPathForRef(ref ast.Ref) (path Path, err error) {
-
- if len(ref) == 0 {
- return nil, fmt.Errorf("empty reference (indicates error in caller)")
- }
-
- if len(ref) == 1 {
- return Path{}, nil
- }
-
- path = make(Path, 0, len(ref)-1)
-
- for _, term := range ref[1:] {
- switch v := term.Value.(type) {
- case ast.String:
- path = append(path, string(v))
- case ast.Number:
- path = append(path, v.String())
- case ast.Boolean, ast.Null:
- return nil, &Error{
- Code: NotFoundErr,
- Message: fmt.Sprintf("%v: does not exist", ref),
- }
- case *ast.Array, ast.Object, ast.Set:
- return nil, fmt.Errorf("composites cannot be base document keys: %v", ref)
- default:
- return nil, fmt.Errorf("unresolved reference (indicates error in caller): %v", ref)
- }
- }
-
- return path, nil
-}
-
-// Compare performs lexigraphical comparison on p and other and returns -1 if p
-// is less than other, 0 if p is equal to other, or 1 if p is greater than
-// other.
-func (p Path) Compare(other Path) (cmp int) {
- min := len(p)
- if len(other) < min {
- min = len(other)
- }
- for i := 0; i < min; i++ {
- if cmp := strings.Compare(p[i], other[i]); cmp != 0 {
- return cmp
- }
- }
- if len(p) < len(other) {
- return -1
- }
- if len(p) == len(other) {
- return 0
- }
- return 1
-}
-
-// Equal returns true if p is the same as other.
-func (p Path) Equal(other Path) bool {
- return p.Compare(other) == 0
-}
-
-// HasPrefix returns true if p starts with other.
-func (p Path) HasPrefix(other Path) bool {
- if len(other) > len(p) {
- return false
- }
- for i := range other {
- if p[i] != other[i] {
- return false
- }
- }
- return true
-}
-
-// Ref returns a ref that represents p rooted at head.
-func (p Path) Ref(head *ast.Term) (ref ast.Ref) {
- ref = make(ast.Ref, len(p)+1)
- ref[0] = head
- for i := range p {
- idx, err := strconv.ParseInt(p[i], 10, 64)
- if err == nil {
- ref[i+1] = ast.UIntNumberTerm(uint64(idx))
- } else {
- ref[i+1] = ast.StringTerm(p[i])
- }
- }
- return ref
-}
-
-func (p Path) String() string {
- buf := make([]string, len(p))
- for i := range buf {
- buf[i] = url.PathEscape(p[i])
- }
- return "/" + strings.Join(buf, "/")
+ return v1.NewPathForRef(ref)
}
// MustParsePath returns a new Path for s. If s cannot be parsed, this function
// will panic. This is mostly for test purposes.
func MustParsePath(s string) Path {
- path, ok := ParsePath(s)
- if !ok {
- panic(s)
- }
- return path
+ return v1.MustParsePath(s)
}
diff --git a/vendor/github.com/open-policy-agent/opa/storage/storage.go b/vendor/github.com/open-policy-agent/opa/storage/storage.go
index 2f8a39c597..d1abc1046d 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/storage.go
+++ b/vendor/github.com/open-policy-agent/opa/storage/storage.go
@@ -7,85 +7,34 @@ package storage
import (
"context"
- "github.com/open-policy-agent/opa/ast"
+ v1 "github.com/open-policy-agent/opa/v1/storage"
)
// NewTransactionOrDie is a helper function to create a new transaction. If the
// storage layer cannot create a new transaction, this function will panic. This
// function should only be used for tests.
func NewTransactionOrDie(ctx context.Context, store Store, params ...TransactionParams) Transaction {
- txn, err := store.NewTransaction(ctx, params...)
- if err != nil {
- panic(err)
- }
- return txn
+ return v1.NewTransactionOrDie(ctx, store, params...)
}
// ReadOne is a convenience function to read a single value from the provided Store. It
// will create a new Transaction to perform the read with, and clean up after itself
// should an error occur.
-func ReadOne(ctx context.Context, store Store, path Path) (interface{}, error) {
- txn, err := store.NewTransaction(ctx)
- if err != nil {
- return nil, err
- }
- defer store.Abort(ctx, txn)
-
- return store.Read(ctx, txn, path)
+func ReadOne(ctx context.Context, store Store, path Path) (any, error) {
+ return v1.ReadOne(ctx, store, path)
}
// WriteOne is a convenience function to write a single value to the provided Store. It
// will create a new Transaction to perform the write with, and clean up after itself
// should an error occur.
-func WriteOne(ctx context.Context, store Store, op PatchOp, path Path, value interface{}) error {
- txn, err := store.NewTransaction(ctx, WriteParams)
- if err != nil {
- return err
- }
-
- if err := store.Write(ctx, txn, op, path, value); err != nil {
- store.Abort(ctx, txn)
- return err
- }
-
- return store.Commit(ctx, txn)
+func WriteOne(ctx context.Context, store Store, op PatchOp, path Path, value any) error {
+ return v1.WriteOne(ctx, store, op, path, value)
}
// MakeDir inserts an empty object at path. If the parent path does not exist,
// MakeDir will create it recursively.
func MakeDir(ctx context.Context, store Store, txn Transaction, path Path) error {
-
- // Allow the Store implementation to deal with this in its own way.
- if md, ok := store.(MakeDirer); ok {
- return md.MakeDir(ctx, txn, path)
- }
-
- if len(path) == 0 {
- return nil
- }
-
- node, err := store.Read(ctx, txn, path)
- if err != nil {
- if !IsNotFound(err) {
- return err
- }
-
- if err := MakeDir(ctx, store, txn, path[:len(path)-1]); err != nil {
- return err
- }
-
- return store.Write(ctx, txn, AddOp, path, map[string]interface{}{})
- }
-
- if _, ok := node.(map[string]interface{}); ok {
- return nil
- }
-
- if _, ok := node.(ast.Object); ok {
- return nil
- }
-
- return writeConflictError(path)
+ return v1.MakeDir(ctx, store, txn, path)
}
// Txn is a convenience function that executes f inside a new transaction
@@ -93,44 +42,12 @@ func MakeDir(ctx context.Context, store Store, txn Transaction, path Path) error
// aborted and the error is returned. Otherwise, the transaction is committed
// and the result of the commit is returned.
func Txn(ctx context.Context, store Store, params TransactionParams, f func(Transaction) error) error {
-
- txn, err := store.NewTransaction(ctx, params)
- if err != nil {
- return err
- }
-
- if err := f(txn); err != nil {
- store.Abort(ctx, txn)
- return err
- }
-
- return store.Commit(ctx, txn)
+ return v1.Txn(ctx, store, params, f)
}
// NonEmpty returns a function that tests if a path is non-empty. A
// path is non-empty if a Read on the path returns a value or a Read
// on any of the path prefixes returns a non-object value.
func NonEmpty(ctx context.Context, store Store, txn Transaction) func([]string) (bool, error) {
- return func(path []string) (bool, error) {
- if _, err := store.Read(ctx, txn, Path(path)); err == nil {
- return true, nil
- } else if !IsNotFound(err) {
- return false, err
- }
- for i := len(path) - 1; i > 0; i-- {
- val, err := store.Read(ctx, txn, Path(path[:i]))
- if err != nil && !IsNotFound(err) {
- return false, err
- } else if err == nil {
- if _, ok := val.(map[string]interface{}); ok {
- return false, nil
- }
- if _, ok := val.(ast.Object); ok {
- return false, nil
- }
- return true, nil
- }
- }
- return false, nil
- }
+ return v1.NonEmpty(ctx, store, txn)
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/builtins.go b/vendor/github.com/open-policy-agent/opa/topdown/builtins.go
index cf694d4331..f28c6c795d 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/builtins.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/builtins.go
@@ -5,219 +5,63 @@
package topdown
import (
- "context"
- "encoding/binary"
- "fmt"
- "io"
- "math/rand"
-
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/topdown/builtins"
- "github.com/open-policy-agent/opa/topdown/cache"
- "github.com/open-policy-agent/opa/topdown/print"
- "github.com/open-policy-agent/opa/tracing"
+ v1 "github.com/open-policy-agent/opa/v1/topdown"
)
type (
// Deprecated: Functional-style builtins are deprecated. Use BuiltinFunc instead.
- FunctionalBuiltin1 func(op1 ast.Value) (output ast.Value, err error)
+ FunctionalBuiltin1 = v1.FunctionalBuiltin1 //nolint:staticcheck // SA1019: Intentional use of deprecated type.
// Deprecated: Functional-style builtins are deprecated. Use BuiltinFunc instead.
- FunctionalBuiltin2 func(op1, op2 ast.Value) (output ast.Value, err error)
+ FunctionalBuiltin2 = v1.FunctionalBuiltin2 //nolint:staticcheck // SA1019: Intentional use of deprecated type.
// Deprecated: Functional-style builtins are deprecated. Use BuiltinFunc instead.
- FunctionalBuiltin3 func(op1, op2, op3 ast.Value) (output ast.Value, err error)
+ FunctionalBuiltin3 = v1.FunctionalBuiltin3 //nolint:staticcheck // SA1019: Intentional use of deprecated type.
// Deprecated: Functional-style builtins are deprecated. Use BuiltinFunc instead.
- FunctionalBuiltin4 func(op1, op2, op3, op4 ast.Value) (output ast.Value, err error)
+ FunctionalBuiltin4 = v1.FunctionalBuiltin4 //nolint:staticcheck // SA1019: Intentional use of deprecated type.
// BuiltinContext contains context from the evaluator that may be used by
// built-in functions.
- BuiltinContext struct {
- Context context.Context // request context that was passed when query started
- Metrics metrics.Metrics // metrics registry for recording built-in specific metrics
- Seed io.Reader // randomization source
- Time *ast.Term // wall clock time
- Cancel Cancel // atomic value that signals evaluation to halt
- Runtime *ast.Term // runtime information on the OPA instance
- Cache builtins.Cache // built-in function state cache
- InterQueryBuiltinCache cache.InterQueryCache // cross-query built-in function state cache
- InterQueryBuiltinValueCache cache.InterQueryValueCache // cross-query built-in function state value cache. this cache is useful for scenarios where the entry size cannot be calculated
- NDBuiltinCache builtins.NDBCache // cache for non-deterministic built-in state
- Location *ast.Location // location of built-in call
- Tracers []Tracer // Deprecated: Use QueryTracers instead
- QueryTracers []QueryTracer // tracer objects for trace() built-in function
- TraceEnabled bool // indicates whether tracing is enabled for the evaluation
- QueryID uint64 // identifies query being evaluated
- ParentID uint64 // identifies parent of query being evaluated
- PrintHook print.Hook // provides callback function to use for printing
- DistributedTracingOpts tracing.Options // options to be used by distributed tracing.
- rand *rand.Rand // randomization source for non-security-sensitive operations
- Capabilities *ast.Capabilities
- }
+ BuiltinContext = v1.BuiltinContext
// BuiltinFunc defines an interface for implementing built-in functions.
// The built-in function is called with the plugged operands from the call
// (including the output operands.) The implementation should evaluate the
// operands and invoke the iterator for each successful/defined output
// value.
- BuiltinFunc func(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error
+ BuiltinFunc = v1.BuiltinFunc
)
-// Rand returns a random number generator based on the Seed for this built-in
-// context. The random number will be re-used across multiple calls to this
-// function. If a random number generator cannot be created, an error is
-// returned.
-func (bctx *BuiltinContext) Rand() (*rand.Rand, error) {
-
- if bctx.rand != nil {
- return bctx.rand, nil
- }
-
- seed, err := readInt64(bctx.Seed)
- if err != nil {
- return nil, err
- }
-
- bctx.rand = rand.New(rand.NewSource(seed))
- return bctx.rand, nil
-}
-
// RegisterBuiltinFunc adds a new built-in function to the evaluation engine.
func RegisterBuiltinFunc(name string, f BuiltinFunc) {
- builtinFunctions[name] = builtinErrorWrapper(name, f)
+ v1.RegisterBuiltinFunc(name, f)
}
// Deprecated: Functional-style builtins are deprecated. Use RegisterBuiltinFunc instead.
func RegisterFunctionalBuiltin1(name string, fun FunctionalBuiltin1) {
- builtinFunctions[name] = functionalWrapper1(name, fun)
+ v1.RegisterFunctionalBuiltin1(name, fun)
}
// Deprecated: Functional-style builtins are deprecated. Use RegisterBuiltinFunc instead.
func RegisterFunctionalBuiltin2(name string, fun FunctionalBuiltin2) {
- builtinFunctions[name] = functionalWrapper2(name, fun)
+ v1.RegisterFunctionalBuiltin2(name, fun)
}
// Deprecated: Functional-style builtins are deprecated. Use RegisterBuiltinFunc instead.
func RegisterFunctionalBuiltin3(name string, fun FunctionalBuiltin3) {
- builtinFunctions[name] = functionalWrapper3(name, fun)
+ v1.RegisterFunctionalBuiltin3(name, fun)
}
// Deprecated: Functional-style builtins are deprecated. Use RegisterBuiltinFunc instead.
func RegisterFunctionalBuiltin4(name string, fun FunctionalBuiltin4) {
- builtinFunctions[name] = functionalWrapper4(name, fun)
+ v1.RegisterFunctionalBuiltin4(name, fun)
}
// GetBuiltin returns a built-in function implementation, nil if no built-in found.
func GetBuiltin(name string) BuiltinFunc {
- return builtinFunctions[name]
+ return v1.GetBuiltin(name)
}
// Deprecated: The BuiltinEmpty type is no longer needed. Use nil return values instead.
-type BuiltinEmpty struct{}
-
-func (BuiltinEmpty) Error() string {
- return ""
-}
-
-var builtinFunctions = map[string]BuiltinFunc{}
-
-func builtinErrorWrapper(name string, fn BuiltinFunc) BuiltinFunc {
- return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
- err := fn(bctx, args, iter)
- if err == nil {
- return nil
- }
- return handleBuiltinErr(name, bctx.Location, err)
- }
-}
-
-func functionalWrapper1(name string, fn FunctionalBuiltin1) BuiltinFunc {
- return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
- result, err := fn(args[0].Value)
- if err == nil {
- return iter(ast.NewTerm(result))
- }
- return handleBuiltinErr(name, bctx.Location, err)
- }
-}
-
-func functionalWrapper2(name string, fn FunctionalBuiltin2) BuiltinFunc {
- return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
- result, err := fn(args[0].Value, args[1].Value)
- if err == nil {
- return iter(ast.NewTerm(result))
- }
- return handleBuiltinErr(name, bctx.Location, err)
- }
-}
-
-func functionalWrapper3(name string, fn FunctionalBuiltin3) BuiltinFunc {
- return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
- result, err := fn(args[0].Value, args[1].Value, args[2].Value)
- if err == nil {
- return iter(ast.NewTerm(result))
- }
- return handleBuiltinErr(name, bctx.Location, err)
- }
-}
-
-func functionalWrapper4(name string, fn FunctionalBuiltin4) BuiltinFunc {
- return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
- result, err := fn(args[0].Value, args[1].Value, args[2].Value, args[3].Value)
- if err == nil {
- return iter(ast.NewTerm(result))
- }
- if _, empty := err.(BuiltinEmpty); empty {
- return nil
- }
- return handleBuiltinErr(name, bctx.Location, err)
- }
-}
-
-func handleBuiltinErr(name string, loc *ast.Location, err error) error {
- switch err := err.(type) {
- case BuiltinEmpty:
- return nil
- case *Error, Halt:
- return err
- case builtins.ErrOperand:
- e := &Error{
- Code: TypeErr,
- Message: fmt.Sprintf("%v: %v", name, err.Error()),
- Location: loc,
- }
- return e.Wrap(err)
- default:
- e := &Error{
- Code: BuiltinErr,
- Message: fmt.Sprintf("%v: %v", name, err.Error()),
- Location: loc,
- }
- return e.Wrap(err)
- }
-}
-
-func readInt64(r io.Reader) (int64, error) {
- bs := make([]byte, 8)
- n, err := io.ReadFull(r, bs)
- if n != len(bs) || err != nil {
- return 0, err
- }
- return int64(binary.BigEndian.Uint64(bs)), nil
-}
-
-// Used to get older-style (ast.Term, error) tuples out of newer functions.
-func getResult(fn BuiltinFunc, operands ...*ast.Term) (*ast.Term, error) {
- var result *ast.Term
- extractionFn := func(r *ast.Term) error {
- result = r
- return nil
- }
- err := fn(BuiltinContext{}, operands, extractionFn)
- if err != nil {
- return nil, err
- }
- return result, nil
-}
+type BuiltinEmpty = v1.Builtin
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/cache.go b/vendor/github.com/open-policy-agent/opa/topdown/cache.go
index 265457e02f..bb39df03e0 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/cache.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/cache.go
@@ -5,348 +5,15 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/util"
+ v1 "github.com/open-policy-agent/opa/v1/topdown"
)
// VirtualCache defines the interface for a cache that stores the results of
// evaluated virtual documents (rules).
// The cache is a stack of frames, where each frame is a mapping from references
// to values.
-type VirtualCache interface {
- // Push pushes a new, empty frame of value mappings onto the stack.
- Push()
-
- // Pop pops the top frame of value mappings from the stack, removing all associated entries.
- Pop()
-
- // Get returns the value associated with the given reference. The second return value
- // indicates whether the reference has a recorded 'undefined' result.
- Get(ref ast.Ref) (*ast.Term, bool)
-
- // Put associates the given reference with the given value. If the value is nil, the reference
- // is marked as having an 'undefined' result.
- Put(ref ast.Ref, value *ast.Term)
-
- // Keys returns the set of keys that have been cached for the active frame.
- Keys() []ast.Ref
-}
-
-type virtualCache struct {
- stack []*virtualCacheElem
-}
-
-type virtualCacheElem struct {
- value *ast.Term
- children *util.HashMap
- undefined bool
-}
+type VirtualCache = v1.VirtualCache
func NewVirtualCache() VirtualCache {
- cache := &virtualCache{}
- cache.Push()
- return cache
-}
-
-func (c *virtualCache) Push() {
- c.stack = append(c.stack, newVirtualCacheElem())
-}
-
-func (c *virtualCache) Pop() {
- c.stack = c.stack[:len(c.stack)-1]
-}
-
-// Returns the resolved value of the AST term and a flag indicating if the value
-// should be interpretted as undefined:
-//
-// nil, true indicates the ref is undefined
-// ast.Term, false indicates the ref is defined
-// nil, false indicates the ref has not been cached
-// ast.Term, true is impossible
-func (c *virtualCache) Get(ref ast.Ref) (*ast.Term, bool) {
- node := c.stack[len(c.stack)-1]
- for i := 0; i < len(ref); i++ {
- x, ok := node.children.Get(ref[i])
- if !ok {
- return nil, false
- }
- node = x.(*virtualCacheElem)
- }
- if node.undefined {
- return nil, true
- }
-
- return node.value, false
-}
-
-// If value is a nil pointer, set the 'undefined' flag on the cache element to
-// indicate that the Ref has resolved to undefined.
-func (c *virtualCache) Put(ref ast.Ref, value *ast.Term) {
- node := c.stack[len(c.stack)-1]
- for i := 0; i < len(ref); i++ {
- x, ok := node.children.Get(ref[i])
- if ok {
- node = x.(*virtualCacheElem)
- } else {
- next := newVirtualCacheElem()
- node.children.Put(ref[i], next)
- node = next
- }
- }
- if value != nil {
- node.value = value
- } else {
- node.undefined = true
- }
-}
-
-func (c *virtualCache) Keys() []ast.Ref {
- node := c.stack[len(c.stack)-1]
- return keysRecursive(nil, node)
-}
-
-func keysRecursive(root ast.Ref, node *virtualCacheElem) []ast.Ref {
- var keys []ast.Ref
- node.children.Iter(func(k, v util.T) bool {
- ref := root.Append(k.(*ast.Term))
- if v.(*virtualCacheElem).value != nil {
- keys = append(keys, ref)
- }
- if v.(*virtualCacheElem).children.Len() > 0 {
- keys = append(keys, keysRecursive(ref, v.(*virtualCacheElem))...)
- }
- return false
- })
- return keys
-}
-
-func newVirtualCacheElem() *virtualCacheElem {
- return &virtualCacheElem{children: newVirtualCacheHashMap()}
-}
-
-func newVirtualCacheHashMap() *util.HashMap {
- return util.NewHashMap(func(a, b util.T) bool {
- return a.(*ast.Term).Equal(b.(*ast.Term))
- }, func(x util.T) int {
- return x.(*ast.Term).Hash()
- })
-}
-
-// baseCache implements a trie structure to cache base documents read out of
-// storage. Values inserted into the cache may contain other values that were
-// previously inserted. In this case, the previous values are erased from the
-// structure.
-type baseCache struct {
- root *baseCacheElem
-}
-
-func newBaseCache() *baseCache {
- return &baseCache{
- root: newBaseCacheElem(),
- }
-}
-
-func (c *baseCache) Get(ref ast.Ref) ast.Value {
- node := c.root
- for i := 0; i < len(ref); i++ {
- node = node.children[ref[i].Value]
- if node == nil {
- return nil
- } else if node.value != nil {
- result, err := node.value.Find(ref[i+1:])
- if err != nil {
- return nil
- }
- return result
- }
- }
- return nil
-}
-
-func (c *baseCache) Put(ref ast.Ref, value ast.Value) {
- node := c.root
- for i := 0; i < len(ref); i++ {
- if child, ok := node.children[ref[i].Value]; ok {
- node = child
- } else {
- child := newBaseCacheElem()
- node.children[ref[i].Value] = child
- node = child
- }
- }
- node.set(value)
-}
-
-type baseCacheElem struct {
- value ast.Value
- children map[ast.Value]*baseCacheElem
-}
-
-func newBaseCacheElem() *baseCacheElem {
- return &baseCacheElem{
- children: map[ast.Value]*baseCacheElem{},
- }
-}
-
-func (e *baseCacheElem) set(value ast.Value) {
- e.value = value
- e.children = map[ast.Value]*baseCacheElem{}
-}
-
-type refStack struct {
- sl []refStackElem
-}
-
-type refStackElem struct {
- refs []ast.Ref
-}
-
-func newRefStack() *refStack {
- return &refStack{}
-}
-
-func (s *refStack) Push(refs []ast.Ref) {
- s.sl = append(s.sl, refStackElem{refs: refs})
-}
-
-func (s *refStack) Pop() {
- s.sl = s.sl[:len(s.sl)-1]
-}
-
-func (s *refStack) Prefixed(ref ast.Ref) bool {
- if s != nil {
- for i := len(s.sl) - 1; i >= 0; i-- {
- for j := range s.sl[i].refs {
- if ref.HasPrefix(s.sl[i].refs[j]) {
- return true
- }
- }
- }
- }
- return false
-}
-
-type comprehensionCache struct {
- stack []map[*ast.Term]*comprehensionCacheElem
-}
-
-type comprehensionCacheElem struct {
- value *ast.Term
- children *util.HashMap
-}
-
-func newComprehensionCache() *comprehensionCache {
- cache := &comprehensionCache{}
- cache.Push()
- return cache
-}
-
-func (c *comprehensionCache) Push() {
- c.stack = append(c.stack, map[*ast.Term]*comprehensionCacheElem{})
-}
-
-func (c *comprehensionCache) Pop() {
- c.stack = c.stack[:len(c.stack)-1]
-}
-
-func (c *comprehensionCache) Elem(t *ast.Term) (*comprehensionCacheElem, bool) {
- elem, ok := c.stack[len(c.stack)-1][t]
- return elem, ok
-}
-
-func (c *comprehensionCache) Set(t *ast.Term, elem *comprehensionCacheElem) {
- c.stack[len(c.stack)-1][t] = elem
-}
-
-func newComprehensionCacheElem() *comprehensionCacheElem {
- return &comprehensionCacheElem{children: newComprehensionCacheHashMap()}
-}
-
-func (c *comprehensionCacheElem) Get(key []*ast.Term) *ast.Term {
- node := c
- for i := 0; i < len(key); i++ {
- x, ok := node.children.Get(key[i])
- if !ok {
- return nil
- }
- node = x.(*comprehensionCacheElem)
- }
- return node.value
-}
-
-func (c *comprehensionCacheElem) Put(key []*ast.Term, value *ast.Term) {
- node := c
- for i := 0; i < len(key); i++ {
- x, ok := node.children.Get(key[i])
- if ok {
- node = x.(*comprehensionCacheElem)
- } else {
- next := newComprehensionCacheElem()
- node.children.Put(key[i], next)
- node = next
- }
- }
- node.value = value
-}
-
-func newComprehensionCacheHashMap() *util.HashMap {
- return util.NewHashMap(func(a, b util.T) bool {
- return a.(*ast.Term).Equal(b.(*ast.Term))
- }, func(x util.T) int {
- return x.(*ast.Term).Hash()
- })
-}
-
-type functionMocksStack struct {
- stack []*functionMocksElem
-}
-
-type functionMocksElem []frame
-
-type frame map[string]*ast.Term
-
-func newFunctionMocksStack() *functionMocksStack {
- stack := &functionMocksStack{}
- stack.Push()
- return stack
-}
-
-func newFunctionMocksElem() *functionMocksElem {
- return &functionMocksElem{}
-}
-
-func (s *functionMocksStack) Push() {
- s.stack = append(s.stack, newFunctionMocksElem())
-}
-
-func (s *functionMocksStack) Pop() {
- s.stack = s.stack[:len(s.stack)-1]
-}
-
-func (s *functionMocksStack) PopPairs() {
- current := s.stack[len(s.stack)-1]
- *current = (*current)[:len(*current)-1]
-}
-
-func (s *functionMocksStack) PutPairs(mocks [][2]*ast.Term) {
- el := frame{}
- for i := range mocks {
- el[mocks[i][0].Value.String()] = mocks[i][1]
- }
- s.Put(el)
-}
-
-func (s *functionMocksStack) Put(el frame) {
- current := s.stack[len(s.stack)-1]
- *current = append(*current, el)
-}
-
-func (s *functionMocksStack) Get(f ast.Ref) (*ast.Term, bool) {
- current := *s.stack[len(s.stack)-1]
- for i := len(current) - 1; i >= 0; i-- {
- if r, ok := current[i][f.String()]; ok {
- return r, true
- }
- }
- return nil, false
+ return v1.NewVirtualCache()
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/cancel.go b/vendor/github.com/open-policy-agent/opa/topdown/cancel.go
index 534e0799a1..395a14a80d 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/cancel.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/cancel.go
@@ -5,29 +5,14 @@
package topdown
import (
- "sync/atomic"
+ v1 "github.com/open-policy-agent/opa/v1/topdown"
)
// Cancel defines the interface for cancelling topdown queries. Cancel
// operations are thread-safe and idempotent.
-type Cancel interface {
- Cancel()
- Cancelled() bool
-}
-
-type cancel struct {
- flag int32
-}
+type Cancel = v1.Cancel
// NewCancel returns a new Cancel object.
func NewCancel() Cancel {
- return &cancel{}
-}
-
-func (c *cancel) Cancel() {
- atomic.StoreInt32(&c.flag, 1)
-}
-
-func (c *cancel) Cancelled() bool {
- return atomic.LoadInt32(&c.flag) != 0
+ return v1.NewCancel()
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/doc.go b/vendor/github.com/open-policy-agent/opa/topdown/doc.go
index 9aa7aa45c5..a303ef7886 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/doc.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/doc.go
@@ -7,4 +7,8 @@
// The topdown implementation is a modified version of the standard top-down
// evaluation algorithm used in Datalog. References and comprehensions are
// evaluated eagerly while all other terms are evaluated lazily.
+//
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
package topdown
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/errors.go b/vendor/github.com/open-policy-agent/opa/topdown/errors.go
index 918df6c853..47853ec6d1 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/errors.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/errors.go
@@ -5,145 +5,50 @@
package topdown
import (
- "errors"
- "fmt"
-
- "github.com/open-policy-agent/opa/ast"
+ v1 "github.com/open-policy-agent/opa/v1/topdown"
)
// Halt is a special error type that built-in function implementations return to indicate
// that policy evaluation should stop immediately.
-type Halt struct {
- Err error
-}
-
-func (h Halt) Error() string {
- return h.Err.Error()
-}
-
-func (h Halt) Unwrap() error { return h.Err }
+type Halt = v1.Halt
// Error is the error type returned by the Eval and Query functions when
// an evaluation error occurs.
-type Error struct {
- Code string `json:"code"`
- Message string `json:"message"`
- Location *ast.Location `json:"location,omitempty"`
- err error `json:"-"`
-}
+type Error = v1.Error
const (
// InternalErr represents an unknown evaluation error.
- InternalErr string = "eval_internal_error"
+ InternalErr = v1.InternalErr
// CancelErr indicates the evaluation process was cancelled.
- CancelErr string = "eval_cancel_error"
+ CancelErr = v1.CancelErr
// ConflictErr indicates a conflict was encountered during evaluation. For
// instance, a conflict occurs if a rule produces multiple, differing values
// for the same key in an object. Conflict errors indicate the policy does
// not account for the data loaded into the policy engine.
- ConflictErr string = "eval_conflict_error"
+ ConflictErr = v1.ConflictErr
// TypeErr indicates evaluation stopped because an expression was applied to
// a value of an inappropriate type.
- TypeErr string = "eval_type_error"
+ TypeErr = v1.TypeErr
// BuiltinErr indicates a built-in function received a semantically invalid
// input or encountered some kind of runtime error, e.g., connection
// timeout, connection refused, etc.
- BuiltinErr string = "eval_builtin_error"
+ BuiltinErr = v1.BuiltinErr
// WithMergeErr indicates that the real and replacement data could not be merged.
- WithMergeErr string = "eval_with_merge_error"
+ WithMergeErr = v1.WithMergeErr
)
// IsError returns true if the err is an Error.
func IsError(err error) bool {
- var e *Error
- return errors.As(err, &e)
+ return v1.IsError(err)
}
// IsCancel returns true if err was caused by cancellation.
func IsCancel(err error) bool {
- return errors.Is(err, &Error{Code: CancelErr})
-}
-
-// Is allows matching topdown errors using errors.Is (see IsCancel).
-func (e *Error) Is(target error) bool {
- var t *Error
- if errors.As(target, &t) {
- return (t.Code == "" || e.Code == t.Code) &&
- (t.Message == "" || e.Message == t.Message) &&
- (t.Location == nil || t.Location.Compare(e.Location) == 0)
- }
- return false
-}
-
-func (e *Error) Error() string {
- msg := fmt.Sprintf("%v: %v", e.Code, e.Message)
-
- if e.Location != nil {
- msg = e.Location.String() + ": " + msg
- }
-
- return msg
-}
-
-func (e *Error) Wrap(err error) *Error {
- e.err = err
- return e
-}
-
-func (e *Error) Unwrap() error {
- return e.err
-}
-
-func functionConflictErr(loc *ast.Location) error {
- return &Error{
- Code: ConflictErr,
- Location: loc,
- Message: "functions must not produce multiple outputs for same inputs",
- }
-}
-
-func completeDocConflictErr(loc *ast.Location) error {
- return &Error{
- Code: ConflictErr,
- Location: loc,
- Message: "complete rules must not produce multiple outputs",
- }
-}
-
-func objectDocKeyConflictErr(loc *ast.Location) error {
- return &Error{
- Code: ConflictErr,
- Location: loc,
- Message: "object keys must be unique",
- }
-}
-
-func unsupportedBuiltinErr(loc *ast.Location) error {
- return &Error{
- Code: InternalErr,
- Location: loc,
- Message: "unsupported built-in",
- }
-}
-
-func mergeConflictErr(loc *ast.Location) error {
- return &Error{
- Code: WithMergeErr,
- Location: loc,
- Message: "real and replacement data could not be merged",
- }
-}
-
-func internalErr(loc *ast.Location, msg string) error {
- return &Error{
- Code: InternalErr,
- Location: loc,
- Message: msg,
- }
+ return v1.IsCancel(err)
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/graphql.go b/vendor/github.com/open-policy-agent/opa/topdown/graphql.go
index 8fb1b58a76..d2254df1f0 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/graphql.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/graphql.go
@@ -9,15 +9,15 @@ import (
"fmt"
"strings"
- gqlast "github.com/open-policy-agent/opa/internal/gqlparser/ast"
- gqlparser "github.com/open-policy-agent/opa/internal/gqlparser/parser"
- gqlvalidator "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ gqlast "github.com/vektah/gqlparser/v2/ast"
+ gqlparser "github.com/vektah/gqlparser/v2/parser"
+ gqlvalidator "github.com/vektah/gqlparser/v2/validator"
// Side-effecting import. Triggers GraphQL library's validation rule init() functions.
- _ "github.com/open-policy-agent/opa/internal/gqlparser/validator/rules"
+ _ "github.com/vektah/gqlparser/v2/validator/rules"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
// Parses a GraphQL schema, and returns the GraphQL AST for the schema.
@@ -100,7 +100,7 @@ func convertSchema(schemaDoc *gqlast.SchemaDocument) (*gqlast.Schema, error) {
// Converts an ast.Object into a gqlast.QueryDocument object.
func objectToQueryDocument(value ast.Object) (*gqlast.QueryDocument, error) {
- // Convert ast.Term to interface{} for JSON encoding below.
+ // Convert ast.Term to any for JSON encoding below.
asJSON, err := ast.JSON(value)
if err != nil {
return nil, err
@@ -121,7 +121,7 @@ func objectToQueryDocument(value ast.Object) (*gqlast.QueryDocument, error) {
// Converts an ast.Object into a gqlast.SchemaDocument object.
func objectToSchemaDocument(value ast.Object) (*gqlast.SchemaDocument, error) {
- // Convert ast.Term to interface{} for JSON encoding below.
+ // Convert ast.Term to any for JSON encoding below.
asJSON, err := ast.JSON(value)
if err != nil {
return nil, err
@@ -160,7 +160,7 @@ func pruneIrrelevantGraphQLASTNodes(value ast.Value) ast.Value {
// Iterate over the array's elements, and do the following:
// - Drop any Nulls
// - Drop any any empty object/array value (after running the pruner)
- for i := 0; i < x.Len(); i++ {
+ for i := range x.Len() {
vTerm := x.Elem(i)
switch v := vTerm.Value.(type) {
case ast.Null:
@@ -295,7 +295,7 @@ func builtinGraphQLParseAndVerify(_ BuiltinContext, operands []*ast.Term, iter f
var err error
unverified := ast.ArrayTerm(
- ast.BooleanTerm(false),
+ ast.InternedBooleanTerm(false),
ast.NewTerm(ast.NewObject()),
ast.NewTerm(ast.NewObject()),
)
@@ -353,7 +353,7 @@ func builtinGraphQLParseAndVerify(_ BuiltinContext, operands []*ast.Term, iter f
// Construct return value.
verified := ast.ArrayTerm(
- ast.BooleanTerm(true),
+ ast.InternedBooleanTerm(true),
ast.NewTerm(queryResult),
ast.NewTerm(querySchema),
)
@@ -421,10 +421,10 @@ func builtinGraphQLIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*as
queryDoc, err = objectToQueryDocument(x)
default:
// Error if wrong type.
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
switch x := operands[1].Value.(type) {
@@ -434,23 +434,23 @@ func builtinGraphQLIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*as
schemaDoc, err = objectToSchemaDocument(x)
default:
// Error if wrong type.
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
// Validate the query against the schema, erroring if there's an issue.
schema, err := convertSchema(schemaDoc)
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
if err := validateQuery(schema, queryDoc); err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
// If we got this far, the GraphQL query passed validation.
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
}
func builtinGraphQLSchemaIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -464,15 +464,15 @@ func builtinGraphQLSchemaIsValid(_ BuiltinContext, operands []*ast.Term, iter fu
schemaDoc, err = objectToSchemaDocument(x)
default:
// Error if wrong type.
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
// Validate the schema, this determines the result
_, err = convertSchema(schemaDoc)
- return iter(ast.BooleanTerm(err == nil))
+ return iter(ast.InternedBooleanTerm(err == nil))
}
func init() {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/http.go b/vendor/github.com/open-policy-agent/opa/topdown/http.go
index 18bfd3c722..693ea4048c 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/http.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/http.go
@@ -5,1616 +5,13 @@
package topdown
import (
- "bytes"
- "context"
- "crypto/tls"
- "crypto/x509"
- "encoding/json"
- "fmt"
- "io"
- "math"
- "net"
- "net/http"
- "net/url"
- "os"
- "runtime"
- "strconv"
- "strings"
- "time"
-
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/internal/version"
- "github.com/open-policy-agent/opa/topdown/builtins"
- "github.com/open-policy-agent/opa/topdown/cache"
- "github.com/open-policy-agent/opa/tracing"
- "github.com/open-policy-agent/opa/util"
-)
-
-type cachingMode string
-
-const (
- defaultHTTPRequestTimeoutEnv = "HTTP_SEND_TIMEOUT"
- defaultCachingMode cachingMode = "serialized"
- cachingModeDeserialized cachingMode = "deserialized"
-)
-
-var defaultHTTPRequestTimeout = time.Second * 5
-
-var allowedKeyNames = [...]string{
- "method",
- "url",
- "body",
- "enable_redirect",
- "force_json_decode",
- "force_yaml_decode",
- "headers",
- "raw_body",
- "tls_use_system_certs",
- "tls_ca_cert",
- "tls_ca_cert_file",
- "tls_ca_cert_env_variable",
- "tls_client_cert",
- "tls_client_cert_file",
- "tls_client_cert_env_variable",
- "tls_client_key",
- "tls_client_key_file",
- "tls_client_key_env_variable",
- "tls_insecure_skip_verify",
- "tls_server_name",
- "timeout",
- "cache",
- "force_cache",
- "force_cache_duration_seconds",
- "raise_error",
- "caching_mode",
- "max_retry_attempts",
- "cache_ignored_headers",
-}
-
-// ref: https://www.rfc-editor.org/rfc/rfc7231#section-6.1
-var cacheableHTTPStatusCodes = [...]int{
- http.StatusOK,
- http.StatusNonAuthoritativeInfo,
- http.StatusNoContent,
- http.StatusPartialContent,
- http.StatusMultipleChoices,
- http.StatusMovedPermanently,
- http.StatusNotFound,
- http.StatusMethodNotAllowed,
- http.StatusGone,
- http.StatusRequestURITooLong,
- http.StatusNotImplemented,
-}
-
-var (
- allowedKeys = ast.NewSet()
- cacheableCodes = ast.NewSet()
- requiredKeys = ast.NewSet(ast.StringTerm("method"), ast.StringTerm("url"))
- httpSendLatencyMetricKey = "rego_builtin_" + strings.ReplaceAll(ast.HTTPSend.Name, ".", "_")
- httpSendInterQueryCacheHits = httpSendLatencyMetricKey + "_interquery_cache_hits"
+ v1 "github.com/open-policy-agent/opa/v1/topdown"
)
-type httpSendKey string
-
const (
- // httpSendBuiltinCacheKey is the key in the builtin context cache that
- // points to the http.send() specific cache resides at.
- httpSendBuiltinCacheKey httpSendKey = "HTTP_SEND_CACHE_KEY"
-
// HTTPSendInternalErr represents a runtime evaluation error.
- HTTPSendInternalErr string = "eval_http_send_internal_error"
+ HTTPSendInternalErr = v1.HTTPSendInternalErr
// HTTPSendNetworkErr represents a network error.
- HTTPSendNetworkErr string = "eval_http_send_network_error"
-
- // minRetryDelay is amount of time to backoff after the first failure.
- minRetryDelay = time.Millisecond * 100
-
- // maxRetryDelay is the upper bound of backoff delay.
- maxRetryDelay = time.Second * 60
+ HTTPSendNetworkErr = v1.HTTPSendNetworkErr
)
-
-func builtinHTTPSend(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
-
- obj, err := builtins.ObjectOperand(operands[0].Value, 1)
- if err != nil {
- return handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)
- }
-
- raiseError, err := getRaiseErrorValue(obj)
- if err != nil {
- return handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)
- }
-
- req, err := validateHTTPRequestOperand(operands[0], 1)
- if err != nil {
- if raiseError {
- return handleHTTPSendErr(bctx, err)
- }
-
- return iter(generateRaiseErrorResult(handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)))
- }
-
- result, err := getHTTPResponse(bctx, req)
- if err != nil {
- if raiseError {
- return handleHTTPSendErr(bctx, err)
- }
-
- result = generateRaiseErrorResult(err)
- }
- return iter(result)
-}
-
-func generateRaiseErrorResult(err error) *ast.Term {
- obj := ast.NewObject()
- obj.Insert(ast.StringTerm("status_code"), ast.IntNumberTerm(0))
-
- errObj := ast.NewObject()
-
- switch err.(type) {
- case *url.Error:
- errObj.Insert(ast.StringTerm("code"), ast.StringTerm(HTTPSendNetworkErr))
- default:
- errObj.Insert(ast.StringTerm("code"), ast.StringTerm(HTTPSendInternalErr))
- }
-
- errObj.Insert(ast.StringTerm("message"), ast.StringTerm(err.Error()))
- obj.Insert(ast.StringTerm("error"), ast.NewTerm(errObj))
-
- return ast.NewTerm(obj)
-}
-
-func getHTTPResponse(bctx BuiltinContext, req ast.Object) (*ast.Term, error) {
-
- bctx.Metrics.Timer(httpSendLatencyMetricKey).Start()
- defer bctx.Metrics.Timer(httpSendLatencyMetricKey).Stop()
-
- key, err := getKeyFromRequest(req)
- if err != nil {
- return nil, err
- }
-
- reqExecutor, err := newHTTPRequestExecutor(bctx, req, key)
- if err != nil {
- return nil, err
- }
- // Check if cache already has a response for this query
- // set headers to exclude cache_ignored_headers
- resp, err := reqExecutor.CheckCache()
- if err != nil {
- return nil, err
- }
-
- if resp == nil {
- httpResp, err := reqExecutor.ExecuteHTTPRequest()
- if err != nil {
- reqExecutor.InsertErrorIntoCache(err)
- return nil, err
- }
- defer util.Close(httpResp)
- // Add result to intra/inter-query cache.
- resp, err = reqExecutor.InsertIntoCache(httpResp)
- if err != nil {
- return nil, err
- }
- }
-
- return ast.NewTerm(resp), nil
-}
-
-// getKeyFromRequest returns a key to be used for caching HTTP responses
-// deletes headers from request object mentioned in cache_ignored_headers
-func getKeyFromRequest(req ast.Object) (ast.Object, error) {
- // deep copy so changes to key do not reflect in the request object
- key := req.Copy()
- cacheIgnoredHeadersTerm := req.Get(ast.StringTerm("cache_ignored_headers"))
- allHeadersTerm := req.Get(ast.StringTerm("headers"))
- // skip because no headers to delete
- if cacheIgnoredHeadersTerm == nil || allHeadersTerm == nil {
- // need to explicitly set cache_ignored_headers to null
- // equivalent requests might have different sets of exclusion lists
- key.Insert(ast.StringTerm("cache_ignored_headers"), ast.NullTerm())
- return key, nil
- }
- var cacheIgnoredHeaders []string
- var allHeaders map[string]interface{}
- err := ast.As(cacheIgnoredHeadersTerm.Value, &cacheIgnoredHeaders)
- if err != nil {
- return nil, err
- }
- err = ast.As(allHeadersTerm.Value, &allHeaders)
- if err != nil {
- return nil, err
- }
- for _, header := range cacheIgnoredHeaders {
- delete(allHeaders, header)
- }
- val, err := ast.InterfaceToValue(allHeaders)
- if err != nil {
- return nil, err
- }
- key.Insert(ast.StringTerm("headers"), ast.NewTerm(val))
- // remove cache_ignored_headers key
- key.Insert(ast.StringTerm("cache_ignored_headers"), ast.NullTerm())
- return key, nil
-}
-
-func init() {
- createAllowedKeys()
- createCacheableHTTPStatusCodes()
- initDefaults()
- RegisterBuiltinFunc(ast.HTTPSend.Name, builtinHTTPSend)
-}
-
-func handleHTTPSendErr(bctx BuiltinContext, err error) error {
- // Return HTTP client timeout errors in a generic error message to avoid confusion about what happened.
- // Do not do this if the builtin context was cancelled and is what caused the request to stop.
- if urlErr, ok := err.(*url.Error); ok && urlErr.Timeout() && bctx.Context.Err() == nil {
- err = fmt.Errorf("%s %s: request timed out", urlErr.Op, urlErr.URL)
- }
- if err := bctx.Context.Err(); err != nil {
- return Halt{
- Err: &Error{
- Code: CancelErr,
- Message: fmt.Sprintf("http.send: timed out (%s)", err.Error()),
- },
- }
- }
- return handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)
-}
-
-func initDefaults() {
- timeoutDuration := os.Getenv(defaultHTTPRequestTimeoutEnv)
- if timeoutDuration != "" {
- var err error
- defaultHTTPRequestTimeout, err = time.ParseDuration(timeoutDuration)
- if err != nil {
- // If it is set to something not valid don't let the process continue in a state
- // that will almost definitely give unexpected results by having it set at 0
- // which means no timeout..
- // This environment variable isn't considered part of the public API.
- // TODO(patrick-east): Remove the environment variable
- panic(fmt.Sprintf("invalid value for HTTP_SEND_TIMEOUT: %s", err))
- }
- }
-}
-
-func validateHTTPRequestOperand(term *ast.Term, pos int) (ast.Object, error) {
-
- obj, err := builtins.ObjectOperand(term.Value, pos)
- if err != nil {
- return nil, err
- }
-
- requestKeys := ast.NewSet(obj.Keys()...)
-
- invalidKeys := requestKeys.Diff(allowedKeys)
- if invalidKeys.Len() != 0 {
- return nil, builtins.NewOperandErr(pos, "invalid request parameters(s): %v", invalidKeys)
- }
-
- missingKeys := requiredKeys.Diff(requestKeys)
- if missingKeys.Len() != 0 {
- return nil, builtins.NewOperandErr(pos, "missing required request parameters(s): %v", missingKeys)
- }
-
- return obj, nil
-
-}
-
-// canonicalizeHeaders returns a copy of the headers where the keys are in
-// canonical HTTP form.
-func canonicalizeHeaders(headers map[string]interface{}) map[string]interface{} {
- canonicalized := map[string]interface{}{}
-
- for k, v := range headers {
- canonicalized[http.CanonicalHeaderKey(k)] = v
- }
-
- return canonicalized
-}
-
-// useSocket examines the url for "unix://" and returns a *http.Transport with
-// a DialContext that opens a socket (specified in the http call).
-// The url is expected to contain socket=/path/to/socket (url encoded)
-// Ex. "unix://localhost/end/point?socket=%2Ftmp%2Fhttp.sock"
-func useSocket(rawURL string, tlsConfig *tls.Config) (bool, string, *http.Transport) {
- u, err := url.Parse(rawURL)
- if err != nil {
- return false, "", nil
- }
-
- if u.Scheme != "unix" || u.RawQuery == "" {
- return false, rawURL, nil
- }
-
- v, err := url.ParseQuery(u.RawQuery)
- if err != nil {
- return false, rawURL, nil
- }
-
- // Rewrite URL targeting the UNIX domain socket.
- u.Scheme = "http"
-
- // Extract the path to the socket.
- // Only retrieve the first value. Subsequent values are ignored and removed
- // to prevent HTTP parameter pollution.
- socket := v.Get("socket")
- v.Del("socket")
- u.RawQuery = v.Encode()
-
- tr := http.DefaultTransport.(*http.Transport).Clone()
- tr.DialContext = func(ctx context.Context, _, _ string) (net.Conn, error) {
- return http.DefaultTransport.(*http.Transport).DialContext(ctx, "unix", socket)
- }
- tr.TLSClientConfig = tlsConfig
- tr.DisableKeepAlives = true
-
- return true, u.String(), tr
-}
-
-func verifyHost(bctx BuiltinContext, host string) error {
- if bctx.Capabilities == nil || bctx.Capabilities.AllowNet == nil {
- return nil
- }
-
- for _, allowed := range bctx.Capabilities.AllowNet {
- if allowed == host {
- return nil
- }
- }
-
- return fmt.Errorf("unallowed host: %s", host)
-}
-
-func verifyURLHost(bctx BuiltinContext, unverifiedURL string) error {
- // Eager return to avoid unnecessary URL parsing
- if bctx.Capabilities == nil || bctx.Capabilities.AllowNet == nil {
- return nil
- }
-
- parsedURL, err := url.Parse(unverifiedURL)
- if err != nil {
- return err
- }
-
- host := strings.Split(parsedURL.Host, ":")[0]
-
- return verifyHost(bctx, host)
-}
-
-func createHTTPRequest(bctx BuiltinContext, obj ast.Object) (*http.Request, *http.Client, error) {
- var url string
- var method string
-
- // Additional CA certificates loading options.
- var tlsCaCert []byte
- var tlsCaCertEnvVar string
- var tlsCaCertFile string
-
- // Client TLS certificate and key options. Each input source
- // comes in a matched pair.
- var tlsClientCert []byte
- var tlsClientKey []byte
-
- var tlsClientCertEnvVar string
- var tlsClientKeyEnvVar string
-
- var tlsClientCertFile string
- var tlsClientKeyFile string
-
- var tlsServerName string
- var body *bytes.Buffer
- var rawBody *bytes.Buffer
- var enableRedirect bool
- var tlsUseSystemCerts *bool
- var tlsConfig tls.Config
- var customHeaders map[string]interface{}
- var tlsInsecureSkipVerify bool
- timeout := defaultHTTPRequestTimeout
-
- for _, val := range obj.Keys() {
- key, err := ast.JSON(val.Value)
- if err != nil {
- return nil, nil, err
- }
-
- key = key.(string)
-
- var strVal string
-
- if s, ok := obj.Get(val).Value.(ast.String); ok {
- strVal = strings.Trim(string(s), "\"")
- } else {
- // Most parameters are strings, so consolidate the type checking.
- switch key {
- case "method",
- "url",
- "raw_body",
- "tls_ca_cert",
- "tls_ca_cert_file",
- "tls_ca_cert_env_variable",
- "tls_client_cert",
- "tls_client_cert_file",
- "tls_client_cert_env_variable",
- "tls_client_key",
- "tls_client_key_file",
- "tls_client_key_env_variable",
- "tls_server_name":
- return nil, nil, fmt.Errorf("%q must be a string", key)
- }
- }
-
- switch key {
- case "method":
- method = strings.ToUpper(strVal)
- case "url":
- err := verifyURLHost(bctx, strVal)
- if err != nil {
- return nil, nil, err
- }
- url = strVal
- case "enable_redirect":
- enableRedirect, err = strconv.ParseBool(obj.Get(val).String())
- if err != nil {
- return nil, nil, err
- }
- case "body":
- bodyVal := obj.Get(val).Value
- bodyValInterface, err := ast.JSON(bodyVal)
- if err != nil {
- return nil, nil, err
- }
-
- bodyValBytes, err := json.Marshal(bodyValInterface)
- if err != nil {
- return nil, nil, err
- }
- body = bytes.NewBuffer(bodyValBytes)
- case "raw_body":
- rawBody = bytes.NewBufferString(strVal)
- case "tls_use_system_certs":
- tempTLSUseSystemCerts, err := strconv.ParseBool(obj.Get(val).String())
- if err != nil {
- return nil, nil, err
- }
- tlsUseSystemCerts = &tempTLSUseSystemCerts
- case "tls_ca_cert":
- tlsCaCert = []byte(strVal)
- case "tls_ca_cert_file":
- tlsCaCertFile = strVal
- case "tls_ca_cert_env_variable":
- tlsCaCertEnvVar = strVal
- case "tls_client_cert":
- tlsClientCert = []byte(strVal)
- case "tls_client_cert_file":
- tlsClientCertFile = strVal
- case "tls_client_cert_env_variable":
- tlsClientCertEnvVar = strVal
- case "tls_client_key":
- tlsClientKey = []byte(strVal)
- case "tls_client_key_file":
- tlsClientKeyFile = strVal
- case "tls_client_key_env_variable":
- tlsClientKeyEnvVar = strVal
- case "tls_server_name":
- tlsServerName = strVal
- case "headers":
- headersVal := obj.Get(val).Value
- headersValInterface, err := ast.JSON(headersVal)
- if err != nil {
- return nil, nil, err
- }
- var ok bool
- customHeaders, ok = headersValInterface.(map[string]interface{})
- if !ok {
- return nil, nil, fmt.Errorf("invalid type for headers key")
- }
- case "tls_insecure_skip_verify":
- tlsInsecureSkipVerify, err = strconv.ParseBool(obj.Get(val).String())
- if err != nil {
- return nil, nil, err
- }
- case "timeout":
- timeout, err = parseTimeout(obj.Get(val).Value)
- if err != nil {
- return nil, nil, err
- }
- case "cache", "caching_mode",
- "force_cache", "force_cache_duration_seconds",
- "force_json_decode", "force_yaml_decode",
- "raise_error", "max_retry_attempts", "cache_ignored_headers": // no-op
- default:
- return nil, nil, fmt.Errorf("invalid parameter %q", key)
- }
- }
-
- isTLS := false
- client := &http.Client{
- Timeout: timeout,
- CheckRedirect: func(*http.Request, []*http.Request) error {
- return http.ErrUseLastResponse
- },
- }
-
- if tlsInsecureSkipVerify {
- isTLS = true
- tlsConfig.InsecureSkipVerify = tlsInsecureSkipVerify
- }
-
- if len(tlsClientCert) > 0 && len(tlsClientKey) > 0 {
- cert, err := tls.X509KeyPair(tlsClientCert, tlsClientKey)
- if err != nil {
- return nil, nil, err
- }
-
- isTLS = true
- tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
- }
-
- if tlsClientCertFile != "" && tlsClientKeyFile != "" {
- cert, err := tls.LoadX509KeyPair(tlsClientCertFile, tlsClientKeyFile)
- if err != nil {
- return nil, nil, err
- }
-
- isTLS = true
- tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
- }
-
- if tlsClientCertEnvVar != "" && tlsClientKeyEnvVar != "" {
- cert, err := tls.X509KeyPair(
- []byte(os.Getenv(tlsClientCertEnvVar)),
- []byte(os.Getenv(tlsClientKeyEnvVar)))
- if err != nil {
- return nil, nil, fmt.Errorf("cannot extract public/private key pair from envvars %q, %q: %w",
- tlsClientCertEnvVar, tlsClientKeyEnvVar, err)
- }
-
- isTLS = true
- tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
- }
-
- // Use system certs if no CA cert is provided
- // or system certs flag is not set
- if len(tlsCaCert) == 0 && tlsCaCertFile == "" && tlsCaCertEnvVar == "" && tlsUseSystemCerts == nil {
- trueValue := true
- tlsUseSystemCerts = &trueValue
- }
-
- // Check the system certificates config first so that we
- // load additional certificated into the correct pool.
- if tlsUseSystemCerts != nil && *tlsUseSystemCerts && runtime.GOOS != "windows" {
- pool, err := x509.SystemCertPool()
- if err != nil {
- return nil, nil, err
- }
-
- isTLS = true
- tlsConfig.RootCAs = pool
- }
-
- if len(tlsCaCert) != 0 {
- tlsCaCert = bytes.Replace(tlsCaCert, []byte("\\n"), []byte("\n"), -1)
- pool, err := addCACertsFromBytes(tlsConfig.RootCAs, tlsCaCert)
- if err != nil {
- return nil, nil, err
- }
-
- isTLS = true
- tlsConfig.RootCAs = pool
- }
-
- if tlsCaCertFile != "" {
- pool, err := addCACertsFromFile(tlsConfig.RootCAs, tlsCaCertFile)
- if err != nil {
- return nil, nil, err
- }
-
- isTLS = true
- tlsConfig.RootCAs = pool
- }
-
- if tlsCaCertEnvVar != "" {
- pool, err := addCACertsFromEnv(tlsConfig.RootCAs, tlsCaCertEnvVar)
- if err != nil {
- return nil, nil, err
- }
-
- isTLS = true
- tlsConfig.RootCAs = pool
- }
-
- if isTLS {
- if ok, parsedURL, tr := useSocket(url, &tlsConfig); ok {
- client.Transport = tr
- url = parsedURL
- } else {
- tr := http.DefaultTransport.(*http.Transport).Clone()
- tr.TLSClientConfig = &tlsConfig
- tr.DisableKeepAlives = true
- client.Transport = tr
- }
- } else {
- if ok, parsedURL, tr := useSocket(url, nil); ok {
- client.Transport = tr
- url = parsedURL
- }
- }
-
- // check if redirects are enabled
- if enableRedirect {
- client.CheckRedirect = func(req *http.Request, _ []*http.Request) error {
- return verifyURLHost(bctx, req.URL.String())
- }
- }
-
- if rawBody != nil {
- body = rawBody
- } else if body == nil {
- body = bytes.NewBufferString("")
- }
-
- // create the http request, use the builtin context's context to ensure
- // the request is cancelled if evaluation is cancelled.
- req, err := http.NewRequest(method, url, body)
- if err != nil {
- return nil, nil, err
- }
-
- req = req.WithContext(bctx.Context)
-
- // Add custom headers
- if len(customHeaders) != 0 {
- customHeaders = canonicalizeHeaders(customHeaders)
-
- for k, v := range customHeaders {
- header, ok := v.(string)
- if !ok {
- return nil, nil, fmt.Errorf("invalid type for headers value %q", v)
- }
-
- req.Header.Add(k, header)
- }
-
- // Don't overwrite or append to one that was set in the custom headers
- if _, hasUA := customHeaders["User-Agent"]; !hasUA {
- req.Header.Add("User-Agent", version.UserAgent)
- }
-
- // If the caller specifies the Host header, use it for the HTTP
- // request host and the TLS server name.
- if host, hasHost := customHeaders["Host"]; hasHost {
- host := host.(string) // We already checked that it's a string.
- req.Host = host
-
- // Only default the ServerName if the caller has
- // specified the host. If we don't specify anything,
- // Go will default to the target hostname. This name
- // is not the same as the default that Go populates
- // `req.Host` with, which is why we don't just set
- // this unconditionally.
- tlsConfig.ServerName = host
- }
- }
-
- if tlsServerName != "" {
- tlsConfig.ServerName = tlsServerName
- }
-
- if len(bctx.DistributedTracingOpts) > 0 {
- client.Transport = tracing.NewTransport(client.Transport, bctx.DistributedTracingOpts)
- }
-
- return req, client, nil
-}
-
-func executeHTTPRequest(req *http.Request, client *http.Client, inputReqObj ast.Object) (*http.Response, error) {
- var err error
- var retry int
-
- retry, err = getNumberValFromReqObj(inputReqObj, ast.StringTerm("max_retry_attempts"))
- if err != nil {
- return nil, err
- }
-
- for i := 0; true; i++ {
-
- var resp *http.Response
- resp, err = client.Do(req)
- if err == nil {
- return resp, nil
- }
-
- // final attempt
- if i == retry {
- break
- }
-
- if err == context.Canceled {
- return nil, err
- }
-
- delay := util.DefaultBackoff(float64(minRetryDelay), float64(maxRetryDelay), i)
- timer, timerCancel := util.TimerWithCancel(delay)
- select {
- case <-timer.C:
- case <-req.Context().Done():
- timerCancel() // explicitly cancel the timer.
- return nil, context.Canceled
- }
- }
- return nil, err
-}
-
-func isContentType(header http.Header, typ ...string) bool {
- for _, t := range typ {
- if strings.Contains(header.Get("Content-Type"), t) {
- return true
- }
- }
- return false
-}
-
-type httpSendCacheEntry struct {
- response *ast.Value
- error error
-}
-
-// The httpSendCache is used for intra-query caching of http.send results.
-type httpSendCache struct {
- entries *util.HashMap
-}
-
-func newHTTPSendCache() *httpSendCache {
- return &httpSendCache{
- entries: util.NewHashMap(valueEq, valueHash),
- }
-}
-
-func valueHash(v util.T) int {
- return ast.StringTerm(v.(ast.Value).String()).Hash()
-}
-
-func valueEq(a, b util.T) bool {
- av := a.(ast.Value)
- bv := b.(ast.Value)
- return av.String() == bv.String()
-}
-
-func (cache *httpSendCache) get(k ast.Value) *httpSendCacheEntry {
- if v, ok := cache.entries.Get(k); ok {
- v := v.(httpSendCacheEntry)
- return &v
- }
- return nil
-}
-
-func (cache *httpSendCache) putResponse(k ast.Value, v *ast.Value) {
- cache.entries.Put(k, httpSendCacheEntry{response: v})
-}
-
-func (cache *httpSendCache) putError(k ast.Value, v error) {
- cache.entries.Put(k, httpSendCacheEntry{error: v})
-}
-
-// In the BuiltinContext cache we only store a single entry that points to
-// our ValueMap which is the "real" http.send() cache.
-func getHTTPSendCache(bctx BuiltinContext) *httpSendCache {
- raw, ok := bctx.Cache.Get(httpSendBuiltinCacheKey)
- if !ok {
- // Initialize if it isn't there
- c := newHTTPSendCache()
- bctx.Cache.Put(httpSendBuiltinCacheKey, c)
- return c
- }
-
- c, ok := raw.(*httpSendCache)
- if !ok {
- return nil
- }
- return c
-}
-
-// checkHTTPSendCache checks for the given key's value in the cache
-func checkHTTPSendCache(bctx BuiltinContext, key ast.Object) (ast.Value, error) {
- requestCache := getHTTPSendCache(bctx)
- if requestCache == nil {
- return nil, nil
- }
-
- v := requestCache.get(key)
- if v != nil {
- if v.error != nil {
- return nil, v.error
- }
- if v.response != nil {
- return *v.response, nil
- }
- // This should never happen
- }
-
- return nil, nil
-}
-
-func insertIntoHTTPSendCache(bctx BuiltinContext, key ast.Object, value ast.Value) {
- requestCache := getHTTPSendCache(bctx)
- if requestCache == nil {
- // Should never happen.. if it does just skip caching the value
- // FIXME: return error instead, to prevent inconsistencies?
- return
- }
- requestCache.putResponse(key, &value)
-}
-
-func insertErrorIntoHTTPSendCache(bctx BuiltinContext, key ast.Object, err error) {
- requestCache := getHTTPSendCache(bctx)
- if requestCache == nil {
- // Should never happen.. if it does just skip caching the value
- // FIXME: return error instead, to prevent inconsistencies?
- return
- }
- requestCache.putError(key, err)
-}
-
-// checkHTTPSendInterQueryCache checks for the given key's value in the inter-query cache
-func (c *interQueryCache) checkHTTPSendInterQueryCache() (ast.Value, error) {
- requestCache := c.bctx.InterQueryBuiltinCache
-
- cachedValue, found := requestCache.Get(c.key)
- if !found {
- return nil, nil
- }
-
- value, cerr := requestCache.Clone(cachedValue)
- if cerr != nil {
- return nil, handleHTTPSendErr(c.bctx, cerr)
- }
-
- c.bctx.Metrics.Counter(httpSendInterQueryCacheHits).Incr()
- var cachedRespData *interQueryCacheData
-
- switch v := value.(type) {
- case *interQueryCacheValue:
- var err error
- cachedRespData, err = v.copyCacheData()
- if err != nil {
- return nil, err
- }
- case *interQueryCacheData:
- cachedRespData = v
- default:
- return nil, nil
- }
-
- if getCurrentTime(c.bctx).Before(cachedRespData.ExpiresAt) {
- return cachedRespData.formatToAST(c.forceJSONDecode, c.forceYAMLDecode)
- }
-
- var err error
- c.httpReq, c.httpClient, err = createHTTPRequest(c.bctx, c.key)
- if err != nil {
- return nil, handleHTTPSendErr(c.bctx, err)
- }
-
- headers := parseResponseHeaders(cachedRespData.Headers)
-
- // check with the server if the stale response is still up-to-date.
- // If server returns a new response (ie. status_code=200), update the cache with the new response
- // If server returns an unmodified response (ie. status_code=304), update the headers for the existing response
- result, modified, err := revalidateCachedResponse(c.httpReq, c.httpClient, c.key, headers)
- requestCache.Delete(c.key)
- if err != nil || result == nil {
- return nil, err
- }
-
- defer result.Body.Close()
-
- if !modified {
- // update the headers in the cached response with their corresponding values from the 304 (Not Modified) response
- for headerName, values := range result.Header {
- cachedRespData.Headers.Del(headerName)
- for _, v := range values {
- cachedRespData.Headers.Add(headerName, v)
- }
- }
-
- if forceCaching(c.forceCacheParams) {
- createdAt := getCurrentTime(c.bctx)
- cachedRespData.ExpiresAt = createdAt.Add(time.Second * time.Duration(c.forceCacheParams.forceCacheDurationSeconds))
- } else {
- expiresAt, err := expiryFromHeaders(result.Header)
- if err != nil {
- return nil, err
- }
- cachedRespData.ExpiresAt = expiresAt
- }
-
- cachingMode, err := getCachingMode(c.key)
- if err != nil {
- return nil, err
- }
-
- var pcv cache.InterQueryCacheValue
-
- if cachingMode == defaultCachingMode {
- pcv, err = cachedRespData.toCacheValue()
- if err != nil {
- return nil, err
- }
- } else {
- pcv = cachedRespData
- }
-
- c.bctx.InterQueryBuiltinCache.InsertWithExpiry(c.key, pcv, cachedRespData.ExpiresAt)
-
- return cachedRespData.formatToAST(c.forceJSONDecode, c.forceYAMLDecode)
- }
-
- newValue, respBody, err := formatHTTPResponseToAST(result, c.forceJSONDecode, c.forceYAMLDecode)
- if err != nil {
- return nil, err
- }
-
- if err := insertIntoHTTPSendInterQueryCache(c.bctx, c.key, result, respBody, c.forceCacheParams); err != nil {
- return nil, err
- }
-
- return newValue, nil
-}
-
-// insertIntoHTTPSendInterQueryCache inserts given key and value in the inter-query cache
-func insertIntoHTTPSendInterQueryCache(bctx BuiltinContext, key ast.Value, resp *http.Response, respBody []byte, cacheParams *forceCacheParams) error {
- if resp == nil || (!forceCaching(cacheParams) && !canStore(resp.Header)) || !cacheableCodes.Contains(ast.IntNumberTerm(resp.StatusCode)) {
- return nil
- }
-
- requestCache := bctx.InterQueryBuiltinCache
-
- obj, ok := key.(ast.Object)
- if !ok {
- return fmt.Errorf("interface conversion error")
- }
-
- cachingMode, err := getCachingMode(obj)
- if err != nil {
- return err
- }
-
- var pcv cache.InterQueryCacheValue
- var pcvData *interQueryCacheData
- if cachingMode == defaultCachingMode {
- pcv, pcvData, err = newInterQueryCacheValue(bctx, resp, respBody, cacheParams)
- } else {
- pcvData, err = newInterQueryCacheData(bctx, resp, respBody, cacheParams)
- pcv = pcvData
- }
-
- if err != nil {
- return err
- }
-
- requestCache.InsertWithExpiry(key, pcv, pcvData.ExpiresAt)
- return nil
-}
-
-func createAllowedKeys() {
- for _, element := range allowedKeyNames {
- allowedKeys.Add(ast.StringTerm(element))
- }
-}
-
-func createCacheableHTTPStatusCodes() {
- for _, element := range cacheableHTTPStatusCodes {
- cacheableCodes.Add(ast.IntNumberTerm(element))
- }
-}
-
-func parseTimeout(timeoutVal ast.Value) (time.Duration, error) {
- var timeout time.Duration
- switch t := timeoutVal.(type) {
- case ast.Number:
- timeoutInt, ok := t.Int64()
- if !ok {
- return timeout, fmt.Errorf("invalid timeout number value %v, must be int64", timeoutVal)
- }
- return time.Duration(timeoutInt), nil
- case ast.String:
- // Support strings without a unit, treat them the same as just a number value (ns)
- var err error
- timeoutInt, err := strconv.ParseInt(string(t), 10, 64)
- if err == nil {
- return time.Duration(timeoutInt), nil
- }
-
- // Try parsing it as a duration (requires a supported units suffix)
- timeout, err = time.ParseDuration(string(t))
- if err != nil {
- return timeout, fmt.Errorf("invalid timeout value %v: %s", timeoutVal, err)
- }
- return timeout, nil
- default:
- return timeout, builtins.NewOperandErr(1, "'timeout' must be one of {string, number} but got %s", ast.TypeName(t))
- }
-}
-
-func getBoolValFromReqObj(req ast.Object, key *ast.Term) (bool, error) {
- var b ast.Boolean
- var ok bool
- if v := req.Get(key); v != nil {
- if b, ok = v.Value.(ast.Boolean); !ok {
- return false, fmt.Errorf("invalid value for %v field", key.String())
- }
- }
- return bool(b), nil
-}
-
-func getNumberValFromReqObj(req ast.Object, key *ast.Term) (int, error) {
- term := req.Get(key)
- if term == nil {
- return 0, nil
- }
-
- if t, ok := term.Value.(ast.Number); ok {
- num, ok := t.Int()
- if !ok || num < 0 {
- return 0, fmt.Errorf("invalid value %v for field %v", t.String(), key.String())
- }
- return num, nil
- }
-
- return 0, fmt.Errorf("invalid value %v for field %v", term.String(), key.String())
-}
-
-func getCachingMode(req ast.Object) (cachingMode, error) {
- key := ast.StringTerm("caching_mode")
- var s ast.String
- var ok bool
- if v := req.Get(key); v != nil {
- if s, ok = v.Value.(ast.String); !ok {
- return "", fmt.Errorf("invalid value for %v field", key.String())
- }
-
- switch cachingMode(s) {
- case defaultCachingMode, cachingModeDeserialized:
- return cachingMode(s), nil
- default:
- return "", fmt.Errorf("invalid value specified for %v field: %v", key.String(), string(s))
- }
- }
- return defaultCachingMode, nil
-}
-
-type interQueryCacheValue struct {
- Data []byte
-}
-
-func newInterQueryCacheValue(bctx BuiltinContext, resp *http.Response, respBody []byte, cacheParams *forceCacheParams) (*interQueryCacheValue, *interQueryCacheData, error) {
- data, err := newInterQueryCacheData(bctx, resp, respBody, cacheParams)
- if err != nil {
- return nil, nil, err
- }
-
- b, err := json.Marshal(data)
- if err != nil {
- return nil, nil, err
- }
- return &interQueryCacheValue{Data: b}, data, nil
-}
-
-func (cb interQueryCacheValue) Clone() (cache.InterQueryCacheValue, error) {
- dup := make([]byte, len(cb.Data))
- copy(dup, cb.Data)
- return &interQueryCacheValue{Data: dup}, nil
-}
-
-func (cb interQueryCacheValue) SizeInBytes() int64 {
- return int64(len(cb.Data))
-}
-
-func (cb *interQueryCacheValue) copyCacheData() (*interQueryCacheData, error) {
- var res interQueryCacheData
- err := util.UnmarshalJSON(cb.Data, &res)
- if err != nil {
- return nil, err
- }
- return &res, nil
-}
-
-type interQueryCacheData struct {
- RespBody []byte
- Status string
- StatusCode int
- Headers http.Header
- ExpiresAt time.Time
-}
-
-func forceCaching(cacheParams *forceCacheParams) bool {
- return cacheParams != nil && cacheParams.forceCacheDurationSeconds > 0
-}
-
-func expiryFromHeaders(headers http.Header) (time.Time, error) {
- var expiresAt time.Time
- maxAge, err := parseMaxAgeCacheDirective(parseCacheControlHeader(headers))
- if err != nil {
- return time.Time{}, err
- }
- if maxAge != -1 {
- createdAt, err := getResponseHeaderDate(headers)
- if err != nil {
- return time.Time{}, err
- }
- expiresAt = createdAt.Add(time.Second * time.Duration(maxAge))
- } else {
- expiresAt = getResponseHeaderExpires(headers)
- }
- return expiresAt, nil
-}
-
-func newInterQueryCacheData(bctx BuiltinContext, resp *http.Response, respBody []byte, cacheParams *forceCacheParams) (*interQueryCacheData, error) {
- var expiresAt time.Time
-
- if forceCaching(cacheParams) {
- createdAt := getCurrentTime(bctx)
- expiresAt = createdAt.Add(time.Second * time.Duration(cacheParams.forceCacheDurationSeconds))
- } else {
- var err error
- expiresAt, err = expiryFromHeaders(resp.Header)
- if err != nil {
- return nil, err
- }
- }
-
- cv := interQueryCacheData{
- ExpiresAt: expiresAt,
- RespBody: respBody,
- Status: resp.Status,
- StatusCode: resp.StatusCode,
- Headers: resp.Header}
-
- return &cv, nil
-}
-
-func (c *interQueryCacheData) formatToAST(forceJSONDecode, forceYAMLDecode bool) (ast.Value, error) {
- return prepareASTResult(c.Headers, forceJSONDecode, forceYAMLDecode, c.RespBody, c.Status, c.StatusCode)
-}
-
-func (c *interQueryCacheData) toCacheValue() (*interQueryCacheValue, error) {
- b, err := json.Marshal(c)
- if err != nil {
- return nil, err
- }
- return &interQueryCacheValue{Data: b}, nil
-}
-
-func (c *interQueryCacheData) SizeInBytes() int64 {
- return 0
-}
-
-func (c *interQueryCacheData) Clone() (cache.InterQueryCacheValue, error) {
- dup := make([]byte, len(c.RespBody))
- copy(dup, c.RespBody)
-
- return &interQueryCacheData{
- ExpiresAt: c.ExpiresAt,
- RespBody: dup,
- Status: c.Status,
- StatusCode: c.StatusCode,
- Headers: c.Headers.Clone()}, nil
-}
-
-type responseHeaders struct {
- etag string // identifier for a specific version of the response
- lastModified string // date and time response was last modified as per origin server
-}
-
-// deltaSeconds specifies a non-negative integer, representing
-// time in seconds: http://tools.ietf.org/html/rfc7234#section-1.2.1
-type deltaSeconds int32
-
-func parseResponseHeaders(headers http.Header) *responseHeaders {
- result := responseHeaders{}
-
- result.etag = headers.Get("etag")
-
- result.lastModified = headers.Get("last-modified")
-
- return &result
-}
-
-func revalidateCachedResponse(req *http.Request, client *http.Client, inputReqObj ast.Object, headers *responseHeaders) (*http.Response, bool, error) {
- etag := headers.etag
- lastModified := headers.lastModified
-
- if etag == "" && lastModified == "" {
- return nil, false, nil
- }
-
- cloneReq := req.Clone(req.Context())
-
- if etag != "" {
- cloneReq.Header.Set("if-none-match", etag)
- }
-
- if lastModified != "" {
- cloneReq.Header.Set("if-modified-since", lastModified)
- }
-
- response, err := executeHTTPRequest(cloneReq, client, inputReqObj)
- if err != nil {
- return nil, false, err
- }
-
- switch response.StatusCode {
- case http.StatusOK:
- return response, true, nil
-
- case http.StatusNotModified:
- return response, false, nil
- }
- util.Close(response)
- return nil, false, nil
-}
-
-func canStore(headers http.Header) bool {
- ccHeaders := parseCacheControlHeader(headers)
-
- // Check "no-store" cache directive
- // The "no-store" response directive indicates that a cache MUST NOT
- // store any part of either the immediate request or response.
- if _, ok := ccHeaders["no-store"]; ok {
- return false
- }
- return true
-}
-
-func getCurrentTime(bctx BuiltinContext) time.Time {
- var current time.Time
-
- value, err := ast.JSON(bctx.Time.Value)
- if err != nil {
- return current
- }
-
- valueNum, ok := value.(json.Number)
- if !ok {
- return current
- }
-
- valueNumInt, err := valueNum.Int64()
- if err != nil {
- return current
- }
-
- current = time.Unix(0, valueNumInt).UTC()
- return current
-}
-
-func parseCacheControlHeader(headers http.Header) map[string]string {
- ccDirectives := map[string]string{}
- ccHeader := headers.Get("cache-control")
-
- for _, part := range strings.Split(ccHeader, ",") {
- part = strings.Trim(part, " ")
- if part == "" {
- continue
- }
- if strings.ContainsRune(part, '=') {
- items := strings.Split(part, "=")
- if len(items) != 2 {
- continue
- }
- ccDirectives[strings.Trim(items[0], " ")] = strings.Trim(items[1], ",")
- } else {
- ccDirectives[part] = ""
- }
- }
-
- return ccDirectives
-}
-
-func getResponseHeaderDate(headers http.Header) (date time.Time, err error) {
- dateHeader := headers.Get("date")
- if dateHeader == "" {
- err = fmt.Errorf("no date header")
- return
- }
- return http.ParseTime(dateHeader)
-}
-
-func getResponseHeaderExpires(headers http.Header) time.Time {
- expiresHeader := headers.Get("expires")
- if expiresHeader == "" {
- return time.Time{}
- }
-
- date, err := http.ParseTime(expiresHeader)
- if err != nil {
- // servers can set `Expires: 0` which is an invalid date to indicate expired content
- return time.Time{}
- }
-
- return date
-}
-
-// parseMaxAgeCacheDirective parses the max-age directive expressed in delta-seconds as per
-// https://tools.ietf.org/html/rfc7234#section-1.2.1
-func parseMaxAgeCacheDirective(cc map[string]string) (deltaSeconds, error) {
- maxAge, ok := cc["max-age"]
- if !ok {
- return deltaSeconds(-1), nil
- }
-
- val, err := strconv.ParseUint(maxAge, 10, 32)
- if err != nil {
- if numError, ok := err.(*strconv.NumError); ok {
- if numError.Err == strconv.ErrRange {
- return deltaSeconds(math.MaxInt32), nil
- }
- }
- return deltaSeconds(-1), err
- }
-
- if val > math.MaxInt32 {
- return deltaSeconds(math.MaxInt32), nil
- }
- return deltaSeconds(val), nil
-}
-
-func formatHTTPResponseToAST(resp *http.Response, forceJSONDecode, forceYAMLDecode bool) (ast.Value, []byte, error) {
-
- resultRawBody, err := io.ReadAll(resp.Body)
- if err != nil {
- return nil, nil, err
- }
-
- resultObj, err := prepareASTResult(resp.Header, forceJSONDecode, forceYAMLDecode, resultRawBody, resp.Status, resp.StatusCode)
- if err != nil {
- return nil, nil, err
- }
-
- return resultObj, resultRawBody, nil
-}
-
-func prepareASTResult(headers http.Header, forceJSONDecode, forceYAMLDecode bool, body []byte, status string, statusCode int) (ast.Value, error) {
- var resultBody interface{}
-
- // If the response body cannot be JSON/YAML decoded,
- // an error will not be returned. Instead, the "body" field
- // in the result will be null.
- switch {
- case forceJSONDecode || isContentType(headers, "application/json"):
- _ = util.UnmarshalJSON(body, &resultBody)
- case forceYAMLDecode || isContentType(headers, "application/yaml", "application/x-yaml"):
- _ = util.Unmarshal(body, &resultBody)
- }
-
- result := make(map[string]interface{})
- result["status"] = status
- result["status_code"] = statusCode
- result["body"] = resultBody
- result["raw_body"] = string(body)
- result["headers"] = getResponseHeaders(headers)
-
- resultObj, err := ast.InterfaceToValue(result)
- if err != nil {
- return nil, err
- }
-
- return resultObj, nil
-}
-
-func getResponseHeaders(headers http.Header) map[string]interface{} {
- respHeaders := map[string]interface{}{}
- for headerName, values := range headers {
- var respValues []interface{}
- for _, v := range values {
- respValues = append(respValues, v)
- }
- respHeaders[strings.ToLower(headerName)] = respValues
- }
- return respHeaders
-}
-
-// httpRequestExecutor defines an interface for the http send cache
-type httpRequestExecutor interface {
- CheckCache() (ast.Value, error)
- InsertIntoCache(value *http.Response) (ast.Value, error)
- InsertErrorIntoCache(err error)
- ExecuteHTTPRequest() (*http.Response, error)
-}
-
-// newHTTPRequestExecutor returns a new HTTP request executor that wraps either an inter-query or
-// intra-query cache implementation
-func newHTTPRequestExecutor(bctx BuiltinContext, req ast.Object, key ast.Object) (httpRequestExecutor, error) {
- useInterQueryCache, forceCacheParams, err := useInterQueryCache(req)
- if err != nil {
- return nil, handleHTTPSendErr(bctx, err)
- }
-
- if useInterQueryCache && bctx.InterQueryBuiltinCache != nil {
- return newInterQueryCache(bctx, req, key, forceCacheParams)
- }
- return newIntraQueryCache(bctx, req, key)
-}
-
-type interQueryCache struct {
- bctx BuiltinContext
- req ast.Object
- key ast.Object
- httpReq *http.Request
- httpClient *http.Client
- forceJSONDecode bool
- forceYAMLDecode bool
- forceCacheParams *forceCacheParams
-}
-
-func newInterQueryCache(bctx BuiltinContext, req ast.Object, key ast.Object, forceCacheParams *forceCacheParams) (*interQueryCache, error) {
- return &interQueryCache{bctx: bctx, req: req, key: key, forceCacheParams: forceCacheParams}, nil
-}
-
-// CheckCache checks the cache for the value of the key set on this object
-func (c *interQueryCache) CheckCache() (ast.Value, error) {
- var err error
-
- // Checking the intra-query cache first ensures consistency of errors and HTTP responses within a query.
- resp, err := checkHTTPSendCache(c.bctx, c.key)
- if err != nil {
- return nil, err
- }
- if resp != nil {
- return resp, nil
- }
-
- c.forceJSONDecode, err = getBoolValFromReqObj(c.key, ast.StringTerm("force_json_decode"))
- if err != nil {
- return nil, handleHTTPSendErr(c.bctx, err)
- }
- c.forceYAMLDecode, err = getBoolValFromReqObj(c.key, ast.StringTerm("force_yaml_decode"))
- if err != nil {
- return nil, handleHTTPSendErr(c.bctx, err)
- }
-
- resp, err = c.checkHTTPSendInterQueryCache()
- // Always insert the result of the inter-query cache into the intra-query cache, to maintain consistency within the same query.
- if err != nil {
- insertErrorIntoHTTPSendCache(c.bctx, c.key, err)
- }
- if resp != nil {
- insertIntoHTTPSendCache(c.bctx, c.key, resp)
- }
- return resp, err
-}
-
-// InsertIntoCache inserts the key set on this object into the cache with the given value
-func (c *interQueryCache) InsertIntoCache(value *http.Response) (ast.Value, error) {
- result, respBody, err := formatHTTPResponseToAST(value, c.forceJSONDecode, c.forceYAMLDecode)
- if err != nil {
- return nil, handleHTTPSendErr(c.bctx, err)
- }
-
- // Always insert into the intra-query cache, to maintain consistency within the same query.
- insertIntoHTTPSendCache(c.bctx, c.key, result)
-
- // We ignore errors when populating the inter-query cache, because we've already populated the intra-cache,
- // and query consistency is our primary concern.
- _ = insertIntoHTTPSendInterQueryCache(c.bctx, c.key, value, respBody, c.forceCacheParams)
- return result, nil
-}
-
-func (c *interQueryCache) InsertErrorIntoCache(err error) {
- insertErrorIntoHTTPSendCache(c.bctx, c.key, err)
-}
-
-// ExecuteHTTPRequest executes a HTTP request
-func (c *interQueryCache) ExecuteHTTPRequest() (*http.Response, error) {
- var err error
- c.httpReq, c.httpClient, err = createHTTPRequest(c.bctx, c.req)
- if err != nil {
- return nil, handleHTTPSendErr(c.bctx, err)
- }
-
- return executeHTTPRequest(c.httpReq, c.httpClient, c.req)
-}
-
-type intraQueryCache struct {
- bctx BuiltinContext
- req ast.Object
- key ast.Object
-}
-
-func newIntraQueryCache(bctx BuiltinContext, req ast.Object, key ast.Object) (*intraQueryCache, error) {
- return &intraQueryCache{bctx: bctx, req: req, key: key}, nil
-}
-
-// CheckCache checks the cache for the value of the key set on this object
-func (c *intraQueryCache) CheckCache() (ast.Value, error) {
- return checkHTTPSendCache(c.bctx, c.key)
-}
-
-// InsertIntoCache inserts the key set on this object into the cache with the given value
-func (c *intraQueryCache) InsertIntoCache(value *http.Response) (ast.Value, error) {
- forceJSONDecode, err := getBoolValFromReqObj(c.key, ast.StringTerm("force_json_decode"))
- if err != nil {
- return nil, handleHTTPSendErr(c.bctx, err)
- }
- forceYAMLDecode, err := getBoolValFromReqObj(c.key, ast.StringTerm("force_yaml_decode"))
- if err != nil {
- return nil, handleHTTPSendErr(c.bctx, err)
- }
-
- result, _, err := formatHTTPResponseToAST(value, forceJSONDecode, forceYAMLDecode)
- if err != nil {
- return nil, handleHTTPSendErr(c.bctx, err)
- }
-
- if cacheableCodes.Contains(ast.IntNumberTerm(value.StatusCode)) {
- insertIntoHTTPSendCache(c.bctx, c.key, result)
- }
-
- return result, nil
-}
-
-func (c *intraQueryCache) InsertErrorIntoCache(err error) {
- insertErrorIntoHTTPSendCache(c.bctx, c.key, err)
-}
-
-// ExecuteHTTPRequest executes a HTTP request
-func (c *intraQueryCache) ExecuteHTTPRequest() (*http.Response, error) {
- httpReq, httpClient, err := createHTTPRequest(c.bctx, c.req)
- if err != nil {
- return nil, handleHTTPSendErr(c.bctx, err)
- }
- return executeHTTPRequest(httpReq, httpClient, c.req)
-}
-
-func useInterQueryCache(req ast.Object) (bool, *forceCacheParams, error) {
- value, err := getBoolValFromReqObj(req, ast.StringTerm("cache"))
- if err != nil {
- return false, nil, err
- }
-
- valueForceCache, err := getBoolValFromReqObj(req, ast.StringTerm("force_cache"))
- if err != nil {
- return false, nil, err
- }
-
- if valueForceCache {
- forceCacheParams, err := newForceCacheParams(req)
- return true, forceCacheParams, err
- }
-
- return value, nil, nil
-}
-
-type forceCacheParams struct {
- forceCacheDurationSeconds int32
-}
-
-func newForceCacheParams(req ast.Object) (*forceCacheParams, error) {
- term := req.Get(ast.StringTerm("force_cache_duration_seconds"))
- if term == nil {
- return nil, fmt.Errorf("'force_cache' set but 'force_cache_duration_seconds' parameter is missing")
- }
-
- forceCacheDurationSeconds := term.String()
-
- value, err := strconv.ParseInt(forceCacheDurationSeconds, 10, 32)
- if err != nil {
- return nil, err
- }
-
- return &forceCacheParams{forceCacheDurationSeconds: int32(value)}, nil
-}
-
-func getRaiseErrorValue(req ast.Object) (bool, error) {
- result := ast.Boolean(true)
- var ok bool
- if v := req.Get(ast.StringTerm("raise_error")); v != nil {
- if result, ok = v.Value.(ast.Boolean); !ok {
- return false, fmt.Errorf("invalid value for raise_error field")
- }
- }
- return bool(result), nil
-}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/instrumentation.go b/vendor/github.com/open-policy-agent/opa/topdown/instrumentation.go
index 6eacc338ef..845f8da612 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/instrumentation.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/instrumentation.go
@@ -4,60 +4,18 @@
package topdown
-import "github.com/open-policy-agent/opa/metrics"
-
-const (
- evalOpPlug = "eval_op_plug"
- evalOpResolve = "eval_op_resolve"
- evalOpRuleIndex = "eval_op_rule_index"
- evalOpBuiltinCall = "eval_op_builtin_call"
- evalOpVirtualCacheHit = "eval_op_virtual_cache_hit"
- evalOpVirtualCacheMiss = "eval_op_virtual_cache_miss"
- evalOpBaseCacheHit = "eval_op_base_cache_hit"
- evalOpBaseCacheMiss = "eval_op_base_cache_miss"
- evalOpComprehensionCacheSkip = "eval_op_comprehension_cache_skip"
- evalOpComprehensionCacheBuild = "eval_op_comprehension_cache_build"
- evalOpComprehensionCacheHit = "eval_op_comprehension_cache_hit"
- evalOpComprehensionCacheMiss = "eval_op_comprehension_cache_miss"
- partialOpSaveUnify = "partial_op_save_unify"
- partialOpSaveSetContains = "partial_op_save_set_contains"
- partialOpSaveSetContainsRec = "partial_op_save_set_contains_rec"
- partialOpCopyPropagation = "partial_op_copy_propagation"
+import (
+ "github.com/open-policy-agent/opa/v1/metrics"
+ v1 "github.com/open-policy-agent/opa/v1/topdown"
)
// Instrumentation implements helper functions to instrument query evaluation
// to diagnose performance issues. Instrumentation may be expensive in some
// cases, so it is disabled by default.
-type Instrumentation struct {
- m metrics.Metrics
-}
+type Instrumentation = v1.Instrumentation
// NewInstrumentation returns a new Instrumentation object. Performance
// diagnostics recorded on this Instrumentation object will stored in m.
func NewInstrumentation(m metrics.Metrics) *Instrumentation {
- return &Instrumentation{
- m: m,
- }
-}
-
-func (instr *Instrumentation) startTimer(name string) {
- if instr == nil {
- return
- }
- instr.m.Timer(name).Start()
-}
-
-func (instr *Instrumentation) stopTimer(name string) {
- if instr == nil {
- return
- }
- delta := instr.m.Timer(name).Stop()
- instr.m.Histogram(name).Update(delta)
-}
-
-func (instr *Instrumentation) counterIncr(name string) {
- if instr == nil {
- return
- }
- instr.m.Counter(name).Incr()
+ return v1.NewInstrumentation(m)
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/print.go b/vendor/github.com/open-policy-agent/opa/topdown/print.go
index 765b344b3a..5eacd180d9 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/print.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/print.go
@@ -5,82 +5,12 @@
package topdown
import (
- "fmt"
"io"
- "strings"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
"github.com/open-policy-agent/opa/topdown/print"
+ v1 "github.com/open-policy-agent/opa/v1/topdown"
)
func NewPrintHook(w io.Writer) print.Hook {
- return printHook{w: w}
-}
-
-type printHook struct {
- w io.Writer
-}
-
-func (h printHook) Print(_ print.Context, msg string) error {
- _, err := fmt.Fprintln(h.w, msg)
- return err
-}
-
-func builtinPrint(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
-
- if bctx.PrintHook == nil {
- return iter(nil)
- }
-
- arr, err := builtins.ArrayOperand(operands[0].Value, 1)
- if err != nil {
- return err
- }
-
- buf := make([]string, arr.Len())
-
- err = builtinPrintCrossProductOperands(bctx, buf, arr, 0, func(buf []string) error {
- pctx := print.Context{
- Context: bctx.Context,
- Location: bctx.Location,
- }
- return bctx.PrintHook.Print(pctx, strings.Join(buf, " "))
- })
- if err != nil {
- return err
- }
-
- return iter(nil)
-}
-
-func builtinPrintCrossProductOperands(bctx BuiltinContext, buf []string, operands *ast.Array, i int, f func([]string) error) error {
-
- if i >= operands.Len() {
- return f(buf)
- }
-
- xs, ok := operands.Elem(i).Value.(ast.Set)
- if !ok {
- return Halt{Err: internalErr(bctx.Location, fmt.Sprintf("illegal argument type: %v", ast.TypeName(operands.Elem(i).Value)))}
- }
-
- if xs.Len() == 0 {
- buf[i] = ""
- return builtinPrintCrossProductOperands(bctx, buf, operands, i+1, f)
- }
-
- return xs.Iter(func(x *ast.Term) error {
- switch v := x.Value.(type) {
- case ast.String:
- buf[i] = string(v)
- default:
- buf[i] = v.String()
- }
- return builtinPrintCrossProductOperands(bctx, buf, operands, i+1, f)
- })
-}
-
-func init() {
- RegisterBuiltinFunc(ast.InternalPrint.Name, builtinPrint)
+ return v1.NewPrintHook(w)
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/print/doc.go b/vendor/github.com/open-policy-agent/opa/topdown/print/doc.go
new file mode 100644
index 0000000000..c2ee0eca7f
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/topdown/print/doc.go
@@ -0,0 +1,8 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended.
+// For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the [github.com/open-policy-agent/opa/v1] package instead.
+// See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.
+package print
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/print/print.go b/vendor/github.com/open-policy-agent/opa/topdown/print/print.go
index 0fb6abdca8..66ffbb176f 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/print/print.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/print/print.go
@@ -1,21 +1,14 @@
package print
import (
- "context"
-
- "github.com/open-policy-agent/opa/ast"
+ v1 "github.com/open-policy-agent/opa/v1/topdown/print"
)
// Context provides the Hook implementation context about the print() call.
-type Context struct {
- Context context.Context // request context passed when query executed
- Location *ast.Location // location of print call
-}
+type Context = v1.Context
// Hook defines the interface that callers can implement to receive print
// statement outputs. If the hook returns an error, it will be surfaced if
// strict builtin error checking is enabled (otherwise, it will not halt
// execution.)
-type Hook interface {
- Print(Context, string) error
-}
+type Hook = v1.Hook
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/query.go b/vendor/github.com/open-policy-agent/opa/topdown/query.go
index 8406cfdd87..d24060991f 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/query.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/query.go
@@ -1,599 +1,24 @@
package topdown
import (
- "context"
- "crypto/rand"
- "io"
- "sort"
- "time"
-
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/resolver"
- "github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/topdown/builtins"
- "github.com/open-policy-agent/opa/topdown/cache"
- "github.com/open-policy-agent/opa/topdown/copypropagation"
- "github.com/open-policy-agent/opa/topdown/print"
- "github.com/open-policy-agent/opa/tracing"
+ "github.com/open-policy-agent/opa/v1/ast"
+ v1 "github.com/open-policy-agent/opa/v1/topdown"
)
// QueryResultSet represents a collection of results returned by a query.
-type QueryResultSet []QueryResult
+type QueryResultSet = v1.QueryResultSet
// QueryResult represents a single result returned by a query. The result
// contains bindings for all variables that appear in the query.
-type QueryResult map[ast.Var]*ast.Term
+type QueryResult = v1.QueryResult
// Query provides a configurable interface for performing query evaluation.
-type Query struct {
- seed io.Reader
- time time.Time
- cancel Cancel
- query ast.Body
- queryCompiler ast.QueryCompiler
- compiler *ast.Compiler
- store storage.Store
- txn storage.Transaction
- input *ast.Term
- external *resolverTrie
- tracers []QueryTracer
- plugTraceVars bool
- unknowns []*ast.Term
- partialNamespace string
- skipSaveNamespace bool
- metrics metrics.Metrics
- instr *Instrumentation
- disableInlining []ast.Ref
- shallowInlining bool
- genvarprefix string
- runtime *ast.Term
- builtins map[string]*Builtin
- indexing bool
- earlyExit bool
- interQueryBuiltinCache cache.InterQueryCache
- interQueryBuiltinValueCache cache.InterQueryValueCache
- ndBuiltinCache builtins.NDBCache
- strictBuiltinErrors bool
- builtinErrorList *[]Error
- strictObjects bool
- printHook print.Hook
- tracingOpts tracing.Options
- virtualCache VirtualCache
-}
+type Query = v1.Query
// Builtin represents a built-in function that queries can call.
-type Builtin struct {
- Decl *ast.Builtin
- Func BuiltinFunc
-}
+type Builtin = v1.Builtin
// NewQuery returns a new Query object that can be run.
func NewQuery(query ast.Body) *Query {
- return &Query{
- query: query,
- genvarprefix: ast.WildcardPrefix,
- indexing: true,
- earlyExit: true,
- external: newResolverTrie(),
- }
-}
-
-// WithQueryCompiler sets the queryCompiler used for the query.
-func (q *Query) WithQueryCompiler(queryCompiler ast.QueryCompiler) *Query {
- q.queryCompiler = queryCompiler
- return q
-}
-
-// WithCompiler sets the compiler to use for the query.
-func (q *Query) WithCompiler(compiler *ast.Compiler) *Query {
- q.compiler = compiler
- return q
-}
-
-// WithStore sets the store to use for the query.
-func (q *Query) WithStore(store storage.Store) *Query {
- q.store = store
- return q
-}
-
-// WithTransaction sets the transaction to use for the query. All queries
-// should be performed over a consistent snapshot of the storage layer.
-func (q *Query) WithTransaction(txn storage.Transaction) *Query {
- q.txn = txn
- return q
-}
-
-// WithCancel sets the cancellation object to use for the query. Set this if
-// you need to abort queries based on a deadline. This is optional.
-func (q *Query) WithCancel(cancel Cancel) *Query {
- q.cancel = cancel
- return q
-}
-
-// WithInput sets the input object to use for the query. References rooted at
-// input will be evaluated against this value. This is optional.
-func (q *Query) WithInput(input *ast.Term) *Query {
- q.input = input
- return q
-}
-
-// WithTracer adds a query tracer to use during evaluation. This is optional.
-// Deprecated: Use WithQueryTracer instead.
-func (q *Query) WithTracer(tracer Tracer) *Query {
- qt, ok := tracer.(QueryTracer)
- if !ok {
- qt = WrapLegacyTracer(tracer)
- }
- return q.WithQueryTracer(qt)
-}
-
-// WithQueryTracer adds a query tracer to use during evaluation. This is optional.
-// Disabled QueryTracers will be ignored.
-func (q *Query) WithQueryTracer(tracer QueryTracer) *Query {
- if !tracer.Enabled() {
- return q
- }
-
- q.tracers = append(q.tracers, tracer)
-
- // If *any* of the tracers require local variable metadata we need to
- // enabled plugging local trace variables.
- conf := tracer.Config()
- if conf.PlugLocalVars {
- q.plugTraceVars = true
- }
-
- return q
-}
-
-// WithMetrics sets the metrics collection to add evaluation metrics to. This
-// is optional.
-func (q *Query) WithMetrics(m metrics.Metrics) *Query {
- q.metrics = m
- return q
-}
-
-// WithInstrumentation sets the instrumentation configuration to enable on the
-// evaluation process. By default, instrumentation is turned off.
-func (q *Query) WithInstrumentation(instr *Instrumentation) *Query {
- q.instr = instr
- return q
-}
-
-// WithUnknowns sets the initial set of variables or references to treat as
-// unknown during query evaluation. This is required for partial evaluation.
-func (q *Query) WithUnknowns(terms []*ast.Term) *Query {
- q.unknowns = terms
- return q
-}
-
-// WithPartialNamespace sets the namespace to use for supporting rules
-// generated as part of the partial evaluation process. The ns value must be a
-// valid package path component.
-func (q *Query) WithPartialNamespace(ns string) *Query {
- q.partialNamespace = ns
- return q
-}
-
-// WithSkipPartialNamespace disables namespacing of saved support rules that are generated
-// from the original policy (rules which are completely synthetic are still namespaced.)
-func (q *Query) WithSkipPartialNamespace(yes bool) *Query {
- q.skipSaveNamespace = yes
- return q
-}
-
-// WithDisableInlining adds a set of paths to the query that should be excluded from
-// inlining. Inlining during partial evaluation can be expensive in some cases
-// (e.g., when a cross-product is computed.) Disabling inlining avoids expensive
-// computation at the cost of generating support rules.
-func (q *Query) WithDisableInlining(paths []ast.Ref) *Query {
- q.disableInlining = paths
- return q
-}
-
-// WithShallowInlining disables aggressive inlining performed during partial evaluation.
-// When shallow inlining is enabled rules that depend (transitively) on unknowns are not inlined.
-// Only rules/values that are completely known will be inlined.
-func (q *Query) WithShallowInlining(yes bool) *Query {
- q.shallowInlining = yes
- return q
-}
-
-// WithRuntime sets the runtime data to execute the query with. The runtime data
-// can be returned by the `opa.runtime` built-in function.
-func (q *Query) WithRuntime(runtime *ast.Term) *Query {
- q.runtime = runtime
- return q
-}
-
-// WithBuiltins adds a set of built-in functions that can be called by the
-// query.
-func (q *Query) WithBuiltins(builtins map[string]*Builtin) *Query {
- q.builtins = builtins
- return q
-}
-
-// WithIndexing will enable or disable using rule indexing for the evaluation
-// of the query. The default is enabled.
-func (q *Query) WithIndexing(enabled bool) *Query {
- q.indexing = enabled
- return q
-}
-
-// WithEarlyExit will enable or disable using 'early exit' for the evaluation
-// of the query. The default is enabled.
-func (q *Query) WithEarlyExit(enabled bool) *Query {
- q.earlyExit = enabled
- return q
-}
-
-// WithSeed sets a reader that will seed randomization required by built-in functions.
-// If a seed is not provided crypto/rand.Reader is used.
-func (q *Query) WithSeed(r io.Reader) *Query {
- q.seed = r
- return q
-}
-
-// WithTime sets the time that will be returned by the time.now_ns() built-in function.
-func (q *Query) WithTime(x time.Time) *Query {
- q.time = x
- return q
-}
-
-// WithInterQueryBuiltinCache sets the inter-query cache that built-in functions can utilize.
-func (q *Query) WithInterQueryBuiltinCache(c cache.InterQueryCache) *Query {
- q.interQueryBuiltinCache = c
- return q
-}
-
-// WithInterQueryBuiltinValueCache sets the inter-query value cache that built-in functions can utilize.
-func (q *Query) WithInterQueryBuiltinValueCache(c cache.InterQueryValueCache) *Query {
- q.interQueryBuiltinValueCache = c
- return q
-}
-
-// WithNDBuiltinCache sets the non-deterministic builtin cache.
-func (q *Query) WithNDBuiltinCache(c builtins.NDBCache) *Query {
- q.ndBuiltinCache = c
- return q
-}
-
-// WithStrictBuiltinErrors tells the evaluator to treat all built-in function errors as fatal errors.
-func (q *Query) WithStrictBuiltinErrors(yes bool) *Query {
- q.strictBuiltinErrors = yes
- return q
-}
-
-// WithBuiltinErrorList supplies a pointer to an Error slice to store built-in function errors
-// encountered during evaluation. This error slice can be inspected after evaluation to determine
-// which built-in function errors occurred.
-func (q *Query) WithBuiltinErrorList(list *[]Error) *Query {
- q.builtinErrorList = list
- return q
-}
-
-// WithResolver configures an external resolver to use for the given ref.
-func (q *Query) WithResolver(ref ast.Ref, r resolver.Resolver) *Query {
- q.external.Put(ref, r)
- return q
-}
-
-func (q *Query) WithPrintHook(h print.Hook) *Query {
- q.printHook = h
- return q
-}
-
-// WithDistributedTracingOpts sets the options to be used by distributed tracing.
-func (q *Query) WithDistributedTracingOpts(tr tracing.Options) *Query {
- q.tracingOpts = tr
- return q
-}
-
-// WithStrictObjects tells the evaluator to avoid the "lazy object" optimization
-// applied when reading objects from the store. It will result in higher memory
-// usage and should only be used temporarily while adjusting code that breaks
-// because of the optimization.
-func (q *Query) WithStrictObjects(yes bool) *Query {
- q.strictObjects = yes
- return q
-}
-
-// WithVirtualCache sets the VirtualCache to use during evaluation. This is
-// optional, and if not set, the default cache is used.
-func (q *Query) WithVirtualCache(vc VirtualCache) *Query {
- q.virtualCache = vc
- return q
-}
-
-// PartialRun executes partial evaluation on the query with respect to unknown
-// values. Partial evaluation attempts to evaluate as much of the query as
-// possible without requiring values for the unknowns set on the query. The
-// result of partial evaluation is a new set of queries that can be evaluated
-// once the unknown value is known. In addition to new queries, partial
-// evaluation may produce additional support modules that should be used in
-// conjunction with the partially evaluated queries.
-func (q *Query) PartialRun(ctx context.Context) (partials []ast.Body, support []*ast.Module, err error) {
- if q.partialNamespace == "" {
- q.partialNamespace = "partial" // lazily initialize partial namespace
- }
- if q.seed == nil {
- q.seed = rand.Reader
- }
- if !q.time.IsZero() {
- q.time = time.Now()
- }
- if q.metrics == nil {
- q.metrics = metrics.New()
- }
-
- f := &queryIDFactory{}
- b := newBindings(0, q.instr)
-
- var vc VirtualCache
- if q.virtualCache != nil {
- vc = q.virtualCache
- } else {
- vc = NewVirtualCache()
- }
-
- e := &eval{
- ctx: ctx,
- metrics: q.metrics,
- seed: q.seed,
- time: ast.NumberTerm(int64ToJSONNumber(q.time.UnixNano())),
- cancel: q.cancel,
- query: q.query,
- queryCompiler: q.queryCompiler,
- queryIDFact: f,
- queryID: f.Next(),
- bindings: b,
- compiler: q.compiler,
- store: q.store,
- baseCache: newBaseCache(),
- targetStack: newRefStack(),
- txn: q.txn,
- input: q.input,
- external: q.external,
- tracers: q.tracers,
- traceEnabled: len(q.tracers) > 0,
- plugTraceVars: q.plugTraceVars,
- instr: q.instr,
- builtins: q.builtins,
- builtinCache: builtins.Cache{},
- functionMocks: newFunctionMocksStack(),
- interQueryBuiltinCache: q.interQueryBuiltinCache,
- interQueryBuiltinValueCache: q.interQueryBuiltinValueCache,
- ndBuiltinCache: q.ndBuiltinCache,
- virtualCache: vc,
- comprehensionCache: newComprehensionCache(),
- saveSet: newSaveSet(q.unknowns, b, q.instr),
- saveStack: newSaveStack(),
- saveSupport: newSaveSupport(),
- saveNamespace: ast.StringTerm(q.partialNamespace),
- skipSaveNamespace: q.skipSaveNamespace,
- inliningControl: &inliningControl{
- shallow: q.shallowInlining,
- },
- genvarprefix: q.genvarprefix,
- runtime: q.runtime,
- indexing: q.indexing,
- earlyExit: q.earlyExit,
- builtinErrors: &builtinErrors{},
- printHook: q.printHook,
- strictObjects: q.strictObjects,
- }
-
- if len(q.disableInlining) > 0 {
- e.inliningControl.PushDisable(q.disableInlining, false)
- }
-
- e.caller = e
- q.metrics.Timer(metrics.RegoPartialEval).Start()
- defer q.metrics.Timer(metrics.RegoPartialEval).Stop()
-
- livevars := ast.NewVarSet()
- for _, t := range q.unknowns {
- switch v := t.Value.(type) {
- case ast.Var:
- livevars.Add(v)
- case ast.Ref:
- livevars.Add(v[0].Value.(ast.Var))
- }
- }
-
- ast.WalkVars(q.query, func(x ast.Var) bool {
- if !x.IsGenerated() {
- livevars.Add(x)
- }
- return false
- })
-
- p := copypropagation.New(livevars).WithCompiler(q.compiler)
-
- err = e.Run(func(e *eval) error {
-
- // Build output from saved expressions.
- body := ast.NewBody()
-
- for _, elem := range e.saveStack.Stack[len(e.saveStack.Stack)-1] {
- body.Append(elem.Plug(e.bindings))
- }
-
- // Include bindings as exprs so that when caller evals the result, they
- // can obtain values for the vars in their query.
- bindingExprs := []*ast.Expr{}
- _ = e.bindings.Iter(e.bindings, func(a, b *ast.Term) error {
- bindingExprs = append(bindingExprs, ast.Equality.Expr(a, b))
- return nil
- }) // cannot return error
-
- // Sort binding expressions so that results are deterministic.
- sort.Slice(bindingExprs, func(i, j int) bool {
- return bindingExprs[i].Compare(bindingExprs[j]) < 0
- })
-
- for i := range bindingExprs {
- body.Append(bindingExprs[i])
- }
-
- // Skip this rule body if it fails to type-check.
- // Type-checking failure means the rule body will never succeed.
- if !e.compiler.PassesTypeCheck(body) {
- return nil
- }
-
- if !q.shallowInlining {
- body = applyCopyPropagation(p, e.instr, body)
- }
-
- partials = append(partials, body)
- return nil
- })
-
- support = e.saveSupport.List()
-
- if len(e.builtinErrors.errs) > 0 {
- if q.strictBuiltinErrors {
- err = e.builtinErrors.errs[0]
- } else if q.builtinErrorList != nil {
- // If a builtinErrorList has been supplied, we must use pointer indirection
- // to append to it. builtinErrorList is a slice pointer so that errors can be
- // appended to it without returning a new slice and changing the interface
- // of PartialRun.
- for _, err := range e.builtinErrors.errs {
- if tdError, ok := err.(*Error); ok {
- *(q.builtinErrorList) = append(*(q.builtinErrorList), *tdError)
- } else {
- *(q.builtinErrorList) = append(*(q.builtinErrorList), Error{
- Code: BuiltinErr,
- Message: err.Error(),
- })
- }
- }
- }
- }
-
- for i := range support {
- sort.Slice(support[i].Rules, func(j, k int) bool {
- return support[i].Rules[j].Compare(support[i].Rules[k]) < 0
- })
- }
-
- return partials, support, err
-}
-
-// Run is a wrapper around Iter that accumulates query results and returns them
-// in one shot.
-func (q *Query) Run(ctx context.Context) (QueryResultSet, error) {
- qrs := QueryResultSet{}
- return qrs, q.Iter(ctx, func(qr QueryResult) error {
- qrs = append(qrs, qr)
- return nil
- })
-}
-
-// Iter executes the query and invokes the iter function with query results
-// produced by evaluating the query.
-func (q *Query) Iter(ctx context.Context, iter func(QueryResult) error) error {
- // Query evaluation must not be allowed if the compiler has errors and is in an undefined, possibly inconsistent state
- if q.compiler != nil && len(q.compiler.Errors) > 0 {
- return &Error{
- Code: InternalErr,
- Message: "compiler has errors",
- }
- }
-
- if q.seed == nil {
- q.seed = rand.Reader
- }
- if q.time.IsZero() {
- q.time = time.Now()
- }
- if q.metrics == nil {
- q.metrics = metrics.New()
- }
-
- f := &queryIDFactory{}
-
- var vc VirtualCache
- if q.virtualCache != nil {
- vc = q.virtualCache
- } else {
- vc = NewVirtualCache()
- }
-
- e := &eval{
- ctx: ctx,
- metrics: q.metrics,
- seed: q.seed,
- time: ast.NumberTerm(int64ToJSONNumber(q.time.UnixNano())),
- cancel: q.cancel,
- query: q.query,
- queryCompiler: q.queryCompiler,
- queryIDFact: f,
- queryID: f.Next(),
- bindings: newBindings(0, q.instr),
- compiler: q.compiler,
- store: q.store,
- baseCache: newBaseCache(),
- targetStack: newRefStack(),
- txn: q.txn,
- input: q.input,
- external: q.external,
- tracers: q.tracers,
- traceEnabled: len(q.tracers) > 0,
- plugTraceVars: q.plugTraceVars,
- instr: q.instr,
- builtins: q.builtins,
- builtinCache: builtins.Cache{},
- functionMocks: newFunctionMocksStack(),
- interQueryBuiltinCache: q.interQueryBuiltinCache,
- interQueryBuiltinValueCache: q.interQueryBuiltinValueCache,
- ndBuiltinCache: q.ndBuiltinCache,
- virtualCache: vc,
- comprehensionCache: newComprehensionCache(),
- genvarprefix: q.genvarprefix,
- runtime: q.runtime,
- indexing: q.indexing,
- earlyExit: q.earlyExit,
- builtinErrors: &builtinErrors{},
- printHook: q.printHook,
- tracingOpts: q.tracingOpts,
- strictObjects: q.strictObjects,
- }
- e.caller = e
- q.metrics.Timer(metrics.RegoQueryEval).Start()
- err := e.Run(func(e *eval) error {
- qr := QueryResult{}
- _ = e.bindings.Iter(nil, func(k, v *ast.Term) error {
- qr[k.Value.(ast.Var)] = v
- return nil
- }) // cannot return error
- return iter(qr)
- })
-
- if len(e.builtinErrors.errs) > 0 {
- if q.strictBuiltinErrors {
- err = e.builtinErrors.errs[0]
- } else if q.builtinErrorList != nil {
- // If a builtinErrorList has been supplied, we must use pointer indirection
- // to append to it. builtinErrorList is a slice pointer so that errors can be
- // appended to it without returning a new slice and changing the interface
- // of Iter.
- for _, err := range e.builtinErrors.errs {
- if tdError, ok := err.(*Error); ok {
- *(q.builtinErrorList) = append(*(q.builtinErrorList), *tdError)
- } else {
- *(q.builtinErrorList) = append(*(q.builtinErrorList), Error{
- Code: BuiltinErr,
- Message: err.Error(),
- })
- }
- }
- }
- }
-
- q.metrics.Timer(metrics.RegoQueryEval).Stop()
- return err
+ return v1.NewQuery(query)
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/trace.go b/vendor/github.com/open-policy-agent/opa/topdown/trace.go
index 277c94b626..4d4cc295e2 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/trace.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/trace.go
@@ -5,898 +5,108 @@
package topdown
import (
- "bytes"
- "fmt"
"io"
- "slices"
- "strings"
- iStrs "github.com/open-policy-agent/opa/internal/strings"
-
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
-)
-
-const (
- minLocationWidth = 5 // len("query")
- maxIdealLocationWidth = 64
- columnPadding = 4
- maxExprVarWidth = 32
- maxPrettyExprVarWidth = 64
+ v1 "github.com/open-policy-agent/opa/v1/topdown"
)
// Op defines the types of tracing events.
-type Op string
+type Op = v1.Op
const (
// EnterOp is emitted when a new query is about to be evaluated.
- EnterOp Op = "Enter"
+ EnterOp = v1.EnterOp
// ExitOp is emitted when a query has evaluated to true.
- ExitOp Op = "Exit"
+ ExitOp = v1.ExitOp
// EvalOp is emitted when an expression is about to be evaluated.
- EvalOp Op = "Eval"
+ EvalOp = v1.EvalOp
// RedoOp is emitted when an expression, rule, or query is being re-evaluated.
- RedoOp Op = "Redo"
+ RedoOp = v1.RedoOp
// SaveOp is emitted when an expression is saved instead of evaluated
// during partial evaluation.
- SaveOp Op = "Save"
+ SaveOp = v1.SaveOp
// FailOp is emitted when an expression evaluates to false.
- FailOp Op = "Fail"
+ FailOp = v1.FailOp
// DuplicateOp is emitted when a query has produced a duplicate value. The search
// will stop at the point where the duplicate was emitted and backtrack.
- DuplicateOp Op = "Duplicate"
+ DuplicateOp = v1.DuplicateOp
// NoteOp is emitted when an expression invokes a tracing built-in function.
- NoteOp Op = "Note"
+ NoteOp = v1.NoteOp
// IndexOp is emitted during an expression evaluation to represent lookup
// matches.
- IndexOp Op = "Index"
+ IndexOp = v1.IndexOp
// WasmOp is emitted when resolving a ref using an external
// Resolver.
- WasmOp Op = "Wasm"
+ WasmOp = v1.WasmOp
// UnifyOp is emitted when two terms are unified. Node will be set to an
// equality expression with the two terms. This Node will not have location
// info.
- UnifyOp Op = "Unify"
- FailedAssertionOp Op = "FailedAssertion"
+ UnifyOp = v1.UnifyOp
+ FailedAssertionOp = v1.FailedAssertionOp
)
// VarMetadata provides some user facing information about
// a variable in some policy.
-type VarMetadata struct {
- Name ast.Var `json:"name"`
- Location *ast.Location `json:"location"`
-}
+type VarMetadata = v1.VarMetadata
// Event contains state associated with a tracing event.
-type Event struct {
- Op Op // Identifies type of event.
- Node ast.Node // Contains AST node relevant to the event.
- Location *ast.Location // The location of the Node this event relates to.
- QueryID uint64 // Identifies the query this event belongs to.
- ParentID uint64 // Identifies the parent query this event belongs to.
- Locals *ast.ValueMap // Contains local variable bindings from the query context. Nil if variables were not included in the trace event.
- LocalMetadata map[ast.Var]VarMetadata // Contains metadata for the local variable bindings. Nil if variables were not included in the trace event.
- Message string // Contains message for Note events.
- Ref *ast.Ref // Identifies the subject ref for the event. Only applies to Index and Wasm operations.
-
- input *ast.Term
- bindings *bindings
- localVirtualCacheSnapshot *ast.ValueMap
-}
-
-func (evt *Event) WithInput(input *ast.Term) *Event {
- evt.input = input
- return evt
-}
-
-// HasRule returns true if the Event contains an ast.Rule.
-func (evt *Event) HasRule() bool {
- _, ok := evt.Node.(*ast.Rule)
- return ok
-}
-
-// HasBody returns true if the Event contains an ast.Body.
-func (evt *Event) HasBody() bool {
- _, ok := evt.Node.(ast.Body)
- return ok
-}
-
-// HasExpr returns true if the Event contains an ast.Expr.
-func (evt *Event) HasExpr() bool {
- _, ok := evt.Node.(*ast.Expr)
- return ok
-}
-
-// Equal returns true if this event is equal to the other event.
-func (evt *Event) Equal(other *Event) bool {
- if evt.Op != other.Op {
- return false
- }
- if evt.QueryID != other.QueryID {
- return false
- }
- if evt.ParentID != other.ParentID {
- return false
- }
- if !evt.equalNodes(other) {
- return false
- }
- return evt.Locals.Equal(other.Locals)
-}
-
-func (evt *Event) String() string {
- return fmt.Sprintf("%v %v %v (qid=%v, pqid=%v)", evt.Op, evt.Node, evt.Locals, evt.QueryID, evt.ParentID)
-}
-
-// Input returns the input object as it was at the event.
-func (evt *Event) Input() *ast.Term {
- return evt.input
-}
-
-// Plug plugs event bindings into the provided ast.Term. Because bindings are mutable, this only makes sense to do when
-// the event is emitted rather than on recorded trace events as the bindings are going to be different by then.
-func (evt *Event) Plug(term *ast.Term) *ast.Term {
- return evt.bindings.Plug(term)
-}
-
-func (evt *Event) equalNodes(other *Event) bool {
- switch a := evt.Node.(type) {
- case ast.Body:
- if b, ok := other.Node.(ast.Body); ok {
- return a.Equal(b)
- }
- case *ast.Rule:
- if b, ok := other.Node.(*ast.Rule); ok {
- return a.Equal(b)
- }
- case *ast.Expr:
- if b, ok := other.Node.(*ast.Expr); ok {
- return a.Equal(b)
- }
- case nil:
- return other.Node == nil
- }
- return false
-}
+type Event = v1.Event
// Tracer defines the interface for tracing in the top-down evaluation engine.
// Deprecated: Use QueryTracer instead.
-type Tracer interface {
- Enabled() bool
- Trace(*Event)
-}
+type Tracer = v1.Tracer
// QueryTracer defines the interface for tracing in the top-down evaluation engine.
// The implementation can provide additional configuration to modify the tracing
// behavior for query evaluations.
-type QueryTracer interface {
- Enabled() bool
- TraceEvent(Event)
- Config() TraceConfig
-}
+type QueryTracer = v1.QueryTracer
// TraceConfig defines some common configuration for Tracer implementations
-type TraceConfig struct {
- PlugLocalVars bool // Indicate whether to plug local variable bindings before calling into the tracer.
-}
-
-// legacyTracer Implements the QueryTracer interface by wrapping an older Tracer instance.
-type legacyTracer struct {
- t Tracer
-}
-
-func (l *legacyTracer) Enabled() bool {
- return l.t.Enabled()
-}
-
-func (l *legacyTracer) Config() TraceConfig {
- return TraceConfig{
- PlugLocalVars: true, // For backwards compatibility old tracers will plug local variables
- }
-}
-
-func (l *legacyTracer) TraceEvent(evt Event) {
- l.t.Trace(&evt)
-}
+type TraceConfig = v1.TraceConfig
// WrapLegacyTracer will create a new QueryTracer which wraps an
// older Tracer instance.
func WrapLegacyTracer(tracer Tracer) QueryTracer {
- return &legacyTracer{t: tracer}
+ return v1.WrapLegacyTracer(tracer)
}
// BufferTracer implements the Tracer and QueryTracer interface by
// simply buffering all events received.
-type BufferTracer []*Event
+type BufferTracer = v1.BufferTracer
// NewBufferTracer returns a new BufferTracer.
func NewBufferTracer() *BufferTracer {
- return &BufferTracer{}
-}
-
-// Enabled always returns true if the BufferTracer is instantiated.
-func (b *BufferTracer) Enabled() bool {
- return b != nil
-}
-
-// Trace adds the event to the buffer.
-// Deprecated: Use TraceEvent instead.
-func (b *BufferTracer) Trace(evt *Event) {
- *b = append(*b, evt)
-}
-
-// TraceEvent adds the event to the buffer.
-func (b *BufferTracer) TraceEvent(evt Event) {
- *b = append(*b, &evt)
-}
-
-// Config returns the Tracers standard configuration
-func (b *BufferTracer) Config() TraceConfig {
- return TraceConfig{PlugLocalVars: true}
+ return v1.NewBufferTracer()
}
// PrettyTrace pretty prints the trace to the writer.
func PrettyTrace(w io.Writer, trace []*Event) {
- PrettyTraceWithOpts(w, trace, PrettyTraceOptions{})
+ v1.PrettyTrace(w, trace)
}
// PrettyTraceWithLocation prints the trace to the writer and includes location information
func PrettyTraceWithLocation(w io.Writer, trace []*Event) {
- PrettyTraceWithOpts(w, trace, PrettyTraceOptions{Locations: true})
-}
-
-type PrettyTraceOptions struct {
- Locations bool // Include location information
- ExprVariables bool // Include variables found in the expression
- LocalVariables bool // Include all local variables
-}
-
-type traceRow []string
-
-func (r *traceRow) add(s string) {
- *r = append(*r, s)
-}
-
-type traceTable struct {
- rows []traceRow
- maxWidths []int
+ v1.PrettyTraceWithLocation(w, trace)
}
-func (t *traceTable) add(row traceRow) {
- t.rows = append(t.rows, row)
- for i := range row {
- if i >= len(t.maxWidths) {
- t.maxWidths = append(t.maxWidths, len(row[i]))
- } else if len(row[i]) > t.maxWidths[i] {
- t.maxWidths[i] = len(row[i])
- }
- }
-}
-
-func (t *traceTable) write(w io.Writer, padding int) {
- for _, row := range t.rows {
- for i, cell := range row {
- width := t.maxWidths[i] + padding
- if i < len(row)-1 {
- _, _ = fmt.Fprintf(w, "%-*s ", width, cell)
- } else {
- _, _ = fmt.Fprintf(w, "%s", cell)
- }
- }
- _, _ = fmt.Fprintln(w)
- }
-}
+type PrettyTraceOptions = v1.PrettyTraceOptions
func PrettyTraceWithOpts(w io.Writer, trace []*Event, opts PrettyTraceOptions) {
- depths := depths{}
-
- // FIXME: Can we shorten each location as we process each trace event instead of beforehand?
- filePathAliases, _ := getShortenedFileNames(trace)
-
- table := traceTable{}
-
- for _, event := range trace {
- depth := depths.GetOrSet(event.QueryID, event.ParentID)
- row := traceRow{}
-
- if opts.Locations {
- location := formatLocation(event, filePathAliases)
- row.add(location)
- }
-
- row.add(formatEvent(event, depth))
-
- if opts.ExprVariables {
- vars := exprLocalVars(event)
- keys := sortedKeys(vars)
-
- buf := new(bytes.Buffer)
- buf.WriteString("{")
- for i, k := range keys {
- if i > 0 {
- buf.WriteString(", ")
- }
- _, _ = fmt.Fprintf(buf, "%v: %s", k, iStrs.Truncate(vars.Get(k).String(), maxExprVarWidth))
- }
- buf.WriteString("}")
- row.add(buf.String())
- }
-
- if opts.LocalVariables {
- if locals := event.Locals; locals != nil {
- keys := sortedKeys(locals)
-
- buf := new(bytes.Buffer)
- buf.WriteString("{")
- for i, k := range keys {
- if i > 0 {
- buf.WriteString(", ")
- }
- _, _ = fmt.Fprintf(buf, "%v: %s", k, iStrs.Truncate(locals.Get(k).String(), maxExprVarWidth))
- }
- buf.WriteString("}")
- row.add(buf.String())
- } else {
- row.add("{}")
- }
- }
-
- table.add(row)
- }
-
- table.write(w, columnPadding)
-}
-
-func sortedKeys(vm *ast.ValueMap) []ast.Value {
- keys := make([]ast.Value, 0, vm.Len())
- vm.Iter(func(k, _ ast.Value) bool {
- keys = append(keys, k)
- return false
- })
- slices.SortFunc(keys, func(a, b ast.Value) int {
- return strings.Compare(a.String(), b.String())
- })
- return keys
-}
-
-func exprLocalVars(e *Event) *ast.ValueMap {
- vars := ast.NewValueMap()
-
- findVars := func(term *ast.Term) bool {
- //if r, ok := term.Value.(ast.Ref); ok {
- // fmt.Printf("ref: %v\n", r)
- // //return true
- //}
- if name, ok := term.Value.(ast.Var); ok {
- if meta, ok := e.LocalMetadata[name]; ok {
- if val := e.Locals.Get(name); val != nil {
- vars.Put(meta.Name, val)
- }
- }
- }
- return false
- }
-
- if r, ok := e.Node.(*ast.Rule); ok {
- // We're only interested in vars in the head, not the body
- ast.WalkTerms(r.Head, findVars)
- return vars
- }
-
- // The local cache snapshot only contains a snapshot for those refs present in the event node,
- // so they can all be added to the vars map.
- e.localVirtualCacheSnapshot.Iter(func(k, v ast.Value) bool {
- vars.Put(k, v)
- return false
- })
-
- ast.WalkTerms(e.Node, findVars)
-
- return vars
-}
-
-func formatEvent(event *Event, depth int) string {
- padding := formatEventPadding(event, depth)
- if event.Op == NoteOp {
- return fmt.Sprintf("%v%v %q", padding, event.Op, event.Message)
- }
-
- var details interface{}
- if node, ok := event.Node.(*ast.Rule); ok {
- details = node.Path()
- } else if event.Ref != nil {
- details = event.Ref
- } else {
- details = rewrite(event).Node
- }
-
- template := "%v%v %v"
- opts := []interface{}{padding, event.Op, details}
-
- if event.Message != "" {
- template += " %v"
- opts = append(opts, event.Message)
- }
-
- return fmt.Sprintf(template, opts...)
+ v1.PrettyTraceWithOpts(w, trace, opts)
}
-func formatEventPadding(event *Event, depth int) string {
- spaces := formatEventSpaces(event, depth)
- if spaces > 1 {
- return strings.Repeat("| ", spaces-1)
- }
- return ""
-}
-
-func formatEventSpaces(event *Event, depth int) int {
- switch event.Op {
- case EnterOp:
- return depth
- case RedoOp:
- if _, ok := event.Node.(*ast.Expr); !ok {
- return depth
- }
- }
- return depth + 1
-}
-
-// getShortenedFileNames will return a map of file paths to shortened aliases
-// that were found in the trace. It also returns the longest location expected
-func getShortenedFileNames(trace []*Event) (map[string]string, int) {
- // Get a deduplicated list of all file paths
- // and the longest file path size
- fpAliases := map[string]string{}
- var canShorten []string
- longestLocation := 0
- for _, event := range trace {
- if event.Location != nil {
- if event.Location.File != "" {
- // length of ":"
- curLen := len(event.Location.File) + numDigits10(event.Location.Row) + 1
- if curLen > longestLocation {
- longestLocation = curLen
- }
-
- if _, ok := fpAliases[event.Location.File]; ok {
- continue
- }
-
- canShorten = append(canShorten, event.Location.File)
-
- // Default to just alias their full path
- fpAliases[event.Location.File] = event.Location.File
- } else {
- // length of ":"
- curLen := minLocationWidth + numDigits10(event.Location.Row) + 1
- if curLen > longestLocation {
- longestLocation = curLen
- }
- }
- }
- }
-
- if len(canShorten) > 0 && longestLocation > maxIdealLocationWidth {
- fpAliases, longestLocation = iStrs.TruncateFilePaths(maxIdealLocationWidth, longestLocation, canShorten...)
- }
-
- return fpAliases, longestLocation
-}
-
-func numDigits10(n int) int {
- if n < 10 {
- return 1
- }
- return numDigits10(n/10) + 1
-}
-
-func formatLocation(event *Event, fileAliases map[string]string) string {
-
- location := event.Location
- if location == nil {
- return ""
- }
-
- if location.File == "" {
- return fmt.Sprintf("query:%v", location.Row)
- }
-
- return fmt.Sprintf("%v:%v", fileAliases[location.File], location.Row)
-}
-
-// depths is a helper for computing the depth of an event. Events within the
-// same query all have the same depth. The depth of query is
-// depth(parent(query))+1.
-type depths map[uint64]int
-
-func (ds depths) GetOrSet(qid uint64, pqid uint64) int {
- depth := ds[qid]
- if depth == 0 {
- depth = ds[pqid]
- depth++
- ds[qid] = depth
- }
- return depth
-}
-
-func builtinTrace(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
-
- str, err := builtins.StringOperand(operands[0].Value, 1)
- if err != nil {
- return handleBuiltinErr(ast.Trace.Name, bctx.Location, err)
- }
-
- if !bctx.TraceEnabled {
- return iter(ast.BooleanTerm(true))
- }
-
- evt := Event{
- Op: NoteOp,
- Location: bctx.Location,
- QueryID: bctx.QueryID,
- ParentID: bctx.ParentID,
- Message: string(str),
- }
-
- for i := range bctx.QueryTracers {
- bctx.QueryTracers[i].TraceEvent(evt)
- }
-
- return iter(ast.BooleanTerm(true))
-}
-
-func rewrite(event *Event) *Event {
-
- cpy := *event
-
- var node ast.Node
-
- switch v := event.Node.(type) {
- case *ast.Expr:
- expr := v.Copy()
-
- // Hide generated local vars in 'key' position that have not been
- // rewritten.
- if ev, ok := v.Terms.(*ast.Every); ok {
- if kv, ok := ev.Key.Value.(ast.Var); ok {
- if rw, ok := cpy.LocalMetadata[kv]; !ok || rw.Name.IsGenerated() {
- expr.Terms.(*ast.Every).Key = nil
- }
- }
- }
- node = expr
- case ast.Body:
- node = v.Copy()
- case *ast.Rule:
- node = v.Copy()
- }
-
- _, _ = ast.TransformVars(node, func(v ast.Var) (ast.Value, error) {
- if meta, ok := cpy.LocalMetadata[v]; ok {
- return meta.Name, nil
- }
- return v, nil
- })
-
- cpy.Node = node
-
- return &cpy
-}
-
-type varInfo struct {
- VarMetadata
- val ast.Value
- exprLoc *ast.Location
- col int // 0-indexed column
-}
-
-func (v varInfo) Value() string {
- if v.val != nil {
- return v.val.String()
- }
- return "undefined"
-}
-
-func (v varInfo) Title() string {
- if v.exprLoc != nil && v.exprLoc.Text != nil {
- return string(v.exprLoc.Text)
- }
- return string(v.Name)
-}
-
-func padLocationText(loc *ast.Location) string {
- if loc == nil {
- return ""
- }
-
- text := string(loc.Text)
-
- if loc.Col == 0 {
- return text
- }
-
- buf := new(bytes.Buffer)
- j := 0
- for i := 1; i < loc.Col; i++ {
- if len(loc.Tabs) > 0 && j < len(loc.Tabs) && loc.Tabs[j] == i {
- buf.WriteString("\t")
- j++
- } else {
- buf.WriteString(" ")
- }
- }
-
- buf.WriteString(text)
- return buf.String()
-}
-
-type PrettyEventOpts struct {
- PrettyVars bool
-}
-
-func walkTestTerms(x interface{}, f func(*ast.Term) bool) {
- var vis *ast.GenericVisitor
- vis = ast.NewGenericVisitor(func(x interface{}) bool {
- switch x := x.(type) {
- case ast.Call:
- for _, t := range x[1:] {
- vis.Walk(t)
- }
- return true
- case *ast.Expr:
- if x.IsCall() {
- for _, o := range x.Operands() {
- vis.Walk(o)
- }
- for i := range x.With {
- vis.Walk(x.With[i])
- }
- return true
- }
- case *ast.Term:
- return f(x)
- case *ast.With:
- vis.Walk(x.Value)
- return true
- }
- return false
- })
- vis.Walk(x)
-}
+type PrettyEventOpts = v1.PrettyEventOpts
func PrettyEvent(w io.Writer, e *Event, opts PrettyEventOpts) error {
- if !opts.PrettyVars {
- _, _ = fmt.Fprintln(w, padLocationText(e.Location))
- return nil
- }
-
- buf := new(bytes.Buffer)
- exprVars := map[string]varInfo{}
-
- findVars := func(unknownAreUndefined bool) func(term *ast.Term) bool {
- return func(term *ast.Term) bool {
- if term.Location == nil {
- return false
- }
-
- switch v := term.Value.(type) {
- case *ast.ArrayComprehension, *ast.SetComprehension, *ast.ObjectComprehension:
- // we don't report on the internals of a comprehension, as it's already evaluated, and we won't have the local vars.
- return true
- case ast.Var:
- var info *varInfo
- if meta, ok := e.LocalMetadata[v]; ok {
- info = &varInfo{
- VarMetadata: meta,
- val: e.Locals.Get(v),
- exprLoc: term.Location,
- }
- } else if unknownAreUndefined {
- info = &varInfo{
- VarMetadata: VarMetadata{Name: v},
- exprLoc: term.Location,
- col: term.Location.Col,
- }
- }
-
- if info != nil {
- if v, exists := exprVars[info.Title()]; !exists || v.val == nil {
- if term.Location != nil {
- info.col = term.Location.Col
- }
- exprVars[info.Title()] = *info
- }
- }
- }
- return false
- }
- }
-
- expr, ok := e.Node.(*ast.Expr)
- if !ok || expr == nil {
- return nil
- }
-
- base := expr.BaseCogeneratedExpr()
- exprText := padLocationText(base.Location)
- buf.WriteString(exprText)
-
- e.localVirtualCacheSnapshot.Iter(func(k, v ast.Value) bool {
- var info *varInfo
- switch k := k.(type) {
- case ast.Ref:
- info = &varInfo{
- VarMetadata: VarMetadata{Name: ast.Var(k.String())},
- val: v,
- exprLoc: k[0].Location,
- col: k[0].Location.Col,
- }
- case *ast.ArrayComprehension:
- info = &varInfo{
- VarMetadata: VarMetadata{Name: ast.Var(k.String())},
- val: v,
- exprLoc: k.Term.Location,
- col: k.Term.Location.Col,
- }
- case *ast.SetComprehension:
- info = &varInfo{
- VarMetadata: VarMetadata{Name: ast.Var(k.String())},
- val: v,
- exprLoc: k.Term.Location,
- col: k.Term.Location.Col,
- }
- case *ast.ObjectComprehension:
- info = &varInfo{
- VarMetadata: VarMetadata{Name: ast.Var(k.String())},
- val: v,
- exprLoc: k.Key.Location,
- col: k.Key.Location.Col,
- }
- }
-
- if info != nil {
- exprVars[info.Title()] = *info
- }
-
- return false
- })
-
- // If the expression is negated, we can't confidently assert that vars with unknown values are 'undefined',
- // since the compiler might have opted out of the necessary rewrite.
- walkTestTerms(expr, findVars(!expr.Negated))
- coExprs := expr.CogeneratedExprs()
- for _, coExpr := range coExprs {
- // Only the current "co-expr" can have undefined vars, if we don't know the value for a var in any other co-expr,
- // it's unknown, not undefined. A var can be unknown if it hasn't been assigned a value yet, because the co-expr
- // hasn't been evaluated yet (the fail happened before it).
- walkTestTerms(coExpr, findVars(false))
- }
-
- printPrettyVars(buf, exprVars)
- _, _ = fmt.Fprint(w, buf.String())
- return nil
-}
-
-func printPrettyVars(w *bytes.Buffer, exprVars map[string]varInfo) {
- containsTabs := false
- varRows := make(map[int]interface{})
- for _, info := range exprVars {
- if len(info.exprLoc.Tabs) > 0 {
- containsTabs = true
- }
- varRows[info.exprLoc.Row] = nil
- }
-
- if containsTabs && len(varRows) > 1 {
- // We can't (currently) reliably point to var locations when they are on different rows that contain tabs.
- // So we'll just print them in alphabetical order instead.
- byName := make([]varInfo, 0, len(exprVars))
- for _, info := range exprVars {
- byName = append(byName, info)
- }
- slices.SortStableFunc(byName, func(a, b varInfo) int {
- return strings.Compare(a.Title(), b.Title())
- })
-
- w.WriteString("\n\nWhere:\n")
- for _, info := range byName {
- w.WriteString(fmt.Sprintf("\n%s: %s", info.Title(), iStrs.Truncate(info.Value(), maxPrettyExprVarWidth)))
- }
-
- return
- }
-
- byCol := make([]varInfo, 0, len(exprVars))
- for _, info := range exprVars {
- byCol = append(byCol, info)
- }
- slices.SortFunc(byCol, func(a, b varInfo) int {
- // sort first by column, then by reverse row (to present vars in the same order they appear in the expr)
- if a.col == b.col {
- if a.exprLoc.Row == b.exprLoc.Row {
- return strings.Compare(a.Title(), b.Title())
- }
- return b.exprLoc.Row - a.exprLoc.Row
- }
- return a.col - b.col
- })
-
- if len(byCol) == 0 {
- return
- }
-
- w.WriteString("\n")
- printArrows(w, byCol, -1)
- for i := len(byCol) - 1; i >= 0; i-- {
- w.WriteString("\n")
- printArrows(w, byCol, i)
- }
-}
-
-func printArrows(w *bytes.Buffer, l []varInfo, printValueAt int) {
- prevCol := 0
- var slice []varInfo
- if printValueAt >= 0 {
- slice = l[:printValueAt+1]
- } else {
- slice = l
- }
- isFirst := true
- for i, info := range slice {
-
- isLast := i >= len(slice)-1
- col := info.col
-
- if !isLast && col == l[i+1].col {
- // We're sharing the same column with another, subsequent var
- continue
- }
-
- spaces := col - 1
- if i > 0 && !isFirst {
- spaces = (col - prevCol) - 1
- }
-
- for j := 0; j < spaces; j++ {
- tab := false
- for _, t := range info.exprLoc.Tabs {
- if t == j+prevCol+1 {
- w.WriteString("\t")
- tab = true
- break
- }
- }
- if !tab {
- w.WriteString(" ")
- }
- }
-
- if isLast && printValueAt >= 0 {
- valueStr := iStrs.Truncate(info.Value(), maxPrettyExprVarWidth)
- if (i > 0 && col == l[i-1].col) || (i < len(l)-1 && col == l[i+1].col) {
- // There is another var on this column, so we need to include the name to differentiate them.
- w.WriteString(fmt.Sprintf("%s: %s", info.Title(), valueStr))
- } else {
- w.WriteString(valueStr)
- }
- } else {
- w.WriteString("|")
- }
- prevCol = col
- isFirst = false
- }
-}
-
-func init() {
- RegisterBuiltinFunc(ast.Trace.Name, builtinTrace)
+ return v1.PrettyEvent(w, e, opts)
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/walk.go b/vendor/github.com/open-policy-agent/opa/topdown/walk.go
deleted file mode 100644
index 0f3b3544b5..0000000000
--- a/vendor/github.com/open-policy-agent/opa/topdown/walk.go
+++ /dev/null
@@ -1,141 +0,0 @@
-// Copyright 2017 The OPA Authors. All rights reserved.
-// Use of this source code is governed by an Apache2
-// license that can be found in the LICENSE file.
-
-package topdown
-
-import (
- "github.com/open-policy-agent/opa/ast"
-)
-
-func evalWalk(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- input := operands[0]
-
- if pathIsWildcard(operands) {
- // When the path assignment is a wildcard: walk(input, [_, value])
- // we may skip the path construction entirely, and simply return
- // same pointer in each iteration. This is a much more efficient
- // path when only the values are needed.
- return walkNoPath(input, iter)
- }
-
- filter := getOutputPath(operands)
- return walk(filter, nil, input, iter)
-}
-
-func walk(filter, path *ast.Array, input *ast.Term, iter func(*ast.Term) error) error {
-
- if filter == nil || filter.Len() == 0 {
- if path == nil {
- path = ast.NewArray()
- }
-
- if err := iter(ast.ArrayTerm(ast.NewTerm(path.Copy()), input)); err != nil {
- return err
- }
- }
-
- if filter != nil && filter.Len() > 0 {
- key := filter.Elem(0)
- filter = filter.Slice(1, -1)
- if key.IsGround() {
- if term := input.Get(key); term != nil {
- path = pathAppend(path, key)
- return walk(filter, path, term, iter)
- }
- return nil
- }
- }
-
- switch v := input.Value.(type) {
- case *ast.Array:
- for i := 0; i < v.Len(); i++ {
- path = pathAppend(path, ast.IntNumberTerm(i))
- if err := walk(filter, path, v.Elem(i), iter); err != nil {
- return err
- }
- path = path.Slice(0, path.Len()-1)
- }
- case ast.Object:
- return v.Iter(func(k, v *ast.Term) error {
- path = pathAppend(path, k)
- if err := walk(filter, path, v, iter); err != nil {
- return err
- }
- path = path.Slice(0, path.Len()-1)
- return nil
- })
- case ast.Set:
- return v.Iter(func(elem *ast.Term) error {
- path = pathAppend(path, elem)
- if err := walk(filter, path, elem, iter); err != nil {
- return err
- }
- path = path.Slice(0, path.Len()-1)
- return nil
- })
- }
-
- return nil
-}
-
-var emptyArr = ast.ArrayTerm()
-
-func walkNoPath(input *ast.Term, iter func(*ast.Term) error) error {
- if err := iter(ast.ArrayTerm(emptyArr, input)); err != nil {
- return err
- }
-
- switch v := input.Value.(type) {
- case ast.Object:
- return v.Iter(func(_, v *ast.Term) error {
- return walkNoPath(v, iter)
- })
- case *ast.Array:
- for i := 0; i < v.Len(); i++ {
- if err := walkNoPath(v.Elem(i), iter); err != nil {
- return err
- }
- }
- case ast.Set:
- return v.Iter(func(elem *ast.Term) error {
- return walkNoPath(elem, iter)
- })
- }
-
- return nil
-}
-
-func pathAppend(path *ast.Array, key *ast.Term) *ast.Array {
- if path == nil {
- return ast.NewArray(key)
- }
-
- return path.Append(key)
-}
-
-func getOutputPath(operands []*ast.Term) *ast.Array {
- if len(operands) == 2 {
- if arr, ok := operands[1].Value.(*ast.Array); ok && arr.Len() == 2 {
- if path, ok := arr.Elem(0).Value.(*ast.Array); ok {
- return path
- }
- }
- }
- return nil
-}
-
-func pathIsWildcard(operands []*ast.Term) bool {
- if len(operands) == 2 {
- if arr, ok := operands[1].Value.(*ast.Array); ok && arr.Len() == 2 {
- if v, ok := arr.Elem(0).Value.(ast.Var); ok {
- return v.IsWildcard()
- }
- }
- }
- return false
-}
-
-func init() {
- RegisterBuiltinFunc(ast.WalkBuiltin.Name, evalWalk)
-}
diff --git a/vendor/github.com/open-policy-agent/opa/util/backoff.go b/vendor/github.com/open-policy-agent/opa/util/backoff.go
deleted file mode 100644
index 6fbf63ef77..0000000000
--- a/vendor/github.com/open-policy-agent/opa/util/backoff.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2018 The OPA Authors. All rights reserved.
-// Use of this source code is governed by an Apache2
-// license that can be found in the LICENSE file.
-
-package util
-
-import (
- "math/rand"
- "time"
-)
-
-func init() {
- // NOTE(sr): We don't need good random numbers here; it's used for jittering
- // the backup timing a bit. But anyways, let's make it random enough; without
- // a call to rand.Seed() we'd get the same stream of numbers for each program
- // run. (Or not, if some other packages happens to seed the global randomness
- // source.)
- // Note(philipc): rand.Seed() was deprecated in Go 1.20, so we've switched to
- // using the recommended rand.New(rand.NewSource(seed)) style.
- rand.New(rand.NewSource(time.Now().UnixNano()))
-}
-
-// DefaultBackoff returns a delay with an exponential backoff based on the
-// number of retries.
-func DefaultBackoff(base, max float64, retries int) time.Duration {
- return Backoff(base, max, .2, 1.6, retries)
-}
-
-// Backoff returns a delay with an exponential backoff based on the number of
-// retries. Same algorithm used in gRPC.
-func Backoff(base, max, jitter, factor float64, retries int) time.Duration {
- if retries == 0 {
- return 0
- }
-
- backoff, max := base, max
- for backoff < max && retries > 0 {
- backoff *= factor
- retries--
- }
- if backoff > max {
- backoff = max
- }
-
- // Randomize backoff delays so that if a cluster of requests start at
- // the same time, they won't operate in lockstep.
- backoff *= 1 + jitter*(rand.Float64()*2-1)
- if backoff < 0 {
- return 0
- }
-
- return time.Duration(backoff)
-}
diff --git a/vendor/github.com/open-policy-agent/opa/util/hashmap.go b/vendor/github.com/open-policy-agent/opa/util/hashmap.go
deleted file mode 100644
index 8875a6323e..0000000000
--- a/vendor/github.com/open-policy-agent/opa/util/hashmap.go
+++ /dev/null
@@ -1,157 +0,0 @@
-// Copyright 2016 The OPA Authors. All rights reserved.
-// Use of this source code is governed by an Apache2
-// license that can be found in the LICENSE file.
-
-package util
-
-import (
- "fmt"
- "strings"
-)
-
-// T is a concise way to refer to T.
-type T interface{}
-
-type hashEntry struct {
- k T
- v T
- next *hashEntry
-}
-
-// HashMap represents a key/value map.
-type HashMap struct {
- eq func(T, T) bool
- hash func(T) int
- table map[int]*hashEntry
- size int
-}
-
-// NewHashMap returns a new empty HashMap.
-func NewHashMap(eq func(T, T) bool, hash func(T) int) *HashMap {
- return &HashMap{
- eq: eq,
- hash: hash,
- table: make(map[int]*hashEntry),
- size: 0,
- }
-}
-
-// Copy returns a shallow copy of this HashMap.
-func (h *HashMap) Copy() *HashMap {
- cpy := NewHashMap(h.eq, h.hash)
- h.Iter(func(k, v T) bool {
- cpy.Put(k, v)
- return false
- })
- return cpy
-}
-
-// Equal returns true if this HashMap equals the other HashMap.
-// Two hash maps are equal if they contain the same key/value pairs.
-func (h *HashMap) Equal(other *HashMap) bool {
- if h.Len() != other.Len() {
- return false
- }
- return !h.Iter(func(k, v T) bool {
- ov, ok := other.Get(k)
- if !ok {
- return true
- }
- return !h.eq(v, ov)
- })
-}
-
-// Get returns the value for k.
-func (h *HashMap) Get(k T) (T, bool) {
- hash := h.hash(k)
- for entry := h.table[hash]; entry != nil; entry = entry.next {
- if h.eq(entry.k, k) {
- return entry.v, true
- }
- }
- return nil, false
-}
-
-// Delete removes the key k.
-func (h *HashMap) Delete(k T) {
- hash := h.hash(k)
- var prev *hashEntry
- for entry := h.table[hash]; entry != nil; entry = entry.next {
- if h.eq(entry.k, k) {
- if prev != nil {
- prev.next = entry.next
- } else {
- h.table[hash] = entry.next
- }
- h.size--
- return
- }
- prev = entry
- }
-}
-
-// Hash returns the hash code for this hash map.
-func (h *HashMap) Hash() int {
- var hash int
- h.Iter(func(k, v T) bool {
- hash += h.hash(k) + h.hash(v)
- return false
- })
- return hash
-}
-
-// Iter invokes the iter function for each element in the HashMap.
-// If the iter function returns true, iteration stops and the return value is true.
-// If the iter function never returns true, iteration proceeds through all elements
-// and the return value is false.
-func (h *HashMap) Iter(iter func(T, T) bool) bool {
- for _, entry := range h.table {
- for ; entry != nil; entry = entry.next {
- if iter(entry.k, entry.v) {
- return true
- }
- }
- }
- return false
-}
-
-// Len returns the current size of this HashMap.
-func (h *HashMap) Len() int {
- return h.size
-}
-
-// Put inserts a key/value pair into this HashMap. If the key is already present, the existing
-// value is overwritten.
-func (h *HashMap) Put(k T, v T) {
- hash := h.hash(k)
- head := h.table[hash]
- for entry := head; entry != nil; entry = entry.next {
- if h.eq(entry.k, k) {
- entry.v = v
- return
- }
- }
- h.table[hash] = &hashEntry{k: k, v: v, next: head}
- h.size++
-}
-
-func (h *HashMap) String() string {
- var buf []string
- h.Iter(func(k T, v T) bool {
- buf = append(buf, fmt.Sprintf("%v: %v", k, v))
- return false
- })
- return "{" + strings.Join(buf, ", ") + "}"
-}
-
-// Update returns a new HashMap with elements from the other HashMap put into this HashMap.
-// If the other HashMap contains elements with the same key as this HashMap, the value
-// from the other HashMap overwrites the value from this HashMap.
-func (h *HashMap) Update(other *HashMap) *HashMap {
- updated := h.Copy()
- other.Iter(func(k, v T) bool {
- updated.Put(k, v)
- return false
- })
- return updated
-}
diff --git a/vendor/github.com/open-policy-agent/opa/util/maps.go b/vendor/github.com/open-policy-agent/opa/util/maps.go
deleted file mode 100644
index d943b4d0a8..0000000000
--- a/vendor/github.com/open-policy-agent/opa/util/maps.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package util
-
-// Values returns a slice of values from any map. Copied from golang.org/x/exp/maps.
-func Values[M ~map[K]V, K comparable, V any](m M) []V {
- r := make([]V, 0, len(m))
- for _, v := range m {
- r = append(r, v)
- }
- return r
-}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/annotations.go b/vendor/github.com/open-policy-agent/opa/v1/ast/annotations.go
new file mode 100644
index 0000000000..a83cdf9c07
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/annotations.go
@@ -0,0 +1,984 @@
+// Copyright 2022 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "encoding/json"
+ "fmt"
+ "net/url"
+ "slices"
+ "strings"
+
+ "github.com/open-policy-agent/opa/internal/deepcopy"
+ astJSON "github.com/open-policy-agent/opa/v1/ast/json"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+const (
+ annotationScopePackage = "package"
+ annotationScopeRule = "rule"
+ annotationScopeDocument = "document"
+ annotationScopeSubpackages = "subpackages"
+)
+
+type (
+ // Annotations represents metadata attached to other AST nodes such as rules.
+ Annotations struct {
+ Scope string `json:"scope"`
+ Title string `json:"title,omitempty"`
+ Entrypoint bool `json:"entrypoint,omitempty"`
+ Description string `json:"description,omitempty"`
+ Organizations []string `json:"organizations,omitempty"`
+ RelatedResources []*RelatedResourceAnnotation `json:"related_resources,omitempty"`
+ Authors []*AuthorAnnotation `json:"authors,omitempty"`
+ Schemas []*SchemaAnnotation `json:"schemas,omitempty"`
+ Custom map[string]any `json:"custom,omitempty"`
+ Location *Location `json:"location,omitempty"`
+
+ comments []*Comment
+ node Node
+ }
+
+ // SchemaAnnotation contains a schema declaration for the document identified by the path.
+ SchemaAnnotation struct {
+ Path Ref `json:"path"`
+ Schema Ref `json:"schema,omitempty"`
+ Definition *any `json:"definition,omitempty"`
+ }
+
+ AuthorAnnotation struct {
+ Name string `json:"name"`
+ Email string `json:"email,omitempty"`
+ }
+
+ RelatedResourceAnnotation struct {
+ Ref url.URL `json:"ref"`
+ Description string `json:"description,omitempty"`
+ }
+
+ AnnotationSet struct {
+ byRule map[*Rule][]*Annotations
+ byPackage map[int]*Annotations
+ byPath *annotationTreeNode
+ modules []*Module // Modules this set was constructed from
+ }
+
+ annotationTreeNode struct {
+ Value *Annotations
+ Children map[Value]*annotationTreeNode // we assume key elements are hashable (vars and strings only!)
+ }
+
+ AnnotationsRef struct {
+ Path Ref `json:"path"` // The path of the node the annotations are applied to
+ Annotations *Annotations `json:"annotations,omitempty"`
+ Location *Location `json:"location,omitempty"` // The location of the node the annotations are applied to
+
+ node Node // The node the annotations are applied to
+ }
+
+ AnnotationsRefSet []*AnnotationsRef
+
+ FlatAnnotationsRefSet AnnotationsRefSet
+)
+
+func (a *Annotations) String() string {
+ bs, _ := a.MarshalJSON()
+ return string(bs)
+}
+
+// Loc returns the location of this annotation.
+func (a *Annotations) Loc() *Location {
+ return a.Location
+}
+
+// SetLoc updates the location of this annotation.
+func (a *Annotations) SetLoc(l *Location) {
+ a.Location = l
+}
+
+// EndLoc returns the location of this annotation's last comment line.
+func (a *Annotations) EndLoc() *Location {
+ count := len(a.comments)
+ if count == 0 {
+ return a.Location
+ }
+ return a.comments[count-1].Location
+}
+
+// Compare returns an integer indicating if a is less than, equal to, or greater
+// than other.
+func (a *Annotations) Compare(other *Annotations) int {
+
+ if a == nil && other == nil {
+ return 0
+ }
+
+ if a == nil {
+ return -1
+ }
+
+ if other == nil {
+ return 1
+ }
+
+ if cmp := scopeCompare(a.Scope, other.Scope); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := strings.Compare(a.Title, other.Title); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := strings.Compare(a.Description, other.Description); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := compareStringLists(a.Organizations, other.Organizations); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := compareRelatedResources(a.RelatedResources, other.RelatedResources); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := compareAuthors(a.Authors, other.Authors); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := compareSchemas(a.Schemas, other.Schemas); cmp != 0 {
+ return cmp
+ }
+
+ if a.Entrypoint != other.Entrypoint {
+ if a.Entrypoint {
+ return 1
+ }
+ return -1
+ }
+
+ if cmp := util.Compare(a.Custom, other.Custom); cmp != 0 {
+ return cmp
+ }
+
+ return 0
+}
+
+// GetTargetPath returns the path of the node these Annotations are applied to (the target)
+func (a *Annotations) GetTargetPath() Ref {
+ switch n := a.node.(type) {
+ case *Package:
+ return n.Path
+ case *Rule:
+ return n.Ref().GroundPrefix()
+ default:
+ return nil
+ }
+}
+
+func (a *Annotations) MarshalJSON() ([]byte, error) {
+ if a == nil {
+ return []byte(`{"scope":""}`), nil
+ }
+
+ data := map[string]any{
+ "scope": a.Scope,
+ }
+
+ if a.Title != "" {
+ data["title"] = a.Title
+ }
+
+ if a.Description != "" {
+ data["description"] = a.Description
+ }
+
+ if a.Entrypoint {
+ data["entrypoint"] = a.Entrypoint
+ }
+
+ if len(a.Organizations) > 0 {
+ data["organizations"] = a.Organizations
+ }
+
+ if len(a.RelatedResources) > 0 {
+ data["related_resources"] = a.RelatedResources
+ }
+
+ if len(a.Authors) > 0 {
+ data["authors"] = a.Authors
+ }
+
+ if len(a.Schemas) > 0 {
+ data["schemas"] = a.Schemas
+ }
+
+ if len(a.Custom) > 0 {
+ data["custom"] = a.Custom
+ }
+
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.Annotations {
+ if a.Location != nil {
+ data["location"] = a.Location
+ }
+ }
+
+ return json.Marshal(data)
+}
+
+func NewAnnotationsRef(a *Annotations) *AnnotationsRef {
+ var loc *Location
+ if a.node != nil {
+ loc = a.node.Loc()
+ }
+
+ return &AnnotationsRef{
+ Location: loc,
+ Path: a.GetTargetPath(),
+ Annotations: a,
+ node: a.node,
+ }
+}
+
+func (ar *AnnotationsRef) GetPackage() *Package {
+ switch n := ar.node.(type) {
+ case *Package:
+ return n
+ case *Rule:
+ return n.Module.Package
+ default:
+ return nil
+ }
+}
+
+func (ar *AnnotationsRef) GetRule() *Rule {
+ switch n := ar.node.(type) {
+ case *Rule:
+ return n
+ default:
+ return nil
+ }
+}
+
+func (ar *AnnotationsRef) MarshalJSON() ([]byte, error) {
+ data := map[string]any{
+ "path": ar.Path,
+ }
+
+ if ar.Annotations != nil {
+ data["annotations"] = ar.Annotations
+ }
+
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.AnnotationsRef {
+ if ar.Location != nil {
+ data["location"] = ar.Location
+ }
+
+ // The location set for the schema ref terms is wrong (always set to
+ // row 1) and not really useful anyway.. so strip it out before marshalling
+ for _, schema := range ar.Annotations.Schemas {
+ if schema.Path != nil {
+ for _, term := range schema.Path {
+ term.Location = nil
+ }
+ }
+ }
+ }
+
+ return json.Marshal(data)
+}
+
+func scopeCompare(s1, s2 string) int {
+ o1 := scopeOrder(s1)
+ o2 := scopeOrder(s2)
+
+ if o2 < o1 {
+ return 1
+ } else if o2 > o1 {
+ return -1
+ }
+
+ if s1 < s2 {
+ return -1
+ } else if s2 < s1 {
+ return 1
+ }
+
+ return 0
+}
+
+func scopeOrder(s string) int {
+ if s == annotationScopeRule {
+ return 1
+ }
+ return 0
+}
+
+func compareAuthors(a, b []*AuthorAnnotation) int {
+ if len(a) > len(b) {
+ return 1
+ } else if len(a) < len(b) {
+ return -1
+ }
+
+ for i := range a {
+ if cmp := a[i].Compare(b[i]); cmp != 0 {
+ return cmp
+ }
+ }
+
+ return 0
+}
+
+func compareRelatedResources(a, b []*RelatedResourceAnnotation) int {
+ if len(a) > len(b) {
+ return 1
+ } else if len(a) < len(b) {
+ return -1
+ }
+
+ for i := range a {
+ if cmp := a[i].Compare(b[i]); cmp != 0 {
+ return cmp
+ }
+ }
+
+ return 0
+}
+
+func compareSchemas(a, b []*SchemaAnnotation) int {
+ maxLen := min(len(b), len(a))
+
+ for i := range maxLen {
+ if cmp := a[i].Compare(b[i]); cmp != 0 {
+ return cmp
+ }
+ }
+
+ if len(a) > len(b) {
+ return 1
+ } else if len(a) < len(b) {
+ return -1
+ }
+
+ return 0
+}
+
+func compareStringLists(a, b []string) int {
+ if len(a) > len(b) {
+ return 1
+ } else if len(a) < len(b) {
+ return -1
+ }
+
+ for i := range a {
+ if cmp := strings.Compare(a[i], b[i]); cmp != 0 {
+ return cmp
+ }
+ }
+
+ return 0
+}
+
+// Copy returns a deep copy of s.
+func (a *Annotations) Copy(node Node) *Annotations {
+ cpy := *a
+
+ cpy.Organizations = make([]string, len(a.Organizations))
+ copy(cpy.Organizations, a.Organizations)
+
+ cpy.RelatedResources = make([]*RelatedResourceAnnotation, len(a.RelatedResources))
+ for i := range a.RelatedResources {
+ cpy.RelatedResources[i] = a.RelatedResources[i].Copy()
+ }
+
+ cpy.Authors = make([]*AuthorAnnotation, len(a.Authors))
+ for i := range a.Authors {
+ cpy.Authors[i] = a.Authors[i].Copy()
+ }
+
+ cpy.Schemas = make([]*SchemaAnnotation, len(a.Schemas))
+ for i := range a.Schemas {
+ cpy.Schemas[i] = a.Schemas[i].Copy()
+ }
+
+ if a.Custom != nil {
+ cpy.Custom = deepcopy.Map(a.Custom)
+ }
+
+ cpy.node = node
+
+ return &cpy
+}
+
+// toObject constructs an AST Object from the annotation.
+func (a *Annotations) toObject() (*Object, *Error) {
+ obj := NewObject()
+
+ if a == nil {
+ return &obj, nil
+ }
+
+ if len(a.Scope) > 0 {
+ switch a.Scope {
+ case annotationScopeDocument:
+ obj.Insert(InternedStringTerm("scope"), InternedStringTerm("document"))
+ case annotationScopePackage:
+ obj.Insert(InternedStringTerm("scope"), InternedStringTerm("package"))
+ case annotationScopeRule:
+ obj.Insert(InternedStringTerm("scope"), InternedStringTerm("rule"))
+ case annotationScopeSubpackages:
+ obj.Insert(InternedStringTerm("scope"), InternedStringTerm("subpackages"))
+ default:
+ obj.Insert(InternedStringTerm("scope"), StringTerm(a.Scope))
+ }
+ }
+
+ if len(a.Title) > 0 {
+ obj.Insert(InternedStringTerm("title"), StringTerm(a.Title))
+ }
+
+ if a.Entrypoint {
+ obj.Insert(InternedStringTerm("entrypoint"), InternedBooleanTerm(true))
+ }
+
+ if len(a.Description) > 0 {
+ obj.Insert(InternedStringTerm("description"), StringTerm(a.Description))
+ }
+
+ if len(a.Organizations) > 0 {
+ orgs := make([]*Term, 0, len(a.Organizations))
+ for _, org := range a.Organizations {
+ orgs = append(orgs, StringTerm(org))
+ }
+ obj.Insert(InternedStringTerm("organizations"), ArrayTerm(orgs...))
+ }
+
+ if len(a.RelatedResources) > 0 {
+ rrs := make([]*Term, 0, len(a.RelatedResources))
+ for _, rr := range a.RelatedResources {
+ rrObj := NewObject(Item(InternedStringTerm("ref"), StringTerm(rr.Ref.String())))
+ if len(rr.Description) > 0 {
+ rrObj.Insert(InternedStringTerm("description"), StringTerm(rr.Description))
+ }
+ rrs = append(rrs, NewTerm(rrObj))
+ }
+ obj.Insert(InternedStringTerm("related_resources"), ArrayTerm(rrs...))
+ }
+
+ if len(a.Authors) > 0 {
+ as := make([]*Term, 0, len(a.Authors))
+ for _, author := range a.Authors {
+ aObj := NewObject()
+ if len(author.Name) > 0 {
+ aObj.Insert(InternedStringTerm("name"), StringTerm(author.Name))
+ }
+ if len(author.Email) > 0 {
+ aObj.Insert(InternedStringTerm("email"), StringTerm(author.Email))
+ }
+ as = append(as, NewTerm(aObj))
+ }
+ obj.Insert(InternedStringTerm("authors"), ArrayTerm(as...))
+ }
+
+ if len(a.Schemas) > 0 {
+ ss := make([]*Term, 0, len(a.Schemas))
+ for _, s := range a.Schemas {
+ sObj := NewObject()
+ if len(s.Path) > 0 {
+ sObj.Insert(InternedStringTerm("path"), NewTerm(s.Path.toArray()))
+ }
+ if len(s.Schema) > 0 {
+ sObj.Insert(InternedStringTerm("schema"), NewTerm(s.Schema.toArray()))
+ }
+ if s.Definition != nil {
+ def, err := InterfaceToValue(s.Definition)
+ if err != nil {
+ return nil, NewError(CompileErr, a.Location, "invalid definition in schema annotation: %s", err.Error())
+ }
+ sObj.Insert(InternedStringTerm("definition"), NewTerm(def))
+ }
+ ss = append(ss, NewTerm(sObj))
+ }
+ obj.Insert(InternedStringTerm("schemas"), ArrayTerm(ss...))
+ }
+
+ if len(a.Custom) > 0 {
+ c, err := InterfaceToValue(a.Custom)
+ if err != nil {
+ return nil, NewError(CompileErr, a.Location, "invalid custom annotation %s", err.Error())
+ }
+ obj.Insert(InternedStringTerm("custom"), NewTerm(c))
+ }
+
+ return &obj, nil
+}
+
+func attachRuleAnnotations(mod *Module) {
+ // make a copy of the annotations
+ cpy := make([]*Annotations, len(mod.Annotations))
+ for i, a := range mod.Annotations {
+ cpy[i] = a.Copy(a.node)
+ }
+
+ for _, rule := range mod.Rules {
+ var j int
+ var found bool
+ for i, a := range cpy {
+ if rule.Ref().GroundPrefix().Equal(a.GetTargetPath()) {
+ if a.Scope == annotationScopeDocument {
+ rule.Annotations = append(rule.Annotations, a)
+ } else if a.Scope == annotationScopeRule && rule.Loc().Row > a.Location.Row {
+ j = i
+ found = true
+ rule.Annotations = append(rule.Annotations, a)
+ }
+ }
+ }
+
+ if found && j < len(cpy) {
+ cpy = slices.Delete(cpy, j, j+1)
+ }
+ }
+}
+
+func attachAnnotationsNodes(mod *Module) Errors {
+ var errs Errors
+
+ // Find first non-annotation statement following each annotation and attach
+ // the annotation to that statement.
+ for _, a := range mod.Annotations {
+ for _, stmt := range mod.stmts {
+ _, ok := stmt.(*Annotations)
+ if !ok {
+ if stmt.Loc().Row > a.Location.Row {
+ a.node = stmt
+ break
+ }
+ }
+ }
+
+ if a.Scope == "" {
+ switch a.node.(type) {
+ case *Rule:
+ if a.Entrypoint {
+ a.Scope = annotationScopeDocument
+ } else {
+ a.Scope = annotationScopeRule
+ }
+ case *Package:
+ a.Scope = annotationScopePackage
+ case *Import:
+ // Note that this isn't a valid scope, but set here so that the
+ // validate function called below can print an error message with
+ // a context that makes sense ("invalid scope: 'import'" instead of
+ // "invalid scope: '')
+ a.Scope = "import"
+ }
+ }
+
+ if err := validateAnnotationScopeAttachment(a); err != nil {
+ errs = append(errs, err)
+ }
+
+ if err := validateAnnotationEntrypointAttachment(a); err != nil {
+ errs = append(errs, err)
+ }
+ }
+
+ return errs
+}
+
+func validateAnnotationScopeAttachment(a *Annotations) *Error {
+
+ switch a.Scope {
+ case annotationScopeRule, annotationScopeDocument:
+ if _, ok := a.node.(*Rule); ok {
+ return nil
+ }
+ return newScopeAttachmentErr(a, "rule")
+ case annotationScopePackage, annotationScopeSubpackages:
+ if _, ok := a.node.(*Package); ok {
+ return nil
+ }
+ return newScopeAttachmentErr(a, "package")
+ }
+
+ return NewError(ParseErr, a.Loc(), "invalid annotation scope '%v'. Use one of '%s', '%s', '%s', or '%s'",
+ a.Scope, annotationScopeRule, annotationScopeDocument, annotationScopePackage, annotationScopeSubpackages)
+}
+
+func validateAnnotationEntrypointAttachment(a *Annotations) *Error {
+ if a.Entrypoint && !(a.Scope == annotationScopeDocument || a.Scope == annotationScopePackage) {
+ return NewError(
+ ParseErr, a.Loc(), "annotation entrypoint applied to non-document or package scope '%v'", a.Scope)
+ }
+ return nil
+}
+
+// Copy returns a deep copy of a.
+func (a *AuthorAnnotation) Copy() *AuthorAnnotation {
+ cpy := *a
+ return &cpy
+}
+
+// Compare returns an integer indicating if s is less than, equal to, or greater
+// than other.
+func (a *AuthorAnnotation) Compare(other *AuthorAnnotation) int {
+ if cmp := strings.Compare(a.Name, other.Name); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := strings.Compare(a.Email, other.Email); cmp != 0 {
+ return cmp
+ }
+
+ return 0
+}
+
+func (a *AuthorAnnotation) String() string {
+ if len(a.Email) == 0 {
+ return a.Name
+ } else if len(a.Name) == 0 {
+ return fmt.Sprintf("<%s>", a.Email)
+ }
+ return fmt.Sprintf("%s <%s>", a.Name, a.Email)
+}
+
+// Copy returns a deep copy of rr.
+func (rr *RelatedResourceAnnotation) Copy() *RelatedResourceAnnotation {
+ cpy := *rr
+ return &cpy
+}
+
+// Compare returns an integer indicating if s is less than, equal to, or greater
+// than other.
+func (rr *RelatedResourceAnnotation) Compare(other *RelatedResourceAnnotation) int {
+ if cmp := strings.Compare(rr.Description, other.Description); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := strings.Compare(rr.Ref.String(), other.Ref.String()); cmp != 0 {
+ return cmp
+ }
+
+ return 0
+}
+
+func (rr *RelatedResourceAnnotation) String() string {
+ bs, _ := json.Marshal(rr)
+ return string(bs)
+}
+
+func (rr *RelatedResourceAnnotation) MarshalJSON() ([]byte, error) {
+ d := map[string]any{
+ "ref": rr.Ref.String(),
+ }
+
+ if len(rr.Description) > 0 {
+ d["description"] = rr.Description
+ }
+
+ return json.Marshal(d)
+}
+
+// Copy returns a deep copy of s.
+func (s *SchemaAnnotation) Copy() *SchemaAnnotation {
+ cpy := *s
+ return &cpy
+}
+
+// Compare returns an integer indicating if s is less than, equal to, or greater
+// than other.
+func (s *SchemaAnnotation) Compare(other *SchemaAnnotation) int {
+ if cmp := s.Path.Compare(other.Path); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := s.Schema.Compare(other.Schema); cmp != 0 {
+ return cmp
+ }
+
+ if s.Definition != nil && other.Definition == nil {
+ return -1
+ } else if s.Definition == nil && other.Definition != nil {
+ return 1
+ } else if s.Definition != nil && other.Definition != nil {
+ return util.Compare(*s.Definition, *other.Definition)
+ }
+
+ return 0
+}
+
+func (s *SchemaAnnotation) String() string {
+ bs, _ := json.Marshal(s)
+ return string(bs)
+}
+
+func newAnnotationSet() *AnnotationSet {
+ return &AnnotationSet{
+ byRule: map[*Rule][]*Annotations{},
+ byPackage: map[int]*Annotations{},
+ byPath: newAnnotationTree(),
+ }
+}
+
+func BuildAnnotationSet(modules []*Module) (*AnnotationSet, Errors) {
+ as := newAnnotationSet()
+ var errs Errors
+ for _, m := range modules {
+ for _, a := range m.Annotations {
+ if err := as.add(a); err != nil {
+ errs = append(errs, err)
+ }
+ }
+ }
+ if len(errs) > 0 {
+ return nil, errs
+ }
+ as.modules = modules
+ return as, nil
+}
+
+// NOTE(philipc): During copy propagation, the underlying Nodes can be
+// stripped away from the annotations, leading to nil deref panics. We
+// silently ignore these cases for now, as a workaround.
+func (as *AnnotationSet) add(a *Annotations) *Error {
+ switch a.Scope {
+ case annotationScopeRule:
+ if rule, ok := a.node.(*Rule); ok {
+ as.byRule[rule] = append(as.byRule[rule], a)
+ }
+ case annotationScopePackage:
+ if pkg, ok := a.node.(*Package); ok {
+ hash := pkg.Path.Hash()
+ if exist, ok := as.byPackage[hash]; ok {
+ return errAnnotationRedeclared(a, exist.Location)
+ }
+ as.byPackage[hash] = a
+ }
+ case annotationScopeDocument:
+ if rule, ok := a.node.(*Rule); ok {
+ path := rule.Ref().GroundPrefix()
+ x := as.byPath.get(path)
+ if x != nil {
+ return errAnnotationRedeclared(a, x.Value.Location)
+ }
+ as.byPath.insert(path, a)
+ }
+ case annotationScopeSubpackages:
+ if pkg, ok := a.node.(*Package); ok {
+ x := as.byPath.get(pkg.Path)
+ if x != nil && x.Value != nil {
+ return errAnnotationRedeclared(a, x.Value.Location)
+ }
+ as.byPath.insert(pkg.Path, a)
+ }
+ }
+ return nil
+}
+
+func (as *AnnotationSet) GetRuleScope(r *Rule) []*Annotations {
+ if as == nil {
+ return nil
+ }
+ return as.byRule[r]
+}
+
+func (as *AnnotationSet) GetSubpackagesScope(path Ref) []*Annotations {
+ if as == nil {
+ return nil
+ }
+ return as.byPath.ancestors(path)
+}
+
+func (as *AnnotationSet) GetDocumentScope(path Ref) *Annotations {
+ if as == nil {
+ return nil
+ }
+ if node := as.byPath.get(path); node != nil {
+ return node.Value
+ }
+ return nil
+}
+
+func (as *AnnotationSet) GetPackageScope(pkg *Package) *Annotations {
+ if as == nil {
+ return nil
+ }
+ return as.byPackage[pkg.Path.Hash()]
+}
+
+// Flatten returns a flattened list view of this AnnotationSet.
+// The returned slice is sorted, first by the annotations' target path, then by their target location
+func (as *AnnotationSet) Flatten() FlatAnnotationsRefSet {
+ // This preallocation often won't be optimal, but it's superior to starting with a nil slice.
+ refs := make([]*AnnotationsRef, 0, len(as.byPath.Children)+len(as.byRule)+len(as.byPackage))
+
+ refs = as.byPath.flatten(refs)
+
+ for _, a := range as.byPackage {
+ refs = append(refs, NewAnnotationsRef(a))
+ }
+
+ for _, as := range as.byRule {
+ for _, a := range as {
+ refs = append(refs, NewAnnotationsRef(a))
+ }
+ }
+
+ // Sort by path, then annotation location, for stable output
+ slices.SortStableFunc(refs, (*AnnotationsRef).Compare)
+
+ return refs
+}
+
+// Chain returns the chain of annotations leading up to the given rule.
+// The returned slice is ordered as follows
+// 0. Entries for the given rule, ordered from the METADATA block declared immediately above the rule, to the block declared farthest away (always at least one entry)
+// 1. The 'document' scope entry, if any
+// 2. The 'package' scope entry, if any
+// 3. Entries for the 'subpackages' scope, if any; ordered from the closest package path to the fartest. E.g.: 'do.re.mi', 'do.re', 'do'
+// The returned slice is guaranteed to always contain at least one entry, corresponding to the given rule.
+func (as *AnnotationSet) Chain(rule *Rule) AnnotationsRefSet {
+ var refs []*AnnotationsRef
+
+ ruleAnnots := as.GetRuleScope(rule)
+
+ if len(ruleAnnots) >= 1 {
+ for _, a := range ruleAnnots {
+ refs = append(refs, NewAnnotationsRef(a))
+ }
+ } else {
+ // Make sure there is always a leading entry representing the passed rule, even if it has no annotations
+ refs = append(refs, &AnnotationsRef{
+ Location: rule.Location,
+ Path: rule.Ref().GroundPrefix(),
+ node: rule,
+ })
+ }
+
+ if len(refs) > 1 {
+ // Sort by annotation location; chain must start with annotations declared closest to rule, then going outward
+ slices.SortStableFunc(refs, func(a, b *AnnotationsRef) int {
+ return -a.Annotations.Location.Compare(b.Annotations.Location)
+ })
+ }
+
+ docAnnots := as.GetDocumentScope(rule.Ref().GroundPrefix())
+ if docAnnots != nil {
+ refs = append(refs, NewAnnotationsRef(docAnnots))
+ }
+
+ pkg := rule.Module.Package
+ pkgAnnots := as.GetPackageScope(pkg)
+ if pkgAnnots != nil {
+ refs = append(refs, NewAnnotationsRef(pkgAnnots))
+ }
+
+ subPkgAnnots := as.GetSubpackagesScope(pkg.Path)
+ // We need to reverse the order, as subPkgAnnots ordering will start at the root,
+ // whereas we want to end at the root.
+ for i := len(subPkgAnnots) - 1; i >= 0; i-- {
+ refs = append(refs, NewAnnotationsRef(subPkgAnnots[i]))
+ }
+
+ return refs
+}
+
+func (ars FlatAnnotationsRefSet) Insert(ar *AnnotationsRef) FlatAnnotationsRefSet {
+ result := make(FlatAnnotationsRefSet, 0, len(ars)+1)
+
+ // insertion sort, first by path, then location
+ for i, current := range ars {
+ if ar.Compare(current) < 0 {
+ result = append(result, ar)
+ result = append(result, ars[i:]...)
+ break
+ }
+ result = append(result, current)
+ }
+
+ if len(result) < len(ars)+1 {
+ result = append(result, ar)
+ }
+
+ return result
+}
+
+func newAnnotationTree() *annotationTreeNode {
+ return &annotationTreeNode{
+ Value: nil,
+ Children: map[Value]*annotationTreeNode{},
+ }
+}
+
+func (t *annotationTreeNode) insert(path Ref, value *Annotations) {
+ node := t
+ for _, k := range path {
+ child, ok := node.Children[k.Value]
+ if !ok {
+ child = newAnnotationTree()
+ node.Children[k.Value] = child
+ }
+ node = child
+ }
+ node.Value = value
+}
+
+func (t *annotationTreeNode) get(path Ref) *annotationTreeNode {
+ node := t
+ for _, k := range path {
+ if node == nil {
+ return nil
+ }
+ child, ok := node.Children[k.Value]
+ if !ok {
+ return nil
+ }
+ node = child
+ }
+ return node
+}
+
+// ancestors returns a slice of annotations in ascending order, starting with the root of ref; e.g.: 'root', 'root.foo', 'root.foo.bar'.
+func (t *annotationTreeNode) ancestors(path Ref) (result []*Annotations) {
+ node := t
+ for _, k := range path {
+ if node == nil {
+ return result
+ }
+ child, ok := node.Children[k.Value]
+ if !ok {
+ return result
+ }
+ if child.Value != nil {
+ result = append(result, child.Value)
+ }
+ node = child
+ }
+ return result
+}
+
+func (t *annotationTreeNode) flatten(refs []*AnnotationsRef) []*AnnotationsRef {
+ if a := t.Value; a != nil {
+ refs = append(refs, NewAnnotationsRef(a))
+ }
+ for _, c := range t.Children {
+ refs = c.flatten(refs)
+ }
+ return refs
+}
+
+func (ar *AnnotationsRef) Compare(other *AnnotationsRef) int {
+ if c := ar.Path.Compare(other.Path); c != 0 {
+ return c
+ }
+
+ if c := ar.Annotations.Location.Compare(other.Annotations.Location); c != 0 {
+ return c
+ }
+
+ return ar.Annotations.Compare(other.Annotations)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/builtins.go b/vendor/github.com/open-policy-agent/opa/v1/ast/builtins.go
new file mode 100644
index 0000000000..6b094f69e2
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/builtins.go
@@ -0,0 +1,3414 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "strings"
+
+ "github.com/open-policy-agent/opa/v1/types"
+)
+
+// Builtins is the registry of built-in functions supported by OPA.
+// Call RegisterBuiltin to add a new built-in.
+var Builtins []*Builtin
+
+// RegisterBuiltin adds a new built-in function to the registry.
+func RegisterBuiltin(b *Builtin) {
+ Builtins = append(Builtins, b)
+ BuiltinMap[b.Name] = b
+ if len(b.Infix) > 0 {
+ BuiltinMap[b.Infix] = b
+
+ InternStringTerm(b.Infix)
+ }
+
+ InternStringTerm(b.Name)
+ if strings.Contains(b.Name, ".") {
+ InternStringTerm(strings.Split(b.Name, ".")...)
+ }
+}
+
+// DefaultBuiltins is the registry of built-in functions supported in OPA
+// by default. When adding a new built-in function to OPA, update this
+// list.
+var DefaultBuiltins = [...]*Builtin{
+ // Unification/equality ("=")
+ Equality,
+
+ // Assignment (":=")
+ Assign,
+
+ // Membership, infix "in": `x in xs`
+ Member,
+ MemberWithKey,
+
+ // Comparisons
+ GreaterThan,
+ GreaterThanEq,
+ LessThan,
+ LessThanEq,
+ NotEqual,
+ Equal,
+
+ // Arithmetic
+ Plus,
+ Minus,
+ Multiply,
+ Divide,
+ Ceil,
+ Floor,
+ Round,
+ Abs,
+ Rem,
+
+ // Bitwise Arithmetic
+ BitsOr,
+ BitsAnd,
+ BitsNegate,
+ BitsXOr,
+ BitsShiftLeft,
+ BitsShiftRight,
+
+ // Binary
+ And,
+ Or,
+
+ // Aggregates
+ Count,
+ Sum,
+ Product,
+ Max,
+ Min,
+ Any,
+ All,
+
+ // Arrays
+ ArrayConcat,
+ ArraySlice,
+ ArrayReverse,
+
+ // Conversions
+ ToNumber,
+
+ // Casts (DEPRECATED)
+ CastObject,
+ CastNull,
+ CastBoolean,
+ CastString,
+ CastSet,
+ CastArray,
+
+ // Regular Expressions
+ RegexIsValid,
+ RegexMatch,
+ RegexMatchDeprecated,
+ RegexSplit,
+ GlobsMatch,
+ RegexTemplateMatch,
+ RegexFind,
+ RegexFindAllStringSubmatch,
+ RegexReplace,
+
+ // Sets
+ SetDiff,
+ Intersection,
+ Union,
+
+ // Strings
+ AnyPrefixMatch,
+ AnySuffixMatch,
+ Concat,
+ FormatInt,
+ IndexOf,
+ IndexOfN,
+ Substring,
+ Lower,
+ Upper,
+ Contains,
+ StringCount,
+ StartsWith,
+ EndsWith,
+ Split,
+ Replace,
+ ReplaceN,
+ Trim,
+ TrimLeft,
+ TrimPrefix,
+ TrimRight,
+ TrimSuffix,
+ TrimSpace,
+ Sprintf,
+ StringReverse,
+ RenderTemplate,
+
+ // Numbers
+ NumbersRange,
+ NumbersRangeStep,
+ RandIntn,
+
+ // Encoding
+ JSONMarshal,
+ JSONMarshalWithOptions,
+ JSONUnmarshal,
+ JSONIsValid,
+ Base64Encode,
+ Base64Decode,
+ Base64IsValid,
+ Base64UrlEncode,
+ Base64UrlEncodeNoPad,
+ Base64UrlDecode,
+ URLQueryDecode,
+ URLQueryEncode,
+ URLQueryEncodeObject,
+ URLQueryDecodeObject,
+ YAMLMarshal,
+ YAMLUnmarshal,
+ YAMLIsValid,
+ HexEncode,
+ HexDecode,
+
+ // Object Manipulation
+ ObjectUnion,
+ ObjectUnionN,
+ ObjectRemove,
+ ObjectFilter,
+ ObjectGet,
+ ObjectKeys,
+ ObjectSubset,
+
+ // JSON Object Manipulation
+ JSONFilter,
+ JSONRemove,
+ JSONPatch,
+
+ // Tokens
+ JWTDecode,
+ JWTVerifyRS256,
+ JWTVerifyRS384,
+ JWTVerifyRS512,
+ JWTVerifyPS256,
+ JWTVerifyPS384,
+ JWTVerifyPS512,
+ JWTVerifyES256,
+ JWTVerifyES384,
+ JWTVerifyES512,
+ JWTVerifyHS256,
+ JWTVerifyHS384,
+ JWTVerifyHS512,
+ JWTDecodeVerify,
+ JWTEncodeSignRaw,
+ JWTEncodeSign,
+
+ // Time
+ NowNanos,
+ ParseNanos,
+ ParseRFC3339Nanos,
+ ParseDurationNanos,
+ Format,
+ Date,
+ Clock,
+ Weekday,
+ AddDate,
+ Diff,
+
+ // Crypto
+ CryptoX509ParseCertificates,
+ CryptoX509ParseAndVerifyCertificates,
+ CryptoX509ParseAndVerifyCertificatesWithOptions,
+ CryptoMd5,
+ CryptoSha1,
+ CryptoSha256,
+ CryptoX509ParseCertificateRequest,
+ CryptoX509ParseRSAPrivateKey,
+ CryptoX509ParseKeyPair,
+ CryptoParsePrivateKeys,
+ CryptoHmacMd5,
+ CryptoHmacSha1,
+ CryptoHmacSha256,
+ CryptoHmacSha512,
+ CryptoHmacEqual,
+
+ // Graphs
+ WalkBuiltin,
+ ReachableBuiltin,
+ ReachablePathsBuiltin,
+
+ // Sort
+ Sort,
+
+ // Types
+ IsNumber,
+ IsString,
+ IsBoolean,
+ IsArray,
+ IsSet,
+ IsObject,
+ IsNull,
+ TypeNameBuiltin,
+
+ // HTTP
+ HTTPSend,
+
+ // GraphQL
+ GraphQLParse,
+ GraphQLParseAndVerify,
+ GraphQLParseQuery,
+ GraphQLParseSchema,
+ GraphQLIsValid,
+ GraphQLSchemaIsValid,
+
+ // JSON Schema
+ JSONSchemaVerify,
+ JSONMatchSchema,
+
+ // Cloud Provider Helpers
+ ProvidersAWSSignReqObj,
+
+ // Rego
+ RegoParseModule,
+ RegoMetadataChain,
+ RegoMetadataRule,
+
+ // OPA
+ OPARuntime,
+
+ // Tracing
+ Trace,
+
+ // Networking
+ NetCIDROverlap,
+ NetCIDRIntersects,
+ NetCIDRContains,
+ NetCIDRContainsMatches,
+ NetCIDRExpand,
+ NetCIDRMerge,
+ NetLookupIPAddr,
+ NetCIDRIsValid,
+
+ // Glob
+ GlobMatch,
+ GlobQuoteMeta,
+
+ // Units
+ UnitsParse,
+ UnitsParseBytes,
+
+ // UUIDs
+ UUIDRFC4122,
+ UUIDParse,
+
+ // SemVers
+ SemVerIsValid,
+ SemVerCompare,
+
+ // Printing
+ Print,
+ InternalPrint,
+
+ // Testing
+ InternalTestCase,
+}
+
+// BuiltinMap provides a convenient mapping of built-in names to
+// built-in definitions.
+var BuiltinMap map[string]*Builtin
+
+// Deprecated: Builtins can now be directly annotated with the
+// Nondeterministic property, and when set to true, will be ignored
+// for partial evaluation.
+var IgnoreDuringPartialEval = []*Builtin{
+ RandIntn,
+ UUIDRFC4122,
+ JWTDecodeVerify,
+ JWTEncodeSignRaw,
+ JWTEncodeSign,
+ NowNanos,
+ HTTPSend,
+ OPARuntime,
+ NetLookupIPAddr,
+}
+
+/**
+ * Unification
+ */
+
+// Equality represents the "=" operator.
+var Equality = &Builtin{
+ Name: "eq",
+ Infix: "=",
+ Decl: types.NewFunction(
+ types.Args(types.A, types.A),
+ types.B,
+ ),
+}
+
+/**
+ * Assignment
+ */
+
+// Assign represents the assignment (":=") operator.
+var Assign = &Builtin{
+ Name: "assign",
+ Infix: ":=",
+ Decl: types.NewFunction(
+ types.Args(types.A, types.A),
+ types.B,
+ ),
+}
+
+// Member represents the `in` (infix) operator.
+var Member = &Builtin{
+ Name: "internal.member_2",
+ Infix: "in",
+ Decl: types.NewFunction(
+ types.Args(
+ types.A,
+ types.A,
+ ),
+ types.B,
+ ),
+}
+
+// MemberWithKey represents the `in` (infix) operator when used
+// with two terms on the lhs, i.e., `k, v in obj`.
+var MemberWithKey = &Builtin{
+ Name: "internal.member_3",
+ Infix: "in",
+ Decl: types.NewFunction(
+ types.Args(
+ types.A,
+ types.A,
+ types.A,
+ ),
+ types.B,
+ ),
+}
+
+/**
+ * Comparisons
+ */
+var comparison = category("comparison")
+
+var GreaterThan = &Builtin{
+ Name: "gt",
+ Infix: ">",
+ Categories: comparison,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A),
+ types.Named("y", types.A),
+ ),
+ types.Named("result", types.B).Description("true if `x` is greater than `y`; false otherwise"),
+ ),
+}
+
+var GreaterThanEq = &Builtin{
+ Name: "gte",
+ Infix: ">=",
+ Categories: comparison,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A),
+ types.Named("y", types.A),
+ ),
+ types.Named("result", types.B).Description("true if `x` is greater or equal to `y`; false otherwise"),
+ ),
+}
+
+// LessThan represents the "<" comparison operator.
+var LessThan = &Builtin{
+ Name: "lt",
+ Infix: "<",
+ Categories: comparison,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A),
+ types.Named("y", types.A),
+ ),
+ types.Named("result", types.B).Description("true if `x` is less than `y`; false otherwise"),
+ ),
+}
+
+var LessThanEq = &Builtin{
+ Name: "lte",
+ Infix: "<=",
+ Categories: comparison,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A),
+ types.Named("y", types.A),
+ ),
+ types.Named("result", types.B).Description("true if `x` is less than or equal to `y`; false otherwise"),
+ ),
+}
+
+var NotEqual = &Builtin{
+ Name: "neq",
+ Infix: "!=",
+ Categories: comparison,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A),
+ types.Named("y", types.A),
+ ),
+ types.Named("result", types.B).Description("true if `x` is not equal to `y`; false otherwise"),
+ ),
+}
+
+// Equal represents the "==" comparison operator.
+var Equal = &Builtin{
+ Name: "equal",
+ Infix: "==",
+ Categories: comparison,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A),
+ types.Named("y", types.A),
+ ),
+ types.Named("result", types.B).Description("true if `x` is equal to `y`; false otherwise"),
+ ),
+}
+
+/**
+ * Arithmetic
+ */
+var number = category("numbers")
+
+var Plus = &Builtin{
+ Name: "plus",
+ Infix: "+",
+ Description: "Plus adds two numbers together.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N),
+ types.Named("y", types.N),
+ ),
+ types.Named("z", types.N).Description("the sum of `x` and `y`"),
+ ),
+ Categories: number,
+}
+
+var Minus = &Builtin{
+ Name: "minus",
+ Infix: "-",
+ Description: "Minus subtracts the second number from the first number or computes the difference between two sets.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.NewAny(types.N, types.SetOfAny)),
+ types.Named("y", types.NewAny(types.N, types.SetOfAny)),
+ ),
+ types.Named("z", types.NewAny(types.N, types.SetOfAny)).Description("the difference of `x` and `y`"),
+ ),
+ Categories: category("sets", "numbers"),
+}
+
+var Multiply = &Builtin{
+ Name: "mul",
+ Infix: "*",
+ Description: "Multiplies two numbers.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N),
+ types.Named("y", types.N),
+ ),
+ types.Named("z", types.N).Description("the product of `x` and `y`"),
+ ),
+ Categories: number,
+}
+
+var Divide = &Builtin{
+ Name: "div",
+ Infix: "/",
+ Description: "Divides the first number by the second number.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the dividend"),
+ types.Named("y", types.N).Description("the divisor"),
+ ),
+ types.Named("z", types.N).Description("the result of `x` divided by `y`"),
+ ),
+ Categories: number,
+}
+
+var Round = &Builtin{
+ Name: "round",
+ Description: "Rounds the number to the nearest integer.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the number to round"),
+ ),
+ types.Named("y", types.N).Description("the result of rounding `x`"),
+ ),
+ Categories: number,
+}
+
+var Ceil = &Builtin{
+ Name: "ceil",
+ Description: "Rounds the number _up_ to the nearest integer.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the number to round"),
+ ),
+ types.Named("y", types.N).Description("the result of rounding `x` _up_"),
+ ),
+ Categories: number,
+}
+
+var Floor = &Builtin{
+ Name: "floor",
+ Description: "Rounds the number _down_ to the nearest integer.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the number to round"),
+ ),
+ types.Named("y", types.N).Description("the result of rounding `x` _down_"),
+ ),
+ Categories: number,
+}
+
+var Abs = &Builtin{
+ Name: "abs",
+ Description: "Returns the number without its sign.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the number to take the absolute value of"),
+ ),
+ types.Named("y", types.N).Description("the absolute value of `x`"),
+ ),
+ Categories: number,
+}
+
+var Rem = &Builtin{
+ Name: "rem",
+ Infix: "%",
+ Description: "Returns the remainder for of `x` divided by `y`, for `y != 0`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N),
+ types.Named("y", types.N),
+ ),
+ types.Named("z", types.N).Description("the remainder"),
+ ),
+ Categories: number,
+}
+
+/**
+ * Bitwise
+ */
+
+var BitsOr = &Builtin{
+ Name: "bits.or",
+ Description: "Returns the bitwise \"OR\" of two integers.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the first integer"),
+ types.Named("y", types.N).Description("the second integer"),
+ ),
+ types.Named("z", types.N).Description("the bitwise OR of `x` and `y`"),
+ ),
+}
+
+var BitsAnd = &Builtin{
+ Name: "bits.and",
+ Description: "Returns the bitwise \"AND\" of two integers.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the first integer"),
+ types.Named("y", types.N).Description("the second integer"),
+ ),
+ types.Named("z", types.N).Description("the bitwise AND of `x` and `y`"),
+ ),
+}
+
+var BitsNegate = &Builtin{
+ Name: "bits.negate",
+ Description: "Returns the bitwise negation (flip) of an integer.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the integer to negate"),
+ ),
+ types.Named("z", types.N).Description("the bitwise negation of `x`"),
+ ),
+}
+
+var BitsXOr = &Builtin{
+ Name: "bits.xor",
+ Description: "Returns the bitwise \"XOR\" (exclusive-or) of two integers.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the first integer"),
+ types.Named("y", types.N).Description("the second integer"),
+ ),
+ types.Named("z", types.N).Description("the bitwise XOR of `x` and `y`"),
+ ),
+}
+
+var BitsShiftLeft = &Builtin{
+ Name: "bits.lsh",
+ Description: "Returns a new integer with its bits shifted `s` bits to the left.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the integer to shift"),
+ types.Named("s", types.N).Description("the number of bits to shift"),
+ ),
+ types.Named("z", types.N).Description("the result of shifting `x` `s` bits to the left"),
+ ),
+}
+
+var BitsShiftRight = &Builtin{
+ Name: "bits.rsh",
+ Description: "Returns a new integer with its bits shifted `s` bits to the right.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.N).Description("the integer to shift"),
+ types.Named("s", types.N).Description("the number of bits to shift"),
+ ),
+ types.Named("z", types.N).Description("the result of shifting `x` `s` bits to the right"),
+ ),
+}
+
+/**
+ * Sets
+ */
+
+var sets = category("sets")
+
+var And = &Builtin{
+ Name: "and",
+ Infix: "&",
+ Description: "Returns the intersection of two sets.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.SetOfAny).Description("the first set"),
+ types.Named("y", types.SetOfAny).Description("the second set"),
+ ),
+ types.Named("z", types.SetOfAny).Description("the intersection of `x` and `y`"),
+ ),
+ Categories: sets,
+}
+
+// Or performs a union operation on sets.
+var Or = &Builtin{
+ Name: "or",
+ Infix: "|",
+ Description: "Returns the union of two sets.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.SetOfAny),
+ types.Named("y", types.SetOfAny),
+ ),
+ types.Named("z", types.SetOfAny).Description("the union of `x` and `y`"),
+ ),
+ Categories: sets,
+}
+
+var Intersection = &Builtin{
+ Name: "intersection",
+ Description: "Returns the intersection of the given input sets.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("xs", types.NewSet(types.SetOfAny)).Description("set of sets to intersect"),
+ ),
+ types.Named("y", types.SetOfAny).Description("the intersection of all `xs` sets"),
+ ),
+ Categories: sets,
+}
+
+var Union = &Builtin{
+ Name: "union",
+ Description: "Returns the union of the given input sets.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("xs", types.NewSet(types.SetOfAny)).Description("set of sets to merge"),
+ ),
+ types.Named("y", types.SetOfAny).Description("the union of all `xs` sets"),
+ ),
+ Categories: sets,
+}
+
+/**
+ * Aggregates
+ */
+
+var aggregates = category("aggregates")
+
+var Count = &Builtin{
+ Name: "count",
+ Description: " Count takes a collection or string and returns the number of elements (or characters) in it.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("collection", types.NewAny(
+ types.SetOfAny,
+ types.NewArray(nil, types.A),
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ types.S,
+ )).Description("the set/array/object/string to be counted"),
+ ),
+ types.Named("n", types.N).Description("the count of elements, key/val pairs, or characters, respectively."),
+ ),
+ Categories: aggregates,
+}
+
+var Sum = &Builtin{
+ Name: "sum",
+ Description: "Sums elements of an array or set of numbers.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("collection", types.NewAny(
+ types.SetOfNum,
+ types.NewArray(nil, types.N),
+ )).Description("the set or array of numbers to sum"),
+ ),
+ types.Named("n", types.N).Description("the sum of all elements"),
+ ),
+ Categories: aggregates,
+}
+
+var Product = &Builtin{
+ Name: "product",
+ Description: "Multiplies elements of an array or set of numbers",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("collection", types.NewAny(
+ types.SetOfNum,
+ types.NewArray(nil, types.N),
+ )).Description("the set or array of numbers to multiply"),
+ ),
+ types.Named("n", types.N).Description("the product of all elements"),
+ ),
+ Categories: aggregates,
+}
+
+var Max = &Builtin{
+ Name: "max",
+ Description: "Returns the maximum value in a collection.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("collection", types.NewAny(
+ types.SetOfAny,
+ types.NewArray(nil, types.A),
+ )).Description("the set or array to be searched"),
+ ),
+ types.Named("n", types.A).Description("the maximum of all elements"),
+ ),
+ Categories: aggregates,
+}
+
+var Min = &Builtin{
+ Name: "min",
+ Description: "Returns the minimum value in a collection.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("collection", types.NewAny(
+ types.SetOfAny,
+ types.NewArray(nil, types.A),
+ )).Description("the set or array to be searched"),
+ ),
+ types.Named("n", types.A).Description("the minimum of all elements"),
+ ),
+ Categories: aggregates,
+}
+
+/**
+ * Sorting
+ */
+
+var Sort = &Builtin{
+ Name: "sort",
+ Description: "Returns a sorted array.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("collection", types.NewAny(
+ types.NewArray(nil, types.A),
+ types.SetOfAny,
+ )).Description("the array or set to be sorted"),
+ ),
+ types.Named("n", types.NewArray(nil, types.A)).Description("the sorted array"),
+ ),
+ Categories: aggregates,
+}
+
+/**
+ * Arrays
+ */
+
+var ArrayConcat = &Builtin{
+ Name: "array.concat",
+ Description: "Concatenates two arrays.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.NewArray(nil, types.A)).Description("the first array"),
+ types.Named("y", types.NewArray(nil, types.A)).Description("the second array"),
+ ),
+ types.Named("z", types.NewArray(nil, types.A)).Description("the concatenation of `x` and `y`"),
+ ),
+}
+
+var ArraySlice = &Builtin{
+ Name: "array.slice",
+ Description: "Returns a slice of a given array. If `start` is greater or equal than `stop`, `slice` is `[]`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("arr", types.NewArray(nil, types.A)).Description("the array to be sliced"),
+ types.Named("start", types.N).Description("the start index of the returned slice; if less than zero, it's clamped to 0"),
+ types.Named("stop", types.N).Description("the stop index of the returned slice; if larger than `count(arr)`, it's clamped to `count(arr)`"),
+ ),
+ types.Named("slice", types.NewArray(nil, types.A)).Description("the subslice of `array`, from `start` to `end`, including `arr[start]`, but excluding `arr[end]`"),
+ ),
+} // NOTE(sr): this function really needs examples
+
+var ArrayReverse = &Builtin{
+ Name: "array.reverse",
+ Description: "Returns the reverse of a given array.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("arr", types.NewArray(nil, types.A)).Description("the array to be reversed"),
+ ),
+ types.Named("rev", types.NewArray(nil, types.A)).Description("an array containing the elements of `arr` in reverse order"),
+ ),
+}
+
+/**
+ * Conversions
+ */
+var conversions = category("conversions")
+
+var ToNumber = &Builtin{
+ Name: "to_number",
+ Description: "Converts a string, bool, or number value to a number: Strings are converted to numbers using `strconv.Atoi`, Boolean `false` is converted to 0 and `true` is converted to 1.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.NewAny(
+ types.N,
+ types.S,
+ types.B,
+ types.NewNull(),
+ )).Description("value to convert"),
+ ),
+ types.Named("num", types.N).Description("the numeric representation of `x`"),
+ ),
+ Categories: conversions,
+}
+
+/**
+ * Regular Expressions
+ */
+
+var RegexMatch = &Builtin{
+ Name: "regex.match",
+ Description: "Matches a string against a regular expression.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("pattern", types.S).Description("regular expression"),
+ types.Named("value", types.S).Description("value to match against `pattern`"),
+ ),
+ types.Named("result", types.B).Description("true if `value` matches `pattern`"),
+ ),
+}
+
+var RegexIsValid = &Builtin{
+ Name: "regex.is_valid",
+ Description: "Checks if a string is a valid regular expression: the detailed syntax for patterns is defined by https://github.com/google/re2/wiki/Syntax.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("pattern", types.S).Description("regular expression"),
+ ),
+ types.Named("result", types.B).Description("true if `pattern` is a valid regular expression"),
+ ),
+}
+
+var RegexFindAllStringSubmatch = &Builtin{
+ Name: "regex.find_all_string_submatch_n",
+ Description: "Returns all successive matches of the expression.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("pattern", types.S).Description("regular expression"),
+ types.Named("value", types.S).Description("string to match"),
+ types.Named("number", types.N).Description("number of matches to return; `-1` means all matches"),
+ ),
+ types.Named("output", types.NewArray(nil, types.NewArray(nil, types.S))).Description("array of all matches"),
+ ),
+}
+
+var RegexTemplateMatch = &Builtin{
+ Name: "regex.template_match",
+ Description: "Matches a string against a pattern, where there pattern may be glob-like",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("template", types.S).Description("template expression containing `0..n` regular expressions"),
+ types.Named("value", types.S).Description("string to match"),
+ types.Named("delimiter_start", types.S).Description("start delimiter of the regular expression in `template`"),
+ types.Named("delimiter_end", types.S).Description("end delimiter of the regular expression in `template`"),
+ ),
+ types.Named("result", types.B).Description("true if `value` matches the `template`"),
+ ),
+} // TODO(sr): example:`regex.template_match("urn:foo:{.*}", "urn:foo:bar:baz", "{", "}")`` returns ``true``.
+
+var RegexSplit = &Builtin{
+ Name: "regex.split",
+ Description: "Splits the input string by the occurrences of the given pattern.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("pattern", types.S).Description("regular expression"),
+ types.Named("value", types.S).Description("string to match"),
+ ),
+ types.Named("output", types.NewArray(nil, types.S)).Description("the parts obtained by splitting `value`"),
+ ),
+}
+
+// RegexFind takes two strings and a number, the pattern, the value and number of match values to
+// return, -1 means all match values.
+var RegexFind = &Builtin{
+ Name: "regex.find_n",
+ Description: "Returns the specified number of matches when matching the input against the pattern.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("pattern", types.S).Description("regular expression"),
+ types.Named("value", types.S).Description("string to match"),
+ types.Named("number", types.N).Description("number of matches to return, if `-1`, returns all matches"),
+ ),
+ types.Named("output", types.NewArray(nil, types.S)).Description("collected matches"),
+ ),
+}
+
+// GlobsMatch takes two strings regexp-style strings and evaluates to true if their
+// intersection matches a non-empty set of non-empty strings.
+// Examples:
+// - "a.a." and ".b.b" -> true.
+// - "[a-z]*" and [0-9]+" -> not true.
+var GlobsMatch = &Builtin{
+ Name: "regex.globs_match",
+ Description: `Checks if the intersection of two glob-style regular expressions matches a non-empty set of non-empty strings.
+The set of regex symbols is limited for this builtin: only ` + "`.`, `*`, `+`, `[`, `-`, `]` and `\\` are treated as special symbols.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("glob1", types.S).Description("first glob-style regular expression"),
+ types.Named("glob2", types.S).Description("second glob-style regular expression"),
+ ),
+ types.Named("result", types.B).Description("true if the intersection of `glob1` and `glob2` matches a non-empty set of non-empty strings"),
+ ),
+}
+
+/**
+ * Strings
+ */
+var stringsCat = category("strings")
+
+var AnyPrefixMatch = &Builtin{
+ Name: "strings.any_prefix_match",
+ Description: "Returns true if any of the search strings begins with any of the base strings.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("search", types.NewAny(
+ types.S,
+ types.SetOfStr,
+ types.NewArray(nil, types.S),
+ )).Description("search string(s)"),
+ types.Named("base", types.NewAny(
+ types.S,
+ types.SetOfStr,
+ types.NewArray(nil, types.S),
+ )).Description("base string(s)"),
+ ),
+ types.Named("result", types.B).Description("result of the prefix check"),
+ ),
+ Categories: stringsCat,
+}
+
+var AnySuffixMatch = &Builtin{
+ Name: "strings.any_suffix_match",
+ Description: "Returns true if any of the search strings ends with any of the base strings.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("search", types.NewAny(
+ types.S,
+ types.SetOfStr,
+ types.NewArray(nil, types.S),
+ )).Description("search string(s)"),
+ types.Named("base", types.NewAny(
+ types.S,
+ types.SetOfStr,
+ types.NewArray(nil, types.S),
+ )).Description("base string(s)"),
+ ),
+ types.Named("result", types.B).Description("result of the suffix check"),
+ ),
+ Categories: stringsCat,
+}
+
+var Concat = &Builtin{
+ Name: "concat",
+ Description: "Joins a set or array of strings with a delimiter.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("delimiter", types.S).Description("string to use as a delimiter"),
+ types.Named("collection", types.NewAny(
+ types.SetOfStr,
+ types.NewArray(nil, types.S),
+ )).Description("strings to join"),
+ ),
+ types.Named("output", types.S).Description("the joined string"),
+ ),
+ Categories: stringsCat,
+}
+
+var FormatInt = &Builtin{
+ Name: "format_int",
+ Description: "Returns the string representation of the number in the given base after rounding it down to an integer value.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("number", types.N).Description("number to format"),
+ types.Named("base", types.N).Description("base of number representation to use"),
+ ),
+ types.Named("output", types.S).Description("formatted number"),
+ ),
+ Categories: stringsCat,
+}
+
+var IndexOf = &Builtin{
+ Name: "indexof",
+ Description: "Returns the index of a substring contained inside a string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("haystack", types.S).Description("string to search in"),
+ types.Named("needle", types.S).Description("substring to look for"),
+ ),
+ types.Named("output", types.N).Description("index of first occurrence, `-1` if not found"),
+ ),
+ Categories: stringsCat,
+}
+
+var IndexOfN = &Builtin{
+ Name: "indexof_n",
+ Description: "Returns a list of all the indexes of a substring contained inside a string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("haystack", types.S).Description("string to search in"),
+ types.Named("needle", types.S).Description("substring to look for"),
+ ),
+ types.Named("output", types.NewArray(nil, types.N)).Description("all indices at which `needle` occurs in `haystack`, may be empty"),
+ ),
+ Categories: stringsCat,
+}
+
+var Substring = &Builtin{
+ Name: "substring",
+ Description: "Returns the portion of a string for a given `offset` and a `length`. If `length < 0`, `output` is the remainder of the string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("value", types.S).Description("string to extract substring from"),
+ types.Named("offset", types.N).Description("offset, must be positive"),
+ types.Named("length", types.N).Description("length of the substring starting from `offset`"),
+ ),
+ types.Named("output", types.S).Description("substring of `value` from `offset`, of length `length`"),
+ ),
+ Categories: stringsCat,
+}
+
+var Contains = &Builtin{
+ Name: "contains",
+ Description: "Returns `true` if the search string is included in the base string",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("haystack", types.S).Description("string to search in"),
+ types.Named("needle", types.S).Description("substring to look for"),
+ ),
+ types.Named("result", types.B).Description("result of the containment check"),
+ ),
+ Categories: stringsCat,
+}
+
+var StringCount = &Builtin{
+ Name: "strings.count",
+ Description: "Returns the number of non-overlapping instances of a substring in a string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("search", types.S).Description("string to search in"),
+ types.Named("substring", types.S).Description("substring to look for"),
+ ),
+ types.Named("output", types.N).Description("count of occurrences, `0` if not found"),
+ ),
+ Categories: stringsCat,
+}
+
+var StartsWith = &Builtin{
+ Name: "startswith",
+ Description: "Returns true if the search string begins with the base string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("search", types.S).Description("search string"),
+ types.Named("base", types.S).Description("base string"),
+ ),
+ types.Named("result", types.B).Description("result of the prefix check"),
+ ),
+ Categories: stringsCat,
+}
+
+var EndsWith = &Builtin{
+ Name: "endswith",
+ Description: "Returns true if the search string ends with the base string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("search", types.S).Description("search string"),
+ types.Named("base", types.S).Description("base string"),
+ ),
+ types.Named("result", types.B).Description("result of the suffix check"),
+ ),
+ Categories: stringsCat,
+}
+
+var Lower = &Builtin{
+ Name: "lower",
+ Description: "Returns the input string but with all characters in lower-case.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string that is converted to lower-case"),
+ ),
+ types.Named("y", types.S).Description("lower-case of x"),
+ ),
+ Categories: stringsCat,
+}
+
+var Upper = &Builtin{
+ Name: "upper",
+ Description: "Returns the input string but with all characters in upper-case.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string that is converted to upper-case"),
+ ),
+ types.Named("y", types.S).Description("upper-case of x"),
+ ),
+ Categories: stringsCat,
+}
+
+var Split = &Builtin{
+ Name: "split",
+ Description: "Split returns an array containing elements of the input string split on a delimiter.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string that is split"),
+ types.Named("delimiter", types.S).Description("delimiter used for splitting"),
+ ),
+ types.Named("ys", types.NewArray(nil, types.S)).Description("split parts"),
+ ),
+ Categories: stringsCat,
+}
+
+var Replace = &Builtin{
+ Name: "replace",
+ Description: "Replace replaces all instances of a sub-string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string being processed"),
+ types.Named("old", types.S).Description("substring to replace"),
+ types.Named("new", types.S).Description("string to replace `old` with"),
+ ),
+ types.Named("y", types.S).Description("string with replaced substrings"),
+ ),
+ Categories: stringsCat,
+}
+
+var ReplaceN = &Builtin{
+ Name: "strings.replace_n",
+ Description: `Replaces a string from a list of old, new string pairs.
+Replacements are performed in the order they appear in the target string, without overlapping matches.
+The old string comparisons are done in argument order.`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("patterns", types.NewObject(
+ nil,
+ types.NewDynamicProperty(
+ types.S,
+ types.S)),
+ ).Description("replacement pairs"),
+ types.Named("value", types.S).Description("string to replace substring matches in"),
+ ),
+ types.Named("output", types.S).Description("string with replaced substrings"),
+ ),
+}
+
+var RegexReplace = &Builtin{
+ Name: "regex.replace",
+ Description: `Find and replaces the text using the regular expression pattern.`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("s", types.S).Description("string being processed"),
+ types.Named("pattern", types.S).Description("regex pattern to be applied"),
+ types.Named("value", types.S).Description("regex value"),
+ ),
+ types.Named("output", types.S).Description("string with replaced substrings"),
+ ),
+}
+
+var Trim = &Builtin{
+ Name: "trim",
+ Description: "Returns `value` with all leading or trailing instances of the `cutset` characters removed.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("value", types.S).Description("string to trim"),
+ types.Named("cutset", types.S).Description("string of characters that are cut off"),
+ ),
+ types.Named("output", types.S).Description("string trimmed of `cutset` characters"),
+ ),
+ Categories: stringsCat,
+}
+
+var TrimLeft = &Builtin{
+ Name: "trim_left",
+ Description: "Returns `value` with all leading instances of the `cutset` characters removed.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("value", types.S).Description("string to trim"),
+ types.Named("cutset", types.S).Description("string of characters that are cut off on the left"),
+ ),
+ types.Named("output", types.S).Description("string left-trimmed of `cutset` characters"),
+ ),
+ Categories: stringsCat,
+}
+
+var TrimPrefix = &Builtin{
+ Name: "trim_prefix",
+ Description: "Returns `value` without the prefix. If `value` doesn't start with `prefix`, it is returned unchanged.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("value", types.S).Description("string to trim"),
+ types.Named("prefix", types.S).Description("prefix to cut off"),
+ ),
+ types.Named("output", types.S).Description("string with `prefix` cut off"),
+ ),
+ Categories: stringsCat,
+}
+
+var TrimRight = &Builtin{
+ Name: "trim_right",
+ Description: "Returns `value` with all trailing instances of the `cutset` characters removed.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("value", types.S).Description("string to trim"),
+ types.Named("cutset", types.S).Description("string of characters that are cut off on the right"),
+ ),
+ types.Named("output", types.S).Description("string right-trimmed of `cutset` characters"),
+ ),
+ Categories: stringsCat,
+}
+
+var TrimSuffix = &Builtin{
+ Name: "trim_suffix",
+ Description: "Returns `value` without the suffix. If `value` doesn't end with `suffix`, it is returned unchanged.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("value", types.S).Description("string to trim"),
+ types.Named("suffix", types.S).Description("suffix to cut off"),
+ ),
+ types.Named("output", types.S).Description("string with `suffix` cut off"),
+ ),
+ Categories: stringsCat,
+}
+
+var TrimSpace = &Builtin{
+ Name: "trim_space",
+ Description: "Return the given string with all leading and trailing white space removed.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("value", types.S).Description("string to trim"),
+ ),
+ types.Named("output", types.S).Description("string leading and trailing white space cut off"),
+ ),
+ Categories: stringsCat,
+}
+
+var Sprintf = &Builtin{
+ Name: "sprintf",
+ Description: "Returns the given string, formatted.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("format", types.S).Description("string with formatting verbs"),
+ types.Named("values", types.NewArray(nil, types.A)).Description("arguments to format into formatting verbs"),
+ ),
+ types.Named("output", types.S).Description("`format` formatted by the values in `values`"),
+ ),
+ Categories: stringsCat,
+}
+
+var StringReverse = &Builtin{
+ Name: "strings.reverse",
+ Description: "Reverses a given string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string to reverse"),
+ ),
+ types.Named("y", types.S).Description("reversed string"),
+ ),
+ Categories: stringsCat,
+}
+
+var RenderTemplate = &Builtin{
+ Name: "strings.render_template",
+ Description: `Renders a templated string with given template variables injected. For a given templated string and key/value mapping, values will be injected into the template where they are referenced by key.
+ For examples of templating syntax, see https://pkg.go.dev/text/template`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("value", types.S).Description("a templated string"),
+ types.Named("vars", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("a mapping of template variable keys to values"),
+ ),
+ types.Named("result", types.S).Description("rendered template with template variables injected"),
+ ),
+ Categories: stringsCat,
+}
+
+/**
+ * Numbers
+ */
+
+// RandIntn returns a random number 0 - n
+// Marked non-deterministic because it relies on RNG internally.
+var RandIntn = &Builtin{
+ Name: "rand.intn",
+ Description: "Returns a random integer between `0` and `n` (`n` exclusive). If `n` is `0`, then `y` is always `0`. For any given argument pair (`str`, `n`), the output will be consistent throughout a query evaluation.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("str", types.S).Description("seed string for the random number"),
+ types.Named("n", types.N).Description("upper bound of the random number (exclusive)"),
+ ),
+ types.Named("y", types.N).Description("random integer in the range `[0, abs(n))`"),
+ ),
+ Categories: number,
+ Nondeterministic: true,
+}
+
+var NumbersRange = &Builtin{
+ Name: "numbers.range",
+ Description: "Returns an array of numbers in the given (inclusive) range. If `a==b`, then `range == [a]`; if `a > b`, then `range` is in descending order.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("a", types.N).Description("the start of the range"),
+ types.Named("b", types.N).Description("the end of the range (inclusive)"),
+ ),
+ types.Named("range", types.NewArray(nil, types.N)).Description("the range between `a` and `b`"),
+ ),
+}
+
+var NumbersRangeStep = &Builtin{
+ Name: "numbers.range_step",
+ Description: `Returns an array of numbers in the given (inclusive) range incremented by a positive step.
+ If "a==b", then "range == [a]"; if "a > b", then "range" is in descending order.
+ If the provided "step" is less then 1, an error will be thrown.
+ If "b" is not in the range of the provided "step", "b" won't be included in the result.
+ `,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("a", types.N).Description("the start of the range"),
+ types.Named("b", types.N).Description("the end of the range (inclusive)"),
+ types.Named("step", types.N).Description("the step between numbers in the range"),
+ ),
+ types.Named("range", types.NewArray(nil, types.N)).Description("the range between `a` and `b` in `step` increments"),
+ ),
+}
+
+/**
+ * Units
+ */
+
+var UnitsParse = &Builtin{
+ Name: "units.parse",
+ Description: `Converts strings like "10G", "5K", "4M", "1500m", and the like into a number.
+This number can be a non-integer, such as 1.5, 0.22, etc. Scientific notation is supported,
+allowing values such as "1e-3K" (1) or "2.5e6M" (2.5 million M).
+
+Supports standard metric decimal and binary SI units (e.g., K, Ki, M, Mi, G, Gi, etc.) where
+m, K, M, G, T, P, and E are treated as decimal units and Ki, Mi, Gi, Ti, Pi, and Ei are treated as
+binary units.
+
+Note that 'm' and 'M' are case-sensitive to allow distinguishing between "milli" and "mega" units
+respectively. Other units are case-insensitive.`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("the unit to parse"),
+ ),
+ types.Named("y", types.N).Description("the parsed number"),
+ ),
+}
+
+var UnitsParseBytes = &Builtin{
+ Name: "units.parse_bytes",
+ Description: `Converts strings like "10GB", "5K", "4mb", or "1e6KB" into an integer number of bytes.
+
+Supports standard byte units (e.g., KB, KiB, etc.) where KB, MB, GB, and TB are treated as decimal
+units, and KiB, MiB, GiB, and TiB are treated as binary units. Scientific notation is supported,
+enabling values like "1.5e3MB" (1500MB) or "2e6GiB" (2 million GiB).
+
+The bytes symbol (b/B) in the unit is optional; omitting it will yield the same result (e.g., "Mi"
+and "MiB" are equivalent).`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("the byte unit to parse"),
+ ),
+ types.Named("y", types.N).Description("the parsed number"),
+ ),
+}
+
+//
+/**
+ * Type
+ */
+
+// UUIDRFC4122 returns a version 4 UUID string.
+// Marked non-deterministic because it relies on RNG internally.
+var UUIDRFC4122 = &Builtin{
+ Name: "uuid.rfc4122",
+ Description: "Returns a new UUIDv4.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("k", types.S).Description("seed string"),
+ ),
+ types.Named("output", types.S).Description("a version 4 UUID; for any given `k`, the output will be consistent throughout a query evaluation"),
+ ),
+ Nondeterministic: true,
+}
+
+var UUIDParse = &Builtin{
+ Name: "uuid.parse",
+ Description: "Parses the string value as an UUID and returns an object with the well-defined fields of the UUID if valid.",
+ Categories: nil,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("uuid", types.S).Description("UUID string to parse"),
+ ),
+ types.Named("result", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("Properties of UUID if valid (version, variant, etc). Undefined otherwise."),
+ ),
+ Relation: false,
+}
+
+/**
+ * JSON
+ */
+
+var objectCat = category("object")
+
+var JSONFilter = &Builtin{
+ Name: "json.filter",
+ Description: "Filters the object. " +
+ "For example: `json.filter({\"a\": {\"b\": \"x\", \"c\": \"y\"}}, [\"a/b\"])` will result in `{\"a\": {\"b\": \"x\"}}`). " +
+ "Paths are not filtered in-order and are deduplicated before being evaluated.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("object", types.NewObject(
+ nil,
+ types.NewDynamicProperty(types.A, types.A),
+ )).Description("object to filter"),
+ types.Named("paths", types.NewAny(
+ types.NewArray(
+ nil,
+ types.NewAny(
+ types.S,
+ types.NewArray(
+ nil,
+ types.A,
+ ),
+ ),
+ ),
+ types.NewSet(
+ types.NewAny(
+ types.S,
+ types.NewArray(
+ nil,
+ types.A,
+ ),
+ ),
+ ),
+ )).Description("JSON string paths"),
+ ),
+ types.Named("filtered", types.A).Description("remaining data from `object` with only keys specified in `paths`"),
+ ),
+ Categories: objectCat,
+}
+
+var JSONRemove = &Builtin{
+ Name: "json.remove",
+ Description: "Removes paths from an object. " +
+ "For example: `json.remove({\"a\": {\"b\": \"x\", \"c\": \"y\"}}, [\"a/b\"])` will result in `{\"a\": {\"c\": \"y\"}}`. " +
+ "Paths are not removed in-order and are deduplicated before being evaluated.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("object", types.NewObject(
+ nil,
+ types.NewDynamicProperty(types.A, types.A),
+ )).Description("object to remove paths from"),
+ types.Named("paths", types.NewAny(
+ types.NewArray(
+ nil,
+ types.NewAny(
+ types.S,
+ types.NewArray(
+ nil,
+ types.A,
+ ),
+ ),
+ ),
+ types.NewSet(
+ types.NewAny(
+ types.S,
+ types.NewArray(
+ nil,
+ types.A,
+ ),
+ ),
+ ),
+ )).Description("JSON string paths"),
+ ),
+ types.Named("output", types.A).Description("result of removing all keys specified in `paths`"),
+ ),
+ Categories: objectCat,
+}
+
+var JSONPatch = &Builtin{
+ Name: "json.patch",
+ Description: "Patches an object according to RFC6902. " +
+ "For example: `json.patch({\"a\": {\"foo\": 1}}, [{\"op\": \"add\", \"path\": \"/a/bar\", \"value\": 2}])` results in `{\"a\": {\"foo\": 1, \"bar\": 2}`. " +
+ "The patches are applied atomically: if any of them fails, the result will be undefined. " +
+ "Additionally works on sets, where a value contained in the set is considered to be its path.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("object", types.A).Description("the object to patch"), // TODO(sr): types.A?
+ types.Named("patches", types.NewArray(
+ nil,
+ types.NewObject(
+ []*types.StaticProperty{
+ {Key: "op", Value: types.S},
+ {Key: "path", Value: types.A},
+ },
+ types.NewDynamicProperty(types.A, types.A),
+ ),
+ )).Description("the JSON patches to apply"),
+ ),
+ types.Named("output", types.A).Description("result obtained after consecutively applying all patch operations in `patches`"),
+ ),
+ Categories: objectCat,
+}
+
+var ObjectSubset = &Builtin{
+ Name: "object.subset",
+ Description: "Determines if an object `sub` is a subset of another object `super`." +
+ "Object `sub` is a subset of object `super` if and only if every key in `sub` is also in `super`, " +
+ "**and** for all keys which `sub` and `super` share, they have the same value. " +
+ "This function works with objects, sets, arrays and a set of array and set." +
+ "If both arguments are objects, then the operation is recursive, e.g. " +
+ "`{\"c\": {\"x\": {10, 15, 20}}` is a subset of `{\"a\": \"b\", \"c\": {\"x\": {10, 15, 20, 25}, \"y\": \"z\"}`. " +
+ "If both arguments are sets, then this function checks if every element of `sub` is a member of `super`, " +
+ "but does not attempt to recurse. If both arguments are arrays, " +
+ "then this function checks if `sub` appears contiguously in order within `super`, " +
+ "and also does not attempt to recurse. If `super` is array and `sub` is set, " +
+ "then this function checks if `super` contains every element of `sub` with no consideration of ordering, " +
+ "and also does not attempt to recurse.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("super", types.NewAny(types.NewObject(
+ nil,
+ types.NewDynamicProperty(types.A, types.A),
+ ), types.SetOfAny,
+ types.NewArray(nil, types.A),
+ )).Description("object to test if sub is a subset of"),
+ types.Named("sub", types.NewAny(types.NewObject(
+ nil,
+ types.NewDynamicProperty(types.A, types.A),
+ ), types.SetOfAny,
+ types.NewArray(nil, types.A),
+ )).Description("object to test if super is a superset of"),
+ ),
+ types.Named("result", types.A).Description("`true` if `sub` is a subset of `super`"),
+ ),
+}
+
+var ObjectUnion = &Builtin{
+ Name: "object.union",
+ Description: "Creates a new object of the asymmetric union of two objects. " +
+ "For example: `object.union({\"a\": 1, \"b\": 2, \"c\": {\"d\": 3}}, {\"a\": 7, \"c\": {\"d\": 4, \"e\": 5}})` will result in `{\"a\": 7, \"b\": 2, \"c\": {\"d\": 4, \"e\": 5}}`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("a", types.NewObject(
+ nil,
+ types.NewDynamicProperty(types.A, types.A),
+ )).Description("left-hand object"),
+ types.Named("b", types.NewObject(
+ nil,
+ types.NewDynamicProperty(types.A, types.A),
+ )).Description("right-hand object"),
+ ),
+ types.Named("output", types.A).Description("a new object which is the result of an asymmetric recursive union of two objects where conflicts are resolved by choosing the key from the right-hand object `b`"),
+ ), // TODO(sr): types.A? ^^^^^^^ (also below)
+}
+
+var ObjectUnionN = &Builtin{
+ Name: "object.union_n",
+ Description: "Creates a new object that is the asymmetric union of all objects merged from left to right. " +
+ "For example: `object.union_n([{\"a\": 1}, {\"b\": 2}, {\"a\": 3}])` will result in `{\"b\": 2, \"a\": 3}`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("objects", types.NewArray(
+ nil,
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ )).Description("list of objects to merge"),
+ ),
+ types.Named("output", types.A).Description("asymmetric recursive union of all objects in `objects`, merged from left to right, where conflicts are resolved by choosing the key from the right-hand object"),
+ ),
+}
+
+var ObjectRemove = &Builtin{
+ Name: "object.remove",
+ Description: "Removes specified keys from an object.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("object", types.NewObject(
+ nil,
+ types.NewDynamicProperty(types.A, types.A),
+ )).Description("object to remove keys from"),
+ types.Named("keys", types.NewAny(
+ types.NewArray(nil, types.A),
+ types.SetOfAny,
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ )).Description("keys to remove from x"),
+ ),
+ types.Named("output", types.A).Description("result of removing the specified `keys` from `object`"),
+ ),
+}
+
+var ObjectFilter = &Builtin{
+ Name: "object.filter",
+ Description: "Filters the object by keeping only specified keys. " +
+ "For example: `object.filter({\"a\": {\"b\": \"x\", \"c\": \"y\"}, \"d\": \"z\"}, [\"a\"])` will result in `{\"a\": {\"b\": \"x\", \"c\": \"y\"}}`).",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("object", types.NewObject(
+ nil,
+ types.NewDynamicProperty(types.A, types.A),
+ )).Description("object to filter keys"),
+ types.Named("keys", types.NewAny(
+ types.NewArray(nil, types.A),
+ types.SetOfAny,
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ )).Description("keys to keep in `object`"),
+ ),
+ types.Named("filtered", types.A).Description("remaining data from `object` with only keys specified in `keys`"),
+ ),
+}
+
+var ObjectGet = &Builtin{
+ Name: "object.get",
+ Description: "Returns value of an object's key if present, otherwise a default. " +
+ "If the supplied `key` is an `array`, then `object.get` will search through a nested object or array using each key in turn. " +
+ "For example: `object.get({\"a\": [{ \"b\": true }]}, [\"a\", 0, \"b\"], false)` results in `true`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("object", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("object to get `key` from"),
+ types.Named("key", types.A).Description("key to lookup in `object`"),
+ types.Named("default", types.A).Description("default to use when lookup fails"),
+ ),
+ types.Named("value", types.A).Description("`object[key]` if present, otherwise `default`"),
+ ),
+}
+
+var ObjectKeys = &Builtin{
+ Name: "object.keys",
+ Description: "Returns a set of an object's keys. " +
+ "For example: `object.keys({\"a\": 1, \"b\": true, \"c\": \"d\")` results in `{\"a\", \"b\", \"c\"}`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("object", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("object to get keys from"),
+ ),
+ types.Named("value", types.SetOfAny).Description("set of `object`'s keys"),
+ ),
+}
+
+/*
+ * Encoding
+ */
+var encoding = category("encoding")
+
+var JSONMarshal = &Builtin{
+ Name: "json.marshal",
+ Description: "Serializes the input term to JSON.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("the term to serialize"),
+ ),
+ types.Named("y", types.S).Description("the JSON string representation of `x`"),
+ ),
+ Categories: encoding,
+}
+
+var JSONMarshalWithOptions = &Builtin{
+ Name: "json.marshal_with_options",
+ Description: "Serializes the input term JSON, with additional formatting options via the `opts` parameter. " +
+ "`opts` accepts keys `pretty` (enable multi-line/formatted JSON), `prefix` (string to prefix lines with, default empty string) and `indent` (string to indent with, default `\\t`).",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("the term to serialize"),
+ types.Named("opts", types.NewObject(
+ []*types.StaticProperty{
+ types.NewStaticProperty("pretty", types.B),
+ types.NewStaticProperty("indent", types.S),
+ types.NewStaticProperty("prefix", types.S),
+ },
+ types.NewDynamicProperty(types.S, types.A),
+ )).Description("encoding options"),
+ ),
+ types.Named("y", types.S).Description("the JSON string representation of `x`, with configured prefix/indent string(s) as appropriate"),
+ ),
+ Categories: encoding,
+}
+
+var JSONUnmarshal = &Builtin{
+ Name: "json.unmarshal",
+ Description: "Deserializes the input string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("a JSON string"),
+ ),
+ types.Named("y", types.A).Description("the term deserialized from `x`"),
+ ),
+ Categories: encoding,
+}
+
+var JSONIsValid = &Builtin{
+ Name: "json.is_valid",
+ Description: "Verifies the input string is a valid JSON document.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("a JSON string"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is valid JSON, `false` otherwise"),
+ ),
+ Categories: encoding,
+}
+
+var Base64Encode = &Builtin{
+ Name: "base64.encode",
+ Description: "Serializes the input string into base64 encoding.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string to encode"),
+ ),
+ types.Named("y", types.S).Description("base64 serialization of `x`"),
+ ),
+ Categories: encoding,
+}
+
+var Base64Decode = &Builtin{
+ Name: "base64.decode",
+ Description: "Deserializes the base64 encoded input string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string to decode"),
+ ),
+ types.Named("y", types.S).Description("base64 deserialization of `x`"),
+ ),
+ Categories: encoding,
+}
+
+var Base64IsValid = &Builtin{
+ Name: "base64.is_valid",
+ Description: "Verifies the input string is base64 encoded.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string to check"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is valid base64 encoded value, `false` otherwise"),
+ ),
+ Categories: encoding,
+}
+
+var Base64UrlEncode = &Builtin{
+ Name: "base64url.encode",
+ Description: "Serializes the input string into base64url encoding.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string to encode"),
+ ),
+ types.Named("y", types.S).Description("base64url serialization of `x`"),
+ ),
+ Categories: encoding,
+}
+
+var Base64UrlEncodeNoPad = &Builtin{
+ Name: "base64url.encode_no_pad",
+ Description: "Serializes the input string into base64url encoding without padding.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string to encode"),
+ ),
+ types.Named("y", types.S).Description("base64url serialization of `x`"),
+ ),
+ Categories: encoding,
+}
+
+var Base64UrlDecode = &Builtin{
+ Name: "base64url.decode",
+ Description: "Deserializes the base64url encoded input string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string to decode"),
+ ),
+ types.Named("y", types.S).Description("base64url deserialization of `x`"),
+ ),
+ Categories: encoding,
+}
+
+var URLQueryDecode = &Builtin{
+ Name: "urlquery.decode",
+ Description: "Decodes a URL-encoded input string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("the URL-encoded string"),
+ ),
+ types.Named("y", types.S).Description("URL-encoding deserialization of `x`"),
+ ),
+ Categories: encoding,
+}
+
+var URLQueryEncode = &Builtin{
+ Name: "urlquery.encode",
+ Description: "Encodes the input string into a URL-encoded string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("the string to encode"),
+ ),
+ types.Named("y", types.S).Description("URL-encoding serialization of `x`"),
+ ),
+ Categories: encoding,
+}
+
+var URLQueryEncodeObject = &Builtin{
+ Name: "urlquery.encode_object",
+ Description: "Encodes the given object into a URL encoded query string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("object", types.NewObject(
+ nil,
+ types.NewDynamicProperty(
+ types.S,
+ types.NewAny(
+ types.S,
+ types.NewArray(nil, types.S),
+ types.SetOfStr,
+ ),
+ ),
+ ),
+ ).Description("the object to encode"),
+ ),
+ types.Named("y", types.S).Description("the URL-encoded serialization of `object`"),
+ ),
+ Categories: encoding,
+}
+
+var URLQueryDecodeObject = &Builtin{
+ Name: "urlquery.decode_object",
+ Description: "Decodes the given URL query string into an object.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("the query string"),
+ ),
+ types.Named("object", types.NewObject(nil, types.NewDynamicProperty(
+ types.S,
+ types.NewArray(nil, types.S)))).Description("the resulting object"),
+ ),
+ Categories: encoding,
+}
+
+var YAMLMarshal = &Builtin{
+ Name: "yaml.marshal",
+ Description: "Serializes the input term to YAML.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("the term to serialize"),
+ ),
+ types.Named("y", types.S).Description("the YAML string representation of `x`"),
+ ),
+ Categories: encoding,
+}
+
+var YAMLUnmarshal = &Builtin{
+ Name: "yaml.unmarshal",
+ Description: "Deserializes the input string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("a YAML string"),
+ ),
+ types.Named("y", types.A).Description("the term deserialized from `x`"),
+ ),
+ Categories: encoding,
+}
+
+// YAMLIsValid verifies the input string is a valid YAML document.
+var YAMLIsValid = &Builtin{
+ Name: "yaml.is_valid",
+ Description: "Verifies the input string is a valid YAML document.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("a YAML string"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is valid YAML, `false` otherwise"),
+ ),
+ Categories: encoding,
+}
+
+var HexEncode = &Builtin{
+ Name: "hex.encode",
+ Description: "Serializes the input string using hex-encoding.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("string to encode"),
+ ),
+ types.Named("y", types.S).Description("serialization of `x` using hex-encoding"),
+ ),
+ Categories: encoding,
+}
+
+var HexDecode = &Builtin{
+ Name: "hex.decode",
+ Description: "Deserializes the hex-encoded input string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("a hex-encoded string"),
+ ),
+ types.Named("y", types.S).Description("deserialized from `x`"),
+ ),
+ Categories: encoding,
+}
+
+/**
+ * Tokens
+ */
+var tokensCat = category("tokens")
+
+var JWTDecode = &Builtin{
+ Name: "io.jwt.decode",
+ Description: "Decodes a JSON Web Token and outputs it as an object.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token to decode"),
+ ),
+ types.Named("output", types.NewArray([]types.Type{
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ types.S,
+ }, nil)).Description("`[header, payload, sig]`, where `header` and `payload` are objects; `sig` is the hexadecimal representation of the signature on the token."),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyRS256 = &Builtin{
+ Name: "io.jwt.verify_rs256",
+ Description: "Verifies if a RS256 JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyRS384 = &Builtin{
+ Name: "io.jwt.verify_rs384",
+ Description: "Verifies if a RS384 JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyRS512 = &Builtin{
+ Name: "io.jwt.verify_rs512",
+ Description: "Verifies if a RS512 JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyPS256 = &Builtin{
+ Name: "io.jwt.verify_ps256",
+ Description: "Verifies if a PS256 JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyPS384 = &Builtin{
+ Name: "io.jwt.verify_ps384",
+ Description: "Verifies if a PS384 JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyPS512 = &Builtin{
+ Name: "io.jwt.verify_ps512",
+ Description: "Verifies if a PS512 JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyES256 = &Builtin{
+ Name: "io.jwt.verify_es256",
+ Description: "Verifies if a ES256 JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyES384 = &Builtin{
+ Name: "io.jwt.verify_es384",
+ Description: "Verifies if a ES384 JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyES512 = &Builtin{
+ Name: "io.jwt.verify_es512",
+ Description: "Verifies if a ES512 JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("certificate", types.S).Description("PEM encoded certificate, PEM encoded public key, or the JWK key (set) used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyHS256 = &Builtin{
+ Name: "io.jwt.verify_hs256",
+ Description: "Verifies if a HS256 (secret) JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("secret", types.S).Description("plain text secret used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyHS384 = &Builtin{
+ Name: "io.jwt.verify_hs384",
+ Description: "Verifies if a HS384 (secret) JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("secret", types.S).Description("plain text secret used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+var JWTVerifyHS512 = &Builtin{
+ Name: "io.jwt.verify_hs512",
+ Description: "Verifies if a HS512 (secret) JWT signature is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified"),
+ types.Named("secret", types.S).Description("plain text secret used to verify the signature"),
+ ),
+ types.Named("result", types.B).Description("`true` if the signature is valid, `false` otherwise"),
+ ),
+ Categories: tokensCat,
+}
+
+// Marked non-deterministic because it relies on time internally.
+var JWTDecodeVerify = &Builtin{
+ Name: "io.jwt.decode_verify",
+ Description: `Verifies a JWT signature under parameterized constraints and decodes the claims if it is valid.
+Supports the following algorithms: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384 and PS512.`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("jwt", types.S).Description("JWT token whose signature is to be verified and whose claims are to be checked"),
+ types.Named("constraints", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("claim verification constraints"),
+ ),
+ types.Named("output", types.NewArray([]types.Type{
+ types.B,
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ }, nil)).Description("`[valid, header, payload]`: if the input token is verified and meets the requirements of `constraints` then `valid` is `true`; `header` and `payload` are objects containing the JOSE header and the JWT claim set; otherwise, `valid` is `false`, `header` and `payload` are `{}`"),
+ ),
+ Categories: tokensCat,
+ Nondeterministic: true,
+}
+
+var tokenSign = category("tokensign")
+
+// Marked non-deterministic because it relies on RNG internally.
+var JWTEncodeSignRaw = &Builtin{
+ Name: "io.jwt.encode_sign_raw",
+ Description: "Encodes and optionally signs a JSON Web Token.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("headers", types.S).Description("JWS Protected Header"),
+ types.Named("payload", types.S).Description("JWS Payload"),
+ types.Named("key", types.S).Description("JSON Web Key (RFC7517)"),
+ ),
+ types.Named("output", types.S).Description("signed JWT"),
+ ),
+ Categories: tokenSign,
+ Nondeterministic: true,
+}
+
+// Marked non-deterministic because it relies on RNG internally.
+var JWTEncodeSign = &Builtin{
+ Name: "io.jwt.encode_sign",
+ Description: "Encodes and optionally signs a JSON Web Token. Inputs are taken as objects, not encoded strings (see `io.jwt.encode_sign_raw`).",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("headers", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JWS Protected Header"),
+ types.Named("payload", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JWS Payload"),
+ types.Named("key", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JSON Web Key (RFC7517)"),
+ ),
+ types.Named("output", types.S).Description("signed JWT"),
+ ),
+ Categories: tokenSign,
+ Nondeterministic: true,
+}
+
+/**
+ * Time
+ */
+
+// Marked non-deterministic because it relies on time directly.
+var NowNanos = &Builtin{
+ Name: "time.now_ns",
+ Description: "Returns the current time since epoch in nanoseconds.",
+ Decl: types.NewFunction(
+ nil,
+ types.Named("now", types.N).Description("nanoseconds since epoch"),
+ ),
+ Nondeterministic: true,
+}
+
+var ParseNanos = &Builtin{
+ Name: "time.parse_ns",
+ Description: "Returns the time in nanoseconds parsed from the string in the given format. `undefined` if the result would be outside the valid time range that can fit within an `int64`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("layout", types.S).Description("format used for parsing, see the [Go `time` package documentation](https://golang.org/pkg/time/#Parse) for more details"),
+ types.Named("value", types.S).Description("input to parse according to `layout`"),
+ ),
+ types.Named("ns", types.N).Description("`value` in nanoseconds since epoch"),
+ ),
+}
+
+var ParseRFC3339Nanos = &Builtin{
+ Name: "time.parse_rfc3339_ns",
+ Description: "Returns the time in nanoseconds parsed from the string in RFC3339 format. `undefined` if the result would be outside the valid time range that can fit within an `int64`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("value", types.S).Description("input string to parse in RFC3339 format"),
+ ),
+ types.Named("ns", types.N).Description("`value` in nanoseconds since epoch"),
+ ),
+}
+
+var ParseDurationNanos = &Builtin{
+ Name: "time.parse_duration_ns",
+ Description: "Returns the duration in nanoseconds represented by a string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("duration", types.S).Description("a duration like \"3m\"; see the [Go `time` package documentation](https://golang.org/pkg/time/#ParseDuration) for more details"),
+ ),
+ types.Named("ns", types.N).Description("the `duration` in nanoseconds"),
+ ),
+}
+
+var Format = &Builtin{
+ Name: "time.format",
+ Description: "Returns the formatted timestamp for the nanoseconds since epoch.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.NewAny(
+ types.N,
+ types.NewArray([]types.Type{types.N, types.S}, nil),
+ types.NewArray([]types.Type{types.N, types.S, types.S}, nil),
+ )).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string; or a three-element array of ns, timezone string and a layout string or golang defined formatting constant (see golang supported time formats)"),
+ ),
+ types.Named("formatted timestamp", types.S).Description("the formatted timestamp represented for the nanoseconds since the epoch in the supplied timezone (or UTC)"),
+ ),
+}
+
+var Date = &Builtin{
+ Name: "time.date",
+ Description: "Returns the `[year, month, day]` for the nanoseconds since epoch.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.NewAny(
+ types.N,
+ types.NewArray([]types.Type{types.N, types.S}, nil),
+ )).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string"),
+ ),
+ types.Named("date", types.NewArray([]types.Type{types.N, types.N, types.N}, nil)).Description("an array of `year`, `month` (1-12), and `day` (1-31)"),
+ ),
+}
+
+var Clock = &Builtin{
+ Name: "time.clock",
+ Description: "Returns the `[hour, minute, second]` of the day for the nanoseconds since epoch.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.NewAny(
+ types.N,
+ types.NewArray([]types.Type{types.N, types.S}, nil),
+ )).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string"),
+ ),
+ types.Named("output", types.NewArray([]types.Type{types.N, types.N, types.N}, nil)).
+ Description("the `hour`, `minute` (0-59), and `second` (0-59) representing the time of day for the nanoseconds since epoch in the supplied timezone (or UTC)"),
+ ),
+}
+
+var Weekday = &Builtin{
+ Name: "time.weekday",
+ Description: "Returns the day of the week (Monday, Tuesday, ...) for the nanoseconds since epoch.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.NewAny(
+ types.N,
+ types.NewArray([]types.Type{types.N, types.S}, nil),
+ )).Description("a number representing the nanoseconds since the epoch (UTC); or a two-element array of the nanoseconds, and a timezone string"),
+ ),
+ types.Named("day", types.S).Description("the weekday represented by `ns` nanoseconds since the epoch in the supplied timezone (or UTC)"),
+ ),
+}
+
+var AddDate = &Builtin{
+ Name: "time.add_date",
+ Description: "Returns the nanoseconds since epoch after adding years, months and days to nanoseconds. Month & day values outside their usual ranges after the operation and will be normalized - for example, October 32 would become November 1. `undefined` if the result would be outside the valid time range that can fit within an `int64`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("ns", types.N).Description("nanoseconds since the epoch"),
+ types.Named("years", types.N).Description("number of years to add"),
+ types.Named("months", types.N).Description("number of months to add"),
+ types.Named("days", types.N).Description("number of days to add"),
+ ),
+ types.Named("output", types.N).Description("nanoseconds since the epoch representing the input time, with years, months and days added"),
+ ),
+}
+
+var Diff = &Builtin{
+ Name: "time.diff",
+ Description: "Returns the difference between two unix timestamps in nanoseconds (with optional timezone strings).",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("ns1", types.NewAny(
+ types.N,
+ types.NewArray([]types.Type{types.N, types.S}, nil),
+ )).Description("nanoseconds since the epoch; or a two-element array of the nanoseconds, and a timezone string"),
+ types.Named("ns2", types.NewAny(
+ types.N,
+ types.NewArray([]types.Type{types.N, types.S}, nil),
+ )).Description("nanoseconds since the epoch; or a two-element array of the nanoseconds, and a timezone string"),
+ ),
+ types.Named("output", types.NewArray([]types.Type{types.N, types.N, types.N, types.N, types.N, types.N}, nil)).Description("difference between `ns1` and `ns2` (in their supplied timezones, if supplied, or UTC) as array of numbers: `[years, months, days, hours, minutes, seconds]`"),
+ ),
+}
+
+/**
+ * Crypto.
+ */
+
+var CryptoX509ParseCertificates = &Builtin{
+ Name: "crypto.x509.parse_certificates",
+ Description: `Returns zero or more certificates from the given encoded string containing
+DER certificate data.
+
+If the input is empty, the function will return null. The input string should be a list of one or more
+concatenated PEM blocks. The whole input of concatenated PEM blocks can optionally be Base64 encoded.`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("certs", types.S).Description("base64 encoded DER or PEM data containing one or more certificates or a PEM string of one or more certificates"),
+ ),
+ types.Named("output", types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A)))).Description("parsed X.509 certificates represented as objects"),
+ ),
+}
+
+var CryptoX509ParseAndVerifyCertificates = &Builtin{
+ Name: "crypto.x509.parse_and_verify_certificates",
+ Description: `Returns one or more certificates from the given string containing PEM
+or base64 encoded DER certificates after verifying the supplied certificates form a complete
+certificate chain back to a trusted root.
+
+The first certificate is treated as the root and the last is treated as the leaf,
+with all others being treated as intermediates.`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("certs", types.S).Description("base64 encoded DER or PEM data containing two or more certificates where the first is a root CA, the last is a leaf certificate, and all others are intermediate CAs"),
+ ),
+ types.Named("output", types.NewArray([]types.Type{
+ types.B,
+ types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
+ }, nil)).Description("array of `[valid, certs]`: if the input certificate chain could be verified then `valid` is `true` and `certs` is an array of X.509 certificates represented as objects; if the input certificate chain could not be verified then `valid` is `false` and `certs` is `[]`"),
+ ),
+}
+
+var CryptoX509ParseAndVerifyCertificatesWithOptions = &Builtin{
+ Name: "crypto.x509.parse_and_verify_certificates_with_options",
+ Description: `Returns one or more certificates from the given string containing PEM
+or base64 encoded DER certificates after verifying the supplied certificates form a complete
+certificate chain back to a trusted root. A config option passed as the second argument can
+be used to configure the validation options used.
+
+The first certificate is treated as the root and the last is treated as the leaf,
+with all others being treated as intermediates.`,
+
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("certs", types.S).Description("base64 encoded DER or PEM data containing two or more certificates where the first is a root CA, the last is a leaf certificate, and all others are intermediate CAs"),
+ types.Named("options", types.NewObject(
+ nil,
+ types.NewDynamicProperty(types.S, types.A),
+ )).Description("object containing extra configs to verify the validity of certificates. `options` object supports four fields which maps to same fields in [x509.VerifyOptions struct](https://pkg.go.dev/crypto/x509#VerifyOptions). `DNSName`, `CurrentTime`: Nanoseconds since the Unix Epoch as a number, `MaxConstraintComparisons` and `KeyUsages`. `KeyUsages` is list and can have possible values as in: `\"KeyUsageAny\"`, `\"KeyUsageServerAuth\"`, `\"KeyUsageClientAuth\"`, `\"KeyUsageCodeSigning\"`, `\"KeyUsageEmailProtection\"`, `\"KeyUsageIPSECEndSystem\"`, `\"KeyUsageIPSECTunnel\"`, `\"KeyUsageIPSECUser\"`, `\"KeyUsageTimeStamping\"`, `\"KeyUsageOCSPSigning\"`, `\"KeyUsageMicrosoftServerGatedCrypto\"`, `\"KeyUsageNetscapeServerGatedCrypto\"`, `\"KeyUsageMicrosoftCommercialCodeSigning\"`, `\"KeyUsageMicrosoftKernelCodeSigning\"` "),
+ ),
+ types.Named("output", types.NewArray([]types.Type{
+ types.B,
+ types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))),
+ }, nil)).Description("array of `[valid, certs]`: if the input certificate chain could be verified then `valid` is `true` and `certs` is an array of X.509 certificates represented as objects; if the input certificate chain could not be verified then `valid` is `false` and `certs` is `[]`"),
+ ),
+}
+
+var CryptoX509ParseCertificateRequest = &Builtin{
+ Name: "crypto.x509.parse_certificate_request",
+ Description: "Returns a PKCS #10 certificate signing request from the given PEM-encoded PKCS#10 certificate signing request.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("csr", types.S).Description("base64 string containing either a PEM encoded or DER CSR or a string containing a PEM CSR"),
+ ),
+ types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("X.509 CSR represented as an object"),
+ ),
+}
+
+var CryptoX509ParseKeyPair = &Builtin{
+ Name: "crypto.x509.parse_keypair",
+ Description: "Returns a valid key pair",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("cert", types.S).Description("string containing PEM or base64 encoded DER certificates"),
+ types.Named("pem", types.S).Description("string containing PEM or base64 encoded DER keys"),
+ ),
+ types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("if key pair is valid, returns the tls.certificate(https://pkg.go.dev/crypto/tls#Certificate) as an object. If the key pair is invalid, nil and an error are returned."),
+ ),
+}
+var CryptoX509ParseRSAPrivateKey = &Builtin{
+ Name: "crypto.x509.parse_rsa_private_key",
+ Description: "Returns a JWK for signing a JWT from the given PEM-encoded RSA private key.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("pem", types.S).Description("base64 string containing a PEM encoded RSA private key"),
+ ),
+ types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).Description("JWK as an object"),
+ ),
+}
+
+var CryptoParsePrivateKeys = &Builtin{
+ Name: "crypto.parse_private_keys",
+ Description: `Returns zero or more private keys from the given encoded string containing DER certificate data.
+
+If the input is empty, the function will return null. The input string should be a list of one or more concatenated PEM blocks. The whole input of concatenated PEM blocks can optionally be Base64 encoded.`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("keys", types.S).Description("PEM encoded data containing one or more private keys as concatenated blocks. Optionally Base64 encoded."),
+ ),
+ types.Named("output", types.NewArray(nil, types.NewObject(nil, types.NewDynamicProperty(types.S, types.A)))).Description("parsed private keys represented as objects"),
+ ),
+}
+
+var CryptoMd5 = &Builtin{
+ Name: "crypto.md5",
+ Description: "Returns a string representing the input string hashed with the MD5 function",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("input string"),
+ ),
+ types.Named("y", types.S).Description("MD5-hash of `x`"),
+ ),
+}
+
+var CryptoSha1 = &Builtin{
+ Name: "crypto.sha1",
+ Description: "Returns a string representing the input string hashed with the SHA1 function",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("input string"),
+ ),
+ types.Named("y", types.S).Description("SHA1-hash of `x`"),
+ ),
+}
+
+var CryptoSha256 = &Builtin{
+ Name: "crypto.sha256",
+ Description: "Returns a string representing the input string hashed with the SHA256 function",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("input string"),
+ ),
+ types.Named("y", types.S).Description("SHA256-hash of `x`"),
+ ),
+}
+
+var CryptoHmacMd5 = &Builtin{
+ Name: "crypto.hmac.md5",
+ Description: "Returns a string representing the MD5 HMAC of the input message using the input key.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("input string"),
+ types.Named("key", types.S).Description("key to use"),
+ ),
+ types.Named("y", types.S).Description("MD5-HMAC of `x`"),
+ ),
+}
+
+var CryptoHmacSha1 = &Builtin{
+ Name: "crypto.hmac.sha1",
+ Description: "Returns a string representing the SHA1 HMAC of the input message using the input key.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("input string"),
+ types.Named("key", types.S).Description("key to use"),
+ ),
+ types.Named("y", types.S).Description("SHA1-HMAC of `x`"),
+ ),
+}
+
+var CryptoHmacSha256 = &Builtin{
+ Name: "crypto.hmac.sha256",
+ Description: "Returns a string representing the SHA256 HMAC of the input message using the input key.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("input string"),
+ types.Named("key", types.S).Description("key to use"),
+ ),
+ types.Named("y", types.S).Description("SHA256-HMAC of `x`"),
+ ),
+}
+
+var CryptoHmacSha512 = &Builtin{
+ Name: "crypto.hmac.sha512",
+ Description: "Returns a string representing the SHA512 HMAC of the input message using the input key.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.S).Description("input string"),
+ types.Named("key", types.S).Description("key to use"),
+ ),
+ types.Named("y", types.S).Description("SHA512-HMAC of `x`"),
+ ),
+}
+
+var CryptoHmacEqual = &Builtin{
+ Name: "crypto.hmac.equal",
+ Description: "Returns a boolean representing the result of comparing two MACs for equality without leaking timing information.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("mac1", types.S).Description("mac1 to compare"),
+ types.Named("mac2", types.S).Description("mac2 to compare"),
+ ),
+ types.Named("result", types.B).Description("`true` if the MACs are equals, `false` otherwise"),
+ ),
+}
+
+/**
+ * Graphs.
+ */
+var graphs = category("graph")
+
+var WalkBuiltin = &Builtin{
+ Name: "walk",
+ Relation: true,
+ Description: "Generates `[path, value]` tuples for all nested documents of `x` (recursively). Queries can use `walk` to traverse documents nested under `x`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("value to walk"),
+ ),
+ types.Named("output", types.NewArray(
+ []types.Type{
+ types.NewArray(nil, types.A),
+ types.A,
+ },
+ nil,
+ )).Description("pairs of `path` and `value`: `path` is an array representing the pointer to `value` in `x`. If `path` is assigned a wildcard (`_`), the `walk` function will skip path creation entirely for faster evaluation."),
+ ),
+ Categories: graphs,
+}
+
+var ReachableBuiltin = &Builtin{
+ Name: "graph.reachable",
+ Description: "Computes the set of reachable nodes in the graph from a set of starting nodes.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("graph", types.NewObject(
+ nil,
+ types.NewDynamicProperty(
+ types.A,
+ types.NewAny(
+ types.SetOfAny,
+ types.NewArray(nil, types.A)),
+ )),
+ ).Description("object containing a set or array of neighboring vertices"),
+ types.Named("initial", types.NewAny(types.SetOfAny, types.NewArray(nil, types.A))).Description("set or array of root vertices"),
+ ),
+ types.Named("output", types.SetOfAny).Description("set of vertices reachable from the `initial` vertices in the directed `graph`"),
+ ),
+}
+
+var ReachablePathsBuiltin = &Builtin{
+ Name: "graph.reachable_paths",
+ Description: "Computes the set of reachable paths in the graph from a set of starting nodes.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("graph", types.NewObject(
+ nil,
+ types.NewDynamicProperty(
+ types.A,
+ types.NewAny(
+ types.SetOfAny,
+ types.NewArray(nil, types.A)),
+ )),
+ ).Description("object containing a set or array of root vertices"),
+ types.Named("initial", types.NewAny(types.SetOfAny, types.NewArray(nil, types.A))).Description("initial paths"), // TODO(sr): copied. is that correct?
+ ),
+ types.Named("output", types.NewSet(types.NewArray(nil, types.A))).Description("paths reachable from the `initial` vertices in the directed `graph`"),
+ ),
+}
+
+/**
+ * Type
+ */
+var typesCat = category("types")
+
+var IsNumber = &Builtin{
+ Name: "is_number",
+ Description: "Returns `true` if the input value is a number.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("input value"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is a number, `false` otherwise."),
+ ),
+ Categories: typesCat,
+}
+
+var IsString = &Builtin{
+ Name: "is_string",
+ Description: "Returns `true` if the input value is a string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("input value"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is a string, `false` otherwise."),
+ ),
+ Categories: typesCat,
+}
+
+var IsBoolean = &Builtin{
+ Name: "is_boolean",
+ Description: "Returns `true` if the input value is a boolean.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("input value"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is an boolean, `false` otherwise."),
+ ),
+ Categories: typesCat,
+}
+
+var IsArray = &Builtin{
+ Name: "is_array",
+ Description: "Returns `true` if the input value is an array.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("input value"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is an array, `false` otherwise."),
+ ),
+ Categories: typesCat,
+}
+
+var IsSet = &Builtin{
+ Name: "is_set",
+ Description: "Returns `true` if the input value is a set.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("input value"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is a set, `false` otherwise."),
+ ),
+ Categories: typesCat,
+}
+
+var IsObject = &Builtin{
+ Name: "is_object",
+ Description: "Returns true if the input value is an object",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("input value"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is an object, `false` otherwise."),
+ ),
+ Categories: typesCat,
+}
+
+var IsNull = &Builtin{
+ Name: "is_null",
+ Description: "Returns `true` if the input value is null.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("input value"),
+ ),
+ types.Named("result", types.B).Description("`true` if `x` is null, `false` otherwise."),
+ ),
+ Categories: typesCat,
+}
+
+/**
+ * Type Name
+ */
+
+// TypeNameBuiltin returns the type of the input.
+var TypeNameBuiltin = &Builtin{
+ Name: "type_name",
+ Description: "Returns the type of its input value.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("x", types.A).Description("input value"),
+ ),
+ types.Named("type", types.S).Description(`one of "null", "boolean", "number", "string", "array", "object", "set"`),
+ ),
+ Categories: typesCat,
+}
+
+/**
+ * HTTP Request
+ */
+
+// Marked non-deterministic because HTTP request results can be non-deterministic.
+var HTTPSend = &Builtin{
+ Name: "http.send",
+ Description: "Returns a HTTP response to the given HTTP request.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("request", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).
+ Description("the HTTP request object"),
+ ),
+ types.Named("response", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).
+ Description("the HTTP response object"),
+ ),
+ Nondeterministic: true,
+}
+
+/**
+ * GraphQL
+ */
+
+// GraphQLParse returns a pair of AST objects from parsing/validation.
+var GraphQLParse = &Builtin{
+ Name: "graphql.parse",
+ Description: "Returns AST objects for a given GraphQL query and schema after validating the query against the schema. Returns undefined if errors were encountered during parsing or validation. The query and/or schema can be either GraphQL strings or AST objects from the other GraphQL builtin functions.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("query", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("the GraphQL query"),
+ types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("the GraphQL schema"),
+ ),
+ types.Named("output", types.NewArray([]types.Type{
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ }, nil)).Description("`output` is of the form `[query_ast, schema_ast]`. If the GraphQL query is valid given the provided schema, then `query_ast` and `schema_ast` are objects describing the ASTs for the query and schema."),
+ ),
+}
+
+// GraphQLParseAndVerify returns a boolean and a pair of AST object from parsing/validation.
+var GraphQLParseAndVerify = &Builtin{
+ Name: "graphql.parse_and_verify",
+ Description: "Returns a boolean indicating success or failure alongside the parsed ASTs for a given GraphQL query and schema after validating the query against the schema. The query and/or schema can be either GraphQL strings or AST objects from the other GraphQL builtin functions.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("query", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("the GraphQL query"),
+ types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("the GraphQL schema"),
+ ),
+ types.Named("output", types.NewArray([]types.Type{
+ types.B,
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ }, nil)).Description(" `output` is of the form `[valid, query_ast, schema_ast]`. If the query is valid given the provided schema, then `valid` is `true`, and `query_ast` and `schema_ast` are objects describing the ASTs for the GraphQL query and schema. Otherwise, `valid` is `false` and `query_ast` and `schema_ast` are `{}`."),
+ ),
+}
+
+// GraphQLParseQuery parses the input GraphQL query and returns a JSON
+// representation of its AST.
+var GraphQLParseQuery = &Builtin{
+ Name: "graphql.parse_query",
+ Description: "Returns an AST object for a GraphQL query.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("query", types.S).Description("GraphQL query string"),
+ ),
+ types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("AST object for the GraphQL query."),
+ ),
+}
+
+// GraphQLParseSchema parses the input GraphQL schema and returns a JSON
+// representation of its AST.
+var GraphQLParseSchema = &Builtin{
+ Name: "graphql.parse_schema",
+ Description: "Returns an AST object for a GraphQL schema.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("schema", types.S).Description("GraphQL schema string"),
+ ),
+ types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).Description("AST object for the GraphQL schema."),
+ ),
+}
+
+// GraphQLIsValid returns true if a GraphQL query is valid with a given
+// schema, and returns false for all other inputs.
+var GraphQLIsValid = &Builtin{
+ Name: "graphql.is_valid",
+ Description: "Checks that a GraphQL query is valid against a given schema. The query and/or schema can be either GraphQL strings or AST objects from the other GraphQL builtin functions.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("query", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("the GraphQL query"),
+ types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("the GraphQL schema"),
+ ),
+ types.Named("output", types.B).Description("`true` if the query is valid under the given schema. `false` otherwise."),
+ ),
+}
+
+// GraphQLSchemaIsValid returns true if the input is valid GraphQL schema,
+// and returns false for all other inputs.
+var GraphQLSchemaIsValid = &Builtin{
+ Name: "graphql.schema_is_valid",
+ Description: "Checks that the input is a valid GraphQL schema. The schema can be either a GraphQL string or an AST object from the other GraphQL builtin functions.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("the schema to verify"),
+ ),
+ types.Named("output", types.B).Description("`true` if the schema is a valid GraphQL schema. `false` otherwise."),
+ ),
+}
+
+/**
+ * JSON Schema
+ */
+
+// JSONSchemaVerify returns empty string if the input is valid JSON schema
+// and returns error string for all other inputs.
+var JSONSchemaVerify = &Builtin{
+ Name: "json.verify_schema",
+ Description: "Checks that the input is a valid JSON schema object. The schema can be either a JSON string or an JSON object.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("the schema to verify"),
+ ),
+ types.Named("output", types.NewArray([]types.Type{
+ types.B,
+ types.NewAny(types.S, types.Null{}),
+ }, nil)).
+ Description("`output` is of the form `[valid, error]`. If the schema is valid, then `valid` is `true`, and `error` is `null`. Otherwise, `valid` is `false` and `error` is a string describing the error."),
+ ),
+ Categories: objectCat,
+}
+
+// JSONMatchSchema returns empty array if the document matches the JSON schema,
+// and returns non-empty array with error objects otherwise.
+var JSONMatchSchema = &Builtin{
+ Name: "json.match_schema",
+ Description: "Checks that the document matches the JSON schema.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("document", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("document to verify by schema"),
+ types.Named("schema", types.NewAny(types.S, types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)))).
+ Description("schema to verify document by"),
+ ),
+ types.Named("output", types.NewArray([]types.Type{
+ types.B,
+ types.NewArray(
+ nil, types.NewObject(
+ []*types.StaticProperty{
+ {Key: "error", Value: types.S},
+ {Key: "type", Value: types.S},
+ {Key: "field", Value: types.S},
+ {Key: "desc", Value: types.S},
+ },
+ nil,
+ ),
+ ),
+ }, nil)).
+ Description("`output` is of the form `[match, errors]`. If the document is valid given the schema, then `match` is `true`, and `errors` is an empty array. Otherwise, `match` is `false` and `errors` is an array of objects describing the error(s)."),
+ ),
+ Categories: objectCat,
+}
+
+/**
+ * Cloud Provider Helper Functions
+ */
+var providersAWSCat = category("providers.aws")
+
+var ProvidersAWSSignReqObj = &Builtin{
+ Name: "providers.aws.sign_req",
+ Description: "Signs an HTTP request object for Amazon Web Services. Currently implements [AWS Signature Version 4 request signing](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) by the `Authorization` header method.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("request", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).
+ Description("HTTP request object"),
+ types.Named("aws_config", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).
+ Description("AWS configuration object"),
+ types.Named("time_ns", types.N).Description("nanoseconds since the epoch"),
+ ),
+ types.Named("signed_request", types.NewObject(nil, types.NewDynamicProperty(types.A, types.A))).
+ Description("HTTP request object with `Authorization` header"),
+ ),
+ Categories: providersAWSCat,
+}
+
+/**
+ * Rego
+ */
+
+var RegoParseModule = &Builtin{
+ Name: "rego.parse_module",
+ Description: "Parses the input Rego string and returns an object representation of the AST.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("filename", types.S).Description("file name to attach to AST nodes' locations"),
+ types.Named("rego", types.S).Description("Rego module"),
+ ),
+ types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).
+ Description("AST object for the Rego module"),
+ ),
+}
+
+var RegoMetadataChain = &Builtin{
+ Name: "rego.metadata.chain",
+ Description: `Returns the chain of metadata for the active rule.
+Ordered starting at the active rule, going outward to the most distant node in its package ancestry.
+A chain entry is a JSON document with two members: "path", an array representing the path of the node; and "annotations", a JSON document containing the annotations declared for the node.
+The first entry in the chain always points to the active rule, even if it has no declared annotations (in which case the "annotations" member is not present).`,
+ Decl: types.NewFunction(
+ types.Args(),
+ types.Named("chain", types.NewArray(nil, types.A)).Description("each array entry represents a node in the path ancestry (chain) of the active rule that also has declared annotations"),
+ ),
+}
+
+// RegoMetadataRule returns the metadata for the active rule
+var RegoMetadataRule = &Builtin{
+ Name: "rego.metadata.rule",
+ Description: "Returns annotations declared for the active rule and using the _rule_ scope.",
+ Decl: types.NewFunction(
+ types.Args(),
+ types.Named("output", types.A).Description("\"rule\" scope annotations for this rule; empty object if no annotations exist"),
+ ),
+}
+
+/**
+ * OPA
+ */
+
+// Marked non-deterministic because of unpredictable config/environment-dependent results.
+var OPARuntime = &Builtin{
+ Name: "opa.runtime",
+ Description: "Returns an object that describes the runtime environment where OPA is deployed.",
+ Decl: types.NewFunction(
+ nil,
+ types.Named("output", types.NewObject(nil, types.NewDynamicProperty(types.S, types.A))).
+ Description("includes a `config` key if OPA was started with a configuration file; an `env` key containing the environment variables that the OPA process was started with; includes `version` and `commit` keys containing the version and build commit of OPA."),
+ ),
+ Nondeterministic: true,
+}
+
+/**
+ * Trace
+ */
+var tracing = category("tracing")
+
+var Trace = &Builtin{
+ Name: "trace",
+ Description: "Emits `note` as a `Note` event in the query explanation. Query explanations show the exact expressions evaluated by OPA during policy execution. For example, `trace(\"Hello There!\")` includes `Note \"Hello There!\"` in the query explanation. To include variables in the message, use `sprintf`. For example, `person := \"Bob\"; trace(sprintf(\"Hello There! %v\", [person]))` will emit `Note \"Hello There! Bob\"` inside of the explanation.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("note", types.S).Description("the note to include"),
+ ),
+ types.Named("result", types.B).Description("always `true`"),
+ ),
+ Categories: tracing,
+}
+
+/**
+ * Glob
+ */
+
+var GlobMatch = &Builtin{
+ Name: "glob.match",
+ Description: "Parses and matches strings against the glob notation. Not to be confused with `regex.globs_match`.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("pattern", types.S).Description("glob pattern"),
+ types.Named("delimiters", types.NewAny(
+ types.NewArray(nil, types.S),
+ types.NewNull(),
+ )).Description("glob pattern delimiters, e.g. `[\".\", \":\"]`, defaults to `[\".\"]` if unset. If `delimiters` is `null`, glob match without delimiter."),
+ types.Named("match", types.S).Description("string to match against `pattern`"),
+ ),
+ types.Named("result", types.B).Description("true if `match` can be found in `pattern` which is separated by `delimiters`"),
+ ),
+}
+
+var GlobQuoteMeta = &Builtin{
+ Name: "glob.quote_meta",
+ Description: "Returns a string which represents a version of the pattern where all asterisks have been escaped.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("pattern", types.S).Description("glob pattern"),
+ ),
+ types.Named("output", types.S).Description("the escaped string of `pattern`"),
+ ),
+ // TODO(sr): example for this was: Calling ``glob.quote_meta("*.github.com", output)`` returns ``\\*.github.com`` as ``output``.
+}
+
+/**
+ * Networking
+ */
+
+var NetCIDRIntersects = &Builtin{
+ Name: "net.cidr_intersects",
+ Description: "Checks if a CIDR intersects with another CIDR (e.g. `192.168.0.0/16` overlaps with `192.168.1.0/24`). Supports both IPv4 and IPv6 notations.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("cidr1", types.S).Description("first CIDR"),
+ types.Named("cidr2", types.S).Description("second CIDR"),
+ ),
+ types.Named("result", types.B).Description("`true` if `cidr1` intersects with `cidr2`"),
+ ),
+}
+
+var NetCIDRExpand = &Builtin{
+ Name: "net.cidr_expand",
+ Description: "Expands CIDR to set of hosts (e.g., `net.cidr_expand(\"192.168.0.0/30\")` generates 4 hosts: `{\"192.168.0.0\", \"192.168.0.1\", \"192.168.0.2\", \"192.168.0.3\"}`).",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("cidr", types.S).Description("CIDR to expand"),
+ ),
+ types.Named("hosts", types.SetOfStr).Description("set of IP addresses the CIDR `cidr` expands to"),
+ ),
+}
+
+var NetCIDRContains = &Builtin{
+ Name: "net.cidr_contains",
+ Description: "Checks if a CIDR or IP is contained within another CIDR. `output` is `true` if `cidr_or_ip` (e.g. `127.0.0.64/26` or `127.0.0.1`) is contained within `cidr` (e.g. `127.0.0.1/24`) and `false` otherwise. Supports both IPv4 and IPv6 notations.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("cidr", types.S).Description("CIDR to check against"),
+ types.Named("cidr_or_ip", types.S).Description("CIDR or IP to check"),
+ ),
+ types.Named("result", types.B).Description("`true` if `cidr_or_ip` is contained within `cidr`"),
+ ),
+}
+
+var NetCIDRContainsMatches = &Builtin{
+ Name: "net.cidr_contains_matches",
+ Description: "Checks if collections of cidrs or ips are contained within another collection of cidrs and returns matches. " +
+ "This function is similar to `net.cidr_contains` except it allows callers to pass collections of CIDRs or IPs as arguments and returns the matches (as opposed to a boolean result indicating a match between two CIDRs/IPs).",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("cidrs", netCidrContainsMatchesOperandType).Description("CIDRs to check against"),
+ types.Named("cidrs_or_ips", netCidrContainsMatchesOperandType).Description("CIDRs or IPs to check"),
+ ),
+ types.Named("output", types.NewSet(types.NewArray([]types.Type{types.A, types.A}, nil))).Description("tuples identifying matches where `cidrs_or_ips` are contained within `cidrs`"),
+ ),
+}
+
+var NetCIDRMerge = &Builtin{
+ Name: "net.cidr_merge",
+ Description: "Merges IP addresses and subnets into the smallest possible list of CIDRs (e.g., `net.cidr_merge([\"192.0.128.0/24\", \"192.0.129.0/24\"])` generates `{\"192.0.128.0/23\"}`." +
+ `This function merges adjacent subnets where possible, those contained within others and also removes any duplicates.
+Supports both IPv4 and IPv6 notations. IPv6 inputs need a prefix length (e.g. "/128").`,
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("addrs", types.NewAny(
+ types.NewArray(nil, types.NewAny(types.S)),
+ types.SetOfStr,
+ )).Description("CIDRs or IP addresses"),
+ ),
+ types.Named("output", types.SetOfStr).Description("smallest possible set of CIDRs obtained after merging the provided list of IP addresses and subnets in `addrs`"),
+ ),
+}
+
+var NetCIDRIsValid = &Builtin{
+ Name: "net.cidr_is_valid",
+ Description: "Parses an IPv4/IPv6 CIDR and returns a boolean indicating if the provided CIDR is valid.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("cidr", types.S).Description("CIDR to validate"),
+ ),
+ types.Named("result", types.B).Description("`true` if `cidr` is a valid CIDR"),
+ ),
+}
+
+var netCidrContainsMatchesOperandType = types.NewAny(
+ types.S,
+ types.NewArray(nil, types.NewAny(
+ types.S,
+ types.NewArray(nil, types.A),
+ )),
+ types.NewSet(types.NewAny(
+ types.S,
+ types.NewArray(nil, types.A),
+ )),
+ types.NewObject(nil, types.NewDynamicProperty(
+ types.S,
+ types.NewAny(
+ types.S,
+ types.NewArray(nil, types.A),
+ ),
+ )),
+)
+
+// Marked non-deterministic because DNS resolution results can be non-deterministic.
+var NetLookupIPAddr = &Builtin{
+ Name: "net.lookup_ip_addr",
+ Description: "Returns the set of IP addresses (both v4 and v6) that the passed-in `name` resolves to using the standard name resolution mechanisms available.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("name", types.S).Description("domain name to resolve"),
+ ),
+ types.Named("addrs", types.SetOfStr).Description("IP addresses (v4 and v6) that `name` resolves to"),
+ ),
+ Nondeterministic: true,
+}
+
+/**
+ * Semantic Versions
+ */
+
+var SemVerIsValid = &Builtin{
+ Name: "semver.is_valid",
+ Description: "Validates that the input is a valid SemVer string.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("vsn", types.A).Description("input to validate"),
+ ),
+ types.Named("result", types.B).Description("`true` if `vsn` is a valid SemVer; `false` otherwise"),
+ ),
+}
+
+var SemVerCompare = &Builtin{
+ Name: "semver.compare",
+ Description: "Compares valid SemVer formatted version strings.",
+ Decl: types.NewFunction(
+ types.Args(
+ types.Named("a", types.S).Description("first version string"),
+ types.Named("b", types.S).Description("second version string"),
+ ),
+ types.Named("result", types.N).Description("`-1` if `a < b`; `1` if `a > b`; `0` if `a == b`"),
+ ),
+}
+
+/**
+ * Printing
+ */
+
+// Print is a special built-in function that writes zero or more operands
+// to a message buffer. The caller controls how the buffer is displayed. The
+// operands may be of any type. Furthermore, unlike other built-in functions,
+// undefined operands DO NOT cause the print() function to fail during
+// evaluation.
+var Print = &Builtin{
+ Name: "print",
+ Decl: types.NewVariadicFunction(nil, types.A, nil),
+}
+
+// InternalPrint represents the internal implementation of the print() function.
+// The compiler rewrites print() calls to refer to the internal implementation.
+var InternalPrint = &Builtin{
+ Name: "internal.print",
+ Decl: types.NewFunction([]types.Type{types.NewArray(nil, types.SetOfAny)}, nil),
+}
+
+var InternalTestCase = &Builtin{
+ Name: "internal.test_case",
+ Decl: types.NewFunction([]types.Type{types.NewArray(nil, types.A)}, nil),
+}
+
+/**
+ * Deprecated built-ins.
+ */
+
+// SetDiff has been replaced by the minus built-in.
+var SetDiff = &Builtin{
+ Name: "set_diff",
+ Decl: types.NewFunction(
+ types.Args(
+ types.SetOfAny,
+ types.SetOfAny,
+ ),
+ types.SetOfAny,
+ ),
+ deprecated: true,
+}
+
+// NetCIDROverlap has been replaced by the `net.cidr_contains` built-in.
+var NetCIDROverlap = &Builtin{
+ Name: "net.cidr_overlap",
+ Decl: types.NewFunction(
+ types.Args(
+ types.S,
+ types.S,
+ ),
+ types.B,
+ ),
+ deprecated: true,
+}
+
+// CastArray checks the underlying type of the input. If it is array or set, an array
+// containing the values is returned. If it is not an array, an error is thrown.
+var CastArray = &Builtin{
+ Name: "cast_array",
+ Decl: types.NewFunction(
+ types.Args(types.A),
+ types.NewArray(nil, types.A),
+ ),
+ deprecated: true,
+}
+
+// CastSet checks the underlying type of the input.
+// If it is a set, the set is returned.
+// If it is an array, the array is returned in set form (all duplicates removed)
+// If neither, an error is thrown
+var CastSet = &Builtin{
+ Name: "cast_set",
+ Decl: types.NewFunction(
+ types.Args(types.A),
+ types.SetOfAny,
+ ),
+ deprecated: true,
+}
+
+// CastString returns input if it is a string; if not returns error.
+// For formatting variables, see sprintf
+var CastString = &Builtin{
+ Name: "cast_string",
+ Decl: types.NewFunction(
+ types.Args(types.A),
+ types.S,
+ ),
+ deprecated: true,
+}
+
+// CastBoolean returns input if it is a boolean; if not returns error.
+var CastBoolean = &Builtin{
+ Name: "cast_boolean",
+ Decl: types.NewFunction(
+ types.Args(types.A),
+ types.B,
+ ),
+ deprecated: true,
+}
+
+// CastNull returns null if input is null; if not returns error.
+var CastNull = &Builtin{
+ Name: "cast_null",
+ Decl: types.NewFunction(
+ types.Args(types.A),
+ types.NewNull(),
+ ),
+ deprecated: true,
+}
+
+// CastObject returns the given object if it is null; throws an error otherwise
+var CastObject = &Builtin{
+ Name: "cast_object",
+ Decl: types.NewFunction(
+ types.Args(types.A),
+ types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
+ ),
+ deprecated: true,
+}
+
+// RegexMatchDeprecated declares `re_match` which has been deprecated. Use `regex.match` instead.
+var RegexMatchDeprecated = &Builtin{
+ Name: "re_match",
+ Decl: types.NewFunction(
+ types.Args(
+ types.S,
+ types.S,
+ ),
+ types.B,
+ ),
+ deprecated: true,
+}
+
+// All takes a list and returns true if all of the items
+// are true. A collection of length 0 returns true.
+var All = &Builtin{
+ Name: "all",
+ Decl: types.NewFunction(
+ types.Args(
+ types.NewAny(
+ types.SetOfAny,
+ types.NewArray(nil, types.A),
+ ),
+ ),
+ types.B,
+ ),
+ deprecated: true,
+}
+
+// Any takes a collection and returns true if any of the items
+// is true. A collection of length 0 returns false.
+var Any = &Builtin{
+ Name: "any",
+ Decl: types.NewFunction(
+ types.Args(
+ types.NewAny(
+ types.SetOfAny,
+ types.NewArray(nil, types.A),
+ ),
+ ),
+ types.B,
+ ),
+ deprecated: true,
+}
+
+// Builtin represents a built-in function supported by OPA. Every built-in
+// function is uniquely identified by a name.
+type Builtin struct {
+ Name string `json:"name"` // Unique name of built-in function, e.g., (arg1,arg2,...,argN)
+ Description string `json:"description,omitempty"` // Description of what the built-in function does.
+
+ // Categories of the built-in function. Omitted for namespaced
+ // built-ins, i.e. "array.concat" is taken to be of the "array" category.
+ // "minus" for example, is part of two categories: numbers and sets. (NOTE(sr): aspirational)
+ Categories []string `json:"categories,omitempty"`
+
+ Decl *types.Function `json:"decl"` // Built-in function type declaration.
+ Infix string `json:"infix,omitempty"` // Unique name of infix operator. Default should be unset.
+ Relation bool `json:"relation,omitempty"` // Indicates if the built-in acts as a relation.
+ deprecated bool // Indicates if the built-in has been deprecated.
+ Nondeterministic bool `json:"nondeterministic,omitempty"` // Indicates if the built-in returns non-deterministic results.
+}
+
+// category is a helper for specifying a Builtin's Categories
+func category(cs ...string) []string {
+ return cs
+}
+
+// Minimal returns a shallow copy of b with the descriptions and categories and
+// named arguments stripped out.
+func (b *Builtin) Minimal() *Builtin {
+ cpy := *b
+ fargs := b.Decl.FuncArgs()
+ if fargs.Variadic != nil {
+ cpy.Decl = types.NewVariadicFunction(fargs.Args, fargs.Variadic, b.Decl.Result())
+ } else {
+ cpy.Decl = types.NewFunction(fargs.Args, b.Decl.Result())
+ }
+ cpy.Categories = nil
+ cpy.Description = ""
+ return &cpy
+}
+
+// IsDeprecated returns true if the Builtin function is deprecated and will be removed in a future release.
+func (b *Builtin) IsDeprecated() bool {
+ return b.deprecated
+}
+
+// IsDeterministic returns true if the Builtin function returns non-deterministic results.
+func (b *Builtin) IsNondeterministic() bool {
+ return b.Nondeterministic
+}
+
+// Expr creates a new expression for the built-in with the given operands.
+func (b *Builtin) Expr(operands ...*Term) *Expr {
+ ts := make([]*Term, len(operands)+1)
+ ts[0] = NewTerm(b.Ref())
+ for i := range operands {
+ ts[i+1] = operands[i]
+ }
+ return &Expr{
+ Terms: ts,
+ }
+}
+
+// Call creates a new term for the built-in with the given operands.
+func (b *Builtin) Call(operands ...*Term) *Term {
+ call := make(Call, len(operands)+1)
+ call[0] = NewTerm(b.Ref())
+ for i := range operands {
+ call[i+1] = operands[i]
+ }
+ return NewTerm(call)
+}
+
+// Ref returns a Ref that refers to the built-in function.
+func (b *Builtin) Ref() Ref {
+ parts := strings.Split(b.Name, ".")
+ ref := make(Ref, len(parts))
+ ref[0] = VarTerm(parts[0])
+ for i := 1; i < len(parts); i++ {
+ ref[i] = InternedStringTerm(parts[i])
+ }
+ return ref
+}
+
+// IsTargetPos returns true if a variable in the i-th position will be bound by
+// evaluating the call expression.
+func (b *Builtin) IsTargetPos(i int) bool {
+ return b.Decl.Arity() == i
+}
+
+func init() {
+ BuiltinMap = map[string]*Builtin{}
+ for _, b := range &DefaultBuiltins {
+ RegisterBuiltin(b)
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/capabilities.go b/vendor/github.com/open-policy-agent/opa/v1/ast/capabilities.go
new file mode 100644
index 0000000000..7744a4ca26
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/capabilities.go
@@ -0,0 +1,266 @@
+// Copyright 2020 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "bytes"
+ _ "embed"
+ "encoding/json"
+ "fmt"
+ "io"
+ "os"
+ "slices"
+ "sort"
+ "strings"
+
+ "github.com/open-policy-agent/opa/internal/semver"
+ "github.com/open-policy-agent/opa/internal/wasm/sdk/opa/capabilities"
+ caps "github.com/open-policy-agent/opa/v1/capabilities"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// VersonIndex contains an index from built-in function name, language feature,
+// and future rego keyword to version number. During the build, this is used to
+// create an index of the minimum version required for the built-in/feature/kw.
+type VersionIndex struct {
+ Builtins map[string]semver.Version `json:"builtins"`
+ Features map[string]semver.Version `json:"features"`
+ Keywords map[string]semver.Version `json:"keywords"`
+}
+
+// NOTE(tsandall): this file is generated by internal/cmd/genversionindex/main.go
+// and run as part of go:generate. We generate the version index as part of the
+// build process because it's relatively expensive to build (it takes ~500ms on
+// my machine) and never changes.
+//
+//go:embed version_index.json
+var versionIndexBs []byte
+
+var minVersionIndex = func() VersionIndex {
+ var vi VersionIndex
+ err := json.Unmarshal(versionIndexBs, &vi)
+ if err != nil {
+ panic(err)
+ }
+ return vi
+}()
+
+// In the compiler, we used this to check that we're OK working with ref heads.
+// If this isn't present, we'll fail. This is to ensure that older versions of
+// OPA can work with policies that we're compiling -- if they don't know ref
+// heads, they wouldn't be able to parse them.
+const FeatureRefHeadStringPrefixes = "rule_head_ref_string_prefixes"
+const FeatureRefHeads = "rule_head_refs"
+const FeatureRegoV1 = "rego_v1"
+const FeatureRegoV1Import = "rego_v1_import"
+
+// Capabilities defines a structure containing data that describes the capabilities
+// or features supported by a particular version of OPA.
+type Capabilities struct {
+ Builtins []*Builtin `json:"builtins,omitempty"`
+ FutureKeywords []string `json:"future_keywords,omitempty"`
+ WasmABIVersions []WasmABIVersion `json:"wasm_abi_versions,omitempty"`
+
+ // Features is a bit of a mixed bag for checking that an older version of OPA
+ // is able to do what needs to be done.
+ // TODO(sr): find better words ^^
+ Features []string `json:"features,omitempty"`
+
+ // allow_net is an array of hostnames or IP addresses, that an OPA instance is
+ // allowed to connect to.
+ // If omitted, ANY host can be connected to. If empty, NO host can be connected to.
+ // As of now, this only controls fetching remote refs for using JSON Schemas in
+ // the type checker.
+ // TODO(sr): support ports to further restrict connection peers
+ // TODO(sr): support restricting `http.send` using the same mechanism (see https://github.com/open-policy-agent/opa/issues/3665)
+ AllowNet []string `json:"allow_net,omitempty"`
+}
+
+// WasmABIVersion captures the Wasm ABI version. Its `Minor` version is indicating
+// backwards-compatible changes.
+type WasmABIVersion struct {
+ Version int `json:"version"`
+ Minor int `json:"minor_version"`
+}
+
+type CapabilitiesOptions struct {
+ regoVersion RegoVersion
+}
+
+func newCapabilitiesOptions(opts []CapabilitiesOption) CapabilitiesOptions {
+ co := CapabilitiesOptions{}
+ for _, opt := range opts {
+ opt(&co)
+ }
+ return co
+}
+
+type CapabilitiesOption func(*CapabilitiesOptions)
+
+func CapabilitiesRegoVersion(regoVersion RegoVersion) CapabilitiesOption {
+ return func(o *CapabilitiesOptions) {
+ o.regoVersion = regoVersion
+ }
+}
+
+// CapabilitiesForThisVersion returns the capabilities of this version of OPA.
+func CapabilitiesForThisVersion(opts ...CapabilitiesOption) *Capabilities {
+ co := newCapabilitiesOptions(opts)
+
+ f := &Capabilities{}
+
+ for _, vers := range capabilities.ABIVersions() {
+ f.WasmABIVersions = append(f.WasmABIVersions, WasmABIVersion{Version: vers[0], Minor: vers[1]})
+ }
+
+ f.Builtins = make([]*Builtin, len(Builtins))
+ copy(f.Builtins, Builtins)
+
+ slices.SortFunc(f.Builtins, func(a, b *Builtin) int {
+ return strings.Compare(a.Name, b.Name)
+ })
+
+ switch co.regoVersion {
+ case RegoV0, RegoV0CompatV1:
+ for kw := range allFutureKeywords {
+ f.FutureKeywords = append(f.FutureKeywords, kw)
+ }
+
+ f.Features = []string{
+ FeatureRefHeadStringPrefixes,
+ FeatureRefHeads,
+ FeatureRegoV1Import,
+ FeatureRegoV1, // Included in v0 capabilities to allow v1 bundles in --v0-compatible mode
+ }
+ default:
+ for kw := range futureKeywords {
+ f.FutureKeywords = append(f.FutureKeywords, kw)
+ }
+
+ f.Features = []string{
+ FeatureRegoV1,
+ }
+ }
+
+ sort.Strings(f.FutureKeywords)
+ sort.Strings(f.Features)
+
+ return f
+}
+
+// LoadCapabilitiesJSON loads a JSON serialized capabilities structure from the reader r.
+func LoadCapabilitiesJSON(r io.Reader) (*Capabilities, error) {
+ d := util.NewJSONDecoder(r)
+ var c Capabilities
+ return &c, d.Decode(&c)
+}
+
+// LoadCapabilitiesVersion loads a JSON serialized capabilities structure from the specific version.
+func LoadCapabilitiesVersion(version string) (*Capabilities, error) {
+ cvs, err := LoadCapabilitiesVersions()
+ if err != nil {
+ return nil, err
+ }
+
+ for _, cv := range cvs {
+ if cv == version {
+ cont, err := caps.FS.ReadFile(cv + ".json")
+ if err != nil {
+ return nil, err
+ }
+
+ return LoadCapabilitiesJSON(bytes.NewReader(cont))
+ }
+
+ }
+ return nil, fmt.Errorf("no capabilities version found %v", version)
+}
+
+// LoadCapabilitiesFile loads a JSON serialized capabilities structure from a file.
+func LoadCapabilitiesFile(file string) (*Capabilities, error) {
+ fd, err := os.Open(file)
+ if err != nil {
+ return nil, err
+ }
+ defer fd.Close()
+ return LoadCapabilitiesJSON(fd)
+}
+
+// LoadCapabilitiesVersions loads all capabilities versions
+func LoadCapabilitiesVersions() ([]string, error) {
+ ents, err := caps.FS.ReadDir(".")
+ if err != nil {
+ return nil, err
+ }
+
+ capabilitiesVersions := make([]string, 0, len(ents))
+ for _, ent := range ents {
+ capabilitiesVersions = append(capabilitiesVersions, strings.Replace(ent.Name(), ".json", "", 1))
+ }
+ return capabilitiesVersions, nil
+}
+
+// MinimumCompatibleVersion returns the minimum compatible OPA version based on
+// the built-ins, features, and keywords in c.
+func (c *Capabilities) MinimumCompatibleVersion() (string, bool) {
+
+ var maxVersion semver.Version
+
+ // this is the oldest OPA release that includes capabilities
+ if err := maxVersion.Set("0.17.0"); err != nil {
+ panic("unreachable")
+ }
+
+ for _, bi := range c.Builtins {
+ v, ok := minVersionIndex.Builtins[bi.Name]
+ if !ok {
+ return "", false
+ }
+ if v.Compare(maxVersion) > 0 {
+ maxVersion = v
+ }
+ }
+
+ for _, kw := range c.FutureKeywords {
+ v, ok := minVersionIndex.Keywords[kw]
+ if !ok {
+ return "", false
+ }
+ if v.Compare(maxVersion) > 0 {
+ maxVersion = v
+ }
+ }
+
+ for _, feat := range c.Features {
+ v, ok := minVersionIndex.Features[feat]
+ if !ok {
+ return "", false
+ }
+ if v.Compare(maxVersion) > 0 {
+ maxVersion = v
+ }
+ }
+
+ return maxVersion.String(), true
+}
+
+func (c *Capabilities) ContainsFeature(feature string) bool {
+ return slices.Contains(c.Features, feature)
+}
+
+// addBuiltinSorted inserts a built-in into c in sorted order. An existing built-in with the same name
+// will be overwritten.
+func (c *Capabilities) addBuiltinSorted(bi *Builtin) {
+ i := sort.Search(len(c.Builtins), func(x int) bool {
+ return c.Builtins[x].Name >= bi.Name
+ })
+ if i < len(c.Builtins) && bi.Name == c.Builtins[i].Name {
+ c.Builtins[i] = bi
+ return
+ }
+ c.Builtins = append(c.Builtins, nil)
+ copy(c.Builtins[i+1:], c.Builtins[i:])
+ c.Builtins[i] = bi
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/check.go b/vendor/github.com/open-policy-agent/opa/v1/ast/check.go
new file mode 100644
index 0000000000..ffc3d8b264
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/check.go
@@ -0,0 +1,1323 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "fmt"
+ "slices"
+ "sort"
+ "strings"
+
+ "github.com/open-policy-agent/opa/v1/types"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+type varRewriter func(Ref) Ref
+
+// exprChecker defines the interface for executing type checking on a single
+// expression. The exprChecker must update the provided TypeEnv with inferred
+// types of vars.
+type exprChecker func(*TypeEnv, *Expr) *Error
+
+// typeChecker implements type checking on queries and rules. Errors are
+// accumulated on the typeChecker so that a single run can report multiple
+// issues.
+type typeChecker struct {
+ builtins map[string]*Builtin
+ required *Capabilities
+ errs Errors
+ exprCheckers map[string]exprChecker
+ varRewriter varRewriter
+ ss *SchemaSet
+ allowNet []string
+ input types.Type
+ allowUndefinedFuncs bool
+ schemaTypes map[string]types.Type
+}
+
+// newTypeChecker returns a new typeChecker object that has no errors.
+func newTypeChecker() *typeChecker {
+ return &typeChecker{
+ exprCheckers: map[string]exprChecker{
+ "eq": checkExprEq,
+ },
+ }
+}
+
+func (tc *typeChecker) newEnv(exist *TypeEnv) *TypeEnv {
+ if exist != nil {
+ return exist.wrap()
+ }
+ env := newTypeEnv(tc.copy)
+ if tc.input != nil {
+ env.tree.Put(InputRootRef, tc.input)
+ }
+ return env
+}
+
+func (tc *typeChecker) copy() *typeChecker {
+ return newTypeChecker().
+ WithVarRewriter(tc.varRewriter).
+ WithSchemaSet(tc.ss).
+ WithSchemaTypes(tc.schemaTypes).
+ WithAllowNet(tc.allowNet).
+ WithInputType(tc.input).
+ WithAllowUndefinedFunctionCalls(tc.allowUndefinedFuncs).
+ WithBuiltins(tc.builtins).
+ WithRequiredCapabilities(tc.required)
+}
+
+func (tc *typeChecker) WithRequiredCapabilities(c *Capabilities) *typeChecker {
+ tc.required = c
+ return tc
+}
+
+func (tc *typeChecker) WithBuiltins(builtins map[string]*Builtin) *typeChecker {
+ tc.builtins = builtins
+ return tc
+}
+
+func (tc *typeChecker) WithSchemaSet(ss *SchemaSet) *typeChecker {
+ tc.ss = ss
+ return tc
+}
+
+func (tc *typeChecker) WithSchemaTypes(schemaTypes map[string]types.Type) *typeChecker {
+ tc.schemaTypes = schemaTypes
+ return tc
+}
+
+func (tc *typeChecker) WithAllowNet(hosts []string) *typeChecker {
+ tc.allowNet = hosts
+ return tc
+}
+
+func (tc *typeChecker) WithVarRewriter(f varRewriter) *typeChecker {
+ tc.varRewriter = f
+ return tc
+}
+
+func (tc *typeChecker) WithInputType(tpe types.Type) *typeChecker {
+ tc.input = tpe
+ return tc
+}
+
+// WithAllowUndefinedFunctionCalls sets the type checker to allow references to undefined functions.
+// Additionally, the 'CheckUndefinedFuncs' and 'CheckSafetyRuleBodies' compiler stages are skipped.
+func (tc *typeChecker) WithAllowUndefinedFunctionCalls(allow bool) *typeChecker {
+ tc.allowUndefinedFuncs = allow
+ return tc
+}
+
+// Env returns a type environment for the specified built-ins with any other
+// global types configured on the checker. In practice, this is the default
+// environment that other statements will be checked against.
+func (tc *typeChecker) Env(builtins map[string]*Builtin) *TypeEnv {
+ env := tc.newEnv(nil)
+ for _, bi := range builtins {
+ env.tree.Put(bi.Ref(), bi.Decl)
+ }
+ return env
+}
+
+// CheckBody runs type checking on the body and returns a TypeEnv if no errors
+// are found. The resulting TypeEnv wraps the provided one. The resulting
+// TypeEnv will be able to resolve types of vars contained in the body.
+func (tc *typeChecker) CheckBody(env *TypeEnv, body Body) (*TypeEnv, Errors) {
+
+ errors := []*Error{}
+ env = tc.newEnv(env)
+ vis := newRefChecker(env, tc.varRewriter)
+
+ WalkExprs(body, func(expr *Expr) bool {
+
+ closureErrs := tc.checkClosures(env, expr)
+ for _, err := range closureErrs {
+ errors = append(errors, err)
+ }
+
+ hasClosureErrors := len(closureErrs) > 0
+
+ // reset errors from previous iteration
+ vis.errs = nil
+ NewGenericVisitor(vis.Visit).Walk(expr)
+ for _, err := range vis.errs {
+ errors = append(errors, err)
+ }
+
+ hasRefErrors := len(vis.errs) > 0
+
+ if err := tc.checkExpr(env, expr); err != nil {
+ // Suppress this error if a more actionable one has occurred. In
+ // this case, if an error occurred in a ref or closure contained in
+ // this expression, and the error is due to a nil type, then it's
+ // likely to be the result of the more specific error.
+ skip := (hasClosureErrors || hasRefErrors) && causedByNilType(err)
+ if !skip {
+ errors = append(errors, err)
+ }
+ }
+ return true
+ })
+
+ tc.err(errors)
+ return env, errors
+}
+
+// CheckTypes runs type checking on the rules returns a TypeEnv if no errors
+// are found. The resulting TypeEnv wraps the provided one. The resulting
+// TypeEnv will be able to resolve types of refs that refer to rules.
+func (tc *typeChecker) CheckTypes(env *TypeEnv, sorted []util.T, as *AnnotationSet) (*TypeEnv, Errors) {
+ env = tc.newEnv(env)
+ for _, s := range sorted {
+ tc.checkRule(env, as, s.(*Rule))
+ }
+ tc.errs.Sort()
+ return env, tc.errs
+}
+
+func (tc *typeChecker) checkClosures(env *TypeEnv, expr *Expr) Errors {
+ var result Errors
+ WalkClosures(expr, func(x any) bool {
+ switch x := x.(type) {
+ case *ArrayComprehension:
+ _, errs := tc.copy().CheckBody(env, x.Body)
+ if len(errs) > 0 {
+ result = errs
+ return true
+ }
+ case *SetComprehension:
+ _, errs := tc.copy().CheckBody(env, x.Body)
+ if len(errs) > 0 {
+ result = errs
+ return true
+ }
+ case *ObjectComprehension:
+ _, errs := tc.copy().CheckBody(env, x.Body)
+ if len(errs) > 0 {
+ result = errs
+ return true
+ }
+ }
+ return false
+ })
+ return result
+}
+
+func (tc *typeChecker) getSchemaType(schemaAnnot *SchemaAnnotation, rule *Rule) (types.Type, *Error) {
+ if tc.schemaTypes == nil {
+ tc.schemaTypes = make(map[string]types.Type)
+ }
+
+ if refType, exists := tc.schemaTypes[schemaAnnot.Schema.String()]; exists {
+ return refType, nil
+ }
+
+ refType, err := processAnnotation(tc.ss, schemaAnnot, rule, tc.allowNet)
+ if err != nil {
+ return nil, err
+ }
+
+ if refType == nil {
+ return nil, nil
+ }
+
+ tc.schemaTypes[schemaAnnot.Schema.String()] = refType
+ return refType, nil
+
+}
+
+func (tc *typeChecker) checkRule(env *TypeEnv, as *AnnotationSet, rule *Rule) {
+
+ env = env.wrap()
+
+ schemaAnnots := getRuleAnnotation(as, rule)
+ for _, schemaAnnot := range schemaAnnots {
+ refType, err := tc.getSchemaType(schemaAnnot, rule)
+ if err != nil {
+ tc.err([]*Error{err})
+ continue
+ }
+
+ ref := schemaAnnot.Path
+ // if we do not have a ref or a reftype, we should not evaluate this rule.
+ if ref == nil || refType == nil {
+ continue
+ }
+
+ prefixRef, t := getPrefix(env, ref)
+ if t == nil || len(prefixRef) == len(ref) {
+ env.tree.Put(ref, refType)
+ } else {
+ newType, err := override(ref[len(prefixRef):], t, refType, rule)
+ if err != nil {
+ tc.err([]*Error{err})
+ continue
+ }
+ env.tree.Put(prefixRef, newType)
+ }
+ }
+
+ cpy, err := tc.CheckBody(env, rule.Body)
+ env = env.next
+ path := rule.Ref()
+
+ if len(err) > 0 {
+ // if the rule/function contains an error, add it to the type env so
+ // that expressions that refer to this rule/function do not encounter
+ // type errors.
+ env.tree.Put(path, types.A)
+ return
+ }
+
+ var tpe types.Type
+
+ if len(rule.Head.Args) > 0 {
+ // If args are not referred to in body, infer as any.
+ WalkVars(rule.Head.Args, func(v Var) bool {
+ if cpy.GetByValue(v) == nil {
+ cpy.tree.PutOne(v, types.A)
+ }
+ return false
+ })
+
+ // Construct function type.
+ args := make([]types.Type, len(rule.Head.Args))
+ for i := range len(rule.Head.Args) {
+ args[i] = cpy.GetByValue(rule.Head.Args[i].Value)
+ }
+
+ f := types.NewFunction(args, cpy.Get(rule.Head.Value))
+
+ tpe = f
+ } else {
+ switch rule.Head.RuleKind() {
+ case SingleValue:
+ typeV := cpy.GetByValue(rule.Head.Value.Value)
+ if !path.IsGround() {
+ // e.g. store object[string: whatever] at data.p.q.r, not data.p.q.r[x] or data.p.q.r[x].y[z]
+ objPath := path.DynamicSuffix()
+ path = path.GroundPrefix()
+
+ var err error
+ tpe, err = nestedObject(cpy, objPath, typeV)
+ if err != nil {
+ tc.err([]*Error{NewError(TypeErr, rule.Head.Location, err.Error())}) //nolint:govet
+ tpe = nil
+ }
+ } else if typeV != nil {
+ tpe = typeV
+ }
+ case MultiValue:
+ typeK := cpy.GetByValue(rule.Head.Key.Value)
+ if typeK != nil {
+ tpe = types.NewSet(typeK)
+ }
+ }
+ }
+
+ if tpe != nil {
+ env.tree.Insert(path, tpe, env)
+ }
+}
+
+// nestedObject creates a nested structure of object types, where each term on path corresponds to a level in the
+// nesting. Each term in the path only contributes to the dynamic portion of its corresponding object.
+func nestedObject(env *TypeEnv, path Ref, tpe types.Type) (types.Type, error) {
+ if len(path) == 0 {
+ return tpe, nil
+ }
+
+ k := path[0]
+ typeV, err := nestedObject(env, path[1:], tpe)
+ if err != nil {
+ return nil, err
+ }
+ if typeV == nil {
+ return nil, nil
+ }
+
+ var dynamicProperty *types.DynamicProperty
+ typeK := env.GetByValue(k.Value)
+ if typeK == nil {
+ return nil, nil
+ }
+ dynamicProperty = types.NewDynamicProperty(typeK, typeV)
+
+ return types.NewObject(nil, dynamicProperty), nil
+}
+
+func (tc *typeChecker) checkExpr(env *TypeEnv, expr *Expr) *Error {
+ if err := tc.checkExprWith(env, expr, 0); err != nil {
+ return err
+ }
+ if !expr.IsCall() {
+ return nil
+ }
+
+ operator := expr.Operator().String()
+
+ // If the type checker wasn't provided with a required capabilities
+ // structure then just skip. In some cases, type checking might be run
+ // without the need to record what builtins are required.
+ if tc.required != nil && tc.builtins != nil {
+ if bi, ok := tc.builtins[operator]; ok {
+ tc.required.addBuiltinSorted(bi)
+ }
+ }
+
+ checker := tc.exprCheckers[operator]
+ if checker != nil {
+ return checker(env, expr)
+ }
+
+ return tc.checkExprBuiltin(env, expr)
+}
+
+func (tc *typeChecker) checkExprBuiltin(env *TypeEnv, expr *Expr) *Error {
+
+ args := expr.Operands()
+ pre := getArgTypes(env, args)
+
+ // NOTE(tsandall): undefined functions will have been caught earlier in the
+ // compiler. We check for undefined functions before the safety check so
+ // that references to non-existent functions result in undefined function
+ // errors as opposed to unsafe var errors.
+ //
+ // We cannot run type checking before the safety check because part of the
+ // type checker relies on reordering (in particular for references to local
+ // vars).
+ name := expr.Operator()
+ tpe := env.GetByRef(name)
+
+ if tpe == nil {
+ if tc.allowUndefinedFuncs {
+ return nil
+ }
+ return NewError(TypeErr, expr.Location, "undefined function %v", name)
+ }
+
+ // check if the expression refers to a function that contains an error
+ _, ok := tpe.(types.Any)
+ if ok {
+ return nil
+ }
+
+ ftpe, ok := tpe.(*types.Function)
+ if !ok {
+ return NewError(TypeErr, expr.Location, "undefined function %v", name)
+ }
+
+ fargs := ftpe.FuncArgs()
+ namedFargs := ftpe.NamedFuncArgs()
+
+ if ftpe.Result() != nil {
+ fargs.Args = append(fargs.Args, ftpe.Result())
+ namedFargs.Args = append(namedFargs.Args, ftpe.NamedResult())
+ }
+
+ if len(args) > len(fargs.Args) && fargs.Variadic == nil {
+ return newArgError(expr.Location, name, "too many arguments", pre, namedFargs)
+ }
+
+ if len(args) < len(ftpe.FuncArgs().Args) {
+ return newArgError(expr.Location, name, "too few arguments", pre, namedFargs)
+ }
+
+ for i := range args {
+ if !unify1(env, args[i], fargs.Arg(i), false) {
+ post := make([]types.Type, len(args))
+ for i := range args {
+ post[i] = env.GetByValue(args[i].Value)
+ }
+ return newArgError(expr.Location, name, "invalid argument(s)", post, namedFargs)
+ }
+ }
+
+ return nil
+}
+
+func checkExprEq(env *TypeEnv, expr *Expr) *Error {
+
+ pre := getArgTypes(env, expr.Operands())
+
+ if len(pre) < Equality.Decl.Arity() {
+ return newArgError(expr.Location, expr.Operator(), "too few arguments", pre, Equality.Decl.FuncArgs())
+ }
+
+ if Equality.Decl.Arity() < len(pre) {
+ return newArgError(expr.Location, expr.Operator(), "too many arguments", pre, Equality.Decl.FuncArgs())
+ }
+
+ a, b := expr.Operand(0), expr.Operand(1)
+ typeA, typeB := env.GetByValue(a.Value), env.GetByValue(b.Value)
+
+ if !unify2(env, a, typeA, b, typeB) {
+ err := NewError(TypeErr, expr.Location, "match error")
+ err.Details = &UnificationErrDetail{
+ Left: typeA,
+ Right: typeB,
+ }
+ return err
+ }
+
+ return nil
+}
+
+func (tc *typeChecker) checkExprWith(env *TypeEnv, expr *Expr, i int) *Error {
+ if i == len(expr.With) {
+ return nil
+ }
+
+ target, value := expr.With[i].Target, expr.With[i].Value
+ targetType, valueType := env.GetByValue(target.Value), env.GetByValue(value.Value)
+
+ if t, ok := targetType.(*types.Function); ok { // built-in function replacement
+ switch v := valueType.(type) {
+ case *types.Function: // ...by function
+ if !unifies(targetType, valueType) {
+ return newArgError(expr.With[i].Loc(), target.Value.(Ref), "arity mismatch", v.FuncArgs().Args, t.NamedFuncArgs())
+ }
+ default: // ... by value, nothing to check
+ }
+ }
+
+ return tc.checkExprWith(env, expr, i+1)
+}
+
+func unify2(env *TypeEnv, a *Term, typeA types.Type, b *Term, typeB types.Type) bool {
+
+ nilA := types.Nil(typeA)
+ nilB := types.Nil(typeB)
+
+ if nilA && !nilB {
+ return unify1(env, a, typeB, false)
+ } else if nilB && !nilA {
+ return unify1(env, b, typeA, false)
+ } else if !nilA && !nilB {
+ return unifies(typeA, typeB)
+ }
+
+ switch a.Value.(type) {
+ case *Array:
+ return unify2Array(env, a, b)
+ case *object:
+ return unify2Object(env, a, b)
+ case Var:
+ switch b.Value.(type) {
+ case Var:
+ return unify1(env, a, types.A, false) && unify1(env, b, env.GetByValue(a.Value), false)
+ case *Array:
+ return unify2Array(env, b, a)
+ case *object:
+ return unify2Object(env, b, a)
+ }
+ }
+
+ return false
+}
+
+func unify2Array(env *TypeEnv, a *Term, b *Term) bool {
+ arr := a.Value.(*Array)
+ switch bv := b.Value.(type) {
+ case *Array:
+ if arr.Len() == bv.Len() {
+ for i := range arr.Len() {
+ if !unify2(env, arr.Elem(i), env.GetByValue(arr.Elem(i).Value), bv.Elem(i), env.GetByValue(bv.Elem(i).Value)) {
+ return false
+ }
+ }
+ return true
+ }
+ case Var:
+ return unify1(env, a, types.A, false) && unify1(env, b, env.GetByValue(a.Value), false)
+ }
+ return false
+}
+
+func unify2Object(env *TypeEnv, a *Term, b *Term) bool {
+ obj := a.Value.(Object)
+ switch bv := b.Value.(type) {
+ case *object:
+ cv := obj.Intersect(bv)
+ if obj.Len() == bv.Len() && bv.Len() == len(cv) {
+ for i := range cv {
+ if !unify2(env, cv[i][1], env.GetByValue(cv[i][1].Value), cv[i][2], env.GetByValue(cv[i][2].Value)) {
+ return false
+ }
+ }
+ return true
+ }
+ case Var:
+ return unify1(env, a, types.A, false) && unify1(env, b, env.GetByValue(a.Value), false)
+ }
+ return false
+}
+
+func unify1(env *TypeEnv, term *Term, tpe types.Type, union bool) bool {
+ switch v := term.Value.(type) {
+ case *Array:
+ switch tpe := tpe.(type) {
+ case *types.Array:
+ return unify1Array(env, v, tpe, union)
+ case types.Any:
+ if types.Compare(tpe, types.A) == 0 {
+ for i := range v.Len() {
+ unify1(env, v.Elem(i), types.A, true)
+ }
+ return true
+ }
+ unifies := false
+ for i := range tpe {
+ unifies = unify1(env, term, tpe[i], true) || unifies
+ }
+ return unifies
+ }
+ return false
+ case *object:
+ switch tpe := tpe.(type) {
+ case *types.Object:
+ return unify1Object(env, v, tpe, union)
+ case types.Any:
+ if types.Compare(tpe, types.A) == 0 {
+ v.Foreach(func(key, value *Term) {
+ unify1(env, key, types.A, true)
+ unify1(env, value, types.A, true)
+ })
+ return true
+ }
+ unifies := false
+ for i := range tpe {
+ unifies = unify1(env, term, tpe[i], true) || unifies
+ }
+ return unifies
+ }
+ return false
+ case Set:
+ switch tpe := tpe.(type) {
+ case *types.Set:
+ return unify1Set(env, v, tpe, union)
+ case types.Any:
+ if types.Compare(tpe, types.A) == 0 {
+ v.Foreach(func(elem *Term) {
+ unify1(env, elem, types.A, true)
+ })
+ return true
+ }
+ unifies := false
+ for i := range tpe {
+ unifies = unify1(env, term, tpe[i], true) || unifies
+ }
+ return unifies
+ }
+ return false
+ case Ref, *ArrayComprehension, *ObjectComprehension, *SetComprehension:
+ return unifies(env.GetByValue(v), tpe)
+ case Var:
+ if !union {
+ if exist := env.GetByValue(v); exist != nil {
+ return unifies(exist, tpe)
+ }
+ env.tree.PutOne(term.Value, tpe)
+ } else {
+ env.tree.PutOne(term.Value, types.Or(env.GetByValue(v), tpe))
+ }
+ return true
+ default:
+ if !IsConstant(v) {
+ panic("unreachable")
+ }
+ return unifies(env.GetByValue(term.Value), tpe)
+ }
+}
+
+func unify1Array(env *TypeEnv, val *Array, tpe *types.Array, union bool) bool {
+ if val.Len() != tpe.Len() && tpe.Dynamic() == nil {
+ return false
+ }
+ for i := range val.Len() {
+ if !unify1(env, val.Elem(i), tpe.Select(i), union) {
+ return false
+ }
+ }
+ return true
+}
+
+func unify1Object(env *TypeEnv, val Object, tpe *types.Object, union bool) bool {
+ if val.Len() != len(tpe.Keys()) && tpe.DynamicValue() == nil {
+ return false
+ }
+ stop := val.Until(func(k, v *Term) bool {
+ if IsConstant(k.Value) {
+ if child := selectConstant(tpe, k); child != nil {
+ if !unify1(env, v, child, union) {
+ return true
+ }
+ } else {
+ return true
+ }
+ } else {
+ // Inferring type of value under dynamic key would involve unioning
+ // with all property values of tpe whose keys unify. For now, type
+ // these values as Any. We can investigate stricter inference in
+ // the future.
+ unify1(env, v, types.A, union)
+ }
+ return false
+ })
+ return !stop
+}
+
+func unify1Set(env *TypeEnv, val Set, tpe *types.Set, union bool) bool {
+ of := types.Values(tpe)
+ return !val.Until(func(elem *Term) bool {
+ return !unify1(env, elem, of, union)
+ })
+}
+
+func (tc *typeChecker) err(errors []*Error) {
+ tc.errs = append(tc.errs, errors...)
+}
+
+type refChecker struct {
+ env *TypeEnv
+ errs Errors
+ varRewriter varRewriter
+}
+
+func rewriteVarsNop(node Ref) Ref {
+ return node
+}
+
+func newRefChecker(env *TypeEnv, f varRewriter) *refChecker {
+ if f == nil {
+ f = rewriteVarsNop
+ }
+
+ return &refChecker{
+ env: env,
+ errs: nil,
+ varRewriter: f,
+ }
+}
+
+func (rc *refChecker) Visit(x any) bool {
+ switch x := x.(type) {
+ case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
+ return true
+ case *Expr:
+ switch terms := x.Terms.(type) {
+ case []*Term:
+ for i := 1; i < len(terms); i++ {
+ NewGenericVisitor(rc.Visit).Walk(terms[i])
+ }
+ return true
+ case *Term:
+ NewGenericVisitor(rc.Visit).Walk(terms)
+ return true
+ }
+ case Ref:
+ if err := rc.checkApply(rc.env, x); err != nil {
+ rc.errs = append(rc.errs, err)
+ return true
+ }
+ if err := rc.checkRef(rc.env, rc.env.tree, x, 0); err != nil {
+ rc.errs = append(rc.errs, err)
+ }
+ }
+ return false
+}
+
+func (rc *refChecker) checkApply(curr *TypeEnv, ref Ref) *Error {
+ if tpe, ok := curr.GetByRef(ref).(*types.Function); ok {
+ // NOTE(sr): We don't support first-class functions, except for `with`.
+ return newRefErrUnsupported(ref[0].Location, rc.varRewriter(ref), len(ref)-1, tpe)
+ }
+
+ return nil
+}
+
+func (rc *refChecker) checkRef(curr *TypeEnv, node *typeTreeNode, ref Ref, idx int) *Error {
+
+ if idx == len(ref) {
+ return nil
+ }
+
+ head := ref[idx]
+
+ // NOTE(sr): as long as package statements are required, this isn't possible:
+ // the shortest possible rule ref is data.a.b (b is idx 2), idx 1 and 2 need to
+ // be strings or vars.
+ if idx == 1 || idx == 2 {
+ switch head.Value.(type) {
+ case Var, String: // OK
+ default:
+ have := rc.env.GetByValue(head.Value)
+ return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, have, types.S, getOneOfForNode(node))
+ }
+ }
+
+ if _, ok := head.Value.(Var); ok && idx != 0 {
+ tpe := types.Keys(rc.env.getRefRecExtent(node))
+ if exist := rc.env.GetByValue(head.Value); exist != nil {
+ if !unifies(tpe, exist) {
+ return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, exist, tpe, getOneOfForNode(node))
+ }
+ } else {
+ rc.env.tree.PutOne(head.Value, tpe)
+ }
+ }
+
+ child := node.Child(head.Value)
+ if child == nil {
+ // NOTE(sr): idx is reset on purpose: we start over
+ switch {
+ case curr.next != nil:
+ next := curr.next
+ return rc.checkRef(next, next.tree, ref, 0)
+
+ case RootDocumentNames.Contains(ref[0]):
+ if idx != 0 {
+ node.Children().Iter(func(_ Value, child *typeTreeNode) bool {
+ _ = rc.checkRef(curr, child, ref, idx+1) // ignore error
+ return false
+ })
+ return nil
+ }
+ return rc.checkRefLeaf(types.A, ref, 1)
+
+ default:
+ return rc.checkRefLeaf(types.A, ref, 0)
+ }
+ }
+
+ if child.Leaf() {
+ return rc.checkRefLeaf(child.Value(), ref, idx+1)
+ }
+
+ return rc.checkRef(curr, child, ref, idx+1)
+}
+
+func (rc *refChecker) checkRefLeaf(tpe types.Type, ref Ref, idx int) *Error {
+
+ if idx == len(ref) {
+ return nil
+ }
+
+ head := ref[idx]
+
+ keys := types.Keys(tpe)
+ if keys == nil {
+ return newRefErrUnsupported(ref[0].Location, rc.varRewriter(ref), idx-1, tpe)
+ }
+
+ switch value := head.Value.(type) {
+
+ case Var:
+ if exist := rc.env.GetByValue(value); exist != nil {
+ if !unifies(exist, keys) {
+ return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, exist, keys, getOneOfForType(tpe))
+ }
+ } else {
+ rc.env.tree.PutOne(value, types.Keys(tpe))
+ }
+
+ case Ref:
+ if exist := rc.env.Get(value); exist != nil {
+ if !unifies(exist, keys) {
+ return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, exist, keys, getOneOfForType(tpe))
+ }
+ }
+
+ case *Array, Object, Set:
+ if !unify1(rc.env, head, keys, false) {
+ return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, rc.env.Get(head), keys, nil)
+ }
+
+ default:
+ child := selectConstant(tpe, head)
+ if child == nil {
+ return newRefErrInvalid(ref[0].Location, rc.varRewriter(ref), idx, nil, types.Keys(tpe), getOneOfForType(tpe))
+ }
+ return rc.checkRefLeaf(child, ref, idx+1)
+ }
+
+ return rc.checkRefLeaf(types.Values(tpe), ref, idx+1)
+}
+
+func unifies(a, b types.Type) bool {
+
+ if a == nil || b == nil {
+ return false
+ }
+
+ anyA, ok1 := a.(types.Any)
+ if ok1 {
+ if unifiesAny(anyA, b) {
+ return true
+ }
+ }
+
+ anyB, ok2 := b.(types.Any)
+ if ok2 {
+ if unifiesAny(anyB, a) {
+ return true
+ }
+ }
+
+ if ok1 || ok2 {
+ return false
+ }
+
+ switch a := a.(type) {
+ case types.Null:
+ _, ok := b.(types.Null)
+ return ok
+ case types.Boolean:
+ _, ok := b.(types.Boolean)
+ return ok
+ case types.Number:
+ _, ok := b.(types.Number)
+ return ok
+ case types.String:
+ _, ok := b.(types.String)
+ return ok
+ case *types.Array:
+ b, ok := b.(*types.Array)
+ if !ok {
+ return false
+ }
+ return unifiesArrays(a, b)
+ case *types.Object:
+ b, ok := b.(*types.Object)
+ if !ok {
+ return false
+ }
+ return unifiesObjects(a, b)
+ case *types.Set:
+ b, ok := b.(*types.Set)
+ if !ok {
+ return false
+ }
+ return unifies(types.Values(a), types.Values(b))
+ case *types.Function:
+ // NOTE(sr): variadic functions can only be internal ones, and we've forbidden
+ // their replacement via `with`; so we disregard variadic here
+ if types.Arity(a) == types.Arity(b) {
+ b := b.(*types.Function)
+ for i := range a.FuncArgs().Args {
+ if !unifies(a.FuncArgs().Arg(i), b.FuncArgs().Arg(i)) {
+ return false
+ }
+ }
+ return true
+ }
+ return false
+ default:
+ panic("unreachable")
+ }
+}
+
+func unifiesAny(a types.Any, b types.Type) bool {
+ if _, ok := b.(*types.Function); ok {
+ return false
+ }
+ for i := range a {
+ if unifies(a[i], b) {
+ return true
+ }
+ }
+ return len(a) == 0
+}
+
+func unifiesArrays(a, b *types.Array) bool {
+
+ if !unifiesArraysStatic(a, b) {
+ return false
+ }
+
+ if !unifiesArraysStatic(b, a) {
+ return false
+ }
+
+ return a.Dynamic() == nil || b.Dynamic() == nil || unifies(a.Dynamic(), b.Dynamic())
+}
+
+func unifiesArraysStatic(a, b *types.Array) bool {
+ if a.Len() != 0 {
+ for i := range a.Len() {
+ if !unifies(a.Select(i), b.Select(i)) {
+ return false
+ }
+ }
+ }
+ return true
+}
+
+func unifiesObjects(a, b *types.Object) bool {
+ if !unifiesObjectsStatic(a, b) {
+ return false
+ }
+
+ if !unifiesObjectsStatic(b, a) {
+ return false
+ }
+
+ return a.DynamicValue() == nil || b.DynamicValue() == nil || unifies(a.DynamicValue(), b.DynamicValue())
+}
+
+func unifiesObjectsStatic(a, b *types.Object) bool {
+ for _, k := range a.Keys() {
+ if !unifies(a.Select(k), b.Select(k)) {
+ return false
+ }
+ }
+ return true
+}
+
+// typeErrorCause defines an interface to determine the reason for a type
+// error. The type error details implement this interface so that type checking
+// can report more actionable errors.
+type typeErrorCause interface {
+ nilType() bool
+}
+
+func causedByNilType(err *Error) bool {
+ cause, ok := err.Details.(typeErrorCause)
+ if !ok {
+ return false
+ }
+ return cause.nilType()
+}
+
+// ArgErrDetail represents a generic argument error.
+type ArgErrDetail struct {
+ Have []types.Type `json:"have"`
+ Want types.FuncArgs `json:"want"`
+}
+
+// Lines returns the string representation of the detail.
+func (d *ArgErrDetail) Lines() []string {
+ lines := make([]string, 2)
+ lines[0] = "have: " + formatArgs(d.Have)
+ lines[1] = "want: " + d.Want.String()
+ return lines
+}
+
+func (d *ArgErrDetail) nilType() bool {
+ return slices.ContainsFunc(d.Have, types.Nil)
+}
+
+// UnificationErrDetail describes a type mismatch error when two values are
+// unified (e.g., x = [1,2,y]).
+type UnificationErrDetail struct {
+ Left types.Type `json:"a"`
+ Right types.Type `json:"b"`
+}
+
+func (a *UnificationErrDetail) nilType() bool {
+ return types.Nil(a.Left) || types.Nil(a.Right)
+}
+
+// Lines returns the string representation of the detail.
+func (a *UnificationErrDetail) Lines() []string {
+ lines := make([]string, 2)
+ lines[0] = fmt.Sprint("left : ", types.Sprint(a.Left))
+ lines[1] = fmt.Sprint("right : ", types.Sprint(a.Right))
+ return lines
+}
+
+// RefErrUnsupportedDetail describes an undefined reference error where the
+// referenced value does not support dereferencing (e.g., scalars).
+type RefErrUnsupportedDetail struct {
+ Ref Ref `json:"ref"` // invalid ref
+ Pos int `json:"pos"` // invalid element
+ Have types.Type `json:"have"` // referenced type
+}
+
+// Lines returns the string representation of the detail.
+func (r *RefErrUnsupportedDetail) Lines() []string {
+ lines := []string{
+ r.Ref.String(),
+ strings.Repeat("^", len(r.Ref[:r.Pos+1].String())),
+ fmt.Sprintf("have: %v", r.Have),
+ }
+ return lines
+}
+
+// RefErrInvalidDetail describes an undefined reference error where the referenced
+// value does not support the reference operand (e.g., missing object key,
+// invalid key type, etc.)
+type RefErrInvalidDetail struct {
+ Ref Ref `json:"ref"` // invalid ref
+ Pos int `json:"pos"` // invalid element
+ Have types.Type `json:"have,omitempty"` // type of invalid element (for var/ref elements)
+ Want types.Type `json:"want"` // allowed type (for non-object values)
+ OneOf []Value `json:"oneOf"` // allowed values (e.g., for object keys)
+}
+
+// Lines returns the string representation of the detail.
+func (r *RefErrInvalidDetail) Lines() []string {
+ lines := []string{r.Ref.String()}
+ offset := len(r.Ref[:r.Pos].String()) + 1
+ pad := strings.Repeat(" ", offset)
+ lines = append(lines, pad+"^")
+ if r.Have != nil {
+ lines = append(lines, fmt.Sprintf("%shave (type): %v", pad, r.Have))
+ } else {
+ lines = append(lines, fmt.Sprintf("%shave: %v", pad, r.Ref[r.Pos]))
+ }
+ if len(r.OneOf) > 0 {
+ lines = append(lines, fmt.Sprintf("%swant (one of): %v", pad, r.OneOf))
+ } else {
+ lines = append(lines, fmt.Sprintf("%swant (type): %v", pad, r.Want))
+ }
+ return lines
+}
+
+func formatArgs(args []types.Type) string {
+ buf := make([]string, len(args))
+ for i := range args {
+ buf[i] = types.Sprint(args[i])
+ }
+ return "(" + strings.Join(buf, ", ") + ")"
+}
+
+func newRefErrInvalid(loc *Location, ref Ref, idx int, have, want types.Type, oneOf []Value) *Error {
+ err := newRefError(loc, ref)
+ err.Details = &RefErrInvalidDetail{
+ Ref: ref,
+ Pos: idx,
+ Have: have,
+ Want: want,
+ OneOf: oneOf,
+ }
+ return err
+}
+
+func newRefErrUnsupported(loc *Location, ref Ref, idx int, have types.Type) *Error {
+ err := newRefError(loc, ref)
+ err.Details = &RefErrUnsupportedDetail{
+ Ref: ref,
+ Pos: idx,
+ Have: have,
+ }
+ return err
+}
+
+func newRefError(loc *Location, ref Ref) *Error {
+ return NewError(TypeErr, loc, "undefined ref: %v", ref)
+}
+
+func newArgError(loc *Location, builtinName Ref, msg string, have []types.Type, want types.FuncArgs) *Error {
+ err := NewError(TypeErr, loc, "%v: %v", builtinName, msg)
+ err.Details = &ArgErrDetail{
+ Have: have,
+ Want: want,
+ }
+ return err
+}
+
+func getOneOfForNode(node *typeTreeNode) (result []Value) {
+ node.Children().Iter(func(k Value, _ *typeTreeNode) bool {
+ result = append(result, k)
+ return false
+ })
+
+ sortValueSlice(result)
+ return result
+}
+
+func getOneOfForType(tpe types.Type) (result []Value) {
+ switch tpe := tpe.(type) {
+ case *types.Object:
+ for _, k := range tpe.Keys() {
+ v, err := InterfaceToValue(k)
+ if err != nil {
+ panic(err)
+ }
+ result = append(result, v)
+ }
+
+ case types.Any:
+ for _, object := range tpe {
+ objRes := getOneOfForType(object)
+ result = append(result, objRes...)
+ }
+ }
+
+ result = removeDuplicate(result)
+ sortValueSlice(result)
+ return result
+}
+
+func sortValueSlice(sl []Value) {
+ sort.Slice(sl, func(i, j int) bool {
+ return sl[i].Compare(sl[j]) < 0
+ })
+}
+
+func removeDuplicate(list []Value) []Value {
+ seen := make(map[Value]bool)
+ var newResult []Value
+ for _, item := range list {
+ if !seen[item] {
+ newResult = append(newResult, item)
+ seen[item] = true
+ }
+ }
+ return newResult
+}
+
+func getArgTypes(env *TypeEnv, args []*Term) []types.Type {
+ pre := make([]types.Type, len(args))
+ for i := range args {
+ pre[i] = env.Get(args[i])
+ }
+ return pre
+}
+
+// getPrefix returns the shortest prefix of ref that exists in env
+func getPrefix(env *TypeEnv, ref Ref) (Ref, types.Type) {
+ if len(ref) == 1 {
+ t := env.Get(ref)
+ if t != nil {
+ return ref, t
+ }
+ }
+ for i := 1; i < len(ref); i++ {
+ t := env.Get(ref[:i])
+ if t != nil {
+ return ref[:i], t
+ }
+ }
+ return nil, nil
+}
+
+// override takes a type t and returns a type obtained from t where the path represented by ref within it has type o (overriding the original type of that path)
+func override(ref Ref, t types.Type, o types.Type, rule *Rule) (types.Type, *Error) {
+ var newStaticProps []*types.StaticProperty
+ obj, ok := t.(*types.Object)
+ if !ok {
+ newType, err := getObjectType(ref, o, rule, types.NewDynamicProperty(types.A, types.A))
+ if err != nil {
+ return nil, err
+ }
+ return newType, nil
+ }
+ found := false
+ if ok {
+ staticProps := obj.StaticProperties()
+ for _, prop := range staticProps {
+ valueCopy := prop.Value
+ key, err := InterfaceToValue(prop.Key)
+ if err != nil {
+ return nil, NewError(TypeErr, rule.Location, "unexpected error in override: %s", err.Error())
+ }
+ if len(ref) > 0 && ref[0].Value.Compare(key) == 0 {
+ found = true
+ if len(ref) == 1 {
+ valueCopy = o
+ } else {
+ newVal, err := override(ref[1:], valueCopy, o, rule)
+ if err != nil {
+ return nil, err
+ }
+ valueCopy = newVal
+ }
+ }
+ newStaticProps = append(newStaticProps, types.NewStaticProperty(prop.Key, valueCopy))
+ }
+ }
+
+ // ref[0] is not a top-level key in staticProps, so it must be added
+ if !found {
+ newType, err := getObjectType(ref, o, rule, obj.DynamicProperties())
+ if err != nil {
+ return nil, err
+ }
+ newStaticProps = append(newStaticProps, newType.StaticProperties()...)
+ }
+ return types.NewObject(newStaticProps, obj.DynamicProperties()), nil
+}
+
+func getKeys(ref Ref, rule *Rule) ([]any, *Error) {
+ keys := []any{}
+ for _, refElem := range ref {
+ key, err := JSON(refElem.Value)
+ if err != nil {
+ return nil, NewError(TypeErr, rule.Location, "error getting key from value: %s", err.Error())
+ }
+ keys = append(keys, key)
+ }
+ return keys, nil
+}
+
+func getObjectTypeRec(keys []any, o types.Type, d *types.DynamicProperty) *types.Object {
+ if len(keys) == 1 {
+ staticProps := []*types.StaticProperty{types.NewStaticProperty(keys[0], o)}
+ return types.NewObject(staticProps, d)
+ }
+
+ staticProps := []*types.StaticProperty{types.NewStaticProperty(keys[0], getObjectTypeRec(keys[1:], o, d))}
+ return types.NewObject(staticProps, d)
+}
+
+func getObjectType(ref Ref, o types.Type, rule *Rule, d *types.DynamicProperty) (*types.Object, *Error) {
+ keys, err := getKeys(ref, rule)
+ if err != nil {
+ return nil, err
+ }
+ return getObjectTypeRec(keys, o, d), nil
+}
+
+func getRuleAnnotation(as *AnnotationSet, rule *Rule) (result []*SchemaAnnotation) {
+
+ for _, x := range as.GetSubpackagesScope(rule.Module.Package.Path) {
+ result = append(result, x.Schemas...)
+ }
+
+ if x := as.GetPackageScope(rule.Module.Package); x != nil {
+ result = append(result, x.Schemas...)
+ }
+
+ if x := as.GetDocumentScope(rule.Ref().GroundPrefix()); x != nil {
+ result = append(result, x.Schemas...)
+ }
+
+ for _, x := range as.GetRuleScope(rule) {
+ result = append(result, x.Schemas...)
+ }
+
+ return result
+}
+
+func processAnnotation(ss *SchemaSet, annot *SchemaAnnotation, rule *Rule, allowNet []string) (types.Type, *Error) {
+
+ var schema any
+
+ if annot.Schema != nil {
+ if ss == nil {
+ return nil, nil
+ }
+ schema = ss.Get(annot.Schema)
+ if schema == nil {
+ return nil, NewError(TypeErr, rule.Location, "undefined schema: %v", annot.Schema)
+ }
+ } else if annot.Definition != nil {
+ schema = *annot.Definition
+ }
+
+ tpe, err := loadSchema(schema, allowNet)
+ if err != nil {
+ return nil, NewError(TypeErr, rule.Location, err.Error()) //nolint:govet
+ }
+
+ return tpe, nil
+}
+
+func errAnnotationRedeclared(a *Annotations, other *Location) *Error {
+ return NewError(TypeErr, a.Location, "%v annotation redeclared: %v", a.Scope, other)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/compare.go b/vendor/github.com/open-policy-agent/opa/v1/ast/compare.go
new file mode 100644
index 0000000000..c4754341de
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/compare.go
@@ -0,0 +1,429 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "encoding/json"
+ "fmt"
+ "math/big"
+)
+
+// Compare returns an integer indicating whether two AST values are less than,
+// equal to, or greater than each other.
+//
+// If a is less than b, the return value is negative. If a is greater than b,
+// the return value is positive. If a is equal to b, the return value is zero.
+//
+// Different types are never equal to each other. For comparison purposes, types
+// are sorted as follows:
+//
+// nil < Null < Boolean < Number < String < Var < Ref < Array < Object < Set <
+// ArrayComprehension < ObjectComprehension < SetComprehension < Expr < SomeDecl
+// < With < Body < Rule < Import < Package < Module.
+//
+// Arrays and Refs are equal if and only if both a and b have the same length
+// and all corresponding elements are equal. If one element is not equal, the
+// return value is the same as for the first differing element. If all elements
+// are equal but a and b have different lengths, the shorter is considered less
+// than the other.
+//
+// Objects are considered equal if and only if both a and b have the same sorted
+// (key, value) pairs and are of the same length. Other comparisons are
+// consistent but not defined.
+//
+// Sets are considered equal if and only if the symmetric difference of a and b
+// is empty.
+// Other comparisons are consistent but not defined.
+func Compare(a, b any) int {
+
+ if t, ok := a.(*Term); ok {
+ if t == nil {
+ a = nil
+ } else {
+ a = t.Value
+ }
+ }
+
+ if t, ok := b.(*Term); ok {
+ if t == nil {
+ b = nil
+ } else {
+ b = t.Value
+ }
+ }
+
+ if a == nil {
+ if b == nil {
+ return 0
+ }
+ return -1
+ }
+ if b == nil {
+ return 1
+ }
+
+ sortA := sortOrder(a)
+ sortB := sortOrder(b)
+
+ if sortA < sortB {
+ return -1
+ } else if sortB < sortA {
+ return 1
+ }
+
+ switch a := a.(type) {
+ case Null:
+ return 0
+ case Boolean:
+ b := b.(Boolean)
+ if a.Equal(b) {
+ return 0
+ }
+ if !a {
+ return -1
+ }
+ return 1
+ case Number:
+ if ai, err := json.Number(a).Int64(); err == nil {
+ if bi, err := json.Number(b.(Number)).Int64(); err == nil {
+ if ai == bi {
+ return 0
+ }
+ if ai < bi {
+ return -1
+ }
+ return 1
+ }
+ }
+
+ // We use big.Rat for comparing big numbers.
+ // It replaces big.Float due to following reason:
+ // big.Float comes with a default precision of 64, and setting a
+ // larger precision results in more memory being allocated
+ // (regardless of the actual number we are parsing with SetString).
+ //
+ // Note: If we're so close to zero that big.Float says we are zero, do
+ // *not* big.Rat).SetString on the original string it'll potentially
+ // take very long.
+ var bigA, bigB *big.Rat
+ fa, ok := new(big.Float).SetString(string(a))
+ if !ok {
+ panic("illegal value")
+ }
+ if fa.IsInt() {
+ if i, _ := fa.Int64(); i == 0 {
+ bigA = new(big.Rat).SetInt64(0)
+ }
+ }
+ if bigA == nil {
+ bigA, ok = new(big.Rat).SetString(string(a))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ fb, ok := new(big.Float).SetString(string(b.(Number)))
+ if !ok {
+ panic("illegal value")
+ }
+ if fb.IsInt() {
+ if i, _ := fb.Int64(); i == 0 {
+ bigB = new(big.Rat).SetInt64(0)
+ }
+ }
+ if bigB == nil {
+ bigB, ok = new(big.Rat).SetString(string(b.(Number)))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ return bigA.Cmp(bigB)
+ case String:
+ b := b.(String)
+ if a.Equal(b) {
+ return 0
+ }
+ if a < b {
+ return -1
+ }
+ return 1
+ case Var:
+ return VarCompare(a, b.(Var))
+ case Ref:
+ b := b.(Ref)
+ return termSliceCompare(a, b)
+ case *Array:
+ b := b.(*Array)
+ return termSliceCompare(a.elems, b.elems)
+ case *lazyObj:
+ return Compare(a.force(), b)
+ case *object:
+ if x, ok := b.(*lazyObj); ok {
+ b = x.force()
+ }
+ b := b.(*object)
+ return a.Compare(b)
+ case Set:
+ b := b.(Set)
+ return a.Compare(b)
+ case *ArrayComprehension:
+ b := b.(*ArrayComprehension)
+ if cmp := Compare(a.Term, b.Term); cmp != 0 {
+ return cmp
+ }
+ return a.Body.Compare(b.Body)
+ case *ObjectComprehension:
+ b := b.(*ObjectComprehension)
+ if cmp := Compare(a.Key, b.Key); cmp != 0 {
+ return cmp
+ }
+ if cmp := Compare(a.Value, b.Value); cmp != 0 {
+ return cmp
+ }
+ return a.Body.Compare(b.Body)
+ case *SetComprehension:
+ b := b.(*SetComprehension)
+ if cmp := Compare(a.Term, b.Term); cmp != 0 {
+ return cmp
+ }
+ return a.Body.Compare(b.Body)
+ case Call:
+ b := b.(Call)
+ return termSliceCompare(a, b)
+ case *Expr:
+ b := b.(*Expr)
+ return a.Compare(b)
+ case *SomeDecl:
+ b := b.(*SomeDecl)
+ return a.Compare(b)
+ case *Every:
+ b := b.(*Every)
+ return a.Compare(b)
+ case *With:
+ b := b.(*With)
+ return a.Compare(b)
+ case Body:
+ b := b.(Body)
+ return a.Compare(b)
+ case *Head:
+ b := b.(*Head)
+ return a.Compare(b)
+ case *Rule:
+ b := b.(*Rule)
+ return a.Compare(b)
+ case Args:
+ b := b.(Args)
+ return termSliceCompare(a, b)
+ case *Import:
+ b := b.(*Import)
+ return a.Compare(b)
+ case *Package:
+ b := b.(*Package)
+ return a.Compare(b)
+ case *Annotations:
+ b := b.(*Annotations)
+ return a.Compare(b)
+ case *Module:
+ b := b.(*Module)
+ return a.Compare(b)
+ }
+ panic(fmt.Sprintf("illegal value: %T", a))
+}
+
+type termSlice []*Term
+
+func (s termSlice) Less(i, j int) bool { return Compare(s[i].Value, s[j].Value) < 0 }
+func (s termSlice) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+func (s termSlice) Len() int { return len(s) }
+
+func sortOrder(x any) int {
+ switch x.(type) {
+ case Null:
+ return 0
+ case Boolean:
+ return 1
+ case Number:
+ return 2
+ case String:
+ return 3
+ case Var:
+ return 4
+ case Ref:
+ return 5
+ case *Array:
+ return 6
+ case Object:
+ return 7
+ case Set:
+ return 8
+ case *ArrayComprehension:
+ return 9
+ case *ObjectComprehension:
+ return 10
+ case *SetComprehension:
+ return 11
+ case Call:
+ return 12
+ case Args:
+ return 13
+ case *Expr:
+ return 100
+ case *SomeDecl:
+ return 101
+ case *Every:
+ return 102
+ case *With:
+ return 110
+ case *Head:
+ return 120
+ case Body:
+ return 200
+ case *Rule:
+ return 1000
+ case *Import:
+ return 1001
+ case *Package:
+ return 1002
+ case *Annotations:
+ return 1003
+ case *Module:
+ return 10000
+ }
+ panic(fmt.Sprintf("illegal value: %T", x))
+}
+
+func importsCompare(a, b []*Import) int {
+ minLen := min(len(b), len(a))
+ for i := range minLen {
+ if cmp := a[i].Compare(b[i]); cmp != 0 {
+ return cmp
+ }
+ }
+ if len(a) < len(b) {
+ return -1
+ }
+ if len(b) < len(a) {
+ return 1
+ }
+ return 0
+}
+
+func annotationsCompare(a, b []*Annotations) int {
+ minLen := min(len(b), len(a))
+ for i := range minLen {
+ if cmp := a[i].Compare(b[i]); cmp != 0 {
+ return cmp
+ }
+ }
+ if len(a) < len(b) {
+ return -1
+ }
+ if len(b) < len(a) {
+ return 1
+ }
+ return 0
+}
+
+func rulesCompare(a, b []*Rule) int {
+ minLen := min(len(b), len(a))
+ for i := range minLen {
+ if cmp := a[i].Compare(b[i]); cmp != 0 {
+ return cmp
+ }
+ }
+ if len(a) < len(b) {
+ return -1
+ }
+ if len(b) < len(a) {
+ return 1
+ }
+ return 0
+}
+
+func termSliceCompare(a, b []*Term) int {
+ minLen := min(len(b), len(a))
+ for i := range minLen {
+ if cmp := Compare(a[i], b[i]); cmp != 0 {
+ return cmp
+ }
+ }
+ if len(a) < len(b) {
+ return -1
+ } else if len(b) < len(a) {
+ return 1
+ }
+ return 0
+}
+
+func withSliceCompare(a, b []*With) int {
+ minLen := min(len(b), len(a))
+ for i := range minLen {
+ if cmp := Compare(a[i], b[i]); cmp != 0 {
+ return cmp
+ }
+ }
+ if len(a) < len(b) {
+ return -1
+ } else if len(b) < len(a) {
+ return 1
+ }
+ return 0
+}
+
+func VarCompare(a, b Var) int {
+ if a == b {
+ return 0
+ }
+ if a < b {
+ return -1
+ }
+ return 1
+}
+
+func TermValueCompare(a, b *Term) int {
+ return a.Value.Compare(b.Value)
+}
+
+func TermValueEqual(a, b *Term) bool {
+ return ValueEqual(a.Value, b.Value)
+}
+
+func ValueEqual(a, b Value) bool {
+ // TODO(ae): why doesn't this work the same?
+ //
+ // case interface{ Equal(Value) bool }:
+ // return v.Equal(b)
+ //
+ // When put on top, golangci-lint even flags the other cases as unreachable..
+ // but TestTopdownVirtualCache will have failing test cases when we replace
+ // the other cases with the above one.. 🤔
+ switch v := a.(type) {
+ case Null:
+ return v.Equal(b)
+ case Boolean:
+ return v.Equal(b)
+ case Number:
+ return v.Equal(b)
+ case String:
+ return v.Equal(b)
+ case Var:
+ return v.Equal(b)
+ case Ref:
+ return v.Equal(b)
+ case *Array:
+ return v.Equal(b)
+ }
+
+ return a.Compare(b) == 0
+}
+
+func RefCompare(a, b Ref) int {
+ return termSliceCompare(a, b)
+}
+
+func RefEqual(a, b Ref) bool {
+ return termSliceEqual(a, b)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/compile.go b/vendor/github.com/open-policy-agent/opa/v1/ast/compile.go
new file mode 100644
index 0000000000..2b800e2c99
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/compile.go
@@ -0,0 +1,5972 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "errors"
+ "fmt"
+ "io"
+ "maps"
+ "slices"
+ "sort"
+ "strconv"
+ "strings"
+
+ "github.com/open-policy-agent/opa/internal/debug"
+ "github.com/open-policy-agent/opa/internal/gojsonschema"
+ "github.com/open-policy-agent/opa/v1/ast/location"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/types"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// CompileErrorLimitDefault is the default number errors a compiler will allow before
+// exiting.
+const CompileErrorLimitDefault = 10
+
+var errLimitReached = NewError(CompileErr, nil, "error limit reached")
+
+// Compiler contains the state of a compilation process.
+type Compiler struct {
+
+ // Errors contains errors that occurred during the compilation process.
+ // If there are one or more errors, the compilation process is considered
+ // "failed".
+ Errors Errors
+
+ // Modules contains the compiled modules. The compiled modules are the
+ // output of the compilation process. If the compilation process failed,
+ // there is no guarantee about the state of the modules.
+ Modules map[string]*Module
+
+ // ModuleTree organizes the modules into a tree where each node is keyed by
+ // an element in the module's package path. E.g., given modules containing
+ // the following package directives: "a", "a.b", "a.c", and "a.b", the
+ // resulting module tree would be:
+ //
+ // root
+ // |
+ // +--- data (no modules)
+ // |
+ // +--- a (1 module)
+ // |
+ // +--- b (2 modules)
+ // |
+ // +--- c (1 module)
+ //
+ ModuleTree *ModuleTreeNode
+
+ // RuleTree organizes rules into a tree where each node is keyed by an
+ // element in the rule's path. The rule path is the concatenation of the
+ // containing package and the stringified rule name. E.g., given the
+ // following module:
+ //
+ // package ex
+ // p[1] { true }
+ // p[2] { true }
+ // q = true
+ // a.b.c = 3
+ //
+ // root
+ // |
+ // +--- data (no rules)
+ // |
+ // +--- ex (no rules)
+ // |
+ // +--- p (2 rules)
+ // |
+ // +--- q (1 rule)
+ // |
+ // +--- a
+ // |
+ // +--- b
+ // |
+ // +--- c (1 rule)
+ //
+ // Another example with general refs containing vars at arbitrary locations:
+ //
+ // package ex
+ // a.b[x].d { x := "c" } # R1
+ // a.b.c[x] { x := "d" } # R2
+ // a.b[x][y] { x := "c"; y := "d" } # R3
+ // p := true # R4
+ //
+ // root
+ // |
+ // +--- data (no rules)
+ // |
+ // +--- ex (no rules)
+ // |
+ // +--- a
+ // | |
+ // | +--- b (R1, R3)
+ // | |
+ // | +--- c (R2)
+ // |
+ // +--- p (R4)
+ RuleTree *TreeNode
+
+ // Graph contains dependencies between rules. An edge (u,v) is added to the
+ // graph if rule 'u' refers to the virtual document defined by 'v'.
+ Graph *Graph
+
+ // TypeEnv holds type information for values inferred by the compiler.
+ TypeEnv *TypeEnv
+
+ // RewrittenVars is a mapping of variables that have been rewritten
+ // with the key being the generated name and value being the original.
+ RewrittenVars map[Var]Var
+
+ // Capabilities required by the modules that were compiled.
+ Required *Capabilities
+
+ localvargen *localVarGenerator
+ moduleLoader ModuleLoader
+ ruleIndices *util.HasherMap[Ref, RuleIndex]
+ stages []stage
+ maxErrs int
+ sorted []string // list of sorted module names
+ pathExists func([]string) (bool, error)
+ pathConflictCheckRoots []string
+ after map[string][]CompilerStageDefinition
+ metrics metrics.Metrics
+ capabilities *Capabilities // user-supplied capabilities
+ imports map[string][]*Import // saved imports from stripping
+ builtins map[string]*Builtin // universe of built-in functions
+ customBuiltins map[string]*Builtin // user-supplied custom built-in functions (deprecated: use capabilities)
+ unsafeBuiltinsMap map[string]struct{} // user-supplied set of unsafe built-ins functions to block (deprecated: use capabilities)
+ deprecatedBuiltinsMap map[string]struct{} // set of deprecated, but not removed, built-in functions
+ enablePrintStatements bool // indicates if print statements should be elided (default)
+ comprehensionIndices map[*Term]*ComprehensionIndex // comprehension key index
+ initialized bool // indicates if init() has been called
+ debug debug.Debug // emits debug information produced during compilation
+ schemaSet *SchemaSet // user-supplied schemas for input and data documents
+ inputType types.Type // global input type retrieved from schema set
+ annotationSet *AnnotationSet // hierarchical set of annotations
+ strict bool // enforce strict compilation checks
+ keepModules bool // whether to keep the unprocessed, parse modules (below)
+ parsedModules map[string]*Module // parsed, but otherwise unprocessed modules, kept track of when keepModules is true
+ useTypeCheckAnnotations bool // whether to provide annotated information (schemas) to the type checker
+ allowUndefinedFuncCalls bool // don't error on calls to unknown functions.
+ evalMode CompilerEvalMode //
+ rewriteTestRulesForTracing bool // rewrite test rules to capture dynamic values for tracing.
+ defaultRegoVersion RegoVersion
+}
+
+func (c *Compiler) DefaultRegoVersion() RegoVersion {
+ return c.defaultRegoVersion
+}
+
+// CompilerStage defines the interface for stages in the compiler.
+type CompilerStage func(*Compiler) *Error
+
+// CompilerEvalMode allows toggling certain stages that are only
+// needed for certain modes, Concretely, only "topdown" mode will
+// have the compiler build comprehension and rule indices.
+type CompilerEvalMode int
+
+const (
+ // EvalModeTopdown (default) instructs the compiler to build rule
+ // and comprehension indices used by topdown evaluation.
+ EvalModeTopdown CompilerEvalMode = iota
+
+ // EvalModeIR makes the compiler skip the stages for comprehension
+ // and rule indices.
+ EvalModeIR
+)
+
+// CompilerStageDefinition defines a compiler stage
+type CompilerStageDefinition struct {
+ Name string
+ MetricName string
+ Stage CompilerStage
+}
+
+// RulesOptions defines the options for retrieving rules by Ref from the
+// compiler.
+type RulesOptions struct {
+ // IncludeHiddenModules determines if the result contains hidden modules,
+ // currently only the "system" namespace, i.e. "data.system.*".
+ IncludeHiddenModules bool
+}
+
+// QueryContext contains contextual information for running an ad-hoc query.
+//
+// Ad-hoc queries can be run in the context of a package and imports may be
+// included to provide concise access to data.
+type QueryContext struct {
+ Package *Package
+ Imports []*Import
+}
+
+// NewQueryContext returns a new QueryContext object.
+func NewQueryContext() *QueryContext {
+ return &QueryContext{}
+}
+
+// WithPackage sets the pkg on qc.
+func (qc *QueryContext) WithPackage(pkg *Package) *QueryContext {
+ if qc == nil {
+ qc = NewQueryContext()
+ }
+ qc.Package = pkg
+ return qc
+}
+
+// WithImports sets the imports on qc.
+func (qc *QueryContext) WithImports(imports []*Import) *QueryContext {
+ if qc == nil {
+ qc = NewQueryContext()
+ }
+ qc.Imports = imports
+ return qc
+}
+
+// Copy returns a deep copy of qc.
+func (qc *QueryContext) Copy() *QueryContext {
+ if qc == nil {
+ return nil
+ }
+ cpy := *qc
+ if cpy.Package != nil {
+ cpy.Package = qc.Package.Copy()
+ }
+ cpy.Imports = make([]*Import, len(qc.Imports))
+ for i := range qc.Imports {
+ cpy.Imports[i] = qc.Imports[i].Copy()
+ }
+ return &cpy
+}
+
+// QueryCompiler defines the interface for compiling ad-hoc queries.
+type QueryCompiler interface {
+
+ // Compile should be called to compile ad-hoc queries. The return value is
+ // the compiled version of the query.
+ Compile(q Body) (Body, error)
+
+ // TypeEnv returns the type environment built after running type checking
+ // on the query.
+ TypeEnv() *TypeEnv
+
+ // WithContext sets the QueryContext on the QueryCompiler. Subsequent calls
+ // to Compile will take the QueryContext into account.
+ WithContext(qctx *QueryContext) QueryCompiler
+
+ // WithEnablePrintStatements enables print statements in queries compiled
+ // with the QueryCompiler.
+ WithEnablePrintStatements(yes bool) QueryCompiler
+
+ // WithUnsafeBuiltins sets the built-in functions to treat as unsafe and not
+ // allow inside of queries. By default the query compiler inherits the
+ // compiler's unsafe built-in functions. This function allows callers to
+ // override that set. If an empty (non-nil) map is provided, all built-ins
+ // are allowed.
+ WithUnsafeBuiltins(unsafe map[string]struct{}) QueryCompiler
+
+ // WithStageAfter registers a stage to run during query compilation after
+ // the named stage.
+ WithStageAfter(after string, stage QueryCompilerStageDefinition) QueryCompiler
+
+ // RewrittenVars maps generated vars in the compiled query to vars from the
+ // parsed query. For example, given the query "input := 1" the rewritten
+ // query would be "__local0__ = 1". The mapping would then be {__local0__: input}.
+ RewrittenVars() map[Var]Var
+
+ // ComprehensionIndex returns an index data structure for the given comprehension
+ // term. If no index is found, returns nil.
+ ComprehensionIndex(term *Term) *ComprehensionIndex
+
+ // WithStrict enables strict mode for the query compiler.
+ WithStrict(strict bool) QueryCompiler
+}
+
+// QueryCompilerStage defines the interface for stages in the query compiler.
+type QueryCompilerStage func(QueryCompiler, Body) (Body, error)
+
+// QueryCompilerStageDefinition defines a QueryCompiler stage
+type QueryCompilerStageDefinition struct {
+ Name string
+ MetricName string
+ Stage QueryCompilerStage
+}
+
+type stage struct {
+ name string
+ metricName string
+ f func()
+}
+
+// NewCompiler returns a new empty compiler.
+func NewCompiler() *Compiler {
+
+ c := &Compiler{
+ Modules: map[string]*Module{},
+ RewrittenVars: map[Var]Var{},
+ Required: &Capabilities{},
+ ruleIndices: util.NewHasherMap[Ref, RuleIndex](RefEqual),
+ maxErrs: CompileErrorLimitDefault,
+ after: map[string][]CompilerStageDefinition{},
+ unsafeBuiltinsMap: map[string]struct{}{},
+ deprecatedBuiltinsMap: map[string]struct{}{},
+ comprehensionIndices: map[*Term]*ComprehensionIndex{},
+ debug: debug.Discard(),
+ defaultRegoVersion: DefaultRegoVersion,
+ }
+
+ c.ModuleTree = NewModuleTree(nil)
+ c.RuleTree = NewRuleTree(c.ModuleTree)
+
+ c.stages = []stage{
+ // Reference resolution should run first as it may be used to lazily
+ // load additional modules. If any stages run before resolution, they
+ // need to be re-run after resolution.
+ {"ResolveRefs", "compile_stage_resolve_refs", c.resolveAllRefs},
+ // The local variable generator must be initialized after references are
+ // resolved and the dynamic module loader has run but before subsequent
+ // stages that need to generate variables.
+ {"InitLocalVarGen", "compile_stage_init_local_var_gen", c.initLocalVarGen},
+ {"RewriteRuleHeadRefs", "compile_stage_rewrite_rule_head_refs", c.rewriteRuleHeadRefs},
+ {"CheckKeywordOverrides", "compile_stage_check_keyword_overrides", c.checkKeywordOverrides},
+ {"CheckDuplicateImports", "compile_stage_check_imports", c.checkImports},
+ {"RemoveImports", "compile_stage_remove_imports", c.removeImports},
+ {"SetModuleTree", "compile_stage_set_module_tree", c.setModuleTree},
+ {"SetRuleTree", "compile_stage_set_rule_tree", c.setRuleTree}, // depends on RewriteRuleHeadRefs
+ {"RewriteLocalVars", "compile_stage_rewrite_local_vars", c.rewriteLocalVars},
+ {"CheckVoidCalls", "compile_stage_check_void_calls", c.checkVoidCalls},
+ {"RewritePrintCalls", "compile_stage_rewrite_print_calls", c.rewritePrintCalls},
+ {"RewriteExprTerms", "compile_stage_rewrite_expr_terms", c.rewriteExprTerms},
+ {"ParseMetadataBlocks", "compile_stage_parse_metadata_blocks", c.parseMetadataBlocks},
+ {"SetAnnotationSet", "compile_stage_set_annotationset", c.setAnnotationSet},
+ {"RewriteRegoMetadataCalls", "compile_stage_rewrite_rego_metadata_calls", c.rewriteRegoMetadataCalls},
+ {"SetGraph", "compile_stage_set_graph", c.setGraph},
+ {"RewriteComprehensionTerms", "compile_stage_rewrite_comprehension_terms", c.rewriteComprehensionTerms},
+ {"RewriteRefsInHead", "compile_stage_rewrite_refs_in_head", c.rewriteRefsInHead},
+ {"RewriteWithValues", "compile_stage_rewrite_with_values", c.rewriteWithModifiers},
+ {"CheckRuleConflicts", "compile_stage_check_rule_conflicts", c.checkRuleConflicts},
+ {"CheckUndefinedFuncs", "compile_stage_check_undefined_funcs", c.checkUndefinedFuncs},
+ {"CheckSafetyRuleHeads", "compile_stage_check_safety_rule_heads", c.checkSafetyRuleHeads},
+ {"CheckSafetyRuleBodies", "compile_stage_check_safety_rule_bodies", c.checkSafetyRuleBodies},
+ {"RewriteEquals", "compile_stage_rewrite_equals", c.rewriteEquals},
+ {"RewriteDynamicTerms", "compile_stage_rewrite_dynamic_terms", c.rewriteDynamicTerms},
+ {"RewriteTestRulesForTracing", "compile_stage_rewrite_test_rules_for_tracing", c.rewriteTestRuleEqualities}, // must run after RewriteDynamicTerms
+ {"CheckRecursion", "compile_stage_check_recursion", c.checkRecursion},
+ {"CheckTypes", "compile_stage_check_types", c.checkTypes}, // must be run after CheckRecursion
+ {"CheckUnsafeBuiltins", "compile_state_check_unsafe_builtins", c.checkUnsafeBuiltins},
+ {"CheckDeprecatedBuiltins", "compile_state_check_deprecated_builtins", c.checkDeprecatedBuiltins},
+ {"BuildRuleIndices", "compile_stage_rebuild_indices", c.buildRuleIndices},
+ {"BuildComprehensionIndices", "compile_stage_rebuild_comprehension_indices", c.buildComprehensionIndices},
+ {"BuildRequiredCapabilities", "compile_stage_build_required_capabilities", c.buildRequiredCapabilities},
+ }
+
+ return c
+}
+
+// SetErrorLimit sets the number of errors the compiler can encounter before it
+// quits. Zero or a negative number indicates no limit.
+func (c *Compiler) SetErrorLimit(limit int) *Compiler {
+ c.maxErrs = limit
+ return c
+}
+
+// WithEnablePrintStatements enables print statements inside of modules compiled
+// by the compiler. If print statements are not enabled, calls to print() are
+// erased at compile-time.
+func (c *Compiler) WithEnablePrintStatements(yes bool) *Compiler {
+ c.enablePrintStatements = yes
+ return c
+}
+
+// WithPathConflictsCheck enables base-virtual document conflict
+// detection. The compiler will check that rules don't overlap with
+// paths that exist as determined by the provided callable.
+func (c *Compiler) WithPathConflictsCheck(fn func([]string) (bool, error)) *Compiler {
+ c.pathExists = fn
+ return c
+}
+
+// WithPathConflictsCheckRoots enables checking path conflicts from the specified root instead
+// of the top root node. Limiting conflict checks to a known set of roots, such as bundle roots,
+// improves performance. Each root has the format of a "/"-delimited string, excluding the "data"
+// root document.
+func (c *Compiler) WithPathConflictsCheckRoots(rootPaths []string) *Compiler {
+ c.pathConflictCheckRoots = rootPaths
+ return c
+}
+
+// WithStageAfter registers a stage to run during compilation after
+// the named stage.
+func (c *Compiler) WithStageAfter(after string, stage CompilerStageDefinition) *Compiler {
+ c.after[after] = append(c.after[after], stage)
+ return c
+}
+
+// WithMetrics will set a metrics.Metrics and be used for profiling
+// the Compiler instance.
+func (c *Compiler) WithMetrics(metrics metrics.Metrics) *Compiler {
+ c.metrics = metrics
+ return c
+}
+
+// WithCapabilities sets capabilities to enable during compilation. Capabilities allow the caller
+// to specify the set of built-in functions available to the policy. In the future, capabilities
+// may be able to restrict access to other language features. Capabilities allow callers to check
+// if policies are compatible with a particular version of OPA. If policies are a compiled for a
+// specific version of OPA, there is no guarantee that _this_ version of OPA can evaluate them
+// successfully.
+func (c *Compiler) WithCapabilities(capabilities *Capabilities) *Compiler {
+ c.capabilities = capabilities
+ return c
+}
+
+// Capabilities returns the capabilities enabled during compilation.
+func (c *Compiler) Capabilities() *Capabilities {
+ return c.capabilities
+}
+
+// WithDebug sets where debug messages are written to. Passing `nil` has no
+// effect.
+func (c *Compiler) WithDebug(sink io.Writer) *Compiler {
+ if sink != nil {
+ c.debug = debug.New(sink)
+ }
+ return c
+}
+
+// WithBuiltins is deprecated.
+// Deprecated: Use WithCapabilities instead.
+func (c *Compiler) WithBuiltins(builtins map[string]*Builtin) *Compiler {
+ c.customBuiltins = maps.Clone(builtins)
+ return c
+}
+
+// WithUnsafeBuiltins is deprecated.
+// Deprecated: Use WithCapabilities instead.
+func (c *Compiler) WithUnsafeBuiltins(unsafeBuiltins map[string]struct{}) *Compiler {
+ maps.Copy(c.unsafeBuiltinsMap, unsafeBuiltins)
+ return c
+}
+
+// WithStrict toggles strict mode in the compiler.
+func (c *Compiler) WithStrict(strict bool) *Compiler {
+ c.strict = strict
+ return c
+}
+
+// WithKeepModules enables retaining unprocessed modules in the compiler.
+// Note that the modules aren't copied on the way in or out -- so when
+// accessing them via ParsedModules(), mutations will occur in the module
+// map that was passed into Compile().`
+func (c *Compiler) WithKeepModules(y bool) *Compiler {
+ c.keepModules = y
+ return c
+}
+
+// WithUseTypeCheckAnnotations use schema annotations during type checking
+func (c *Compiler) WithUseTypeCheckAnnotations(enabled bool) *Compiler {
+ c.useTypeCheckAnnotations = enabled
+ return c
+}
+
+func (c *Compiler) WithAllowUndefinedFunctionCalls(allow bool) *Compiler {
+ c.allowUndefinedFuncCalls = allow
+ return c
+}
+
+// WithEvalMode allows setting the CompilerEvalMode of the compiler
+func (c *Compiler) WithEvalMode(e CompilerEvalMode) *Compiler {
+ c.evalMode = e
+ return c
+}
+
+// WithRewriteTestRules enables rewriting test rules to capture dynamic values in local variables,
+// so they can be accessed by tracing.
+func (c *Compiler) WithRewriteTestRules(rewrite bool) *Compiler {
+ c.rewriteTestRulesForTracing = rewrite
+ return c
+}
+
+// ParsedModules returns the parsed, unprocessed modules from the compiler.
+// It is `nil` if keeping modules wasn't enabled via `WithKeepModules(true)`.
+// The map includes all modules loaded via the ModuleLoader, if one was used.
+func (c *Compiler) ParsedModules() map[string]*Module {
+ return c.parsedModules
+}
+
+func (c *Compiler) QueryCompiler() QueryCompiler {
+ c.init()
+ c0 := *c
+ return newQueryCompiler(&c0)
+}
+
+// Compile runs the compilation process on the input modules. The compiled
+// version of the modules and associated data structures are stored on the
+// compiler. If the compilation process fails for any reason, the compiler will
+// contain a slice of errors.
+func (c *Compiler) Compile(modules map[string]*Module) {
+
+ c.init()
+
+ c.Modules = make(map[string]*Module, len(modules))
+ c.sorted = make([]string, 0, len(modules))
+
+ if c.keepModules {
+ c.parsedModules = make(map[string]*Module, len(modules))
+ } else {
+ c.parsedModules = nil
+ }
+
+ for k, v := range modules {
+ c.Modules[k] = v.Copy()
+ c.sorted = append(c.sorted, k)
+ if c.parsedModules != nil {
+ c.parsedModules[k] = v
+ }
+ }
+
+ sort.Strings(c.sorted)
+
+ c.compile()
+}
+
+// WithSchemas sets a schemaSet to the compiler
+func (c *Compiler) WithSchemas(schemas *SchemaSet) *Compiler {
+ c.schemaSet = schemas
+ return c
+}
+
+// Failed returns true if a compilation error has been encountered.
+func (c *Compiler) Failed() bool {
+ return len(c.Errors) > 0
+}
+
+// ComprehensionIndex returns a data structure specifying how to index comprehension
+// results so that callers do not have to recompute the comprehension more than once.
+// If no index is found, returns nil.
+func (c *Compiler) ComprehensionIndex(term *Term) *ComprehensionIndex {
+ return c.comprehensionIndices[term]
+}
+
+// GetArity returns the number of args a function referred to by ref takes. If
+// ref refers to built-in function, the built-in declaration is consulted,
+// otherwise, the ref is used to perform a ruleset lookup.
+func (c *Compiler) GetArity(ref Ref) int {
+ if bi := c.builtins[ref.String()]; bi != nil {
+ return bi.Decl.Arity()
+ }
+ rules := c.GetRulesExact(ref)
+ if len(rules) == 0 {
+ return -1
+ }
+ return len(rules[0].Head.Args)
+}
+
+// GetRulesExact returns a slice of rules referred to by the reference.
+//
+// E.g., given the following module:
+//
+// package a.b.c
+//
+// p[k] = v { ... } # rule1
+// p[k1] = v1 { ... } # rule2
+//
+// The following calls yield the rules on the right.
+//
+// GetRulesExact("data.a.b.c.p") => [rule1, rule2]
+// GetRulesExact("data.a.b.c.p.x") => nil
+// GetRulesExact("data.a.b.c") => nil
+func (c *Compiler) GetRulesExact(ref Ref) (rules []*Rule) {
+ node := c.RuleTree
+
+ for _, x := range ref {
+ if node = node.Child(x.Value); node == nil {
+ return nil
+ }
+ }
+
+ return extractRules(node.Values)
+}
+
+// GetRulesForVirtualDocument returns a slice of rules that produce the virtual
+// document referred to by the reference.
+//
+// E.g., given the following module:
+//
+// package a.b.c
+//
+// p[k] = v { ... } # rule1
+// p[k1] = v1 { ... } # rule2
+//
+// The following calls yield the rules on the right.
+//
+// GetRulesForVirtualDocument("data.a.b.c.p") => [rule1, rule2]
+// GetRulesForVirtualDocument("data.a.b.c.p.x") => [rule1, rule2]
+// GetRulesForVirtualDocument("data.a.b.c") => nil
+func (c *Compiler) GetRulesForVirtualDocument(ref Ref) (rules []*Rule) {
+
+ node := c.RuleTree
+
+ for _, x := range ref {
+ if node = node.Child(x.Value); node == nil {
+ return nil
+ }
+ if len(node.Values) > 0 {
+ return extractRules(node.Values)
+ }
+ }
+
+ return extractRules(node.Values)
+}
+
+// GetRulesWithPrefix returns a slice of rules that share the prefix ref.
+//
+// E.g., given the following module:
+//
+// package a.b.c
+//
+// p[x] = y { ... } # rule1
+// p[k] = v { ... } # rule2
+// q { ... } # rule3
+//
+// The following calls yield the rules on the right.
+//
+// GetRulesWithPrefix("data.a.b.c.p") => [rule1, rule2]
+// GetRulesWithPrefix("data.a.b.c.p.a") => nil
+// GetRulesWithPrefix("data.a.b.c") => [rule1, rule2, rule3]
+func (c *Compiler) GetRulesWithPrefix(ref Ref) (rules []*Rule) {
+
+ node := c.RuleTree
+
+ for _, x := range ref {
+ if node = node.Child(x.Value); node == nil {
+ return nil
+ }
+ }
+
+ var acc func(node *TreeNode)
+
+ acc = func(node *TreeNode) {
+ rules = append(rules, extractRules(node.Values)...)
+ for _, child := range node.Children {
+ if child.Hide {
+ continue
+ }
+ acc(child)
+ }
+ }
+
+ acc(node)
+
+ return rules
+}
+
+func extractRules(s []any) []*Rule {
+ rules := make([]*Rule, len(s))
+ for i := range s {
+ rules[i] = s[i].(*Rule)
+ }
+ return rules
+}
+
+// GetRules returns a slice of rules that are referred to by ref.
+//
+// E.g., given the following module:
+//
+// package a.b.c
+//
+// p[x] = y { q[x] = y; ... } # rule1
+// q[x] = y { ... } # rule2
+//
+// The following calls yield the rules on the right.
+//
+// GetRules("data.a.b.c.p") => [rule1]
+// GetRules("data.a.b.c.p.x") => [rule1]
+// GetRules("data.a.b.c.q") => [rule2]
+// GetRules("data.a.b.c") => [rule1, rule2]
+// GetRules("data.a.b.d") => nil
+func (c *Compiler) GetRules(ref Ref) (rules []*Rule) {
+
+ set := map[*Rule]struct{}{}
+
+ for _, rule := range c.GetRulesForVirtualDocument(ref) {
+ set[rule] = struct{}{}
+ }
+
+ for _, rule := range c.GetRulesWithPrefix(ref) {
+ set[rule] = struct{}{}
+ }
+
+ for rule := range set {
+ rules = append(rules, rule)
+ }
+
+ return rules
+}
+
+// GetRulesDynamic returns a slice of rules that could be referred to by a ref.
+//
+// Deprecated: use GetRulesDynamicWithOpts
+func (c *Compiler) GetRulesDynamic(ref Ref) []*Rule {
+ return c.GetRulesDynamicWithOpts(ref, RulesOptions{})
+}
+
+// GetRulesDynamicWithOpts returns a slice of rules that could be referred to by
+// a ref.
+// When parts of the ref are statically known, we use that information to narrow
+// down which rules the ref could refer to, but in the most general case this
+// will be an over-approximation.
+//
+// E.g., given the following modules:
+//
+// package a.b.c
+//
+// r1 = 1 # rule1
+//
+// and:
+//
+// package a.d.c
+//
+// r2 = 2 # rule2
+//
+// The following calls yield the rules on the right.
+//
+// GetRulesDynamicWithOpts("data.a[x].c[y]", opts) => [rule1, rule2]
+// GetRulesDynamicWithOpts("data.a[x].c.r2", opts) => [rule2]
+// GetRulesDynamicWithOpts("data.a.b[x][y]", opts) => [rule1]
+//
+// Using the RulesOptions parameter, the inclusion of hidden modules can be
+// controlled:
+//
+// With
+//
+// package system.main
+//
+// r3 = 3 # rule3
+//
+// We'd get this result:
+//
+// GetRulesDynamicWithOpts("data[x]", RulesOptions{IncludeHiddenModules: true}) => [rule1, rule2, rule3]
+//
+// Without the options, it would be excluded.
+func (c *Compiler) GetRulesDynamicWithOpts(ref Ref, opts RulesOptions) []*Rule {
+ node := c.RuleTree
+
+ set := map[*Rule]struct{}{}
+ var walk func(node *TreeNode, i int)
+ walk = func(node *TreeNode, i int) {
+ switch {
+ case i >= len(ref):
+ // We've reached the end of the reference and want to collect everything
+ // under this "prefix".
+ node.DepthFirst(func(descendant *TreeNode) bool {
+ insertRules(set, descendant.Values)
+ if opts.IncludeHiddenModules {
+ return false
+ }
+ return descendant.Hide
+ })
+
+ case i == 0 || IsConstant(ref[i].Value):
+ // The head of the ref is always grounded. In case another part of the
+ // ref is also grounded, we can lookup the exact child. If it's not found
+ // we can immediately return...
+ if child := node.Child(ref[i].Value); child != nil {
+ if len(child.Values) > 0 {
+ // Add any rules at this position
+ insertRules(set, child.Values)
+ }
+ // There might still be "sub-rules" contributing key-value "overrides" for e.g. partial object rules, continue walking
+ walk(child, i+1)
+ } else {
+ return
+ }
+
+ default:
+ // This part of the ref is a dynamic term. We can't know what it refers
+ // to and will just need to try all of the children.
+ for _, child := range node.Children {
+ if child.Hide && !opts.IncludeHiddenModules {
+ continue
+ }
+ insertRules(set, child.Values)
+ walk(child, i+1)
+ }
+ }
+ }
+
+ walk(node, 0)
+ rules := make([]*Rule, 0, len(set))
+ for rule := range set {
+ rules = append(rules, rule)
+ }
+ return rules
+}
+
+// Utility: add all rule values to the set.
+func insertRules(set map[*Rule]struct{}, rules []any) {
+ for _, rule := range rules {
+ set[rule.(*Rule)] = struct{}{}
+ }
+}
+
+// RuleIndex returns a RuleIndex built for the rule set referred to by path.
+// The path must refer to the rule set exactly, i.e., given a rule set at path
+// data.a.b.c.p, refs data.a.b.c.p.x and data.a.b.c would not return a
+// RuleIndex built for the rule.
+func (c *Compiler) RuleIndex(path Ref) RuleIndex {
+ r, ok := c.ruleIndices.Get(path)
+ if !ok {
+ return nil
+ }
+ return r
+}
+
+// PassesTypeCheck determines whether the given body passes type checking
+func (c *Compiler) PassesTypeCheck(body Body) bool {
+ checker := newTypeChecker().WithSchemaSet(c.schemaSet).WithInputType(c.inputType)
+ env := c.TypeEnv
+ _, errs := checker.CheckBody(env, body)
+ return len(errs) == 0
+}
+
+// PassesTypeCheckRules determines whether the given rules passes type checking
+func (c *Compiler) PassesTypeCheckRules(rules []*Rule) Errors {
+ elems := []util.T{}
+
+ for _, rule := range rules {
+ elems = append(elems, rule)
+ }
+
+ // Load the global input schema if one was provided.
+ if c.schemaSet != nil {
+ if schema := c.schemaSet.Get(SchemaRootRef); schema != nil {
+
+ var allowNet []string
+ if c.capabilities != nil {
+ allowNet = c.capabilities.AllowNet
+ }
+
+ tpe, err := loadSchema(schema, allowNet)
+ if err != nil {
+ return Errors{NewError(TypeErr, nil, err.Error())} //nolint:govet
+ }
+ c.inputType = tpe
+ }
+ }
+
+ var as *AnnotationSet
+ if c.useTypeCheckAnnotations {
+ as = c.annotationSet
+ }
+
+ checker := newTypeChecker().WithSchemaSet(c.schemaSet).WithInputType(c.inputType)
+
+ if c.TypeEnv == nil {
+ if c.capabilities == nil {
+ c.capabilities = CapabilitiesForThisVersion()
+ }
+
+ c.builtins = make(map[string]*Builtin, len(c.capabilities.Builtins)+len(c.customBuiltins))
+
+ for _, bi := range c.capabilities.Builtins {
+ c.builtins[bi.Name] = bi
+ }
+
+ maps.Copy(c.builtins, c.customBuiltins)
+
+ c.TypeEnv = checker.Env(c.builtins)
+ }
+
+ _, errs := checker.CheckTypes(c.TypeEnv, elems, as)
+ return errs
+}
+
+// ModuleLoader defines the interface that callers can implement to enable lazy
+// loading of modules during compilation.
+type ModuleLoader func(resolved map[string]*Module) (parsed map[string]*Module, err error)
+
+// WithModuleLoader sets f as the ModuleLoader on the compiler.
+//
+// The compiler will invoke the ModuleLoader after resolving all references in
+// the current set of input modules. The ModuleLoader can return a new
+// collection of parsed modules that are to be included in the compilation
+// process. This process will repeat until the ModuleLoader returns an empty
+// collection or an error. If an error is returned, compilation will stop
+// immediately.
+func (c *Compiler) WithModuleLoader(f ModuleLoader) *Compiler {
+ c.moduleLoader = f
+ return c
+}
+
+// WithDefaultRegoVersion sets the default Rego version to use when a module doesn't specify one;
+// such as when it's hand-crafted instead of parsed.
+func (c *Compiler) WithDefaultRegoVersion(regoVersion RegoVersion) *Compiler {
+ c.defaultRegoVersion = regoVersion
+ return c
+}
+
+func (c *Compiler) counterAdd(name string, n uint64) {
+ if c.metrics == nil {
+ return
+ }
+ c.metrics.Counter(name).Add(n)
+}
+
+func (c *Compiler) buildRuleIndices() {
+
+ c.RuleTree.DepthFirst(func(node *TreeNode) bool {
+ if len(node.Values) == 0 {
+ return false
+ }
+ rules := extractRules(node.Values)
+ hasNonGroundRef := false
+ for _, r := range rules {
+ hasNonGroundRef = !r.Head.Ref().IsGround()
+ }
+ if hasNonGroundRef {
+ // Collect children to ensure that all rules within the extent of a rule with a general ref
+ // are found on the same index. E.g. the following rules should be indexed under data.a.b.c:
+ //
+ // package a
+ // b.c[x].e := 1 { x := input.x }
+ // b.c.d := 2
+ // b.c.d2.e[x] := 3 { x := input.x }
+ for _, child := range node.Children {
+ child.DepthFirst(func(c *TreeNode) bool {
+ rules = append(rules, extractRules(c.Values)...)
+ return false
+ })
+ }
+ }
+
+ index := newBaseDocEqIndex(func(ref Ref) bool {
+ return isVirtual(c.RuleTree, ref.GroundPrefix())
+ })
+ if index.Build(rules) {
+ c.ruleIndices.Put(rules[0].Ref().GroundPrefix(), index)
+ }
+ return hasNonGroundRef // currently, we don't allow those branches to go deeper
+ })
+
+}
+
+func (c *Compiler) buildComprehensionIndices() {
+ for _, name := range c.sorted {
+ WalkRules(c.Modules[name], func(r *Rule) bool {
+ candidates := r.Head.Args.Vars()
+ candidates.Update(ReservedVars)
+ n := buildComprehensionIndices(c.debug, c.GetArity, candidates, c.RewrittenVars, r.Body, c.comprehensionIndices)
+ c.counterAdd(compileStageComprehensionIndexBuild, n)
+ return false
+ })
+ }
+}
+
+var futureKeywordsPrefix = Ref{FutureRootDocument, InternedStringTerm("keywords")}
+
+// buildRequiredCapabilities updates the required capabilities on the compiler
+// to include any keyword and feature dependencies present in the modules. The
+// built-in function dependencies will have already been added by the type
+// checker.
+func (c *Compiler) buildRequiredCapabilities() {
+
+ features := map[string]struct{}{}
+
+ // extract required keywords from modules
+
+ keywords := map[string]struct{}{}
+
+ for _, name := range c.sorted {
+ for _, imp := range c.imports[name] {
+ mod := c.Modules[name]
+ path := imp.Path.Value.(Ref)
+ switch {
+ case path.Equal(RegoV1CompatibleRef):
+ if !c.moduleIsRegoV1(mod) {
+ features[FeatureRegoV1Import] = struct{}{}
+ }
+ case path.HasPrefix(futureKeywordsPrefix):
+ if len(path) == 2 {
+ if c.moduleIsRegoV1(mod) {
+ for kw := range futureKeywords {
+ keywords[kw] = struct{}{}
+ }
+ } else {
+ for kw := range allFutureKeywords {
+ keywords[kw] = struct{}{}
+ }
+ }
+ } else {
+ kw := string(path[2].Value.(String))
+ if c.moduleIsRegoV1(mod) {
+ for allowedKw := range futureKeywords {
+ if kw == allowedKw {
+ keywords[kw] = struct{}{}
+ break
+ }
+ }
+ } else {
+ for allowedKw := range allFutureKeywords {
+ if kw == allowedKw {
+ keywords[kw] = struct{}{}
+ break
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+
+ c.Required.FutureKeywords = util.KeysSorted(keywords)
+
+ // extract required features from modules
+
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+
+ if c.moduleIsRegoV1(mod) {
+ features[FeatureRegoV1] = struct{}{}
+ } else {
+ for _, rule := range mod.Rules {
+ refLen := len(rule.Head.Reference)
+ if refLen >= 3 {
+ if refLen > len(rule.Head.Reference.ConstantPrefix()) {
+ features[FeatureRefHeads] = struct{}{}
+ } else {
+ features[FeatureRefHeadStringPrefixes] = struct{}{}
+ }
+ }
+ }
+ }
+ }
+
+ c.Required.Features = util.KeysSorted(features)
+
+ for i, bi := range c.Required.Builtins {
+ c.Required.Builtins[i] = bi.Minimal()
+ }
+}
+
+// checkRecursion ensures that there are no recursive definitions, i.e., there are
+// no cycles in the Graph.
+func (c *Compiler) checkRecursion() {
+ eq := func(a, b util.T) bool {
+ return a.(*Rule) == b.(*Rule)
+ }
+
+ c.RuleTree.DepthFirst(func(node *TreeNode) bool {
+ for _, rule := range node.Values {
+ for node := rule.(*Rule); node != nil; node = node.Else {
+ c.checkSelfPath(node.Loc(), eq, node, node)
+ }
+ }
+ return false
+ })
+}
+
+func (c *Compiler) checkSelfPath(loc *Location, eq func(a, b util.T) bool, a, b util.T) {
+ tr := NewGraphTraversal(c.Graph)
+ if p := util.DFSPath(tr, eq, a, b); len(p) > 0 {
+ n := make([]string, 0, len(p))
+ for _, x := range p {
+ n = append(n, astNodeToString(x))
+ }
+ c.err(NewError(RecursionErr, loc, "rule %v is recursive: %v", astNodeToString(a), strings.Join(n, " -> ")))
+ }
+}
+
+func astNodeToString(x any) string {
+ return x.(*Rule).Ref().String()
+}
+
+// checkRuleConflicts ensures that rules definitions are not in conflict.
+func (c *Compiler) checkRuleConflicts() {
+ rw := rewriteVarsInRef(c.RewrittenVars)
+
+ c.RuleTree.DepthFirst(func(node *TreeNode) bool {
+ if len(node.Values) == 0 {
+ return false // go deeper
+ }
+
+ kinds := make(map[RuleKind]struct{}, len(node.Values))
+ completeRules := 0
+ partialRules := 0
+ arities := make(map[int]struct{}, len(node.Values))
+ name := ""
+ var conflicts []Ref
+ defaultRules := make([]*Rule, 0)
+
+ for _, rule := range node.Values {
+ r := rule.(*Rule)
+ ref := r.Ref()
+ name = rw(ref.CopyNonGround()).String() // varRewriter operates in-place
+ kinds[r.Head.RuleKind()] = struct{}{}
+ arities[len(r.Head.Args)] = struct{}{}
+ if r.Default {
+ defaultRules = append(defaultRules, r)
+ }
+
+ // Single-value rules may not have any other rules in their extent.
+ // Rules with vars in their ref are allowed to have rules inside their extent.
+ // Only the ground portion (terms before the first var term) of a rule's ref is considered when determining
+ // whether it's inside the extent of another (c.RuleTree is organized this way already).
+ // These pairs are invalid:
+ //
+ // data.p.q.r { true } # data.p.q is { "r": true }
+ // data.p.q.r.s { true }
+ //
+ // data.p.q.r { true }
+ // data.p.q.r[s].t { s = input.key }
+ //
+ // But this is allowed:
+ //
+ // data.p.q.r { true }
+ // data.p.q[r].s.t { r = input.key }
+ //
+ // data.p[r] := x { r = input.key; x = input.bar }
+ // data.p.q[r] := x { r = input.key; x = input.bar }
+ //
+ // data.p.q[r] { r := input.r }
+ // data.p.q.r.s { true }
+ //
+ // data.p.q[r] = 1 { r := "r" }
+ // data.p.q.s = 2
+ //
+ // data.p[q][r] { q := input.q; r := input.r }
+ // data.p.q.r { true }
+ //
+ // data.p.q[r] { r := input.r }
+ // data.p[q].r { q := input.q }
+ //
+ // data.p.q[r][s] { r := input.r; s := input.s }
+ // data.p[q].r.s { q := input.q }
+
+ if ref.IsGround() && len(node.Children) > 0 {
+ conflicts = node.flattenChildren()
+ }
+
+ if r.Head.RuleKind() == SingleValue && r.Head.Ref().IsGround() {
+ completeRules++
+ } else {
+ partialRules++
+ }
+ }
+
+ switch {
+ case conflicts != nil:
+ c.err(NewError(TypeErr, node.Values[0].(*Rule).Loc(), "rule %v conflicts with %v", name, conflicts))
+
+ case len(kinds) > 1 || len(arities) > 1 || (completeRules >= 1 && partialRules >= 1):
+ c.err(NewError(TypeErr, node.Values[0].(*Rule).Loc(), "conflicting rules %v found", name))
+
+ case len(defaultRules) > 1:
+
+ defaultRuleLocations := strings.Builder{}
+ defaultRuleLocations.WriteString(defaultRules[0].Loc().String())
+ for i := 1; i < len(defaultRules); i++ {
+ defaultRuleLocations.WriteString(", ")
+ defaultRuleLocations.WriteString(defaultRules[i].Loc().String())
+ }
+
+ c.err(NewError(
+ TypeErr,
+ defaultRules[0].Module.Package.Loc(),
+ "multiple default rules %s found at %s",
+ name, defaultRuleLocations.String()),
+ )
+ }
+
+ return false
+ })
+
+ if c.pathExists != nil {
+ for _, err := range CheckPathConflicts(c, c.pathExists) {
+ c.err(err)
+ }
+ }
+
+ // NOTE(sr): depthfirst might better use sorted for stable errs?
+ c.ModuleTree.DepthFirst(func(node *ModuleTreeNode) bool {
+ for _, mod := range node.Modules {
+ for _, rule := range mod.Rules {
+ ref := rule.Head.Ref().GroundPrefix()
+ // Rules with a dynamic portion in their ref are exempted, as a conflict within the dynamic portion
+ // can only be detected at eval-time.
+ if len(ref) < len(rule.Head.Ref()) {
+ continue
+ }
+
+ childNode, tail := node.find(ref)
+ if childNode != nil && len(tail) == 0 {
+ for _, childMod := range childNode.Modules {
+ // Avoid recursively checking a module for equality unless we know it's a possible self-match.
+ if childMod.Equal(mod) {
+ continue // don't self-conflict
+ }
+ msg := fmt.Sprintf("%v conflicts with rule %v defined at %v", childMod.Package, rule.Head.Ref(), rule.Loc())
+ c.err(NewError(TypeErr, mod.Package.Loc(), msg)) //nolint:govet
+ }
+ }
+ }
+ }
+ return false
+ })
+}
+
+func (c *Compiler) checkUndefinedFuncs() {
+ for _, name := range c.sorted {
+ m := c.Modules[name]
+ for _, err := range checkUndefinedFuncs(c.TypeEnv, m, c.GetArity, c.RewrittenVars) {
+ c.err(err)
+ }
+ }
+}
+
+func checkUndefinedFuncs(env *TypeEnv, x any, arity func(Ref) int, rwVars map[Var]Var) Errors {
+
+ var errs Errors
+
+ WalkExprs(x, func(expr *Expr) bool {
+ if !expr.IsCall() {
+ return false
+ }
+ ref := expr.Operator()
+ if arity := arity(ref); arity >= 0 {
+ operands := len(expr.Operands())
+ if expr.Generated { // an output var was added
+ if !expr.IsEquality() && operands != arity+1 {
+ ref = rewriteVarsInRef(rwVars)(ref)
+ errs = append(errs, arityMismatchError(env, ref, expr, arity, operands-1))
+ return true
+ }
+ } else { // either output var or not
+ if operands != arity && operands != arity+1 {
+ ref = rewriteVarsInRef(rwVars)(ref)
+ errs = append(errs, arityMismatchError(env, ref, expr, arity, operands))
+ return true
+ }
+ }
+ return false
+ }
+ ref = rewriteVarsInRef(rwVars)(ref)
+ errs = append(errs, NewError(TypeErr, expr.Loc(), "undefined function %v", ref))
+ return true
+ })
+
+ return errs
+}
+
+func arityMismatchError(env *TypeEnv, f Ref, expr *Expr, exp, act int) *Error {
+ if want, ok := env.Get(f).(*types.Function); ok { // generate richer error for built-in functions
+ have := make([]types.Type, len(expr.Operands()))
+ for i, op := range expr.Operands() {
+ have[i] = env.Get(op)
+ }
+ return newArgError(expr.Loc(), f, "arity mismatch", have, want.NamedFuncArgs())
+ }
+ if act != 1 {
+ return NewError(TypeErr, expr.Loc(), "function %v has arity %d, got %d arguments", f, exp, act)
+ }
+ return NewError(TypeErr, expr.Loc(), "function %v has arity %d, got %d argument", f, exp, act)
+}
+
+// checkSafetyRuleBodies ensures that variables appearing in negated expressions or non-target
+// positions of built-in expressions will be bound when evaluating the rule from left
+// to right, re-ordering as necessary.
+func (c *Compiler) checkSafetyRuleBodies() {
+ for _, name := range c.sorted {
+ m := c.Modules[name]
+ WalkRules(m, func(r *Rule) bool {
+ safe := ReservedVars.Copy()
+ safe.Update(r.Head.Args.Vars())
+ r.Body = c.checkBodySafety(safe, r.Body)
+ return false
+ })
+ }
+}
+
+func (c *Compiler) checkBodySafety(safe VarSet, b Body) Body {
+ reordered, unsafe := reorderBodyForSafety(c.builtins, c.GetArity, safe, b)
+ if errs := safetyErrorSlice(unsafe, c.RewrittenVars); len(errs) > 0 {
+ for _, err := range errs {
+ c.err(err)
+ }
+ return b
+ }
+ return reordered
+}
+
+// SafetyCheckVisitorParams defines the AST visitor parameters to use for collecting
+// variables during the safety check. This has to be exported because it's relied on
+// by the copy propagation implementation in topdown.
+var SafetyCheckVisitorParams = VarVisitorParams{
+ SkipRefCallHead: true,
+ SkipClosures: true,
+}
+
+// checkSafetyRuleHeads ensures that variables appearing in the head of a
+// rule also appear in the body.
+func (c *Compiler) checkSafetyRuleHeads() {
+
+ for _, name := range c.sorted {
+ m := c.Modules[name]
+ WalkRules(m, func(r *Rule) bool {
+ safe := r.Body.Vars(SafetyCheckVisitorParams)
+ safe.Update(r.Head.Args.Vars())
+ unsafe := r.Head.Vars().Diff(safe)
+ for v := range unsafe {
+ if w, ok := c.RewrittenVars[v]; ok {
+ v = w
+ }
+ if !v.IsGenerated() {
+ c.err(NewError(UnsafeVarErr, r.Loc(), "var %v is unsafe", v))
+ }
+ }
+ return false
+ })
+ }
+}
+
+func compileSchema(goSchema any, allowNet []string) (*gojsonschema.Schema, error) {
+ gojsonschema.SetAllowNet(allowNet)
+
+ var refLoader gojsonschema.JSONLoader
+ sl := gojsonschema.NewSchemaLoader()
+
+ if goSchema != nil {
+ refLoader = gojsonschema.NewGoLoader(goSchema)
+ } else {
+ return nil, errors.New("no schema as input to compile")
+ }
+ schemasCompiled, err := sl.Compile(refLoader)
+ if err != nil {
+ return nil, fmt.Errorf("unable to compile the schema: %w", err)
+ }
+ return schemasCompiled, nil
+}
+
+func mergeSchemas(schemas ...*gojsonschema.SubSchema) (*gojsonschema.SubSchema, error) {
+ if len(schemas) == 0 {
+ return nil, nil
+ }
+ var result = schemas[0]
+
+ for i := range schemas {
+ if len(schemas[i].PropertiesChildren) > 0 {
+ if !schemas[i].Types.Contains("object") {
+ if err := schemas[i].Types.Add("object"); err != nil {
+ return nil, errors.New("unable to set the type in schemas")
+ }
+ }
+ } else if len(schemas[i].ItemsChildren) > 0 {
+ if !schemas[i].Types.Contains("array") {
+ if err := schemas[i].Types.Add("array"); err != nil {
+ return nil, errors.New("unable to set the type in schemas")
+ }
+ }
+ }
+ }
+
+ for i := 1; i < len(schemas); i++ {
+ if result.Types.String() != schemas[i].Types.String() {
+ return nil, fmt.Errorf("unable to merge these schemas: type mismatch: %v and %v", result.Types.String(), schemas[i].Types.String())
+ } else if result.Types.Contains("object") && len(result.PropertiesChildren) > 0 && schemas[i].Types.Contains("object") && len(schemas[i].PropertiesChildren) > 0 {
+ result.PropertiesChildren = append(result.PropertiesChildren, schemas[i].PropertiesChildren...)
+ } else if result.Types.Contains("array") && len(result.ItemsChildren) > 0 && schemas[i].Types.Contains("array") && len(schemas[i].ItemsChildren) > 0 {
+ for j := range len(schemas[i].ItemsChildren) {
+ if len(result.ItemsChildren)-1 < j && !(len(schemas[i].ItemsChildren)-1 < j) {
+ result.ItemsChildren = append(result.ItemsChildren, schemas[i].ItemsChildren[j])
+ }
+ if result.ItemsChildren[j].Types.String() != schemas[i].ItemsChildren[j].Types.String() {
+ return nil, errors.New("unable to merge these schemas")
+ }
+ }
+ }
+ }
+ return result, nil
+}
+
+type schemaParser struct {
+ definitionCache map[string]*cachedDef
+}
+
+type cachedDef struct {
+ properties []*types.StaticProperty
+}
+
+func newSchemaParser() *schemaParser {
+ return &schemaParser{
+ definitionCache: map[string]*cachedDef{},
+ }
+}
+
+func (parser *schemaParser) parseSchema(schema any) (types.Type, error) {
+ return parser.parseSchemaWithPropertyKey(schema, "")
+}
+
+func (parser *schemaParser) parseSchemaWithPropertyKey(schema any, propertyKey string) (types.Type, error) {
+ subSchema, ok := schema.(*gojsonschema.SubSchema)
+ if !ok {
+ return nil, fmt.Errorf("unexpected schema type %v", subSchema)
+ }
+
+ // Handle referenced schemas, returns directly when a $ref is found
+ if subSchema.RefSchema != nil {
+ if existing, ok := parser.definitionCache[subSchema.Ref.String()]; ok {
+ return types.NewObject(existing.properties, nil), nil
+ }
+ return parser.parseSchemaWithPropertyKey(subSchema.RefSchema, subSchema.Ref.String())
+ }
+
+ // Handle anyOf
+ if subSchema.AnyOf != nil {
+ var orType types.Type
+
+ // If there is a core schema, find its type first
+ if subSchema.Types.IsTyped() {
+ copySchema := *subSchema
+ copySchemaRef := ©Schema
+ copySchemaRef.AnyOf = nil
+ coreType, err := parser.parseSchema(copySchemaRef)
+ if err != nil {
+ return nil, fmt.Errorf("unexpected schema type %v: %w", subSchema, err)
+ }
+
+ // Only add Object type with static props to orType
+ if objType, ok := coreType.(*types.Object); ok {
+ if objType.StaticProperties() != nil && objType.DynamicProperties() == nil {
+ orType = types.Or(orType, coreType)
+ }
+ }
+ }
+
+ // Iterate through every property of AnyOf and add it to orType
+ for _, pSchema := range subSchema.AnyOf {
+ newtype, err := parser.parseSchema(pSchema)
+ if err != nil {
+ return nil, fmt.Errorf("unexpected schema type %v: %w", pSchema, err)
+ }
+ orType = types.Or(newtype, orType)
+ }
+
+ return orType, nil
+ }
+
+ if subSchema.AllOf != nil {
+ subSchemaArray := subSchema.AllOf
+ allOfResult, err := mergeSchemas(subSchemaArray...)
+ if err != nil {
+ return nil, err
+ }
+
+ if subSchema.Types.IsTyped() {
+ if (subSchema.Types.Contains("object") && allOfResult.Types.Contains("object")) || (subSchema.Types.Contains("array") && allOfResult.Types.Contains("array")) {
+ objectOrArrayResult, err := mergeSchemas(allOfResult, subSchema)
+ if err != nil {
+ return nil, err
+ }
+ return parser.parseSchema(objectOrArrayResult)
+ } else if subSchema.Types.String() != allOfResult.Types.String() {
+ return nil, errors.New("unable to merge these schemas")
+ }
+ }
+ return parser.parseSchema(allOfResult)
+ }
+
+ if subSchema.Types.IsTyped() {
+ if subSchema.Types.Contains("boolean") {
+ return types.B, nil
+
+ } else if subSchema.Types.Contains("string") {
+ return types.S, nil
+
+ } else if subSchema.Types.Contains("integer") || subSchema.Types.Contains("number") {
+ return types.N, nil
+
+ } else if subSchema.Types.Contains("object") {
+ if len(subSchema.PropertiesChildren) > 0 {
+ def := &cachedDef{
+ properties: make([]*types.StaticProperty, 0, len(subSchema.PropertiesChildren)),
+ }
+ for _, pSchema := range subSchema.PropertiesChildren {
+ def.properties = append(def.properties, types.NewStaticProperty(pSchema.Property, nil))
+ }
+ if propertyKey != "" {
+ parser.definitionCache[propertyKey] = def
+ }
+ for _, pSchema := range subSchema.PropertiesChildren {
+ newtype, err := parser.parseSchema(pSchema)
+ if err != nil {
+ return nil, fmt.Errorf("unexpected schema type %v: %w", pSchema, err)
+ }
+ for i, prop := range def.properties {
+ if prop.Key == pSchema.Property {
+ def.properties[i].Value = newtype
+ break
+ }
+ }
+ }
+ return types.NewObject(def.properties, nil), nil
+ }
+ return types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)), nil
+
+ } else if subSchema.Types.Contains("array") {
+ if len(subSchema.ItemsChildren) > 0 {
+ if subSchema.ItemsChildrenIsSingleSchema {
+ iSchema := subSchema.ItemsChildren[0]
+ newtype, err := parser.parseSchema(iSchema)
+ if err != nil {
+ return nil, fmt.Errorf("unexpected schema type %v", iSchema)
+ }
+ return types.NewArray(nil, newtype), nil
+ }
+ newTypes := make([]types.Type, 0, len(subSchema.ItemsChildren))
+ for i := 0; i != len(subSchema.ItemsChildren); i++ {
+ iSchema := subSchema.ItemsChildren[i]
+ newtype, err := parser.parseSchema(iSchema)
+ if err != nil {
+ return nil, fmt.Errorf("unexpected schema type %v", iSchema)
+ }
+ newTypes = append(newTypes, newtype)
+ }
+ return types.NewArray(newTypes, nil), nil
+ }
+ return types.NewArray(nil, types.A), nil
+ }
+ }
+
+ // Assume types if not specified in schema
+ if len(subSchema.PropertiesChildren) > 0 {
+ if err := subSchema.Types.Add("object"); err == nil {
+ return parser.parseSchema(subSchema)
+ }
+ } else if len(subSchema.ItemsChildren) > 0 {
+ if err := subSchema.Types.Add("array"); err == nil {
+ return parser.parseSchema(subSchema)
+ }
+ }
+
+ return types.A, nil
+}
+
+func (c *Compiler) setAnnotationSet() {
+ // Sorting modules by name for stable error reporting
+ sorted := make([]*Module, 0, len(c.Modules))
+ for _, mName := range c.sorted {
+ sorted = append(sorted, c.Modules[mName])
+ }
+
+ as, errs := BuildAnnotationSet(sorted)
+ for _, err := range errs {
+ c.err(err)
+ }
+ c.annotationSet = as
+}
+
+// checkTypes runs the type checker on all rules. The type checker builds a
+// TypeEnv that is stored on the compiler.
+func (c *Compiler) checkTypes() {
+ // Recursion is caught in earlier step, so this cannot fail.
+ sorted, _ := c.Graph.Sort()
+ checker := newTypeChecker().
+ WithAllowNet(c.capabilities.AllowNet).
+ WithSchemaSet(c.schemaSet).
+ WithInputType(c.inputType).
+ WithBuiltins(c.builtins).
+ WithRequiredCapabilities(c.Required).
+ WithVarRewriter(rewriteVarsInRef(c.RewrittenVars)).
+ WithAllowUndefinedFunctionCalls(c.allowUndefinedFuncCalls)
+ var as *AnnotationSet
+ if c.useTypeCheckAnnotations {
+ as = c.annotationSet
+ }
+ env, errs := checker.CheckTypes(c.TypeEnv, sorted, as)
+ for _, err := range errs {
+ c.err(err)
+ }
+ c.TypeEnv = env
+}
+
+func (c *Compiler) checkUnsafeBuiltins() {
+ if len(c.unsafeBuiltinsMap) == 0 {
+ return
+ }
+
+ for _, name := range c.sorted {
+ errs := checkUnsafeBuiltins(c.unsafeBuiltinsMap, c.Modules[name])
+ for _, err := range errs {
+ c.err(err)
+ }
+ }
+}
+
+func (c *Compiler) checkDeprecatedBuiltins() {
+ checkNeeded := false
+ for _, b := range c.Required.Builtins {
+ if _, found := c.deprecatedBuiltinsMap[b.Name]; found {
+ checkNeeded = true
+ break
+ }
+ }
+ if !checkNeeded {
+ return
+ }
+
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ if c.strict || mod.regoV1Compatible() {
+ errs := checkDeprecatedBuiltins(c.deprecatedBuiltinsMap, mod)
+ for _, err := range errs {
+ c.err(err)
+ }
+ }
+ }
+}
+
+func (c *Compiler) runStage(metricName string, f func()) {
+ if c.metrics != nil {
+ c.metrics.Timer(metricName).Start()
+ defer c.metrics.Timer(metricName).Stop()
+ }
+ f()
+}
+
+func (c *Compiler) runStageAfter(metricName string, s CompilerStage) *Error {
+ if c.metrics != nil {
+ c.metrics.Timer(metricName).Start()
+ defer c.metrics.Timer(metricName).Stop()
+ }
+ return s(c)
+}
+
+func (c *Compiler) compile() {
+
+ defer func() {
+ if r := recover(); r != nil && r != errLimitReached {
+ panic(r)
+ }
+ }()
+
+ for _, s := range c.stages {
+ if c.evalMode == EvalModeIR {
+ switch s.name {
+ case "BuildRuleIndices", "BuildComprehensionIndices":
+ continue // skip these stages
+ }
+ }
+
+ if c.allowUndefinedFuncCalls && (s.name == "CheckUndefinedFuncs" || s.name == "CheckSafetyRuleBodies") {
+ continue
+ }
+
+ c.runStage(s.metricName, s.f)
+ if c.Failed() {
+ return
+ }
+ for _, a := range c.after[s.name] {
+ if err := c.runStageAfter(a.MetricName, a.Stage); err != nil {
+ c.err(err)
+ return
+ }
+ }
+ }
+}
+
+func (c *Compiler) init() {
+
+ if c.initialized {
+ return
+ }
+
+ if c.capabilities == nil {
+ c.capabilities = CapabilitiesForThisVersion()
+ }
+
+ c.builtins = make(map[string]*Builtin, len(c.capabilities.Builtins)+len(c.customBuiltins))
+
+ for _, bi := range c.capabilities.Builtins {
+ c.builtins[bi.Name] = bi
+ if bi.IsDeprecated() {
+ c.deprecatedBuiltinsMap[bi.Name] = struct{}{}
+ }
+ }
+
+ maps.Copy(c.builtins, c.customBuiltins)
+
+ // Load the global input schema if one was provided.
+ if c.schemaSet != nil {
+ if schema := c.schemaSet.Get(SchemaRootRef); schema != nil {
+ tpe, err := loadSchema(schema, c.capabilities.AllowNet)
+ if err != nil {
+ c.err(NewError(TypeErr, nil, err.Error())) //nolint:govet
+ } else {
+ c.inputType = tpe
+ }
+ }
+ }
+
+ c.TypeEnv = newTypeChecker().
+ WithSchemaSet(c.schemaSet).
+ WithInputType(c.inputType).
+ Env(c.builtins)
+
+ c.initialized = true
+}
+
+func (c *Compiler) err(err *Error) {
+ if c.maxErrs > 0 && len(c.Errors) >= c.maxErrs {
+ c.Errors = append(c.Errors, errLimitReached)
+ panic(errLimitReached)
+ }
+ c.Errors = append(c.Errors, err)
+}
+
+func (c *Compiler) getExports() *util.HasherMap[Ref, []Ref] {
+
+ rules := util.NewHasherMap[Ref, []Ref](RefEqual)
+
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+
+ for _, rule := range mod.Rules {
+ hashMapAdd(rules, mod.Package.Path, rule.Head.Ref().GroundPrefix())
+ }
+ }
+
+ return rules
+}
+
+func refSliceEqual(a, b []Ref) bool {
+ if len(a) != len(b) {
+ return false
+ }
+ for i := range a {
+ if !a[i].Equal(b[i]) {
+ return false
+ }
+ }
+ return true
+}
+
+func hashMapAdd(rules *util.HasherMap[Ref, []Ref], pkg, rule Ref) {
+ prev, ok := rules.Get(pkg)
+ if !ok {
+ rules.Put(pkg, []Ref{rule})
+ return
+ }
+ for _, p := range prev {
+ if p.Equal(rule) {
+ return
+ }
+ }
+ rules.Put(pkg, append(prev, rule))
+}
+
+func (c *Compiler) GetAnnotationSet() *AnnotationSet {
+ return c.annotationSet
+}
+
+func (c *Compiler) checkImports() {
+ modules := make([]*Module, 0, len(c.Modules))
+
+ supportsRegoV1Import := c.capabilities.ContainsFeature(FeatureRegoV1Import) ||
+ c.capabilities.ContainsFeature(FeatureRegoV1)
+
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+
+ for _, imp := range mod.Imports {
+ if !supportsRegoV1Import && RegoV1CompatibleRef.Equal(imp.Path.Value) {
+ c.err(NewError(CompileErr, imp.Loc(), "rego.v1 import is not supported"))
+ }
+ }
+
+ if c.strict || c.moduleIsRegoV1Compatible(mod) {
+ modules = append(modules, mod)
+ }
+ }
+
+ errs := checkDuplicateImports(modules)
+ for _, err := range errs {
+ c.err(err)
+ }
+}
+
+func (c *Compiler) checkKeywordOverrides() {
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ if c.strict || c.moduleIsRegoV1Compatible(mod) {
+ errs := checkRootDocumentOverrides(mod)
+ for _, err := range errs {
+ c.err(err)
+ }
+ }
+ }
+}
+
+func (c *Compiler) moduleIsRegoV1(mod *Module) bool {
+ if mod.regoVersion == RegoUndefined {
+ switch c.defaultRegoVersion {
+ case RegoUndefined:
+ c.err(NewError(CompileErr, mod.Package.Loc(), "cannot determine rego version for module"))
+ return false
+ case RegoV1:
+ return true
+ }
+ return false
+ }
+ return mod.regoVersion == RegoV1
+}
+
+func (c *Compiler) moduleIsRegoV1Compatible(mod *Module) bool {
+ if mod.regoVersion == RegoUndefined {
+ switch c.defaultRegoVersion {
+ case RegoUndefined:
+ c.err(NewError(CompileErr, mod.Package.Loc(), "cannot determine rego version for module"))
+ return false
+ case RegoV1, RegoV0CompatV1:
+ return true
+ }
+ return false
+ }
+ return mod.regoV1Compatible()
+}
+
+// resolveAllRefs resolves references in expressions to their fully qualified values.
+//
+// For instance, given the following module:
+//
+// package a.b
+// import data.foo.bar
+// p[x] { bar[_] = x }
+//
+// The reference "bar[_]" would be resolved to "data.foo.bar[_]".
+//
+// Ref rules are resolved, too:
+//
+// package a.b
+// q { c.d.e == 1 }
+// c.d[e] := 1 if e := "e"
+//
+// The reference "c.d.e" would be resolved to "data.a.b.c.d.e".
+func (c *Compiler) resolveAllRefs() {
+
+ rules := c.getExports()
+
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+
+ var ruleExports []Ref
+ if x, ok := rules.Get(mod.Package.Path); ok {
+ ruleExports = x
+ }
+
+ globals := getGlobals(mod.Package, ruleExports, mod.Imports)
+
+ WalkRules(mod, func(rule *Rule) bool {
+ err := resolveRefsInRule(globals, rule)
+ if err != nil {
+ c.err(NewError(CompileErr, rule.Location, err.Error())) //nolint:govet
+ }
+ return false
+ })
+
+ if c.strict { // check for unused imports
+ for _, imp := range mod.Imports {
+ path := imp.Path.Value.(Ref)
+ if FutureRootDocument.Equal(path[0]) || RegoRootDocument.Equal(path[0]) {
+ continue // ignore future and rego imports
+ }
+
+ for v, u := range globals {
+ if v.Equal(imp.Name()) && !u.used {
+ c.err(NewError(CompileErr, imp.Location, "%s unused", imp.String()))
+ }
+ }
+ }
+ }
+ }
+
+ if c.moduleLoader != nil {
+
+ parsed, err := c.moduleLoader(c.Modules)
+ if err != nil {
+ c.err(NewError(CompileErr, nil, err.Error())) //nolint:govet
+ return
+ }
+
+ if len(parsed) == 0 {
+ return
+ }
+
+ for id, module := range parsed {
+ c.Modules[id] = module.Copy()
+ c.sorted = append(c.sorted, id)
+ if c.parsedModules != nil {
+ c.parsedModules[id] = module
+ }
+ }
+
+ sort.Strings(c.sorted)
+ c.resolveAllRefs()
+ }
+}
+
+func (c *Compiler) removeImports() {
+ c.imports = make(map[string][]*Import, len(c.Modules))
+ for name := range c.Modules {
+ c.imports[name] = c.Modules[name].Imports
+ c.Modules[name].Imports = nil
+ }
+}
+
+func (c *Compiler) initLocalVarGen() {
+ c.localvargen = newLocalVarGeneratorForModuleSet(c.sorted, c.Modules)
+}
+
+func (c *Compiler) rewriteComprehensionTerms() {
+ f := newEqualityFactory(c.localvargen)
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ _, _ = rewriteComprehensionTerms(f, mod) // ignore error
+ }
+}
+
+func (c *Compiler) rewriteExprTerms() {
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ WalkRules(mod, func(rule *Rule) bool {
+ rewriteExprTermsInHead(c.localvargen, rule)
+ rule.Body = rewriteExprTermsInBody(c.localvargen, rule.Body)
+ return false
+ })
+ }
+}
+
+func (c *Compiler) rewriteRuleHeadRefs() {
+ f := newEqualityFactory(c.localvargen)
+ for _, name := range c.sorted {
+ WalkRules(c.Modules[name], func(rule *Rule) bool {
+
+ ref := rule.Head.Ref()
+ // NOTE(sr): We're backfilling Refs here -- all parser code paths would have them, but
+ // it's possible to construct Module{} instances from Golang code, so we need
+ // to accommodate for that, too.
+ if len(rule.Head.Reference) == 0 {
+ rule.Head.Reference = ref
+ }
+
+ cannotSpeakStringPrefixRefs := true
+ cannotSpeakGeneralRefs := true
+ for _, f := range c.capabilities.Features {
+ switch f {
+ case FeatureRefHeadStringPrefixes:
+ cannotSpeakStringPrefixRefs = false
+ case FeatureRefHeads:
+ cannotSpeakGeneralRefs = false
+ case FeatureRegoV1:
+ cannotSpeakStringPrefixRefs = false
+ cannotSpeakGeneralRefs = false
+ }
+ }
+
+ if cannotSpeakStringPrefixRefs && cannotSpeakGeneralRefs && rule.Head.Name == "" {
+ c.err(NewError(CompileErr, rule.Loc(), "rule heads with refs are not supported: %v", rule.Head.Reference))
+ return true
+ }
+
+ for i := 1; i < len(ref); i++ {
+ if cannotSpeakGeneralRefs && (rule.Head.RuleKind() == MultiValue || i != len(ref)-1) { // last
+ if _, ok := ref[i].Value.(String); !ok {
+ c.err(NewError(TypeErr, rule.Loc(), "rule heads with general refs (containing variables) are not supported: %v", rule.Head.Reference))
+ continue
+ }
+ }
+
+ // Rewrite so that any non-scalar elements in the rule's ref are vars:
+ // p.q.r[y.z] { ... } => p.q.r[__local0__] { __local0__ = y.z }
+ // p.q[a.b][c.d] { ... } => p.q[__local0__] { __local0__ = a.b; __local1__ = c.d }
+ // because that's what the RuleTree knows how to deal with.
+ if _, ok := ref[i].Value.(Var); !ok && !IsScalar(ref[i].Value) {
+ expr := f.Generate(ref[i])
+ if i == len(ref)-1 && rule.Head.Key.Equal(ref[i]) {
+ rule.Head.Key = expr.Operand(0)
+ }
+ rule.Head.Reference[i] = expr.Operand(0)
+ rule.Body.Append(expr)
+ }
+ }
+
+ return true
+ })
+ }
+}
+
+func (c *Compiler) checkVoidCalls() {
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ for _, err := range checkVoidCalls(c.TypeEnv, mod) {
+ c.err(err)
+ }
+ }
+}
+
+func (c *Compiler) rewritePrintCalls() {
+ var modified bool
+ if !c.enablePrintStatements {
+ for _, name := range c.sorted {
+ if erasePrintCalls(c.Modules[name]) {
+ modified = true
+ }
+ }
+ } else {
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ WalkRules(mod, func(r *Rule) bool {
+ safe := r.Head.Args.Vars()
+ safe.Update(ReservedVars)
+ vis := func(b Body) bool {
+ modrec, errs := rewritePrintCalls(c.localvargen, c.GetArity, safe, b)
+ if modrec {
+ modified = true
+ }
+ for _, err := range errs {
+ c.err(err)
+ }
+ return false
+ }
+ WalkBodies(r.Head, vis)
+ WalkBodies(r.Body, vis)
+ return false
+ })
+ }
+ }
+ if modified {
+ c.Required.addBuiltinSorted(Print)
+ }
+}
+
+// checkVoidCalls returns errors for any expressions that treat void function
+// calls as values. The only void functions in Rego are specific built-ins like
+// print().
+func checkVoidCalls(env *TypeEnv, x any) Errors {
+ var errs Errors
+ WalkTerms(x, func(x *Term) bool {
+ if call, ok := x.Value.(Call); ok {
+ if tpe, ok := env.Get(call[0]).(*types.Function); ok && tpe.Result() == nil {
+ errs = append(errs, NewError(TypeErr, x.Loc(), "%v used as value", call))
+ }
+ }
+ return false
+ })
+ return errs
+}
+
+// rewritePrintCalls will rewrite the body so that print operands are captured
+// in local variables and their evaluation occurs within a comprehension.
+// Wrapping the terms inside of a comprehension ensures that undefined values do
+// not short-circuit evaluation.
+//
+// For example, given the following print statement:
+//
+// print("the value of x is:", input.x)
+//
+// The expression would be rewritten to:
+//
+// print({__local0__ | __local0__ = "the value of x is:"}, {__local1__ | __local1__ = input.x})
+func rewritePrintCalls(gen *localVarGenerator, getArity func(Ref) int, globals VarSet, body Body) (bool, Errors) {
+
+ var errs Errors
+ var modified bool
+
+ // Visit comprehension bodies recursively to ensure print statements inside
+ // those bodies only close over variables that are safe.
+ for i := range body {
+ if ContainsClosures(body[i]) {
+ safe := outputVarsForBody(body[:i], getArity, globals)
+ safe.Update(globals)
+ WalkClosures(body[i], func(x any) bool {
+ var modrec bool
+ var errsrec Errors
+ switch x := x.(type) {
+ case *SetComprehension:
+ modrec, errsrec = rewritePrintCalls(gen, getArity, safe, x.Body)
+ case *ArrayComprehension:
+ modrec, errsrec = rewritePrintCalls(gen, getArity, safe, x.Body)
+ case *ObjectComprehension:
+ modrec, errsrec = rewritePrintCalls(gen, getArity, safe, x.Body)
+ case *Every:
+ safe.Update(x.KeyValueVars())
+ modrec, errsrec = rewritePrintCalls(gen, getArity, safe, x.Body)
+ }
+ if modrec {
+ modified = true
+ }
+ errs = append(errs, errsrec...)
+ return true
+ })
+ if len(errs) > 0 {
+ return false, errs
+ }
+ }
+ }
+
+ for i := range body {
+
+ if !isPrintCall(body[i]) {
+ continue
+ }
+
+ modified = true
+
+ var errs Errors
+ safe := outputVarsForBody(body[:i], getArity, globals)
+ safe.Update(globals)
+ args := body[i].Operands()
+
+ for j := range args {
+ vis := NewVarVisitor().WithParams(SafetyCheckVisitorParams)
+ vis.Walk(args[j])
+ unsafe := vis.Vars().Diff(safe)
+ for _, v := range unsafe.Sorted() {
+ errs = append(errs, NewError(CompileErr, args[j].Loc(), "var %v is undeclared", v))
+ }
+ }
+
+ if len(errs) > 0 {
+ return false, errs
+ }
+
+ arr := NewArray()
+
+ for j := range args {
+ x := NewTerm(gen.Generate()).SetLocation(args[j].Loc())
+ capture := Equality.Expr(x, args[j]).SetLocation(args[j].Loc())
+ arr = arr.Append(SetComprehensionTerm(x, NewBody(capture)).SetLocation(args[j].Loc()))
+ }
+
+ body.Set(NewExpr([]*Term{
+ NewTerm(InternalPrint.Ref()).SetLocation(body[i].Loc()),
+ NewTerm(arr).SetLocation(body[i].Loc()),
+ }).SetLocation(body[i].Loc()), i)
+ }
+
+ return modified, nil
+}
+
+func erasePrintCalls(node any) bool {
+ var modified bool
+ NewGenericVisitor(func(x any) bool {
+ var modrec bool
+ switch x := x.(type) {
+ case *Rule:
+ modrec, x.Body = erasePrintCallsInBody(x.Body)
+ case *ArrayComprehension:
+ modrec, x.Body = erasePrintCallsInBody(x.Body)
+ case *SetComprehension:
+ modrec, x.Body = erasePrintCallsInBody(x.Body)
+ case *ObjectComprehension:
+ modrec, x.Body = erasePrintCallsInBody(x.Body)
+ case *Every:
+ modrec, x.Body = erasePrintCallsInBody(x.Body)
+ }
+ if modrec {
+ modified = true
+ }
+ return false
+ }).Walk(node)
+ return modified
+}
+
+func erasePrintCallsInBody(x Body) (bool, Body) {
+
+ if !containsPrintCall(x) {
+ return false, x
+ }
+
+ var cpy Body
+
+ for i := range x {
+
+ // Recursively visit any comprehensions contained in this expression.
+ erasePrintCalls(x[i])
+
+ if !isPrintCall(x[i]) {
+ cpy.Append(x[i])
+ }
+ }
+
+ if len(cpy) == 0 {
+ term := BooleanTerm(true).SetLocation(x.Loc())
+ expr := NewExpr(term).SetLocation(x.Loc())
+ cpy.Append(expr)
+ }
+
+ return true, cpy
+}
+
+func containsPrintCall(x any) bool {
+ var found bool
+ WalkExprs(x, func(expr *Expr) bool {
+ if !found {
+ if isPrintCall(expr) {
+ found = true
+ }
+ }
+ return found
+ })
+ return found
+}
+
+var printRef = Print.Ref()
+
+func isPrintCall(x *Expr) bool {
+ return x.IsCall() && x.Operator().Equal(printRef)
+}
+
+// rewriteRefsInHead will rewrite rules so that the head does not contain any
+// terms that require evaluation (e.g., refs or comprehensions). If the key or
+// value contains one or more of these terms, the key or value will be moved
+// into the body and assigned to a new variable. The new variable will replace
+// the key or value in the head.
+//
+// For instance, given the following rule:
+//
+// p[{"foo": data.foo[i]}] { i < 100 }
+//
+// The rule would be re-written as:
+//
+// p[__local0__] { i < 100; __local0__ = {"foo": data.foo[i]} }
+func (c *Compiler) rewriteRefsInHead() {
+ f := newEqualityFactory(c.localvargen)
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ WalkRules(mod, func(rule *Rule) bool {
+ if requiresEval(rule.Head.Key) {
+ expr := f.Generate(rule.Head.Key)
+ rule.Head.Key = expr.Operand(0)
+ rule.Body.Append(expr)
+ }
+ if requiresEval(rule.Head.Value) {
+ expr := f.Generate(rule.Head.Value)
+ rule.Head.Value = expr.Operand(0)
+ rule.Body.Append(expr)
+ }
+ for i := 0; i < len(rule.Head.Args); i++ {
+ if requiresEval(rule.Head.Args[i]) {
+ expr := f.Generate(rule.Head.Args[i])
+ rule.Head.Args[i] = expr.Operand(0)
+ rule.Body.Append(expr)
+ }
+ }
+ return false
+ })
+ }
+}
+
+func (c *Compiler) rewriteEquals() {
+ modified := false
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ modified = rewriteEquals(mod) || modified
+ }
+ if modified {
+ c.Required.addBuiltinSorted(Equal)
+ }
+}
+
+func (c *Compiler) rewriteDynamicTerms() {
+ f := newEqualityFactory(c.localvargen)
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ WalkRules(mod, func(rule *Rule) bool {
+ rule.Body = rewriteDynamics(f, rule.Body)
+ return false
+ })
+ }
+}
+
+// rewriteTestRuleEqualities rewrites equality expressions in test rule bodies to create local vars for statements that would otherwise
+// not have their values captured through tracing, such as refs and comprehensions not unified/assigned to a local var.
+// For example, given the following module:
+//
+// package test
+//
+// p.q contains v if {
+// some v in numbers.range(1, 3)
+// }
+//
+// p.r := "foo"
+//
+// test_rule {
+// p == {
+// "q": {4, 5, 6}
+// }
+// }
+//
+// `p` in `test_rule` resolves to `data.test.p`, which won't be an entry in the virtual-cache and must therefore be calculated after-the-fact.
+// If `p` isn't captured in a local var, there is no trivial way to retrieve its value for test reporting.
+func (c *Compiler) rewriteTestRuleEqualities() {
+ if !c.rewriteTestRulesForTracing {
+ return
+ }
+
+ f := newEqualityFactory(c.localvargen)
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ WalkRules(mod, func(rule *Rule) bool {
+ if strings.HasPrefix(string(rule.Head.Name), "test_") {
+ rule.Body = rewriteTestEqualities(f, rule.Body)
+ }
+ return false
+ })
+ }
+}
+
+func (c *Compiler) parseMetadataBlocks() {
+ // Only parse annotations if rego.metadata built-ins are called
+ regoMetadataCalled := false
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ WalkExprs(mod, func(expr *Expr) bool {
+ if isRegoMetadataChainCall(expr) || isRegoMetadataRuleCall(expr) {
+ regoMetadataCalled = true
+ }
+ return regoMetadataCalled
+ })
+
+ if regoMetadataCalled {
+ break
+ }
+ }
+
+ if regoMetadataCalled {
+ // NOTE: Possible optimization: only parse annotations for modules on the path of rego.metadata-calling module
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+
+ if len(mod.Annotations) == 0 {
+ var errs Errors
+ mod.Annotations, errs = parseAnnotations(mod.Comments)
+ errs = append(errs, attachAnnotationsNodes(mod)...)
+ for _, err := range errs {
+ c.err(err)
+ }
+
+ attachRuleAnnotations(mod)
+ }
+ }
+ }
+}
+
+func (c *Compiler) rewriteRegoMetadataCalls() {
+ eqFactory := newEqualityFactory(c.localvargen)
+
+ _, chainFuncAllowed := c.builtins[RegoMetadataChain.Name]
+ _, ruleFuncAllowed := c.builtins[RegoMetadataRule.Name]
+
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+
+ WalkRules(mod, func(rule *Rule) bool {
+ var firstChainCall *Expr
+ var firstRuleCall *Expr
+
+ WalkExprs(rule, func(expr *Expr) bool {
+ if chainFuncAllowed && firstChainCall == nil && isRegoMetadataChainCall(expr) {
+ firstChainCall = expr
+ } else if ruleFuncAllowed && firstRuleCall == nil && isRegoMetadataRuleCall(expr) {
+ firstRuleCall = expr
+ }
+ return firstChainCall != nil && firstRuleCall != nil
+ })
+
+ chainCalled := firstChainCall != nil
+ ruleCalled := firstRuleCall != nil
+
+ if chainCalled || ruleCalled {
+ body := make(Body, 0, len(rule.Body)+2)
+
+ var metadataChainVar Var
+ if chainCalled {
+ // Create and inject metadata chain for rule
+
+ chain, err := createMetadataChain(c.annotationSet.Chain(rule))
+ if err != nil {
+ c.err(err)
+ return false
+ }
+
+ chain.Location = firstChainCall.Location
+ eq := eqFactory.Generate(chain)
+ metadataChainVar = eq.Operands()[0].Value.(Var)
+ body.Append(eq)
+ }
+
+ var metadataRuleVar Var
+ if ruleCalled {
+ // Create and inject metadata for rule
+
+ var metadataRuleTerm *Term
+
+ a := getPrimaryRuleAnnotations(c.annotationSet, rule)
+ if a != nil {
+ annotObj, err := a.toObject()
+ if err != nil {
+ c.err(err)
+ return false
+ }
+ metadataRuleTerm = NewTerm(*annotObj)
+ } else {
+ // If rule has no annotations, assign an empty object
+ metadataRuleTerm = ObjectTerm()
+ }
+
+ metadataRuleTerm.Location = firstRuleCall.Location
+ eq := eqFactory.Generate(metadataRuleTerm)
+ metadataRuleVar = eq.Operands()[0].Value.(Var)
+ body.Append(eq)
+ }
+
+ for _, expr := range rule.Body {
+ body.Append(expr)
+ }
+ rule.Body = body
+
+ vis := func(b Body) bool {
+ for _, err := range rewriteRegoMetadataCalls(&metadataChainVar, &metadataRuleVar, b, &c.RewrittenVars) {
+ c.err(err)
+ }
+ return false
+ }
+ WalkBodies(rule.Head, vis)
+ WalkBodies(rule.Body, vis)
+ }
+
+ return false
+ })
+ }
+}
+
+func getPrimaryRuleAnnotations(as *AnnotationSet, rule *Rule) *Annotations {
+ annots := as.GetRuleScope(rule)
+
+ if len(annots) == 0 {
+ return nil
+ }
+
+ // Sort by annotation location; chain must start with annotations declared closest to rule, then going outward
+ slices.SortStableFunc(annots, func(a, b *Annotations) int {
+ return -a.Location.Compare(b.Location)
+ })
+
+ return annots[0]
+}
+
+func rewriteRegoMetadataCalls(metadataChainVar *Var, metadataRuleVar *Var, body Body, rewrittenVars *map[Var]Var) Errors {
+ var errs Errors
+
+ WalkClosures(body, func(x any) bool {
+ switch x := x.(type) {
+ case *ArrayComprehension:
+ errs = rewriteRegoMetadataCalls(metadataChainVar, metadataRuleVar, x.Body, rewrittenVars)
+ case *SetComprehension:
+ errs = rewriteRegoMetadataCalls(metadataChainVar, metadataRuleVar, x.Body, rewrittenVars)
+ case *ObjectComprehension:
+ errs = rewriteRegoMetadataCalls(metadataChainVar, metadataRuleVar, x.Body, rewrittenVars)
+ case *Every:
+ errs = rewriteRegoMetadataCalls(metadataChainVar, metadataRuleVar, x.Body, rewrittenVars)
+ }
+ return true
+ })
+
+ for i := range body {
+ expr := body[i]
+ var metadataVar Var
+
+ if metadataChainVar != nil && isRegoMetadataChainCall(expr) {
+ metadataVar = *metadataChainVar
+ } else if metadataRuleVar != nil && isRegoMetadataRuleCall(expr) {
+ metadataVar = *metadataRuleVar
+ } else {
+ continue
+ }
+
+ // NOTE(johanfylling): An alternative strategy would be to walk the body and replace all operands[0]
+ // usages with *metadataChainVar
+ operands := expr.Operands()
+ var newExpr *Expr
+ if len(operands) > 0 { // There is an output var to rewrite
+ rewrittenVar := operands[0]
+ newExpr = Equality.Expr(rewrittenVar, NewTerm(metadataVar))
+ } else { // No output var, just rewrite expr to metadataVar
+ newExpr = NewExpr(NewTerm(metadataVar))
+ }
+
+ newExpr.Generated = true
+ newExpr.Location = expr.Location
+ body.Set(newExpr, i)
+ }
+
+ return errs
+}
+
+var regoMetadataChainRef = RegoMetadataChain.Ref()
+var regoMetadataRuleRef = RegoMetadataRule.Ref()
+
+func isRegoMetadataChainCall(x *Expr) bool {
+ return x.IsCall() && x.Operator().Equal(regoMetadataChainRef)
+}
+
+func isRegoMetadataRuleCall(x *Expr) bool {
+ return x.IsCall() && x.Operator().Equal(regoMetadataRuleRef)
+}
+
+func createMetadataChain(chain []*AnnotationsRef) (*Term, *Error) {
+
+ metaArray := NewArray()
+ for _, link := range chain {
+ // Dropping leading 'data' element of path
+ p := link.Path[1:].toArray()
+ obj := NewObject(Item(InternedStringTerm("path"), NewTerm(p)))
+ if link.Annotations != nil {
+ annotObj, err := link.Annotations.toObject()
+ if err != nil {
+ return nil, err
+ }
+ obj.Insert(InternedStringTerm("annotations"), NewTerm(*annotObj))
+ }
+ metaArray = metaArray.Append(NewTerm(obj))
+ }
+
+ return NewTerm(metaArray), nil
+}
+
+func (c *Compiler) rewriteLocalVars() {
+
+ var assignment bool
+
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ gen := c.localvargen
+
+ WalkRules(mod, func(rule *Rule) bool {
+ argsStack := newLocalDeclaredVars()
+
+ args := NewVarVisitor()
+ if c.strict {
+ args.Walk(rule.Head.Args)
+ }
+ unusedArgs := args.Vars()
+
+ c.rewriteLocalArgVars(gen, argsStack, rule)
+
+ // Rewrite local vars in each else-branch of the rule.
+ // Note: this is done instead of a walk so that we can capture any unused function arguments
+ // across else-branches.
+ for rule := rule; rule != nil; rule = rule.Else {
+ stack, errs := c.rewriteLocalVarsInRule(rule, unusedArgs, argsStack, gen)
+ if stack.assignment {
+ assignment = true
+ }
+
+ for arg := range unusedArgs {
+ if stack.Count(arg) > 1 {
+ delete(unusedArgs, arg)
+ }
+ }
+
+ for _, err := range errs {
+ c.err(err)
+ }
+ }
+
+ if c.strict {
+ // Report an error for each unused function argument
+ for arg := range unusedArgs {
+ if !arg.IsWildcard() {
+ c.err(NewError(CompileErr, rule.Head.Location, "unused argument %v. (hint: use _ (wildcard variable) instead)", arg))
+ }
+ }
+ }
+
+ return true
+ })
+ }
+
+ if assignment {
+ c.Required.addBuiltinSorted(Assign)
+ }
+}
+
+func (c *Compiler) rewriteLocalVarsInRule(rule *Rule, unusedArgs VarSet, argsStack *localDeclaredVars, gen *localVarGenerator) (*localDeclaredVars, Errors) {
+ // Rewrite assignments contained in head of rule. Assignments can
+ // occur in rule head if they're inside a comprehension. Note,
+ // assigned vars in comprehensions in the head will be rewritten
+ // first to preserve scoping rules. For example:
+ //
+ // p = [x | x := 1] { x := 2 } becomes p = [__local0__ | __local0__ = 1] { __local1__ = 2 }
+ //
+ // This behaviour is consistent scoping inside the body. For example:
+ //
+ // p = xs { x := 2; xs = [x | x := 1] } becomes p = xs { __local0__ = 2; xs = [__local1__ | __local1__ = 1] }
+ nestedXform := &rewriteNestedHeadVarLocalTransform{
+ gen: gen,
+ RewrittenVars: c.RewrittenVars,
+ strict: c.strict,
+ }
+
+ NewGenericVisitor(nestedXform.Visit).Walk(rule.Head)
+
+ for _, err := range nestedXform.errs {
+ c.err(err)
+ }
+
+ // Rewrite assignments in body.
+ used := NewVarSet()
+
+ for _, t := range rule.Head.Ref()[1:] {
+ used.Update(t.Vars())
+ }
+
+ if rule.Head.Key != nil {
+ used.Update(rule.Head.Key.Vars())
+ }
+
+ if rule.Head.Value != nil {
+ valueVars := rule.Head.Value.Vars()
+ used.Update(valueVars)
+ for arg := range unusedArgs {
+ if valueVars.Contains(arg) {
+ delete(unusedArgs, arg)
+ }
+ }
+ }
+
+ stack := argsStack.Copy()
+
+ body, declared, errs := rewriteLocalVars(gen, stack, used, rule.Body, c.strict)
+
+ // For rewritten vars use the collection of all variables that
+ // were in the stack at some point in time.
+ maps.Copy(c.RewrittenVars, stack.rewritten)
+
+ rule.Body = body
+
+ // Rewrite vars in head that refer to locally declared vars in the body.
+ localXform := rewriteHeadVarLocalTransform{declared: declared}
+
+ for i := range rule.Head.Args {
+ rule.Head.Args[i], _ = transformTerm(localXform, rule.Head.Args[i])
+ }
+
+ for i := 1; i < len(rule.Head.Ref()); i++ {
+ rule.Head.Reference[i], _ = transformTerm(localXform, rule.Head.Ref()[i])
+ }
+ if rule.Head.Key != nil {
+ rule.Head.Key, _ = transformTerm(localXform, rule.Head.Key)
+ }
+
+ if rule.Head.Value != nil {
+ rule.Head.Value, _ = transformTerm(localXform, rule.Head.Value)
+ }
+ return stack, errs
+}
+
+type rewriteNestedHeadVarLocalTransform struct {
+ gen *localVarGenerator
+ errs Errors
+ RewrittenVars map[Var]Var
+ strict bool
+}
+
+func (xform *rewriteNestedHeadVarLocalTransform) Visit(x any) bool {
+
+ if term, ok := x.(*Term); ok {
+
+ stop := false
+ stack := newLocalDeclaredVars()
+
+ switch x := term.Value.(type) {
+ case *object:
+ cpy, _ := x.Map(func(k, v *Term) (*Term, *Term, error) {
+ kcpy := k.Copy()
+ NewGenericVisitor(xform.Visit).Walk(kcpy)
+ vcpy := v.Copy()
+ NewGenericVisitor(xform.Visit).Walk(vcpy)
+ return kcpy, vcpy, nil
+ })
+ term.Value = cpy
+ stop = true
+ case *set:
+ cpy, _ := x.Map(func(v *Term) (*Term, error) {
+ vcpy := v.Copy()
+ NewGenericVisitor(xform.Visit).Walk(vcpy)
+ return vcpy, nil
+ })
+ term.Value = cpy
+ stop = true
+ case *ArrayComprehension:
+ xform.errs = rewriteDeclaredVarsInArrayComprehension(xform.gen, stack, x, xform.errs, xform.strict)
+ stop = true
+ case *SetComprehension:
+ xform.errs = rewriteDeclaredVarsInSetComprehension(xform.gen, stack, x, xform.errs, xform.strict)
+ stop = true
+ case *ObjectComprehension:
+ xform.errs = rewriteDeclaredVarsInObjectComprehension(xform.gen, stack, x, xform.errs, xform.strict)
+ stop = true
+ }
+
+ maps.Copy(xform.RewrittenVars, stack.rewritten)
+
+ return stop
+ }
+
+ return false
+}
+
+type rewriteHeadVarLocalTransform struct {
+ declared map[Var]Var
+}
+
+func (xform rewriteHeadVarLocalTransform) Transform(x any) (any, error) {
+ if v, ok := x.(Var); ok {
+ if gv, ok := xform.declared[v]; ok {
+ return gv, nil
+ }
+ }
+ return x, nil
+}
+
+func (c *Compiler) rewriteLocalArgVars(gen *localVarGenerator, stack *localDeclaredVars, rule *Rule) {
+
+ vis := &ruleArgLocalRewriter{
+ stack: stack,
+ gen: gen,
+ }
+
+ for i := range rule.Head.Args {
+ Walk(vis, rule.Head.Args[i])
+ }
+
+ for i := range vis.errs {
+ c.err(vis.errs[i])
+ }
+}
+
+type ruleArgLocalRewriter struct {
+ stack *localDeclaredVars
+ gen *localVarGenerator
+ errs []*Error
+}
+
+func (vis *ruleArgLocalRewriter) Visit(x any) Visitor {
+
+ t, ok := x.(*Term)
+ if !ok {
+ return vis
+ }
+
+ switch v := t.Value.(type) {
+ case Var:
+ gv, ok := vis.stack.Declared(v)
+ if ok {
+ vis.stack.Seen(v)
+ } else {
+ gv = vis.gen.Generate()
+ vis.stack.Insert(v, gv, argVar)
+ }
+ t.Value = gv
+ return nil
+ case *object:
+ if cpy, err := v.Map(func(k, v *Term) (*Term, *Term, error) {
+ vcpy := v.Copy()
+ Walk(vis, vcpy)
+ return k, vcpy, nil
+ }); err != nil {
+ vis.errs = append(vis.errs, NewError(CompileErr, t.Location, err.Error())) //nolint:govet
+ } else {
+ t.Value = cpy
+ }
+ return nil
+ case Null, Boolean, Number, String, *ArrayComprehension, *SetComprehension, *ObjectComprehension, Set:
+ // Scalars are no-ops. Comprehensions are handled above. Sets must not
+ // contain variables.
+ return nil
+ case Call:
+ vis.errs = append(vis.errs, NewError(CompileErr, t.Location, "rule arguments cannot contain calls"))
+ return nil
+ default:
+ // Recurse on refs and arrays. Any embedded
+ // variables can be rewritten.
+ return vis
+ }
+}
+
+func (c *Compiler) rewriteWithModifiers() {
+ f := newEqualityFactory(c.localvargen)
+ for _, name := range c.sorted {
+ mod := c.Modules[name]
+ t := NewGenericTransformer(func(x any) (any, error) {
+ body, ok := x.(Body)
+ if !ok {
+ return x, nil
+ }
+ body, err := rewriteWithModifiersInBody(c, c.unsafeBuiltinsMap, f, body)
+ if err != nil {
+ c.err(err)
+ }
+
+ return body, nil
+ })
+ _, _ = Transform(t, mod) // ignore error
+ }
+}
+
+func (c *Compiler) setModuleTree() {
+ c.ModuleTree = NewModuleTree(c.Modules)
+}
+
+func (c *Compiler) setRuleTree() {
+ c.RuleTree = NewRuleTree(c.ModuleTree)
+}
+
+func (c *Compiler) setGraph() {
+ list := func(r Ref) []*Rule {
+ return c.GetRulesDynamicWithOpts(r, RulesOptions{IncludeHiddenModules: true})
+ }
+ c.Graph = NewGraph(c.Modules, list)
+}
+
+type queryCompiler struct {
+ compiler *Compiler
+ qctx *QueryContext
+ typeEnv *TypeEnv
+ rewritten map[Var]Var
+ after map[string][]QueryCompilerStageDefinition
+ unsafeBuiltins map[string]struct{}
+ comprehensionIndices map[*Term]*ComprehensionIndex
+ enablePrintStatements bool
+}
+
+func newQueryCompiler(compiler *Compiler) QueryCompiler {
+ qc := &queryCompiler{
+ compiler: compiler,
+ qctx: nil,
+ after: map[string][]QueryCompilerStageDefinition{},
+ comprehensionIndices: map[*Term]*ComprehensionIndex{},
+ }
+ return qc
+}
+
+func (qc *queryCompiler) WithStrict(strict bool) QueryCompiler {
+ qc.compiler.WithStrict(strict)
+ return qc
+}
+
+func (qc *queryCompiler) WithEnablePrintStatements(yes bool) QueryCompiler {
+ qc.enablePrintStatements = yes
+ return qc
+}
+
+func (qc *queryCompiler) WithContext(qctx *QueryContext) QueryCompiler {
+ qc.qctx = qctx
+ return qc
+}
+
+func (qc *queryCompiler) WithStageAfter(after string, stage QueryCompilerStageDefinition) QueryCompiler {
+ qc.after[after] = append(qc.after[after], stage)
+ return qc
+}
+
+func (qc *queryCompiler) WithUnsafeBuiltins(unsafe map[string]struct{}) QueryCompiler {
+ qc.unsafeBuiltins = unsafe
+ return qc
+}
+
+func (qc *queryCompiler) RewrittenVars() map[Var]Var {
+ return qc.rewritten
+}
+
+func (qc *queryCompiler) ComprehensionIndex(term *Term) *ComprehensionIndex {
+ if result, ok := qc.comprehensionIndices[term]; ok {
+ return result
+ } else if result, ok := qc.compiler.comprehensionIndices[term]; ok {
+ return result
+ }
+ return nil
+}
+
+func (qc *queryCompiler) runStage(metricName string, qctx *QueryContext, query Body, s func(*QueryContext, Body) (Body, error)) (Body, error) {
+ if qc.compiler.metrics != nil {
+ qc.compiler.metrics.Timer(metricName).Start()
+ defer qc.compiler.metrics.Timer(metricName).Stop()
+ }
+ return s(qctx, query)
+}
+
+func (qc *queryCompiler) runStageAfter(metricName string, query Body, s QueryCompilerStage) (Body, error) {
+ if qc.compiler.metrics != nil {
+ qc.compiler.metrics.Timer(metricName).Start()
+ defer qc.compiler.metrics.Timer(metricName).Stop()
+ }
+ return s(qc, query)
+}
+
+type queryStage = struct {
+ name string
+ metricName string
+ f func(*QueryContext, Body) (Body, error)
+}
+
+func (qc *queryCompiler) Compile(query Body) (Body, error) {
+ if len(query) == 0 {
+ return nil, Errors{NewError(CompileErr, nil, "empty query cannot be compiled")}
+ }
+
+ query = query.Copy()
+
+ stages := []queryStage{
+ {"CheckKeywordOverrides", "query_compile_stage_check_keyword_overrides", qc.checkKeywordOverrides},
+ {"ResolveRefs", "query_compile_stage_resolve_refs", qc.resolveRefs},
+ {"RewriteLocalVars", "query_compile_stage_rewrite_local_vars", qc.rewriteLocalVars},
+ {"CheckVoidCalls", "query_compile_stage_check_void_calls", qc.checkVoidCalls},
+ {"RewritePrintCalls", "query_compile_stage_rewrite_print_calls", qc.rewritePrintCalls},
+ {"RewriteExprTerms", "query_compile_stage_rewrite_expr_terms", qc.rewriteExprTerms},
+ {"RewriteComprehensionTerms", "query_compile_stage_rewrite_comprehension_terms", qc.rewriteComprehensionTerms},
+ {"RewriteWithValues", "query_compile_stage_rewrite_with_values", qc.rewriteWithModifiers},
+ {"CheckUndefinedFuncs", "query_compile_stage_check_undefined_funcs", qc.checkUndefinedFuncs},
+ {"CheckSafety", "query_compile_stage_check_safety", qc.checkSafety},
+ {"RewriteDynamicTerms", "query_compile_stage_rewrite_dynamic_terms", qc.rewriteDynamicTerms},
+ {"CheckTypes", "query_compile_stage_check_types", qc.checkTypes},
+ {"CheckUnsafeBuiltins", "query_compile_stage_check_unsafe_builtins", qc.checkUnsafeBuiltins},
+ {"CheckDeprecatedBuiltins", "query_compile_stage_check_deprecated_builtins", qc.checkDeprecatedBuiltins},
+ }
+ if qc.compiler.evalMode == EvalModeTopdown {
+ stages = append(stages, queryStage{"BuildComprehensionIndex", "query_compile_stage_build_comprehension_index", qc.buildComprehensionIndices})
+ }
+
+ qctx := qc.qctx.Copy()
+
+ for _, s := range stages {
+ var err error
+ query, err = qc.runStage(s.metricName, qctx, query, s.f)
+ if err != nil {
+ return nil, qc.applyErrorLimit(err)
+ }
+ for _, s := range qc.after[s.name] {
+ query, err = qc.runStageAfter(s.MetricName, query, s.Stage)
+ if err != nil {
+ return nil, qc.applyErrorLimit(err)
+ }
+ }
+ }
+
+ return query, nil
+}
+
+func (qc *queryCompiler) TypeEnv() *TypeEnv {
+ return qc.typeEnv
+}
+
+func (qc *queryCompiler) applyErrorLimit(err error) error {
+ var errs Errors
+ if errors.As(err, &errs) {
+ if qc.compiler.maxErrs > 0 && len(errs) > qc.compiler.maxErrs {
+ err = append(errs[:qc.compiler.maxErrs], errLimitReached)
+ }
+ }
+ return err
+}
+
+func (qc *queryCompiler) checkKeywordOverrides(_ *QueryContext, body Body) (Body, error) {
+ if qc.compiler.strict {
+ if errs := checkRootDocumentOverrides(body); len(errs) > 0 {
+ return nil, errs
+ }
+ }
+ return body, nil
+}
+
+func (qc *queryCompiler) resolveRefs(qctx *QueryContext, body Body) (Body, error) {
+
+ var globals map[Var]*usedRef
+
+ if qctx != nil {
+ pkg := qctx.Package
+ // Query compiler ought to generate a package if one was not provided and one or more imports were provided.
+ // The generated package name could even be an empty string to avoid conflicts (it doesn't have to be valid syntactically)
+ if pkg == nil && len(qctx.Imports) > 0 {
+ pkg = &Package{Path: RefTerm(VarTerm("")).Value.(Ref)}
+ }
+ if pkg != nil {
+ var ruleExports []Ref
+ rules := qc.compiler.getExports()
+ if exist, ok := rules.Get(pkg.Path); ok {
+ ruleExports = exist
+ }
+
+ globals = getGlobals(qctx.Package, ruleExports, qctx.Imports)
+ qctx.Imports = nil
+ }
+ }
+
+ ignore := &declaredVarStack{declaredVars(body)}
+
+ return resolveRefsInBody(globals, ignore, body), nil
+}
+
+func (*queryCompiler) rewriteComprehensionTerms(_ *QueryContext, body Body) (Body, error) {
+ gen := newLocalVarGenerator("q", body)
+ f := newEqualityFactory(gen)
+ node, err := rewriteComprehensionTerms(f, body)
+ if err != nil {
+ return nil, err
+ }
+ return node.(Body), nil
+}
+
+func (*queryCompiler) rewriteDynamicTerms(_ *QueryContext, body Body) (Body, error) {
+ gen := newLocalVarGenerator("q", body)
+ f := newEqualityFactory(gen)
+ return rewriteDynamics(f, body), nil
+}
+
+func (*queryCompiler) rewriteExprTerms(_ *QueryContext, body Body) (Body, error) {
+ gen := newLocalVarGenerator("q", body)
+ return rewriteExprTermsInBody(gen, body), nil
+}
+
+func (qc *queryCompiler) rewriteLocalVars(_ *QueryContext, body Body) (Body, error) {
+ gen := newLocalVarGenerator("q", body)
+ stack := newLocalDeclaredVars()
+ body, _, err := rewriteLocalVars(gen, stack, nil, body, qc.compiler.strict)
+ if len(err) != 0 {
+ return nil, err
+ }
+
+ // The vars returned during the rewrite will include all seen vars,
+ // even if they're not declared with an assignment operation. We don't
+ // want to include these inside the rewritten set though.
+ qc.rewritten = maps.Clone(stack.rewritten)
+
+ return body, nil
+}
+
+func (qc *queryCompiler) rewritePrintCalls(_ *QueryContext, body Body) (Body, error) {
+ if !qc.enablePrintStatements {
+ _, cpy := erasePrintCallsInBody(body)
+ return cpy, nil
+ }
+ gen := newLocalVarGenerator("q", body)
+ if _, errs := rewritePrintCalls(gen, qc.compiler.GetArity, ReservedVars, body); len(errs) > 0 {
+ return nil, errs
+ }
+ return body, nil
+}
+
+func (qc *queryCompiler) checkVoidCalls(_ *QueryContext, body Body) (Body, error) {
+ if errs := checkVoidCalls(qc.compiler.TypeEnv, body); len(errs) > 0 {
+ return nil, errs
+ }
+ return body, nil
+}
+
+func (qc *queryCompiler) checkUndefinedFuncs(_ *QueryContext, body Body) (Body, error) {
+ if errs := checkUndefinedFuncs(qc.compiler.TypeEnv, body, qc.compiler.GetArity, qc.rewritten); len(errs) > 0 {
+ return nil, errs
+ }
+ return body, nil
+}
+
+func (qc *queryCompiler) checkSafety(_ *QueryContext, body Body) (Body, error) {
+ safe := ReservedVars.Copy()
+ reordered, unsafe := reorderBodyForSafety(qc.compiler.builtins, qc.compiler.GetArity, safe, body)
+ if errs := safetyErrorSlice(unsafe, qc.RewrittenVars()); len(errs) > 0 {
+ return nil, errs
+ }
+ return reordered, nil
+}
+
+func (qc *queryCompiler) checkTypes(_ *QueryContext, body Body) (Body, error) {
+ var errs Errors
+ checker := newTypeChecker().
+ WithSchemaSet(qc.compiler.schemaSet).
+ WithInputType(qc.compiler.inputType).
+ WithVarRewriter(rewriteVarsInRef(qc.rewritten, qc.compiler.RewrittenVars))
+ qc.typeEnv, errs = checker.CheckBody(qc.compiler.TypeEnv, body)
+ if len(errs) > 0 {
+ return nil, errs
+ }
+
+ return body, nil
+}
+
+func (qc *queryCompiler) checkUnsafeBuiltins(_ *QueryContext, body Body) (Body, error) {
+ errs := checkUnsafeBuiltins(qc.unsafeBuiltinsMap(), body)
+ if len(errs) > 0 {
+ return nil, errs
+ }
+ return body, nil
+}
+
+func (qc *queryCompiler) unsafeBuiltinsMap() map[string]struct{} {
+ if qc.unsafeBuiltins != nil {
+ return qc.unsafeBuiltins
+ }
+ return qc.compiler.unsafeBuiltinsMap
+}
+
+func (qc *queryCompiler) checkDeprecatedBuiltins(_ *QueryContext, body Body) (Body, error) {
+ if qc.compiler.strict {
+ errs := checkDeprecatedBuiltins(qc.compiler.deprecatedBuiltinsMap, body)
+ if len(errs) > 0 {
+ return nil, errs
+ }
+ }
+ return body, nil
+}
+
+func (qc *queryCompiler) rewriteWithModifiers(_ *QueryContext, body Body) (Body, error) {
+ f := newEqualityFactory(newLocalVarGenerator("q", body))
+ body, err := rewriteWithModifiersInBody(qc.compiler, qc.unsafeBuiltinsMap(), f, body)
+ if err != nil {
+ return nil, Errors{err}
+ }
+ return body, nil
+}
+
+func (qc *queryCompiler) buildComprehensionIndices(_ *QueryContext, body Body) (Body, error) {
+ // NOTE(tsandall): The query compiler does not have a metrics object so we
+ // cannot record index metrics currently.
+ _ = buildComprehensionIndices(qc.compiler.debug, qc.compiler.GetArity, ReservedVars, qc.RewrittenVars(), body, qc.comprehensionIndices)
+ return body, nil
+}
+
+// ComprehensionIndex specifies how the comprehension term can be indexed. The keys
+// tell the evaluator what variables to use for indexing. In the future, the index
+// could be expanded with more information that would allow the evaluator to index
+// a larger fragment of comprehensions (e.g., by closing over variables in the outer
+// query.)
+type ComprehensionIndex struct {
+ Term *Term
+ Keys []*Term
+}
+
+func (ci *ComprehensionIndex) String() string {
+ if ci == nil {
+ return ""
+ }
+ return fmt.Sprintf("", NewArray(ci.Keys...))
+}
+
+func buildComprehensionIndices(dbg debug.Debug, arity func(Ref) int, candidates VarSet, rwVars map[Var]Var, node any, result map[*Term]*ComprehensionIndex) uint64 {
+ var n uint64
+ cpy := candidates.Copy()
+ WalkBodies(node, func(b Body) bool {
+ for _, expr := range b {
+ index := getComprehensionIndex(dbg, arity, cpy, rwVars, expr)
+ if index != nil {
+ result[index.Term] = index
+ n++
+ }
+ // Any variables appearing in the expressions leading up to the comprehension
+ // are fair-game to be used as index keys.
+ cpy.Update(expr.Vars(VarVisitorParams{SkipClosures: true, SkipRefCallHead: true}))
+ }
+ return false
+ })
+ return n
+}
+
+func getComprehensionIndex(dbg debug.Debug, arity func(Ref) int, candidates VarSet, rwVars map[Var]Var, expr *Expr) *ComprehensionIndex {
+
+ // Ignore everything except = expressions. Extract
+ // the comprehension term from the expression.
+ if !expr.IsEquality() || expr.Negated || len(expr.With) > 0 {
+ // No debug message, these are assumed to be known hinderances
+ // to comprehension indexing.
+ return nil
+ }
+
+ var term *Term
+
+ lhs, rhs := expr.Operand(0), expr.Operand(1)
+
+ if _, ok := lhs.Value.(Var); ok && IsComprehension(rhs.Value) {
+ term = rhs
+ } else if _, ok := rhs.Value.(Var); ok && IsComprehension(lhs.Value) {
+ term = lhs
+ }
+
+ if term == nil {
+ // no debug for this, it's the ordinary "nothing to do here" case
+ return nil
+ }
+
+ // Ignore comprehensions that contain expressions that close over variables
+ // in the outer body if those variables are not also output variables in the
+ // comprehension body. In other words, ignore comprehensions that we cannot
+ // safely evaluate without bindings from the outer body. For example:
+ //
+ // x = [1]
+ // [true | data.y[z] = x] # safe to evaluate w/o outer body
+ // [true | data.y[z] = x[0]] # NOT safe to evaluate because 'x' would be unsafe.
+ //
+ // By identifying output variables in the body we also know what to index on by
+ // intersecting with candidate variables from the outer query.
+ //
+ // For example:
+ //
+ // x = data.foo[_]
+ // _ = [y | data.bar[y] = x] # index on 'x'
+ //
+ // This query goes from O(data.foo*data.bar) to O(data.foo+data.bar).
+ var body Body
+
+ switch x := term.Value.(type) {
+ case *ArrayComprehension:
+ body = x.Body
+ case *SetComprehension:
+ body = x.Body
+ case *ObjectComprehension:
+ body = x.Body
+ }
+
+ outputs := outputVarsForBody(body, arity, ReservedVars)
+ unsafe := body.Vars(SafetyCheckVisitorParams).Diff(outputs).Diff(ReservedVars)
+
+ if len(unsafe) > 0 {
+ dbg.Printf("%s: comprehension index: unsafe vars: %v", expr.Location, unsafe)
+ return nil
+ }
+
+ // Similarly, ignore comprehensions that contain references with output variables
+ // that intersect with the candidates. Indexing these comprehensions could worsen
+ // performance.
+ regressionVis := newComprehensionIndexRegressionCheckVisitor(candidates)
+ regressionVis.Walk(body)
+ if regressionVis.worse {
+ dbg.Printf("%s: comprehension index: output vars intersect candidates", expr.Location)
+ return nil
+ }
+
+ // Check if any nested comprehensions close over candidates. If any intersection is found
+ // the comprehension cannot be cached because it would require closing over the candidates
+ // which the evaluator does not support today.
+ nestedVis := newComprehensionIndexNestedCandidateVisitor(candidates)
+ nestedVis.Walk(body)
+ if nestedVis.found {
+ dbg.Printf("%s: comprehension index: nested comprehensions close over candidates", expr.Location)
+ return nil
+ }
+
+ // Make a sorted set of variable names that will serve as the index key set.
+ // Sort to ensure deterministic indexing. In future this could be relaxed
+ // if we can decide that one ordering is better than another. If the set is
+ // empty, there is no indexing to do.
+ indexVars := candidates.Intersect(outputs)
+ if len(indexVars) == 0 {
+ dbg.Printf("%s: comprehension index: no index vars", expr.Location)
+ return nil
+ }
+
+ result := make([]*Term, 0, len(indexVars))
+
+ for v := range indexVars {
+ result = append(result, NewTerm(v))
+ }
+
+ slices.SortFunc(result, TermValueCompare)
+
+ debugRes := make([]*Term, len(result))
+ for i, r := range result {
+ if o, ok := rwVars[r.Value.(Var)]; ok {
+ debugRes[i] = NewTerm(o)
+ } else {
+ debugRes[i] = r
+ }
+ }
+ dbg.Printf("%s: comprehension index: built with keys: %v", expr.Location, debugRes)
+ return &ComprehensionIndex{Term: term, Keys: result}
+}
+
+type comprehensionIndexRegressionCheckVisitor struct {
+ candidates VarSet
+ seen VarSet
+ worse bool
+}
+
+// TODO(tsandall): Improve this so that users can either supply this list explicitly
+// or the information is maintained on the built-in function declaration. What we really
+// need to know is whether the built-in function allows callers to push down output
+// values or not. It's unlikely that anything outside of OPA does this today so this
+// solution is fine for now.
+var comprehensionIndexBlacklist = map[string]int{
+ WalkBuiltin.Name: len(WalkBuiltin.Decl.FuncArgs().Args),
+}
+
+func newComprehensionIndexRegressionCheckVisitor(candidates VarSet) *comprehensionIndexRegressionCheckVisitor {
+ return &comprehensionIndexRegressionCheckVisitor{
+ candidates: candidates,
+ seen: NewVarSet(),
+ }
+}
+
+func (vis *comprehensionIndexRegressionCheckVisitor) Walk(x any) {
+ NewGenericVisitor(vis.visit).Walk(x)
+}
+
+func (vis *comprehensionIndexRegressionCheckVisitor) visit(x any) bool {
+ if !vis.worse {
+ switch x := x.(type) {
+ case *Expr:
+ operands := x.Operands()
+ if pos := comprehensionIndexBlacklist[x.Operator().String()]; pos > 0 && pos < len(operands) {
+ vis.assertEmptyIntersection(operands[pos].Vars())
+ }
+ case Ref:
+ vis.assertEmptyIntersection(x.OutputVars())
+ case Var:
+ vis.seen.Add(x)
+ // Always skip comprehensions. We do not have to visit their bodies here.
+ case *ArrayComprehension, *SetComprehension, *ObjectComprehension:
+ return true
+ }
+ }
+ return vis.worse
+}
+
+func (vis *comprehensionIndexRegressionCheckVisitor) assertEmptyIntersection(vs VarSet) {
+ for v := range vs {
+ if vis.candidates.Contains(v) && !vis.seen.Contains(v) {
+ vis.worse = true
+ return
+ }
+ }
+}
+
+type comprehensionIndexNestedCandidateVisitor struct {
+ candidates VarSet
+ found bool
+}
+
+func newComprehensionIndexNestedCandidateVisitor(candidates VarSet) *comprehensionIndexNestedCandidateVisitor {
+ return &comprehensionIndexNestedCandidateVisitor{
+ candidates: candidates,
+ }
+}
+
+func (vis *comprehensionIndexNestedCandidateVisitor) Walk(x any) {
+ NewGenericVisitor(vis.visit).Walk(x)
+}
+
+func (vis *comprehensionIndexNestedCandidateVisitor) visit(x any) bool {
+
+ if vis.found {
+ return true
+ }
+
+ if v, ok := x.(Value); ok && IsComprehension(v) {
+ varVis := NewVarVisitor().WithParams(VarVisitorParams{SkipRefHead: true})
+ varVis.Walk(v)
+ vis.found = len(varVis.Vars().Intersect(vis.candidates)) > 0
+ return true
+ }
+
+ return false
+}
+
+// ModuleTreeNode represents a node in the module tree. The module
+// tree is keyed by the package path.
+type ModuleTreeNode struct {
+ Key Value
+ Modules []*Module
+ Children map[Value]*ModuleTreeNode
+ Hide bool
+}
+
+func (n *ModuleTreeNode) String() string {
+ var rules []string
+ for _, m := range n.Modules {
+ for _, r := range m.Rules {
+ rules = append(rules, r.Head.String())
+ }
+ }
+ return fmt.Sprintf("", n.Key, n.Children, rules, n.Hide)
+}
+
+// NewModuleTree returns a new ModuleTreeNode that represents the root
+// of the module tree populated with the given modules.
+func NewModuleTree(mods map[string]*Module) *ModuleTreeNode {
+ root := &ModuleTreeNode{
+ Children: map[Value]*ModuleTreeNode{},
+ }
+ for _, name := range util.KeysSorted(mods) {
+ m := mods[name]
+ node := root
+ for i, x := range m.Package.Path {
+ c, ok := node.Children[x.Value]
+ if !ok {
+ var hide bool
+ if i == 1 && x.Value.Compare(SystemDocumentKey) == 0 {
+ hide = true
+ }
+ c = &ModuleTreeNode{
+ Key: x.Value,
+ Children: map[Value]*ModuleTreeNode{},
+ Hide: hide,
+ }
+ node.Children[x.Value] = c
+ }
+ node = c
+ }
+ node.Modules = append(node.Modules, m)
+ }
+ return root
+}
+
+// Size returns the number of modules in the tree.
+func (n *ModuleTreeNode) Size() int {
+ s := len(n.Modules)
+ for _, c := range n.Children {
+ s += c.Size()
+ }
+ return s
+}
+
+// Child returns n's child with key k.
+func (n *ModuleTreeNode) child(k Value) *ModuleTreeNode {
+ switch k.(type) {
+ case String, Var:
+ return n.Children[k]
+ }
+ return nil
+}
+
+// Find dereferences ref along the tree. ref[0] is converted to a String
+// for convenience.
+func (n *ModuleTreeNode) find(ref Ref) (*ModuleTreeNode, Ref) {
+ if v, ok := ref[0].Value.(Var); ok {
+ ref = Ref{StringTerm(string(v))}.Concat(ref[1:])
+ }
+ node := n
+ for i, r := range ref {
+ next := node.child(r.Value)
+ if next == nil {
+ tail := make(Ref, len(ref)-i)
+ tail[0] = VarTerm(string(ref[i].Value.(String)))
+ copy(tail[1:], ref[i+1:])
+ return node, tail
+ }
+ node = next
+ }
+ return node, nil
+}
+
+// DepthFirst performs a depth-first traversal of the module tree rooted at n.
+// If f returns true, traversal will not continue to the children of n.
+func (n *ModuleTreeNode) DepthFirst(f func(*ModuleTreeNode) bool) {
+ if f(n) {
+ return
+ }
+ for _, node := range n.Children {
+ node.DepthFirst(f)
+ }
+}
+
+// TreeNode represents a node in the rule tree. The rule tree is keyed by
+// rule path.
+type TreeNode struct {
+ Key Value
+ Values []any
+ Children map[Value]*TreeNode
+ Sorted []Value
+ Hide bool
+}
+
+func (n *TreeNode) String() string {
+ return fmt.Sprintf("", n.Key, n.Values, n.Sorted, n.Hide)
+}
+
+// NewRuleTree returns a new TreeNode that represents the root
+// of the rule tree populated with the given rules.
+func NewRuleTree(mtree *ModuleTreeNode) *TreeNode {
+ root := TreeNode{
+ Key: mtree.Key,
+ }
+
+ mtree.DepthFirst(func(m *ModuleTreeNode) bool {
+ for _, mod := range m.Modules {
+ if len(mod.Rules) == 0 {
+ root.add(mod.Package.Path, nil)
+ }
+ for _, rule := range mod.Rules {
+ root.add(rule.Ref().GroundPrefix(), rule)
+ }
+ }
+ return false
+ })
+
+ // ensure that data.system's TreeNode is hidden
+ node, tail := root.find(DefaultRootRef.Append(NewTerm(SystemDocumentKey)))
+ if len(tail) == 0 { // found
+ node.Hide = true
+ }
+
+ root.DepthFirst(func(x *TreeNode) bool {
+ x.sort()
+ return false
+ })
+
+ return &root
+}
+
+func (n *TreeNode) add(path Ref, rule *Rule) {
+ node, tail := n.find(path)
+ if len(tail) > 0 {
+ sub := treeNodeFromRef(tail, rule)
+ if node.Children == nil {
+ node.Children = make(map[Value]*TreeNode, 1)
+ }
+ node.Children[sub.Key] = sub
+ node.Sorted = append(node.Sorted, sub.Key)
+ } else if rule != nil {
+ node.Values = append(node.Values, rule)
+ }
+}
+
+// Size returns the number of rules in the tree.
+func (n *TreeNode) Size() int {
+ s := len(n.Values)
+ for _, c := range n.Children {
+ s += c.Size()
+ }
+ return s
+}
+
+// Child returns n's child with key k.
+func (n *TreeNode) Child(k Value) *TreeNode {
+ switch k.(type) {
+ case Ref, Call:
+ return nil
+ default:
+ return n.Children[k]
+ }
+}
+
+// Find dereferences ref along the tree
+func (n *TreeNode) Find(ref Ref) *TreeNode {
+ node := n
+ for _, r := range ref {
+ node = node.Child(r.Value)
+ if node == nil {
+ return nil
+ }
+ }
+ return node
+}
+
+// Iteratively dereferences ref along the node's subtree.
+// - If matching fails immediately, the tail will contain the full ref.
+// - Partial matching will result in a tail of non-zero length.
+// - A complete match will result in a 0 length tail.
+func (n *TreeNode) find(ref Ref) (*TreeNode, Ref) {
+ node := n
+ for i := range ref {
+ next := node.Child(ref[i].Value)
+ if next == nil {
+ tail := make(Ref, len(ref)-i)
+ copy(tail, ref[i:])
+ return node, tail
+ }
+ node = next
+ }
+ return node, nil
+}
+
+// DepthFirst performs a depth-first traversal of the rule tree rooted at n. If
+// f returns true, traversal will not continue to the children of n.
+func (n *TreeNode) DepthFirst(f func(*TreeNode) bool) {
+ if f(n) {
+ return
+ }
+ for _, node := range n.Children {
+ node.DepthFirst(f)
+ }
+}
+
+func (n *TreeNode) sort() {
+ slices.SortFunc(n.Sorted, Value.Compare)
+}
+
+func treeNodeFromRef(ref Ref, rule *Rule) *TreeNode {
+ depth := len(ref) - 1
+ key := ref[depth].Value
+ node := &TreeNode{
+ Key: key,
+ Children: nil,
+ }
+ if rule != nil {
+ node.Values = []any{rule}
+ }
+
+ for i := len(ref) - 2; i >= 0; i-- {
+ key := ref[i].Value
+ node = &TreeNode{
+ Key: key,
+ Children: map[Value]*TreeNode{ref[i+1].Value: node},
+ Sorted: []Value{ref[i+1].Value},
+ }
+ }
+ return node
+}
+
+// flattenChildren flattens all children's rule refs into a sorted array.
+func (n *TreeNode) flattenChildren() []Ref {
+ ret := newRefSet()
+ for _, sub := range n.Children { // we only want the children, so don't use n.DepthFirst() right away
+ sub.DepthFirst(func(x *TreeNode) bool {
+ for _, r := range x.Values {
+ rule := r.(*Rule)
+ ret.AddPrefix(rule.Ref())
+ }
+ return false
+ })
+ }
+
+ slices.SortFunc(ret.s, RefCompare)
+ return ret.s
+}
+
+// Graph represents the graph of dependencies between rules.
+type Graph struct {
+ adj map[util.T]map[util.T]struct{}
+ radj map[util.T]map[util.T]struct{}
+ nodes map[util.T]struct{}
+ sorted []util.T
+}
+
+// NewGraph returns a new Graph based on modules. The list function must return
+// the rules referred to directly by the ref.
+func NewGraph(modules map[string]*Module, list func(Ref) []*Rule) *Graph {
+
+ graph := &Graph{
+ adj: map[util.T]map[util.T]struct{}{},
+ radj: map[util.T]map[util.T]struct{}{},
+ nodes: map[util.T]struct{}{},
+ sorted: nil,
+ }
+
+ // Create visitor to walk a rule AST and add edges to the rule graph for
+ // each dependency.
+ vis := func(a *Rule) *GenericVisitor {
+ stop := false
+ return NewGenericVisitor(func(x any) bool {
+ switch x := x.(type) {
+ case Ref:
+ for _, b := range list(x) {
+ for node := b; node != nil; node = node.Else {
+ graph.addDependency(a, node)
+ }
+ }
+ case *Rule:
+ if stop {
+ // Do not recurse into else clauses (which will be handled
+ // by the outer visitor.)
+ return true
+ }
+ stop = true
+ }
+ return false
+ })
+ }
+
+ // Walk over all rules, add them to graph, and build adjacency lists.
+ for _, module := range modules {
+ WalkRules(module, func(a *Rule) bool {
+ graph.addNode(a)
+ vis(a).Walk(a)
+ return false
+ })
+ }
+
+ return graph
+}
+
+// Dependencies returns the set of rules that x depends on.
+func (g *Graph) Dependencies(x util.T) map[util.T]struct{} {
+ return g.adj[x]
+}
+
+// Dependents returns the set of rules that depend on x.
+func (g *Graph) Dependents(x util.T) map[util.T]struct{} {
+ return g.radj[x]
+}
+
+// Sort returns a slice of rules sorted by dependencies. If a cycle is found,
+// ok is set to false.
+func (g *Graph) Sort() (sorted []util.T, ok bool) {
+ if g.sorted != nil {
+ return g.sorted, true
+ }
+
+ sorter := &graphSort{
+ sorted: make([]util.T, 0, len(g.nodes)),
+ deps: g.Dependencies,
+ marked: map[util.T]struct{}{},
+ temp: map[util.T]struct{}{},
+ }
+
+ for node := range g.nodes {
+ if !sorter.Visit(node) {
+ return nil, false
+ }
+ }
+
+ g.sorted = sorter.sorted
+ return g.sorted, true
+}
+
+func (g *Graph) addDependency(u util.T, v util.T) {
+
+ if _, ok := g.nodes[u]; !ok {
+ g.addNode(u)
+ }
+
+ if _, ok := g.nodes[v]; !ok {
+ g.addNode(v)
+ }
+
+ edges, ok := g.adj[u]
+ if !ok {
+ edges = map[util.T]struct{}{}
+ g.adj[u] = edges
+ }
+
+ edges[v] = struct{}{}
+
+ edges, ok = g.radj[v]
+ if !ok {
+ edges = map[util.T]struct{}{}
+ g.radj[v] = edges
+ }
+
+ edges[u] = struct{}{}
+}
+
+func (g *Graph) addNode(n util.T) {
+ g.nodes[n] = struct{}{}
+}
+
+type graphSort struct {
+ sorted []util.T
+ deps func(util.T) map[util.T]struct{}
+ marked map[util.T]struct{}
+ temp map[util.T]struct{}
+}
+
+func (sort *graphSort) Marked(node util.T) bool {
+ _, marked := sort.marked[node]
+ return marked
+}
+
+func (sort *graphSort) Visit(node util.T) (ok bool) {
+ if _, ok := sort.temp[node]; ok {
+ return false
+ }
+ if sort.Marked(node) {
+ return true
+ }
+ sort.temp[node] = struct{}{}
+ for other := range sort.deps(node) {
+ if !sort.Visit(other) {
+ return false
+ }
+ }
+ sort.marked[node] = struct{}{}
+ delete(sort.temp, node)
+ sort.sorted = append(sort.sorted, node)
+ return true
+}
+
+// GraphTraversal is a Traversal that understands the dependency graph
+type GraphTraversal struct {
+ graph *Graph
+ visited map[util.T]struct{}
+}
+
+// NewGraphTraversal returns a Traversal for the dependency graph
+func NewGraphTraversal(graph *Graph) *GraphTraversal {
+ return &GraphTraversal{
+ graph: graph,
+ visited: map[util.T]struct{}{},
+ }
+}
+
+// Edges lists all dependency connections for a given node
+func (g *GraphTraversal) Edges(x util.T) []util.T {
+ r := []util.T{}
+ for v := range g.graph.Dependencies(x) {
+ r = append(r, v)
+ }
+ return r
+}
+
+// Visited returns whether a node has been visited, setting a node to visited if not
+func (g *GraphTraversal) Visited(u util.T) bool {
+ _, ok := g.visited[u]
+ g.visited[u] = struct{}{}
+ return ok
+}
+
+type unsafePair struct {
+ Expr *Expr
+ Vars VarSet
+}
+
+type unsafeVarLoc struct {
+ Var Var
+ Loc *Location
+}
+
+type unsafeVars map[*Expr]VarSet
+
+func (vs unsafeVars) Add(e *Expr, v Var) {
+ if u, ok := vs[e]; ok {
+ u[v] = struct{}{}
+ } else {
+ vs[e] = VarSet{v: struct{}{}}
+ }
+}
+
+func (vs unsafeVars) Set(e *Expr, s VarSet) {
+ vs[e] = s
+}
+
+func (vs unsafeVars) Update(o unsafeVars) {
+ for k, v := range o {
+ if _, ok := vs[k]; !ok {
+ vs[k] = VarSet{}
+ }
+ vs[k].Update(v)
+ }
+}
+
+func (vs unsafeVars) Vars() (result []unsafeVarLoc) {
+
+ locs := map[Var]*Location{}
+
+ // If var appears in multiple sets then pick first by location.
+ for expr, vars := range vs {
+ for v := range vars {
+ if locs[v].Compare(expr.Location) > 0 {
+ locs[v] = expr.Location
+ }
+ }
+ }
+
+ for v, loc := range locs {
+ result = append(result, unsafeVarLoc{
+ Var: v,
+ Loc: loc,
+ })
+ }
+
+ slices.SortFunc(result, func(a, b unsafeVarLoc) int {
+ return a.Loc.Compare(b.Loc)
+ })
+
+ return result
+}
+
+func (vs unsafeVars) Slice() (result []unsafePair) {
+ for expr, vs := range vs {
+ result = append(result, unsafePair{
+ Expr: expr,
+ Vars: vs,
+ })
+ }
+ return
+}
+
+// reorderBodyForSafety returns a copy of the body ordered such that
+// left to right evaluation of the body will not encounter unbound variables
+// in input positions or negated expressions.
+//
+// Expressions are added to the re-ordered body as soon as they are considered
+// safe. If multiple expressions become safe in the same pass, they are added
+// in their original order. This results in minimal re-ordering of the body.
+//
+// If the body cannot be reordered to ensure safety, the second return value
+// contains a mapping of expressions to unsafe variables in those expressions.
+func reorderBodyForSafety(builtins map[string]*Builtin, arity func(Ref) int, globals VarSet, body Body) (Body, unsafeVars) {
+
+ bodyVars := body.Vars(SafetyCheckVisitorParams)
+ reordered := make(Body, 0, len(body))
+ safe := VarSet{}
+ unsafe := unsafeVars{}
+
+ for _, e := range body {
+ for v := range e.Vars(SafetyCheckVisitorParams) {
+ if globals.Contains(v) {
+ safe.Add(v)
+ } else {
+ unsafe.Add(e, v)
+ }
+ }
+ }
+
+ for {
+ n := len(reordered)
+
+ for _, e := range body {
+ if reordered.Contains(e) {
+ continue
+ }
+
+ ovs := outputVarsForExpr(e, arity, safe)
+
+ // check closures: is this expression closing over variables that
+ // haven't been made safe by what's already included in `reordered`?
+ vs := unsafeVarsInClosures(e)
+ cv := vs.Intersect(bodyVars).Diff(globals)
+ uv := cv.Diff(outputVarsForBody(reordered, arity, safe))
+
+ if len(uv) > 0 {
+ if uv.Equal(ovs) { // special case "closure-self"
+ continue
+ }
+ unsafe.Set(e, uv)
+ }
+
+ for v := range unsafe[e] {
+ if ovs.Contains(v) || safe.Contains(v) {
+ delete(unsafe[e], v)
+ }
+ }
+
+ if len(unsafe[e]) == 0 {
+ delete(unsafe, e)
+ reordered.Append(e)
+ safe.Update(ovs) // this expression's outputs are safe
+ }
+ }
+
+ if len(reordered) == n { // fixed point, could not add any expr of body
+ break
+ }
+ }
+
+ // Recursively visit closures and perform the safety checks on them.
+ // Update the globals at each expression to include the variables that could
+ // be closed over.
+ g := globals.Copy()
+ for i, e := range reordered {
+ if i > 0 {
+ g.Update(reordered[i-1].Vars(SafetyCheckVisitorParams))
+ }
+ xform := &bodySafetyTransformer{
+ builtins: builtins,
+ arity: arity,
+ current: e,
+ globals: g,
+ unsafe: unsafe,
+ }
+ NewGenericVisitor(xform.Visit).Walk(e)
+ }
+
+ return reordered, unsafe
+}
+
+type bodySafetyTransformer struct {
+ builtins map[string]*Builtin
+ arity func(Ref) int
+ current *Expr
+ globals VarSet
+ unsafe unsafeVars
+}
+
+func (xform *bodySafetyTransformer) Visit(x any) bool {
+ switch term := x.(type) {
+ case *Term:
+ switch x := term.Value.(type) {
+ case *object:
+ cpy, _ := x.Map(func(k, v *Term) (*Term, *Term, error) {
+ kcpy := k.Copy()
+ NewGenericVisitor(xform.Visit).Walk(kcpy)
+ vcpy := v.Copy()
+ NewGenericVisitor(xform.Visit).Walk(vcpy)
+ return kcpy, vcpy, nil
+ })
+ term.Value = cpy
+ return true
+ case *set:
+ cpy, _ := x.Map(func(v *Term) (*Term, error) {
+ vcpy := v.Copy()
+ NewGenericVisitor(xform.Visit).Walk(vcpy)
+ return vcpy, nil
+ })
+ term.Value = cpy
+ return true
+ case *ArrayComprehension:
+ xform.reorderArrayComprehensionSafety(x)
+ return true
+ case *ObjectComprehension:
+ xform.reorderObjectComprehensionSafety(x)
+ return true
+ case *SetComprehension:
+ xform.reorderSetComprehensionSafety(x)
+ return true
+ }
+ case *Expr:
+ if ev, ok := term.Terms.(*Every); ok {
+ xform.globals.Update(ev.KeyValueVars())
+ ev.Body = xform.reorderComprehensionSafety(NewVarSet(), ev.Body)
+ return true
+ }
+ }
+ return false
+}
+
+func (xform *bodySafetyTransformer) reorderComprehensionSafety(tv VarSet, body Body) Body {
+ bv := body.Vars(SafetyCheckVisitorParams)
+ bv.Update(xform.globals)
+ uv := tv.Diff(bv)
+ for v := range uv {
+ xform.unsafe.Add(xform.current, v)
+ }
+
+ r, u := reorderBodyForSafety(xform.builtins, xform.arity, xform.globals, body)
+ if len(u) == 0 {
+ return r
+ }
+
+ xform.unsafe.Update(u)
+ return body
+}
+
+func (xform *bodySafetyTransformer) reorderArrayComprehensionSafety(ac *ArrayComprehension) {
+ ac.Body = xform.reorderComprehensionSafety(ac.Term.Vars(), ac.Body)
+}
+
+func (xform *bodySafetyTransformer) reorderObjectComprehensionSafety(oc *ObjectComprehension) {
+ tv := oc.Key.Vars()
+ tv.Update(oc.Value.Vars())
+ oc.Body = xform.reorderComprehensionSafety(tv, oc.Body)
+}
+
+func (xform *bodySafetyTransformer) reorderSetComprehensionSafety(sc *SetComprehension) {
+ sc.Body = xform.reorderComprehensionSafety(sc.Term.Vars(), sc.Body)
+}
+
+// unsafeVarsInClosures collects vars that are contained in closures within
+// this expression.
+func unsafeVarsInClosures(e *Expr) VarSet {
+ vs := VarSet{}
+ WalkClosures(e, func(x any) bool {
+ vis := &VarVisitor{vars: vs}
+ if ev, ok := x.(*Every); ok {
+ vis.Walk(ev.Body)
+ return true
+ }
+ vis.Walk(x)
+ return true
+ })
+ return vs
+}
+
+// OutputVarsFromBody returns all variables which are the "output" for
+// the given body. For safety checks this means that they would be
+// made safe by the body.
+func OutputVarsFromBody(c *Compiler, body Body, safe VarSet) VarSet {
+ return outputVarsForBody(body, c.GetArity, safe)
+}
+
+func outputVarsForBody(body Body, arity func(Ref) int, safe VarSet) VarSet {
+ o := safe.Copy()
+ for _, e := range body {
+ o.Update(outputVarsForExpr(e, arity, o))
+ }
+ return o.Diff(safe)
+}
+
+// OutputVarsFromExpr returns all variables which are the "output" for
+// the given expression. For safety checks this means that they would be
+// made safe by the expr.
+func OutputVarsFromExpr(c *Compiler, expr *Expr, safe VarSet) VarSet {
+ return outputVarsForExpr(expr, c.GetArity, safe)
+}
+
+func outputVarsForExpr(expr *Expr, arity func(Ref) int, safe VarSet) VarSet {
+
+ // Negated expressions must be safe.
+ if expr.Negated {
+ return VarSet{}
+ }
+
+ // With modifier inputs must be safe.
+ for _, with := range expr.With {
+ vis := NewVarVisitor().WithParams(SafetyCheckVisitorParams)
+ vis.Walk(with)
+ vars := vis.Vars()
+ unsafe := vars.Diff(safe)
+ if len(unsafe) > 0 {
+ return VarSet{}
+ }
+ }
+
+ switch terms := expr.Terms.(type) {
+ case *Term:
+ return outputVarsForTerms(expr, safe)
+ case []*Term:
+ if expr.IsEquality() {
+ return outputVarsForExprEq(expr, safe)
+ }
+
+ operator, ok := terms[0].Value.(Ref)
+ if !ok {
+ return VarSet{}
+ }
+
+ ar := arity(operator)
+ if ar < 0 {
+ return VarSet{}
+ }
+
+ return outputVarsForExprCall(expr, ar, safe, terms)
+ case *Every:
+ return outputVarsForTerms(terms.Domain, safe)
+ default:
+ panic("illegal expression")
+ }
+}
+
+func outputVarsForExprEq(expr *Expr, safe VarSet) VarSet {
+
+ if !validEqAssignArgCount(expr) {
+ return safe
+ }
+
+ output := outputVarsForTerms(expr, safe)
+ output.Update(safe)
+ output.Update(Unify(output, expr.Operand(0), expr.Operand(1)))
+
+ return output.Diff(safe)
+}
+
+func outputVarsForExprCall(expr *Expr, arity int, safe VarSet, terms []*Term) VarSet {
+
+ output := outputVarsForTerms(expr, safe)
+
+ numInputTerms := arity + 1
+ if numInputTerms >= len(terms) {
+ return output
+ }
+
+ params := VarVisitorParams{
+ SkipClosures: true,
+ SkipSets: true,
+ SkipObjectKeys: true,
+ SkipRefHead: true,
+ }
+ vis := NewVarVisitor().WithParams(params)
+ vis.Walk(Args(terms[:numInputTerms]))
+ unsafe := vis.Vars().Diff(output).Diff(safe)
+
+ if len(unsafe) > 0 {
+ return VarSet{}
+ }
+
+ vis = NewVarVisitor().WithParams(params)
+ vis.Walk(Args(terms[numInputTerms:]))
+ output.Update(vis.vars)
+ return output
+}
+
+func outputVarsForTerms(expr any, safe VarSet) VarSet {
+ output := VarSet{}
+ WalkTerms(expr, func(x *Term) bool {
+ switch r := x.Value.(type) {
+ case *SetComprehension, *ArrayComprehension, *ObjectComprehension:
+ return true
+ case Ref:
+ if !isRefSafe(r, safe) {
+ return true
+ }
+ output.Update(r.OutputVars())
+ return false
+ }
+ return false
+ })
+ return output
+}
+
+type equalityFactory struct {
+ gen *localVarGenerator
+}
+
+func newEqualityFactory(gen *localVarGenerator) *equalityFactory {
+ return &equalityFactory{gen}
+}
+
+func (f *equalityFactory) Generate(other *Term) *Expr {
+ term := NewTerm(f.gen.Generate()).SetLocation(other.Location)
+ expr := Equality.Expr(term, other)
+ expr.Generated = true
+ expr.Location = other.Location
+ return expr
+}
+
+// TODO: Move to internal package?
+const LocalVarPrefix = "__local"
+
+type localVarGenerator struct {
+ exclude VarSet
+ suffix string
+ next int
+}
+
+func newLocalVarGeneratorForModuleSet(sorted []string, modules map[string]*Module) *localVarGenerator {
+ exclude := NewVarSet()
+ vis := &VarVisitor{vars: exclude}
+ for _, key := range sorted {
+ vis.Walk(modules[key])
+ }
+ return &localVarGenerator{exclude: exclude, next: 0}
+}
+
+func newLocalVarGenerator(suffix string, node any) *localVarGenerator {
+ exclude := NewVarSet()
+ vis := &VarVisitor{vars: exclude}
+ vis.Walk(node)
+ return &localVarGenerator{exclude: exclude, suffix: suffix, next: 0}
+}
+
+func (l *localVarGenerator) Generate() Var {
+ for {
+ result := Var(LocalVarPrefix + l.suffix + strconv.Itoa(l.next) + "__")
+ l.next++
+ if !l.exclude.Contains(result) {
+ return result
+ }
+ }
+}
+
+func getGlobals(pkg *Package, rules []Ref, imports []*Import) map[Var]*usedRef {
+
+ globals := make(map[Var]*usedRef, len(rules)) // NB: might grow bigger with imports
+
+ // Populate globals with exports within the package.
+ for _, ref := range rules {
+ v := ref[0].Value.(Var)
+ globals[v] = &usedRef{ref: pkg.Path.Append(StringTerm(string(v)))}
+ }
+
+ // Populate globals with imports.
+ for _, imp := range imports {
+ path := imp.Path.Value.(Ref)
+ if FutureRootDocument.Equal(path[0]) || RegoRootDocument.Equal(path[0]) {
+ continue // ignore future and rego imports
+ }
+ globals[imp.Name()] = &usedRef{ref: path}
+ }
+
+ return globals
+}
+
+func requiresEval(x *Term) bool {
+ if x == nil {
+ return false
+ }
+ return ContainsRefs(x) || ContainsComprehensions(x)
+}
+
+func resolveRef(globals map[Var]*usedRef, ignore *declaredVarStack, ref Ref) Ref {
+
+ r := Ref{}
+ for i, x := range ref {
+ switch v := x.Value.(type) {
+ case Var:
+ if g, ok := globals[v]; ok && !ignore.Contains(v) {
+ cpy := g.ref.Copy()
+ for i := range cpy {
+ cpy[i].SetLocation(x.Location)
+ }
+ if i == 0 {
+ r = cpy
+ } else {
+ r = append(r, NewTerm(cpy).SetLocation(x.Location))
+ }
+ g.used = true
+ } else {
+ r = append(r, x)
+ }
+ case Ref, *Array, Object, Set, *ArrayComprehension, *SetComprehension, *ObjectComprehension, Call:
+ r = append(r, resolveRefsInTerm(globals, ignore, x))
+ default:
+ r = append(r, x)
+ }
+ }
+
+ return r
+}
+
+type usedRef struct {
+ ref Ref
+ used bool
+}
+
+func resolveRefsInRule(globals map[Var]*usedRef, rule *Rule) error {
+ ignore := &declaredVarStack{}
+
+ vars := NewVarSet()
+ var vis *GenericVisitor
+ var err error
+
+ // Walk args to collect vars and transform body so that callers can shadow
+ // root documents.
+ vis = NewGenericVisitor(func(x any) bool {
+ if err != nil {
+ return true
+ }
+ switch x := x.(type) {
+ case Var:
+ vars.Add(x)
+
+ // Object keys cannot be pattern matched so only walk values.
+ case *object:
+ x.Foreach(func(_, v *Term) {
+ vis.Walk(v)
+ })
+
+ // Skip terms that could contain vars that cannot be pattern matched.
+ case Set, *ArrayComprehension, *SetComprehension, *ObjectComprehension, Call:
+ return true
+
+ case *Term:
+ if _, ok := x.Value.(Ref); ok {
+ if RootDocumentRefs.Contains(x) {
+ // We could support args named input, data, etc. however
+ // this would require rewriting terms in the head and body.
+ // Preventing root document shadowing is simpler, and
+ // arguably, will prevent confusing names from being used.
+ // NOTE: this check is also performed as part of strict-mode in
+ // checkRootDocumentOverrides.
+ err = fmt.Errorf("args must not shadow %v (use a different variable name)", x)
+ return true
+ }
+ }
+ }
+ return false
+ })
+
+ vis.Walk(rule.Head.Args)
+
+ if err != nil {
+ return err
+ }
+
+ ignore.Push(vars)
+ ignore.Push(declaredVars(rule.Body))
+
+ ref := rule.Head.Ref()
+ for i := 1; i < len(ref); i++ {
+ ref[i] = resolveRefsInTerm(globals, ignore, ref[i])
+ }
+ if rule.Head.Key != nil {
+ rule.Head.Key = resolveRefsInTerm(globals, ignore, rule.Head.Key)
+ }
+
+ if rule.Head.Value != nil {
+ rule.Head.Value = resolveRefsInTerm(globals, ignore, rule.Head.Value)
+ }
+
+ rule.Body = resolveRefsInBody(globals, ignore, rule.Body)
+ return nil
+}
+
+func resolveRefsInBody(globals map[Var]*usedRef, ignore *declaredVarStack, body Body) Body {
+ r := make([]*Expr, 0, len(body))
+ for _, expr := range body {
+ r = append(r, resolveRefsInExpr(globals, ignore, expr))
+ }
+ return r
+}
+
+func resolveRefsInExpr(globals map[Var]*usedRef, ignore *declaredVarStack, expr *Expr) *Expr {
+ cpy := *expr
+ switch ts := expr.Terms.(type) {
+ case *Term:
+ cpy.Terms = resolveRefsInTerm(globals, ignore, ts)
+ case []*Term:
+ buf := make([]*Term, len(ts))
+ for i := range ts {
+ buf[i] = resolveRefsInTerm(globals, ignore, ts[i])
+ }
+ cpy.Terms = buf
+ case *SomeDecl:
+ if val, ok := ts.Symbols[0].Value.(Call); ok {
+ cpy.Terms = &SomeDecl{
+ Symbols: []*Term{CallTerm(resolveRefsInTermSlice(globals, ignore, val)...)},
+ Location: ts.Location,
+ }
+ }
+ case *Every:
+ locals := NewVarSet()
+ if ts.Key != nil {
+ locals.Update(ts.Key.Vars())
+ }
+ locals.Update(ts.Value.Vars())
+ ignore.Push(locals)
+ cpy.Terms = &Every{
+ Key: ts.Key.Copy(), // TODO(sr): do more?
+ Value: ts.Value.Copy(), // TODO(sr): do more?
+ Domain: resolveRefsInTerm(globals, ignore, ts.Domain),
+ Body: resolveRefsInBody(globals, ignore, ts.Body),
+ }
+ ignore.Pop()
+ }
+ for _, w := range cpy.With {
+ w.Target = resolveRefsInTerm(globals, ignore, w.Target)
+ w.Value = resolveRefsInTerm(globals, ignore, w.Value)
+ }
+ return &cpy
+}
+
+func resolveRefsInTerm(globals map[Var]*usedRef, ignore *declaredVarStack, term *Term) *Term {
+ switch v := term.Value.(type) {
+ case Var:
+ if g, ok := globals[v]; ok && !ignore.Contains(v) {
+ cpy := g.ref.Copy()
+ for i := range cpy {
+ cpy[i].SetLocation(term.Location)
+ }
+ g.used = true
+ return NewTerm(cpy).SetLocation(term.Location)
+ }
+ return term
+ case Ref:
+ fqn := resolveRef(globals, ignore, v)
+ cpy := *term
+ cpy.Value = fqn
+ return &cpy
+ case *object:
+ cpy := *term
+ cpy.Value, _ = v.Map(func(k, v *Term) (*Term, *Term, error) {
+ k = resolveRefsInTerm(globals, ignore, k)
+ v = resolveRefsInTerm(globals, ignore, v)
+ return k, v, nil
+ })
+ return &cpy
+ case *Array:
+ cpy := *term
+ cpy.Value = NewArray(resolveRefsInTermArray(globals, ignore, v)...)
+ return &cpy
+ case Call:
+ cpy := *term
+ cpy.Value = Call(resolveRefsInTermSlice(globals, ignore, v))
+ return &cpy
+ case Set:
+ s, _ := v.Map(func(e *Term) (*Term, error) {
+ return resolveRefsInTerm(globals, ignore, e), nil
+ })
+ cpy := *term
+ cpy.Value = s
+ return &cpy
+ case *ArrayComprehension:
+ ac := &ArrayComprehension{}
+ ignore.Push(declaredVars(v.Body))
+ ac.Term = resolveRefsInTerm(globals, ignore, v.Term)
+ ac.Body = resolveRefsInBody(globals, ignore, v.Body)
+ cpy := *term
+ cpy.Value = ac
+ ignore.Pop()
+ return &cpy
+ case *ObjectComprehension:
+ oc := &ObjectComprehension{}
+ ignore.Push(declaredVars(v.Body))
+ oc.Key = resolveRefsInTerm(globals, ignore, v.Key)
+ oc.Value = resolveRefsInTerm(globals, ignore, v.Value)
+ oc.Body = resolveRefsInBody(globals, ignore, v.Body)
+ cpy := *term
+ cpy.Value = oc
+ ignore.Pop()
+ return &cpy
+ case *SetComprehension:
+ sc := &SetComprehension{}
+ ignore.Push(declaredVars(v.Body))
+ sc.Term = resolveRefsInTerm(globals, ignore, v.Term)
+ sc.Body = resolveRefsInBody(globals, ignore, v.Body)
+ cpy := *term
+ cpy.Value = sc
+ ignore.Pop()
+ return &cpy
+ default:
+ return term
+ }
+}
+
+func resolveRefsInTermArray(globals map[Var]*usedRef, ignore *declaredVarStack, terms *Array) []*Term {
+ cpy := make([]*Term, terms.Len())
+ for i := range terms.Len() {
+ cpy[i] = resolveRefsInTerm(globals, ignore, terms.Elem(i))
+ }
+ return cpy
+}
+
+func resolveRefsInTermSlice(globals map[Var]*usedRef, ignore *declaredVarStack, terms []*Term) []*Term {
+ cpy := make([]*Term, len(terms))
+ for i := range terms {
+ cpy[i] = resolveRefsInTerm(globals, ignore, terms[i])
+ }
+ return cpy
+}
+
+type declaredVarStack []VarSet
+
+func (s declaredVarStack) Contains(v Var) bool {
+ for i := len(s) - 1; i >= 0; i-- {
+ if _, ok := s[i][v]; ok {
+ return ok
+ }
+ }
+ return false
+}
+
+func (s declaredVarStack) Add(v Var) {
+ s[len(s)-1].Add(v)
+}
+
+func (s *declaredVarStack) Push(vs VarSet) {
+ *s = append(*s, vs)
+}
+
+func (s *declaredVarStack) Pop() {
+ curr := *s
+ *s = curr[:len(curr)-1]
+}
+
+func declaredVars(x any) VarSet {
+ vars := NewVarSet()
+ vis := NewGenericVisitor(func(x any) bool {
+ switch x := x.(type) {
+ case *Expr:
+ if x.IsAssignment() && validEqAssignArgCount(x) {
+ WalkVars(x.Operand(0), func(v Var) bool {
+ vars.Add(v)
+ return false
+ })
+ } else if decl, ok := x.Terms.(*SomeDecl); ok {
+ for i := range decl.Symbols {
+ switch val := decl.Symbols[i].Value.(type) {
+ case Var:
+ vars.Add(val)
+ case Call:
+ args := val[1:]
+ if len(args) == 3 { // some x, y in xs
+ WalkVars(args[1], func(v Var) bool {
+ vars.Add(v)
+ return false
+ })
+ }
+ // some x in xs
+ WalkVars(args[0], func(v Var) bool {
+ vars.Add(v)
+ return false
+ })
+ }
+ }
+ }
+ case *ArrayComprehension, *SetComprehension, *ObjectComprehension:
+ return true
+ }
+ return false
+ })
+ vis.Walk(x)
+ return vars
+}
+
+// rewriteComprehensionTerms will rewrite comprehensions so that the term part
+// is bound to a variable in the body. This allows any type of term to be used
+// in the term part (even if the term requires evaluation.)
+//
+// For instance, given the following comprehension:
+//
+// [x[0] | x = y[_]; y = [1,2,3]]
+//
+// The comprehension would be rewritten as:
+//
+// [__local0__ | x = y[_]; y = [1,2,3]; __local0__ = x[0]]
+func rewriteComprehensionTerms(f *equalityFactory, node any) (any, error) {
+ return TransformComprehensions(node, func(x any) (Value, error) {
+ switch x := x.(type) {
+ case *ArrayComprehension:
+ if requiresEval(x.Term) {
+ expr := f.Generate(x.Term)
+ x.Term = expr.Operand(0)
+ x.Body.Append(expr)
+ }
+ return x, nil
+ case *SetComprehension:
+ if requiresEval(x.Term) {
+ expr := f.Generate(x.Term)
+ x.Term = expr.Operand(0)
+ x.Body.Append(expr)
+ }
+ return x, nil
+ case *ObjectComprehension:
+ if requiresEval(x.Key) {
+ expr := f.Generate(x.Key)
+ x.Key = expr.Operand(0)
+ x.Body.Append(expr)
+ }
+ if requiresEval(x.Value) {
+ expr := f.Generate(x.Value)
+ x.Value = expr.Operand(0)
+ x.Body.Append(expr)
+ }
+ return x, nil
+ }
+ panic("illegal type")
+ })
+}
+
+var doubleEq = Equal.Ref()
+
+// rewriteEquals will rewrite exprs under x as unification calls instead of ==
+// calls. For example:
+//
+// data.foo == data.bar is rewritten as data.foo = data.bar
+//
+// This stage should only run the safety check (since == is a built-in with no
+// outputs, so the inputs must not be marked as safe.)
+//
+// This stage is not executed by the query compiler by default because when
+// callers specify == instead of = they expect to receive a true/false/undefined
+// result back whereas with = the result is only ever true/undefined. For
+// partial evaluation cases we do want to rewrite == to = to simplify the
+// result.
+func rewriteEquals(x any) (modified bool) {
+ unifyOp := Equality.Ref()
+ t := NewGenericTransformer(func(x any) (any, error) {
+ if x, ok := x.(*Expr); ok && x.IsCall() {
+ operator := x.Operator()
+ if operator.Equal(doubleEq) && len(x.Operands()) == 2 {
+ modified = true
+ x.SetOperator(NewTerm(unifyOp))
+ }
+ }
+ return x, nil
+ })
+ _, _ = Transform(t, x) // ignore error
+ return modified
+}
+
+func rewriteTestEqualities(f *equalityFactory, body Body) Body {
+ result := make(Body, 0, len(body))
+ for _, expr := range body {
+ // We can't rewrite negated expressions; if the extracted term is undefined, evaluation would fail before
+ // reaching the negation check.
+ if !expr.Negated && !expr.Generated {
+ switch {
+ case expr.IsEquality():
+ terms := expr.Terms.([]*Term)
+ result, terms[1] = rewriteDynamicsShallow(expr, f, terms[1], result)
+ result, terms[2] = rewriteDynamicsShallow(expr, f, terms[2], result)
+ case expr.IsEvery():
+ // We rewrite equalities inside of every-bodies as a fail here will be the cause of the test-rule fail.
+ // Failures inside other expressions with closures, such as comprehensions, won't cause the test-rule to fail, so we skip those.
+ every := expr.Terms.(*Every)
+ every.Body = rewriteTestEqualities(f, every.Body)
+ }
+ }
+ result = appendExpr(result, expr)
+ }
+ return result
+}
+
+func rewriteDynamicsShallow(original *Expr, f *equalityFactory, term *Term, result Body) (Body, *Term) {
+ switch term.Value.(type) {
+ case Ref, *ArrayComprehension, *SetComprehension, *ObjectComprehension:
+ generated := f.Generate(term)
+ generated.With = original.With
+ result.Append(generated)
+ connectGeneratedExprs(original, generated)
+ return result, result[len(result)-1].Operand(0)
+ }
+ return result, term
+}
+
+// rewriteDynamics will rewrite the body so that dynamic terms (i.e., refs and
+// comprehensions) are bound to vars earlier in the query. This translation
+// results in eager evaluation.
+//
+// For instance, given the following query:
+//
+// foo(data.bar) = 1
+//
+// The rewritten version will be:
+//
+// __local0__ = data.bar; foo(__local0__) = 1
+func rewriteDynamics(f *equalityFactory, body Body) Body {
+ result := make(Body, 0, len(body))
+ for _, expr := range body {
+ switch {
+ case expr.IsEquality():
+ result = rewriteDynamicsEqExpr(f, expr, result)
+ case expr.IsCall():
+ result = rewriteDynamicsCallExpr(f, expr, result)
+ case expr.IsEvery():
+ result = rewriteDynamicsEveryExpr(f, expr, result)
+ default:
+ result = rewriteDynamicsTermExpr(f, expr, result)
+ }
+ }
+ return result
+}
+
+func appendExpr(body Body, expr *Expr) Body {
+ body.Append(expr)
+ return body
+}
+
+func rewriteDynamicsEqExpr(f *equalityFactory, expr *Expr, result Body) Body {
+ if !validEqAssignArgCount(expr) {
+ return appendExpr(result, expr)
+ }
+ terms := expr.Terms.([]*Term)
+ result, terms[1] = rewriteDynamicsInTerm(expr, f, terms[1], result)
+ result, terms[2] = rewriteDynamicsInTerm(expr, f, terms[2], result)
+ return appendExpr(result, expr)
+}
+
+func rewriteDynamicsCallExpr(f *equalityFactory, expr *Expr, result Body) Body {
+ terms := expr.Terms.([]*Term)
+ for i := 1; i < len(terms); i++ {
+ result, terms[i] = rewriteDynamicsOne(expr, f, terms[i], result)
+ }
+ return appendExpr(result, expr)
+}
+
+func rewriteDynamicsEveryExpr(f *equalityFactory, expr *Expr, result Body) Body {
+ ev := expr.Terms.(*Every)
+ result, ev.Domain = rewriteDynamicsOne(expr, f, ev.Domain, result)
+ ev.Body = rewriteDynamics(f, ev.Body)
+ return appendExpr(result, expr)
+}
+
+func rewriteDynamicsTermExpr(f *equalityFactory, expr *Expr, result Body) Body {
+ term := expr.Terms.(*Term)
+ result, expr.Terms = rewriteDynamicsInTerm(expr, f, term, result)
+ return appendExpr(result, expr)
+}
+
+func rewriteDynamicsInTerm(original *Expr, f *equalityFactory, term *Term, result Body) (Body, *Term) {
+ switch v := term.Value.(type) {
+ case Ref:
+ for i := 1; i < len(v); i++ {
+ result, v[i] = rewriteDynamicsOne(original, f, v[i], result)
+ }
+ case *ArrayComprehension:
+ v.Body = rewriteDynamics(f, v.Body)
+ case *SetComprehension:
+ v.Body = rewriteDynamics(f, v.Body)
+ case *ObjectComprehension:
+ v.Body = rewriteDynamics(f, v.Body)
+ default:
+ result, term = rewriteDynamicsOne(original, f, term, result)
+ }
+ return result, term
+}
+
+func rewriteDynamicsOne(original *Expr, f *equalityFactory, term *Term, result Body) (Body, *Term) {
+ switch v := term.Value.(type) {
+ case Ref:
+ for i := 1; i < len(v); i++ {
+ result, v[i] = rewriteDynamicsOne(original, f, v[i], result)
+ }
+ generated := f.Generate(term)
+ generated.With = original.With
+ result.Append(generated)
+ connectGeneratedExprs(original, generated)
+ return result, result[len(result)-1].Operand(0)
+ case *Array:
+ for i := range v.Len() {
+ var t *Term
+ result, t = rewriteDynamicsOne(original, f, v.Elem(i), result)
+ v.set(i, t)
+ }
+ return result, term
+ case *object:
+ cpy := NewObject()
+ v.Foreach(func(key, value *Term) {
+ result, key = rewriteDynamicsOne(original, f, key, result)
+ result, value = rewriteDynamicsOne(original, f, value, result)
+ cpy.Insert(key, value)
+ })
+ return result, NewTerm(cpy).SetLocation(term.Location)
+ case Set:
+ cpy := NewSet()
+ for _, term := range v.Slice() {
+ var rw *Term
+ result, rw = rewriteDynamicsOne(original, f, term, result)
+ cpy.Add(rw)
+ }
+ return result, NewTerm(cpy).SetLocation(term.Location)
+ case *ArrayComprehension:
+ var extra *Expr
+ v.Body, extra = rewriteDynamicsComprehensionBody(original, f, v.Body, term)
+ result.Append(extra)
+ connectGeneratedExprs(original, extra)
+ return result, result[len(result)-1].Operand(0)
+ case *SetComprehension:
+ var extra *Expr
+ v.Body, extra = rewriteDynamicsComprehensionBody(original, f, v.Body, term)
+ result.Append(extra)
+ connectGeneratedExprs(original, extra)
+ return result, result[len(result)-1].Operand(0)
+ case *ObjectComprehension:
+ var extra *Expr
+ v.Body, extra = rewriteDynamicsComprehensionBody(original, f, v.Body, term)
+ result.Append(extra)
+ connectGeneratedExprs(original, extra)
+ return result, result[len(result)-1].Operand(0)
+ }
+ return result, term
+}
+
+func rewriteDynamicsComprehensionBody(original *Expr, f *equalityFactory, body Body, term *Term) (Body, *Expr) {
+ body = rewriteDynamics(f, body)
+ generated := f.Generate(term)
+ generated.With = original.With
+ return body, generated
+}
+
+func rewriteExprTermsInHead(gen *localVarGenerator, rule *Rule) {
+ for i := range rule.Head.Args {
+ support, output := expandExprTerm(gen, rule.Head.Args[i])
+ for j := range support {
+ rule.Body.Append(support[j])
+ }
+ rule.Head.Args[i] = output
+ }
+ if rule.Head.Key != nil {
+ support, output := expandExprTerm(gen, rule.Head.Key)
+ for i := range support {
+ rule.Body.Append(support[i])
+ }
+ rule.Head.Key = output
+ }
+ if rule.Head.Value != nil {
+ support, output := expandExprTerm(gen, rule.Head.Value)
+ for i := range support {
+ rule.Body.Append(support[i])
+ }
+ rule.Head.Value = output
+ }
+}
+
+func rewriteExprTermsInBody(gen *localVarGenerator, body Body) Body {
+ cpy := make(Body, 0, len(body))
+ for i := range body {
+ for _, expr := range expandExpr(gen, body[i]) {
+ cpy.Append(expr)
+ }
+ }
+ return cpy
+}
+
+func expandExpr(gen *localVarGenerator, expr *Expr) (result []*Expr) {
+ for i := range expr.With {
+ extras, value := expandExprTerm(gen, expr.With[i].Value)
+ expr.With[i].Value = value
+ result = append(result, extras...)
+ }
+ switch terms := expr.Terms.(type) {
+ case *Term:
+ extras, term := expandExprTerm(gen, terms)
+ if len(expr.With) > 0 {
+ for i := range extras {
+ extras[i].With = expr.With
+ }
+ }
+ result = append(result, extras...)
+ expr.Terms = term
+ result = append(result, expr)
+ case []*Term:
+ for i := 1; i < len(terms); i++ {
+ var extras []*Expr
+ extras, terms[i] = expandExprTerm(gen, terms[i])
+ connectGeneratedExprs(expr, extras...)
+ if len(expr.With) > 0 {
+ for i := range extras {
+ extras[i].With = expr.With
+ }
+ }
+ result = append(result, extras...)
+ }
+ result = append(result, expr)
+ case *Every:
+ var extras []*Expr
+
+ term := NewTerm(gen.Generate()).SetLocation(terms.Domain.Location)
+ eq := Equality.Expr(term, terms.Domain).SetLocation(terms.Domain.Location)
+ eq.Generated = true
+ eq.With = expr.With
+ extras = expandExpr(gen, eq)
+ terms.Domain = term
+
+ terms.Body = rewriteExprTermsInBody(gen, terms.Body)
+ result = append(result, extras...)
+ result = append(result, expr)
+ }
+ return
+}
+
+func connectGeneratedExprs(parent *Expr, children ...*Expr) {
+ for _, child := range children {
+ child.generatedFrom = parent
+ parent.generates = append(parent.generates, child)
+ }
+}
+
+func expandExprTerm(gen *localVarGenerator, term *Term) (support []*Expr, output *Term) {
+ output = term
+ switch v := term.Value.(type) {
+ case Call:
+ for i := 1; i < len(v); i++ {
+ var extras []*Expr
+ extras, v[i] = expandExprTerm(gen, v[i])
+ support = append(support, extras...)
+ }
+ output = NewTerm(gen.Generate()).SetLocation(term.Location)
+ expr := v.MakeExpr(output).SetLocation(term.Location)
+ expr.Generated = true
+ support = append(support, expr)
+ case Ref:
+ support = expandExprRef(gen, v)
+ case *Array:
+ support = expandExprTermArray(gen, v)
+ case *object:
+ cpy, _ := v.Map(func(k, v *Term) (*Term, *Term, error) {
+ extras1, expandedKey := expandExprTerm(gen, k)
+ extras2, expandedValue := expandExprTerm(gen, v)
+ support = append(support, extras1...)
+ support = append(support, extras2...)
+ return expandedKey, expandedValue, nil
+ })
+ output = NewTerm(cpy).SetLocation(term.Location)
+ case Set:
+ cpy, _ := v.Map(func(x *Term) (*Term, error) {
+ extras, expanded := expandExprTerm(gen, x)
+ support = append(support, extras...)
+ return expanded, nil
+ })
+ output = NewTerm(cpy).SetLocation(term.Location)
+ case *ArrayComprehension:
+ support, term := expandExprTerm(gen, v.Term)
+ for i := range support {
+ v.Body.Append(support[i])
+ }
+ v.Term = term
+ v.Body = rewriteExprTermsInBody(gen, v.Body)
+ case *SetComprehension:
+ support, term := expandExprTerm(gen, v.Term)
+ for i := range support {
+ v.Body.Append(support[i])
+ }
+ v.Term = term
+ v.Body = rewriteExprTermsInBody(gen, v.Body)
+ case *ObjectComprehension:
+ support, key := expandExprTerm(gen, v.Key)
+ for i := range support {
+ v.Body.Append(support[i])
+ }
+ v.Key = key
+ support, value := expandExprTerm(gen, v.Value)
+ for i := range support {
+ v.Body.Append(support[i])
+ }
+ v.Value = value
+ v.Body = rewriteExprTermsInBody(gen, v.Body)
+ }
+ return
+}
+
+func expandExprRef(gen *localVarGenerator, v []*Term) (support []*Expr) {
+ // Start by calling a normal expandExprTerm on all terms.
+ support = expandExprTermSlice(gen, v)
+
+ // Rewrite references in order to support indirect references. We rewrite
+ // e.g.
+ //
+ // [1, 2, 3][i]
+ //
+ // to
+ //
+ // __local_var = [1, 2, 3]
+ // __local_var[i]
+ //
+ // to support these. This only impacts the reference subject, i.e. the
+ // first item in the slice.
+ var subject = v[0]
+ switch subject.Value.(type) {
+ case *Array, Object, Set, *ArrayComprehension, *SetComprehension, *ObjectComprehension, Call:
+ f := newEqualityFactory(gen)
+ assignToLocal := f.Generate(subject)
+ support = append(support, assignToLocal)
+ v[0] = assignToLocal.Operand(0)
+ }
+ return
+}
+
+func expandExprTermArray(gen *localVarGenerator, arr *Array) (support []*Expr) {
+ for i := range arr.Len() {
+ extras, v := expandExprTerm(gen, arr.Elem(i))
+ arr.set(i, v)
+ support = append(support, extras...)
+ }
+ return
+}
+
+func expandExprTermSlice(gen *localVarGenerator, v []*Term) (support []*Expr) {
+ for i := range v {
+ var extras []*Expr
+ extras, v[i] = expandExprTerm(gen, v[i])
+ support = append(support, extras...)
+ }
+ return
+}
+
+type localDeclaredVars struct {
+ vars []*declaredVarSet
+
+ // rewritten contains a mapping of *all* user-defined variables
+ // that have been rewritten whereas vars contains the state
+ // from the current query (not any nested queries, and all vars
+ // seen).
+ rewritten map[Var]Var
+
+ // indicates if an assignment (:= operator) has been seen *ever*
+ assignment bool
+}
+
+type varOccurrence int
+
+const (
+ newVar varOccurrence = iota
+ argVar
+ seenVar
+ assignedVar
+ declaredVar
+)
+
+type declaredVarSet struct {
+ vs map[Var]Var
+ reverse map[Var]Var
+ occurrence map[Var]varOccurrence
+ count map[Var]int
+}
+
+func newDeclaredVarSet() *declaredVarSet {
+ return &declaredVarSet{
+ vs: map[Var]Var{},
+ reverse: map[Var]Var{},
+ occurrence: map[Var]varOccurrence{},
+ count: map[Var]int{},
+ }
+}
+
+func newLocalDeclaredVars() *localDeclaredVars {
+ return &localDeclaredVars{
+ vars: []*declaredVarSet{newDeclaredVarSet()},
+ rewritten: map[Var]Var{},
+ }
+}
+
+func (s *localDeclaredVars) Copy() *localDeclaredVars {
+ stack := &localDeclaredVars{
+ vars: []*declaredVarSet{},
+ rewritten: map[Var]Var{},
+ }
+
+ for i := range s.vars {
+ stack.vars = append(stack.vars, newDeclaredVarSet())
+ maps.Copy(stack.vars[0].vs, s.vars[i].vs)
+ maps.Copy(stack.vars[0].reverse, s.vars[i].reverse)
+ maps.Copy(stack.vars[0].occurrence, s.vars[i].occurrence)
+ maps.Copy(stack.vars[0].count, s.vars[i].count)
+ }
+
+ maps.Copy(stack.rewritten, s.rewritten)
+
+ return stack
+}
+
+func (s *localDeclaredVars) Push() {
+ s.vars = append(s.vars, newDeclaredVarSet())
+}
+
+func (s *localDeclaredVars) Pop() *declaredVarSet {
+ sl := s.vars
+ curr := sl[len(sl)-1]
+ s.vars = sl[:len(sl)-1]
+ return curr
+}
+
+func (s localDeclaredVars) Peek() *declaredVarSet {
+ return s.vars[len(s.vars)-1]
+}
+
+func (s localDeclaredVars) Insert(x, y Var, occurrence varOccurrence) {
+ elem := s.vars[len(s.vars)-1]
+ elem.vs[x] = y
+ elem.reverse[y] = x
+ elem.occurrence[x] = occurrence
+
+ elem.count[x] = 1
+
+ // If the variable has been rewritten (where x != y, with y being
+ // the generated value), store it in the map of rewritten vars.
+ // Assume that the generated values are unique for the compilation.
+ if !x.Equal(y) {
+ s.rewritten[y] = x
+ }
+}
+
+func (s localDeclaredVars) Declared(x Var) (y Var, ok bool) {
+ for i := len(s.vars) - 1; i >= 0; i-- {
+ if y, ok = s.vars[i].vs[x]; ok {
+ return
+ }
+ }
+ return
+}
+
+// Occurrence returns a flag that indicates whether x has occurred in the
+// current scope.
+func (s localDeclaredVars) Occurrence(x Var) varOccurrence {
+ return s.vars[len(s.vars)-1].occurrence[x]
+}
+
+// GlobalOccurrence returns a flag that indicates whether x has occurred in the
+// global scope.
+func (s localDeclaredVars) GlobalOccurrence(x Var) (varOccurrence, bool) {
+ for i := len(s.vars) - 1; i >= 0; i-- {
+ if occ, ok := s.vars[i].occurrence[x]; ok {
+ return occ, true
+ }
+ }
+ return newVar, false
+}
+
+// Seen marks x as seen by incrementing its counter
+func (s localDeclaredVars) Seen(x Var) {
+ for i := len(s.vars) - 1; i >= 0; i-- {
+ dvs := s.vars[i]
+ if c, ok := dvs.count[x]; ok {
+ dvs.count[x] = c + 1
+ return
+ }
+ }
+
+ s.vars[len(s.vars)-1].count[x] = 1
+}
+
+// Count returns how many times x has been seen
+func (s localDeclaredVars) Count(x Var) int {
+ for i := len(s.vars) - 1; i >= 0; i-- {
+ if c, ok := s.vars[i].count[x]; ok {
+ return c
+ }
+ }
+
+ return 0
+}
+
+// rewriteLocalVars rewrites bodies to remove assignment/declaration
+// expressions. For example:
+//
+// a := 1; p[a]
+//
+// Is rewritten to:
+//
+// __local0__ = 1; p[__local0__]
+//
+// During rewriting, assignees are validated to prevent use before declaration.
+func rewriteLocalVars(g *localVarGenerator, stack *localDeclaredVars, used VarSet, body Body, strict bool) (Body, map[Var]Var, Errors) {
+ var errs Errors
+ body, errs = rewriteDeclaredVarsInBody(g, stack, used, body, errs, strict)
+ return body, stack.Peek().vs, errs
+}
+
+func rewriteDeclaredVarsInBody(g *localVarGenerator, stack *localDeclaredVars, used VarSet, body Body, errs Errors, strict bool) (Body, Errors) {
+
+ var cpy Body
+
+ for i := range body {
+ var expr *Expr
+ switch {
+ case body[i].IsAssignment():
+ stack.assignment = true
+ expr, errs = rewriteDeclaredAssignment(g, stack, body[i], errs, strict)
+ case body[i].IsSome():
+ expr, errs = rewriteSomeDeclStatement(g, stack, body[i], errs, strict)
+ case body[i].IsEvery():
+ expr, errs = rewriteEveryStatement(g, stack, body[i], errs, strict)
+ default:
+ expr, errs = rewriteDeclaredVarsInExpr(g, stack, body[i], errs, strict)
+ }
+ if expr != nil {
+ cpy.Append(expr)
+ }
+ }
+
+ // If the body only contained a var statement it will be empty at this
+ // point. Append true to the body to ensure that it's non-empty (zero length
+ // bodies are not supported.)
+ if len(cpy) == 0 {
+ cpy.Append(NewExpr(BooleanTerm(true)))
+ }
+
+ errs = checkUnusedAssignedVars(body, stack, used, errs, strict)
+ return cpy, checkUnusedDeclaredVars(body, stack, used, cpy, errs)
+}
+
+func checkUnusedAssignedVars(body Body, stack *localDeclaredVars, used VarSet, errs Errors, strict bool) Errors {
+
+ if !strict || len(errs) > 0 {
+ return errs
+ }
+
+ dvs := stack.Peek()
+ unused := NewVarSet()
+
+ for v, occ := range dvs.occurrence {
+ // A var that was assigned in this scope must have been seen (used) more than once (the time of assignment) in
+ // the same, or nested, scope to be counted as used.
+ if !v.IsWildcard() && stack.Count(v) <= 1 && occ == assignedVar {
+ unused.Add(dvs.vs[v])
+ }
+ }
+
+ rewrittenUsed := NewVarSet()
+ for v := range used {
+ if gv, ok := stack.Declared(v); ok {
+ rewrittenUsed.Add(gv)
+ } else {
+ rewrittenUsed.Add(v)
+ }
+ }
+
+ unused = unused.Diff(rewrittenUsed)
+
+ for _, gv := range unused.Sorted() {
+ found := false
+ for i := range body {
+ if body[i].Vars(VarVisitorParams{}).Contains(gv) {
+ errs = append(errs, NewError(CompileErr, body[i].Loc(), "assigned var %v unused", dvs.reverse[gv]))
+ found = true
+ break
+ }
+ }
+ if !found {
+ errs = append(errs, NewError(CompileErr, body[0].Loc(), "assigned var %v unused", dvs.reverse[gv]))
+ }
+ }
+
+ return errs
+}
+
+func checkUnusedDeclaredVars(body Body, stack *localDeclaredVars, used VarSet, cpy Body, errs Errors) Errors {
+
+ // NOTE(tsandall): Do not generate more errors if there are existing
+ // declaration errors.
+ if len(errs) > 0 {
+ return errs
+ }
+
+ dvs := stack.Peek()
+ declared := NewVarSet()
+
+ for v, occ := range dvs.occurrence {
+ if occ == declaredVar {
+ declared.Add(dvs.vs[v])
+ }
+ }
+
+ bodyvars := cpy.Vars(VarVisitorParams{})
+
+ for v := range used {
+ if gv, ok := stack.Declared(v); ok {
+ bodyvars.Add(gv)
+ } else {
+ bodyvars.Add(v)
+ }
+ }
+
+ unused := declared.Diff(bodyvars).Diff(used)
+
+ for _, gv := range unused.Sorted() {
+ rv := dvs.reverse[gv]
+ if !rv.IsGenerated() {
+ // Scan through body exprs, looking for a match between the
+ // bad var's original name, and each expr's declared vars.
+ foundUnusedVarByName := false
+ for i := range body {
+ varsDeclaredInExpr := declaredVars(body[i])
+ if varsDeclaredInExpr.Contains(dvs.reverse[gv]) {
+ // TODO(philipc): Clean up the offset logic here when the parser
+ // reports more accurate locations.
+ errs = append(errs, NewError(CompileErr, body[i].Loc(), "declared var %v unused", dvs.reverse[gv]))
+ foundUnusedVarByName = true
+ break
+ }
+ }
+ // Default error location returned.
+ if !foundUnusedVarByName {
+ errs = append(errs, NewError(CompileErr, body[0].Loc(), "declared var %v unused", dvs.reverse[gv]))
+ }
+ }
+ }
+
+ return errs
+}
+
+func rewriteEveryStatement(g *localVarGenerator, stack *localDeclaredVars, expr *Expr, errs Errors, strict bool) (*Expr, Errors) {
+ e := expr.Copy()
+ every := e.Terms.(*Every)
+
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, every.Domain, errs, strict)
+
+ stack.Push()
+ defer stack.Pop()
+
+ // if the key exists, rewrite
+ if every.Key != nil {
+ if v := every.Key.Value.(Var); !v.IsWildcard() {
+ gv, err := rewriteDeclaredVar(g, stack, v, declaredVar)
+ if err != nil {
+ return nil, append(errs, NewError(CompileErr, every.Loc(), err.Error())) //nolint:govet
+ }
+ every.Key.Value = gv
+ }
+ } else { // if the key doesn't exist, add dummy local
+ every.Key = NewTerm(g.Generate())
+ }
+
+ // value is always present
+ if v := every.Value.Value.(Var); !v.IsWildcard() {
+ gv, err := rewriteDeclaredVar(g, stack, v, declaredVar)
+ if err != nil {
+ return nil, append(errs, NewError(CompileErr, every.Loc(), err.Error())) //nolint:govet
+ }
+ every.Value.Value = gv
+ }
+
+ used := NewVarSet()
+ every.Body, errs = rewriteDeclaredVarsInBody(g, stack, used, every.Body, errs, strict)
+
+ return rewriteDeclaredVarsInExpr(g, stack, e, errs, strict)
+}
+
+func rewriteSomeDeclStatement(g *localVarGenerator, stack *localDeclaredVars, expr *Expr, errs Errors, strict bool) (*Expr, Errors) {
+ e := expr.Copy()
+ decl := e.Terms.(*SomeDecl)
+ for i := range decl.Symbols {
+ switch v := decl.Symbols[i].Value.(type) {
+ case Var:
+ if _, err := rewriteDeclaredVar(g, stack, v, declaredVar); err != nil {
+ return nil, append(errs, NewError(CompileErr, decl.Loc(), err.Error())) //nolint:govet
+ }
+ case Call:
+ var key, val, container *Term
+ switch len(v) {
+ case 4: // member3
+ key = v[1]
+ val = v[2]
+ container = v[3]
+ case 3: // member
+ key = NewTerm(g.Generate())
+ val = v[1]
+ container = v[2]
+ }
+
+ var rhs *Term
+ switch c := container.Value.(type) {
+ case Ref:
+ rhs = RefTerm(append(c, key)...)
+ default:
+ rhs = RefTerm(container, key)
+ }
+ e.Terms = []*Term{
+ RefTerm(VarTerm(Equality.Name)), val, rhs,
+ }
+
+ for _, v0 := range outputVarsForExprEq(e, container.Vars()).Sorted() {
+ if _, err := rewriteDeclaredVar(g, stack, v0, declaredVar); err != nil {
+ return nil, append(errs, NewError(CompileErr, decl.Loc(), err.Error())) //nolint:govet
+ }
+ }
+ return rewriteDeclaredVarsInExpr(g, stack, e, errs, strict)
+ }
+ }
+ return nil, errs
+}
+
+func rewriteDeclaredVarsInExpr(g *localVarGenerator, stack *localDeclaredVars, expr *Expr, errs Errors, strict bool) (*Expr, Errors) {
+ vis := NewGenericVisitor(func(x any) bool {
+ var stop bool
+ switch x := x.(type) {
+ case *Term:
+ stop, errs = rewriteDeclaredVarsInTerm(g, stack, x, errs, strict)
+ case *With:
+ stop, errs = true, rewriteDeclaredVarsInWithRecursive(g, stack, x, errs, strict)
+ }
+ return stop
+ })
+ vis.Walk(expr)
+ return expr, errs
+}
+
+func rewriteDeclaredAssignment(g *localVarGenerator, stack *localDeclaredVars, expr *Expr, errs Errors, strict bool) (*Expr, Errors) {
+
+ if expr.Negated {
+ errs = append(errs, NewError(CompileErr, expr.Location, "cannot assign vars inside negated expression"))
+ return expr, errs
+ }
+
+ numErrsBefore := len(errs)
+
+ if !validEqAssignArgCount(expr) {
+ return expr, errs
+ }
+
+ // Rewrite terms on right hand side capture seen vars and recursively
+ // process comprehensions before left hand side is processed. Also
+ // rewrite with modifier.
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, expr.Operand(1), errs, strict)
+
+ for _, w := range expr.With {
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, w.Value, errs, strict)
+ }
+
+ // Rewrite vars on left hand side with unique names. Catch redeclaration
+ // and invalid term types here.
+ var vis func(t *Term) bool
+
+ vis = func(t *Term) bool {
+ switch v := t.Value.(type) {
+ case Var:
+ if gv, err := rewriteDeclaredVar(g, stack, v, assignedVar); err != nil {
+ errs = append(errs, NewError(CompileErr, t.Location, err.Error())) //nolint:govet
+ } else {
+ t.Value = gv
+ }
+ return true
+ case *Array:
+ return false
+ case *object:
+ v.Foreach(func(_, v *Term) {
+ WalkTerms(v, vis)
+ })
+ return true
+ case Ref:
+ if RootDocumentRefs.Contains(t) {
+ if gv, err := rewriteDeclaredVar(g, stack, v[0].Value.(Var), assignedVar); err != nil {
+ errs = append(errs, NewError(CompileErr, t.Location, err.Error())) //nolint:govet
+ } else {
+ t.Value = gv
+ }
+ return true
+ }
+ }
+ errs = append(errs, NewError(CompileErr, t.Location, "cannot assign to %v", ValueName(t.Value)))
+ return true
+ }
+
+ WalkTerms(expr.Operand(0), vis)
+
+ if len(errs) == numErrsBefore {
+ loc := expr.Operator()[0].Location
+ expr.SetOperator(RefTerm(VarTerm(Equality.Name).SetLocation(loc)).SetLocation(loc))
+ }
+
+ return expr, errs
+}
+
+func rewriteDeclaredVarsInTerm(g *localVarGenerator, stack *localDeclaredVars, term *Term, errs Errors, strict bool) (bool, Errors) {
+ switch v := term.Value.(type) {
+ case Var:
+ if gv, ok := stack.Declared(v); ok {
+ term.Value = gv
+ stack.Seen(v)
+ } else if stack.Occurrence(v) == newVar {
+ stack.Insert(v, v, seenVar)
+ }
+ case Ref:
+ if RootDocumentRefs.Contains(term) {
+ x := v[0].Value.(Var)
+ if occ, ok := stack.GlobalOccurrence(x); ok && occ != seenVar {
+ gv, _ := stack.Declared(x)
+ term.Value = gv
+ }
+
+ return true, errs
+ }
+ return false, errs
+ case Call:
+ ref := v[0]
+ WalkVars(ref, func(v Var) bool {
+ if gv, ok := stack.Declared(v); ok && !gv.Equal(v) {
+ // We will rewrite the ref of a function call, which is never ok since we don't have first-class functions.
+ errs = append(errs, NewError(CompileErr, term.Location, "called function %s shadowed", ref))
+ return true
+ }
+ return false
+ })
+ return false, errs
+ case *object:
+ cpy, _ := v.Map(func(k, v *Term) (*Term, *Term, error) {
+ kcpy := k.Copy()
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, kcpy, errs, strict)
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, v, errs, strict)
+ return kcpy, v, nil
+ })
+ term.Value = cpy
+ case Set:
+ cpy, _ := v.Map(func(elem *Term) (*Term, error) {
+ elemcpy := elem.Copy()
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, elemcpy, errs, strict)
+ return elemcpy, nil
+ })
+ term.Value = cpy
+ case *ArrayComprehension:
+ errs = rewriteDeclaredVarsInArrayComprehension(g, stack, v, errs, strict)
+ case *SetComprehension:
+ errs = rewriteDeclaredVarsInSetComprehension(g, stack, v, errs, strict)
+ case *ObjectComprehension:
+ errs = rewriteDeclaredVarsInObjectComprehension(g, stack, v, errs, strict)
+ default:
+ return false, errs
+ }
+ return true, errs
+}
+
+func rewriteDeclaredVarsInTermRecursive(g *localVarGenerator, stack *localDeclaredVars, term *Term, errs Errors, strict bool) Errors {
+ WalkTerms(term, func(t *Term) bool {
+ var stop bool
+ stop, errs = rewriteDeclaredVarsInTerm(g, stack, t, errs, strict)
+ return stop
+ })
+ return errs
+}
+
+func rewriteDeclaredVarsInWithRecursive(g *localVarGenerator, stack *localDeclaredVars, w *With, errs Errors, strict bool) Errors {
+ // NOTE(sr): `with input as` and `with input.a.b.c as` are deliberately skipped here: `input` could
+ // have been shadowed by a local variable/argument but should NOT be replaced in the `with` target.
+ //
+ // We cannot drop `input` from the stack since it's conceivable to do `with input[input] as` where
+ // the second input is meant to be the local var. It's a terrible idea, but when you're shadowing
+ // `input` those might be your thing.
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, w.Target, errs, strict)
+ if sdwInput, ok := stack.Declared(InputRootDocument.Value.(Var)); ok { // Was "input" shadowed...
+ switch value := w.Target.Value.(type) {
+ case Var:
+ if sdwInput.Equal(value) { // ...and replaced? If so, fix it
+ w.Target.Value = InputRootRef
+ }
+ case Ref:
+ if sdwInput.Equal(value[0].Value.(Var)) {
+ w.Target.Value.(Ref)[0].Value = InputRootDocument.Value
+ }
+ }
+ }
+ // No special handling of the `with` value
+ return rewriteDeclaredVarsInTermRecursive(g, stack, w.Value, errs, strict)
+}
+
+func rewriteDeclaredVarsInArrayComprehension(g *localVarGenerator, stack *localDeclaredVars, v *ArrayComprehension, errs Errors, strict bool) Errors {
+ used := NewVarSet()
+ used.Update(v.Term.Vars())
+
+ stack.Push()
+ v.Body, errs = rewriteDeclaredVarsInBody(g, stack, used, v.Body, errs, strict)
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, v.Term, errs, strict)
+ stack.Pop()
+ return errs
+}
+
+func rewriteDeclaredVarsInSetComprehension(g *localVarGenerator, stack *localDeclaredVars, v *SetComprehension, errs Errors, strict bool) Errors {
+ used := NewVarSet()
+ used.Update(v.Term.Vars())
+
+ stack.Push()
+ v.Body, errs = rewriteDeclaredVarsInBody(g, stack, used, v.Body, errs, strict)
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, v.Term, errs, strict)
+ stack.Pop()
+ return errs
+}
+
+func rewriteDeclaredVarsInObjectComprehension(g *localVarGenerator, stack *localDeclaredVars, v *ObjectComprehension, errs Errors, strict bool) Errors {
+ used := NewVarSet()
+ used.Update(v.Key.Vars())
+ used.Update(v.Value.Vars())
+
+ stack.Push()
+ v.Body, errs = rewriteDeclaredVarsInBody(g, stack, used, v.Body, errs, strict)
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, v.Key, errs, strict)
+ errs = rewriteDeclaredVarsInTermRecursive(g, stack, v.Value, errs, strict)
+ stack.Pop()
+ return errs
+}
+
+func rewriteDeclaredVar(g *localVarGenerator, stack *localDeclaredVars, v Var, occ varOccurrence) (gv Var, err error) {
+ switch stack.Occurrence(v) {
+ case seenVar:
+ return gv, fmt.Errorf("var %v referenced above", v)
+ case assignedVar:
+ return gv, fmt.Errorf("var %v assigned above", v)
+ case declaredVar:
+ return gv, fmt.Errorf("var %v declared above", v)
+ case argVar:
+ return gv, fmt.Errorf("arg %v redeclared", v)
+ }
+ gv = g.Generate()
+ stack.Insert(v, gv, occ)
+ return
+}
+
+// rewriteWithModifiersInBody will rewrite the body so that with modifiers do
+// not contain terms that require evaluation as values. If this function
+// encounters an invalid with modifier target then it will raise an error.
+func rewriteWithModifiersInBody(c *Compiler, unsafeBuiltinsMap map[string]struct{}, f *equalityFactory, body Body) (Body, *Error) {
+ var result Body
+ for i := range body {
+ exprs, err := rewriteWithModifier(c, unsafeBuiltinsMap, f, body[i])
+ if err != nil {
+ return nil, err
+ }
+ if len(exprs) > 0 {
+ for _, expr := range exprs {
+ result.Append(expr)
+ }
+ } else {
+ result.Append(body[i])
+ }
+ }
+ return result, nil
+}
+
+func rewriteWithModifier(c *Compiler, unsafeBuiltinsMap map[string]struct{}, f *equalityFactory, expr *Expr) ([]*Expr, *Error) {
+
+ var result []*Expr
+ for i := range expr.With {
+ eval, err := validateWith(c, unsafeBuiltinsMap, expr, i)
+ if err != nil {
+ return nil, err
+ }
+
+ if eval {
+ eq := f.Generate(expr.With[i].Value)
+ result = append(result, eq)
+ expr.With[i].Value = eq.Operand(0)
+ }
+ }
+
+ return append(result, expr), nil
+}
+
+func validateWith(c *Compiler, unsafeBuiltinsMap map[string]struct{}, expr *Expr, i int) (bool, *Error) {
+ target, value := expr.With[i].Target, expr.With[i].Value
+
+ // Ensure that values that are built-ins are rewritten to Ref (not Var)
+ if v, ok := value.Value.(Var); ok {
+ if _, ok := c.builtins[v.String()]; ok {
+ value.Value = Ref([]*Term{NewTerm(v)})
+ }
+ }
+ isBuiltinRefOrVar, err := isBuiltinRefOrVar(c.builtins, unsafeBuiltinsMap, target)
+ if err != nil {
+ return false, err
+ }
+
+ isAllowedUnknownFuncCall := false
+ if c.allowUndefinedFuncCalls {
+ switch target.Value.(type) {
+ case Ref, Var:
+ isAllowedUnknownFuncCall = true
+ }
+ }
+
+ switch {
+ case isDataRef(target):
+ ref := target.Value.(Ref)
+ targetNode := c.RuleTree
+ for i := range len(ref) - 1 {
+ child := targetNode.Child(ref[i].Value)
+ if child == nil {
+ break
+ } else if len(child.Values) > 0 {
+ return false, NewError(CompileErr, target.Loc(), "with keyword cannot partially replace virtual document(s)")
+ }
+ targetNode = child
+ }
+
+ if targetNode != nil {
+ // NOTE(sr): at this point in the compiler stages, we don't have a fully-populated
+ // TypeEnv yet -- so we have to make do with this check to see if the replacement
+ // target is a function. It's probably wrong for arity-0 functions, but those are
+ // and edge case anyways.
+ if child := targetNode.Child(ref[len(ref)-1].Value); child != nil {
+ for _, v := range child.Values {
+ if len(v.(*Rule).Head.Args) > 0 {
+ if ok, err := validateWithFunctionValue(c.builtins, unsafeBuiltinsMap, c.RuleTree, value); err != nil || ok {
+ return false, err // err may be nil
+ }
+ }
+ }
+ }
+ }
+
+ // If the with-value is a ref to a function, but not a call, we can't rewrite it
+ if r, ok := value.Value.(Ref); ok {
+ // TODO: check that target ref doesn't exist?
+ if valueNode := c.RuleTree.Find(r); valueNode != nil {
+ for _, v := range valueNode.Values {
+ if len(v.(*Rule).Head.Args) > 0 {
+ return false, nil
+ }
+ }
+ }
+ }
+ case isInputRef(target): // ok, valid
+ case isBuiltinRefOrVar:
+
+ // NOTE(sr): first we ensure that parsed Var builtins (`count`, `concat`, etc)
+ // are rewritten to their proper Ref convention
+ if v, ok := target.Value.(Var); ok {
+ target.Value = Ref([]*Term{NewTerm(v)})
+ }
+
+ targetRef := target.Value.(Ref)
+ bi := c.builtins[targetRef.String()] // safe because isBuiltinRefOrVar checked this
+ if err := validateWithBuiltinTarget(bi, targetRef, target.Loc()); err != nil {
+ return false, err
+ }
+
+ if ok, err := validateWithFunctionValue(c.builtins, unsafeBuiltinsMap, c.RuleTree, value); err != nil || ok {
+ return false, err // err may be nil
+ }
+ case isAllowedUnknownFuncCall:
+ // The target isn't a ref to the input doc, data doc, or a known built-in, but it might be a ref to an unknown built-in.
+ return false, nil
+ default:
+ return false, NewError(TypeErr, target.Location, "with keyword target must reference existing %v, %v, or a function", InputRootDocument, DefaultRootDocument)
+ }
+ return requiresEval(value), nil
+}
+
+func validateWithBuiltinTarget(bi *Builtin, target Ref, loc *location.Location) *Error {
+ switch bi.Name {
+ case Equality.Name,
+ RegoMetadataChain.Name,
+ RegoMetadataRule.Name:
+ return NewError(CompileErr, loc, "with keyword replacing built-in function: replacement of %q invalid", bi.Name)
+ }
+
+ switch {
+ case target.HasPrefix(Ref([]*Term{VarTerm("internal")})):
+ return NewError(CompileErr, loc, "with keyword replacing built-in function: replacement of internal function %q invalid", target)
+
+ case bi.Relation:
+ return NewError(CompileErr, loc, "with keyword replacing built-in function: target must not be a relation")
+
+ case bi.Decl.Result() == nil:
+ return NewError(CompileErr, loc, "with keyword replacing built-in function: target must not be a void function")
+ }
+ return nil
+}
+
+func validateWithFunctionValue(bs map[string]*Builtin, unsafeMap map[string]struct{}, ruleTree *TreeNode, value *Term) (bool, *Error) {
+ if v, ok := value.Value.(Ref); ok {
+ if ruleTree.Find(v) != nil { // ref exists in rule tree
+ return true, nil
+ }
+ }
+ return isBuiltinRefOrVar(bs, unsafeMap, value)
+}
+
+func isInputRef(term *Term) bool {
+ if ref, ok := term.Value.(Ref); ok {
+ if ref.HasPrefix(InputRootRef) {
+ return true
+ }
+ }
+ return false
+}
+
+func isDataRef(term *Term) bool {
+ if ref, ok := term.Value.(Ref); ok {
+ if ref.HasPrefix(DefaultRootRef) {
+ return true
+ }
+ }
+ return false
+}
+
+func isBuiltinRefOrVar(bs map[string]*Builtin, unsafeBuiltinsMap map[string]struct{}, term *Term) (bool, *Error) {
+ switch v := term.Value.(type) {
+ case Ref, Var:
+ if _, ok := unsafeBuiltinsMap[v.String()]; ok {
+ return false, NewError(CompileErr, term.Location, "with keyword replacing built-in function: target must not be unsafe: %q", v)
+ }
+ _, ok := bs[v.String()]
+ return ok, nil
+ }
+ return false, nil
+}
+
+func isVirtual(node *TreeNode, ref Ref) bool {
+ for i := range ref {
+ child := node.Child(ref[i].Value)
+ if child == nil {
+ return false
+ } else if len(child.Values) > 0 {
+ return true
+ }
+ node = child
+ }
+ return true
+}
+
+func safetyErrorSlice(unsafe unsafeVars, rewritten map[Var]Var) (result Errors) {
+
+ if len(unsafe) == 0 {
+ return
+ }
+
+ for _, pair := range unsafe.Vars() {
+ v := pair.Var
+ if w, ok := rewritten[v]; ok {
+ v = w
+ }
+ if !v.IsGenerated() {
+ if _, ok := allFutureKeywords[string(v)]; ok {
+ result = append(result, NewError(UnsafeVarErr, pair.Loc,
+ "var %[1]v is unsafe (hint: `import future.keywords.%[1]v` to import a future keyword)", v))
+ continue
+ }
+ result = append(result, NewError(UnsafeVarErr, pair.Loc, "var %v is unsafe", v))
+ }
+ }
+
+ if len(result) > 0 {
+ return
+ }
+
+ // If the expression contains unsafe generated variables, report which
+ // expressions are unsafe instead of the variables that are unsafe (since
+ // the latter are not meaningful to the user.)
+ pairs := unsafe.Slice()
+
+ slices.SortFunc(pairs, func(a, b unsafePair) int {
+ return a.Expr.Location.Compare(b.Expr.Location)
+ })
+
+ // Report at most one error per generated variable.
+ seen := NewVarSet()
+
+ for _, expr := range pairs {
+ before := len(seen)
+ for v := range expr.Vars {
+ if v.IsGenerated() {
+ seen.Add(v)
+ }
+ }
+ if len(seen) > before {
+ result = append(result, NewError(UnsafeVarErr, expr.Expr.Location, "expression is unsafe"))
+ }
+ }
+
+ return
+}
+
+func checkUnsafeBuiltins(unsafeBuiltinsMap map[string]struct{}, node any) Errors {
+ errs := make(Errors, 0)
+ WalkExprs(node, func(x *Expr) bool {
+ if x.IsCall() {
+ operator := x.Operator().String()
+ if _, ok := unsafeBuiltinsMap[operator]; ok {
+ errs = append(errs, NewError(TypeErr, x.Loc(), "unsafe built-in function calls in expression: %v", operator))
+ }
+ }
+ return false
+ })
+ return errs
+}
+
+func rewriteVarsInRef(vars ...map[Var]Var) varRewriter {
+ return func(node Ref) Ref {
+ i, _ := TransformVars(node, func(v Var) (Value, error) {
+ for _, m := range vars {
+ if u, ok := m[v]; ok {
+ return u, nil
+ }
+ }
+ return v, nil
+ })
+ return i.(Ref)
+ }
+}
+
+// NOTE(sr): This is duplicated with compile/compile.go; but moving it into another location
+// would cause a circular dependency -- the refSet definition needs ast.Ref. If we make it
+// public in the ast package, the compile package could take it from there, but it would also
+// increase our public interface. Let's reconsider if we need it in a third place.
+type refSet struct {
+ s []Ref
+}
+
+func newRefSet(x ...Ref) *refSet {
+ result := &refSet{}
+ for i := range x {
+ result.AddPrefix(x[i])
+ }
+ return result
+}
+
+// ContainsPrefix returns true if r is prefixed by any of the existing refs in the set.
+func (rs *refSet) ContainsPrefix(r Ref) bool {
+ return slices.ContainsFunc(rs.s, r.HasPrefix)
+}
+
+// AddPrefix inserts r into the set if r is not prefixed by any existing
+// refs in the set. If any existing refs are prefixed by r, those existing
+// refs are removed.
+func (rs *refSet) AddPrefix(r Ref) {
+ if rs.ContainsPrefix(r) {
+ return
+ }
+ cpy := []Ref{r}
+ for i := range rs.s {
+ if !rs.s[i].HasPrefix(r) {
+ cpy = append(cpy, rs.s[i])
+ }
+ }
+ rs.s = cpy
+}
+
+// Sorted returns a sorted slice of terms for refs in the set.
+func (rs *refSet) Sorted() []*Term {
+ terms := make([]*Term, len(rs.s))
+ for i := range rs.s {
+ terms[i] = NewTerm(rs.s[i])
+ }
+ slices.SortFunc(terms, TermValueCompare)
+ return terms
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/compilehelper.go b/vendor/github.com/open-policy-agent/opa/v1/ast/compilehelper.go
new file mode 100644
index 0000000000..7d81d45e6d
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/compilehelper.go
@@ -0,0 +1,62 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+// CompileModules takes a set of Rego modules represented as strings and
+// compiles them for evaluation. The keys of the map are used as filenames.
+func CompileModules(modules map[string]string) (*Compiler, error) {
+ return CompileModulesWithOpt(modules, CompileOpts{})
+}
+
+// CompileOpts defines a set of options for the compiler.
+type CompileOpts struct {
+ EnablePrintStatements bool
+ ParserOptions ParserOptions
+}
+
+// CompileModulesWithOpt takes a set of Rego modules represented as strings and
+// compiles them for evaluation. The keys of the map are used as filenames.
+func CompileModulesWithOpt(modules map[string]string, opts CompileOpts) (*Compiler, error) {
+
+ parsed := make(map[string]*Module, len(modules))
+
+ for f, module := range modules {
+ var pm *Module
+ var err error
+ if pm, err = ParseModuleWithOpts(f, module, opts.ParserOptions); err != nil {
+ return nil, err
+ }
+ parsed[f] = pm
+ }
+
+ compiler := NewCompiler().
+ WithDefaultRegoVersion(opts.ParserOptions.RegoVersion).
+ WithEnablePrintStatements(opts.EnablePrintStatements)
+ compiler.Compile(parsed)
+
+ if compiler.Failed() {
+ return nil, compiler.Errors
+ }
+
+ return compiler, nil
+}
+
+// MustCompileModules compiles a set of Rego modules represented as strings. If
+// the compilation process fails, this function panics.
+func MustCompileModules(modules map[string]string) *Compiler {
+ return MustCompileModulesWithOpts(modules, CompileOpts{})
+}
+
+// MustCompileModulesWithOpts compiles a set of Rego modules represented as strings. If
+// the compilation process fails, this function panics.
+func MustCompileModulesWithOpts(modules map[string]string, opts CompileOpts) *Compiler {
+
+ compiler, err := CompileModulesWithOpt(modules, opts)
+ if err != nil {
+ panic(err)
+ }
+
+ return compiler
+}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/compilemetrics.go b/vendor/github.com/open-policy-agent/opa/v1/ast/compilemetrics.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/ast/compilemetrics.go
rename to vendor/github.com/open-policy-agent/opa/v1/ast/compilemetrics.go
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/conflicts.go b/vendor/github.com/open-policy-agent/opa/v1/ast/conflicts.go
new file mode 100644
index 0000000000..685cc6b694
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/conflicts.go
@@ -0,0 +1,79 @@
+// Copyright 2019 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "slices"
+ "strings"
+)
+
+// CheckPathConflicts returns a set of errors indicating paths that
+// are in conflict with the result of the provided callable.
+func CheckPathConflicts(c *Compiler, exists func([]string) (bool, error)) Errors {
+ var errs Errors
+
+ root := c.RuleTree.Child(DefaultRootDocument.Value)
+ if root == nil {
+ return nil
+ }
+
+ if len(c.pathConflictCheckRoots) == 0 || slices.Contains(c.pathConflictCheckRoots, "") {
+ for _, child := range root.Children {
+ errs = append(errs, checkDocumentConflicts(child, exists, nil)...)
+ }
+ return errs
+ }
+
+ for _, rootPath := range c.pathConflictCheckRoots {
+ // traverse AST from `path` to go to the new root
+ paths := strings.Split(rootPath, "/")
+ node := root
+ for _, key := range paths {
+ node = node.Child(String(key))
+ if node == nil {
+ break
+ }
+ }
+
+ if node == nil {
+ // could not find the node from the AST (e.g. `path` is from a data file)
+ // then no conflict is possible
+ continue
+ }
+
+ for _, child := range node.Children {
+ errs = append(errs, checkDocumentConflicts(child, exists, paths)...)
+ }
+ }
+
+ return errs
+}
+
+func checkDocumentConflicts(node *TreeNode, exists func([]string) (bool, error), path []string) Errors {
+
+ switch key := node.Key.(type) {
+ case String:
+ path = append(path, string(key))
+ default: // other key types cannot conflict with data
+ return nil
+ }
+
+ if len(node.Values) > 0 {
+ s := strings.Join(path, "/")
+ if ok, err := exists(path); err != nil {
+ return Errors{NewError(CompileErr, node.Values[0].(*Rule).Loc(), "conflict check for data path %v: %v", s, err.Error())}
+ } else if ok {
+ return Errors{NewError(CompileErr, node.Values[0].(*Rule).Loc(), "conflicting rule for data path %v found", s)}
+ }
+ }
+
+ var errs Errors
+
+ for _, child := range node.Children {
+ errs = append(errs, checkDocumentConflicts(child, exists, path)...)
+ }
+
+ return errs
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/doc.go b/vendor/github.com/open-policy-agent/opa/v1/ast/doc.go
new file mode 100644
index 0000000000..62b04e301e
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/doc.go
@@ -0,0 +1,36 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package ast declares Rego syntax tree types and also includes a parser and compiler for preparing policies for execution in the policy engine.
+//
+// Rego policies are defined using a relatively small set of types: modules, package and import declarations, rules, expressions, and terms. At their core, policies consist of rules that are defined by one or more expressions over documents available to the policy engine. The expressions are defined by intrinsic values (terms) such as strings, objects, variables, etc.
+//
+// Rego policies are typically defined in text files and then parsed and compiled by the policy engine at runtime. The parsing stage takes the text or string representation of the policy and converts it into an abstract syntax tree (AST) that consists of the types mentioned above. The AST is organized as follows:
+//
+// Module
+// |
+// +--- Package (Reference)
+// |
+// +--- Imports
+// | |
+// | +--- Import (Term)
+// |
+// +--- Rules
+// |
+// +--- Rule
+// |
+// +--- Head
+// | |
+// | +--- Name (Variable)
+// | |
+// | +--- Key (Term)
+// | |
+// | +--- Value (Term)
+// |
+// +--- Body
+// |
+// +--- Expression (Term | Terms | Variable Declaration)
+//
+// At query time, the policy engine expects policies to have been compiled. The compilation stage takes one or more modules and compiles them into a format that the policy engine supports.
+package ast
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/env.go b/vendor/github.com/open-policy-agent/opa/v1/ast/env.go
new file mode 100644
index 0000000000..12d4be8918
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/env.go
@@ -0,0 +1,528 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "fmt"
+ "strings"
+
+ "github.com/open-policy-agent/opa/v1/types"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// TypeEnv contains type info for static analysis such as type checking.
+type TypeEnv struct {
+ tree *typeTreeNode
+ next *TypeEnv
+ newChecker func() *typeChecker
+}
+
+// newTypeEnv returns an empty TypeEnv. The constructor is not exported because
+// type environments should only be created by the type checker.
+func newTypeEnv(f func() *typeChecker) *TypeEnv {
+ return &TypeEnv{
+ tree: newTypeTree(),
+ newChecker: f,
+ }
+}
+
+// Get returns the type of x.
+// Deprecated: Use GetByValue or GetByRef instead, as they are more efficient.
+func (env *TypeEnv) Get(x any) types.Type {
+ if term, ok := x.(*Term); ok {
+ x = term.Value
+ }
+
+ if v, ok := x.(Value); ok {
+ return env.GetByValue(v)
+ }
+
+ panic("unreachable")
+}
+
+// GetByValue returns the type of v.
+func (env *TypeEnv) GetByValue(v Value) types.Type {
+ switch x := v.(type) {
+
+ // Scalars.
+ case Null:
+ return types.Nl
+ case Boolean:
+ return types.B
+ case Number:
+ return types.N
+ case String:
+ return types.S
+
+ // Composites.
+ case *Array:
+ static := make([]types.Type, x.Len())
+ for i := range static {
+ tpe := env.GetByValue(x.Elem(i).Value)
+ static[i] = tpe
+ }
+
+ var dynamic types.Type
+ if len(static) == 0 {
+ dynamic = types.A
+ }
+
+ return types.NewArray(static, dynamic)
+
+ case *lazyObj:
+ return env.GetByValue(x.force())
+ case *object:
+ static := []*types.StaticProperty{}
+ var dynamic *types.DynamicProperty
+
+ x.Foreach(func(k, v *Term) {
+ if IsConstant(k.Value) {
+ kjson, err := JSON(k.Value)
+ if err == nil {
+ tpe := env.GetByValue(v.Value)
+ static = append(static, types.NewStaticProperty(kjson, tpe))
+ return
+ }
+ }
+ // Can't handle it as a static property, fallback to dynamic
+ typeK := env.GetByValue(k.Value)
+ typeV := env.GetByValue(v.Value)
+ dynamic = types.NewDynamicProperty(typeK, typeV)
+ })
+
+ if len(static) == 0 && dynamic == nil {
+ dynamic = types.NewDynamicProperty(types.A, types.A)
+ }
+
+ return types.NewObject(static, dynamic)
+
+ case Set:
+ var tpe types.Type
+ x.Foreach(func(elem *Term) {
+ tpe = types.Or(tpe, env.GetByValue(elem.Value))
+ })
+ if tpe == nil {
+ tpe = types.A
+ }
+ return types.NewSet(tpe)
+
+ // Comprehensions.
+ case *ArrayComprehension:
+ cpy, errs := env.newChecker().CheckBody(env, x.Body)
+ if len(errs) == 0 {
+ return types.NewArray(nil, cpy.GetByValue(x.Term.Value))
+ }
+ return nil
+ case *ObjectComprehension:
+ cpy, errs := env.newChecker().CheckBody(env, x.Body)
+ if len(errs) == 0 {
+ return types.NewObject(nil, types.NewDynamicProperty(cpy.GetByValue(x.Key.Value), cpy.GetByValue(x.Value.Value)))
+ }
+ return nil
+ case *SetComprehension:
+ cpy, errs := env.newChecker().CheckBody(env, x.Body)
+ if len(errs) == 0 {
+ return types.NewSet(cpy.GetByValue(x.Term.Value))
+ }
+ return nil
+
+ // Refs.
+ case Ref:
+ return env.GetByRef(x)
+
+ // Vars.
+ case Var:
+ if node := env.tree.Child(v); node != nil {
+ return node.Value()
+ }
+ if env.next != nil {
+ return env.next.GetByValue(v)
+ }
+ return nil
+
+ // Calls.
+ case Call:
+ return nil
+ }
+
+ return env.Get(v)
+}
+
+// GetByRef returns the type of the value referred to by ref.
+func (env *TypeEnv) GetByRef(ref Ref) types.Type {
+ node := env.tree.Child(ref[0].Value)
+ if node == nil {
+ return env.getRefFallback(ref)
+ }
+
+ return env.getRefRec(node, ref, ref[1:])
+}
+
+func (env *TypeEnv) getRefFallback(ref Ref) types.Type {
+
+ if env.next != nil {
+ return env.next.GetByRef(ref)
+ }
+
+ if RootDocumentNames.Contains(ref[0]) {
+ return types.A
+ }
+
+ return nil
+}
+
+func (env *TypeEnv) getRefRec(node *typeTreeNode, ref, tail Ref) types.Type {
+ if len(tail) == 0 {
+ return env.getRefRecExtent(node)
+ }
+
+ if node.Leaf() {
+ if node.children.Len() > 0 {
+ if child := node.Child(tail[0].Value); child != nil {
+ return env.getRefRec(child, ref, tail[1:])
+ }
+ }
+ return selectRef(node.Value(), tail)
+ }
+
+ if !IsConstant(tail[0].Value) {
+ return selectRef(env.getRefRecExtent(node), tail)
+ }
+
+ child := node.Child(tail[0].Value)
+ if child == nil {
+ return env.getRefFallback(ref)
+ }
+
+ return env.getRefRec(child, ref, tail[1:])
+}
+
+func (env *TypeEnv) getRefRecExtent(node *typeTreeNode) types.Type {
+
+ if node.Leaf() {
+ return node.Value()
+ }
+
+ children := []*types.StaticProperty{}
+
+ node.Children().Iter(func(key Value, child *typeTreeNode) bool {
+ tpe := env.getRefRecExtent(child)
+
+ // NOTE(sr): Converting to Golang-native types here is an extension of what we did
+ // before -- only supporting strings. But since we cannot differentiate sets and arrays
+ // that way, we could reconsider.
+ switch key.(type) {
+ case String, Number, Boolean: // skip anything else
+ propKey, err := JSON(key)
+ if err != nil {
+ panic(fmt.Errorf("unreachable, ValueToInterface: %w", err))
+ }
+ children = append(children, types.NewStaticProperty(propKey, tpe))
+ }
+ return false
+ })
+
+ // TODO(tsandall): for now, these objects can have any dynamic properties
+ // because we don't have schema for base docs. Once schemas are supported
+ // we can improve this.
+ return types.NewObject(children, types.NewDynamicProperty(types.S, types.A))
+}
+
+func (env *TypeEnv) wrap() *TypeEnv {
+ cpy := *env
+ cpy.next = env
+ cpy.tree = newTypeTree()
+ return &cpy
+}
+
+// typeTreeNode is used to store type information in a tree.
+type typeTreeNode struct {
+ key Value
+ value types.Type
+ children *util.HasherMap[Value, *typeTreeNode]
+}
+
+func newTypeTree() *typeTreeNode {
+ return &typeTreeNode{
+ key: nil,
+ value: nil,
+ children: util.NewHasherMap[Value, *typeTreeNode](ValueEqual),
+ }
+}
+
+func (n *typeTreeNode) Child(key Value) *typeTreeNode {
+ value, ok := n.children.Get(key)
+ if !ok {
+ return nil
+ }
+ return value
+}
+
+func (n *typeTreeNode) Children() *util.HasherMap[Value, *typeTreeNode] {
+ return n.children
+}
+
+func (n *typeTreeNode) Get(path Ref) types.Type {
+ curr := n
+ for _, term := range path {
+ child, ok := curr.children.Get(term.Value)
+ if !ok {
+ return nil
+ }
+ curr = child
+ }
+ return curr.Value()
+}
+
+func (n *typeTreeNode) Leaf() bool {
+ return n.value != nil
+}
+
+func (n *typeTreeNode) PutOne(key Value, tpe types.Type) {
+ c, ok := n.children.Get(key)
+
+ var child *typeTreeNode
+ if !ok {
+ child = newTypeTree()
+ child.key = key
+ n.children.Put(key, child)
+ } else {
+ child = c
+ }
+
+ child.value = tpe
+}
+
+func (n *typeTreeNode) Put(path Ref, tpe types.Type) {
+ curr := n
+ for _, term := range path {
+ c, ok := curr.children.Get(term.Value)
+
+ var child *typeTreeNode
+ if !ok {
+ child = newTypeTree()
+ child.key = term.Value
+ curr.children.Put(child.key, child)
+ } else {
+ child = c
+ }
+
+ curr = child
+ }
+ curr.value = tpe
+}
+
+// Insert inserts tpe at path in the tree, but also merges the value into any types.Object present along that path.
+// If a types.Object is inserted, any leafs already present further down the tree are merged into the inserted object.
+// path must be ground.
+func (n *typeTreeNode) Insert(path Ref, tpe types.Type, env *TypeEnv) {
+ curr := n
+ for i, term := range path {
+ c, ok := curr.children.Get(term.Value)
+
+ var child *typeTreeNode
+ if !ok {
+ child = newTypeTree()
+ child.key = term.Value
+ curr.children.Put(child.key, child)
+ } else {
+ child = c
+ if child.value != nil && i+1 < len(path) {
+ // If child has an object value, merge the new value into it.
+ if o, ok := child.value.(*types.Object); ok {
+ var err error
+ child.value, err = insertIntoObject(o, path[i+1:], tpe, env)
+ if err != nil {
+ panic(fmt.Errorf("unreachable, insertIntoObject: %w", err))
+ }
+ }
+ }
+ }
+
+ curr = child
+ }
+
+ curr.value = mergeTypes(curr.value, tpe)
+
+ if _, ok := tpe.(*types.Object); ok && curr.children.Len() > 0 {
+ // merge all leafs into the inserted object
+ leafs := curr.Leafs()
+ for p, t := range leafs {
+ var err error
+ curr.value, err = insertIntoObject(curr.value.(*types.Object), *p, t, env)
+ if err != nil {
+ panic(fmt.Errorf("unreachable, insertIntoObject: %w", err))
+ }
+ }
+ }
+}
+
+// mergeTypes merges the types of 'a' and 'b'. If both are sets, their 'of' types are joined with an types.Or.
+// If both are objects, the key types of their dynamic properties are joined with types.Or:s, and their value types
+// are recursively merged (using mergeTypes).
+// If 'a' and 'b' are both objects, and at least one of them have static properties, they are joined
+// with an types.Or, instead of being merged.
+// If 'a' is an Any containing an Object, and 'b' is an Object (or vice versa); AND both objects have no
+// static properties, they are merged.
+// If 'a' and 'b' are different types, they are joined with an types.Or.
+func mergeTypes(a, b types.Type) types.Type {
+ if a == nil {
+ return b
+ }
+
+ if b == nil {
+ return a
+ }
+
+ switch a := a.(type) {
+ case *types.Object:
+ if bObj, ok := b.(*types.Object); ok && len(a.StaticProperties()) == 0 && len(bObj.StaticProperties()) == 0 {
+ if len(a.StaticProperties()) > 0 || len(bObj.StaticProperties()) > 0 {
+ return types.Or(a, bObj)
+ }
+
+ aDynProps := a.DynamicProperties()
+ bDynProps := bObj.DynamicProperties()
+ dynProps := types.NewDynamicProperty(
+ types.Or(aDynProps.Key, bDynProps.Key),
+ mergeTypes(aDynProps.Value, bDynProps.Value))
+ return types.NewObject(nil, dynProps)
+ } else if bAny, ok := b.(types.Any); ok && len(a.StaticProperties()) == 0 {
+ // If a is an object type with no static components ...
+ for _, t := range bAny {
+ if tObj, ok := t.(*types.Object); ok && len(tObj.StaticProperties()) == 0 {
+ // ... and b is a types.Any containing an object with no static components, we merge them.
+ aDynProps := a.DynamicProperties()
+ tDynProps := tObj.DynamicProperties()
+ tDynProps.Key = types.Or(tDynProps.Key, aDynProps.Key)
+ tDynProps.Value = types.Or(tDynProps.Value, aDynProps.Value)
+ return bAny
+ }
+ }
+ }
+ case *types.Set:
+ if bSet, ok := b.(*types.Set); ok {
+ return types.NewSet(types.Or(a.Of(), bSet.Of()))
+ }
+ case types.Any:
+ if _, ok := b.(types.Any); !ok {
+ return mergeTypes(b, a)
+ }
+ }
+
+ return types.Or(a, b)
+}
+
+func (n *typeTreeNode) String() string {
+ b := strings.Builder{}
+
+ if k := n.key; k != nil {
+ b.WriteString(k.String())
+ } else {
+ b.WriteString("-")
+ }
+
+ if v := n.value; v != nil {
+ b.WriteString(": ")
+ b.WriteString(v.String())
+ }
+
+ n.children.Iter(func(_ Value, child *typeTreeNode) bool {
+ b.WriteString("\n\t+ ")
+ s := child.String()
+ s = strings.ReplaceAll(s, "\n", "\n\t")
+ b.WriteString(s)
+
+ return false
+ })
+
+ return b.String()
+}
+
+func insertIntoObject(o *types.Object, path Ref, tpe types.Type, env *TypeEnv) (*types.Object, error) {
+ if len(path) == 0 {
+ return o, nil
+ }
+
+ key := env.GetByValue(path[0].Value)
+
+ if len(path) == 1 {
+ var dynamicProps *types.DynamicProperty
+ if dp := o.DynamicProperties(); dp != nil {
+ dynamicProps = types.NewDynamicProperty(types.Or(o.DynamicProperties().Key, key), types.Or(o.DynamicProperties().Value, tpe))
+ } else {
+ dynamicProps = types.NewDynamicProperty(key, tpe)
+ }
+ return types.NewObject(o.StaticProperties(), dynamicProps), nil
+ }
+
+ child, err := insertIntoObject(types.NewObject(nil, nil), path[1:], tpe, env)
+ if err != nil {
+ return nil, err
+ }
+
+ var dynamicProps *types.DynamicProperty
+ if dp := o.DynamicProperties(); dp != nil {
+ dynamicProps = types.NewDynamicProperty(types.Or(o.DynamicProperties().Key, key), types.Or(o.DynamicProperties().Value, child))
+ } else {
+ dynamicProps = types.NewDynamicProperty(key, child)
+ }
+ return types.NewObject(o.StaticProperties(), dynamicProps), nil
+}
+
+func (n *typeTreeNode) Leafs() map[*Ref]types.Type {
+ leafs := map[*Ref]types.Type{}
+ n.children.Iter(func(_ Value, v *typeTreeNode) bool {
+ collectLeafs(v, nil, leafs)
+ return false
+ })
+ return leafs
+}
+
+func collectLeafs(n *typeTreeNode, path Ref, leafs map[*Ref]types.Type) {
+ nPath := append(path, NewTerm(n.key))
+ if n.Leaf() {
+ leafs[&nPath] = n.Value()
+ return
+ }
+ n.children.Iter(func(_ Value, v *typeTreeNode) bool {
+ collectLeafs(v, nPath, leafs)
+ return false
+ })
+}
+
+func (n *typeTreeNode) Value() types.Type {
+ return n.value
+}
+
+// selectConstant returns the attribute of the type referred to by the term. If
+// the attribute type cannot be determined, nil is returned.
+func selectConstant(tpe types.Type, term *Term) types.Type {
+ x, err := JSON(term.Value)
+ if err == nil {
+ return types.Select(tpe, x)
+ }
+ return nil
+}
+
+// selectRef returns the type of the nested attribute referred to by ref. If
+// the attribute type cannot be determined, nil is returned. If the ref
+// contains vars or refs, then the returned type will be a union of the
+// possible types.
+func selectRef(tpe types.Type, ref Ref) types.Type {
+
+ if tpe == nil || len(ref) == 0 {
+ return tpe
+ }
+
+ head, tail := ref[0], ref[1:]
+
+ switch head.Value.(type) {
+ case Var, Ref, *Array, Object, Set:
+ return selectRef(types.Values(tpe), tail)
+ default:
+ return selectRef(selectConstant(tpe, head), tail)
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/errors.go b/vendor/github.com/open-policy-agent/opa/v1/ast/errors.go
new file mode 100644
index 0000000000..75160afc6e
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/errors.go
@@ -0,0 +1,124 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "fmt"
+ "slices"
+ "strconv"
+ "strings"
+)
+
+// Errors represents a series of errors encountered during parsing, compiling,
+// etc.
+type Errors []*Error
+
+func (e Errors) Error() string {
+
+ if len(e) == 0 {
+ return "no error(s)"
+ }
+
+ if len(e) == 1 {
+ return fmt.Sprintf("1 error occurred: %v", e[0].Error())
+ }
+
+ s := make([]string, len(e))
+ for i, err := range e {
+ s[i] = err.Error()
+ }
+
+ return fmt.Sprintf("%d errors occurred:\n%s", len(e), strings.Join(s, "\n"))
+}
+
+// Sort sorts the error slice by location. If the locations are equal then the
+// error message is compared.
+func (e Errors) Sort() {
+ slices.SortFunc(e, func(a, b *Error) int {
+ if cmp := a.Location.Compare(b.Location); cmp != 0 {
+ return cmp
+ }
+
+ return strings.Compare(a.Error(), b.Error())
+ })
+}
+
+const (
+ // ParseErr indicates an unclassified parse error occurred.
+ ParseErr = "rego_parse_error"
+
+ // CompileErr indicates an unclassified compile error occurred.
+ CompileErr = "rego_compile_error"
+
+ // TypeErr indicates a type error was caught.
+ TypeErr = "rego_type_error"
+
+ // UnsafeVarErr indicates an unsafe variable was found during compilation.
+ UnsafeVarErr = "rego_unsafe_var_error"
+
+ // RecursionErr indicates recursion was found during compilation.
+ RecursionErr = "rego_recursion_error"
+
+ // FormatErr indicates an error occurred during formatting.
+ FormatErr = "rego_format_error"
+)
+
+// IsError returns true if err is an AST error with code.
+func IsError(code string, err error) bool {
+ if err, ok := err.(*Error); ok {
+ return err.Code == code
+ }
+ return false
+}
+
+// ErrorDetails defines the interface for detailed error messages.
+type ErrorDetails interface {
+ Lines() []string
+}
+
+// Error represents a single error caught during parsing, compiling, etc.
+type Error struct {
+ Code string `json:"code"`
+ Message string `json:"message"`
+ Location *Location `json:"location,omitempty"`
+ Details ErrorDetails `json:"details,omitempty"`
+}
+
+func (e *Error) Error() string {
+
+ var prefix string
+
+ if e.Location != nil {
+
+ if len(e.Location.File) > 0 {
+ prefix += e.Location.File + ":" + strconv.Itoa(e.Location.Row)
+ } else {
+ prefix += strconv.Itoa(e.Location.Row) + ":" + strconv.Itoa(e.Location.Col)
+ }
+ }
+
+ msg := fmt.Sprintf("%v: %v", e.Code, e.Message)
+
+ if len(prefix) > 0 {
+ msg = prefix + ": " + msg
+ }
+
+ if e.Details != nil {
+ for _, line := range e.Details.Lines() {
+ msg += "\n\t" + line
+ }
+ }
+
+ return msg
+}
+
+// NewError returns a new Error object.
+func NewError(code string, loc *Location, f string, a ...any) *Error {
+ return &Error{
+ Code: code,
+ Location: loc,
+ Message: fmt.Sprintf(f, a...),
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/index.go b/vendor/github.com/open-policy-agent/opa/v1/ast/index.go
new file mode 100644
index 0000000000..9abababc22
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/index.go
@@ -0,0 +1,968 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "fmt"
+ "slices"
+ "sort"
+ "strings"
+ "sync"
+
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// RuleIndex defines the interface for rule indices.
+type RuleIndex interface {
+
+ // Build tries to construct an index for the given rules. If the index was
+ // constructed, it returns true, otherwise false.
+ Build(rules []*Rule) bool
+
+ // Lookup searches the index for rules that will match the provided
+ // resolver. If the resolver returns an error, it is returned via err.
+ Lookup(resolver ValueResolver) (*IndexResult, error)
+
+ // AllRules traverses the index and returns all rules that will match
+ // the provided resolver without any optimizations (effectively with
+ // indexing disabled). If the resolver returns an error, it is returned
+ // via err.
+ AllRules(resolver ValueResolver) (*IndexResult, error)
+}
+
+// IndexResult contains the result of an index lookup.
+type IndexResult struct {
+ Rules []*Rule
+ Else map[*Rule][]*Rule
+ Default *Rule
+ Kind RuleKind
+ EarlyExit bool
+ OnlyGroundRefs bool
+}
+
+// NewIndexResult returns a new IndexResult object.
+func NewIndexResult(kind RuleKind) *IndexResult {
+ return &IndexResult{
+ Kind: kind,
+ }
+}
+
+// Empty returns true if there are no rules to evaluate.
+func (ir *IndexResult) Empty() bool {
+ return len(ir.Rules) == 0 && ir.Default == nil
+}
+
+type baseDocEqIndex struct {
+ isVirtual func(Ref) bool
+ root *trieNode
+ defaultRule *Rule
+ kind RuleKind
+ onlyGroundRefs bool
+}
+
+var (
+ equalityRef = Equality.Ref()
+ equalRef = Equal.Ref()
+ globMatchRef = GlobMatch.Ref()
+ internalPrintRef = InternalPrint.Ref()
+ internalTestCaseRef = InternalTestCase.Ref()
+
+ skipIndexing = NewSet(NewTerm(internalPrintRef), NewTerm(internalTestCaseRef))
+)
+
+func newBaseDocEqIndex(isVirtual func(Ref) bool) *baseDocEqIndex {
+ return &baseDocEqIndex{
+ isVirtual: isVirtual,
+ root: newTrieNodeImpl(),
+ onlyGroundRefs: true,
+ }
+}
+
+func (i *baseDocEqIndex) Build(rules []*Rule) bool {
+ if len(rules) == 0 {
+ return false
+ }
+
+ i.kind = rules[0].Head.RuleKind()
+ indices := newrefindices(i.isVirtual)
+
+ // build indices for each rule.
+ for idx := range rules {
+ WalkRules(rules[idx], func(rule *Rule) bool {
+ if rule.Default {
+ i.defaultRule = rule
+ return false
+ }
+ if i.onlyGroundRefs {
+ i.onlyGroundRefs = rule.Head.Reference.IsGround()
+ }
+ var skip bool
+ for i := range rule.Body {
+ if op := rule.Body[i].OperatorTerm(); op != nil && skipIndexing.Contains(op) {
+ skip = true
+ break
+ }
+ }
+ if !skip {
+ for i := range rule.Body {
+ indices.Update(rule, rule.Body[i])
+ }
+ }
+ return false
+ })
+ }
+
+ // build trie out of indices.
+ for idx := range rules {
+ var prio int
+ WalkRules(rules[idx], func(rule *Rule) bool {
+ if rule.Default {
+ return false
+ }
+ node := i.root
+ if indices.Indexed(rule) {
+ for _, ref := range indices.Sorted() {
+ node = node.Insert(ref, indices.Value(rule, ref), indices.Mapper(rule, ref))
+ }
+ }
+ // Insert rule into trie with (insertion order, priority order)
+ // tuple. Retaining the insertion order allows us to return rules
+ // in the order they were passed to this function.
+ node.append([...]int{idx, prio}, rule)
+ prio++
+ return false
+ })
+ }
+ return true
+}
+
+func (i *baseDocEqIndex) Lookup(resolver ValueResolver) (*IndexResult, error) {
+ tr := ttrPool.Get().(*trieTraversalResult)
+
+ defer func() {
+ clear(tr.unordered)
+ tr.ordering = tr.ordering[:0]
+ tr.multiple = false
+ tr.exist = nil
+
+ ttrPool.Put(tr)
+ }()
+
+ err := i.root.Traverse(resolver, tr)
+ if err != nil {
+ return nil, err
+ }
+
+ result := IndexResultPool.Get()
+
+ result.Kind = i.kind
+ result.Default = i.defaultRule
+ result.OnlyGroundRefs = i.onlyGroundRefs
+
+ if result.Rules == nil {
+ result.Rules = make([]*Rule, 0, len(tr.ordering))
+ } else {
+ result.Rules = result.Rules[:0]
+ }
+
+ clear(result.Else)
+
+ for _, pos := range tr.ordering {
+ slices.SortFunc(tr.unordered[pos], func(a, b *ruleNode) int {
+ return a.prio[1] - b.prio[1]
+ })
+ nodes := tr.unordered[pos]
+ root := nodes[0].rule
+
+ result.Rules = append(result.Rules, root)
+ if len(nodes) > 1 {
+ if result.Else == nil {
+ result.Else = map[*Rule][]*Rule{}
+ }
+
+ result.Else[root] = make([]*Rule, len(nodes)-1)
+ for i := 1; i < len(nodes); i++ {
+ result.Else[root][i-1] = nodes[i].rule
+ }
+ }
+ }
+
+ if !tr.multiple {
+ // even when the indexer hasn't seen multiple values, the rule itself could be one
+ // where early exit shouldn't be applied.
+ var lastValue Value
+ for i := range result.Rules {
+ if result.Rules[i].Head.DocKind() != CompleteDoc {
+ tr.multiple = true
+ break
+ }
+ if result.Rules[i].Head.Value != nil {
+ if lastValue != nil && !ValueEqual(lastValue, result.Rules[i].Head.Value.Value) {
+ tr.multiple = true
+ break
+ }
+ lastValue = result.Rules[i].Head.Value.Value
+ }
+ }
+ }
+
+ result.EarlyExit = !tr.multiple
+
+ return result, nil
+}
+
+func (i *baseDocEqIndex) AllRules(_ ValueResolver) (*IndexResult, error) {
+ tr := newTrieTraversalResult()
+
+ // Walk over the rule trie and accumulate _all_ rules
+ rw := &ruleWalker{result: tr}
+ i.root.Do(rw)
+
+ result := NewIndexResult(i.kind)
+ result.Default = i.defaultRule
+ result.OnlyGroundRefs = i.onlyGroundRefs
+ result.Rules = make([]*Rule, 0, len(tr.ordering))
+
+ for _, pos := range tr.ordering {
+ slices.SortFunc(tr.unordered[pos], func(a, b *ruleNode) int {
+ return a.prio[1] - b.prio[1]
+ })
+ nodes := tr.unordered[pos]
+ root := nodes[0].rule
+ result.Rules = append(result.Rules, root)
+ if len(nodes) > 1 {
+ if result.Else == nil {
+ result.Else = map[*Rule][]*Rule{}
+ }
+
+ result.Else[root] = make([]*Rule, len(nodes)-1)
+ for i := 1; i < len(nodes); i++ {
+ result.Else[root][i-1] = nodes[i].rule
+ }
+ }
+ }
+
+ result.EarlyExit = !tr.multiple
+
+ return result, nil
+}
+
+type ruleWalker struct {
+ result *trieTraversalResult
+}
+
+func (r *ruleWalker) Do(x any) trieWalker {
+ tn := x.(*trieNode)
+ r.result.Add(tn)
+ return r
+}
+
+type valueMapper struct {
+ Key string
+ MapValue func(Value) Value
+}
+
+type refindex struct {
+ Ref Ref
+ Value Value
+ Mapper *valueMapper
+}
+
+type refindices struct {
+ isVirtual func(Ref) bool
+ rules map[*Rule][]*refindex
+ frequency *util.HasherMap[Ref, int]
+ sorted []Ref
+}
+
+func newrefindices(isVirtual func(Ref) bool) *refindices {
+ return &refindices{
+ isVirtual: isVirtual,
+ rules: map[*Rule][]*refindex{},
+ frequency: util.NewHasherMap[Ref, int](RefEqual),
+ }
+}
+
+// Update attempts to update the refindices for the given expression in the
+// given rule. If the expression cannot be indexed the update does not affect
+// the indices.
+func (i *refindices) Update(rule *Rule, expr *Expr) {
+
+ if expr.Negated {
+ return
+ }
+
+ if len(expr.With) > 0 {
+ // NOTE(tsandall): In the future, we may need to consider expressions
+ // that have with statements applied to them.
+ return
+ }
+
+ op := expr.Operator()
+
+ switch {
+ case op.Equal(equalityRef):
+ i.updateEq(rule, expr)
+
+ case op.Equal(equalRef) && len(expr.Operands()) == 2:
+ // NOTE(tsandall): if equal() is called with more than two arguments the
+ // output value is being captured in which case the indexer cannot
+ // exclude the rule if the equal() call would return false (because the
+ // false value must still be produced.)
+ i.updateEq(rule, expr)
+
+ case op.Equal(globMatchRef) && len(expr.Operands()) == 3:
+ // NOTE(sr): Same as with equal() above -- 4 operands means the output
+ // of `glob.match` is captured and the rule can thus not be excluded.
+ i.updateGlobMatch(rule, expr)
+ }
+}
+
+// Sorted returns a sorted list of references that the indices were built from.
+// References that appear more frequently in the indexed rules are ordered
+// before less frequently appearing references.
+func (i *refindices) Sorted() []Ref {
+
+ if i.sorted == nil {
+ counts := make([]int, 0, i.frequency.Len())
+ i.sorted = make([]Ref, 0, i.frequency.Len())
+
+ i.frequency.Iter(func(k Ref, v int) bool {
+ counts = append(counts, v)
+ i.sorted = append(i.sorted, k)
+ return false
+ })
+
+ sort.Slice(i.sorted, func(a, b int) bool {
+ if counts[a] > counts[b] {
+ return true
+ } else if counts[b] > counts[a] {
+ return false
+ }
+ return i.sorted[a][0].Loc().Compare(i.sorted[b][0].Loc()) < 0
+ })
+ }
+
+ return i.sorted
+}
+
+func (i *refindices) Indexed(rule *Rule) bool {
+ return len(i.rules[rule]) > 0
+}
+
+func (i *refindices) Value(rule *Rule, ref Ref) Value {
+ if index := i.index(rule, ref); index != nil {
+ return index.Value
+ }
+ return nil
+}
+
+func (i *refindices) Mapper(rule *Rule, ref Ref) *valueMapper {
+ if index := i.index(rule, ref); index != nil {
+ return index.Mapper
+ }
+ return nil
+}
+
+func (i *refindices) updateEq(rule *Rule, expr *Expr) {
+ a, b := expr.Operand(0), expr.Operand(1)
+ args := rule.Head.Args
+ if idx, ok := eqOperandsToRefAndValue(i.isVirtual, args, a, b); ok {
+ i.insert(rule, idx)
+ return
+ }
+ if idx, ok := eqOperandsToRefAndValue(i.isVirtual, args, b, a); ok {
+ i.insert(rule, idx)
+ return
+ }
+}
+
+func (i *refindices) updateGlobMatch(rule *Rule, expr *Expr) {
+ args := rule.Head.Args
+
+ delim, ok := globDelimiterToString(expr.Operand(1))
+ if !ok {
+ return
+ }
+
+ if arr := globPatternToArray(expr.Operand(0), delim); arr != nil {
+ // The 3rd operand of glob.match is the value to match. We assume the
+ // 3rd operand was a reference that has been rewritten and bound to a
+ // variable earlier in the query OR a function argument variable.
+ match := expr.Operand(2)
+ if _, ok := match.Value.(Var); ok {
+ var ref Ref
+ for _, other := range i.rules[rule] {
+ if _, ok := other.Value.(Var); ok && other.Value.Compare(match.Value) == 0 {
+ ref = other.Ref
+ }
+ }
+ if ref == nil {
+ for j, arg := range args {
+ if arg.Equal(match) {
+ ref = Ref{FunctionArgRootDocument, InternedIntNumberTerm(j)}
+ }
+ }
+ }
+ if ref != nil {
+ i.insert(rule, &refindex{
+ Ref: ref,
+ Value: arr.Value,
+ Mapper: &valueMapper{
+ Key: delim,
+ MapValue: func(v Value) Value {
+ if s, ok := v.(String); ok {
+ return stringSliceToArray(splitStringEscaped(string(s), delim))
+ }
+ return v
+ },
+ },
+ })
+ }
+ }
+ }
+}
+
+func (i *refindices) insert(rule *Rule, index *refindex) {
+
+ count, ok := i.frequency.Get(index.Ref)
+ if !ok {
+ count = 0
+ }
+
+ i.frequency.Put(index.Ref, count+1)
+
+ for pos, other := range i.rules[rule] {
+ if other.Ref.Equal(index.Ref) {
+ i.rules[rule][pos] = index
+ return
+ }
+ }
+
+ i.rules[rule] = append(i.rules[rule], index)
+}
+
+func (i *refindices) index(rule *Rule, ref Ref) *refindex {
+ for _, index := range i.rules[rule] {
+ if index.Ref.Equal(ref) {
+ return index
+ }
+ }
+ return nil
+}
+
+type trieWalker interface {
+ Do(x any) trieWalker
+}
+
+type trieTraversalResult struct {
+ unordered map[int][]*ruleNode
+ ordering []int
+ exist *Term
+ multiple bool
+}
+
+var ttrPool = sync.Pool{
+ New: func() any {
+ return newTrieTraversalResult()
+ },
+}
+
+func newTrieTraversalResult() *trieTraversalResult {
+ return &trieTraversalResult{
+ unordered: map[int][]*ruleNode{},
+ }
+}
+
+func (tr *trieTraversalResult) Add(t *trieNode) {
+ for _, node := range t.rules {
+ root := node.prio[0]
+ nodes, ok := tr.unordered[root]
+ if !ok {
+ tr.ordering = append(tr.ordering, root)
+ }
+ tr.unordered[root] = append(nodes, node)
+ }
+ if t.multiple {
+ tr.multiple = true
+ }
+ if tr.multiple || t.value == nil {
+ return
+ }
+ if t.value.IsGround() && tr.exist == nil || tr.exist.Equal(t.value) {
+ tr.exist = t.value
+ return
+ }
+ tr.multiple = true
+}
+
+type trieNode struct {
+ ref Ref
+ mappers []*valueMapper
+ next *trieNode
+ any *trieNode
+ undefined *trieNode
+ scalars *util.HasherMap[Value, *trieNode]
+ array *trieNode
+ rules []*ruleNode
+ value *Term
+ multiple bool
+}
+
+func (node *trieNode) String() string {
+ var flags []string
+ flags = append(flags, fmt.Sprintf("self:%p", node))
+ if len(node.ref) > 0 {
+ flags = append(flags, node.ref.String())
+ }
+ if node.next != nil {
+ flags = append(flags, fmt.Sprintf("next:%p", node.next))
+ }
+ if node.any != nil {
+ flags = append(flags, fmt.Sprintf("any:%p", node.any))
+ }
+ if node.undefined != nil {
+ flags = append(flags, fmt.Sprintf("undefined:%p", node.undefined))
+ }
+ if node.array != nil {
+ flags = append(flags, fmt.Sprintf("array:%p", node.array))
+ }
+ if node.scalars.Len() > 0 {
+ buf := make([]string, 0, node.scalars.Len())
+ node.scalars.Iter(func(key Value, val *trieNode) bool {
+ buf = append(buf, fmt.Sprintf("scalar(%v):%p", key, val))
+ return false
+ })
+ sort.Strings(buf)
+ flags = append(flags, strings.Join(buf, " "))
+ }
+ if len(node.rules) > 0 {
+ flags = append(flags, fmt.Sprintf("%d rule(s)", len(node.rules)))
+ }
+ if len(node.mappers) > 0 {
+ flags = append(flags, fmt.Sprintf("%d mapper(s)", len(node.mappers)))
+ }
+ if node.value != nil {
+ flags = append(flags, "value exists")
+ }
+ return strings.Join(flags, " ")
+}
+
+func (node *trieNode) append(prio [2]int, rule *Rule) {
+ node.rules = append(node.rules, &ruleNode{prio, rule})
+
+ if node.value != nil && rule.Head.Value != nil && !node.value.Equal(rule.Head.Value) {
+ node.multiple = true
+ }
+
+ if node.value == nil && rule.Head.DocKind() == CompleteDoc {
+ node.value = rule.Head.Value
+ }
+}
+
+type ruleNode struct {
+ prio [2]int
+ rule *Rule
+}
+
+func newTrieNodeImpl() *trieNode {
+ return &trieNode{
+ scalars: util.NewHasherMap[Value, *trieNode](ValueEqual),
+ }
+}
+
+func (node *trieNode) Do(walker trieWalker) {
+ next := walker.Do(node)
+ if next == nil {
+ return
+ }
+ if node.any != nil {
+ node.any.Do(next)
+ }
+ if node.undefined != nil {
+ node.undefined.Do(next)
+ }
+
+ node.scalars.Iter(func(_ Value, child *trieNode) bool {
+ child.Do(next)
+ return false
+ })
+
+ if node.array != nil {
+ node.array.Do(next)
+ }
+ if node.next != nil {
+ node.next.Do(next)
+ }
+}
+
+func (node *trieNode) Insert(ref Ref, value Value, mapper *valueMapper) *trieNode {
+
+ if node.next == nil {
+ node.next = newTrieNodeImpl()
+ node.next.ref = ref
+ }
+
+ if mapper != nil {
+ node.next.addMapper(mapper)
+ }
+
+ return node.next.insertValue(value)
+}
+
+func (node *trieNode) Traverse(resolver ValueResolver, tr *trieTraversalResult) error {
+
+ if node == nil {
+ return nil
+ }
+
+ tr.Add(node)
+
+ return node.next.traverse(resolver, tr)
+}
+
+func (node *trieNode) addMapper(mapper *valueMapper) {
+ for i := range node.mappers {
+ if node.mappers[i].Key == mapper.Key {
+ return
+ }
+ }
+ node.mappers = append(node.mappers, mapper)
+}
+
+func (node *trieNode) insertValue(value Value) *trieNode {
+
+ switch value := value.(type) {
+ case nil:
+ if node.undefined == nil {
+ node.undefined = newTrieNodeImpl()
+ }
+ return node.undefined
+ case Var:
+ if node.any == nil {
+ node.any = newTrieNodeImpl()
+ }
+ return node.any
+ case Null, Boolean, Number, String:
+ child, ok := node.scalars.Get(value)
+ if !ok {
+ child = newTrieNodeImpl()
+ node.scalars.Put(value, child)
+ }
+ return child
+ case *Array:
+ if node.array == nil {
+ node.array = newTrieNodeImpl()
+ }
+ return node.array.insertArray(value)
+ }
+
+ panic("illegal value")
+}
+
+func (node *trieNode) insertArray(arr *Array) *trieNode {
+
+ if arr.Len() == 0 {
+ return node
+ }
+
+ switch head := arr.Elem(0).Value.(type) {
+ case Var:
+ if node.any == nil {
+ node.any = newTrieNodeImpl()
+ }
+ return node.any.insertArray(arr.Slice(1, -1))
+ case Null, Boolean, Number, String:
+ child, ok := node.scalars.Get(head)
+ if !ok {
+ child = newTrieNodeImpl()
+ node.scalars.Put(head, child)
+ }
+ return child.insertArray(arr.Slice(1, -1))
+ }
+
+ panic("illegal value")
+}
+
+func (node *trieNode) traverse(resolver ValueResolver, tr *trieTraversalResult) error {
+
+ if node == nil {
+ return nil
+ }
+
+ v, err := resolver.Resolve(node.ref)
+ if err != nil {
+ if IsUnknownValueErr(err) {
+ return node.traverseUnknown(resolver, tr)
+ }
+ return err
+ }
+
+ if node.undefined != nil {
+ err = node.undefined.Traverse(resolver, tr)
+ if err != nil {
+ return err
+ }
+ }
+
+ if v == nil {
+ return nil
+ }
+
+ if node.any != nil {
+ err = node.any.Traverse(resolver, tr)
+ if err != nil {
+ return err
+ }
+ }
+
+ if err := node.traverseValue(resolver, tr, v); err != nil {
+ return err
+ }
+
+ for i := range node.mappers {
+ if err := node.traverseValue(resolver, tr, node.mappers[i].MapValue(v)); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+func (node *trieNode) traverseValue(resolver ValueResolver, tr *trieTraversalResult, value Value) error {
+
+ switch value := value.(type) {
+ case *Array:
+ if node.array == nil {
+ return nil
+ }
+ return node.array.traverseArray(resolver, tr, value)
+
+ case Null, Boolean, Number, String:
+ child, ok := node.scalars.Get(value)
+ if !ok {
+ return nil
+ }
+ return child.Traverse(resolver, tr)
+ }
+
+ return nil
+}
+
+func (node *trieNode) traverseArray(resolver ValueResolver, tr *trieTraversalResult, arr *Array) error {
+
+ if arr.Len() == 0 {
+ return node.Traverse(resolver, tr)
+ }
+
+ if node.any != nil {
+ err := node.any.traverseArray(resolver, tr, arr.Slice(1, -1))
+ if err != nil {
+ return err
+ }
+ }
+
+ head := arr.Elem(0).Value
+
+ if !IsScalar(head) {
+ return nil
+ }
+
+ switch head := head.(type) {
+ case Null, Boolean, Number, String:
+ child, ok := node.scalars.Get(head)
+ if !ok {
+ return nil
+ }
+ return child.traverseArray(resolver, tr, arr.Slice(1, -1))
+ }
+
+ panic("illegal value")
+}
+
+func (node *trieNode) traverseUnknown(resolver ValueResolver, tr *trieTraversalResult) error {
+
+ if node == nil {
+ return nil
+ }
+
+ if err := node.Traverse(resolver, tr); err != nil {
+ return err
+ }
+
+ if err := node.undefined.traverseUnknown(resolver, tr); err != nil {
+ return err
+ }
+
+ if err := node.any.traverseUnknown(resolver, tr); err != nil {
+ return err
+ }
+
+ if err := node.array.traverseUnknown(resolver, tr); err != nil {
+ return err
+ }
+
+ var iterErr error
+ node.scalars.Iter(func(_ Value, child *trieNode) bool {
+ return child.traverseUnknown(resolver, tr) != nil
+ })
+
+ return iterErr
+}
+
+// If term `a` is one of the function's operands, we store a Ref: `args[0]`
+// for the argument number. So for `f(x, y) { x = 10; y = 12 }`, we'll
+// bind `args[0]` and `args[1]` to this rule when called for (x=10) and
+// (y=12) respectively.
+func eqOperandsToRefAndValue(isVirtual func(Ref) bool, args []*Term, a, b *Term) (*refindex, bool) {
+ switch v := a.Value.(type) {
+ case Var:
+ for i, arg := range args {
+ if arg.Value.Compare(a.Value) == 0 {
+ if bval, ok := indexValue(b); ok {
+ return &refindex{Ref: Ref{FunctionArgRootDocument, InternedIntNumberTerm(i)}, Value: bval}, true
+ }
+ }
+ }
+ case Ref:
+ if !RootDocumentNames.Contains(v[0]) {
+ return nil, false
+ }
+ if isVirtual(v) {
+ return nil, false
+ }
+ if v.IsNested() || !v.IsGround() {
+ return nil, false
+ }
+ if bval, ok := indexValue(b); ok {
+ return &refindex{Ref: v, Value: bval}, true
+ }
+ }
+ return nil, false
+}
+
+func indexValue(b *Term) (Value, bool) {
+ switch b := b.Value.(type) {
+ case Null, Boolean, Number, String, Var:
+ return b, true
+ case *Array:
+ stop := false
+ first := true
+ vis := NewGenericVisitor(func(x any) bool {
+ if first {
+ first = false
+ return false
+ }
+ switch x.(type) {
+ // No nested structures or values that require evaluation (other than var).
+ case *Array, Object, Set, *ArrayComprehension, *ObjectComprehension, *SetComprehension, Ref:
+ stop = true
+ }
+ return stop
+ })
+ vis.Walk(b)
+ if !stop {
+ return b, true
+ }
+ }
+
+ return nil, false
+}
+
+func globDelimiterToString(delim *Term) (string, bool) {
+
+ arr, ok := delim.Value.(*Array)
+ if !ok {
+ return "", false
+ }
+
+ var result string
+
+ if arr.Len() == 0 {
+ result = "."
+ } else {
+ for i := range arr.Len() {
+ term := arr.Elem(i)
+ s, ok := term.Value.(String)
+ if !ok {
+ return "", false
+ }
+ result += string(s)
+ }
+ }
+
+ return result, true
+}
+
+var globwildcard = VarTerm("$globwildcard")
+
+func globPatternToArray(pattern *Term, delim string) *Term {
+
+ s, ok := pattern.Value.(String)
+ if !ok {
+ return nil
+ }
+
+ parts := splitStringEscaped(string(s), delim)
+ arr := make([]*Term, len(parts))
+
+ for i := range parts {
+ if parts[i] == "*" {
+ arr[i] = globwildcard
+ } else {
+ var escaped bool
+ for _, c := range parts[i] {
+ if c == '\\' {
+ escaped = !escaped
+ continue
+ }
+ if !escaped {
+ switch c {
+ case '[', '?', '{', '*':
+ // TODO(tsandall): super glob and character pattern
+ // matching not supported yet.
+ return nil
+ }
+ }
+ escaped = false
+ }
+ arr[i] = StringTerm(parts[i])
+ }
+ }
+
+ return ArrayTerm(arr...)
+}
+
+// splits s on characters in delim except if delim characters have been escaped
+// with reverse solidus.
+func splitStringEscaped(s string, delim string) []string {
+
+ var last, curr int
+ var escaped bool
+ var result []string
+
+ for ; curr < len(s); curr++ {
+ if s[curr] == '\\' || escaped {
+ escaped = !escaped
+ continue
+ }
+ if strings.ContainsRune(delim, rune(s[curr])) {
+ result = append(result, s[last:curr])
+ last = curr + 1
+ }
+ }
+
+ result = append(result, s[last:])
+
+ return result
+}
+
+func stringSliceToArray(s []string) *Array {
+ arr := make([]*Term, len(s))
+ for i, v := range s {
+ arr[i] = StringTerm(v)
+ }
+ return NewArray(arr...)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/internal/scanner/scanner.go b/vendor/github.com/open-policy-agent/opa/v1/ast/internal/scanner/scanner.go
similarity index 91%
rename from vendor/github.com/open-policy-agent/opa/ast/internal/scanner/scanner.go
rename to vendor/github.com/open-policy-agent/opa/v1/ast/internal/scanner/scanner.go
index a0200ac18d..d70253bc5c 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/internal/scanner/scanner.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/internal/scanner/scanner.go
@@ -10,7 +10,8 @@ import (
"unicode"
"unicode/utf8"
- "github.com/open-policy-agent/opa/ast/internal/tokens"
+ "github.com/open-policy-agent/opa/v1/ast/internal/tokens"
+ "github.com/open-policy-agent/opa/v1/util"
)
const bom = 0xFEFF
@@ -18,31 +19,31 @@ const bom = 0xFEFF
// Scanner is used to tokenize an input stream of
// Rego source code.
type Scanner struct {
+ keywords map[string]tokens.Token
+ bs []byte
+ errors []Error
+ tabs []int
offset int
row int
col int
- bs []byte
- curr rune
width int
- errors []Error
- keywords map[string]tokens.Token
- tabs []int
+ curr rune
regoV1Compatible bool
}
// Error represents a scanner error.
type Error struct {
- Pos Position
Message string
+ Pos Position
}
// Position represents a point in the scanned source code.
type Position struct {
+ Tabs []int // positions of any tabs preceding Col
Offset int // start offset in bytes
End int // end offset in bytes
Row int // line number computed in bytes
Col int // column number computed in bytes
- Tabs []int // positions of any tabs preceding Col
}
// New returns an initialized scanner that will scan
@@ -100,8 +101,8 @@ func (s *Scanner) Keyword(lit string) tokens.Token {
func (s *Scanner) AddKeyword(kw string, tok tokens.Token) {
s.keywords[kw] = tok
- switch tok {
- case tokens.Every: // importing 'every' means also importing 'in'
+ if tok == tokens.Every {
+ // importing 'every' means also importing 'in'
s.keywords["in"] = tokens.In
}
}
@@ -164,7 +165,21 @@ func (s *Scanner) Scan() (tokens.Token, Position, string, []Error) {
var lit string
if s.isWhitespace() {
- lit = string(s.curr)
+ // string(rune) is an unnecessary heap allocation in this case as we know all
+ // the possible whitespace values, and can simply translate to string ourselves
+ switch s.curr {
+ case ' ':
+ lit = " "
+ case '\t':
+ lit = "\t"
+ case '\n':
+ lit = "\n"
+ case '\r':
+ lit = "\r"
+ default:
+ // unreachable unless isWhitespace changes
+ lit = string(s.curr)
+ }
s.next()
tok = tokens.Whitespace
} else if isLetter(s.curr) {
@@ -270,7 +285,8 @@ func (s *Scanner) scanIdentifier() string {
for isLetter(s.curr) || isDigit(s.curr) {
s.next()
}
- return string(s.bs[start : s.offset-1])
+
+ return util.ByteSliceToString(s.bs[start : s.offset-1])
}
func (s *Scanner) scanNumber() string {
@@ -321,7 +337,7 @@ func (s *Scanner) scanNumber() string {
}
}
- return string(s.bs[start : s.offset-1])
+ return util.ByteSliceToString(s.bs[start : s.offset-1])
}
func (s *Scanner) scanString() string {
@@ -355,7 +371,7 @@ func (s *Scanner) scanString() string {
}
}
- return string(s.bs[start : s.offset-1])
+ return util.ByteSliceToString(s.bs[start : s.offset-1])
}
func (s *Scanner) scanRawString() string {
@@ -370,7 +386,8 @@ func (s *Scanner) scanRawString() string {
break
}
}
- return string(s.bs[start : s.offset-1])
+
+ return util.ByteSliceToString(s.bs[start : s.offset-1])
}
func (s *Scanner) scanComment() string {
@@ -381,9 +398,10 @@ func (s *Scanner) scanComment() string {
end := s.offset - 1
// Trim carriage returns that precede the newline
if s.offset > 1 && s.bs[s.offset-2] == '\r' {
- end = end - 1
+ end -= 1
}
- return string(s.bs[start:end])
+
+ return util.ByteSliceToString(s.bs[start:end])
}
func (s *Scanner) next() {
@@ -413,7 +431,7 @@ func (s *Scanner) next() {
if s.curr == '\n' {
s.row++
s.col = 0
- s.tabs = []int{}
+ s.tabs = s.tabs[:0]
} else {
s.col++
if s.curr == '\t' {
diff --git a/vendor/github.com/open-policy-agent/opa/ast/internal/tokens/tokens.go b/vendor/github.com/open-policy-agent/opa/v1/ast/internal/tokens/tokens.go
similarity index 93%
rename from vendor/github.com/open-policy-agent/opa/ast/internal/tokens/tokens.go
rename to vendor/github.com/open-policy-agent/opa/v1/ast/internal/tokens/tokens.go
index 623ed7ed21..4033ba81ae 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/internal/tokens/tokens.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/internal/tokens/tokens.go
@@ -4,12 +4,14 @@
package tokens
+import "maps"
+
// Token represents a single Rego source code token
// for use by the Parser.
-type Token int
+type Token uint8
func (t Token) String() string {
- if t < 0 || int(t) >= len(strings) {
+ if int(t) >= len(strings) {
return "unknown"
}
return strings[t]
@@ -137,11 +139,7 @@ var keywords = map[string]Token{
// Keywords returns a copy of the default string -> Token keyword map.
func Keywords() map[string]Token {
- cpy := make(map[string]Token, len(keywords))
- for k, v := range keywords {
- cpy[k] = v
- }
- return cpy
+ return maps.Clone(keywords)
}
// IsKeyword returns if a token is a keyword
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/interning.go b/vendor/github.com/open-policy-agent/opa/v1/ast/interning.go
new file mode 100644
index 0000000000..7ef32d7bba
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/interning.go
@@ -0,0 +1,1342 @@
+// Copyright 2024 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "strconv"
+)
+
+// NOTE! Great care must be taken **not** to modify the terms returned
+// from these functions, as they are shared across all callers.
+// This package is currently considered experimental, and may change
+// at any time without notice.
+
+var (
+ booleanTrueTerm = &Term{Value: Boolean(true)}
+ booleanFalseTerm = &Term{Value: Boolean(false)}
+
+ // since this is by far the most common negative number
+ minusOneTerm = &Term{Value: Number("-1")}
+
+ InternedNullTerm = &Term{Value: Null{}}
+
+ InternedEmptyString = StringTerm("")
+ InternedEmptyObject = ObjectTerm()
+ InternedEmptyArray = ArrayTerm()
+ InternedEmptySet = SetTerm()
+
+ InternedEmptyArrayValue = NewArray()
+)
+
+// InternStringTerm interns the given strings as terms. Note that Interning is
+// considered experimental and should not be relied upon by external code.
+// WARNING: This must **only** be called at initialization time, as the
+// interned terms are shared globally, and the underlying map is not thread-safe.
+func InternStringTerm(str ...string) {
+ for _, s := range str {
+ if _, ok := internedStringTerms[s]; ok {
+ continue
+ }
+
+ internedStringTerms[s] = StringTerm(s)
+ }
+}
+
+// InternedBooleanTerm returns an interned term with the given boolean value.
+func InternedBooleanTerm(b bool) *Term {
+ if b {
+ return booleanTrueTerm
+ }
+
+ return booleanFalseTerm
+}
+
+// InternedIntNumberTerm returns a term with the given integer value. The term is
+// cached between -1 to 512, and for values outside of that range, this function
+// is equivalent to ast.IntNumberTerm.
+func InternedIntNumberTerm(i int) *Term {
+ if i >= 0 && i < len(intNumberTerms) {
+ return intNumberTerms[i]
+ }
+
+ if i == -1 {
+ return minusOneTerm
+ }
+
+ return &Term{Value: Number(strconv.Itoa(i))}
+}
+
+// InternedIntFromString returns a term with the given integer value if the string
+// maps to an interned term. If the string does not map to an interned term, nil is
+// returned.
+func InternedIntNumberTermFromString(s string) *Term {
+ if term, ok := stringToIntNumberTermMap[s]; ok {
+ return term
+ }
+
+ return nil
+}
+
+// HasInternedIntNumberTerm returns true if the given integer value maps to an interned
+// term, otherwise false.
+func HasInternedIntNumberTerm(i int) bool {
+ return i >= -1 && i < len(intNumberTerms)
+}
+
+// InternedStringTerm returns an interned term with the given string value. If the
+// provided string is not interned, a new term is created for that value. It does *not*
+// modify the global interned terms map.
+func InternedStringTerm(s string) *Term {
+ if term, ok := internedStringTerms[s]; ok {
+ return term
+ }
+
+ return StringTerm(s)
+}
+
+// Returns an interned string term representing the integer value i, if
+// interned. If not, creates a new StringTerm for the integer value.
+func InternedIntegerString(i int) *Term {
+ // Cheapest option - we don't need to call strconv.Itoa
+ if HasInternedIntNumberTerm(i) {
+ if interned, ok := internedStringTerms[IntNumberTerm(i).String()]; ok {
+ return interned
+ }
+ }
+
+ // Next cheapest option — the string could still be interned if the store
+ // has been extended with more terms than we cucrrently intern.
+ s := strconv.Itoa(i)
+ if interned, ok := internedStringTerms[s]; ok {
+ return interned
+ }
+
+ // Nope, create a new term
+ return StringTerm(s)
+}
+
+var internedStringTerms = map[string]*Term{
+ "": InternedEmptyString,
+ "0": StringTerm("0"),
+ "1": StringTerm("1"),
+ "2": StringTerm("2"),
+ "3": StringTerm("3"),
+ "4": StringTerm("4"),
+ "5": StringTerm("5"),
+ "6": StringTerm("6"),
+ "7": StringTerm("7"),
+ "8": StringTerm("8"),
+ "9": StringTerm("9"),
+ "10": StringTerm("10"),
+ "11": StringTerm("11"),
+ "12": StringTerm("12"),
+ "13": StringTerm("13"),
+ "14": StringTerm("14"),
+ "15": StringTerm("15"),
+ "16": StringTerm("16"),
+ "17": StringTerm("17"),
+ "18": StringTerm("18"),
+ "19": StringTerm("19"),
+ "20": StringTerm("20"),
+ "21": StringTerm("21"),
+ "22": StringTerm("22"),
+ "23": StringTerm("23"),
+ "24": StringTerm("24"),
+ "25": StringTerm("25"),
+ "26": StringTerm("26"),
+ "27": StringTerm("27"),
+ "28": StringTerm("28"),
+ "29": StringTerm("29"),
+ "30": StringTerm("30"),
+ "31": StringTerm("31"),
+ "32": StringTerm("32"),
+ "33": StringTerm("33"),
+ "34": StringTerm("34"),
+ "35": StringTerm("35"),
+ "36": StringTerm("36"),
+ "37": StringTerm("37"),
+ "38": StringTerm("38"),
+ "39": StringTerm("39"),
+ "40": StringTerm("40"),
+ "41": StringTerm("41"),
+ "42": StringTerm("42"),
+ "43": StringTerm("43"),
+ "44": StringTerm("44"),
+ "45": StringTerm("45"),
+ "46": StringTerm("46"),
+ "47": StringTerm("47"),
+ "48": StringTerm("48"),
+ "49": StringTerm("49"),
+ "50": StringTerm("50"),
+ "51": StringTerm("51"),
+ "52": StringTerm("52"),
+ "53": StringTerm("53"),
+ "54": StringTerm("54"),
+ "55": StringTerm("55"),
+ "56": StringTerm("56"),
+ "57": StringTerm("57"),
+ "58": StringTerm("58"),
+ "59": StringTerm("59"),
+ "60": StringTerm("60"),
+ "61": StringTerm("61"),
+ "62": StringTerm("62"),
+ "63": StringTerm("63"),
+ "64": StringTerm("64"),
+ "65": StringTerm("65"),
+ "66": StringTerm("66"),
+ "67": StringTerm("67"),
+ "68": StringTerm("68"),
+ "69": StringTerm("69"),
+ "70": StringTerm("70"),
+ "71": StringTerm("71"),
+ "72": StringTerm("72"),
+ "73": StringTerm("73"),
+ "74": StringTerm("74"),
+ "75": StringTerm("75"),
+ "76": StringTerm("76"),
+ "77": StringTerm("77"),
+ "78": StringTerm("78"),
+ "79": StringTerm("79"),
+ "80": StringTerm("80"),
+ "81": StringTerm("81"),
+ "82": StringTerm("82"),
+ "83": StringTerm("83"),
+ "84": StringTerm("84"),
+ "85": StringTerm("85"),
+ "86": StringTerm("86"),
+ "87": StringTerm("87"),
+ "88": StringTerm("88"),
+ "89": StringTerm("89"),
+ "90": StringTerm("90"),
+ "91": StringTerm("91"),
+ "92": StringTerm("92"),
+ "93": StringTerm("93"),
+ "94": StringTerm("94"),
+ "95": StringTerm("95"),
+ "96": StringTerm("96"),
+ "97": StringTerm("97"),
+ "98": StringTerm("98"),
+ "99": StringTerm("99"),
+ "100": StringTerm("100"),
+
+ // Types
+ "null": StringTerm("null"),
+ "boolean": StringTerm("boolean"),
+ "number": StringTerm("number"),
+ "string": StringTerm("string"),
+ "array": StringTerm("array"),
+ "object": StringTerm("object"),
+ "set": StringTerm("set"),
+
+ // Runtime
+ "config": StringTerm("config"),
+ "env": StringTerm("env"),
+ "version": StringTerm("version"),
+ "commit": StringTerm("commit"),
+ "authorization_enabled": StringTerm("authorization_enabled"),
+ "skip_known_schema_check": StringTerm("skip_known_schema_check"),
+
+ // Annotations
+ "annotations": StringTerm("annotations"),
+ "scope": StringTerm("scope"),
+ "title": StringTerm("title"),
+ "entrypoint": StringTerm("entrypoint"),
+ "description": StringTerm("description"),
+ "organizations": StringTerm("organizations"),
+ "authors": StringTerm("authors"),
+ "related_resources": StringTerm("related_resources"),
+ "schemas": StringTerm("schemas"),
+ "custom": StringTerm("custom"),
+ "ref": StringTerm("ref"),
+ "name": StringTerm("name"),
+ "email": StringTerm("email"),
+ "schema": StringTerm("schema"),
+ "definition": StringTerm("definition"),
+ "document": StringTerm("document"),
+ "package": StringTerm("package"),
+ "rule": StringTerm("rule"),
+ "subpackages": StringTerm("subpackages"),
+
+ // Debug
+ "text": StringTerm("text"),
+ "value": StringTerm("value"),
+ "bindings": StringTerm("bindings"),
+ "expressions": StringTerm("expressions"),
+
+ // Various
+ "data": StringTerm("data"),
+ "input": StringTerm("input"),
+ "result": StringTerm("result"),
+ "keywords": StringTerm("keywords"),
+ "path": StringTerm("path"),
+ "v1": StringTerm("v1"),
+ "error": StringTerm("error"),
+ "partial": StringTerm("partial"),
+
+ // HTTP
+ "code": StringTerm("code"),
+ "message": StringTerm("message"),
+ "status_code": StringTerm("status_code"),
+ "method": StringTerm("method"),
+ "url": StringTerm("url"),
+
+ // JWT
+ "enc": StringTerm("enc"),
+ "cty": StringTerm("cty"),
+ "iss": StringTerm("iss"),
+ "exp": StringTerm("exp"),
+ "nbf": StringTerm("nbf"),
+ "aud": StringTerm("aud"),
+ "secret": StringTerm("secret"),
+ "cert": StringTerm("cert"),
+
+ // Decisions
+ "revision": StringTerm("revision"),
+ "labels": StringTerm("labels"),
+ "decision_id": StringTerm("decision_id"),
+ "bundles": StringTerm("bundles"),
+ "query": StringTerm("query"),
+ "mapped_result": StringTerm("mapped_result"),
+ "nd_builtin_cache": StringTerm("nd_builtin_cache"),
+ "erased": StringTerm("erased"),
+ "masked": StringTerm("masked"),
+ "requested_by": StringTerm("requested_by"),
+ "timestamp": StringTerm("timestamp"),
+ "metrics": StringTerm("metrics"),
+ "req_id": StringTerm("req_id"),
+}
+
+var stringToIntNumberTermMap = map[string]*Term{
+ "-1": minusOneTerm,
+ "0": intNumberTerms[0],
+ "1": intNumberTerms[1],
+ "2": intNumberTerms[2],
+ "3": intNumberTerms[3],
+ "4": intNumberTerms[4],
+ "5": intNumberTerms[5],
+ "6": intNumberTerms[6],
+ "7": intNumberTerms[7],
+ "8": intNumberTerms[8],
+ "9": intNumberTerms[9],
+ "10": intNumberTerms[10],
+ "11": intNumberTerms[11],
+ "12": intNumberTerms[12],
+ "13": intNumberTerms[13],
+ "14": intNumberTerms[14],
+ "15": intNumberTerms[15],
+ "16": intNumberTerms[16],
+ "17": intNumberTerms[17],
+ "18": intNumberTerms[18],
+ "19": intNumberTerms[19],
+ "20": intNumberTerms[20],
+ "21": intNumberTerms[21],
+ "22": intNumberTerms[22],
+ "23": intNumberTerms[23],
+ "24": intNumberTerms[24],
+ "25": intNumberTerms[25],
+ "26": intNumberTerms[26],
+ "27": intNumberTerms[27],
+ "28": intNumberTerms[28],
+ "29": intNumberTerms[29],
+ "30": intNumberTerms[30],
+ "31": intNumberTerms[31],
+ "32": intNumberTerms[32],
+ "33": intNumberTerms[33],
+ "34": intNumberTerms[34],
+ "35": intNumberTerms[35],
+ "36": intNumberTerms[36],
+ "37": intNumberTerms[37],
+ "38": intNumberTerms[38],
+ "39": intNumberTerms[39],
+ "40": intNumberTerms[40],
+ "41": intNumberTerms[41],
+ "42": intNumberTerms[42],
+ "43": intNumberTerms[43],
+ "44": intNumberTerms[44],
+ "45": intNumberTerms[45],
+ "46": intNumberTerms[46],
+ "47": intNumberTerms[47],
+ "48": intNumberTerms[48],
+ "49": intNumberTerms[49],
+ "50": intNumberTerms[50],
+ "51": intNumberTerms[51],
+ "52": intNumberTerms[52],
+ "53": intNumberTerms[53],
+ "54": intNumberTerms[54],
+ "55": intNumberTerms[55],
+ "56": intNumberTerms[56],
+ "57": intNumberTerms[57],
+ "58": intNumberTerms[58],
+ "59": intNumberTerms[59],
+ "60": intNumberTerms[60],
+ "61": intNumberTerms[61],
+ "62": intNumberTerms[62],
+ "63": intNumberTerms[63],
+ "64": intNumberTerms[64],
+ "65": intNumberTerms[65],
+ "66": intNumberTerms[66],
+ "67": intNumberTerms[67],
+ "68": intNumberTerms[68],
+ "69": intNumberTerms[69],
+ "70": intNumberTerms[70],
+ "71": intNumberTerms[71],
+ "72": intNumberTerms[72],
+ "73": intNumberTerms[73],
+ "74": intNumberTerms[74],
+ "75": intNumberTerms[75],
+ "76": intNumberTerms[76],
+ "77": intNumberTerms[77],
+ "78": intNumberTerms[78],
+ "79": intNumberTerms[79],
+ "80": intNumberTerms[80],
+ "81": intNumberTerms[81],
+ "82": intNumberTerms[82],
+ "83": intNumberTerms[83],
+ "84": intNumberTerms[84],
+ "85": intNumberTerms[85],
+ "86": intNumberTerms[86],
+ "87": intNumberTerms[87],
+ "88": intNumberTerms[88],
+ "89": intNumberTerms[89],
+ "90": intNumberTerms[90],
+ "91": intNumberTerms[91],
+ "92": intNumberTerms[92],
+ "93": intNumberTerms[93],
+ "94": intNumberTerms[94],
+ "95": intNumberTerms[95],
+ "96": intNumberTerms[96],
+ "97": intNumberTerms[97],
+ "98": intNumberTerms[98],
+ "99": intNumberTerms[99],
+ "100": intNumberTerms[100],
+ "101": intNumberTerms[101],
+ "102": intNumberTerms[102],
+ "103": intNumberTerms[103],
+ "104": intNumberTerms[104],
+ "105": intNumberTerms[105],
+ "106": intNumberTerms[106],
+ "107": intNumberTerms[107],
+ "108": intNumberTerms[108],
+ "109": intNumberTerms[109],
+ "110": intNumberTerms[110],
+ "111": intNumberTerms[111],
+ "112": intNumberTerms[112],
+ "113": intNumberTerms[113],
+ "114": intNumberTerms[114],
+ "115": intNumberTerms[115],
+ "116": intNumberTerms[116],
+ "117": intNumberTerms[117],
+ "118": intNumberTerms[118],
+ "119": intNumberTerms[119],
+ "120": intNumberTerms[120],
+ "121": intNumberTerms[121],
+ "122": intNumberTerms[122],
+ "123": intNumberTerms[123],
+ "124": intNumberTerms[124],
+ "125": intNumberTerms[125],
+ "126": intNumberTerms[126],
+ "127": intNumberTerms[127],
+ "128": intNumberTerms[128],
+ "129": intNumberTerms[129],
+ "130": intNumberTerms[130],
+ "131": intNumberTerms[131],
+ "132": intNumberTerms[132],
+ "133": intNumberTerms[133],
+ "134": intNumberTerms[134],
+ "135": intNumberTerms[135],
+ "136": intNumberTerms[136],
+ "137": intNumberTerms[137],
+ "138": intNumberTerms[138],
+ "139": intNumberTerms[139],
+ "140": intNumberTerms[140],
+ "141": intNumberTerms[141],
+ "142": intNumberTerms[142],
+ "143": intNumberTerms[143],
+ "144": intNumberTerms[144],
+ "145": intNumberTerms[145],
+ "146": intNumberTerms[146],
+ "147": intNumberTerms[147],
+ "148": intNumberTerms[148],
+ "149": intNumberTerms[149],
+ "150": intNumberTerms[150],
+ "151": intNumberTerms[151],
+ "152": intNumberTerms[152],
+ "153": intNumberTerms[153],
+ "154": intNumberTerms[154],
+ "155": intNumberTerms[155],
+ "156": intNumberTerms[156],
+ "157": intNumberTerms[157],
+ "158": intNumberTerms[158],
+ "159": intNumberTerms[159],
+ "160": intNumberTerms[160],
+ "161": intNumberTerms[161],
+ "162": intNumberTerms[162],
+ "163": intNumberTerms[163],
+ "164": intNumberTerms[164],
+ "165": intNumberTerms[165],
+ "166": intNumberTerms[166],
+ "167": intNumberTerms[167],
+ "168": intNumberTerms[168],
+ "169": intNumberTerms[169],
+ "170": intNumberTerms[170],
+ "171": intNumberTerms[171],
+ "172": intNumberTerms[172],
+ "173": intNumberTerms[173],
+ "174": intNumberTerms[174],
+ "175": intNumberTerms[175],
+ "176": intNumberTerms[176],
+ "177": intNumberTerms[177],
+ "178": intNumberTerms[178],
+ "179": intNumberTerms[179],
+ "180": intNumberTerms[180],
+ "181": intNumberTerms[181],
+ "182": intNumberTerms[182],
+ "183": intNumberTerms[183],
+ "184": intNumberTerms[184],
+ "185": intNumberTerms[185],
+ "186": intNumberTerms[186],
+ "187": intNumberTerms[187],
+ "188": intNumberTerms[188],
+ "189": intNumberTerms[189],
+ "190": intNumberTerms[190],
+ "191": intNumberTerms[191],
+ "192": intNumberTerms[192],
+ "193": intNumberTerms[193],
+ "194": intNumberTerms[194],
+ "195": intNumberTerms[195],
+ "196": intNumberTerms[196],
+ "197": intNumberTerms[197],
+ "198": intNumberTerms[198],
+ "199": intNumberTerms[199],
+ "200": intNumberTerms[200],
+ "201": intNumberTerms[201],
+ "202": intNumberTerms[202],
+ "203": intNumberTerms[203],
+ "204": intNumberTerms[204],
+ "205": intNumberTerms[205],
+ "206": intNumberTerms[206],
+ "207": intNumberTerms[207],
+ "208": intNumberTerms[208],
+ "209": intNumberTerms[209],
+ "210": intNumberTerms[210],
+ "211": intNumberTerms[211],
+ "212": intNumberTerms[212],
+ "213": intNumberTerms[213],
+ "214": intNumberTerms[214],
+ "215": intNumberTerms[215],
+ "216": intNumberTerms[216],
+ "217": intNumberTerms[217],
+ "218": intNumberTerms[218],
+ "219": intNumberTerms[219],
+ "220": intNumberTerms[220],
+ "221": intNumberTerms[221],
+ "222": intNumberTerms[222],
+ "223": intNumberTerms[223],
+ "224": intNumberTerms[224],
+ "225": intNumberTerms[225],
+ "226": intNumberTerms[226],
+ "227": intNumberTerms[227],
+ "228": intNumberTerms[228],
+ "229": intNumberTerms[229],
+ "230": intNumberTerms[230],
+ "231": intNumberTerms[231],
+ "232": intNumberTerms[232],
+ "233": intNumberTerms[233],
+ "234": intNumberTerms[234],
+ "235": intNumberTerms[235],
+ "236": intNumberTerms[236],
+ "237": intNumberTerms[237],
+ "238": intNumberTerms[238],
+ "239": intNumberTerms[239],
+ "240": intNumberTerms[240],
+ "241": intNumberTerms[241],
+ "242": intNumberTerms[242],
+ "243": intNumberTerms[243],
+ "244": intNumberTerms[244],
+ "245": intNumberTerms[245],
+ "246": intNumberTerms[246],
+ "247": intNumberTerms[247],
+ "248": intNumberTerms[248],
+ "249": intNumberTerms[249],
+ "250": intNumberTerms[250],
+ "251": intNumberTerms[251],
+ "252": intNumberTerms[252],
+ "253": intNumberTerms[253],
+ "254": intNumberTerms[254],
+ "255": intNumberTerms[255],
+ "256": intNumberTerms[256],
+ "257": intNumberTerms[257],
+ "258": intNumberTerms[258],
+ "259": intNumberTerms[259],
+ "260": intNumberTerms[260],
+ "261": intNumberTerms[261],
+ "262": intNumberTerms[262],
+ "263": intNumberTerms[263],
+ "264": intNumberTerms[264],
+ "265": intNumberTerms[265],
+ "266": intNumberTerms[266],
+ "267": intNumberTerms[267],
+ "268": intNumberTerms[268],
+ "269": intNumberTerms[269],
+ "270": intNumberTerms[270],
+ "271": intNumberTerms[271],
+ "272": intNumberTerms[272],
+ "273": intNumberTerms[273],
+ "274": intNumberTerms[274],
+ "275": intNumberTerms[275],
+ "276": intNumberTerms[276],
+ "277": intNumberTerms[277],
+ "278": intNumberTerms[278],
+ "279": intNumberTerms[279],
+ "280": intNumberTerms[280],
+ "281": intNumberTerms[281],
+ "282": intNumberTerms[282],
+ "283": intNumberTerms[283],
+ "284": intNumberTerms[284],
+ "285": intNumberTerms[285],
+ "286": intNumberTerms[286],
+ "287": intNumberTerms[287],
+ "288": intNumberTerms[288],
+ "289": intNumberTerms[289],
+ "290": intNumberTerms[290],
+ "291": intNumberTerms[291],
+ "292": intNumberTerms[292],
+ "293": intNumberTerms[293],
+ "294": intNumberTerms[294],
+ "295": intNumberTerms[295],
+ "296": intNumberTerms[296],
+ "297": intNumberTerms[297],
+ "298": intNumberTerms[298],
+ "299": intNumberTerms[299],
+ "300": intNumberTerms[300],
+ "301": intNumberTerms[301],
+ "302": intNumberTerms[302],
+ "303": intNumberTerms[303],
+ "304": intNumberTerms[304],
+ "305": intNumberTerms[305],
+ "306": intNumberTerms[306],
+ "307": intNumberTerms[307],
+ "308": intNumberTerms[308],
+ "309": intNumberTerms[309],
+ "310": intNumberTerms[310],
+ "311": intNumberTerms[311],
+ "312": intNumberTerms[312],
+ "313": intNumberTerms[313],
+ "314": intNumberTerms[314],
+ "315": intNumberTerms[315],
+ "316": intNumberTerms[316],
+ "317": intNumberTerms[317],
+ "318": intNumberTerms[318],
+ "319": intNumberTerms[319],
+ "320": intNumberTerms[320],
+ "321": intNumberTerms[321],
+ "322": intNumberTerms[322],
+ "323": intNumberTerms[323],
+ "324": intNumberTerms[324],
+ "325": intNumberTerms[325],
+ "326": intNumberTerms[326],
+ "327": intNumberTerms[327],
+ "328": intNumberTerms[328],
+ "329": intNumberTerms[329],
+ "330": intNumberTerms[330],
+ "331": intNumberTerms[331],
+ "332": intNumberTerms[332],
+ "333": intNumberTerms[333],
+ "334": intNumberTerms[334],
+ "335": intNumberTerms[335],
+ "336": intNumberTerms[336],
+ "337": intNumberTerms[337],
+ "338": intNumberTerms[338],
+ "339": intNumberTerms[339],
+ "340": intNumberTerms[340],
+ "341": intNumberTerms[341],
+ "342": intNumberTerms[342],
+ "343": intNumberTerms[343],
+ "344": intNumberTerms[344],
+ "345": intNumberTerms[345],
+ "346": intNumberTerms[346],
+ "347": intNumberTerms[347],
+ "348": intNumberTerms[348],
+ "349": intNumberTerms[349],
+ "350": intNumberTerms[350],
+ "351": intNumberTerms[351],
+ "352": intNumberTerms[352],
+ "353": intNumberTerms[353],
+ "354": intNumberTerms[354],
+ "355": intNumberTerms[355],
+ "356": intNumberTerms[356],
+ "357": intNumberTerms[357],
+ "358": intNumberTerms[358],
+ "359": intNumberTerms[359],
+ "360": intNumberTerms[360],
+ "361": intNumberTerms[361],
+ "362": intNumberTerms[362],
+ "363": intNumberTerms[363],
+ "364": intNumberTerms[364],
+ "365": intNumberTerms[365],
+ "366": intNumberTerms[366],
+ "367": intNumberTerms[367],
+ "368": intNumberTerms[368],
+ "369": intNumberTerms[369],
+ "370": intNumberTerms[370],
+ "371": intNumberTerms[371],
+ "372": intNumberTerms[372],
+ "373": intNumberTerms[373],
+ "374": intNumberTerms[374],
+ "375": intNumberTerms[375],
+ "376": intNumberTerms[376],
+ "377": intNumberTerms[377],
+ "378": intNumberTerms[378],
+ "379": intNumberTerms[379],
+ "380": intNumberTerms[380],
+ "381": intNumberTerms[381],
+ "382": intNumberTerms[382],
+ "383": intNumberTerms[383],
+ "384": intNumberTerms[384],
+ "385": intNumberTerms[385],
+ "386": intNumberTerms[386],
+ "387": intNumberTerms[387],
+ "388": intNumberTerms[388],
+ "389": intNumberTerms[389],
+ "390": intNumberTerms[390],
+ "391": intNumberTerms[391],
+ "392": intNumberTerms[392],
+ "393": intNumberTerms[393],
+ "394": intNumberTerms[394],
+ "395": intNumberTerms[395],
+ "396": intNumberTerms[396],
+ "397": intNumberTerms[397],
+ "398": intNumberTerms[398],
+ "399": intNumberTerms[399],
+ "400": intNumberTerms[400],
+ "401": intNumberTerms[401],
+ "402": intNumberTerms[402],
+ "403": intNumberTerms[403],
+ "404": intNumberTerms[404],
+ "405": intNumberTerms[405],
+ "406": intNumberTerms[406],
+ "407": intNumberTerms[407],
+ "408": intNumberTerms[408],
+ "409": intNumberTerms[409],
+ "410": intNumberTerms[410],
+ "411": intNumberTerms[411],
+ "412": intNumberTerms[412],
+ "413": intNumberTerms[413],
+ "414": intNumberTerms[414],
+ "415": intNumberTerms[415],
+ "416": intNumberTerms[416],
+ "417": intNumberTerms[417],
+ "418": intNumberTerms[418],
+ "419": intNumberTerms[419],
+ "420": intNumberTerms[420],
+ "421": intNumberTerms[421],
+ "422": intNumberTerms[422],
+ "423": intNumberTerms[423],
+ "424": intNumberTerms[424],
+ "425": intNumberTerms[425],
+ "426": intNumberTerms[426],
+ "427": intNumberTerms[427],
+ "428": intNumberTerms[428],
+ "429": intNumberTerms[429],
+ "430": intNumberTerms[430],
+ "431": intNumberTerms[431],
+ "432": intNumberTerms[432],
+ "433": intNumberTerms[433],
+ "434": intNumberTerms[434],
+ "435": intNumberTerms[435],
+ "436": intNumberTerms[436],
+ "437": intNumberTerms[437],
+ "438": intNumberTerms[438],
+ "439": intNumberTerms[439],
+ "440": intNumberTerms[440],
+ "441": intNumberTerms[441],
+ "442": intNumberTerms[442],
+ "443": intNumberTerms[443],
+ "444": intNumberTerms[444],
+ "445": intNumberTerms[445],
+ "446": intNumberTerms[446],
+ "447": intNumberTerms[447],
+ "448": intNumberTerms[448],
+ "449": intNumberTerms[449],
+ "450": intNumberTerms[450],
+ "451": intNumberTerms[451],
+ "452": intNumberTerms[452],
+ "453": intNumberTerms[453],
+ "454": intNumberTerms[454],
+ "455": intNumberTerms[455],
+ "456": intNumberTerms[456],
+ "457": intNumberTerms[457],
+ "458": intNumberTerms[458],
+ "459": intNumberTerms[459],
+ "460": intNumberTerms[460],
+ "461": intNumberTerms[461],
+ "462": intNumberTerms[462],
+ "463": intNumberTerms[463],
+ "464": intNumberTerms[464],
+ "465": intNumberTerms[465],
+ "466": intNumberTerms[466],
+ "467": intNumberTerms[467],
+ "468": intNumberTerms[468],
+ "469": intNumberTerms[469],
+ "470": intNumberTerms[470],
+ "471": intNumberTerms[471],
+ "472": intNumberTerms[472],
+ "473": intNumberTerms[473],
+ "474": intNumberTerms[474],
+ "475": intNumberTerms[475],
+ "476": intNumberTerms[476],
+ "477": intNumberTerms[477],
+ "478": intNumberTerms[478],
+ "479": intNumberTerms[479],
+ "480": intNumberTerms[480],
+ "481": intNumberTerms[481],
+ "482": intNumberTerms[482],
+ "483": intNumberTerms[483],
+ "484": intNumberTerms[484],
+ "485": intNumberTerms[485],
+ "486": intNumberTerms[486],
+ "487": intNumberTerms[487],
+ "488": intNumberTerms[488],
+ "489": intNumberTerms[489],
+ "490": intNumberTerms[490],
+ "491": intNumberTerms[491],
+ "492": intNumberTerms[492],
+ "493": intNumberTerms[493],
+ "494": intNumberTerms[494],
+ "495": intNumberTerms[495],
+ "496": intNumberTerms[496],
+ "497": intNumberTerms[497],
+ "498": intNumberTerms[498],
+ "499": intNumberTerms[499],
+ "500": intNumberTerms[500],
+ "501": intNumberTerms[501],
+ "502": intNumberTerms[502],
+ "503": intNumberTerms[503],
+ "504": intNumberTerms[504],
+ "505": intNumberTerms[505],
+ "506": intNumberTerms[506],
+ "507": intNumberTerms[507],
+ "508": intNumberTerms[508],
+ "509": intNumberTerms[509],
+ "510": intNumberTerms[510],
+ "511": intNumberTerms[511],
+ "512": intNumberTerms[512],
+}
+
+var intNumberTerms = [...]*Term{
+ {Value: Number("0")},
+ {Value: Number("1")},
+ {Value: Number("2")},
+ {Value: Number("3")},
+ {Value: Number("4")},
+ {Value: Number("5")},
+ {Value: Number("6")},
+ {Value: Number("7")},
+ {Value: Number("8")},
+ {Value: Number("9")},
+ {Value: Number("10")},
+ {Value: Number("11")},
+ {Value: Number("12")},
+ {Value: Number("13")},
+ {Value: Number("14")},
+ {Value: Number("15")},
+ {Value: Number("16")},
+ {Value: Number("17")},
+ {Value: Number("18")},
+ {Value: Number("19")},
+ {Value: Number("20")},
+ {Value: Number("21")},
+ {Value: Number("22")},
+ {Value: Number("23")},
+ {Value: Number("24")},
+ {Value: Number("25")},
+ {Value: Number("26")},
+ {Value: Number("27")},
+ {Value: Number("28")},
+ {Value: Number("29")},
+ {Value: Number("30")},
+ {Value: Number("31")},
+ {Value: Number("32")},
+ {Value: Number("33")},
+ {Value: Number("34")},
+ {Value: Number("35")},
+ {Value: Number("36")},
+ {Value: Number("37")},
+ {Value: Number("38")},
+ {Value: Number("39")},
+ {Value: Number("40")},
+ {Value: Number("41")},
+ {Value: Number("42")},
+ {Value: Number("43")},
+ {Value: Number("44")},
+ {Value: Number("45")},
+ {Value: Number("46")},
+ {Value: Number("47")},
+ {Value: Number("48")},
+ {Value: Number("49")},
+ {Value: Number("50")},
+ {Value: Number("51")},
+ {Value: Number("52")},
+ {Value: Number("53")},
+ {Value: Number("54")},
+ {Value: Number("55")},
+ {Value: Number("56")},
+ {Value: Number("57")},
+ {Value: Number("58")},
+ {Value: Number("59")},
+ {Value: Number("60")},
+ {Value: Number("61")},
+ {Value: Number("62")},
+ {Value: Number("63")},
+ {Value: Number("64")},
+ {Value: Number("65")},
+ {Value: Number("66")},
+ {Value: Number("67")},
+ {Value: Number("68")},
+ {Value: Number("69")},
+ {Value: Number("70")},
+ {Value: Number("71")},
+ {Value: Number("72")},
+ {Value: Number("73")},
+ {Value: Number("74")},
+ {Value: Number("75")},
+ {Value: Number("76")},
+ {Value: Number("77")},
+ {Value: Number("78")},
+ {Value: Number("79")},
+ {Value: Number("80")},
+ {Value: Number("81")},
+ {Value: Number("82")},
+ {Value: Number("83")},
+ {Value: Number("84")},
+ {Value: Number("85")},
+ {Value: Number("86")},
+ {Value: Number("87")},
+ {Value: Number("88")},
+ {Value: Number("89")},
+ {Value: Number("90")},
+ {Value: Number("91")},
+ {Value: Number("92")},
+ {Value: Number("93")},
+ {Value: Number("94")},
+ {Value: Number("95")},
+ {Value: Number("96")},
+ {Value: Number("97")},
+ {Value: Number("98")},
+ {Value: Number("99")},
+ {Value: Number("100")},
+ {Value: Number("101")},
+ {Value: Number("102")},
+ {Value: Number("103")},
+ {Value: Number("104")},
+ {Value: Number("105")},
+ {Value: Number("106")},
+ {Value: Number("107")},
+ {Value: Number("108")},
+ {Value: Number("109")},
+ {Value: Number("110")},
+ {Value: Number("111")},
+ {Value: Number("112")},
+ {Value: Number("113")},
+ {Value: Number("114")},
+ {Value: Number("115")},
+ {Value: Number("116")},
+ {Value: Number("117")},
+ {Value: Number("118")},
+ {Value: Number("119")},
+ {Value: Number("120")},
+ {Value: Number("121")},
+ {Value: Number("122")},
+ {Value: Number("123")},
+ {Value: Number("124")},
+ {Value: Number("125")},
+ {Value: Number("126")},
+ {Value: Number("127")},
+ {Value: Number("128")},
+ {Value: Number("129")},
+ {Value: Number("130")},
+ {Value: Number("131")},
+ {Value: Number("132")},
+ {Value: Number("133")},
+ {Value: Number("134")},
+ {Value: Number("135")},
+ {Value: Number("136")},
+ {Value: Number("137")},
+ {Value: Number("138")},
+ {Value: Number("139")},
+ {Value: Number("140")},
+ {Value: Number("141")},
+ {Value: Number("142")},
+ {Value: Number("143")},
+ {Value: Number("144")},
+ {Value: Number("145")},
+ {Value: Number("146")},
+ {Value: Number("147")},
+ {Value: Number("148")},
+ {Value: Number("149")},
+ {Value: Number("150")},
+ {Value: Number("151")},
+ {Value: Number("152")},
+ {Value: Number("153")},
+ {Value: Number("154")},
+ {Value: Number("155")},
+ {Value: Number("156")},
+ {Value: Number("157")},
+ {Value: Number("158")},
+ {Value: Number("159")},
+ {Value: Number("160")},
+ {Value: Number("161")},
+ {Value: Number("162")},
+ {Value: Number("163")},
+ {Value: Number("164")},
+ {Value: Number("165")},
+ {Value: Number("166")},
+ {Value: Number("167")},
+ {Value: Number("168")},
+ {Value: Number("169")},
+ {Value: Number("170")},
+ {Value: Number("171")},
+ {Value: Number("172")},
+ {Value: Number("173")},
+ {Value: Number("174")},
+ {Value: Number("175")},
+ {Value: Number("176")},
+ {Value: Number("177")},
+ {Value: Number("178")},
+ {Value: Number("179")},
+ {Value: Number("180")},
+ {Value: Number("181")},
+ {Value: Number("182")},
+ {Value: Number("183")},
+ {Value: Number("184")},
+ {Value: Number("185")},
+ {Value: Number("186")},
+ {Value: Number("187")},
+ {Value: Number("188")},
+ {Value: Number("189")},
+ {Value: Number("190")},
+ {Value: Number("191")},
+ {Value: Number("192")},
+ {Value: Number("193")},
+ {Value: Number("194")},
+ {Value: Number("195")},
+ {Value: Number("196")},
+ {Value: Number("197")},
+ {Value: Number("198")},
+ {Value: Number("199")},
+ {Value: Number("200")},
+ {Value: Number("201")},
+ {Value: Number("202")},
+ {Value: Number("203")},
+ {Value: Number("204")},
+ {Value: Number("205")},
+ {Value: Number("206")},
+ {Value: Number("207")},
+ {Value: Number("208")},
+ {Value: Number("209")},
+ {Value: Number("210")},
+ {Value: Number("211")},
+ {Value: Number("212")},
+ {Value: Number("213")},
+ {Value: Number("214")},
+ {Value: Number("215")},
+ {Value: Number("216")},
+ {Value: Number("217")},
+ {Value: Number("218")},
+ {Value: Number("219")},
+ {Value: Number("220")},
+ {Value: Number("221")},
+ {Value: Number("222")},
+ {Value: Number("223")},
+ {Value: Number("224")},
+ {Value: Number("225")},
+ {Value: Number("226")},
+ {Value: Number("227")},
+ {Value: Number("228")},
+ {Value: Number("229")},
+ {Value: Number("230")},
+ {Value: Number("231")},
+ {Value: Number("232")},
+ {Value: Number("233")},
+ {Value: Number("234")},
+ {Value: Number("235")},
+ {Value: Number("236")},
+ {Value: Number("237")},
+ {Value: Number("238")},
+ {Value: Number("239")},
+ {Value: Number("240")},
+ {Value: Number("241")},
+ {Value: Number("242")},
+ {Value: Number("243")},
+ {Value: Number("244")},
+ {Value: Number("245")},
+ {Value: Number("246")},
+ {Value: Number("247")},
+ {Value: Number("248")},
+ {Value: Number("249")},
+ {Value: Number("250")},
+ {Value: Number("251")},
+ {Value: Number("252")},
+ {Value: Number("253")},
+ {Value: Number("254")},
+ {Value: Number("255")},
+ {Value: Number("256")},
+ {Value: Number("257")},
+ {Value: Number("258")},
+ {Value: Number("259")},
+ {Value: Number("260")},
+ {Value: Number("261")},
+ {Value: Number("262")},
+ {Value: Number("263")},
+ {Value: Number("264")},
+ {Value: Number("265")},
+ {Value: Number("266")},
+ {Value: Number("267")},
+ {Value: Number("268")},
+ {Value: Number("269")},
+ {Value: Number("270")},
+ {Value: Number("271")},
+ {Value: Number("272")},
+ {Value: Number("273")},
+ {Value: Number("274")},
+ {Value: Number("275")},
+ {Value: Number("276")},
+ {Value: Number("277")},
+ {Value: Number("278")},
+ {Value: Number("279")},
+ {Value: Number("280")},
+ {Value: Number("281")},
+ {Value: Number("282")},
+ {Value: Number("283")},
+ {Value: Number("284")},
+ {Value: Number("285")},
+ {Value: Number("286")},
+ {Value: Number("287")},
+ {Value: Number("288")},
+ {Value: Number("289")},
+ {Value: Number("290")},
+ {Value: Number("291")},
+ {Value: Number("292")},
+ {Value: Number("293")},
+ {Value: Number("294")},
+ {Value: Number("295")},
+ {Value: Number("296")},
+ {Value: Number("297")},
+ {Value: Number("298")},
+ {Value: Number("299")},
+ {Value: Number("300")},
+ {Value: Number("301")},
+ {Value: Number("302")},
+ {Value: Number("303")},
+ {Value: Number("304")},
+ {Value: Number("305")},
+ {Value: Number("306")},
+ {Value: Number("307")},
+ {Value: Number("308")},
+ {Value: Number("309")},
+ {Value: Number("310")},
+ {Value: Number("311")},
+ {Value: Number("312")},
+ {Value: Number("313")},
+ {Value: Number("314")},
+ {Value: Number("315")},
+ {Value: Number("316")},
+ {Value: Number("317")},
+ {Value: Number("318")},
+ {Value: Number("319")},
+ {Value: Number("320")},
+ {Value: Number("321")},
+ {Value: Number("322")},
+ {Value: Number("323")},
+ {Value: Number("324")},
+ {Value: Number("325")},
+ {Value: Number("326")},
+ {Value: Number("327")},
+ {Value: Number("328")},
+ {Value: Number("329")},
+ {Value: Number("330")},
+ {Value: Number("331")},
+ {Value: Number("332")},
+ {Value: Number("333")},
+ {Value: Number("334")},
+ {Value: Number("335")},
+ {Value: Number("336")},
+ {Value: Number("337")},
+ {Value: Number("338")},
+ {Value: Number("339")},
+ {Value: Number("340")},
+ {Value: Number("341")},
+ {Value: Number("342")},
+ {Value: Number("343")},
+ {Value: Number("344")},
+ {Value: Number("345")},
+ {Value: Number("346")},
+ {Value: Number("347")},
+ {Value: Number("348")},
+ {Value: Number("349")},
+ {Value: Number("350")},
+ {Value: Number("351")},
+ {Value: Number("352")},
+ {Value: Number("353")},
+ {Value: Number("354")},
+ {Value: Number("355")},
+ {Value: Number("356")},
+ {Value: Number("357")},
+ {Value: Number("358")},
+ {Value: Number("359")},
+ {Value: Number("360")},
+ {Value: Number("361")},
+ {Value: Number("362")},
+ {Value: Number("363")},
+ {Value: Number("364")},
+ {Value: Number("365")},
+ {Value: Number("366")},
+ {Value: Number("367")},
+ {Value: Number("368")},
+ {Value: Number("369")},
+ {Value: Number("370")},
+ {Value: Number("371")},
+ {Value: Number("372")},
+ {Value: Number("373")},
+ {Value: Number("374")},
+ {Value: Number("375")},
+ {Value: Number("376")},
+ {Value: Number("377")},
+ {Value: Number("378")},
+ {Value: Number("379")},
+ {Value: Number("380")},
+ {Value: Number("381")},
+ {Value: Number("382")},
+ {Value: Number("383")},
+ {Value: Number("384")},
+ {Value: Number("385")},
+ {Value: Number("386")},
+ {Value: Number("387")},
+ {Value: Number("388")},
+ {Value: Number("389")},
+ {Value: Number("390")},
+ {Value: Number("391")},
+ {Value: Number("392")},
+ {Value: Number("393")},
+ {Value: Number("394")},
+ {Value: Number("395")},
+ {Value: Number("396")},
+ {Value: Number("397")},
+ {Value: Number("398")},
+ {Value: Number("399")},
+ {Value: Number("400")},
+ {Value: Number("401")},
+ {Value: Number("402")},
+ {Value: Number("403")},
+ {Value: Number("404")},
+ {Value: Number("405")},
+ {Value: Number("406")},
+ {Value: Number("407")},
+ {Value: Number("408")},
+ {Value: Number("409")},
+ {Value: Number("410")},
+ {Value: Number("411")},
+ {Value: Number("412")},
+ {Value: Number("413")},
+ {Value: Number("414")},
+ {Value: Number("415")},
+ {Value: Number("416")},
+ {Value: Number("417")},
+ {Value: Number("418")},
+ {Value: Number("419")},
+ {Value: Number("420")},
+ {Value: Number("421")},
+ {Value: Number("422")},
+ {Value: Number("423")},
+ {Value: Number("424")},
+ {Value: Number("425")},
+ {Value: Number("426")},
+ {Value: Number("427")},
+ {Value: Number("428")},
+ {Value: Number("429")},
+ {Value: Number("430")},
+ {Value: Number("431")},
+ {Value: Number("432")},
+ {Value: Number("433")},
+ {Value: Number("434")},
+ {Value: Number("435")},
+ {Value: Number("436")},
+ {Value: Number("437")},
+ {Value: Number("438")},
+ {Value: Number("439")},
+ {Value: Number("440")},
+ {Value: Number("441")},
+ {Value: Number("442")},
+ {Value: Number("443")},
+ {Value: Number("444")},
+ {Value: Number("445")},
+ {Value: Number("446")},
+ {Value: Number("447")},
+ {Value: Number("448")},
+ {Value: Number("449")},
+ {Value: Number("450")},
+ {Value: Number("451")},
+ {Value: Number("452")},
+ {Value: Number("453")},
+ {Value: Number("454")},
+ {Value: Number("455")},
+ {Value: Number("456")},
+ {Value: Number("457")},
+ {Value: Number("458")},
+ {Value: Number("459")},
+ {Value: Number("460")},
+ {Value: Number("461")},
+ {Value: Number("462")},
+ {Value: Number("463")},
+ {Value: Number("464")},
+ {Value: Number("465")},
+ {Value: Number("466")},
+ {Value: Number("467")},
+ {Value: Number("468")},
+ {Value: Number("469")},
+ {Value: Number("470")},
+ {Value: Number("471")},
+ {Value: Number("472")},
+ {Value: Number("473")},
+ {Value: Number("474")},
+ {Value: Number("475")},
+ {Value: Number("476")},
+ {Value: Number("477")},
+ {Value: Number("478")},
+ {Value: Number("479")},
+ {Value: Number("480")},
+ {Value: Number("481")},
+ {Value: Number("482")},
+ {Value: Number("483")},
+ {Value: Number("484")},
+ {Value: Number("485")},
+ {Value: Number("486")},
+ {Value: Number("487")},
+ {Value: Number("488")},
+ {Value: Number("489")},
+ {Value: Number("490")},
+ {Value: Number("491")},
+ {Value: Number("492")},
+ {Value: Number("493")},
+ {Value: Number("494")},
+ {Value: Number("495")},
+ {Value: Number("496")},
+ {Value: Number("497")},
+ {Value: Number("498")},
+ {Value: Number("499")},
+ {Value: Number("500")},
+ {Value: Number("501")},
+ {Value: Number("502")},
+ {Value: Number("503")},
+ {Value: Number("504")},
+ {Value: Number("505")},
+ {Value: Number("506")},
+ {Value: Number("507")},
+ {Value: Number("508")},
+ {Value: Number("509")},
+ {Value: Number("510")},
+ {Value: Number("511")},
+ {Value: Number("512")},
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/json/json.go b/vendor/github.com/open-policy-agent/opa/v1/ast/json/json.go
new file mode 100644
index 0000000000..9081fe7039
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/json/json.go
@@ -0,0 +1,106 @@
+// Copyright 2023 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// This package provides options for JSON marshalling of AST nodes, and location
+// data in particular. Since location data occupies a significant portion of the
+// AST when included, it is excluded by default. The options provided here allow
+// changing that behavior — either for all nodes or for specific types. Since
+// JSONMarshaller implementations have access only to the node being marshaled,
+// our options are to either attach these settings to *all* nodes in the AST, or
+// to provide them via global state. The former is perhaps a little more elegant,
+// and is what we went with initially. The cost of attaching these settings to
+// every node however turned out to be non-negligible, and given that the number
+// of users who have an interest in AST serialization are likely to be few, we
+// have since switched to using global state, as provided here. Note that this
+// is mostly to provide an equivalent feature to what we had before, should
+// anyone depend on that. Users who need fine-grained control over AST
+// serialization are recommended to use external libraries for that purpose,
+// such as `github.com/json-iterator/go`.
+package json
+
+import "sync"
+
+// Options defines the options for JSON operations,
+// currently only marshaling can be configured
+type Options struct {
+ MarshalOptions MarshalOptions
+}
+
+// MarshalOptions defines the options for JSON marshaling,
+// currently only toggling the marshaling of location information is supported
+type MarshalOptions struct {
+ // IncludeLocation toggles the marshaling of location information
+ IncludeLocation NodeToggle
+ // IncludeLocationText additionally/optionally includes the text of the location
+ IncludeLocationText bool
+ // ExcludeLocationFile additionally/optionally excludes the file of the location
+ // Note that this is inverted (i.e. not "include" as the default needs to remain false)
+ ExcludeLocationFile bool
+}
+
+// NodeToggle is a generic struct to allow the toggling of
+// settings for different ast node types
+type NodeToggle struct {
+ Term bool
+ Package bool
+ Comment bool
+ Import bool
+ Rule bool
+ Head bool
+ Expr bool
+ SomeDecl bool
+ Every bool
+ With bool
+ Annotations bool
+ AnnotationsRef bool
+}
+
+// configuredJSONOptions synchronizes access to the global JSON options
+type configuredJSONOptions struct {
+ options Options
+ lock sync.RWMutex
+}
+
+var options = &configuredJSONOptions{
+ options: Defaults(),
+}
+
+// SetOptions sets the global options for marshalling AST nodes to JSON
+func SetOptions(opts Options) {
+ options.lock.Lock()
+ defer options.lock.Unlock()
+ options.options = opts
+}
+
+// GetOptions returns (a copy of) the global options for marshalling AST nodes to JSON
+func GetOptions() Options {
+ options.lock.RLock()
+ defer options.lock.RUnlock()
+ return options.options
+}
+
+// Defaults returns the default JSON options, which is to exclude location
+// information in serialized JSON AST.
+func Defaults() Options {
+ return Options{
+ MarshalOptions: MarshalOptions{
+ IncludeLocation: NodeToggle{
+ Term: false,
+ Package: false,
+ Comment: false,
+ Import: false,
+ Rule: false,
+ Head: false,
+ Expr: false,
+ SomeDecl: false,
+ Every: false,
+ With: false,
+ Annotations: false,
+ AnnotationsRef: false,
+ },
+ IncludeLocationText: false,
+ ExcludeLocationFile: false,
+ },
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/location/location.go b/vendor/github.com/open-policy-agent/opa/v1/ast/location/location.go
similarity index 85%
rename from vendor/github.com/open-policy-agent/opa/ast/location/location.go
rename to vendor/github.com/open-policy-agent/opa/v1/ast/location/location.go
index 92226df3f0..6d1b16cdfc 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/location/location.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/location/location.go
@@ -7,7 +7,7 @@ import (
"errors"
"fmt"
- astJSON "github.com/open-policy-agent/opa/ast/json"
+ astJSON "github.com/open-policy-agent/opa/v1/ast/json"
)
// Location records a position in source code
@@ -18,9 +18,6 @@ type Location struct {
Col int `json:"col"` // The column in the row.
Offset int `json:"-"` // The byte offset for the location in the source.
- // JSONOptions specifies options for marshaling and unmarshalling of locations
- JSONOptions astJSON.Options
-
Tabs []int `json:"-"` // The column offsets of tabs in the source.
}
@@ -39,18 +36,18 @@ func (loc *Location) Equal(other *Location) bool {
// Errorf returns a new error value with a message formatted to include the location
// info (e.g., line, column, filename, etc.)
-func (loc *Location) Errorf(f string, a ...interface{}) error {
+func (loc *Location) Errorf(f string, a ...any) error {
return errors.New(loc.Format(f, a...))
}
// Wrapf returns a new error value that wraps an existing error with a message formatted
// to include the location info (e.g., line, column, filename, etc.)
-func (loc *Location) Wrapf(err error, f string, a ...interface{}) error {
+func (loc *Location) Wrapf(err error, f string, a ...any) error {
return fmt.Errorf(loc.Format(f, a...)+": %w", err)
}
// Format returns a formatted string prefixed with the location information.
-func (loc *Location) Format(f string, a ...interface{}) string {
+func (loc *Location) Format(f string, a ...any) string {
if len(loc.File) > 0 {
f = fmt.Sprintf("%v:%v: %v", loc.File, loc.Row, f)
} else {
@@ -98,7 +95,8 @@ func (loc *Location) Compare(other *Location) int {
func (loc *Location) MarshalJSON() ([]byte, error) {
// structs are used here to preserve the field ordering of the original Location struct
- if loc.JSONOptions.MarshalOptions.ExcludeLocationFile {
+ jsonOptions := astJSON.GetOptions().MarshalOptions
+ if jsonOptions.ExcludeLocationFile {
data := struct {
Row int `json:"row"`
Col int `json:"col"`
@@ -108,7 +106,7 @@ func (loc *Location) MarshalJSON() ([]byte, error) {
Col: loc.Col,
}
- if loc.JSONOptions.MarshalOptions.IncludeLocationText {
+ if jsonOptions.IncludeLocationText {
data.Text = loc.Text
}
@@ -126,7 +124,7 @@ func (loc *Location) MarshalJSON() ([]byte, error) {
File: loc.File,
}
- if loc.JSONOptions.MarshalOptions.IncludeLocationText {
+ if jsonOptions.IncludeLocationText {
data.Text = loc.Text
}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/map.go b/vendor/github.com/open-policy-agent/opa/v1/ast/map.go
new file mode 100644
index 0000000000..31cad4d611
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/map.go
@@ -0,0 +1,108 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "encoding/json"
+
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// ValueMap represents a key/value map between AST term values. Any type of term
+// can be used as a key in the map.
+type ValueMap struct {
+ hashMap *util.TypedHashMap[Value, Value]
+}
+
+// NewValueMap returns a new ValueMap.
+func NewValueMap() *ValueMap {
+ return &ValueMap{
+ hashMap: util.NewTypedHashMap(ValueEqual, ValueEqual, Value.Hash, Value.Hash, nil),
+ }
+}
+
+// MarshalJSON provides a custom marshaller for the ValueMap which
+// will include the key, value, and value type.
+func (vs *ValueMap) MarshalJSON() ([]byte, error) {
+ var tmp []map[string]any
+ vs.Iter(func(k Value, v Value) bool {
+ tmp = append(tmp, map[string]any{
+ "name": k.String(),
+ "type": ValueName(v),
+ "value": v,
+ })
+ return false
+ })
+ return json.Marshal(tmp)
+}
+
+// Equal returns true if this ValueMap equals the other.
+func (vs *ValueMap) Equal(other *ValueMap) bool {
+ if vs == nil {
+ return other == nil || other.Len() == 0
+ }
+ if other == nil {
+ return vs.Len() == 0
+ }
+ return vs.hashMap.Equal(other.hashMap)
+}
+
+// Len returns the number of elements in the map.
+func (vs *ValueMap) Len() int {
+ if vs == nil {
+ return 0
+ }
+ return vs.hashMap.Len()
+}
+
+// Get returns the value in the map for k.
+func (vs *ValueMap) Get(k Value) Value {
+ if vs != nil {
+ if v, ok := vs.hashMap.Get(k); ok {
+ return v
+ }
+ }
+ return nil
+}
+
+// Hash returns a hash code for this ValueMap.
+func (vs *ValueMap) Hash() int {
+ if vs == nil {
+ return 0
+ }
+ return vs.hashMap.Hash()
+}
+
+// Iter calls the iter function for each key/value pair in the map. If the iter
+// function returns true, iteration stops.
+func (vs *ValueMap) Iter(iter func(Value, Value) bool) bool {
+ if vs == nil {
+ return false
+ }
+ return vs.hashMap.Iter(iter)
+}
+
+// Put inserts a key k into the map with value v.
+func (vs *ValueMap) Put(k, v Value) {
+ if vs == nil {
+ panic("put on nil value map")
+ }
+ vs.hashMap.Put(k, v)
+}
+
+// Delete removes a key k from the map.
+func (vs *ValueMap) Delete(k Value) {
+ if vs == nil {
+ return
+ }
+ vs.hashMap.Delete(k)
+}
+
+func (vs *ValueMap) String() string {
+ if vs == nil {
+ return "{}"
+ }
+ return vs.hashMap.String()
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/parser.go b/vendor/github.com/open-policy-agent/opa/v1/ast/parser.go
new file mode 100644
index 0000000000..695c2333fd
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/parser.go
@@ -0,0 +1,2877 @@
+// Copyright 2020 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "maps"
+ "math/big"
+ "net/url"
+ "regexp"
+ "slices"
+ "sort"
+ "strconv"
+ "strings"
+ "unicode/utf8"
+
+ "gopkg.in/yaml.v3"
+
+ "github.com/open-policy-agent/opa/v1/ast/internal/scanner"
+ "github.com/open-policy-agent/opa/v1/ast/internal/tokens"
+ astJSON "github.com/open-policy-agent/opa/v1/ast/json"
+ "github.com/open-policy-agent/opa/v1/ast/location"
+)
+
+// DefaultMaxParsingRecursionDepth is the default maximum recursion
+// depth for the parser
+const DefaultMaxParsingRecursionDepth = 100000
+
+// ErrMaxParsingRecursionDepthExceeded is returned when the parser
+// recursion exceeds the maximum allowed depth
+var ErrMaxParsingRecursionDepthExceeded = errors.New("max parsing recursion depth exceeded")
+
+var RegoV1CompatibleRef = Ref{VarTerm("rego"), InternedStringTerm("v1")}
+
+// RegoVersion defines the Rego syntax requirements for a module.
+type RegoVersion int
+
+const DefaultRegoVersion = RegoV1
+
+const (
+ RegoUndefined RegoVersion = iota
+ // RegoV0 is the default, original Rego syntax.
+ RegoV0
+ // RegoV0CompatV1 requires modules to comply with both the RegoV0 and RegoV1 syntax (as when 'rego.v1' is imported in a module).
+ // Shortly, RegoV1 compatibility is required, but 'rego.v1' or 'future.keywords' must also be imported.
+ RegoV0CompatV1
+ // RegoV1 is the Rego syntax enforced by OPA 1.0; e.g.:
+ // future.keywords part of default keyword set, and don't require imports;
+ // 'if' and 'contains' required in rule heads;
+ // (some) strict checks on by default.
+ RegoV1
+)
+
+func (v RegoVersion) Int() int {
+ if v == RegoV1 {
+ return 1
+ }
+ return 0
+}
+
+func (v RegoVersion) String() string {
+ switch v {
+ case RegoV0:
+ return "v0"
+ case RegoV1:
+ return "v1"
+ case RegoV0CompatV1:
+ return "v0v1"
+ default:
+ return "unknown"
+ }
+}
+
+func RegoVersionFromInt(i int) RegoVersion {
+ if i == 1 {
+ return RegoV1
+ }
+ return RegoV0
+}
+
+// Note: This state is kept isolated from the parser so that we
+// can do efficient shallow copies of these values when doing a
+// save() and restore().
+type state struct {
+ s *scanner.Scanner
+ lastEnd int
+ skippedNL bool
+ tok tokens.Token
+ tokEnd int
+ lit string
+ loc Location
+ errors Errors
+ hints []string
+ comments []*Comment
+ wildcard int
+}
+
+func (s *state) String() string {
+ return fmt.Sprintf("", s.s, s.tok, s.lit, s.loc, len(s.errors), len(s.comments))
+}
+
+func (s *state) Loc() *location.Location {
+ cpy := s.loc
+ return &cpy
+}
+
+func (s *state) Text(offset, end int) []byte {
+ bs := s.s.Bytes()
+ if offset >= 0 && offset < len(bs) {
+ if end >= offset && end <= len(bs) {
+ return bs[offset:end]
+ }
+ }
+ return nil
+}
+
+// Parser is used to parse Rego statements.
+type Parser struct {
+ r io.Reader
+ s *state
+ po ParserOptions
+ cache parsedTermCache
+ recursionDepth int
+ maxRecursionDepth int
+}
+
+type parsedTermCacheItem struct {
+ t *Term
+ post *state // post is the post-state that's restored on a cache-hit
+ offset int
+ next *parsedTermCacheItem
+}
+
+type parsedTermCache struct {
+ m *parsedTermCacheItem
+}
+
+func (c parsedTermCache) String() string {
+ s := strings.Builder{}
+ s.WriteRune('{')
+ var e *parsedTermCacheItem
+ for e = c.m; e != nil; e = e.next {
+ s.WriteString(e.String())
+ }
+ s.WriteRune('}')
+ return s.String()
+}
+
+func (e *parsedTermCacheItem) String() string {
+ return fmt.Sprintf("<%d:%v>", e.offset, e.t)
+}
+
+// ParserOptions defines the options for parsing Rego statements.
+type ParserOptions struct {
+ Capabilities *Capabilities
+ ProcessAnnotation bool
+ AllFutureKeywords bool
+ FutureKeywords []string
+ SkipRules bool
+ // RegoVersion is the version of Rego to parse for.
+ RegoVersion RegoVersion
+ unreleasedKeywords bool // TODO(sr): cleanup
+}
+
+// EffectiveRegoVersion returns the effective RegoVersion to use for parsing.
+func (po *ParserOptions) EffectiveRegoVersion() RegoVersion {
+ if po.RegoVersion == RegoUndefined {
+ return DefaultRegoVersion
+ }
+ return po.RegoVersion
+}
+
+// NewParser creates and initializes a Parser.
+func NewParser() *Parser {
+ p := &Parser{
+ s: &state{},
+ po: ParserOptions{},
+ maxRecursionDepth: DefaultMaxParsingRecursionDepth,
+ }
+ return p
+}
+
+// WithMaxRecursionDepth sets the maximum recursion depth for the parser.
+func (p *Parser) WithMaxRecursionDepth(depth int) *Parser {
+ p.maxRecursionDepth = depth
+ return p
+}
+
+// WithFilename provides the filename for Location details
+// on parsed statements.
+func (p *Parser) WithFilename(filename string) *Parser {
+ p.s.loc.File = filename
+ return p
+}
+
+// WithReader provides the io.Reader that the parser will
+// use as its source.
+func (p *Parser) WithReader(r io.Reader) *Parser {
+ p.r = r
+ return p
+}
+
+// WithProcessAnnotation enables or disables the processing of
+// annotations by the Parser
+func (p *Parser) WithProcessAnnotation(processAnnotation bool) *Parser {
+ p.po.ProcessAnnotation = processAnnotation
+ return p
+}
+
+// WithFutureKeywords enables "future" keywords, i.e., keywords that can
+// be imported via
+//
+// import future.keywords.kw
+// import future.keywords.other
+//
+// but in a more direct way. The equivalent of this import would be
+//
+// WithFutureKeywords("kw", "other")
+func (p *Parser) WithFutureKeywords(kws ...string) *Parser {
+ p.po.FutureKeywords = kws
+ return p
+}
+
+// WithAllFutureKeywords enables all "future" keywords, i.e., the
+// ParserOption equivalent of
+//
+// import future.keywords
+func (p *Parser) WithAllFutureKeywords(yes bool) *Parser {
+ p.po.AllFutureKeywords = yes
+ return p
+}
+
+// withUnreleasedKeywords allows using keywords that haven't surfaced
+// as future keywords (see above) yet, but have tests that require
+// them to be parsed
+func (p *Parser) withUnreleasedKeywords(yes bool) *Parser {
+ p.po.unreleasedKeywords = yes
+ return p
+}
+
+// WithCapabilities sets the capabilities structure on the parser.
+func (p *Parser) WithCapabilities(c *Capabilities) *Parser {
+ p.po.Capabilities = c
+ return p
+}
+
+// WithSkipRules instructs the parser not to attempt to parse Rule statements.
+func (p *Parser) WithSkipRules(skip bool) *Parser {
+ p.po.SkipRules = skip
+ return p
+}
+
+// WithJSONOptions sets the JSON options on the parser (now a no-op).
+//
+// Deprecated: Use SetOptions in the json package instead, where a longer description
+// of why this is deprecated also can be found.
+func (p *Parser) WithJSONOptions(_ *astJSON.Options) *Parser {
+ return p
+}
+
+func (p *Parser) WithRegoVersion(version RegoVersion) *Parser {
+ p.po.RegoVersion = version
+ return p
+}
+
+func (p *Parser) parsedTermCacheLookup() (*Term, *state) {
+ l := p.s.loc.Offset
+ // stop comparing once the cached offsets are lower than l
+ for h := p.cache.m; h != nil && h.offset >= l; h = h.next {
+ if h.offset == l {
+ return h.t, h.post
+ }
+ }
+ return nil, nil
+}
+
+func (p *Parser) parsedTermCachePush(t *Term, s0 *state) {
+ s1 := p.save()
+ o0 := s0.loc.Offset
+ entry := parsedTermCacheItem{t: t, post: s1, offset: o0}
+
+ // find the first one whose offset is smaller than ours
+ var e *parsedTermCacheItem
+ for e = p.cache.m; e != nil; e = e.next {
+ if e.offset < o0 {
+ break
+ }
+ }
+ entry.next = e
+ p.cache.m = &entry
+}
+
+// futureParser returns a shallow copy of `p` with an empty
+// cache, and a scanner that knows all future keywords.
+// It's used to present hints in errors, when statements would
+// only parse successfully if some future keyword is enabled.
+func (p *Parser) futureParser() *Parser {
+ q := *p
+ q.s = p.save()
+ q.s.s = p.s.s.WithKeywords(allFutureKeywords)
+ q.cache = parsedTermCache{}
+ return &q
+}
+
+// presentParser returns a shallow copy of `p` with an empty
+// cache, and a scanner that knows none of the future keywords.
+// It is used to successfully parse keyword imports, like
+//
+// import future.keywords.in
+//
+// even when the parser has already been informed about the
+// future keyword "in". This parser won't error out because
+// "in" is an identifier.
+func (p *Parser) presentParser() (*Parser, map[string]tokens.Token) {
+ var cpy map[string]tokens.Token
+ q := *p
+ q.s = p.save()
+ q.s.s, cpy = p.s.s.WithoutKeywords(allFutureKeywords)
+ q.cache = parsedTermCache{}
+ return &q, cpy
+}
+
+// Parse will read the Rego source and parse statements and
+// comments as they are found. Any errors encountered while
+// parsing will be accumulated and returned as a list of Errors.
+func (p *Parser) Parse() ([]Statement, []*Comment, Errors) {
+
+ if p.po.Capabilities == nil {
+ p.po.Capabilities = CapabilitiesForThisVersion(CapabilitiesRegoVersion(p.po.RegoVersion))
+ }
+
+ allowedFutureKeywords := map[string]tokens.Token{}
+
+ if p.po.EffectiveRegoVersion() == RegoV1 {
+ if !p.po.Capabilities.ContainsFeature(FeatureRegoV1) {
+ return nil, nil, Errors{
+ &Error{
+ Code: ParseErr,
+ Message: "illegal capabilities: rego_v1 feature required for parsing v1 Rego",
+ Location: nil,
+ },
+ }
+ }
+
+ // rego-v1 includes all v0 future keywords in the default language definition
+ maps.Copy(allowedFutureKeywords, futureKeywordsV0)
+
+ for _, kw := range p.po.Capabilities.FutureKeywords {
+ if tok, ok := futureKeywords[kw]; ok {
+ allowedFutureKeywords[kw] = tok
+ } else {
+ // For sake of error reporting, we still need to check that keywords in capabilities are known in v0
+ if _, ok := futureKeywordsV0[kw]; !ok {
+ return nil, nil, Errors{
+ &Error{
+ Code: ParseErr,
+ Message: fmt.Sprintf("illegal capabilities: unknown keyword: %v", kw),
+ Location: nil,
+ },
+ }
+ }
+ }
+ }
+
+ // Check that explicitly requested future keywords are known.
+ for _, kw := range p.po.FutureKeywords {
+ if _, ok := allowedFutureKeywords[kw]; !ok {
+ return nil, nil, Errors{
+ &Error{
+ Code: ParseErr,
+ Message: fmt.Sprintf("unknown future keyword: %v", kw),
+ Location: nil,
+ },
+ }
+ }
+ }
+ } else {
+ for _, kw := range p.po.Capabilities.FutureKeywords {
+ var ok bool
+ allowedFutureKeywords[kw], ok = allFutureKeywords[kw]
+ if !ok {
+ return nil, nil, Errors{
+ &Error{
+ Code: ParseErr,
+ Message: fmt.Sprintf("illegal capabilities: unknown keyword: %v", kw),
+ Location: nil,
+ },
+ }
+ }
+ }
+
+ if p.po.Capabilities.ContainsFeature(FeatureRegoV1) {
+ // rego-v1 includes all v0 future keywords in the default language definition
+ maps.Copy(allowedFutureKeywords, futureKeywordsV0)
+ }
+ }
+
+ var err error
+ p.s.s, err = scanner.New(p.r)
+ if err != nil {
+ return nil, nil, Errors{
+ &Error{
+ Code: ParseErr,
+ Message: err.Error(),
+ Location: nil,
+ },
+ }
+ }
+
+ selected := map[string]tokens.Token{}
+ if p.po.AllFutureKeywords || p.po.EffectiveRegoVersion() == RegoV1 {
+ maps.Copy(selected, allowedFutureKeywords)
+ } else {
+ for _, kw := range p.po.FutureKeywords {
+ tok, ok := allowedFutureKeywords[kw]
+ if !ok {
+ return nil, nil, Errors{
+ &Error{
+ Code: ParseErr,
+ Message: fmt.Sprintf("unknown future keyword: %v", kw),
+ Location: nil,
+ },
+ }
+ }
+ selected[kw] = tok
+ }
+ }
+ p.s.s = p.s.s.WithKeywords(selected)
+
+ if p.po.EffectiveRegoVersion() == RegoV1 {
+ for kw, tok := range allowedFutureKeywords {
+ p.s.s.AddKeyword(kw, tok)
+ }
+ }
+
+ // read the first token to initialize the parser
+ p.scan()
+
+ var stmts []Statement
+
+ // Read from the scanner until the last token is reached or no statements
+ // can be parsed. Attempt to parse package statements, import statements,
+ // rule statements, and then body/query statements (in that order). If a
+ // statement cannot be parsed, restore the parser state before trying the
+ // next type of statement. If a statement can be parsed, continue from that
+ // point trying to parse packages, imports, etc. in the same order.
+ for p.s.tok != tokens.EOF {
+
+ s := p.save()
+
+ if pkg := p.parsePackage(); pkg != nil {
+ stmts = append(stmts, pkg)
+ continue
+ } else if len(p.s.errors) > 0 {
+ break
+ }
+
+ p.restore(s)
+ s = p.save()
+
+ if imp := p.parseImport(); imp != nil {
+ if RegoRootDocument.Equal(imp.Path.Value.(Ref)[0]) {
+ p.regoV1Import(imp)
+ }
+
+ if FutureRootDocument.Equal(imp.Path.Value.(Ref)[0]) {
+ p.futureImport(imp, allowedFutureKeywords)
+ }
+
+ stmts = append(stmts, imp)
+ continue
+ } else if len(p.s.errors) > 0 {
+ break
+ }
+
+ p.restore(s)
+
+ if !p.po.SkipRules {
+ s = p.save()
+
+ if rules := p.parseRules(); rules != nil {
+ for i := range rules {
+ stmts = append(stmts, rules[i])
+ }
+ continue
+ } else if len(p.s.errors) > 0 {
+ break
+ }
+
+ p.restore(s)
+ }
+
+ if body := p.parseQuery(true, tokens.EOF); body != nil {
+ stmts = append(stmts, body)
+ continue
+ }
+
+ break
+ }
+
+ if p.po.ProcessAnnotation {
+ stmts = p.parseAnnotations(stmts)
+ }
+
+ return stmts, p.s.comments, p.s.errors
+}
+
+func (p *Parser) parseAnnotations(stmts []Statement) []Statement {
+
+ annotStmts, errs := parseAnnotations(p.s.comments)
+ for _, err := range errs {
+ p.error(err.Location, err.Message)
+ }
+
+ for _, annotStmt := range annotStmts {
+ stmts = append(stmts, annotStmt)
+ }
+
+ return stmts
+}
+
+func parseAnnotations(comments []*Comment) ([]*Annotations, Errors) {
+
+ var hint = []byte("METADATA")
+ var curr *metadataParser
+ var blocks []*metadataParser
+
+ for i := range comments {
+ if curr != nil {
+ if comments[i].Location.Row == comments[i-1].Location.Row+1 && comments[i].Location.Col == 1 {
+ curr.Append(comments[i])
+ continue
+ }
+ curr = nil
+ }
+ if bytes.HasPrefix(bytes.TrimSpace(comments[i].Text), hint) {
+ curr = newMetadataParser(comments[i].Location)
+ blocks = append(blocks, curr)
+ }
+ }
+
+ var stmts []*Annotations
+ var errs Errors
+ for _, b := range blocks {
+ a, err := b.Parse()
+ if err != nil {
+ errs = append(errs, &Error{
+ Code: ParseErr,
+ Message: err.Error(),
+ Location: b.loc,
+ })
+ } else {
+ stmts = append(stmts, a)
+ }
+ }
+
+ return stmts, errs
+}
+
+func (p *Parser) parsePackage() *Package {
+
+ var pkg Package
+ pkg.SetLoc(p.s.Loc())
+
+ if p.s.tok != tokens.Package {
+ return nil
+ }
+
+ p.scan()
+ if p.s.tok != tokens.Ident {
+ p.illegalToken()
+ return nil
+ }
+
+ term := p.parseTerm()
+
+ if term != nil {
+ switch v := term.Value.(type) {
+ case Var:
+ pkg.Path = Ref{
+ DefaultRootDocument.Copy().SetLocation(term.Location),
+ StringTerm(string(v)).SetLocation(term.Location),
+ }
+ case Ref:
+ pkg.Path = make(Ref, len(v)+1)
+ pkg.Path[0] = DefaultRootDocument.Copy().SetLocation(v[0].Location)
+ first, ok := v[0].Value.(Var)
+ if !ok {
+ p.errorf(v[0].Location, "unexpected %v token: expecting var", ValueName(v[0].Value))
+ return nil
+ }
+ pkg.Path[1] = StringTerm(string(first)).SetLocation(v[0].Location)
+ for i := 2; i < len(pkg.Path); i++ {
+ switch v[i-1].Value.(type) {
+ case String:
+ pkg.Path[i] = v[i-1]
+ default:
+ p.errorf(v[i-1].Location, "unexpected %v token: expecting string", ValueName(v[i-1].Value))
+ return nil
+ }
+ }
+ default:
+ p.illegalToken()
+ return nil
+ }
+ }
+
+ if pkg.Path == nil {
+ if len(p.s.errors) == 0 {
+ p.error(p.s.Loc(), "expected path")
+ }
+ return nil
+ }
+
+ return &pkg
+}
+
+func (p *Parser) parseImport() *Import {
+
+ var imp Import
+ imp.SetLoc(p.s.Loc())
+
+ if p.s.tok != tokens.Import {
+ return nil
+ }
+
+ p.scan()
+ if p.s.tok != tokens.Ident {
+ p.error(p.s.Loc(), "expected ident")
+ return nil
+ }
+ q, prev := p.presentParser()
+ term := q.parseTerm()
+ if term != nil {
+ switch v := term.Value.(type) {
+ case Var:
+ imp.Path = RefTerm(term).SetLocation(term.Location)
+ case Ref:
+ for i := 1; i < len(v); i++ {
+ if _, ok := v[i].Value.(String); !ok {
+ p.errorf(v[i].Location, "unexpected %v token: expecting string", ValueName(v[i].Value))
+ return nil
+ }
+ }
+ imp.Path = term
+ }
+ }
+ // keep advanced parser state, reset known keywords
+ p.s = q.s
+ p.s.s = q.s.s.WithKeywords(prev)
+
+ if imp.Path == nil {
+ p.error(p.s.Loc(), "expected path")
+ return nil
+ }
+
+ path := imp.Path.Value.(Ref)
+
+ switch {
+ case RootDocumentNames.Contains(path[0]):
+ case FutureRootDocument.Equal(path[0]):
+ case RegoRootDocument.Equal(path[0]):
+ default:
+ p.hint("if this is unexpected, try updating OPA")
+ p.errorf(imp.Path.Location, "unexpected import path, must begin with one of: %v, got: %v",
+ RootDocumentNames.Union(NewSet(FutureRootDocument, RegoRootDocument)),
+ path[0])
+ return nil
+ }
+
+ if p.s.tok == tokens.As {
+ p.scan()
+
+ if p.s.tok != tokens.Ident {
+ p.illegal("expected var")
+ return nil
+ }
+
+ if alias := p.parseTerm(); alias != nil {
+ v, ok := alias.Value.(Var)
+ if ok {
+ imp.Alias = v
+ return &imp
+ }
+ }
+ p.illegal("expected var")
+ return nil
+ }
+
+ return &imp
+}
+
+func (p *Parser) parseRules() []*Rule {
+
+ var rule Rule
+ rule.SetLoc(p.s.Loc())
+
+ if p.s.tok == tokens.Default {
+ p.scan()
+ rule.Default = true
+ }
+
+ if p.s.tok != tokens.Ident {
+ return nil
+ }
+
+ usesContains := false
+ if rule.Head, usesContains = p.parseHead(rule.Default); rule.Head == nil {
+ return nil
+ }
+
+ if usesContains {
+ rule.Head.keywords = append(rule.Head.keywords, tokens.Contains)
+ }
+
+ if rule.Default {
+ if !p.validateDefaultRuleValue(&rule) {
+ return nil
+ }
+
+ if len(rule.Head.Args) > 0 {
+ if !p.validateDefaultRuleArgs(&rule) {
+ return nil
+ }
+ }
+
+ rule.Body = NewBody(NewExpr(BooleanTerm(true).SetLocation(rule.Location)).SetLocation(rule.Location))
+ return []*Rule{&rule}
+ }
+
+ // back-compat with `p[x] { ... }``
+ hasIf := p.s.tok == tokens.If
+
+ // p[x] if ... becomes a single-value rule p[x]
+ if hasIf && !usesContains && len(rule.Head.Ref()) == 2 {
+ v := rule.Head.Ref()[1]
+ _, isRef := v.Value.(Ref)
+ if (!v.IsGround() || isRef) && len(rule.Head.Args) == 0 {
+ rule.Head.Key = rule.Head.Ref()[1]
+ }
+
+ if rule.Head.Value == nil {
+ rule.Head.generatedValue = true
+ rule.Head.Value = BooleanTerm(true).SetLocation(rule.Head.Location)
+ } else {
+ // p[x] = y if becomes a single-value rule p[x] with value y, but needs name for compat
+ v, ok := rule.Head.Ref()[0].Value.(Var)
+ if !ok {
+ return nil
+ }
+ rule.Head.Name = v
+ }
+ }
+
+ // p[x] becomes a multi-value rule p
+ if !hasIf && !usesContains &&
+ len(rule.Head.Args) == 0 && // not a function
+ len(rule.Head.Ref()) == 2 { // ref like 'p[x]'
+ v, ok := rule.Head.Ref()[0].Value.(Var)
+ if !ok {
+ return nil
+ }
+ rule.Head.Name = v
+ rule.Head.Key = rule.Head.Ref()[1]
+ if rule.Head.Value == nil {
+ rule.Head.SetRef(rule.Head.Ref()[:len(rule.Head.Ref())-1])
+ }
+ }
+
+ switch {
+ case hasIf:
+ rule.Head.keywords = append(rule.Head.keywords, tokens.If)
+ p.scan()
+ s := p.save()
+ if expr := p.parseLiteral(); expr != nil {
+ // NOTE(sr): set literals are never false or undefined, so parsing this as
+ // p if { true }
+ // ^^^^^^^^ set of one element, `true`
+ // isn't valid.
+ isSetLiteral := false
+ if t, ok := expr.Terms.(*Term); ok {
+ _, isSetLiteral = t.Value.(Set)
+ }
+ // expr.Term is []*Term or Every
+ if !isSetLiteral {
+ rule.Body.Append(expr)
+ break
+ }
+ }
+
+ // parsing as literal didn't work out, expect '{ BODY }'
+ p.restore(s)
+ fallthrough
+
+ case p.s.tok == tokens.LBrace:
+ p.scan()
+ if rule.Body = p.parseBody(tokens.RBrace); rule.Body == nil {
+ return nil
+ }
+ p.scan()
+
+ case usesContains:
+ rule.Body = NewBody(NewExpr(BooleanTerm(true).SetLocation(rule.Location)).SetLocation(rule.Location))
+ rule.generatedBody = true
+ rule.Location = rule.Head.Location
+
+ return []*Rule{&rule}
+
+ default:
+ return nil
+ }
+
+ if p.s.tok == tokens.Else {
+ if r := rule.Head.Ref(); len(r) > 1 && !r.IsGround() {
+ p.error(p.s.Loc(), "else keyword cannot be used on rules with variables in head")
+ return nil
+ }
+ if rule.Head.Key != nil {
+ p.error(p.s.Loc(), "else keyword cannot be used on multi-value rules")
+ return nil
+ }
+
+ if rule.Else = p.parseElse(rule.Head); rule.Else == nil {
+ return nil
+ }
+ }
+
+ rule.Location.Text = p.s.Text(rule.Location.Offset, p.s.lastEnd)
+
+ rules := []*Rule{&rule}
+
+ for p.s.tok == tokens.LBrace {
+
+ if rule.Else != nil {
+ p.error(p.s.Loc(), "expected else keyword")
+ return nil
+ }
+
+ loc := p.s.Loc()
+
+ p.scan()
+ var next Rule
+
+ if next.Body = p.parseBody(tokens.RBrace); next.Body == nil {
+ return nil
+ }
+ p.scan()
+
+ loc.Text = p.s.Text(loc.Offset, p.s.lastEnd)
+ next.SetLoc(loc)
+
+ // Chained rule head's keep the original
+ // rule's head AST but have their location
+ // set to the rule body.
+ next.Head = rule.Head.Copy()
+ next.Head.keywords = rule.Head.keywords
+ for i := range next.Head.Args {
+ if v, ok := next.Head.Args[i].Value.(Var); ok && v.IsWildcard() {
+ next.Head.Args[i].Value = Var(p.genwildcard())
+ }
+ }
+ setLocRecursive(next.Head, loc)
+
+ rules = append(rules, &next)
+ }
+
+ return rules
+}
+
+func (p *Parser) parseElse(head *Head) *Rule {
+
+ var rule Rule
+ rule.SetLoc(p.s.Loc())
+
+ rule.Head = head.Copy()
+ rule.Head.generatedValue = false
+ for i := range rule.Head.Args {
+ if v, ok := rule.Head.Args[i].Value.(Var); ok && v.IsWildcard() {
+ rule.Head.Args[i].Value = Var(p.genwildcard())
+ }
+ }
+ rule.Head.SetLoc(p.s.Loc())
+
+ defer func() {
+ rule.Location.Text = p.s.Text(rule.Location.Offset, p.s.lastEnd)
+ }()
+
+ p.scan()
+
+ switch p.s.tok {
+ case tokens.LBrace, tokens.If: // no value, but a body follows directly
+ rule.Head.generatedValue = true
+ rule.Head.Value = BooleanTerm(true)
+ case tokens.Assign, tokens.Unify:
+ rule.Head.Assign = tokens.Assign == p.s.tok
+ p.scan()
+ rule.Head.Value = p.parseTermInfixCall()
+ if rule.Head.Value == nil {
+ return nil
+ }
+ rule.Head.Location.Text = p.s.Text(rule.Head.Location.Offset, p.s.lastEnd)
+ default:
+ p.illegal("expected else value term or rule body")
+ return nil
+ }
+
+ hasIf := p.s.tok == tokens.If
+ hasLBrace := p.s.tok == tokens.LBrace
+
+ if !hasIf && !hasLBrace {
+ rule.Body = NewBody(NewExpr(BooleanTerm(true)))
+ rule.generatedBody = true
+ setLocRecursive(rule.Body, rule.Location)
+ return &rule
+ }
+
+ if hasIf {
+ rule.Head.keywords = append(rule.Head.keywords, tokens.If)
+ p.scan()
+ }
+
+ if p.s.tok == tokens.LBrace {
+ p.scan()
+ if rule.Body = p.parseBody(tokens.RBrace); rule.Body == nil {
+ return nil
+ }
+ p.scan()
+ } else if p.s.tok != tokens.EOF {
+ expr := p.parseLiteral()
+ if expr == nil {
+ return nil
+ }
+ rule.Body.Append(expr)
+ setLocRecursive(rule.Body, rule.Location)
+ } else {
+ p.illegal("rule body expected")
+ return nil
+ }
+
+ if p.s.tok == tokens.Else {
+ if rule.Else = p.parseElse(head); rule.Else == nil {
+ return nil
+ }
+ }
+ return &rule
+}
+
+func (p *Parser) parseHead(defaultRule bool) (*Head, bool) {
+ head := &Head{}
+ loc := p.s.Loc()
+ defer func() {
+ if head != nil {
+ head.SetLoc(loc)
+ head.Location.Text = p.s.Text(head.Location.Offset, p.s.lastEnd)
+ }
+ }()
+
+ term := p.parseVar()
+ if term == nil {
+ return nil, false
+ }
+
+ ref := p.parseTermFinish(term, true)
+ if ref == nil {
+ p.illegal("expected rule head name")
+ return nil, false
+ }
+
+ switch x := ref.Value.(type) {
+ case Var:
+ // TODO
+ head = VarHead(x, ref.Location, nil)
+ case Ref:
+ head = RefHead(x)
+ case Call:
+ op, args := x[0], x[1:]
+ var ref Ref
+ switch y := op.Value.(type) {
+ case Var:
+ ref = Ref{op}
+ case Ref:
+ if _, ok := y[0].Value.(Var); !ok {
+ p.illegal("rule head ref %v invalid", y)
+ return nil, false
+ }
+ ref = y
+ }
+ head = RefHead(ref)
+ head.Args = slices.Clone[[]*Term](args)
+
+ default:
+ return nil, false
+ }
+
+ name := head.Ref().String()
+
+ switch p.s.tok {
+ case tokens.Contains: // NOTE: no Value for `contains` heads, we return here
+ // Catch error case of using 'contains' with a function definition rule head.
+ if head.Args != nil {
+ p.illegal("the contains keyword can only be used with multi-value rule definitions (e.g., %s contains { ... })", name)
+ }
+ p.scan()
+ head.Key = p.parseTermInfixCall()
+ if head.Key == nil {
+ p.illegal("expected rule key term (e.g., %s contains { ... })", name)
+ }
+ return head, true
+
+ case tokens.Unify:
+ p.scan()
+ head.Value = p.parseTermInfixCall()
+ if head.Value == nil {
+ // FIX HEAD.String()
+ p.illegal("expected rule value term (e.g., %s[%s] = { ... })", name, head.Key)
+ }
+ case tokens.Assign:
+ p.scan()
+ head.Assign = true
+ head.Value = p.parseTermInfixCall()
+ if head.Value == nil {
+ switch {
+ case len(head.Args) > 0:
+ p.illegal("expected function value term (e.g., %s(...) := { ... })", name)
+ case head.Key != nil:
+ p.illegal("expected partial rule value term (e.g., %s[...] := { ... })", name)
+ case defaultRule:
+ p.illegal("expected default rule value term (e.g., default %s := )", name)
+ default:
+ p.illegal("expected rule value term (e.g., %s := { ... })", name)
+ }
+ }
+ }
+
+ if head.Value == nil && head.Key == nil {
+ if len(head.Ref()) != 2 || len(head.Args) > 0 {
+ head.generatedValue = true
+ head.Value = BooleanTerm(true).SetLocation(head.Location)
+ }
+ }
+ return head, false
+}
+
+func (p *Parser) parseBody(end tokens.Token) Body {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+ return p.parseQuery(false, end)
+}
+
+func (p *Parser) parseQuery(requireSemi bool, end tokens.Token) Body {
+ body := Body{}
+
+ if p.s.tok == end {
+ p.error(p.s.Loc(), "found empty body")
+ return nil
+ }
+
+ for {
+ expr := p.parseLiteral()
+ if expr == nil {
+ return nil
+ }
+
+ body.Append(expr)
+
+ if p.s.tok == tokens.Semicolon {
+ p.scan()
+ continue
+ }
+
+ if p.s.tok == end || requireSemi {
+ return body
+ }
+
+ if !p.s.skippedNL {
+ // If there was already an error then don't pile this one on
+ if len(p.s.errors) == 0 {
+ p.illegal(`expected \n or %s or %s`, tokens.Semicolon, end)
+ }
+ return nil
+ }
+ }
+}
+
+func (p *Parser) parseLiteral() (expr *Expr) {
+
+ offset := p.s.loc.Offset
+ loc := p.s.Loc()
+
+ defer func() {
+ if expr != nil {
+ loc.Text = p.s.Text(offset, p.s.lastEnd)
+ expr.SetLoc(loc)
+ }
+ }()
+
+ var negated bool
+ if p.s.tok == tokens.Not {
+ p.scan()
+ negated = true
+ }
+
+ switch p.s.tok {
+ case tokens.Some:
+ if negated {
+ p.illegal("illegal negation of 'some'")
+ return nil
+ }
+ return p.parseSome()
+ case tokens.Every:
+ if negated {
+ p.illegal("illegal negation of 'every'")
+ return nil
+ }
+ return p.parseEvery()
+ default:
+ s := p.save()
+ expr := p.parseExpr()
+ if expr != nil {
+ expr.Negated = negated
+ if p.s.tok == tokens.With {
+ if expr.With = p.parseWith(); expr.With == nil {
+ return nil
+ }
+ }
+ // If we find a plain `every` identifier, attempt to parse an every expression,
+ // add hint if it succeeds.
+ if term, ok := expr.Terms.(*Term); ok && Var("every").Equal(term.Value) {
+ var hint bool
+ t := p.save()
+ p.restore(s)
+ if expr := p.futureParser().parseEvery(); expr != nil {
+ _, hint = expr.Terms.(*Every)
+ }
+ p.restore(t)
+ if hint {
+ p.hint("`import future.keywords.every` for `every x in xs { ... }` expressions")
+ }
+ }
+ return expr
+ }
+ return nil
+ }
+}
+
+func (p *Parser) parseWith() []*With {
+
+ withs := []*With{}
+
+ for {
+
+ with := With{
+ Location: p.s.Loc(),
+ }
+ p.scan()
+
+ if p.s.tok != tokens.Ident {
+ p.illegal("expected ident")
+ return nil
+ }
+
+ with.Target = p.parseTerm()
+ if with.Target == nil {
+ return nil
+ }
+
+ switch with.Target.Value.(type) {
+ case Ref, Var:
+ break
+ default:
+ p.illegal("expected with target path")
+ }
+
+ if p.s.tok != tokens.As {
+ p.illegal("expected as keyword")
+ return nil
+ }
+
+ p.scan()
+
+ if with.Value = p.parseTermInfixCall(); with.Value == nil {
+ return nil
+ }
+
+ with.Location.Text = p.s.Text(with.Location.Offset, p.s.lastEnd)
+
+ withs = append(withs, &with)
+
+ if p.s.tok != tokens.With {
+ break
+ }
+ }
+
+ return withs
+}
+
+func (p *Parser) parseSome() *Expr {
+
+ decl := &SomeDecl{}
+ decl.SetLoc(p.s.Loc())
+
+ // Attempt to parse "some x in xs", which will end up in
+ // SomeDecl{Symbols: ["member(x, xs)"]}
+ s := p.save()
+ p.scan()
+ if term := p.parseTermInfixCall(); term != nil {
+ if call, ok := term.Value.(Call); ok {
+ switch call[0].String() {
+ case Member.Name:
+ if len(call) != 3 {
+ p.illegal("illegal domain")
+ return nil
+ }
+ case MemberWithKey.Name:
+ if len(call) != 4 {
+ p.illegal("illegal domain")
+ return nil
+ }
+ default:
+ p.illegal("expected `x in xs` or `x, y in xs` expression")
+ return nil
+ }
+
+ decl.Symbols = []*Term{term}
+ expr := NewExpr(decl).SetLocation(decl.Location)
+ if p.s.tok == tokens.With {
+ if expr.With = p.parseWith(); expr.With == nil {
+ return nil
+ }
+ }
+ return expr
+ }
+ }
+
+ p.restore(s)
+ s = p.save() // new copy for later
+ var hint bool
+ p.scan()
+ if term := p.futureParser().parseTermInfixCall(); term != nil {
+ if call, ok := term.Value.(Call); ok {
+ switch call[0].String() {
+ case Member.Name, MemberWithKey.Name:
+ hint = true
+ }
+ }
+ }
+
+ // go on as before, it's `some x[...]` or illegal
+ p.restore(s)
+ if hint {
+ p.hint("`import future.keywords.in` for `some x in xs` expressions")
+ }
+
+ for { // collecting var args
+
+ p.scan()
+
+ if p.s.tok != tokens.Ident {
+ p.illegal("expected var")
+ return nil
+ }
+
+ decl.Symbols = append(decl.Symbols, p.parseVar())
+
+ p.scan()
+
+ if p.s.tok != tokens.Comma {
+ break
+ }
+ }
+
+ return NewExpr(decl).SetLocation(decl.Location)
+}
+
+func (p *Parser) parseEvery() *Expr {
+ qb := &Every{}
+ qb.SetLoc(p.s.Loc())
+
+ // TODO(sr): We'd get more accurate error messages if we didn't rely on
+ // parseTermInfixCall here, but parsed "var [, var] in term" manually.
+ p.scan()
+ term := p.parseTermInfixCall()
+ if term == nil {
+ return nil
+ }
+ call, ok := term.Value.(Call)
+ if !ok {
+ p.illegal("expected `x[, y] in xs { ... }` expression")
+ return nil
+ }
+ switch call[0].String() {
+ case Member.Name: // x in xs
+ if len(call) != 3 {
+ p.illegal("illegal domain")
+ return nil
+ }
+ qb.Value = call[1]
+ qb.Domain = call[2]
+ case MemberWithKey.Name: // k, v in xs
+ if len(call) != 4 {
+ p.illegal("illegal domain")
+ return nil
+ }
+ qb.Key = call[1]
+ qb.Value = call[2]
+ qb.Domain = call[3]
+ if _, ok := qb.Key.Value.(Var); !ok {
+ p.illegal("expected key to be a variable")
+ return nil
+ }
+ default:
+ p.illegal("expected `x[, y] in xs { ... }` expression")
+ return nil
+ }
+ if _, ok := qb.Value.Value.(Var); !ok {
+ p.illegal("expected value to be a variable")
+ return nil
+ }
+ if p.s.tok == tokens.LBrace { // every x in xs { ... }
+ p.scan()
+ body := p.parseBody(tokens.RBrace)
+ if body == nil {
+ return nil
+ }
+ p.scan()
+ qb.Body = body
+ expr := NewExpr(qb).SetLocation(qb.Location)
+
+ if p.s.tok == tokens.With {
+ if expr.With = p.parseWith(); expr.With == nil {
+ return nil
+ }
+ }
+ return expr
+ }
+
+ p.illegal("missing body")
+ return nil
+}
+
+func (p *Parser) parseExpr() *Expr {
+
+ lhs := p.parseTermInfixCall()
+ if lhs == nil {
+ return nil
+ }
+
+ if op := p.parseTermOp(tokens.Assign, tokens.Unify); op != nil {
+ if rhs := p.parseTermInfixCall(); rhs != nil {
+ return NewExpr([]*Term{op, lhs, rhs})
+ }
+ return nil
+ }
+
+ // NOTE(tsandall): the top-level call term is converted to an expr because
+ // the evaluator does not support the call term type (nested calls are
+ // rewritten by the compiler.)
+ if call, ok := lhs.Value.(Call); ok {
+ return NewExpr([]*Term(call))
+ }
+
+ return NewExpr(lhs)
+}
+
+// parseTermInfixCall consumes the next term from the input and returns it. If a
+// term cannot be parsed the return value is nil and error will be recorded. The
+// scanner will be advanced to the next token before returning.
+// By starting out with infix relations (==, !=, <, etc) and further calling the
+// other binary operators (|, &, arithmetics), it constitutes the binding
+// precedence.
+func (p *Parser) parseTermInfixCall() *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ return p.parseTermIn(nil, true, p.s.loc.Offset)
+}
+
+func (p *Parser) parseTermInfixCallInList() *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ return p.parseTermIn(nil, false, p.s.loc.Offset)
+}
+
+// use static references to avoid allocations, and
+// copy them to the call term only when needed
+var memberWithKeyRef = MemberWithKey.Ref()
+var memberRef = Member.Ref()
+
+func (p *Parser) parseTermIn(lhs *Term, keyVal bool, offset int) *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ // NOTE(sr): `in` is a bit special: besides `lhs in rhs`, it also
+ // supports `key, val in rhs`, so it can have an optional second lhs.
+ // `keyVal` triggers if we attempt to parse a second lhs argument (`mhs`).
+ if lhs == nil {
+ lhs = p.parseTermRelation(nil, offset)
+ }
+ if lhs != nil {
+ if keyVal && p.s.tok == tokens.Comma { // second "lhs", or "middle hand side"
+ s := p.save()
+ p.scan()
+ if mhs := p.parseTermRelation(nil, offset); mhs != nil {
+
+ if op := p.parseTermOpName(memberWithKeyRef, tokens.In); op != nil {
+ if rhs := p.parseTermRelation(nil, p.s.loc.Offset); rhs != nil {
+ call := p.setLoc(CallTerm(op, lhs, mhs, rhs), lhs.Location, offset, p.s.lastEnd)
+ switch p.s.tok {
+ case tokens.In:
+ return p.parseTermIn(call, keyVal, offset)
+ default:
+ return call
+ }
+ }
+ }
+ }
+ p.restore(s)
+ }
+ if op := p.parseTermOpName(memberRef, tokens.In); op != nil {
+ if rhs := p.parseTermRelation(nil, p.s.loc.Offset); rhs != nil {
+ call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
+ switch p.s.tok {
+ case tokens.In:
+ return p.parseTermIn(call, keyVal, offset)
+ default:
+ return call
+ }
+ }
+ }
+ }
+ return lhs
+}
+
+func (p *Parser) parseTermRelation(lhs *Term, offset int) *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ if lhs == nil {
+ lhs = p.parseTermOr(nil, offset)
+ }
+ if lhs != nil {
+ if op := p.parseTermOp(tokens.Equal, tokens.Neq, tokens.Lt, tokens.Gt, tokens.Lte, tokens.Gte); op != nil {
+ if rhs := p.parseTermOr(nil, p.s.loc.Offset); rhs != nil {
+ call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
+ switch p.s.tok {
+ case tokens.Equal, tokens.Neq, tokens.Lt, tokens.Gt, tokens.Lte, tokens.Gte:
+ return p.parseTermRelation(call, offset)
+ default:
+ return call
+ }
+ }
+ }
+ }
+ return lhs
+}
+
+func (p *Parser) parseTermOr(lhs *Term, offset int) *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ if lhs == nil {
+ lhs = p.parseTermAnd(nil, offset)
+ }
+ if lhs != nil {
+ if op := p.parseTermOp(tokens.Or); op != nil {
+ if rhs := p.parseTermAnd(nil, p.s.loc.Offset); rhs != nil {
+ call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
+ switch p.s.tok {
+ case tokens.Or:
+ return p.parseTermOr(call, offset)
+ default:
+ return call
+ }
+ }
+ }
+ return lhs
+ }
+ return nil
+}
+
+func (p *Parser) parseTermAnd(lhs *Term, offset int) *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ if lhs == nil {
+ lhs = p.parseTermArith(nil, offset)
+ }
+ if lhs != nil {
+ if op := p.parseTermOp(tokens.And); op != nil {
+ if rhs := p.parseTermArith(nil, p.s.loc.Offset); rhs != nil {
+ call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
+ switch p.s.tok {
+ case tokens.And:
+ return p.parseTermAnd(call, offset)
+ default:
+ return call
+ }
+ }
+ }
+ return lhs
+ }
+ return nil
+}
+
+func (p *Parser) parseTermArith(lhs *Term, offset int) *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ if lhs == nil {
+ lhs = p.parseTermFactor(nil, offset)
+ }
+ if lhs != nil {
+ if op := p.parseTermOp(tokens.Add, tokens.Sub); op != nil {
+ if rhs := p.parseTermFactor(nil, p.s.loc.Offset); rhs != nil {
+ call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
+ switch p.s.tok {
+ case tokens.Add, tokens.Sub:
+ return p.parseTermArith(call, offset)
+ default:
+ return call
+ }
+ }
+ }
+ }
+ return lhs
+}
+
+func (p *Parser) parseTermFactor(lhs *Term, offset int) *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ if lhs == nil {
+ lhs = p.parseTerm()
+ }
+ if lhs != nil {
+ if op := p.parseTermOp(tokens.Mul, tokens.Quo, tokens.Rem); op != nil {
+ if rhs := p.parseTerm(); rhs != nil {
+ call := p.setLoc(CallTerm(op, lhs, rhs), lhs.Location, offset, p.s.lastEnd)
+ switch p.s.tok {
+ case tokens.Mul, tokens.Quo, tokens.Rem:
+ return p.parseTermFactor(call, offset)
+ default:
+ return call
+ }
+ }
+ }
+ }
+ return lhs
+}
+
+func (p *Parser) parseTerm() *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ if term, s := p.parsedTermCacheLookup(); s != nil {
+ p.restore(s)
+ return term
+ }
+ s0 := p.save()
+
+ var term *Term
+ switch p.s.tok {
+ case tokens.Null:
+ term = NullTerm().SetLocation(p.s.Loc())
+ case tokens.True:
+ term = BooleanTerm(true).SetLocation(p.s.Loc())
+ case tokens.False:
+ term = BooleanTerm(false).SetLocation(p.s.Loc())
+ case tokens.Sub, tokens.Dot, tokens.Number:
+ term = p.parseNumber()
+ case tokens.String:
+ term = p.parseString()
+ case tokens.Ident, tokens.Contains: // NOTE(sr): contains anywhere BUT in rule heads gets no special treatment
+ term = p.parseVar()
+ case tokens.LBrack:
+ term = p.parseArray()
+ case tokens.LBrace:
+ term = p.parseSetOrObject()
+ case tokens.LParen:
+ offset := p.s.loc.Offset
+ p.scan()
+ if r := p.parseTermInfixCall(); r != nil {
+ if p.s.tok == tokens.RParen {
+ r.Location.Text = p.s.Text(offset, p.s.tokEnd)
+ term = r
+ } else {
+ p.error(p.s.Loc(), "non-terminated expression")
+ }
+ }
+ default:
+ p.illegalToken()
+ }
+
+ term = p.parseTermFinish(term, false)
+ p.parsedTermCachePush(term, s0)
+ return term
+}
+
+func (p *Parser) parseTermFinish(head *Term, skipws bool) *Term {
+ if head == nil {
+ return nil
+ }
+ offset := p.s.loc.Offset
+ p.doScan(skipws)
+
+ switch p.s.tok {
+ case tokens.LParen, tokens.Dot, tokens.LBrack:
+ return p.parseRef(head, offset)
+ case tokens.Whitespace:
+ p.scan()
+ fallthrough
+ default:
+ if _, ok := head.Value.(Var); ok && RootDocumentNames.Contains(head) {
+ return RefTerm(head).SetLocation(head.Location)
+ }
+ return head
+ }
+}
+
+func (p *Parser) parseNumber() *Term {
+ var prefix string
+ loc := p.s.Loc()
+ if p.s.tok == tokens.Sub {
+ prefix = "-"
+ p.scan()
+ switch p.s.tok {
+ case tokens.Number, tokens.Dot:
+ break
+ default:
+ p.illegal("expected number")
+ return nil
+ }
+ }
+ if p.s.tok == tokens.Dot {
+ prefix += "."
+ p.scan()
+ if p.s.tok != tokens.Number {
+ p.illegal("expected number")
+ return nil
+ }
+ }
+
+ // Check for multiple leading 0's, parsed by math/big.Float.Parse as decimal 0:
+ // https://golang.org/pkg/math/big/#Float.Parse
+ if ((len(prefix) != 0 && prefix[0] == '-') || len(prefix) == 0) &&
+ len(p.s.lit) > 1 && p.s.lit[0] == '0' && p.s.lit[1] == '0' {
+ p.illegal("expected number")
+ return nil
+ }
+
+ // Ensure that the number is valid
+ s := prefix + p.s.lit
+ f, ok := new(big.Float).SetString(s)
+ if !ok {
+ p.illegal("invalid float")
+ return nil
+ }
+
+ // Put limit on size of exponent to prevent non-linear cost of String()
+ // function on big.Float from causing denial of service: https://github.com/golang/go/issues/11068
+ //
+ // n == sign * mantissa * 2^exp
+ // 0.5 <= mantissa < 1.0
+ //
+ // The limit is arbitrary.
+ exp := f.MantExp(nil)
+ if exp > 1e5 || exp < -1e5 || f.IsInf() { // +/- inf, exp is 0
+ p.error(p.s.Loc(), "number too big")
+ return nil
+ }
+
+ // Note: Use the original string, do *not* round trip from
+ // the big.Float as it can cause precision loss.
+ return NumberTerm(json.Number(s)).SetLocation(loc)
+}
+
+func (p *Parser) parseString() *Term {
+ if p.s.lit[0] == '"' {
+ if p.s.lit == "\"\"" {
+ return NewTerm(InternedEmptyString.Value).SetLocation(p.s.Loc())
+ }
+
+ var s string
+ err := json.Unmarshal([]byte(p.s.lit), &s)
+ if err != nil {
+ p.errorf(p.s.Loc(), "illegal string literal: %s", p.s.lit)
+ return nil
+ }
+ term := StringTerm(s).SetLocation(p.s.Loc())
+ return term
+ }
+ return p.parseRawString()
+}
+
+func (p *Parser) parseRawString() *Term {
+ if len(p.s.lit) < 2 {
+ return nil
+ }
+ term := StringTerm(p.s.lit[1 : len(p.s.lit)-1]).SetLocation(p.s.Loc())
+ return term
+}
+
+// this is the name to use for instantiating an empty set, e.g., `set()`.
+var setConstructor = RefTerm(VarTerm("set"))
+
+func (p *Parser) parseCall(operator *Term, offset int) (term *Term) {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ loc := operator.Location
+ var end int
+
+ defer func() {
+ p.setLoc(term, loc, offset, end)
+ }()
+
+ p.scan() // steps over '('
+
+ if p.s.tok == tokens.RParen { // no args, i.e. set() or any.func()
+ end = p.s.tokEnd
+ p.scanWS()
+ if operator.Equal(setConstructor) {
+ return SetTerm()
+ }
+ return CallTerm(operator)
+ }
+
+ if r := p.parseTermList(tokens.RParen, []*Term{operator}); r != nil {
+ end = p.s.tokEnd
+ p.scanWS()
+ return CallTerm(r...)
+ }
+
+ return nil
+}
+
+func (p *Parser) parseRef(head *Term, offset int) (term *Term) {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ loc := head.Location
+ var end int
+
+ defer func() {
+ p.setLoc(term, loc, offset, end)
+ }()
+
+ switch h := head.Value.(type) {
+ case Var, *Array, Object, Set, *ArrayComprehension, *ObjectComprehension, *SetComprehension, Call:
+ // ok
+ default:
+ p.errorf(loc, "illegal ref (head cannot be %v)", ValueName(h))
+ }
+
+ ref := []*Term{head}
+
+ for {
+ switch p.s.tok {
+ case tokens.Dot:
+ p.scanWS()
+ if p.s.tok != tokens.Ident {
+ p.illegal("expected %v", tokens.Ident)
+ return nil
+ }
+ ref = append(ref, StringTerm(p.s.lit).SetLocation(p.s.Loc()))
+ p.scanWS()
+ case tokens.LParen:
+ term = p.parseCall(p.setLoc(RefTerm(ref...), loc, offset, p.s.loc.Offset), offset)
+ if term != nil {
+ switch p.s.tok {
+ case tokens.Whitespace:
+ p.scan()
+ end = p.s.lastEnd
+ return term
+ case tokens.Dot, tokens.LBrack:
+ term = p.parseRef(term, offset)
+ }
+ }
+ end = p.s.tokEnd
+ return term
+ case tokens.LBrack:
+ p.scan()
+ if term := p.parseTermInfixCall(); term != nil {
+ if p.s.tok != tokens.RBrack {
+ p.illegal("expected %v", tokens.LBrack)
+ return nil
+ }
+ ref = append(ref, term)
+ p.scanWS()
+ } else {
+ return nil
+ }
+ case tokens.Whitespace:
+ end = p.s.lastEnd
+ p.scan()
+ return RefTerm(ref...)
+ default:
+ end = p.s.lastEnd
+ return RefTerm(ref...)
+ }
+ }
+}
+
+func (p *Parser) parseArray() (term *Term) {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ loc := p.s.Loc()
+ offset := p.s.loc.Offset
+
+ defer func() {
+ p.setLoc(term, loc, offset, p.s.tokEnd)
+ }()
+
+ p.scan()
+
+ if p.s.tok == tokens.RBrack {
+ return ArrayTerm()
+ }
+
+ potentialComprehension := true
+
+ // Skip leading commas, eg [, x, y]
+ // Supported for backwards compatibility. In the future
+ // we should make this a parse error.
+ if p.s.tok == tokens.Comma {
+ potentialComprehension = false
+ p.scan()
+ }
+
+ s := p.save()
+
+ // NOTE(tsandall): The parser cannot attempt a relational term here because
+ // of ambiguity around comprehensions. For example, given:
+ //
+ // {1 | 1}
+ //
+ // Does this represent a set comprehension or a set containing binary OR
+ // call? We resolve the ambiguity by prioritizing comprehensions.
+ head := p.parseTerm()
+
+ if head == nil {
+ return nil
+ }
+
+ switch p.s.tok {
+ case tokens.RBrack:
+ return ArrayTerm(head)
+ case tokens.Comma:
+ p.scan()
+ if terms := p.parseTermList(tokens.RBrack, []*Term{head}); terms != nil {
+ return ArrayTerm(terms...)
+ }
+ return nil
+ case tokens.Or:
+ if potentialComprehension {
+ // Try to parse as if it is an array comprehension
+ p.scan()
+ if body := p.parseBody(tokens.RBrack); body != nil {
+ return ArrayComprehensionTerm(head, body)
+ }
+ if p.s.tok != tokens.Comma {
+ return nil
+ }
+ }
+ // fall back to parsing as a normal array definition
+ }
+
+ p.restore(s)
+
+ if terms := p.parseTermList(tokens.RBrack, nil); terms != nil {
+ return ArrayTerm(terms...)
+ }
+ return nil
+}
+
+func (p *Parser) parseSetOrObject() (term *Term) {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ loc := p.s.Loc()
+ offset := p.s.loc.Offset
+
+ defer func() {
+ p.setLoc(term, loc, offset, p.s.tokEnd)
+ }()
+
+ p.scan()
+
+ if p.s.tok == tokens.RBrace {
+ return ObjectTerm()
+ }
+
+ potentialComprehension := true
+
+ // Skip leading commas, eg {, x, y}
+ // Supported for backwards compatibility. In the future
+ // we should make this a parse error.
+ if p.s.tok == tokens.Comma {
+ potentialComprehension = false
+ p.scan()
+ }
+
+ s := p.save()
+
+ // Try parsing just a single term first to give comprehensions higher
+ // priority to "or" calls in ambiguous situations. Eg: { a | b }
+ // will be a set comprehension.
+ //
+ // Note: We don't know yet if it is a set or object being defined.
+ head := p.parseTerm()
+ if head == nil {
+ return nil
+ }
+
+ switch p.s.tok {
+ case tokens.Or:
+ if potentialComprehension {
+ return p.parseSet(s, head, potentialComprehension)
+ }
+ case tokens.RBrace, tokens.Comma:
+ return p.parseSet(s, head, potentialComprehension)
+ case tokens.Colon:
+ return p.parseObject(head, potentialComprehension)
+ }
+
+ p.restore(s)
+
+ head = p.parseTermInfixCallInList()
+ if head == nil {
+ return nil
+ }
+
+ switch p.s.tok {
+ case tokens.RBrace, tokens.Comma:
+ return p.parseSet(s, head, false)
+ case tokens.Colon:
+ // It still might be an object comprehension, eg { a+1: b | ... }
+ return p.parseObject(head, potentialComprehension)
+ }
+
+ p.illegal("non-terminated set")
+ return nil
+}
+
+func (p *Parser) parseSet(s *state, head *Term, potentialComprehension bool) *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ switch p.s.tok {
+ case tokens.RBrace:
+ return SetTerm(head)
+ case tokens.Comma:
+ p.scan()
+ if terms := p.parseTermList(tokens.RBrace, []*Term{head}); terms != nil {
+ return SetTerm(terms...)
+ }
+ case tokens.Or:
+ if potentialComprehension {
+ // Try to parse as if it is a set comprehension
+ p.scan()
+ if body := p.parseBody(tokens.RBrace); body != nil {
+ return SetComprehensionTerm(head, body)
+ }
+ if p.s.tok != tokens.Comma {
+ return nil
+ }
+ }
+ // Fall back to parsing as normal set definition
+ p.restore(s)
+ if terms := p.parseTermList(tokens.RBrace, nil); terms != nil {
+ return SetTerm(terms...)
+ }
+ }
+ return nil
+}
+
+func (p *Parser) parseObject(k *Term, potentialComprehension bool) *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ // NOTE(tsandall): Assumption: this function is called after parsing the key
+ // of the head element and then receiving a colon token from the scanner.
+ // Advance beyond the colon and attempt to parse an object.
+ if p.s.tok != tokens.Colon {
+ panic("expected colon")
+ }
+ p.scan()
+
+ s := p.save()
+
+ // NOTE(sr): We first try to parse the value as a term (`v`), and see
+ // if we can parse `{ x: v | ...}` as a comprehension.
+ // However, if we encounter either a Comma or an RBace, it cannot be
+ // parsed as a comprehension -- so we save double work further down
+ // where `parseObjectFinish(k, v, false)` would only exercise the
+ // same code paths once more.
+ v := p.parseTerm()
+ if v == nil {
+ return nil
+ }
+
+ potentialRelation := true
+ if potentialComprehension {
+ switch p.s.tok {
+ case tokens.RBrace, tokens.Comma:
+ potentialRelation = false
+ fallthrough
+ case tokens.Or:
+ if term := p.parseObjectFinish(k, v, true); term != nil {
+ return term
+ }
+ }
+ }
+
+ p.restore(s)
+
+ if potentialRelation {
+ v := p.parseTermInfixCallInList()
+ if v == nil {
+ return nil
+ }
+
+ switch p.s.tok {
+ case tokens.RBrace, tokens.Comma:
+ return p.parseObjectFinish(k, v, false)
+ }
+ }
+
+ p.illegal("non-terminated object")
+ return nil
+}
+
+func (p *Parser) parseObjectFinish(key, val *Term, potentialComprehension bool) *Term {
+ if !p.enter() {
+ return nil
+ }
+ defer p.leave()
+
+ switch p.s.tok {
+ case tokens.RBrace:
+ return ObjectTerm([2]*Term{key, val})
+ case tokens.Or:
+ if potentialComprehension {
+ p.scan()
+ if body := p.parseBody(tokens.RBrace); body != nil {
+ return ObjectComprehensionTerm(key, val, body)
+ }
+ } else {
+ p.illegal("non-terminated object")
+ }
+ case tokens.Comma:
+ p.scan()
+ if r := p.parseTermPairList(tokens.RBrace, [][2]*Term{{key, val}}); r != nil {
+ return ObjectTerm(r...)
+ }
+ }
+ return nil
+}
+
+func (p *Parser) parseTermList(end tokens.Token, r []*Term) []*Term {
+ if p.s.tok == end {
+ return r
+ }
+ for {
+ term := p.parseTermInfixCallInList()
+ if term != nil {
+ r = append(r, term)
+ switch p.s.tok {
+ case end:
+ return r
+ case tokens.Comma:
+ p.scan()
+ if p.s.tok == end {
+ return r
+ }
+ continue
+ default:
+ p.illegal(fmt.Sprintf("expected %q or %q", tokens.Comma, end))
+ return nil
+ }
+ }
+ return nil
+ }
+}
+
+func (p *Parser) parseTermPairList(end tokens.Token, r [][2]*Term) [][2]*Term {
+ if p.s.tok == end {
+ return r
+ }
+ for {
+ key := p.parseTermInfixCallInList()
+ if key != nil {
+ switch p.s.tok {
+ case tokens.Colon:
+ p.scan()
+ if val := p.parseTermInfixCallInList(); val != nil {
+ r = append(r, [2]*Term{key, val})
+ switch p.s.tok {
+ case end:
+ return r
+ case tokens.Comma:
+ p.scan()
+ if p.s.tok == end {
+ return r
+ }
+ continue
+ default:
+ p.illegal(fmt.Sprintf("expected %q or %q", tokens.Comma, end))
+ return nil
+ }
+ }
+ default:
+ p.illegal(fmt.Sprintf("expected %q", tokens.Colon))
+ return nil
+ }
+ }
+ return nil
+ }
+}
+
+func (p *Parser) parseTermOp(values ...tokens.Token) *Term {
+ if slices.Contains(values, p.s.tok) {
+ r := RefTerm(VarTerm(p.s.tok.String()).SetLocation(p.s.Loc())).SetLocation(p.s.Loc())
+ p.scan()
+ return r
+ }
+ return nil
+}
+
+func (p *Parser) parseTermOpName(ref Ref, values ...tokens.Token) *Term {
+ if slices.Contains(values, p.s.tok) {
+ cp := ref.Copy()
+ for _, r := range cp {
+ r.SetLocation(p.s.Loc())
+ }
+ t := RefTerm(cp...)
+ t.SetLocation(p.s.Loc())
+ p.scan()
+ return t
+ }
+ return nil
+}
+
+func (p *Parser) parseVar() *Term {
+
+ s := p.s.lit
+
+ term := VarTerm(s).SetLocation(p.s.Loc())
+
+ // Update wildcard values with unique identifiers
+ if term.Equal(Wildcard) {
+ term.Value = Var(p.genwildcard())
+ }
+
+ return term
+}
+
+func (p *Parser) genwildcard() string {
+ c := p.s.wildcard
+ p.s.wildcard++
+ return fmt.Sprintf("%v%d", WildcardPrefix, c)
+}
+
+func (p *Parser) error(loc *location.Location, reason string) {
+ p.errorf(loc, reason) //nolint:govet
+}
+
+func (p *Parser) errorf(loc *location.Location, f string, a ...any) {
+ msg := strings.Builder{}
+ msg.WriteString(fmt.Sprintf(f, a...))
+
+ switch len(p.s.hints) {
+ case 0: // nothing to do
+ case 1:
+ msg.WriteString(" (hint: ")
+ msg.WriteString(p.s.hints[0])
+ msg.WriteRune(')')
+ default:
+ msg.WriteString(" (hints: ")
+ for i, h := range p.s.hints {
+ if i > 0 {
+ msg.WriteString(", ")
+ }
+ msg.WriteString(h)
+ }
+ msg.WriteRune(')')
+ }
+
+ p.s.errors = append(p.s.errors, &Error{
+ Code: ParseErr,
+ Message: msg.String(),
+ Location: loc,
+ Details: newParserErrorDetail(p.s.s.Bytes(), loc.Offset),
+ })
+ p.s.hints = nil
+}
+
+func (p *Parser) hint(f string, a ...any) {
+ p.s.hints = append(p.s.hints, fmt.Sprintf(f, a...))
+}
+
+func (p *Parser) illegal(note string, a ...any) {
+ tok := p.s.tok.String()
+
+ if p.s.tok == tokens.Illegal {
+ p.errorf(p.s.Loc(), "illegal token")
+ return
+ }
+
+ tokType := "token"
+ if tokens.IsKeyword(p.s.tok) {
+ tokType = "keyword"
+ } else if _, ok := allFutureKeywords[p.s.tok.String()]; ok {
+ tokType = "keyword"
+ }
+
+ note = fmt.Sprintf(note, a...)
+ if len(note) > 0 {
+ p.errorf(p.s.Loc(), "unexpected %s %s: %s", tok, tokType, note)
+ } else {
+ p.errorf(p.s.Loc(), "unexpected %s %s", tok, tokType)
+ }
+}
+
+func (p *Parser) illegalToken() {
+ p.illegal("")
+}
+
+func (p *Parser) scan() {
+ p.doScan(true)
+}
+
+func (p *Parser) scanWS() {
+ p.doScan(false)
+}
+
+func (p *Parser) doScan(skipws bool) {
+
+ // NOTE(tsandall): the last position is used to compute the "text" field for
+ // complex AST nodes. Whitespace never affects the last position of an AST
+ // node so do not update it when scanning.
+ if p.s.tok != tokens.Whitespace {
+ p.s.lastEnd = p.s.tokEnd
+ p.s.skippedNL = false
+ }
+
+ var errs []scanner.Error
+ for {
+ var pos scanner.Position
+ p.s.tok, pos, p.s.lit, errs = p.s.s.Scan()
+
+ p.s.tokEnd = pos.End
+ p.s.loc.Row = pos.Row
+ p.s.loc.Col = pos.Col
+ p.s.loc.Offset = pos.Offset
+ p.s.loc.Text = p.s.Text(pos.Offset, pos.End)
+ p.s.loc.Tabs = pos.Tabs
+
+ for _, err := range errs {
+ p.error(p.s.Loc(), err.Message)
+ }
+
+ if len(errs) > 0 {
+ p.s.tok = tokens.Illegal
+ }
+
+ if p.s.tok == tokens.Whitespace {
+ if p.s.lit == "\n" {
+ p.s.skippedNL = true
+ }
+ if skipws {
+ continue
+ }
+ }
+
+ if p.s.tok != tokens.Comment {
+ break
+ }
+
+ // For backwards compatibility leave a nil
+ // Text value if there is no text rather than
+ // an empty string.
+ var commentText []byte
+ if len(p.s.lit) > 1 {
+ commentText = []byte(p.s.lit[1:])
+ }
+ comment := NewComment(commentText)
+ comment.SetLoc(p.s.Loc())
+ p.s.comments = append(p.s.comments, comment)
+ }
+}
+
+func (p *Parser) save() *state {
+ cpy := *p.s
+ s := *cpy.s
+ cpy.s = &s
+ return &cpy
+}
+
+func (p *Parser) restore(s *state) {
+ p.s = s
+}
+
+func setLocRecursive(x any, loc *location.Location) {
+ NewGenericVisitor(func(x any) bool {
+ if node, ok := x.(Node); ok {
+ node.SetLoc(loc)
+ }
+ return false
+ }).Walk(x)
+}
+
+func (p *Parser) setLoc(term *Term, loc *location.Location, offset, end int) *Term {
+ if term != nil {
+ cpy := *loc
+ term.Location = &cpy
+ term.Location.Text = p.s.Text(offset, end)
+ }
+ return term
+}
+
+func (p *Parser) validateDefaultRuleValue(rule *Rule) bool {
+ if rule.Head.Value == nil {
+ p.error(rule.Loc(), "illegal default rule (must have a value)")
+ return false
+ }
+
+ valid := true
+ vis := NewGenericVisitor(func(x any) bool {
+ switch x.(type) {
+ case *ArrayComprehension, *ObjectComprehension, *SetComprehension: // skip closures
+ return true
+ case Ref, Var, Call:
+ p.error(rule.Loc(), fmt.Sprintf("illegal default rule (value cannot contain %v)", TypeName(x)))
+ valid = false
+ return true
+ }
+ return false
+ })
+
+ vis.Walk(rule.Head.Value.Value)
+ return valid
+}
+
+func (p *Parser) validateDefaultRuleArgs(rule *Rule) bool {
+
+ valid := true
+ vars := NewVarSet()
+
+ vis := NewGenericVisitor(func(x any) bool {
+ switch x := x.(type) {
+ case Var:
+ if vars.Contains(x) {
+ p.error(rule.Loc(), fmt.Sprintf("illegal default rule (arguments cannot be repeated %v)", x))
+ valid = false
+ return true
+ }
+ vars.Add(x)
+
+ case *Term:
+ switch v := x.Value.(type) {
+ case Var: // do nothing
+ default:
+ p.error(rule.Loc(), fmt.Sprintf("illegal default rule (arguments cannot contain %v)", ValueName(v)))
+ valid = false
+ return true
+ }
+ }
+
+ return false
+ })
+
+ vis.Walk(rule.Head.Args)
+ return valid
+}
+
+// We explicitly use yaml unmarshalling, to accommodate for the '_' in 'related_resources',
+// which isn't handled properly by json for some reason.
+type rawAnnotation struct {
+ Scope string `yaml:"scope"`
+ Title string `yaml:"title"`
+ Entrypoint bool `yaml:"entrypoint"`
+ Description string `yaml:"description"`
+ Organizations []string `yaml:"organizations"`
+ RelatedResources []any `yaml:"related_resources"`
+ Authors []any `yaml:"authors"`
+ Schemas []map[string]any `yaml:"schemas"`
+ Custom map[string]any `yaml:"custom"`
+}
+
+type metadataParser struct {
+ buf *bytes.Buffer
+ comments []*Comment
+ loc *location.Location
+}
+
+func newMetadataParser(loc *Location) *metadataParser {
+ return &metadataParser{loc: loc, buf: bytes.NewBuffer(nil)}
+}
+
+func (b *metadataParser) Append(c *Comment) {
+ b.buf.Write(bytes.TrimPrefix(c.Text, []byte(" ")))
+ b.buf.WriteByte('\n')
+ b.comments = append(b.comments, c)
+}
+
+var yamlLineErrRegex = regexp.MustCompile(`^yaml:(?: unmarshal errors:[\n\s]*)? line ([[:digit:]]+):`)
+
+func (b *metadataParser) Parse() (*Annotations, error) {
+
+ var raw rawAnnotation
+
+ if len(bytes.TrimSpace(b.buf.Bytes())) == 0 {
+ return nil, errors.New("expected METADATA block, found whitespace")
+ }
+
+ if err := yaml.Unmarshal(b.buf.Bytes(), &raw); err != nil {
+ var comment *Comment
+ match := yamlLineErrRegex.FindStringSubmatch(err.Error())
+ if len(match) == 2 {
+ index, err2 := strconv.Atoi(match[1])
+ if err2 == nil {
+ if index >= len(b.comments) {
+ comment = b.comments[len(b.comments)-1]
+ } else {
+ comment = b.comments[index]
+ }
+ b.loc = comment.Location
+ }
+ }
+
+ if match == nil && len(b.comments) > 0 {
+ b.loc = b.comments[0].Location
+ }
+
+ return nil, augmentYamlError(err, b.comments)
+ }
+
+ var result Annotations
+ result.comments = b.comments
+ result.Scope = raw.Scope
+ result.Entrypoint = raw.Entrypoint
+ result.Title = raw.Title
+ result.Description = raw.Description
+ result.Organizations = raw.Organizations
+
+ for _, v := range raw.RelatedResources {
+ rr, err := parseRelatedResource(v)
+ if err != nil {
+ return nil, fmt.Errorf("invalid related-resource definition %s: %w", v, err)
+ }
+ result.RelatedResources = append(result.RelatedResources, rr)
+ }
+
+ for _, pair := range raw.Schemas {
+ k, v := unwrapPair(pair)
+
+ var a SchemaAnnotation
+ var err error
+
+ a.Path, err = ParseRef(k)
+ if err != nil {
+ return nil, errors.New("invalid document reference")
+ }
+
+ switch v := v.(type) {
+ case string:
+ a.Schema, err = parseSchemaRef(v)
+ if err != nil {
+ return nil, err
+ }
+ case map[string]any:
+ w, err := convertYAMLMapKeyTypes(v, nil)
+ if err != nil {
+ return nil, fmt.Errorf("invalid schema definition: %w", err)
+ }
+ a.Definition = &w
+ default:
+ return nil, fmt.Errorf("invalid schema declaration for path %q", k)
+ }
+
+ result.Schemas = append(result.Schemas, &a)
+ }
+
+ for _, v := range raw.Authors {
+ author, err := parseAuthor(v)
+ if err != nil {
+ return nil, fmt.Errorf("invalid author definition %s: %w", v, err)
+ }
+ result.Authors = append(result.Authors, author)
+ }
+
+ result.Custom = make(map[string]any)
+ for k, v := range raw.Custom {
+ val, err := convertYAMLMapKeyTypes(v, nil)
+ if err != nil {
+ return nil, err
+ }
+ result.Custom[k] = val
+ }
+
+ result.Location = b.loc
+
+ // recreate original text of entire metadata block for location text attribute
+ sb := strings.Builder{}
+ sb.WriteString("# METADATA\n")
+
+ lines := bytes.Split(b.buf.Bytes(), []byte{'\n'})
+
+ for _, line := range lines[:len(lines)-1] {
+ sb.WriteString("# ")
+ sb.Write(line)
+ sb.WriteByte('\n')
+ }
+
+ result.Location.Text = []byte(strings.TrimSuffix(sb.String(), "\n"))
+
+ return &result, nil
+}
+
+// augmentYamlError augments a YAML error with hints intended to help the user figure out the cause of an otherwise
+// cryptic error. These are hints, instead of proper errors, because they are educated guesses, and aren't guaranteed
+// to be correct.
+func augmentYamlError(err error, comments []*Comment) error {
+ // Adding hints for when key/value ':' separator isn't suffixed with a legal YAML space symbol
+ for _, comment := range comments {
+ txt := string(comment.Text)
+ parts := strings.Split(txt, ":")
+ if len(parts) > 1 {
+ parts = parts[1:]
+ var invalidSpaces []string
+ for partIndex, part := range parts {
+ if len(part) == 0 && partIndex == len(parts)-1 {
+ invalidSpaces = []string{}
+ break
+ }
+
+ r, _ := utf8.DecodeRuneInString(part)
+ if r == ' ' || r == '\t' {
+ invalidSpaces = []string{}
+ break
+ }
+
+ invalidSpaces = append(invalidSpaces, fmt.Sprintf("%+q", r))
+ }
+ if len(invalidSpaces) > 0 {
+ err = fmt.Errorf(
+ "%s\n Hint: on line %d, symbol(s) %v immediately following a key/value separator ':' is not a legal yaml space character",
+ err.Error(), comment.Location.Row, invalidSpaces)
+ }
+ }
+ }
+ return err
+}
+
+func unwrapPair(pair map[string]any) (string, any) {
+ for k, v := range pair {
+ return k, v
+ }
+ return "", nil
+}
+
+var errInvalidSchemaRef = errors.New("invalid schema reference")
+
+// NOTE(tsandall): 'schema' is not registered as a root because it's not
+// supported by the compiler or evaluator today. Once we fix that, we can remove
+// this function.
+func parseSchemaRef(s string) (Ref, error) {
+
+ term, err := ParseTerm(s)
+ if err == nil {
+ switch v := term.Value.(type) {
+ case Var:
+ if term.Equal(SchemaRootDocument) {
+ return SchemaRootRef.Copy(), nil
+ }
+ case Ref:
+ if v.HasPrefix(SchemaRootRef) {
+ return v, nil
+ }
+ }
+ }
+
+ return nil, errInvalidSchemaRef
+}
+
+func parseRelatedResource(rr any) (*RelatedResourceAnnotation, error) {
+ rr, err := convertYAMLMapKeyTypes(rr, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ switch rr := rr.(type) {
+ case string:
+ if len(rr) > 0 {
+ u, err := url.Parse(rr)
+ if err != nil {
+ return nil, err
+ }
+ return &RelatedResourceAnnotation{Ref: *u}, nil
+ }
+ return nil, errors.New("ref URL may not be empty string")
+ case map[string]any:
+ description := strings.TrimSpace(getSafeString(rr, "description"))
+ ref := strings.TrimSpace(getSafeString(rr, "ref"))
+ if len(ref) > 0 {
+ u, err := url.Parse(ref)
+ if err != nil {
+ return nil, err
+ }
+ return &RelatedResourceAnnotation{Description: description, Ref: *u}, nil
+ }
+ return nil, errors.New("'ref' value required in object")
+ }
+
+ return nil, errors.New("invalid value type, must be string or map")
+}
+
+func parseAuthor(a any) (*AuthorAnnotation, error) {
+ a, err := convertYAMLMapKeyTypes(a, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ switch a := a.(type) {
+ case string:
+ return parseAuthorString(a)
+ case map[string]any:
+ name := strings.TrimSpace(getSafeString(a, "name"))
+ email := strings.TrimSpace(getSafeString(a, "email"))
+ if len(name) > 0 || len(email) > 0 {
+ return &AuthorAnnotation{name, email}, nil
+ }
+ return nil, errors.New("'name' and/or 'email' values required in object")
+ }
+
+ return nil, errors.New("invalid value type, must be string or map")
+}
+
+func getSafeString(m map[string]any, k string) string {
+ if v, found := m[k]; found {
+ if s, ok := v.(string); ok {
+ return s
+ }
+ }
+ return ""
+}
+
+const emailPrefix = "<"
+const emailSuffix = ">"
+
+// parseAuthor parses a string into an AuthorAnnotation. If the last word of the input string is enclosed within <>,
+// it is extracted as the author's email. The email may not contain whitelines, as it then will be interpreted as
+// multiple words.
+func parseAuthorString(s string) (*AuthorAnnotation, error) {
+ parts := strings.Fields(s)
+
+ if len(parts) == 0 {
+ return nil, errors.New("author is an empty string")
+ }
+
+ namePartCount := len(parts)
+ trailing := parts[namePartCount-1]
+ var email string
+ if len(trailing) >= len(emailPrefix)+len(emailSuffix) && strings.HasPrefix(trailing, emailPrefix) &&
+ strings.HasSuffix(trailing, emailSuffix) {
+ email = trailing[len(emailPrefix):]
+ email = email[0 : len(email)-len(emailSuffix)]
+ namePartCount -= 1
+ }
+
+ name := strings.Join(parts[0:namePartCount], " ")
+
+ return &AuthorAnnotation{Name: name, Email: email}, nil
+}
+
+func convertYAMLMapKeyTypes(x any, path []string) (any, error) {
+ var err error
+ switch x := x.(type) {
+ case map[any]any:
+ result := make(map[string]any, len(x))
+ for k, v := range x {
+ str, ok := k.(string)
+ if !ok {
+ return nil, fmt.Errorf("invalid map key type(s): %v", strings.Join(path, "/"))
+ }
+ result[str], err = convertYAMLMapKeyTypes(v, append(path, str))
+ if err != nil {
+ return nil, err
+ }
+ }
+ return result, nil
+ case []any:
+ for i := range x {
+ x[i], err = convertYAMLMapKeyTypes(x[i], append(path, strconv.Itoa(i)))
+ if err != nil {
+ return nil, err
+ }
+ }
+ return x, nil
+ default:
+ return x, nil
+ }
+}
+
+// futureKeywords is the source of truth for future keywords that will
+// eventually become standard keywords inside of Rego.
+var futureKeywords = map[string]tokens.Token{}
+
+// futureKeywordsV0 is the source of truth for future keywords that were
+// not yet a standard part of Rego in v0, and required importing.
+var futureKeywordsV0 = map[string]tokens.Token{
+ "in": tokens.In,
+ "every": tokens.Every,
+ "contains": tokens.Contains,
+ "if": tokens.If,
+}
+
+var allFutureKeywords map[string]tokens.Token
+
+func IsFutureKeyword(s string) bool {
+ return IsFutureKeywordForRegoVersion(s, RegoV1)
+}
+
+func IsFutureKeywordForRegoVersion(s string, v RegoVersion) bool {
+ var yes bool
+
+ switch v {
+ case RegoV0, RegoV0CompatV1:
+ _, yes = futureKeywordsV0[s]
+ case RegoV1:
+ _, yes = futureKeywords[s]
+ }
+
+ return yes
+}
+
+func (p *Parser) futureImport(imp *Import, allowedFutureKeywords map[string]tokens.Token) {
+ path := imp.Path.Value.(Ref)
+
+ if len(path) == 1 || !path[1].Equal(InternedStringTerm("keywords")) {
+ p.errorf(imp.Path.Location, "invalid import, must be `future.keywords`")
+ return
+ }
+
+ if imp.Alias != "" {
+ p.errorf(imp.Path.Location, "`future` imports cannot be aliased")
+ return
+ }
+
+ kwds := make([]string, 0, len(allowedFutureKeywords))
+ for k := range allowedFutureKeywords {
+ kwds = append(kwds, k)
+ }
+
+ switch len(path) {
+ case 2: // all keywords imported, nothing to do
+ case 3: // one keyword imported
+ kw, ok := path[2].Value.(String)
+ if !ok {
+ p.errorf(imp.Path.Location, "invalid import, must be `future.keywords.x`, e.g. `import future.keywords.in`")
+ return
+ }
+ keyword := string(kw)
+ _, ok = allowedFutureKeywords[keyword]
+ if !ok {
+ sort.Strings(kwds) // so the error message is stable
+ p.errorf(imp.Path.Location, "unexpected keyword, must be one of %v", kwds)
+ return
+ }
+
+ kwds = []string{keyword} // overwrite
+ }
+ for _, kw := range kwds {
+ p.s.s.AddKeyword(kw, allowedFutureKeywords[kw])
+ }
+}
+
+func (p *Parser) regoV1Import(imp *Import) {
+ if !p.po.Capabilities.ContainsFeature(FeatureRegoV1Import) && !p.po.Capabilities.ContainsFeature(FeatureRegoV1) {
+ p.errorf(imp.Path.Location, "invalid import, `%s` is not supported by current capabilities", RegoV1CompatibleRef)
+ return
+ }
+
+ path := imp.Path.Value.(Ref)
+
+ // v1 is only valid option
+ if len(path) == 1 || !path[1].Equal(RegoV1CompatibleRef[1]) || len(path) > 2 {
+ p.errorf(imp.Path.Location, "invalid import `%s`, must be `%s`", path, RegoV1CompatibleRef)
+ return
+ }
+
+ if p.po.EffectiveRegoVersion() == RegoV1 {
+ // We're parsing for Rego v1, where the 'rego.v1' import is a no-op.
+ return
+ }
+
+ if imp.Alias != "" {
+ p.errorf(imp.Path.Location, "`rego` imports cannot be aliased")
+ return
+ }
+
+ // import all future keywords with the rego.v1 import
+ kwds := make([]string, 0, len(futureKeywordsV0))
+ for k := range futureKeywordsV0 {
+ kwds = append(kwds, k)
+ }
+
+ p.s.s.SetRegoV1Compatible()
+ for _, kw := range kwds {
+ p.s.s.AddKeyword(kw, futureKeywordsV0[kw])
+ }
+}
+
+func init() {
+ allFutureKeywords = map[string]tokens.Token{}
+ maps.Copy(allFutureKeywords, futureKeywords)
+ maps.Copy(allFutureKeywords, futureKeywordsV0)
+}
+
+// enter increments the recursion depth counter and checks if it exceeds the maximum.
+// Returns false if the maximum is exceeded, true otherwise.
+// If p.maxRecursionDepth is 0 or negative, the check is effectively disabled.
+func (p *Parser) enter() bool {
+ p.recursionDepth++
+ if p.maxRecursionDepth > 0 && p.recursionDepth > p.maxRecursionDepth {
+ p.error(p.s.Loc(), ErrMaxParsingRecursionDepthExceeded.Error())
+ p.recursionDepth--
+ return false
+ }
+ return true
+}
+
+// leave decrements the recursion depth counter.
+func (p *Parser) leave() {
+ p.recursionDepth--
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/parser_ext.go b/vendor/github.com/open-policy-agent/opa/v1/ast/parser_ext.go
new file mode 100644
index 0000000000..42b0503690
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/parser_ext.go
@@ -0,0 +1,814 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// This file contains extra functions for parsing Rego.
+// Most of the parsing is handled by the code in parser.go,
+// however, there are additional utilities that are
+// helpful for dealing with Rego source inputs (e.g., REPL
+// statements, source files, etc.)
+
+package ast
+
+import (
+ "bytes"
+ "errors"
+ "fmt"
+ "slices"
+ "strings"
+ "unicode"
+
+ "github.com/open-policy-agent/opa/v1/ast/internal/tokens"
+)
+
+// MustParseBody returns a parsed body.
+// If an error occurs during parsing, panic.
+func MustParseBody(input string) Body {
+ return MustParseBodyWithOpts(input, ParserOptions{})
+}
+
+// MustParseBodyWithOpts returns a parsed body.
+// If an error occurs during parsing, panic.
+func MustParseBodyWithOpts(input string, opts ParserOptions) Body {
+ parsed, err := ParseBodyWithOpts(input, opts)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParseExpr returns a parsed expression.
+// If an error occurs during parsing, panic.
+func MustParseExpr(input string) *Expr {
+ parsed, err := ParseExpr(input)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParseImports returns a slice of imports.
+// If an error occurs during parsing, panic.
+func MustParseImports(input string) []*Import {
+ parsed, err := ParseImports(input)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParseModule returns a parsed module.
+// If an error occurs during parsing, panic.
+func MustParseModule(input string) *Module {
+ return MustParseModuleWithOpts(input, ParserOptions{})
+}
+
+// MustParseModuleWithOpts returns a parsed module.
+// If an error occurs during parsing, panic.
+func MustParseModuleWithOpts(input string, opts ParserOptions) *Module {
+ parsed, err := ParseModuleWithOpts("", input, opts)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParsePackage returns a Package.
+// If an error occurs during parsing, panic.
+func MustParsePackage(input string) *Package {
+ parsed, err := ParsePackage(input)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParseStatements returns a slice of parsed statements.
+// If an error occurs during parsing, panic.
+func MustParseStatements(input string) []Statement {
+ parsed, _, err := ParseStatements("", input)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParseStatement returns exactly one statement.
+// If an error occurs during parsing, panic.
+func MustParseStatement(input string) Statement {
+ parsed, err := ParseStatement(input)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+func MustParseStatementWithOpts(input string, popts ParserOptions) Statement {
+ parsed, err := ParseStatementWithOpts(input, popts)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParseRef returns a parsed reference.
+// If an error occurs during parsing, panic.
+func MustParseRef(input string) Ref {
+ parsed, err := ParseRef(input)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParseRule returns a parsed rule.
+// If an error occurs during parsing, panic.
+func MustParseRule(input string) *Rule {
+ parsed, err := ParseRule(input)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParseRuleWithOpts returns a parsed rule.
+// If an error occurs during parsing, panic.
+func MustParseRuleWithOpts(input string, opts ParserOptions) *Rule {
+ parsed, err := ParseRuleWithOpts(input, opts)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// MustParseTerm returns a parsed term.
+// If an error occurs during parsing, panic.
+func MustParseTerm(input string) *Term {
+ parsed, err := ParseTerm(input)
+ if err != nil {
+ panic(err)
+ }
+ return parsed
+}
+
+// ParseRuleFromBody returns a rule if the body can be interpreted as a rule
+// definition. Otherwise, an error is returned.
+func ParseRuleFromBody(module *Module, body Body) (*Rule, error) {
+
+ if len(body) != 1 {
+ return nil, errors.New("multiple expressions cannot be used for rule head")
+ }
+
+ return ParseRuleFromExpr(module, body[0])
+}
+
+// ParseRuleFromExpr returns a rule if the expression can be interpreted as a
+// rule definition.
+func ParseRuleFromExpr(module *Module, expr *Expr) (*Rule, error) {
+
+ if len(expr.With) > 0 {
+ return nil, errors.New("expressions using with keyword cannot be used for rule head")
+ }
+
+ if expr.Negated {
+ return nil, errors.New("negated expressions cannot be used for rule head")
+ }
+
+ if _, ok := expr.Terms.(*SomeDecl); ok {
+ return nil, errors.New("'some' declarations cannot be used for rule head")
+ }
+
+ if term, ok := expr.Terms.(*Term); ok {
+ switch v := term.Value.(type) {
+ case Ref:
+ if len(v) > 2 { // 2+ dots
+ return ParseCompleteDocRuleWithDotsFromTerm(module, term)
+ }
+ return ParsePartialSetDocRuleFromTerm(module, term)
+ default:
+ return nil, fmt.Errorf("%v cannot be used for rule name", ValueName(v))
+ }
+ }
+
+ if _, ok := expr.Terms.([]*Term); !ok {
+ // This is a defensive check in case other kinds of expression terms are
+ // introduced in the future.
+ return nil, errors.New("expression cannot be used for rule head")
+ }
+
+ if expr.IsEquality() {
+ return parseCompleteRuleFromEq(module, expr)
+ } else if expr.IsAssignment() {
+ rule, err := parseCompleteRuleFromEq(module, expr)
+ if err != nil {
+ return nil, err
+ }
+ rule.Head.Assign = true
+ return rule, nil
+ }
+
+ if _, ok := BuiltinMap[expr.Operator().String()]; ok {
+ return nil, errors.New("rule name conflicts with built-in function")
+ }
+
+ return ParseRuleFromCallExpr(module, expr.Terms.([]*Term))
+}
+
+func parseCompleteRuleFromEq(module *Module, expr *Expr) (rule *Rule, err error) {
+
+ // ensure the rule location is set to the expr location
+ // the helper functions called below try to set the location based
+ // on the terms they've been provided but that is not as accurate.
+ defer func() {
+ if rule != nil {
+ rule.Location = expr.Location
+ rule.Head.Location = expr.Location
+ }
+ }()
+
+ lhs, rhs := expr.Operand(0), expr.Operand(1)
+ if lhs == nil || rhs == nil {
+ return nil, errors.New("assignment requires two operands")
+ }
+
+ rule, err = ParseRuleFromCallEqExpr(module, lhs, rhs)
+ if err == nil {
+ return rule, nil
+ }
+
+ rule, err = ParsePartialObjectDocRuleFromEqExpr(module, lhs, rhs)
+ if err == nil {
+ return rule, nil
+ }
+
+ return ParseCompleteDocRuleFromEqExpr(module, lhs, rhs)
+}
+
+// ParseCompleteDocRuleFromAssignmentExpr returns a rule if the expression can
+// be interpreted as a complete document definition declared with the assignment
+// operator.
+func ParseCompleteDocRuleFromAssignmentExpr(module *Module, lhs, rhs *Term) (*Rule, error) {
+
+ rule, err := ParseCompleteDocRuleFromEqExpr(module, lhs, rhs)
+ if err != nil {
+ return nil, err
+ }
+
+ rule.Head.Assign = true
+
+ return rule, nil
+}
+
+// ParseCompleteDocRuleFromEqExpr returns a rule if the expression can be
+// interpreted as a complete document definition.
+func ParseCompleteDocRuleFromEqExpr(module *Module, lhs, rhs *Term) (*Rule, error) {
+ var head *Head
+
+ if v, ok := lhs.Value.(Var); ok {
+ // Modify the code to add the location to the head ref
+ head = VarHead(v, lhs.Location, nil)
+ } else if r, ok := lhs.Value.(Ref); ok { // groundness ?
+ if _, ok := r[0].Value.(Var); !ok {
+ return nil, fmt.Errorf("invalid rule head: %v", r)
+ }
+ head = RefHead(r)
+ if len(r) > 1 && !r[len(r)-1].IsGround() {
+ return nil, errors.New("ref not ground")
+ }
+ } else {
+ return nil, fmt.Errorf("%v cannot be used for rule name", ValueName(lhs.Value))
+ }
+ head.Value = rhs
+ head.Location = lhs.Location
+
+ body := NewBody(NewExpr(BooleanTerm(true).SetLocation(rhs.Location)).SetLocation(rhs.Location))
+
+ return &Rule{
+ Location: lhs.Location,
+ Head: head,
+ Body: body,
+ Module: module,
+ generatedBody: true,
+ }, nil
+}
+
+func ParseCompleteDocRuleWithDotsFromTerm(module *Module, term *Term) (*Rule, error) {
+ ref, ok := term.Value.(Ref)
+ if !ok {
+ return nil, fmt.Errorf("%v cannot be used for rule name", ValueName(term.Value))
+ }
+
+ if _, ok := ref[0].Value.(Var); !ok {
+ return nil, fmt.Errorf("invalid rule head: %v", ref)
+ }
+ head := RefHead(ref, BooleanTerm(true).SetLocation(term.Location))
+ head.generatedValue = true
+ head.Location = term.Location
+
+ body := NewBody(NewExpr(BooleanTerm(true).SetLocation(term.Location)).SetLocation(term.Location))
+
+ return &Rule{
+ Location: term.Location,
+ Head: head,
+ Body: body,
+ Module: module,
+ }, nil
+}
+
+// ParsePartialObjectDocRuleFromEqExpr returns a rule if the expression can be
+// interpreted as a partial object document definition.
+func ParsePartialObjectDocRuleFromEqExpr(module *Module, lhs, rhs *Term) (*Rule, error) {
+ ref, ok := lhs.Value.(Ref)
+ if !ok {
+ return nil, fmt.Errorf("%v cannot be used as rule name", ValueName(lhs.Value))
+ }
+
+ if _, ok := ref[0].Value.(Var); !ok {
+ return nil, fmt.Errorf("invalid rule head: %v", ref)
+ }
+
+ head := RefHead(ref, rhs)
+ if len(ref) == 2 { // backcompat for naked `foo.bar = "baz"` statements
+ head.Name = ref[0].Value.(Var)
+ head.Key = ref[1]
+ }
+ head.Location = rhs.Location
+
+ body := NewBody(NewExpr(BooleanTerm(true).SetLocation(rhs.Location)).SetLocation(rhs.Location))
+
+ rule := &Rule{
+ Location: rhs.Location,
+ Head: head,
+ Body: body,
+ Module: module,
+ }
+
+ return rule, nil
+}
+
+// ParsePartialSetDocRuleFromTerm returns a rule if the term can be interpreted
+// as a partial set document definition.
+func ParsePartialSetDocRuleFromTerm(module *Module, term *Term) (*Rule, error) {
+
+ ref, ok := term.Value.(Ref)
+ if !ok || len(ref) == 1 {
+ return nil, fmt.Errorf("%vs cannot be used for rule head", ValueName(term.Value))
+ }
+ if _, ok := ref[0].Value.(Var); !ok {
+ return nil, fmt.Errorf("invalid rule head: %v", ref)
+ }
+
+ head := RefHead(ref)
+ if len(ref) == 2 {
+ v, ok := ref[0].Value.(Var)
+ if !ok {
+ return nil, fmt.Errorf("%vs cannot be used for rule head", ValueName(term.Value))
+ }
+ // Modify the code to add the location to the head ref
+ head = VarHead(v, ref[0].Location, nil)
+ head.Key = ref[1]
+ }
+ head.Location = term.Location
+
+ body := NewBody(NewExpr(BooleanTerm(true).SetLocation(term.Location)).SetLocation(term.Location))
+
+ rule := &Rule{
+ Location: term.Location,
+ Head: head,
+ Body: body,
+ Module: module,
+ }
+
+ return rule, nil
+}
+
+// ParseRuleFromCallEqExpr returns a rule if the term can be interpreted as a
+// function definition (e.g., f(x) = y => f(x) = y { true }).
+func ParseRuleFromCallEqExpr(module *Module, lhs, rhs *Term) (*Rule, error) {
+
+ call, ok := lhs.Value.(Call)
+ if !ok {
+ return nil, errors.New("must be call")
+ }
+
+ ref, ok := call[0].Value.(Ref)
+ if !ok {
+ return nil, fmt.Errorf("%vs cannot be used in function signature", ValueName(call[0].Value))
+ }
+ if _, ok := ref[0].Value.(Var); !ok {
+ return nil, fmt.Errorf("invalid rule head: %v", ref)
+ }
+
+ head := RefHead(ref, rhs)
+ head.Location = lhs.Location
+ head.Args = Args(call[1:])
+
+ body := NewBody(NewExpr(BooleanTerm(true).SetLocation(rhs.Location)).SetLocation(rhs.Location))
+
+ rule := &Rule{
+ Location: lhs.Location,
+ Head: head,
+ Body: body,
+ Module: module,
+ }
+
+ return rule, nil
+}
+
+// ParseRuleFromCallExpr returns a rule if the terms can be interpreted as a
+// function returning true or some value (e.g., f(x) => f(x) = true { true }).
+func ParseRuleFromCallExpr(module *Module, terms []*Term) (*Rule, error) {
+
+ if len(terms) <= 1 {
+ return nil, errors.New("rule argument list must take at least one argument")
+ }
+
+ loc := terms[0].Location
+ ref := terms[0].Value.(Ref)
+ if _, ok := ref[0].Value.(Var); !ok {
+ return nil, fmt.Errorf("invalid rule head: %v", ref)
+ }
+ head := RefHead(ref, BooleanTerm(true).SetLocation(loc))
+ head.Location = loc
+ head.Args = terms[1:]
+
+ body := NewBody(NewExpr(BooleanTerm(true).SetLocation(loc)).SetLocation(loc))
+
+ rule := &Rule{
+ Location: loc,
+ Head: head,
+ Module: module,
+ Body: body,
+ }
+ return rule, nil
+}
+
+// ParseImports returns a slice of Import objects.
+func ParseImports(input string) ([]*Import, error) {
+ stmts, _, err := ParseStatements("", input)
+ if err != nil {
+ return nil, err
+ }
+ result := []*Import{}
+ for _, stmt := range stmts {
+ if imp, ok := stmt.(*Import); ok {
+ result = append(result, imp)
+ } else {
+ return nil, fmt.Errorf("expected import but got %T", stmt)
+ }
+ }
+ return result, nil
+}
+
+// ParseModule returns a parsed Module object.
+// For details on Module objects and their fields, see policy.go.
+// Empty input will return nil, nil.
+func ParseModule(filename, input string) (*Module, error) {
+ return ParseModuleWithOpts(filename, input, ParserOptions{})
+}
+
+// ParseModuleWithOpts returns a parsed Module object, and has an additional input ParserOptions
+// For details on Module objects and their fields, see policy.go.
+// Empty input will return nil, nil.
+func ParseModuleWithOpts(filename, input string, popts ParserOptions) (*Module, error) {
+ stmts, comments, err := ParseStatementsWithOpts(filename, input, popts)
+ if err != nil {
+ return nil, err
+ }
+ return parseModule(filename, stmts, comments, popts.RegoVersion)
+}
+
+// ParseBody returns exactly one body.
+// If multiple bodies are parsed, an error is returned.
+func ParseBody(input string) (Body, error) {
+ return ParseBodyWithOpts(input, ParserOptions{SkipRules: true})
+}
+
+// ParseBodyWithOpts returns exactly one body. It does _not_ set SkipRules: true on its own,
+// but respects whatever ParserOptions it's been given.
+func ParseBodyWithOpts(input string, popts ParserOptions) (Body, error) {
+
+ stmts, _, err := ParseStatementsWithOpts("", input, popts)
+ if err != nil {
+ return nil, err
+ }
+
+ result := Body{}
+
+ for _, stmt := range stmts {
+ switch stmt := stmt.(type) {
+ case Body:
+ for i := range stmt {
+ result.Append(stmt[i])
+ }
+ case *Comment:
+ // skip
+ default:
+ return nil, fmt.Errorf("expected body but got %T", stmt)
+ }
+ }
+
+ return result, nil
+}
+
+// ParseExpr returns exactly one expression.
+// If multiple expressions are parsed, an error is returned.
+func ParseExpr(input string) (*Expr, error) {
+ body, err := ParseBody(input)
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse expression: %w", err)
+ }
+ if len(body) != 1 {
+ return nil, fmt.Errorf("expected exactly one expression but got: %v", body)
+ }
+ return body[0], nil
+}
+
+// ParsePackage returns exactly one Package.
+// If multiple statements are parsed, an error is returned.
+func ParsePackage(input string) (*Package, error) {
+ stmt, err := ParseStatement(input)
+ if err != nil {
+ return nil, err
+ }
+ pkg, ok := stmt.(*Package)
+ if !ok {
+ return nil, fmt.Errorf("expected package but got %T", stmt)
+ }
+ return pkg, nil
+}
+
+// ParseTerm returns exactly one term.
+// If multiple terms are parsed, an error is returned.
+func ParseTerm(input string) (*Term, error) {
+ body, err := ParseBody(input)
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse term: %w", err)
+ }
+ if len(body) != 1 {
+ return nil, fmt.Errorf("expected exactly one term but got: %v", body)
+ }
+ term, ok := body[0].Terms.(*Term)
+ if !ok {
+ return nil, fmt.Errorf("expected term but got %v", body[0].Terms)
+ }
+ return term, nil
+}
+
+// ParseRef returns exactly one reference.
+func ParseRef(input string) (Ref, error) {
+ term, err := ParseTerm(input)
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse ref: %w", err)
+ }
+ ref, ok := term.Value.(Ref)
+ if !ok {
+ return nil, fmt.Errorf("expected ref but got %v", term)
+ }
+ return ref, nil
+}
+
+// ParseRuleWithOpts returns exactly one rule.
+// If multiple rules are parsed, an error is returned.
+func ParseRuleWithOpts(input string, opts ParserOptions) (*Rule, error) {
+ stmts, _, err := ParseStatementsWithOpts("", input, opts)
+ if err != nil {
+ return nil, err
+ }
+ if len(stmts) != 1 {
+ return nil, fmt.Errorf("expected exactly one statement (rule), got %v = %T, %T", stmts, stmts[0], stmts[1])
+ }
+ rule, ok := stmts[0].(*Rule)
+ if !ok {
+ return nil, fmt.Errorf("expected rule but got %T", stmts[0])
+ }
+ return rule, nil
+}
+
+// ParseRule returns exactly one rule.
+// If multiple rules are parsed, an error is returned.
+func ParseRule(input string) (*Rule, error) {
+ return ParseRuleWithOpts(input, ParserOptions{})
+}
+
+// ParseStatement returns exactly one statement.
+// A statement might be a term, expression, rule, etc. Regardless,
+// this function expects *exactly* one statement. If multiple
+// statements are parsed, an error is returned.
+func ParseStatement(input string) (Statement, error) {
+ stmts, _, err := ParseStatements("", input)
+ if err != nil {
+ return nil, err
+ }
+ if len(stmts) != 1 {
+ return nil, errors.New("expected exactly one statement")
+ }
+ return stmts[0], nil
+}
+
+func ParseStatementWithOpts(input string, popts ParserOptions) (Statement, error) {
+ stmts, _, err := ParseStatementsWithOpts("", input, popts)
+ if err != nil {
+ return nil, err
+ }
+ if len(stmts) != 1 {
+ return nil, errors.New("expected exactly one statement")
+ }
+ return stmts[0], nil
+}
+
+// ParseStatements is deprecated. Use ParseStatementWithOpts instead.
+func ParseStatements(filename, input string) ([]Statement, []*Comment, error) {
+ return ParseStatementsWithOpts(filename, input, ParserOptions{})
+}
+
+// ParseStatementsWithOpts returns a slice of parsed statements. This is the
+// default return value from the parser.
+func ParseStatementsWithOpts(filename, input string, popts ParserOptions) ([]Statement, []*Comment, error) {
+
+ parser := NewParser().
+ WithFilename(filename).
+ WithReader(bytes.NewBufferString(input)).
+ WithProcessAnnotation(popts.ProcessAnnotation).
+ WithFutureKeywords(popts.FutureKeywords...).
+ WithAllFutureKeywords(popts.AllFutureKeywords).
+ WithCapabilities(popts.Capabilities).
+ WithSkipRules(popts.SkipRules).
+ WithRegoVersion(popts.RegoVersion).
+ withUnreleasedKeywords(popts.unreleasedKeywords)
+
+ stmts, comments, errs := parser.Parse()
+
+ if len(errs) > 0 {
+ return nil, nil, errs
+ }
+
+ return stmts, comments, nil
+}
+
+func parseModule(filename string, stmts []Statement, comments []*Comment, regoCompatibilityMode RegoVersion) (*Module, error) {
+
+ if len(stmts) == 0 {
+ return nil, NewError(ParseErr, &Location{File: filename}, "empty module")
+ }
+
+ var errs Errors
+
+ pkg, ok := stmts[0].(*Package)
+ if !ok {
+ loc := stmts[0].Loc()
+ errs = append(errs, NewError(ParseErr, loc, "package expected"))
+ }
+
+ mod := &Module{
+ Package: pkg,
+ stmts: stmts,
+ }
+
+ // The comments slice only holds comments that were not their own statements.
+ mod.Comments = append(mod.Comments, comments...)
+
+ if regoCompatibilityMode == RegoUndefined {
+ mod.regoVersion = DefaultRegoVersion
+ } else {
+ mod.regoVersion = regoCompatibilityMode
+ }
+
+ for i, stmt := range stmts[1:] {
+ switch stmt := stmt.(type) {
+ case *Import:
+ mod.Imports = append(mod.Imports, stmt)
+ if mod.regoVersion == RegoV0 && Compare(stmt.Path.Value, RegoV1CompatibleRef) == 0 {
+ mod.regoVersion = RegoV0CompatV1
+ }
+ case *Rule:
+ setRuleModule(stmt, mod)
+ mod.Rules = append(mod.Rules, stmt)
+ case Body:
+ rule, err := ParseRuleFromBody(mod, stmt)
+ if err != nil {
+ errs = append(errs, NewError(ParseErr, stmt[0].Location, err.Error())) //nolint:govet
+ continue
+ }
+ rule.generatedBody = true
+ mod.Rules = append(mod.Rules, rule)
+
+ // NOTE(tsandall): the statement should now be interpreted as a
+ // rule so update the statement list. This is important for the
+ // logic below that associates annotations with statements.
+ stmts[i+1] = rule
+ case *Package:
+ errs = append(errs, NewError(ParseErr, stmt.Loc(), "unexpected package"))
+ case *Annotations:
+ mod.Annotations = append(mod.Annotations, stmt)
+ case *Comment:
+ // Ignore comments, they're handled above.
+ default:
+ panic("illegal value") // Indicates grammar is out-of-sync with code.
+ }
+ }
+
+ if mod.regoVersion == RegoV0CompatV1 || mod.regoVersion == RegoV1 {
+ for _, rule := range mod.Rules {
+ for r := rule; r != nil; r = r.Else {
+ errs = append(errs, CheckRegoV1(r)...)
+ }
+ }
+ }
+
+ if len(errs) > 0 {
+ return nil, errs
+ }
+
+ errs = append(errs, attachAnnotationsNodes(mod)...)
+
+ if len(errs) > 0 {
+ return nil, errs
+ }
+
+ attachRuleAnnotations(mod)
+
+ return mod, nil
+}
+
+func ruleDeclarationHasKeyword(rule *Rule, keyword tokens.Token) bool {
+ return slices.Contains(rule.Head.keywords, keyword)
+}
+
+func newScopeAttachmentErr(a *Annotations, want string) *Error {
+ var have string
+ if a.node != nil {
+ have = fmt.Sprintf(" (have %v)", TypeName(a.node))
+ }
+ return NewError(ParseErr, a.Loc(), "annotation scope '%v' must be applied to %v%v", a.Scope, want, have)
+}
+
+func setRuleModule(rule *Rule, module *Module) {
+ rule.Module = module
+ if rule.Else != nil {
+ setRuleModule(rule.Else, module)
+ }
+}
+
+// ParserErrorDetail holds additional details for parser errors.
+type ParserErrorDetail struct {
+ Line string `json:"line"`
+ Idx int `json:"idx"`
+}
+
+func newParserErrorDetail(bs []byte, offset int) *ParserErrorDetail {
+
+ // Find first non-space character at or before offset position.
+ if offset >= len(bs) {
+ offset = len(bs) - 1
+ } else if offset < 0 {
+ offset = 0
+ }
+
+ for offset > 0 && unicode.IsSpace(rune(bs[offset])) {
+ offset--
+ }
+
+ // Find beginning of line containing offset.
+ begin := offset
+
+ for begin > 0 && !isNewLineChar(bs[begin]) {
+ begin--
+ }
+
+ if isNewLineChar(bs[begin]) {
+ begin++
+ }
+
+ // Find end of line containing offset.
+ end := offset
+
+ for end < len(bs) && !isNewLineChar(bs[end]) {
+ end++
+ }
+
+ if begin > end {
+ begin = end
+ }
+
+ // Extract line and compute index of offset byte in line.
+ line := bs[begin:end]
+ index := offset - begin
+
+ return &ParserErrorDetail{
+ Line: string(line),
+ Idx: index,
+ }
+}
+
+// Lines returns the pretty formatted line output for the error details.
+func (d ParserErrorDetail) Lines() []string {
+ line := strings.TrimLeft(d.Line, "\t") // remove leading tabs
+ tabCount := len(d.Line) - len(line)
+ indent := max(d.Idx-tabCount, 0)
+ return []string{line, strings.Repeat(" ", indent) + "^"}
+}
+
+func isNewLineChar(b byte) bool {
+ return b == '\r' || b == '\n'
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/policy.go b/vendor/github.com/open-policy-agent/opa/v1/ast/policy.go
new file mode 100644
index 0000000000..fd669f1e78
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/policy.go
@@ -0,0 +1,2005 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "slices"
+ "strings"
+
+ "github.com/open-policy-agent/opa/v1/ast/internal/tokens"
+ astJSON "github.com/open-policy-agent/opa/v1/ast/json"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// DefaultRootDocument is the default root document.
+//
+// All package directives inside source files are implicitly prefixed with the
+// DefaultRootDocument value.
+var DefaultRootDocument = VarTerm("data")
+
+// InputRootDocument names the document containing query arguments.
+var InputRootDocument = VarTerm("input")
+
+// SchemaRootDocument names the document containing external data schemas.
+var SchemaRootDocument = VarTerm("schema")
+
+// FunctionArgRootDocument names the document containing function arguments.
+// It's only for internal usage, for referencing function arguments between
+// the index and topdown.
+var FunctionArgRootDocument = VarTerm("args")
+
+// FutureRootDocument names the document containing new, to-become-default,
+// features.
+var FutureRootDocument = VarTerm("future")
+
+// RegoRootDocument names the document containing new, to-become-default,
+// features in a future versioned release.
+var RegoRootDocument = VarTerm("rego")
+
+// RootDocumentNames contains the names of top-level documents that can be
+// referred to in modules and queries.
+//
+// Note, the schema document is not currently implemented in the evaluator so it
+// is not registered as a root document name (yet).
+var RootDocumentNames = NewSet(
+ DefaultRootDocument,
+ InputRootDocument,
+)
+
+// DefaultRootRef is a reference to the root of the default document.
+//
+// All refs to data in the policy engine's storage layer are prefixed with this ref.
+var DefaultRootRef = Ref{DefaultRootDocument}
+
+// InputRootRef is a reference to the root of the input document.
+//
+// All refs to query arguments are prefixed with this ref.
+var InputRootRef = Ref{InputRootDocument}
+
+// SchemaRootRef is a reference to the root of the schema document.
+//
+// All refs to schema documents are prefixed with this ref. Note, the schema
+// document is not currently implemented in the evaluator so it is not
+// registered as a root document ref (yet).
+var SchemaRootRef = Ref{SchemaRootDocument}
+
+// RootDocumentRefs contains the prefixes of top-level documents that all
+// non-local references start with.
+var RootDocumentRefs = NewSet(
+ NewTerm(DefaultRootRef),
+ NewTerm(InputRootRef),
+)
+
+// SystemDocumentKey is the name of the top-level key that identifies the system
+// document.
+const SystemDocumentKey = String("system")
+
+// ReservedVars is the set of names that refer to implicitly ground vars.
+var ReservedVars = NewVarSet(
+ DefaultRootDocument.Value.(Var),
+ InputRootDocument.Value.(Var),
+)
+
+// Wildcard represents the wildcard variable as defined in the language.
+var Wildcard = &Term{Value: Var("_")}
+
+// WildcardPrefix is the special character that all wildcard variables are
+// prefixed with when the statement they are contained in is parsed.
+const WildcardPrefix = "$"
+
+// Keywords contains strings that map to language keywords.
+var Keywords = KeywordsForRegoVersion(DefaultRegoVersion)
+
+var KeywordsV0 = [...]string{
+ "not",
+ "package",
+ "import",
+ "as",
+ "default",
+ "else",
+ "with",
+ "null",
+ "true",
+ "false",
+ "some",
+}
+
+var KeywordsV1 = [...]string{
+ "not",
+ "package",
+ "import",
+ "as",
+ "default",
+ "else",
+ "with",
+ "null",
+ "true",
+ "false",
+ "some",
+ "if",
+ "contains",
+ "in",
+ "every",
+}
+
+func KeywordsForRegoVersion(v RegoVersion) []string {
+ switch v {
+ case RegoV0:
+ return KeywordsV0[:]
+ case RegoV1, RegoV0CompatV1:
+ return KeywordsV1[:]
+ }
+ return nil
+}
+
+// IsKeyword returns true if s is a language keyword.
+func IsKeyword(s string) bool {
+ return IsInKeywords(s, Keywords)
+}
+
+func IsInKeywords(s string, keywords []string) bool {
+ return slices.Contains(keywords, s)
+}
+
+// IsKeywordInRegoVersion returns true if s is a language keyword.
+func IsKeywordInRegoVersion(s string, regoVersion RegoVersion) bool {
+ switch regoVersion {
+ case RegoV0:
+ for _, x := range KeywordsV0 {
+ if x == s {
+ return true
+ }
+ }
+ case RegoV1, RegoV0CompatV1:
+ for _, x := range KeywordsV1 {
+ if x == s {
+ return true
+ }
+ }
+ }
+
+ return false
+}
+
+type (
+ // Node represents a node in an AST. Nodes may be statements in a policy module
+ // or elements of an ad-hoc query, expression, etc.
+ Node interface {
+ fmt.Stringer
+ Loc() *Location
+ SetLoc(*Location)
+ }
+
+ // Statement represents a single statement in a policy module.
+ Statement interface {
+ Node
+ }
+)
+
+type (
+
+ // Module represents a collection of policies (defined by rules)
+ // within a namespace (defined by the package) and optional
+ // dependencies on external documents (defined by imports).
+ Module struct {
+ Package *Package `json:"package"`
+ Imports []*Import `json:"imports,omitempty"`
+ Annotations []*Annotations `json:"annotations,omitempty"`
+ Rules []*Rule `json:"rules,omitempty"`
+ Comments []*Comment `json:"comments,omitempty"`
+ stmts []Statement
+ regoVersion RegoVersion
+ }
+
+ // Comment contains the raw text from the comment in the definition.
+ Comment struct {
+ // TODO: these fields have inconsistent JSON keys with other structs in this package.
+ Text []byte
+ Location *Location
+ }
+
+ // Package represents the namespace of the documents produced
+ // by rules inside the module.
+ Package struct {
+ Path Ref `json:"path"`
+ Location *Location `json:"location,omitempty"`
+ }
+
+ // Import represents a dependency on a document outside of the policy
+ // namespace. Imports are optional.
+ Import struct {
+ Path *Term `json:"path"`
+ Alias Var `json:"alias,omitempty"`
+ Location *Location `json:"location,omitempty"`
+ }
+
+ // Rule represents a rule as defined in the language. Rules define the
+ // content of documents that represent policy decisions.
+ Rule struct {
+ Default bool `json:"default,omitempty"`
+ Head *Head `json:"head"`
+ Body Body `json:"body"`
+ Else *Rule `json:"else,omitempty"`
+ Location *Location `json:"location,omitempty"`
+ Annotations []*Annotations `json:"annotations,omitempty"`
+
+ // Module is a pointer to the module containing this rule. If the rule
+ // was NOT created while parsing/constructing a module, this should be
+ // left unset. The pointer is not included in any standard operations
+ // on the rule (e.g., printing, comparison, visiting, etc.)
+ Module *Module `json:"-"`
+
+ generatedBody bool
+ }
+
+ // Head represents the head of a rule.
+ Head struct {
+ Name Var `json:"name,omitempty"`
+ Reference Ref `json:"ref,omitempty"`
+ Args Args `json:"args,omitempty"`
+ Key *Term `json:"key,omitempty"`
+ Value *Term `json:"value,omitempty"`
+ Assign bool `json:"assign,omitempty"`
+ Location *Location `json:"location,omitempty"`
+
+ keywords []tokens.Token
+ generatedValue bool
+ }
+
+ // Args represents zero or more arguments to a rule.
+ Args []*Term
+
+ // Body represents one or more expressions contained inside a rule or user
+ // function.
+ Body []*Expr
+
+ // Expr represents a single expression contained inside the body of a rule.
+ Expr struct {
+ With []*With `json:"with,omitempty"`
+ Terms any `json:"terms"`
+ Index int `json:"index"`
+ Generated bool `json:"generated,omitempty"`
+ Negated bool `json:"negated,omitempty"`
+ Location *Location `json:"location,omitempty"`
+
+ generatedFrom *Expr
+ generates []*Expr
+ }
+
+ // SomeDecl represents a variable declaration statement. The symbols are variables.
+ SomeDecl struct {
+ Symbols []*Term `json:"symbols"`
+ Location *Location `json:"location,omitempty"`
+ }
+
+ Every struct {
+ Key *Term `json:"key"`
+ Value *Term `json:"value"`
+ Domain *Term `json:"domain"`
+ Body Body `json:"body"`
+ Location *Location `json:"location,omitempty"`
+ }
+
+ // With represents a modifier on an expression.
+ With struct {
+ Target *Term `json:"target"`
+ Value *Term `json:"value"`
+ Location *Location `json:"location,omitempty"`
+ }
+)
+
+// SetModuleRegoVersion sets the RegoVersion for the Module.
+func SetModuleRegoVersion(mod *Module, v RegoVersion) {
+ mod.regoVersion = v
+}
+
+// Compare returns an integer indicating whether mod is less than, equal to,
+// or greater than other.
+func (mod *Module) Compare(other *Module) int {
+ if mod == nil {
+ if other == nil {
+ return 0
+ }
+ return -1
+ } else if other == nil {
+ return 1
+ }
+ if cmp := mod.Package.Compare(other.Package); cmp != 0 {
+ return cmp
+ }
+ if cmp := importsCompare(mod.Imports, other.Imports); cmp != 0 {
+ return cmp
+ }
+ if cmp := annotationsCompare(mod.Annotations, other.Annotations); cmp != 0 {
+ return cmp
+ }
+ return rulesCompare(mod.Rules, other.Rules)
+}
+
+// Copy returns a deep copy of mod.
+func (mod *Module) Copy() *Module {
+ cpy := *mod
+ cpy.Rules = make([]*Rule, len(mod.Rules))
+
+ nodes := make(map[Node]Node, len(mod.Rules)+len(mod.Imports)+1 /* package */)
+
+ for i := range mod.Rules {
+ cpy.Rules[i] = mod.Rules[i].Copy()
+ cpy.Rules[i].Module = &cpy
+ nodes[mod.Rules[i]] = cpy.Rules[i]
+ }
+
+ cpy.Imports = make([]*Import, len(mod.Imports))
+ for i := range mod.Imports {
+ cpy.Imports[i] = mod.Imports[i].Copy()
+ nodes[mod.Imports[i]] = cpy.Imports[i]
+ }
+
+ cpy.Package = mod.Package.Copy()
+ nodes[mod.Package] = cpy.Package
+
+ cpy.Annotations = make([]*Annotations, len(mod.Annotations))
+ for i, a := range mod.Annotations {
+ cpy.Annotations[i] = a.Copy(nodes[a.node])
+ }
+
+ cpy.Comments = make([]*Comment, len(mod.Comments))
+ for i := range mod.Comments {
+ cpy.Comments[i] = mod.Comments[i].Copy()
+ }
+
+ cpy.stmts = make([]Statement, len(mod.stmts))
+ for i := range mod.stmts {
+ cpy.stmts[i] = nodes[mod.stmts[i]]
+ }
+
+ return &cpy
+}
+
+// Equal returns true if mod equals other.
+func (mod *Module) Equal(other *Module) bool {
+ return mod.Compare(other) == 0
+}
+
+func (mod *Module) String() string {
+ byNode := map[Node][]*Annotations{}
+ for _, a := range mod.Annotations {
+ byNode[a.node] = append(byNode[a.node], a)
+ }
+
+ appendAnnotationStrings := func(buf []string, node Node) []string {
+ if as, ok := byNode[node]; ok {
+ for i := range as {
+ buf = append(buf, "# METADATA")
+ buf = append(buf, "# "+as[i].String())
+ }
+ }
+ return buf
+ }
+
+ buf := []string{}
+ buf = appendAnnotationStrings(buf, mod.Package)
+ buf = append(buf, mod.Package.String())
+
+ if len(mod.Imports) > 0 {
+ buf = append(buf, "")
+ for _, imp := range mod.Imports {
+ buf = appendAnnotationStrings(buf, imp)
+ buf = append(buf, imp.String())
+ }
+ }
+ if len(mod.Rules) > 0 {
+ buf = append(buf, "")
+ for _, rule := range mod.Rules {
+ buf = appendAnnotationStrings(buf, rule)
+ buf = append(buf, rule.stringWithOpts(toStringOpts{regoVersion: mod.regoVersion}))
+ }
+ }
+ return strings.Join(buf, "\n")
+}
+
+// RuleSet returns a RuleSet containing named rules in the mod.
+func (mod *Module) RuleSet(name Var) RuleSet {
+ rs := NewRuleSet()
+ for _, rule := range mod.Rules {
+ if rule.Head.Name.Equal(name) {
+ rs.Add(rule)
+ }
+ }
+ return rs
+}
+
+// UnmarshalJSON parses bs and stores the result in mod. The rules in the module
+// will have their module pointer set to mod.
+func (mod *Module) UnmarshalJSON(bs []byte) error {
+
+ // Declare a new type and use a type conversion to avoid recursively calling
+ // Module#UnmarshalJSON.
+ type module Module
+
+ if err := util.UnmarshalJSON(bs, (*module)(mod)); err != nil {
+ return err
+ }
+
+ WalkRules(mod, func(rule *Rule) bool {
+ rule.Module = mod
+ return false
+ })
+
+ return nil
+}
+
+func (mod *Module) regoV1Compatible() bool {
+ return mod.regoVersion == RegoV1 || mod.regoVersion == RegoV0CompatV1
+}
+
+func (mod *Module) RegoVersion() RegoVersion {
+ return mod.regoVersion
+}
+
+// SetRegoVersion sets the RegoVersion for the module.
+// Note: Setting a rego-version that does not match the module's rego-version might have unintended consequences.
+func (mod *Module) SetRegoVersion(v RegoVersion) {
+ mod.regoVersion = v
+}
+
+// NewComment returns a new Comment object.
+func NewComment(text []byte) *Comment {
+ return &Comment{
+ Text: text,
+ }
+}
+
+// Loc returns the location of the comment in the definition.
+func (c *Comment) Loc() *Location {
+ if c == nil {
+ return nil
+ }
+ return c.Location
+}
+
+// SetLoc sets the location on c.
+func (c *Comment) SetLoc(loc *Location) {
+ c.Location = loc
+}
+
+func (c *Comment) String() string {
+ return "#" + string(c.Text)
+}
+
+// Copy returns a deep copy of c.
+func (c *Comment) Copy() *Comment {
+ cpy := *c
+ cpy.Text = make([]byte, len(c.Text))
+ copy(cpy.Text, c.Text)
+ return &cpy
+}
+
+// Equal returns true if this comment equals the other comment.
+// Unlike other equality checks on AST nodes, comment equality
+// depends on location.
+func (c *Comment) Equal(other *Comment) bool {
+ return c.Location.Equal(other.Location) && bytes.Equal(c.Text, other.Text)
+}
+
+// Compare returns an integer indicating whether pkg is less than, equal to,
+// or greater than other.
+func (pkg *Package) Compare(other *Package) int {
+ return termSliceCompare(pkg.Path, other.Path)
+}
+
+// Copy returns a deep copy of pkg.
+func (pkg *Package) Copy() *Package {
+ cpy := *pkg
+ cpy.Path = pkg.Path.Copy()
+ return &cpy
+}
+
+// Equal returns true if pkg is equal to other.
+func (pkg *Package) Equal(other *Package) bool {
+ return pkg.Compare(other) == 0
+}
+
+// Loc returns the location of the Package in the definition.
+func (pkg *Package) Loc() *Location {
+ if pkg == nil {
+ return nil
+ }
+ return pkg.Location
+}
+
+// SetLoc sets the location on pkg.
+func (pkg *Package) SetLoc(loc *Location) {
+ pkg.Location = loc
+}
+
+func (pkg *Package) String() string {
+ if pkg == nil {
+ return ""
+ } else if len(pkg.Path) <= 1 {
+ return fmt.Sprintf("package ", pkg.Path)
+ }
+ // Omit head as all packages have the DefaultRootDocument prepended at parse time.
+ path := make(Ref, len(pkg.Path)-1)
+ path[0] = VarTerm(string(pkg.Path[1].Value.(String)))
+ copy(path[1:], pkg.Path[2:])
+ return fmt.Sprintf("package %v", path)
+}
+
+func (pkg *Package) MarshalJSON() ([]byte, error) {
+ data := map[string]any{
+ "path": pkg.Path,
+ }
+
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.Package {
+ if pkg.Location != nil {
+ data["location"] = pkg.Location
+ }
+ }
+
+ return json.Marshal(data)
+}
+
+// IsValidImportPath returns an error indicating if the import path is invalid.
+// If the import path is valid, err is nil.
+func IsValidImportPath(v Value) (err error) {
+ switch v := v.(type) {
+ case Var:
+ if !v.Equal(DefaultRootDocument.Value) && !v.Equal(InputRootDocument.Value) {
+ return fmt.Errorf("invalid path %v: path must begin with input or data", v)
+ }
+ case Ref:
+ if err := IsValidImportPath(v[0].Value); err != nil {
+ return fmt.Errorf("invalid path %v: path must begin with input or data", v)
+ }
+ for _, e := range v[1:] {
+ if _, ok := e.Value.(String); !ok {
+ return fmt.Errorf("invalid path %v: path elements must be strings", v)
+ }
+ }
+ default:
+ return fmt.Errorf("invalid path %v: path must be ref or var", v)
+ }
+ return nil
+}
+
+// Compare returns an integer indicating whether imp is less than, equal to,
+// or greater than other.
+func (imp *Import) Compare(other *Import) int {
+ if imp == nil {
+ if other == nil {
+ return 0
+ }
+ return -1
+ } else if other == nil {
+ return 1
+ }
+ if cmp := Compare(imp.Path, other.Path); cmp != 0 {
+ return cmp
+ }
+
+ return VarCompare(imp.Alias, other.Alias)
+}
+
+// Copy returns a deep copy of imp.
+func (imp *Import) Copy() *Import {
+ cpy := *imp
+ cpy.Path = imp.Path.Copy()
+ return &cpy
+}
+
+// Equal returns true if imp is equal to other.
+func (imp *Import) Equal(other *Import) bool {
+ return imp.Compare(other) == 0
+}
+
+// Loc returns the location of the Import in the definition.
+func (imp *Import) Loc() *Location {
+ if imp == nil {
+ return nil
+ }
+ return imp.Location
+}
+
+// SetLoc sets the location on imp.
+func (imp *Import) SetLoc(loc *Location) {
+ imp.Location = loc
+}
+
+// Name returns the variable that is used to refer to the imported virtual
+// document. This is the alias if defined otherwise the last element in the
+// path.
+func (imp *Import) Name() Var {
+ if len(imp.Alias) != 0 {
+ return imp.Alias
+ }
+ switch v := imp.Path.Value.(type) {
+ case Var:
+ return v
+ case Ref:
+ if len(v) == 1 {
+ return v[0].Value.(Var)
+ }
+ return Var(v[len(v)-1].Value.(String))
+ }
+ panic("illegal import")
+}
+
+func (imp *Import) String() string {
+ buf := []string{"import", imp.Path.String()}
+ if len(imp.Alias) > 0 {
+ buf = append(buf, "as", imp.Alias.String())
+ }
+ return strings.Join(buf, " ")
+}
+
+func (imp *Import) MarshalJSON() ([]byte, error) {
+ data := map[string]any{
+ "path": imp.Path,
+ }
+
+ if len(imp.Alias) != 0 {
+ data["alias"] = imp.Alias
+ }
+
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.Import {
+ if imp.Location != nil {
+ data["location"] = imp.Location
+ }
+ }
+
+ return json.Marshal(data)
+}
+
+// Compare returns an integer indicating whether rule is less than, equal to,
+// or greater than other.
+func (rule *Rule) Compare(other *Rule) int {
+ if rule == nil {
+ if other == nil {
+ return 0
+ }
+ return -1
+ } else if other == nil {
+ return 1
+ }
+ if cmp := rule.Head.Compare(other.Head); cmp != 0 {
+ return cmp
+ }
+ if rule.Default != other.Default {
+ if !rule.Default {
+ return -1
+ }
+ return 1
+ }
+ if cmp := rule.Body.Compare(other.Body); cmp != 0 {
+ return cmp
+ }
+
+ if cmp := annotationsCompare(rule.Annotations, other.Annotations); cmp != 0 {
+ return cmp
+ }
+
+ return rule.Else.Compare(other.Else)
+}
+
+// Copy returns a deep copy of rule.
+func (rule *Rule) Copy() *Rule {
+ cpy := *rule
+ cpy.Head = rule.Head.Copy()
+ cpy.Body = rule.Body.Copy()
+
+ if len(cpy.Annotations) > 0 {
+ cpy.Annotations = make([]*Annotations, len(rule.Annotations))
+ for i, a := range rule.Annotations {
+ cpy.Annotations[i] = a.Copy(&cpy)
+ }
+ }
+
+ if cpy.Else != nil {
+ cpy.Else = rule.Else.Copy()
+ }
+ return &cpy
+}
+
+// Equal returns true if rule is equal to other.
+func (rule *Rule) Equal(other *Rule) bool {
+ return rule.Compare(other) == 0
+}
+
+// Loc returns the location of the Rule in the definition.
+func (rule *Rule) Loc() *Location {
+ if rule == nil {
+ return nil
+ }
+ return rule.Location
+}
+
+// SetLoc sets the location on rule.
+func (rule *Rule) SetLoc(loc *Location) {
+ rule.Location = loc
+}
+
+// Path returns a ref referring to the document produced by this rule. If rule
+// is not contained in a module, this function panics.
+// Deprecated: Poor handling of ref rules. Use `(*Rule).Ref()` instead.
+func (rule *Rule) Path() Ref {
+ if rule.Module == nil {
+ panic("assertion failed")
+ }
+ return rule.Module.Package.Path.Extend(rule.Head.Ref().GroundPrefix())
+}
+
+// Ref returns a ref referring to the document produced by this rule. If rule
+// is not contained in a module, this function panics. The returned ref may
+// contain variables in the last position.
+func (rule *Rule) Ref() Ref {
+ if rule.Module == nil {
+ panic("assertion failed")
+ }
+ return rule.Module.Package.Path.Extend(rule.Head.Ref())
+}
+
+func (rule *Rule) String() string {
+ regoVersion := DefaultRegoVersion
+ if rule.Module != nil {
+ regoVersion = rule.Module.RegoVersion()
+ }
+ return rule.stringWithOpts(toStringOpts{regoVersion: regoVersion})
+}
+
+type toStringOpts struct {
+ regoVersion RegoVersion
+}
+
+func (o toStringOpts) RegoVersion() RegoVersion {
+ if o.regoVersion == RegoUndefined {
+ return DefaultRegoVersion
+ }
+ return o.regoVersion
+}
+
+func (rule *Rule) stringWithOpts(opts toStringOpts) string {
+ buf := []string{}
+ if rule.Default {
+ buf = append(buf, "default")
+ }
+ buf = append(buf, rule.Head.stringWithOpts(opts))
+ if !rule.Default {
+ switch opts.RegoVersion() {
+ case RegoV1, RegoV0CompatV1:
+ buf = append(buf, "if")
+ }
+ buf = append(buf, "{", rule.Body.String(), "}")
+ }
+ if rule.Else != nil {
+ buf = append(buf, rule.Else.elseString(opts))
+ }
+ return strings.Join(buf, " ")
+}
+
+func (rule *Rule) isFunction() bool {
+ return len(rule.Head.Args) > 0
+}
+
+func (rule *Rule) MarshalJSON() ([]byte, error) {
+ data := map[string]any{
+ "head": rule.Head,
+ "body": rule.Body,
+ }
+
+ if rule.Default {
+ data["default"] = true
+ }
+
+ if rule.Else != nil {
+ data["else"] = rule.Else
+ }
+
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.Rule {
+ if rule.Location != nil {
+ data["location"] = rule.Location
+ }
+ }
+
+ if len(rule.Annotations) != 0 {
+ data["annotations"] = rule.Annotations
+ }
+
+ return json.Marshal(data)
+}
+
+func (rule *Rule) elseString(opts toStringOpts) string {
+ var buf []string
+
+ buf = append(buf, "else")
+
+ value := rule.Head.Value
+ if value != nil {
+ buf = append(buf, "=", value.String())
+ }
+
+ switch opts.RegoVersion() {
+ case RegoV1, RegoV0CompatV1:
+ buf = append(buf, "if")
+ }
+
+ buf = append(buf, "{", rule.Body.String(), "}")
+
+ if rule.Else != nil {
+ buf = append(buf, rule.Else.elseString(opts))
+ }
+
+ return strings.Join(buf, " ")
+}
+
+// NewHead returns a new Head object. If args are provided, the first will be
+// used for the key and the second will be used for the value.
+func NewHead(name Var, args ...*Term) *Head {
+ head := &Head{
+ Name: name, // backcompat
+ Reference: []*Term{NewTerm(name)},
+ }
+ if len(args) == 0 {
+ return head
+ }
+ head.Key = args[0]
+ if len(args) == 1 {
+ return head
+ }
+ head.Value = args[1]
+ if head.Key != nil && head.Value != nil {
+ head.Reference = head.Reference.Append(args[0])
+ }
+ return head
+}
+
+// VarHead creates a head object, initializes its Name and Location and returns the new head.
+// NOTE: The JSON options argument is no longer used, and kept only for backwards compatibility.
+func VarHead(name Var, location *Location, _ *astJSON.Options) *Head {
+ h := NewHead(name)
+ h.Reference[0].Location = location
+ return h
+}
+
+// RefHead returns a new Head object with the passed Ref. If args are provided,
+// the first will be used for the value.
+func RefHead(ref Ref, args ...*Term) *Head {
+ head := &Head{}
+ head.SetRef(ref)
+ if len(ref) < 2 {
+ head.Name = ref[0].Value.(Var)
+ }
+ if len(args) >= 1 {
+ head.Value = args[0]
+ }
+ return head
+}
+
+// DocKind represents the collection of document types that can be produced by rules.
+type DocKind byte
+
+const (
+ // CompleteDoc represents a document that is completely defined by the rule.
+ CompleteDoc = iota
+
+ // PartialSetDoc represents a set document that is partially defined by the rule.
+ PartialSetDoc
+
+ // PartialObjectDoc represents an object document that is partially defined by the rule.
+ PartialObjectDoc
+) // TODO(sr): Deprecate?
+
+// DocKind returns the type of document produced by this rule.
+func (head *Head) DocKind() DocKind {
+ if head.Key != nil {
+ if head.Value != nil {
+ return PartialObjectDoc
+ }
+ return PartialSetDoc
+ } else if head.HasDynamicRef() {
+ return PartialObjectDoc
+ }
+ return CompleteDoc
+}
+
+type RuleKind byte
+
+const (
+ SingleValue = iota
+ MultiValue
+)
+
+// RuleKind returns the type of rule this is
+func (head *Head) RuleKind() RuleKind {
+ // NOTE(sr): This is bit verbose, since the key is irrelevant for single vs
+ // multi value, but as good a spot as to assert the invariant.
+ switch {
+ case head.Value != nil:
+ return SingleValue
+ case head.Key != nil:
+ return MultiValue
+ default:
+ panic("unreachable")
+ }
+}
+
+// Ref returns the Ref of the rule. If it doesn't have one, it's filled in
+// via the Head's Name.
+func (head *Head) Ref() Ref {
+ if len(head.Reference) > 0 {
+ return head.Reference
+ }
+ return Ref{&Term{Value: head.Name}}
+}
+
+// SetRef can be used to set a rule head's Reference
+func (head *Head) SetRef(r Ref) {
+ head.Reference = r
+}
+
+// Compare returns an integer indicating whether head is less than, equal to,
+// or greater than other.
+func (head *Head) Compare(other *Head) int {
+ if head == nil {
+ if other == nil {
+ return 0
+ }
+ return -1
+ } else if other == nil {
+ return 1
+ }
+ if head.Assign && !other.Assign {
+ return -1
+ } else if !head.Assign && other.Assign {
+ return 1
+ }
+ if cmp := Compare(head.Args, other.Args); cmp != 0 {
+ return cmp
+ }
+ if cmp := Compare(head.Reference, other.Reference); cmp != 0 {
+ return cmp
+ }
+ if cmp := VarCompare(head.Name, other.Name); cmp != 0 {
+ return cmp
+ }
+ if cmp := Compare(head.Key, other.Key); cmp != 0 {
+ return cmp
+ }
+ return Compare(head.Value, other.Value)
+}
+
+// Copy returns a deep copy of head.
+func (head *Head) Copy() *Head {
+ cpy := *head
+ cpy.Reference = head.Reference.Copy()
+ cpy.Args = head.Args.Copy()
+ cpy.Key = head.Key.Copy()
+ cpy.Value = head.Value.Copy()
+ cpy.keywords = nil
+ return &cpy
+}
+
+// Equal returns true if this head equals other.
+func (head *Head) Equal(other *Head) bool {
+ return head.Compare(other) == 0
+}
+
+func (head *Head) String() string {
+ return head.stringWithOpts(toStringOpts{})
+}
+
+func (head *Head) stringWithOpts(opts toStringOpts) string {
+ buf := strings.Builder{}
+ buf.WriteString(head.Ref().String())
+ containsAdded := false
+
+ switch {
+ case len(head.Args) != 0:
+ buf.WriteString(head.Args.String())
+ case len(head.Reference) == 1 && head.Key != nil:
+ switch opts.RegoVersion() {
+ case RegoV0:
+ buf.WriteRune('[')
+ buf.WriteString(head.Key.String())
+ buf.WriteRune(']')
+ default:
+ containsAdded = true
+ buf.WriteString(" contains ")
+ buf.WriteString(head.Key.String())
+ }
+ }
+ if head.Value != nil {
+ if head.Assign {
+ buf.WriteString(" := ")
+ } else {
+ buf.WriteString(" = ")
+ }
+ buf.WriteString(head.Value.String())
+ } else if !containsAdded && head.Name == "" && head.Key != nil {
+ buf.WriteString(" contains ")
+ buf.WriteString(head.Key.String())
+ }
+ return buf.String()
+}
+
+func (head *Head) MarshalJSON() ([]byte, error) {
+ var loc *Location
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.Head && head.Location != nil {
+ loc = head.Location
+ }
+
+ // NOTE(sr): we do this to override the rendering of `head.Reference`.
+ // It's still what'll be used via the default means of encoding/json
+ // for unmarshaling a json object into a Head struct!
+ type h Head
+ return json.Marshal(struct {
+ h
+ Ref Ref `json:"ref"`
+ Location *Location `json:"location,omitempty"`
+ }{
+ h: h(*head),
+ Ref: head.Ref(),
+ Location: loc,
+ })
+}
+
+// Vars returns a set of vars found in the head.
+func (head *Head) Vars() VarSet {
+ vis := &VarVisitor{vars: VarSet{}}
+ // TODO: improve test coverage for this.
+ if head.Args != nil {
+ vis.Walk(head.Args)
+ }
+ if head.Key != nil {
+ vis.Walk(head.Key)
+ }
+ if head.Value != nil {
+ vis.Walk(head.Value)
+ }
+ if len(head.Reference) > 0 {
+ vis.Walk(head.Reference[1:])
+ }
+ return vis.vars
+}
+
+// Loc returns the Location of head.
+func (head *Head) Loc() *Location {
+ if head == nil {
+ return nil
+ }
+ return head.Location
+}
+
+// SetLoc sets the location on head.
+func (head *Head) SetLoc(loc *Location) {
+ head.Location = loc
+}
+
+func (head *Head) HasDynamicRef() bool {
+ pos := head.Reference.Dynamic()
+ return pos > 0 && (pos < len(head.Reference))
+}
+
+// Copy returns a deep copy of a.
+func (a Args) Copy() Args {
+ cpy := Args{}
+ for _, t := range a {
+ cpy = append(cpy, t.Copy())
+ }
+ return cpy
+}
+
+func (a Args) String() string {
+ buf := make([]string, 0, len(a))
+ for _, t := range a {
+ buf = append(buf, t.String())
+ }
+ return "(" + strings.Join(buf, ", ") + ")"
+}
+
+// Loc returns the Location of a.
+func (a Args) Loc() *Location {
+ if len(a) == 0 {
+ return nil
+ }
+ return a[0].Location
+}
+
+// SetLoc sets the location on a.
+func (a Args) SetLoc(loc *Location) {
+ if len(a) != 0 {
+ a[0].SetLocation(loc)
+ }
+}
+
+// Vars returns a set of vars that appear in a.
+func (a Args) Vars() VarSet {
+ vis := &VarVisitor{vars: VarSet{}}
+ vis.Walk(a)
+ return vis.vars
+}
+
+// NewBody returns a new Body containing the given expressions. The indices of
+// the immediate expressions will be reset.
+func NewBody(exprs ...*Expr) Body {
+ for i, expr := range exprs {
+ expr.Index = i
+ }
+ return Body(exprs)
+}
+
+// MarshalJSON returns JSON encoded bytes representing body.
+func (body Body) MarshalJSON() ([]byte, error) {
+ // Serialize empty Body to empty array. This handles both the empty case and the
+ // nil case (whereas by default the result would be null if body was nil.)
+ if len(body) == 0 {
+ return []byte(`[]`), nil
+ }
+ ret, err := json.Marshal([]*Expr(body))
+ return ret, err
+}
+
+// Append adds the expr to the body and updates the expr's index accordingly.
+func (body *Body) Append(expr *Expr) {
+ n := len(*body)
+ expr.Index = n
+ *body = append(*body, expr)
+}
+
+// Set sets the expr in the body at the specified position and updates the
+// expr's index accordingly.
+func (body Body) Set(expr *Expr, pos int) {
+ body[pos] = expr
+ expr.Index = pos
+}
+
+// Compare returns an integer indicating whether body is less than, equal to,
+// or greater than other.
+//
+// If body is a subset of other, it is considered less than (and vice versa).
+func (body Body) Compare(other Body) int {
+ minLen := min(len(other), len(body))
+ for i := range minLen {
+ if cmp := body[i].Compare(other[i]); cmp != 0 {
+ return cmp
+ }
+ }
+ if len(body) < len(other) {
+ return -1
+ }
+ if len(other) < len(body) {
+ return 1
+ }
+ return 0
+}
+
+// Copy returns a deep copy of body.
+func (body Body) Copy() Body {
+ cpy := make(Body, len(body))
+ for i := range body {
+ cpy[i] = body[i].Copy()
+ }
+ return cpy
+}
+
+// Contains returns true if this body contains the given expression.
+func (body Body) Contains(x *Expr) bool {
+ return slices.ContainsFunc(body, x.Equal)
+}
+
+// Equal returns true if this Body is equal to the other Body.
+func (body Body) Equal(other Body) bool {
+ return body.Compare(other) == 0
+}
+
+// Hash returns the hash code for the Body.
+func (body Body) Hash() int {
+ s := 0
+ for _, e := range body {
+ s += e.Hash()
+ }
+ return s
+}
+
+// IsGround returns true if all of the expressions in the Body are ground.
+func (body Body) IsGround() bool {
+ for _, e := range body {
+ if !e.IsGround() {
+ return false
+ }
+ }
+ return true
+}
+
+// Loc returns the location of the Body in the definition.
+func (body Body) Loc() *Location {
+ if len(body) == 0 {
+ return nil
+ }
+ return body[0].Location
+}
+
+// SetLoc sets the location on body.
+func (body Body) SetLoc(loc *Location) {
+ if len(body) != 0 {
+ body[0].SetLocation(loc)
+ }
+}
+
+func (body Body) String() string {
+ buf := make([]string, 0, len(body))
+ for _, v := range body {
+ buf = append(buf, v.String())
+ }
+ return strings.Join(buf, "; ")
+}
+
+// Vars returns a VarSet containing variables in body. The params can be set to
+// control which vars are included.
+func (body Body) Vars(params VarVisitorParams) VarSet {
+ vis := NewVarVisitor().WithParams(params)
+ vis.Walk(body)
+ return vis.Vars()
+}
+
+// NewExpr returns a new Expr object.
+func NewExpr(terms any) *Expr {
+ switch terms.(type) {
+ case *SomeDecl, *Every, *Term, []*Term: // ok
+ default:
+ panic("unreachable")
+ }
+ return &Expr{
+ Negated: false,
+ Terms: terms,
+ Index: 0,
+ With: nil,
+ }
+}
+
+// Complement returns a copy of this expression with the negation flag flipped.
+func (expr *Expr) Complement() *Expr {
+ cpy := *expr
+ cpy.Negated = !cpy.Negated
+ return &cpy
+}
+
+// ComplementNoWith returns a copy of this expression with the negation flag flipped
+// and the with modifier removed. This is the same as calling .Complement().NoWith()
+// but without making an intermediate copy.
+func (expr *Expr) ComplementNoWith() *Expr {
+ cpy := *expr
+ cpy.Negated = !cpy.Negated
+ cpy.With = nil
+ return &cpy
+}
+
+// Equal returns true if this Expr equals the other Expr.
+func (expr *Expr) Equal(other *Expr) bool {
+ return expr.Compare(other) == 0
+}
+
+// Compare returns an integer indicating whether expr is less than, equal to,
+// or greater than other.
+//
+// Expressions are compared as follows:
+//
+// 1. Declarations are always less than other expressions.
+// 2. Preceding expression (by Index) is always less than the other expression.
+// 3. Non-negated expressions are always less than negated expressions.
+// 4. Single term expressions are always less than built-in expressions.
+//
+// Otherwise, the expression terms are compared normally. If both expressions
+// have the same terms, the modifiers are compared.
+func (expr *Expr) Compare(other *Expr) int {
+
+ if expr == nil {
+ if other == nil {
+ return 0
+ }
+ return -1
+ } else if other == nil {
+ return 1
+ }
+
+ o1 := expr.sortOrder()
+ o2 := other.sortOrder()
+ if o1 < o2 {
+ return -1
+ } else if o2 < o1 {
+ return 1
+ }
+
+ switch {
+ case expr.Index < other.Index:
+ return -1
+ case expr.Index > other.Index:
+ return 1
+ }
+
+ switch {
+ case expr.Negated && !other.Negated:
+ return 1
+ case !expr.Negated && other.Negated:
+ return -1
+ }
+
+ switch t := expr.Terms.(type) {
+ case *Term:
+ if cmp := Compare(t.Value, other.Terms.(*Term).Value); cmp != 0 {
+ return cmp
+ }
+ case []*Term:
+ if cmp := termSliceCompare(t, other.Terms.([]*Term)); cmp != 0 {
+ return cmp
+ }
+ case *SomeDecl:
+ if cmp := Compare(t, other.Terms.(*SomeDecl)); cmp != 0 {
+ return cmp
+ }
+ case *Every:
+ if cmp := Compare(t, other.Terms.(*Every)); cmp != 0 {
+ return cmp
+ }
+ }
+
+ return withSliceCompare(expr.With, other.With)
+}
+
+func (expr *Expr) sortOrder() int {
+ switch expr.Terms.(type) {
+ case *SomeDecl:
+ return 0
+ case *Term:
+ return 1
+ case []*Term:
+ return 2
+ case *Every:
+ return 3
+ }
+ return -1
+}
+
+// CopyWithoutTerms returns a deep copy of expr without its Terms
+func (expr *Expr) CopyWithoutTerms() *Expr {
+ cpy := *expr
+
+ if expr.With != nil {
+ cpy.With = make([]*With, len(expr.With))
+ for i := range expr.With {
+ cpy.With[i] = expr.With[i].Copy()
+ }
+ }
+
+ return &cpy
+}
+
+// Copy returns a deep copy of expr.
+func (expr *Expr) Copy() *Expr {
+
+ cpy := expr.CopyWithoutTerms()
+
+ switch ts := expr.Terms.(type) {
+ case *SomeDecl:
+ cpy.Terms = ts.Copy()
+ case []*Term:
+ cpy.Terms = termSliceCopy(ts)
+ case *Term:
+ cpy.Terms = ts.Copy()
+ case *Every:
+ cpy.Terms = ts.Copy()
+ }
+
+ return cpy
+}
+
+// Hash returns the hash code of the Expr.
+func (expr *Expr) Hash() int {
+ s := expr.Index
+ switch ts := expr.Terms.(type) {
+ case *SomeDecl:
+ s += ts.Hash()
+ case []*Term:
+ for _, t := range ts {
+ s += t.Value.Hash()
+ }
+ case *Term:
+ s += ts.Value.Hash()
+ }
+ if expr.Negated {
+ s++
+ }
+ for _, w := range expr.With {
+ s += w.Hash()
+ }
+ return s
+}
+
+// IncludeWith returns a copy of expr with the with modifier appended.
+func (expr *Expr) IncludeWith(target *Term, value *Term) *Expr {
+ cpy := *expr
+ cpy.With = append(cpy.With, &With{Target: target, Value: value})
+ return &cpy
+}
+
+// NoWith returns a copy of expr where the with modifier has been removed.
+func (expr *Expr) NoWith() *Expr {
+ cpy := *expr
+ cpy.With = nil
+ return &cpy
+}
+
+// IsEquality returns true if this is an equality expression.
+func (expr *Expr) IsEquality() bool {
+ return isGlobalBuiltin(expr, Var(Equality.Name))
+}
+
+// IsAssignment returns true if this an assignment expression.
+func (expr *Expr) IsAssignment() bool {
+ return isGlobalBuiltin(expr, Var(Assign.Name))
+}
+
+// IsCall returns true if this expression calls a function.
+func (expr *Expr) IsCall() bool {
+ _, ok := expr.Terms.([]*Term)
+ return ok
+}
+
+// IsEvery returns true if this expression is an 'every' expression.
+func (expr *Expr) IsEvery() bool {
+ _, ok := expr.Terms.(*Every)
+ return ok
+}
+
+// IsSome returns true if this expression is a 'some' expression.
+func (expr *Expr) IsSome() bool {
+ _, ok := expr.Terms.(*SomeDecl)
+ return ok
+}
+
+// Operator returns the name of the function or built-in this expression refers
+// to. If this expression is not a function call, returns nil.
+func (expr *Expr) Operator() Ref {
+ op := expr.OperatorTerm()
+ if op == nil {
+ return nil
+ }
+ return op.Value.(Ref)
+}
+
+// OperatorTerm returns the name of the function or built-in this expression
+// refers to. If this expression is not a function call, returns nil.
+func (expr *Expr) OperatorTerm() *Term {
+ terms, ok := expr.Terms.([]*Term)
+ if !ok || len(terms) == 0 {
+ return nil
+ }
+ return terms[0]
+}
+
+// Operand returns the term at the zero-based pos. If the expr does not include
+// at least pos+1 terms, this function returns nil.
+func (expr *Expr) Operand(pos int) *Term {
+ terms, ok := expr.Terms.([]*Term)
+ if !ok {
+ return nil
+ }
+ idx := pos + 1
+ if idx < len(terms) {
+ return terms[idx]
+ }
+ return nil
+}
+
+// Operands returns the built-in function operands.
+func (expr *Expr) Operands() []*Term {
+ terms, ok := expr.Terms.([]*Term)
+ if !ok {
+ return nil
+ }
+ return terms[1:]
+}
+
+// IsGround returns true if all of the expression terms are ground.
+func (expr *Expr) IsGround() bool {
+ switch ts := expr.Terms.(type) {
+ case []*Term:
+ for _, t := range ts[1:] {
+ if !t.IsGround() {
+ return false
+ }
+ }
+ case *Term:
+ return ts.IsGround()
+ }
+ return true
+}
+
+// SetOperator sets the expr's operator and returns the expr itself. If expr is
+// not a call expr, this function will panic.
+func (expr *Expr) SetOperator(term *Term) *Expr {
+ expr.Terms.([]*Term)[0] = term
+ return expr
+}
+
+// SetLocation sets the expr's location and returns the expr itself.
+func (expr *Expr) SetLocation(loc *Location) *Expr {
+ expr.Location = loc
+ return expr
+}
+
+// Loc returns the Location of expr.
+func (expr *Expr) Loc() *Location {
+ if expr == nil {
+ return nil
+ }
+ return expr.Location
+}
+
+// SetLoc sets the location on expr.
+func (expr *Expr) SetLoc(loc *Location) {
+ expr.SetLocation(loc)
+}
+
+func (expr *Expr) String() string {
+ buf := make([]string, 0, 2+len(expr.With))
+ if expr.Negated {
+ buf = append(buf, "not")
+ }
+ switch t := expr.Terms.(type) {
+ case []*Term:
+ if expr.IsEquality() && validEqAssignArgCount(expr) {
+ buf = append(buf, fmt.Sprintf("%v %v %v", t[1], Equality.Infix, t[2]))
+ } else {
+ buf = append(buf, Call(t).String())
+ }
+ case fmt.Stringer:
+ buf = append(buf, t.String())
+ }
+
+ for i := range expr.With {
+ buf = append(buf, expr.With[i].String())
+ }
+
+ return strings.Join(buf, " ")
+}
+
+func (expr *Expr) MarshalJSON() ([]byte, error) {
+ data := map[string]any{
+ "terms": expr.Terms,
+ "index": expr.Index,
+ }
+
+ if len(expr.With) > 0 {
+ data["with"] = expr.With
+ }
+
+ if expr.Generated {
+ data["generated"] = true
+ }
+
+ if expr.Negated {
+ data["negated"] = true
+ }
+
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.Expr {
+ if expr.Location != nil {
+ data["location"] = expr.Location
+ }
+ }
+
+ return json.Marshal(data)
+}
+
+// UnmarshalJSON parses the byte array and stores the result in expr.
+func (expr *Expr) UnmarshalJSON(bs []byte) error {
+ v := map[string]any{}
+ if err := util.UnmarshalJSON(bs, &v); err != nil {
+ return err
+ }
+ return unmarshalExpr(expr, v)
+}
+
+// Vars returns a VarSet containing variables in expr. The params can be set to
+// control which vars are included.
+func (expr *Expr) Vars(params VarVisitorParams) VarSet {
+ vis := NewVarVisitor().WithParams(params)
+ vis.Walk(expr)
+ return vis.Vars()
+}
+
+// NewBuiltinExpr creates a new Expr object with the supplied terms.
+// The builtin operator must be the first term.
+func NewBuiltinExpr(terms ...*Term) *Expr {
+ return &Expr{Terms: terms}
+}
+
+func (expr *Expr) CogeneratedExprs() []*Expr {
+ visited := map[*Expr]struct{}{}
+ visitCogeneratedExprs(expr, func(e *Expr) bool {
+ if expr.Equal(e) {
+ return true
+ }
+ if _, ok := visited[e]; ok {
+ return true
+ }
+ visited[e] = struct{}{}
+ return false
+ })
+
+ result := make([]*Expr, 0, len(visited))
+ for e := range visited {
+ result = append(result, e)
+ }
+ return result
+}
+
+func (expr *Expr) BaseCogeneratedExpr() *Expr {
+ if expr.generatedFrom == nil {
+ return expr
+ }
+ return expr.generatedFrom.BaseCogeneratedExpr()
+}
+
+func visitCogeneratedExprs(expr *Expr, f func(*Expr) bool) {
+ if parent := expr.generatedFrom; parent != nil {
+ if stop := f(parent); !stop {
+ visitCogeneratedExprs(parent, f)
+ }
+ }
+ for _, child := range expr.generates {
+ if stop := f(child); !stop {
+ visitCogeneratedExprs(child, f)
+ }
+ }
+}
+
+func (d *SomeDecl) String() string {
+ if call, ok := d.Symbols[0].Value.(Call); ok {
+ if len(call) == 4 {
+ return "some " + call[1].String() + ", " + call[2].String() + " in " + call[3].String()
+ }
+ return "some " + call[1].String() + " in " + call[2].String()
+ }
+ buf := make([]string, len(d.Symbols))
+ for i := range buf {
+ buf[i] = d.Symbols[i].String()
+ }
+ return "some " + strings.Join(buf, ", ")
+}
+
+// SetLoc sets the Location on d.
+func (d *SomeDecl) SetLoc(loc *Location) {
+ d.Location = loc
+}
+
+// Loc returns the Location of d.
+func (d *SomeDecl) Loc() *Location {
+ return d.Location
+}
+
+// Copy returns a deep copy of d.
+func (d *SomeDecl) Copy() *SomeDecl {
+ cpy := *d
+ cpy.Symbols = termSliceCopy(d.Symbols)
+ return &cpy
+}
+
+// Compare returns an integer indicating whether d is less than, equal to, or
+// greater than other.
+func (d *SomeDecl) Compare(other *SomeDecl) int {
+ return termSliceCompare(d.Symbols, other.Symbols)
+}
+
+// Hash returns a hash code of d.
+func (d *SomeDecl) Hash() int {
+ return termSliceHash(d.Symbols)
+}
+
+func (d *SomeDecl) MarshalJSON() ([]byte, error) {
+ data := map[string]any{
+ "symbols": d.Symbols,
+ }
+
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.SomeDecl {
+ if d.Location != nil {
+ data["location"] = d.Location
+ }
+ }
+
+ return json.Marshal(data)
+}
+
+func (q *Every) String() string {
+ if q.Key != nil {
+ return fmt.Sprintf("every %s, %s in %s { %s }",
+ q.Key,
+ q.Value,
+ q.Domain,
+ q.Body)
+ }
+ return fmt.Sprintf("every %s in %s { %s }",
+ q.Value,
+ q.Domain,
+ q.Body)
+}
+
+func (q *Every) Loc() *Location {
+ return q.Location
+}
+
+func (q *Every) SetLoc(l *Location) {
+ q.Location = l
+}
+
+// Copy returns a deep copy of d.
+func (q *Every) Copy() *Every {
+ cpy := *q
+ cpy.Key = q.Key.Copy()
+ cpy.Value = q.Value.Copy()
+ cpy.Domain = q.Domain.Copy()
+ cpy.Body = q.Body.Copy()
+ return &cpy
+}
+
+func (q *Every) Compare(other *Every) int {
+ for _, terms := range [][2]*Term{
+ {q.Key, other.Key},
+ {q.Value, other.Value},
+ {q.Domain, other.Domain},
+ } {
+ if d := Compare(terms[0], terms[1]); d != 0 {
+ return d
+ }
+ }
+ return q.Body.Compare(other.Body)
+}
+
+// KeyValueVars returns the key and val arguments of an `every`
+// expression, if they are non-nil and not wildcards.
+func (q *Every) KeyValueVars() VarSet {
+ vis := &VarVisitor{vars: VarSet{}}
+ if q.Key != nil {
+ vis.Walk(q.Key)
+ }
+ vis.Walk(q.Value)
+ return vis.vars
+}
+
+func (q *Every) MarshalJSON() ([]byte, error) {
+ data := map[string]any{
+ "key": q.Key,
+ "value": q.Value,
+ "domain": q.Domain,
+ "body": q.Body,
+ }
+
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.Every {
+ if q.Location != nil {
+ data["location"] = q.Location
+ }
+ }
+
+ return json.Marshal(data)
+}
+
+func (w *With) String() string {
+ return "with " + w.Target.String() + " as " + w.Value.String()
+}
+
+// Equal returns true if this With is equals the other With.
+func (w *With) Equal(other *With) bool {
+ return Compare(w, other) == 0
+}
+
+// Compare returns an integer indicating whether w is less than, equal to, or
+// greater than other.
+func (w *With) Compare(other *With) int {
+ if w == nil {
+ if other == nil {
+ return 0
+ }
+ return -1
+ } else if other == nil {
+ return 1
+ }
+ if cmp := Compare(w.Target, other.Target); cmp != 0 {
+ return cmp
+ }
+ return Compare(w.Value, other.Value)
+}
+
+// Copy returns a deep copy of w.
+func (w *With) Copy() *With {
+ cpy := *w
+ cpy.Value = w.Value.Copy()
+ cpy.Target = w.Target.Copy()
+ return &cpy
+}
+
+// Hash returns the hash code of the With.
+func (w With) Hash() int {
+ return w.Target.Hash() + w.Value.Hash()
+}
+
+// SetLocation sets the location on w.
+func (w *With) SetLocation(loc *Location) *With {
+ w.Location = loc
+ return w
+}
+
+// Loc returns the Location of w.
+func (w *With) Loc() *Location {
+ if w == nil {
+ return nil
+ }
+ return w.Location
+}
+
+// SetLoc sets the location on w.
+func (w *With) SetLoc(loc *Location) {
+ w.Location = loc
+}
+
+func (w *With) MarshalJSON() ([]byte, error) {
+ data := map[string]any{
+ "target": w.Target,
+ "value": w.Value,
+ }
+
+ if astJSON.GetOptions().MarshalOptions.IncludeLocation.With {
+ if w.Location != nil {
+ data["location"] = w.Location
+ }
+ }
+
+ return json.Marshal(data)
+}
+
+// Copy returns a deep copy of the AST node x. If x is not an AST node, x is returned unmodified.
+func Copy(x any) any {
+ switch x := x.(type) {
+ case *Module:
+ return x.Copy()
+ case *Package:
+ return x.Copy()
+ case *Import:
+ return x.Copy()
+ case *Rule:
+ return x.Copy()
+ case *Head:
+ return x.Copy()
+ case Args:
+ return x.Copy()
+ case Body:
+ return x.Copy()
+ case *Expr:
+ return x.Copy()
+ case *With:
+ return x.Copy()
+ case *SomeDecl:
+ return x.Copy()
+ case *Every:
+ return x.Copy()
+ case *Term:
+ return x.Copy()
+ case *ArrayComprehension:
+ return x.Copy()
+ case *SetComprehension:
+ return x.Copy()
+ case *ObjectComprehension:
+ return x.Copy()
+ case Set:
+ return x.Copy()
+ case *object:
+ return x.Copy()
+ case *Array:
+ return x.Copy()
+ case Ref:
+ return x.Copy()
+ case Call:
+ return x.Copy()
+ case *Comment:
+ return x.Copy()
+ }
+ return x
+}
+
+// RuleSet represents a collection of rules that produce a virtual document.
+type RuleSet []*Rule
+
+// NewRuleSet returns a new RuleSet containing the given rules.
+func NewRuleSet(rules ...*Rule) RuleSet {
+ rs := make(RuleSet, 0, len(rules))
+ for _, rule := range rules {
+ rs.Add(rule)
+ }
+ return rs
+}
+
+// Add inserts the rule into rs.
+func (rs *RuleSet) Add(rule *Rule) {
+ for _, exist := range *rs {
+ if exist.Equal(rule) {
+ return
+ }
+ }
+ *rs = append(*rs, rule)
+}
+
+// Contains returns true if rs contains rule.
+func (rs RuleSet) Contains(rule *Rule) bool {
+ for i := range rs {
+ if rs[i].Equal(rule) {
+ return true
+ }
+ }
+ return false
+}
+
+// Diff returns a new RuleSet containing rules in rs that are not in other.
+func (rs RuleSet) Diff(other RuleSet) RuleSet {
+ result := NewRuleSet()
+ for i := range rs {
+ if !other.Contains(rs[i]) {
+ result.Add(rs[i])
+ }
+ }
+ return result
+}
+
+// Equal returns true if rs equals other.
+func (rs RuleSet) Equal(other RuleSet) bool {
+ return len(rs.Diff(other)) == 0 && len(other.Diff(rs)) == 0
+}
+
+// Merge returns a ruleset containing the union of rules from rs an other.
+func (rs RuleSet) Merge(other RuleSet) RuleSet {
+ result := NewRuleSet()
+ for i := range rs {
+ result.Add(rs[i])
+ }
+ for i := range other {
+ result.Add(other[i])
+ }
+ return result
+}
+
+func (rs RuleSet) String() string {
+ buf := make([]string, 0, len(rs))
+ for _, rule := range rs {
+ buf = append(buf, rule.String())
+ }
+ return "{" + strings.Join(buf, ", ") + "}"
+}
+
+// Returns true if the equality or assignment expression referred to by expr
+// has a valid number of arguments.
+func validEqAssignArgCount(expr *Expr) bool {
+ return len(expr.Operands()) == 2
+}
+
+// this function checks if the expr refers to a non-namespaced (global) built-in
+// function like eq, gt, plus, etc.
+func isGlobalBuiltin(expr *Expr, name Var) bool {
+ terms, ok := expr.Terms.([]*Term)
+ if !ok {
+ return false
+ }
+
+ // NOTE(tsandall): do not use Term#Equal or Value#Compare to avoid
+ // allocation here.
+ ref, ok := terms[0].Value.(Ref)
+ if !ok || len(ref) != 1 {
+ return false
+ }
+ if head, ok := ref[0].Value.(Var); ok {
+ return head.Equal(name)
+ }
+ return false
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/pretty.go b/vendor/github.com/open-policy-agent/opa/v1/ast/pretty.go
new file mode 100644
index 0000000000..aa34f37471
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/pretty.go
@@ -0,0 +1,82 @@
+// Copyright 2018 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "fmt"
+ "io"
+ "strings"
+)
+
+// Pretty writes a pretty representation of the AST rooted at x to w.
+//
+// This is function is intended for debug purposes when inspecting ASTs.
+func Pretty(w io.Writer, x any) {
+ pp := &prettyPrinter{
+ depth: -1,
+ w: w,
+ }
+ NewBeforeAfterVisitor(pp.Before, pp.After).Walk(x)
+}
+
+type prettyPrinter struct {
+ depth int
+ w io.Writer
+}
+
+func (pp *prettyPrinter) Before(x any) bool {
+ switch x.(type) {
+ case *Term:
+ default:
+ pp.depth++
+ }
+
+ switch x := x.(type) {
+ case *Term:
+ return false
+ case Args:
+ if len(x) == 0 {
+ return false
+ }
+ pp.writeType(x)
+ case *Expr:
+ extras := []string{}
+ if x.Negated {
+ extras = append(extras, "negated")
+ }
+ extras = append(extras, fmt.Sprintf("index=%d", x.Index))
+ pp.writeIndent("%v %v", TypeName(x), strings.Join(extras, " "))
+ case Null, Boolean, Number, String, Var:
+ pp.writeValue(x)
+ default:
+ pp.writeType(x)
+ }
+ return false
+}
+
+func (pp *prettyPrinter) After(x any) {
+ switch x.(type) {
+ case *Term:
+ default:
+ pp.depth--
+ }
+}
+
+func (pp *prettyPrinter) writeValue(x any) {
+ pp.writeIndent(fmt.Sprint(x))
+}
+
+func (pp *prettyPrinter) writeType(x any) {
+ pp.writeIndent(TypeName(x))
+}
+
+func (pp *prettyPrinter) writeIndent(f string, a ...any) {
+ pad := strings.Repeat(" ", pp.depth)
+ pp.write(pad+f, a...)
+}
+
+func (pp *prettyPrinter) write(f string, a ...any) {
+ fmt.Fprintf(pp.w, f+"\n", a...)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/rego_v1.go b/vendor/github.com/open-policy-agent/opa/v1/ast/rego_v1.go
similarity index 89%
rename from vendor/github.com/open-policy-agent/opa/ast/rego_v1.go
rename to vendor/github.com/open-policy-agent/opa/v1/ast/rego_v1.go
index b64dfce7be..883e026e19 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/rego_v1.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/rego_v1.go
@@ -3,7 +3,7 @@ package ast
import (
"fmt"
- "github.com/open-policy-agent/opa/ast/internal/tokens"
+ "github.com/open-policy-agent/opa/v1/ast/internal/tokens"
)
func checkDuplicateImports(modules []*Module) (errors Errors) {
@@ -23,7 +23,7 @@ func checkDuplicateImports(modules []*Module) (errors Errors) {
return
}
-func checkRootDocumentOverrides(node interface{}) Errors {
+func checkRootDocumentOverrides(node any) Errors {
errors := Errors{}
WalkRules(node, func(rule *Rule) bool {
@@ -64,8 +64,8 @@ func checkRootDocumentOverrides(node interface{}) Errors {
return errors
}
-func walkCalls(node interface{}, f func(interface{}) bool) {
- vis := &GenericVisitor{func(x interface{}) bool {
+func walkCalls(node any, f func(any) bool) {
+ vis := &GenericVisitor{func(x any) bool {
switch x := x.(type) {
case Call:
return f(x)
@@ -82,10 +82,10 @@ func walkCalls(node interface{}, f func(interface{}) bool) {
vis.Walk(node)
}
-func checkDeprecatedBuiltins(deprecatedBuiltinsMap map[string]struct{}, node interface{}) Errors {
+func checkDeprecatedBuiltins(deprecatedBuiltinsMap map[string]struct{}, node any) Errors {
errs := make(Errors, 0)
- walkCalls(node, func(x interface{}) bool {
+ walkCalls(node, func(x any) bool {
var operator string
var loc *Location
@@ -113,7 +113,7 @@ func checkDeprecatedBuiltins(deprecatedBuiltinsMap map[string]struct{}, node int
return errs
}
-func checkDeprecatedBuiltinsForCurrentVersion(node interface{}) Errors {
+func checkDeprecatedBuiltinsForCurrentVersion(node any) Errors {
deprecatedBuiltins := make(map[string]struct{})
capabilities := CapabilitiesForThisVersion()
for _, bi := range capabilities.Builtins {
@@ -150,11 +150,11 @@ func NewRegoCheckOptions() RegoCheckOptions {
// CheckRegoV1 checks the given module or rule for errors that are specific to Rego v1.
// Passing something other than an *ast.Rule or *ast.Module is considered a programming error, and will cause a panic.
-func CheckRegoV1(x interface{}) Errors {
+func CheckRegoV1(x any) Errors {
return CheckRegoV1WithOptions(x, NewRegoCheckOptions())
}
-func CheckRegoV1WithOptions(x interface{}, opts RegoCheckOptions) Errors {
+func CheckRegoV1WithOptions(x any, opts RegoCheckOptions) Errors {
switch x := x.(type) {
case *Module:
return checkRegoV1Module(x, opts)
@@ -192,7 +192,7 @@ func checkRegoV1Rule(rule *Rule, opts RegoCheckOptions) Errors {
var errs Errors
if opts.NoKeywordsAsRuleNames && IsKeywordInRegoVersion(rule.Head.Name.String(), RegoV1) {
- errs = append(errs, NewError(ParseErr, rule.Location, fmt.Sprintf("%s keyword cannot be used for rule name", rule.Head.Name.String())))
+ errs = append(errs, NewError(ParseErr, rule.Location, "%s keyword cannot be used for rule name", rule.Head.Name.String()))
}
if opts.RequireRuleBodyOrValue && rule.generatedBody && rule.Head.generatedValue {
errs = append(errs, NewError(ParseErr, rule.Location, "%s must have value assignment and/or body declaration", t))
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/schema.go b/vendor/github.com/open-policy-agent/opa/v1/ast/schema.go
new file mode 100644
index 0000000000..3f9e2001d5
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/schema.go
@@ -0,0 +1,54 @@
+// Copyright 2021 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "fmt"
+
+ "github.com/open-policy-agent/opa/v1/types"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// SchemaSet holds a map from a path to a schema.
+type SchemaSet struct {
+ m *util.HasherMap[Ref, any]
+}
+
+// NewSchemaSet returns an empty SchemaSet.
+func NewSchemaSet() *SchemaSet {
+ return &SchemaSet{
+ m: util.NewHasherMap[Ref, any](RefEqual),
+ }
+}
+
+// Put inserts a raw schema into the set.
+func (ss *SchemaSet) Put(path Ref, raw any) {
+ ss.m.Put(path, raw)
+}
+
+// Get returns the raw schema identified by the path.
+func (ss *SchemaSet) Get(path Ref) any {
+ if ss != nil {
+ if x, ok := ss.m.Get(path); ok {
+ return x
+ }
+ }
+ return nil
+}
+
+func loadSchema(raw any, allowNet []string) (types.Type, error) {
+
+ jsonSchema, err := compileSchema(raw, allowNet)
+ if err != nil {
+ return nil, err
+ }
+
+ tpe, err := newSchemaParser().parseSchema(jsonSchema.RootSchema)
+ if err != nil {
+ return nil, fmt.Errorf("type checking: %w", err)
+ }
+
+ return tpe, nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/strings.go b/vendor/github.com/open-policy-agent/opa/v1/ast/strings.go
new file mode 100644
index 0000000000..8447522412
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/strings.go
@@ -0,0 +1,54 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "reflect"
+ "strings"
+)
+
+// TypeName returns a human readable name for the AST element type.
+func TypeName(x any) string {
+ if _, ok := x.(*lazyObj); ok {
+ return "object"
+ }
+ return strings.ToLower(reflect.Indirect(reflect.ValueOf(x)).Type().Name())
+}
+
+// ValueName returns a human readable name for the AST Value type.
+// This is preferrable over calling TypeName when the argument is known to be
+// a Value, as this doesn't require reflection (= heap allocations).
+func ValueName(x Value) string {
+ switch x.(type) {
+ case String:
+ return "string"
+ case Boolean:
+ return "boolean"
+ case Number:
+ return "number"
+ case Null:
+ return "null"
+ case Var:
+ return "var"
+ case Object:
+ return "object"
+ case Set:
+ return "set"
+ case Ref:
+ return "ref"
+ case Call:
+ return "call"
+ case *Array:
+ return "array"
+ case *ArrayComprehension:
+ return "arraycomprehension"
+ case *ObjectComprehension:
+ return "objectcomprehension"
+ case *SetComprehension:
+ return "setcomprehension"
+ }
+
+ return TypeName(x)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/syncpools.go b/vendor/github.com/open-policy-agent/opa/v1/ast/syncpools.go
new file mode 100644
index 0000000000..cb150d39b5
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/syncpools.go
@@ -0,0 +1,69 @@
+package ast
+
+import (
+ "strings"
+ "sync"
+)
+
+type termPtrPool struct {
+ pool sync.Pool
+}
+
+type stringBuilderPool struct {
+ pool sync.Pool
+}
+
+type indexResultPool struct {
+ pool sync.Pool
+}
+
+func (p *termPtrPool) Get() *Term {
+ return p.pool.Get().(*Term)
+}
+
+func (p *termPtrPool) Put(t *Term) {
+ p.pool.Put(t)
+}
+
+func (p *stringBuilderPool) Get() *strings.Builder {
+ return p.pool.Get().(*strings.Builder)
+}
+
+func (p *stringBuilderPool) Put(sb *strings.Builder) {
+ sb.Reset()
+ p.pool.Put(sb)
+}
+
+func (p *indexResultPool) Get() *IndexResult {
+ return p.pool.Get().(*IndexResult)
+}
+
+func (p *indexResultPool) Put(x *IndexResult) {
+ if x != nil {
+ p.pool.Put(x)
+ }
+}
+
+var TermPtrPool = &termPtrPool{
+ pool: sync.Pool{
+ New: func() any {
+ return &Term{}
+ },
+ },
+}
+
+var sbPool = &stringBuilderPool{
+ pool: sync.Pool{
+ New: func() any {
+ return &strings.Builder{}
+ },
+ },
+}
+
+var IndexResultPool = &indexResultPool{
+ pool: sync.Pool{
+ New: func() any {
+ return &IndexResult{}
+ },
+ },
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/term.go b/vendor/github.com/open-policy-agent/opa/v1/ast/term.go
new file mode 100644
index 0000000000..0013a6b132
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/term.go
@@ -0,0 +1,3424 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// nolint: deadcode // Public API.
+package ast
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "math"
+ "math/big"
+ "net/url"
+ "regexp"
+ "slices"
+ "strconv"
+ "strings"
+ "sync"
+ "unicode"
+
+ "github.com/cespare/xxhash/v2"
+ astJSON "github.com/open-policy-agent/opa/v1/ast/json"
+ "github.com/open-policy-agent/opa/v1/ast/location"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+var errFindNotFound = errors.New("find: not found")
+
+// Location records a position in source code.
+type Location = location.Location
+
+// NewLocation returns a new Location object.
+func NewLocation(text []byte, file string, row int, col int) *Location {
+ return location.NewLocation(text, file, row, col)
+}
+
+// Value declares the common interface for all Term values. Every kind of Term value
+// in the language is represented as a type that implements this interface:
+//
+// - Null, Boolean, Number, String
+// - Object, Array, Set
+// - Variables, References
+// - Array, Set, and Object Comprehensions
+// - Calls
+type Value interface {
+ Compare(other Value) int // Compare returns <0, 0, or >0 if this Value is less than, equal to, or greater than other, respectively.
+ Find(path Ref) (Value, error) // Find returns value referred to by path or an error if path is not found.
+ Hash() int // Returns hash code of the value.
+ IsGround() bool // IsGround returns true if this value is not a variable or contains no variables.
+ String() string // String returns a human readable string representation of the value.
+}
+
+// InterfaceToValue converts a native Go value x to a Value.
+func InterfaceToValue(x any) (Value, error) {
+ switch x := x.(type) {
+ case Value:
+ return x, nil
+ case nil:
+ return NullValue, nil
+ case bool:
+ return InternedBooleanTerm(x).Value, nil
+ case json.Number:
+ if interned := InternedIntNumberTermFromString(string(x)); interned != nil {
+ return interned.Value, nil
+ }
+ return Number(x), nil
+ case int64:
+ return int64Number(x), nil
+ case uint64:
+ return uint64Number(x), nil
+ case float64:
+ return floatNumber(x), nil
+ case int:
+ return intNumber(x), nil
+ case string:
+ return String(x), nil
+ case []any:
+ r := util.NewPtrSlice[Term](len(x))
+ for i, e := range x {
+ e, err := InterfaceToValue(e)
+ if err != nil {
+ return nil, err
+ }
+ r[i].Value = e
+ }
+ return NewArray(r...), nil
+ case []string:
+ r := util.NewPtrSlice[Term](len(x))
+ for i, e := range x {
+ r[i].Value = String(e)
+ }
+ return NewArray(r...), nil
+ case map[string]any:
+ kvs := util.NewPtrSlice[Term](len(x) * 2)
+ idx := 0
+ for k, v := range x {
+ kvs[idx].Value = String(k)
+ v, err := InterfaceToValue(v)
+ if err != nil {
+ return nil, err
+ }
+ kvs[idx+1].Value = v
+ idx += 2
+ }
+ tuples := make([][2]*Term, len(kvs)/2)
+ for i := 0; i < len(kvs); i += 2 {
+ tuples[i/2] = *(*[2]*Term)(kvs[i : i+2])
+ }
+ return NewObject(tuples...), nil
+ case map[string]string:
+ r := newobject(len(x))
+ for k, v := range x {
+ r.Insert(StringTerm(k), StringTerm(v))
+ }
+ return r, nil
+ default:
+ ptr := util.Reference(x)
+ if err := util.RoundTrip(ptr); err != nil {
+ return nil, fmt.Errorf("ast: interface conversion: %w", err)
+ }
+ return InterfaceToValue(*ptr)
+ }
+}
+
+// ValueFromReader returns an AST value from a JSON serialized value in the reader.
+func ValueFromReader(r io.Reader) (Value, error) {
+ var x any
+ if err := util.NewJSONDecoder(r).Decode(&x); err != nil {
+ return nil, err
+ }
+ return InterfaceToValue(x)
+}
+
+// As converts v into a Go native type referred to by x.
+func As(v Value, x any) error {
+ return util.NewJSONDecoder(strings.NewReader(v.String())).Decode(x)
+}
+
+// Resolver defines the interface for resolving references to native Go values.
+type Resolver interface {
+ Resolve(Ref) (any, error)
+}
+
+// ValueResolver defines the interface for resolving references to AST values.
+type ValueResolver interface {
+ Resolve(Ref) (Value, error)
+}
+
+// UnknownValueErr indicates a ValueResolver was unable to resolve a reference
+// because the reference refers to an unknown value.
+type UnknownValueErr struct{}
+
+func (UnknownValueErr) Error() string {
+ return "unknown value"
+}
+
+// IsUnknownValueErr returns true if the err is an UnknownValueErr.
+func IsUnknownValueErr(err error) bool {
+ _, ok := err.(UnknownValueErr)
+ return ok
+}
+
+type illegalResolver struct{}
+
+func (illegalResolver) Resolve(ref Ref) (any, error) {
+ return nil, fmt.Errorf("illegal value: %v", ref)
+}
+
+// ValueToInterface returns the Go representation of an AST value. The AST
+// value should not contain any values that require evaluation (e.g., vars,
+// comprehensions, etc.)
+func ValueToInterface(v Value, resolver Resolver) (any, error) {
+ return valueToInterface(v, resolver, JSONOpt{})
+}
+
+func valueToInterface(v Value, resolver Resolver, opt JSONOpt) (any, error) {
+ switch v := v.(type) {
+ case Null:
+ return nil, nil
+ case Boolean:
+ return bool(v), nil
+ case Number:
+ return json.Number(v), nil
+ case String:
+ return string(v), nil
+ case *Array:
+ buf := []any{}
+ for i := range v.Len() {
+ x1, err := valueToInterface(v.Elem(i).Value, resolver, opt)
+ if err != nil {
+ return nil, err
+ }
+ buf = append(buf, x1)
+ }
+ return buf, nil
+ case *object:
+ buf := make(map[string]any, v.Len())
+ err := v.Iter(func(k, v *Term) error {
+ ki, err := valueToInterface(k.Value, resolver, opt)
+ if err != nil {
+ return err
+ }
+ var str string
+ var ok bool
+ if str, ok = ki.(string); !ok {
+ var buf bytes.Buffer
+ if err := json.NewEncoder(&buf).Encode(ki); err != nil {
+ return err
+ }
+ str = strings.TrimSpace(buf.String())
+ }
+ vi, err := valueToInterface(v.Value, resolver, opt)
+ if err != nil {
+ return err
+ }
+ buf[str] = vi
+ return nil
+ })
+ if err != nil {
+ return nil, err
+ }
+ return buf, nil
+ case *lazyObj:
+ if opt.CopyMaps {
+ return valueToInterface(v.force(), resolver, opt)
+ }
+ return v.native, nil
+ case Set:
+ buf := []any{}
+ iter := func(x *Term) error {
+ x1, err := valueToInterface(x.Value, resolver, opt)
+ if err != nil {
+ return err
+ }
+ buf = append(buf, x1)
+ return nil
+ }
+ var err error
+ if opt.SortSets {
+ err = v.Sorted().Iter(iter)
+ } else {
+ err = v.Iter(iter)
+ }
+ if err != nil {
+ return nil, err
+ }
+ return buf, nil
+ case Ref:
+ return resolver.Resolve(v)
+ default:
+ return nil, fmt.Errorf("%v requires evaluation", TypeName(v))
+ }
+}
+
+// JSON returns the JSON representation of v. The value must not contain any
+// refs or terms that require evaluation (e.g., vars, comprehensions, etc.)
+func JSON(v Value) (any, error) {
+ return JSONWithOpt(v, JSONOpt{})
+}
+
+// JSONOpt defines parameters for AST to JSON conversion.
+type JSONOpt struct {
+ SortSets bool // sort sets before serializing (this makes conversion more expensive)
+ CopyMaps bool // enforces copying of map[string]any read from the store
+}
+
+// JSONWithOpt returns the JSON representation of v. The value must not contain any
+// refs or terms that require evaluation (e.g., vars, comprehensions, etc.)
+func JSONWithOpt(v Value, opt JSONOpt) (any, error) {
+ return valueToInterface(v, illegalResolver{}, opt)
+}
+
+// MustJSON returns the JSON representation of v. The value must not contain any
+// refs or terms that require evaluation (e.g., vars, comprehensions, etc.) If
+// the conversion fails, this function will panic. This function is mostly for
+// test purposes.
+func MustJSON(v Value) any {
+ r, err := JSON(v)
+ if err != nil {
+ panic(err)
+ }
+ return r
+}
+
+// MustInterfaceToValue converts a native Go value x to a Value. If the
+// conversion fails, this function will panic. This function is mostly for test
+// purposes.
+func MustInterfaceToValue(x any) Value {
+ v, err := InterfaceToValue(x)
+ if err != nil {
+ panic(err)
+ }
+ return v
+}
+
+// Term is an argument to a function.
+type Term struct {
+ Value Value `json:"value"` // the value of the Term as represented in Go
+ Location *Location `json:"location,omitempty"` // the location of the Term in the source
+}
+
+// NewTerm returns a new Term object.
+func NewTerm(v Value) *Term {
+ return &Term{
+ Value: v,
+ }
+}
+
+// SetLocation updates the term's Location and returns the term itself.
+func (term *Term) SetLocation(loc *Location) *Term {
+ term.Location = loc
+ return term
+}
+
+// Loc returns the Location of term.
+func (term *Term) Loc() *Location {
+ if term == nil {
+ return nil
+ }
+ return term.Location
+}
+
+// SetLoc sets the location on term.
+func (term *Term) SetLoc(loc *Location) {
+ term.SetLocation(loc)
+}
+
+// Copy returns a deep copy of term.
+func (term *Term) Copy() *Term {
+ if term == nil {
+ return nil
+ }
+
+ cpy := *term
+
+ switch v := term.Value.(type) {
+ case Null, Boolean, Number, String, Var:
+ cpy.Value = v
+ case Ref:
+ cpy.Value = v.Copy()
+ case *Array:
+ cpy.Value = v.Copy()
+ case Set:
+ cpy.Value = v.Copy()
+ case *object:
+ cpy.Value = v.Copy()
+ case *ArrayComprehension:
+ cpy.Value = v.Copy()
+ case *ObjectComprehension:
+ cpy.Value = v.Copy()
+ case *SetComprehension:
+ cpy.Value = v.Copy()
+ case Call:
+ cpy.Value = v.Copy()
+ }
+
+ return &cpy
+}
+
+// Equal returns true if this term equals the other term. Equality is
+// defined for each kind of term, and does not compare the Location.
+func (term *Term) Equal(other *Term) bool {
+ if term == nil && other != nil {
+ return false
+ }
+ if term != nil && other == nil {
+ return false
+ }
+ if term == other {
+ return true
+ }
+
+ return ValueEqual(term.Value, other.Value)
+}
+
+// Get returns a value referred to by name from the term.
+func (term *Term) Get(name *Term) *Term {
+ switch v := term.Value.(type) {
+ case *object:
+ return v.Get(name)
+ case *Array:
+ return v.Get(name)
+ case interface {
+ Get(*Term) *Term
+ }:
+ return v.Get(name)
+ case Set:
+ if v.Contains(name) {
+ return name
+ }
+ }
+ return nil
+}
+
+// Hash returns the hash code of the Term's Value. Its Location
+// is ignored.
+func (term *Term) Hash() int {
+ return term.Value.Hash()
+}
+
+// IsGround returns true if this term's Value is ground.
+func (term *Term) IsGround() bool {
+ return term.Value.IsGround()
+}
+
+// MarshalJSON returns the JSON encoding of the term.
+//
+// Specialized marshalling logic is required to include a type hint for Value.
+func (term *Term) MarshalJSON() ([]byte, error) {
+ d := map[string]any{
+ "type": ValueName(term.Value),
+ "value": term.Value,
+ }
+ jsonOptions := astJSON.GetOptions().MarshalOptions
+ if jsonOptions.IncludeLocation.Term {
+ if term.Location != nil {
+ d["location"] = term.Location
+ }
+ }
+ return json.Marshal(d)
+}
+
+func (term *Term) String() string {
+ return term.Value.String()
+}
+
+// UnmarshalJSON parses the byte array and stores the result in term.
+// Specialized unmarshalling is required to handle Value and Location.
+func (term *Term) UnmarshalJSON(bs []byte) error {
+ v := map[string]any{}
+ if err := util.UnmarshalJSON(bs, &v); err != nil {
+ return err
+ }
+ val, err := unmarshalValue(v)
+ if err != nil {
+ return err
+ }
+ term.Value = val
+
+ if loc, ok := v["location"].(map[string]any); ok {
+ term.Location = &Location{}
+ err := unmarshalLocation(term.Location, loc)
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// Vars returns a VarSet with variables contained in this term.
+func (term *Term) Vars() VarSet {
+ vis := &VarVisitor{vars: VarSet{}}
+ vis.Walk(term)
+ return vis.vars
+}
+
+// IsConstant returns true if the AST value is constant.
+func IsConstant(v Value) bool {
+ found := false
+ vis := GenericVisitor{
+ func(x any) bool {
+ switch x.(type) {
+ case Var, Ref, *ArrayComprehension, *ObjectComprehension, *SetComprehension, Call:
+ found = true
+ return true
+ }
+ return false
+ },
+ }
+ vis.Walk(v)
+ return !found
+}
+
+// IsComprehension returns true if the supplied value is a comprehension.
+func IsComprehension(x Value) bool {
+ switch x.(type) {
+ case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
+ return true
+ }
+ return false
+}
+
+// ContainsRefs returns true if the Value v contains refs.
+func ContainsRefs(v any) bool {
+ found := false
+ WalkRefs(v, func(Ref) bool {
+ found = true
+ return found
+ })
+ return found
+}
+
+// ContainsComprehensions returns true if the Value v contains comprehensions.
+func ContainsComprehensions(v any) bool {
+ found := false
+ WalkClosures(v, func(x any) bool {
+ switch x.(type) {
+ case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
+ found = true
+ return found
+ }
+ return found
+ })
+ return found
+}
+
+// ContainsClosures returns true if the Value v contains closures.
+func ContainsClosures(v any) bool {
+ found := false
+ WalkClosures(v, func(x any) bool {
+ switch x.(type) {
+ case *ArrayComprehension, *ObjectComprehension, *SetComprehension, *Every:
+ found = true
+ return found
+ }
+ return found
+ })
+ return found
+}
+
+// IsScalar returns true if the AST value is a scalar.
+func IsScalar(v Value) bool {
+ switch v.(type) {
+ case String, Number, Boolean, Null:
+ return true
+ }
+ return false
+}
+
+// Null represents the null value defined by JSON.
+type Null struct{}
+
+var NullValue Value = Null{}
+
+// NullTerm creates a new Term with a Null value.
+func NullTerm() *Term {
+ return &Term{Value: NullValue}
+}
+
+// Equal returns true if the other term Value is also Null.
+func (Null) Equal(other Value) bool {
+ switch other.(type) {
+ case Null:
+ return true
+ default:
+ return false
+ }
+}
+
+// Compare compares null to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (Null) Compare(other Value) int {
+ if _, ok := other.(Null); ok {
+ return 0
+ }
+ return -1
+}
+
+// Find returns the current value or a not found error.
+func (Null) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return NullValue, nil
+ }
+ return nil, errFindNotFound
+}
+
+// Hash returns the hash code for the Value.
+func (Null) Hash() int {
+ return 0
+}
+
+// IsGround always returns true.
+func (Null) IsGround() bool {
+ return true
+}
+
+func (Null) String() string {
+ return "null"
+}
+
+// Boolean represents a boolean value defined by JSON.
+type Boolean bool
+
+// BooleanTerm creates a new Term with a Boolean value.
+func BooleanTerm(b bool) *Term {
+ if b {
+ return &Term{Value: InternedBooleanTerm(true).Value}
+ }
+ return &Term{Value: InternedBooleanTerm(false).Value}
+}
+
+// Equal returns true if the other Value is a Boolean and is equal.
+func (bol Boolean) Equal(other Value) bool {
+ switch other := other.(type) {
+ case Boolean:
+ return bol == other
+ default:
+ return false
+ }
+}
+
+// Compare compares bol to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (bol Boolean) Compare(other Value) int {
+ switch other := other.(type) {
+ case Boolean:
+ if bol == other {
+ return 0
+ }
+ if !bol {
+ return -1
+ }
+ return 1
+ case Null:
+ return 1
+ }
+
+ return -1
+}
+
+// Find returns the current value or a not found error.
+func (bol Boolean) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return InternedBooleanTerm(bool(bol)).Value, nil
+ }
+ return nil, errFindNotFound
+}
+
+// Hash returns the hash code for the Value.
+func (bol Boolean) Hash() int {
+ if bol {
+ return 1
+ }
+ return 0
+}
+
+// IsGround always returns true.
+func (Boolean) IsGround() bool {
+ return true
+}
+
+func (bol Boolean) String() string {
+ return strconv.FormatBool(bool(bol))
+}
+
+// Number represents a numeric value as defined by JSON.
+type Number json.Number
+
+// NumberTerm creates a new Term with a Number value.
+func NumberTerm(n json.Number) *Term {
+ return &Term{Value: Number(n)}
+}
+
+// IntNumberTerm creates a new Term with an integer Number value.
+func IntNumberTerm(i int) *Term {
+ return &Term{Value: Number(strconv.Itoa(i))}
+}
+
+// UIntNumberTerm creates a new Term with an unsigned integer Number value.
+func UIntNumberTerm(u uint64) *Term {
+ return &Term{Value: uint64Number(u)}
+}
+
+// FloatNumberTerm creates a new Term with a floating point Number value.
+func FloatNumberTerm(f float64) *Term {
+ s := strconv.FormatFloat(f, 'g', -1, 64)
+ return &Term{Value: Number(s)}
+}
+
+// Equal returns true if the other Value is a Number and is equal.
+func (num Number) Equal(other Value) bool {
+ switch other := other.(type) {
+ case Number:
+ if n1, ok1 := num.Int64(); ok1 {
+ n2, ok2 := other.Int64()
+ if ok1 && ok2 && n1 == n2 {
+ return true
+ }
+ }
+
+ return num.Compare(other) == 0
+ default:
+ return false
+ }
+}
+
+// Compare compares num to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (num Number) Compare(other Value) int {
+ // Optimize for the common case, as calling Compare allocates on heap.
+ if otherNum, yes := other.(Number); yes {
+ if ai, ok := num.Int64(); ok {
+ if bi, ok := otherNum.Int64(); ok {
+ if ai == bi {
+ return 0
+ }
+ if ai < bi {
+ return -1
+ }
+ return 1
+ }
+ }
+ }
+
+ return Compare(num, other)
+}
+
+// Find returns the current value or a not found error.
+func (num Number) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return num, nil
+ }
+ return nil, errFindNotFound
+}
+
+// Hash returns the hash code for the Value.
+func (num Number) Hash() int {
+ f, err := json.Number(num).Float64()
+ if err != nil {
+ bs := []byte(num)
+ h := xxhash.Sum64(bs)
+ return int(h)
+ }
+ return int(f)
+}
+
+// Int returns the int representation of num if possible.
+func (num Number) Int() (int, bool) {
+ i64, ok := num.Int64()
+ return int(i64), ok
+}
+
+// Int64 returns the int64 representation of num if possible.
+func (num Number) Int64() (int64, bool) {
+ i, err := json.Number(num).Int64()
+ if err != nil {
+ return 0, false
+ }
+ return i, true
+}
+
+// Float64 returns the float64 representation of num if possible.
+func (num Number) Float64() (float64, bool) {
+ f, err := json.Number(num).Float64()
+ if err != nil {
+ return 0, false
+ }
+ return f, true
+}
+
+// IsGround always returns true.
+func (Number) IsGround() bool {
+ return true
+}
+
+// MarshalJSON returns JSON encoded bytes representing num.
+func (num Number) MarshalJSON() ([]byte, error) {
+ return json.Marshal(json.Number(num))
+}
+
+func (num Number) String() string {
+ return string(num)
+}
+
+func intNumber(i int) Number {
+ return Number(strconv.Itoa(i))
+}
+
+func int64Number(i int64) Number {
+ return Number(strconv.FormatInt(i, 10))
+}
+
+func uint64Number(u uint64) Number {
+ return Number(strconv.FormatUint(u, 10))
+}
+
+func floatNumber(f float64) Number {
+ return Number(strconv.FormatFloat(f, 'g', -1, 64))
+}
+
+// String represents a string value as defined by JSON.
+type String string
+
+// StringTerm creates a new Term with a String value.
+func StringTerm(s string) *Term {
+ return &Term{Value: String(s)}
+}
+
+// Equal returns true if the other Value is a String and is equal.
+func (str String) Equal(other Value) bool {
+ switch other := other.(type) {
+ case String:
+ return str == other
+ default:
+ return false
+ }
+}
+
+// Compare compares str to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (str String) Compare(other Value) int {
+ // Optimize for the common case of one string being compared to another by
+ // using a direct comparison of values. This avoids the allocation performed
+ // when calling Compare and its any argument conversion.
+ if otherStr, ok := other.(String); ok {
+ if str == otherStr {
+ return 0
+ }
+ if str < otherStr {
+ return -1
+ }
+ return 1
+ }
+
+ return Compare(str, other)
+}
+
+// Find returns the current value or a not found error.
+func (str String) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return str, nil
+ }
+ return nil, errFindNotFound
+}
+
+// IsGround always returns true.
+func (String) IsGround() bool {
+ return true
+}
+
+func (str String) String() string {
+ return strconv.Quote(string(str))
+}
+
+// Hash returns the hash code for the Value.
+func (str String) Hash() int {
+ return int(xxhash.Sum64String(string(str)))
+}
+
+// Var represents a variable as defined by the language.
+type Var string
+
+// VarTerm creates a new Term with a Variable value.
+func VarTerm(v string) *Term {
+ return &Term{Value: Var(v)}
+}
+
+// Equal returns true if the other Value is a Variable and has the same value
+// (name).
+func (v Var) Equal(other Value) bool {
+ switch other := other.(type) {
+ case Var:
+ return v == other
+ default:
+ return false
+ }
+}
+
+// Compare compares v to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (v Var) Compare(other Value) int {
+ if otherVar, ok := other.(Var); ok {
+ return strings.Compare(string(v), string(otherVar))
+ }
+ return Compare(v, other)
+}
+
+// Find returns the current value or a not found error.
+func (v Var) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return v, nil
+ }
+ return nil, errFindNotFound
+}
+
+// Hash returns the hash code for the Value.
+func (v Var) Hash() int {
+ return int(xxhash.Sum64String(string(v)))
+}
+
+// IsGround always returns false.
+func (Var) IsGround() bool {
+ return false
+}
+
+// IsWildcard returns true if this is a wildcard variable.
+func (v Var) IsWildcard() bool {
+ return strings.HasPrefix(string(v), WildcardPrefix)
+}
+
+// IsGenerated returns true if this variable was generated during compilation.
+func (v Var) IsGenerated() bool {
+ return strings.HasPrefix(string(v), "__local")
+}
+
+func (v Var) String() string {
+ // Special case for wildcard so that string representation is parseable. The
+ // parser mangles wildcard variables to make their names unique and uses an
+ // illegal variable name character (WildcardPrefix) to avoid conflicts. When
+ // we serialize the variable here, we need to make sure it's parseable.
+ if v.IsWildcard() {
+ return Wildcard.String()
+ }
+ return string(v)
+}
+
+// Ref represents a reference as defined by the language.
+type Ref []*Term
+
+// EmptyRef returns a new, empty reference.
+func EmptyRef() Ref {
+ return Ref([]*Term{})
+}
+
+// PtrRef returns a new reference against the head for the pointer
+// s. Path components in the pointer are unescaped.
+func PtrRef(head *Term, s string) (Ref, error) {
+ s = strings.Trim(s, "/")
+ if s == "" {
+ return Ref{head}, nil
+ }
+ parts := strings.Split(s, "/")
+ if maxLen := math.MaxInt32; len(parts) >= maxLen {
+ return nil, fmt.Errorf("path too long: %s, %d > %d (max)", s, len(parts), maxLen)
+ }
+ ref := make(Ref, uint(len(parts))+1)
+ ref[0] = head
+ for i := range parts {
+ var err error
+ parts[i], err = url.PathUnescape(parts[i])
+ if err != nil {
+ return nil, err
+ }
+ ref[i+1] = StringTerm(parts[i])
+ }
+ return ref, nil
+}
+
+// RefTerm creates a new Term with a Ref value.
+func RefTerm(r ...*Term) *Term {
+ return &Term{Value: Ref(r)}
+}
+
+// Append returns a copy of ref with the term appended to the end.
+func (ref Ref) Append(term *Term) Ref {
+ n := len(ref)
+ dst := make(Ref, n+1)
+ copy(dst, ref)
+ dst[n] = term
+ return dst
+}
+
+// Insert returns a copy of the ref with x inserted at pos. If pos < len(ref),
+// existing elements are shifted to the right. If pos > len(ref)+1 this
+// function panics.
+func (ref Ref) Insert(x *Term, pos int) Ref {
+ switch {
+ case pos == len(ref):
+ return ref.Append(x)
+ case pos > len(ref)+1:
+ panic("illegal index")
+ }
+ cpy := make(Ref, len(ref)+1)
+ copy(cpy, ref[:pos])
+ cpy[pos] = x
+ copy(cpy[pos+1:], ref[pos:])
+ return cpy
+}
+
+// Extend returns a copy of ref with the terms from other appended. The head of
+// other will be converted to a string.
+func (ref Ref) Extend(other Ref) Ref {
+ dst := make(Ref, len(ref)+len(other))
+ copy(dst, ref)
+
+ head := other[0].Copy()
+ head.Value = String(head.Value.(Var))
+ offset := len(ref)
+ dst[offset] = head
+
+ copy(dst[offset+1:], other[1:])
+ return dst
+}
+
+// Concat returns a ref with the terms appended.
+func (ref Ref) Concat(terms []*Term) Ref {
+ if len(terms) == 0 {
+ return ref
+ }
+ cpy := make(Ref, len(ref)+len(terms))
+ copy(cpy, ref)
+ copy(cpy[len(ref):], terms)
+ return cpy
+}
+
+// Dynamic returns the offset of the first non-constant operand of ref.
+func (ref Ref) Dynamic() int {
+ switch ref[0].Value.(type) {
+ case Call:
+ return 0
+ }
+ for i := 1; i < len(ref); i++ {
+ if !IsConstant(ref[i].Value) {
+ return i
+ }
+ }
+ return -1
+}
+
+// Copy returns a deep copy of ref.
+func (ref Ref) Copy() Ref {
+ return termSliceCopy(ref)
+}
+
+// CopyNonGround returns a new ref with deep copies of the non-ground parts and shallow
+// copies of the ground parts. This is a *much* cheaper operation than Copy for operations
+// that only intend to modify (e.g. plug) the non-ground parts. The head element of the ref
+// is always shallow copied.
+func (ref Ref) CopyNonGround() Ref {
+ cpy := make(Ref, len(ref))
+ cpy[0] = ref[0]
+
+ for i := 1; i < len(ref); i++ {
+ if ref[i].Value.IsGround() {
+ cpy[i] = ref[i]
+ } else {
+ cpy[i] = ref[i].Copy()
+ }
+ }
+
+ return cpy
+}
+
+// Equal returns true if ref is equal to other.
+func (ref Ref) Equal(other Value) bool {
+ switch o := other.(type) {
+ case Ref:
+ if len(ref) == len(o) {
+ for i := range ref {
+ if !ref[i].Equal(o[i]) {
+ return false
+ }
+ }
+
+ return true
+ }
+ }
+
+ return false
+}
+
+// Compare compares ref to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (ref Ref) Compare(other Value) int {
+ if o, ok := other.(Ref); ok {
+ return termSliceCompare(ref, o)
+ }
+
+ return Compare(ref, other)
+}
+
+// Find returns the current value or a "not found" error.
+func (ref Ref) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return ref, nil
+ }
+ return nil, errFindNotFound
+}
+
+// Hash returns the hash code for the Value.
+func (ref Ref) Hash() int {
+ return termSliceHash(ref)
+}
+
+// HasPrefix returns true if the other ref is a prefix of this ref.
+func (ref Ref) HasPrefix(other Ref) bool {
+ if len(other) > len(ref) {
+ return false
+ }
+ for i := range other {
+ if !ref[i].Equal(other[i]) {
+ return false
+ }
+ }
+ return true
+}
+
+// ConstantPrefix returns the constant portion of the ref starting from the head.
+func (ref Ref) ConstantPrefix() Ref {
+ i := ref.Dynamic()
+ if i < 0 {
+ return ref.Copy()
+ }
+ return ref[:i].Copy()
+}
+
+func (ref Ref) StringPrefix() Ref {
+ for i := 1; i < len(ref); i++ {
+ switch ref[i].Value.(type) {
+ case String: // pass
+ default: // cut off
+ return ref[:i].Copy()
+ }
+ }
+
+ return ref.Copy()
+}
+
+// GroundPrefix returns the ground portion of the ref starting from the head. By
+// definition, the head of the reference is always ground.
+func (ref Ref) GroundPrefix() Ref {
+ if ref.IsGround() {
+ return ref
+ }
+
+ prefix := make(Ref, 0, len(ref))
+
+ for i, x := range ref {
+ if i > 0 && !x.IsGround() {
+ break
+ }
+ prefix = append(prefix, x)
+ }
+
+ return prefix
+}
+
+func (ref Ref) DynamicSuffix() Ref {
+ i := ref.Dynamic()
+ if i < 0 {
+ return nil
+ }
+ return ref[i:]
+}
+
+// IsGround returns true if all of the parts of the Ref are ground.
+func (ref Ref) IsGround() bool {
+ if len(ref) == 0 {
+ return true
+ }
+ return termSliceIsGround(ref[1:])
+}
+
+// IsNested returns true if this ref contains other Refs.
+func (ref Ref) IsNested() bool {
+ for _, x := range ref {
+ if _, ok := x.Value.(Ref); ok {
+ return true
+ }
+ }
+ return false
+}
+
+// Ptr returns a slash-separated path string for this ref. If the ref
+// contains non-string terms this function returns an error. Path
+// components are escaped.
+func (ref Ref) Ptr() (string, error) {
+ parts := make([]string, 0, len(ref)-1)
+ for _, term := range ref[1:] {
+ if str, ok := term.Value.(String); ok {
+ parts = append(parts, url.PathEscape(string(str)))
+ } else {
+ return "", errors.New("invalid path value type")
+ }
+ }
+ return strings.Join(parts, "/"), nil
+}
+
+var varRegexp = regexp.MustCompile("^[[:alpha:]_][[:alpha:][:digit:]_]*$")
+
+func IsVarCompatibleString(s string) bool {
+ return varRegexp.MatchString(s)
+}
+
+func (ref Ref) String() string {
+ if len(ref) == 0 {
+ return ""
+ }
+
+ if len(ref) == 1 {
+ switch p := ref[0].Value.(type) {
+ case Var:
+ return p.String()
+ }
+ }
+
+ sb := sbPool.Get()
+ defer sbPool.Put(sb)
+
+ sb.Grow(10 * len(ref))
+ sb.WriteString(ref[0].Value.String())
+
+ for _, p := range ref[1:] {
+ switch p := p.Value.(type) {
+ case String:
+ str := string(p)
+ if varRegexp.MatchString(str) && !IsKeyword(str) {
+ sb.WriteByte('.')
+ sb.WriteString(str)
+ } else {
+ sb.WriteByte('[')
+ // Determine whether we need the full JSON-escaped form
+ if strings.ContainsFunc(str, isControlOrBackslash) {
+ // only now pay the cost of expensive JSON-escaped form
+ sb.WriteString(p.String())
+ } else {
+ sb.WriteByte('"')
+ sb.WriteString(str)
+ sb.WriteByte('"')
+ }
+ sb.WriteByte(']')
+ }
+ default:
+ sb.WriteByte('[')
+ sb.WriteString(p.String())
+ sb.WriteByte(']')
+ }
+ }
+
+ return sb.String()
+}
+
+// OutputVars returns a VarSet containing variables that would be bound by evaluating
+// this expression in isolation.
+func (ref Ref) OutputVars() VarSet {
+ vis := NewVarVisitor().WithParams(VarVisitorParams{SkipRefHead: true})
+ vis.Walk(ref)
+ return vis.Vars()
+}
+
+func (ref Ref) toArray() *Array {
+ terms := make([]*Term, 0, len(ref))
+ for _, term := range ref {
+ if _, ok := term.Value.(String); ok {
+ terms = append(terms, term)
+ } else {
+ terms = append(terms, InternedStringTerm(term.Value.String()))
+ }
+ }
+ return NewArray(terms...)
+}
+
+// QueryIterator defines the interface for querying AST documents with references.
+type QueryIterator func(map[Var]Value, Value) error
+
+// ArrayTerm creates a new Term with an Array value.
+func ArrayTerm(a ...*Term) *Term {
+ return NewTerm(NewArray(a...))
+}
+
+// NewArray creates an Array with the terms provided. The array will
+// use the provided term slice.
+func NewArray(a ...*Term) *Array {
+ hs := make([]int, len(a))
+ for i, e := range a {
+ hs[i] = e.Value.Hash()
+ }
+ arr := &Array{elems: a, hashs: hs, ground: termSliceIsGround(a)}
+ arr.rehash()
+ return arr
+}
+
+// Array represents an array as defined by the language. Arrays are similar to the
+// same types as defined by JSON with the exception that they can contain Vars
+// and References.
+type Array struct {
+ elems []*Term
+ hashs []int // element hashes
+ hash int
+ ground bool
+}
+
+// Copy returns a deep copy of arr.
+func (arr *Array) Copy() *Array {
+ cpy := make([]int, len(arr.elems))
+ copy(cpy, arr.hashs)
+ return &Array{
+ elems: termSliceCopy(arr.elems),
+ hashs: cpy,
+ hash: arr.hash,
+ ground: arr.IsGround()}
+}
+
+// Equal returns true if arr is equal to other.
+func (arr *Array) Equal(other Value) bool {
+ if arr == other {
+ return true
+ }
+
+ if other, ok := other.(*Array); ok && len(arr.elems) == len(other.elems) {
+ for i := range arr.elems {
+ if !arr.elems[i].Equal(other.elems[i]) {
+ return false
+ }
+ }
+ return true
+ }
+
+ return false
+}
+
+// Compare compares arr to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (arr *Array) Compare(other Value) int {
+ if b, ok := other.(*Array); ok {
+ return termSliceCompare(arr.elems, b.elems)
+ }
+
+ sortA := sortOrder(arr)
+ sortB := sortOrder(other)
+
+ if sortA < sortB {
+ return -1
+ } else if sortB < sortA {
+ return 1
+ }
+
+ return Compare(arr, other)
+}
+
+// Find returns the value at the index or an out-of-range error.
+func (arr *Array) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return arr, nil
+ }
+ num, ok := path[0].Value.(Number)
+ if !ok {
+ return nil, errFindNotFound
+ }
+ i, ok := num.Int()
+ if !ok {
+ return nil, errFindNotFound
+ }
+ if i < 0 || i >= arr.Len() {
+ return nil, errFindNotFound
+ }
+
+ term := arr.Elem(i)
+ // Using Find on scalar values costs an allocation (type -> Value conversion)
+ // and since we already have the Value here, we can avoid that.
+ if len(path) == 1 && IsScalar(term.Value) {
+ return term.Value, nil
+ }
+
+ return term.Value.Find(path[1:])
+}
+
+// Get returns the element at pos or nil if not possible.
+func (arr *Array) Get(pos *Term) *Term {
+ num, ok := pos.Value.(Number)
+ if !ok {
+ return nil
+ }
+
+ i, ok := num.Int()
+ if !ok {
+ return nil
+ }
+
+ if i >= 0 && i < len(arr.elems) {
+ return arr.elems[i]
+ }
+
+ return nil
+}
+
+// Sorted returns a new Array that contains the sorted elements of arr.
+func (arr *Array) Sorted() *Array {
+ cpy := make([]*Term, len(arr.elems))
+ for i := range cpy {
+ cpy[i] = arr.elems[i]
+ }
+
+ slices.SortFunc(cpy, TermValueCompare)
+
+ a := NewArray(cpy...)
+ a.hashs = arr.hashs
+ return a
+}
+
+// Hash returns the hash code for the Value.
+func (arr *Array) Hash() int {
+ return arr.hash
+}
+
+// IsGround returns true if all of the Array elements are ground.
+func (arr *Array) IsGround() bool {
+ return arr.ground
+}
+
+// MarshalJSON returns JSON encoded bytes representing arr.
+func (arr *Array) MarshalJSON() ([]byte, error) {
+ if len(arr.elems) == 0 {
+ return []byte(`[]`), nil
+ }
+ return json.Marshal(arr.elems)
+}
+
+func (arr *Array) String() string {
+ sb := sbPool.Get()
+ sb.Grow(len(arr.elems) * 16)
+
+ defer sbPool.Put(sb)
+
+ sb.WriteByte('[')
+ for i, e := range arr.elems {
+ if i > 0 {
+ sb.WriteString(", ")
+ }
+ sb.WriteString(e.String())
+ }
+ sb.WriteByte(']')
+
+ return sb.String()
+}
+
+// Len returns the number of elements in the array.
+func (arr *Array) Len() int {
+ return len(arr.elems)
+}
+
+// Elem returns the element i of arr.
+func (arr *Array) Elem(i int) *Term {
+ return arr.elems[i]
+}
+
+// Set sets the element i of arr.
+func (arr *Array) Set(i int, v *Term) {
+ arr.set(i, v)
+}
+
+// rehash updates the cached hash of arr.
+func (arr *Array) rehash() {
+ arr.hash = 0
+ for _, h := range arr.hashs {
+ arr.hash += h
+ }
+}
+
+// set sets the element i of arr.
+func (arr *Array) set(i int, v *Term) {
+ arr.ground = arr.ground && v.IsGround()
+ arr.elems[i] = v
+ arr.hashs[i] = v.Value.Hash()
+ arr.rehash()
+}
+
+// Slice returns a slice of arr starting from i index to j. -1
+// indicates the end of the array. The returned value array is not a
+// copy and any modifications to either of arrays may be reflected to
+// the other.
+func (arr *Array) Slice(i, j int) *Array {
+ var elems []*Term
+ var hashs []int
+ if j == -1 {
+ elems = arr.elems[i:]
+ hashs = arr.hashs[i:]
+ } else {
+ elems = arr.elems[i:j]
+ hashs = arr.hashs[i:j]
+ }
+ // If arr is ground, the slice is, too.
+ // If it's not, the slice could still be.
+ gr := arr.ground || termSliceIsGround(elems)
+
+ s := &Array{elems: elems, hashs: hashs, ground: gr}
+ s.rehash()
+ return s
+}
+
+// Iter calls f on each element in arr. If f returns an error,
+// iteration stops and the return value is the error.
+func (arr *Array) Iter(f func(*Term) error) error {
+ for i := range arr.elems {
+ if err := f(arr.elems[i]); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// Until calls f on each element in arr. If f returns true, iteration stops.
+func (arr *Array) Until(f func(*Term) bool) bool {
+ return slices.ContainsFunc(arr.elems, f)
+}
+
+// Foreach calls f on each element in arr.
+func (arr *Array) Foreach(f func(*Term)) {
+ for _, term := range arr.elems {
+ f(term)
+ }
+}
+
+// Append appends a term to arr, returning the appended array.
+func (arr *Array) Append(v *Term) *Array {
+ cpy := *arr
+ cpy.elems = append(arr.elems, v)
+ cpy.hashs = append(arr.hashs, v.Value.Hash())
+ cpy.hash = arr.hash + v.Value.Hash()
+ cpy.ground = arr.ground && v.IsGround()
+ return &cpy
+}
+
+// Set represents a set as defined by the language.
+type Set interface {
+ Value
+ Len() int
+ Copy() Set
+ Diff(Set) Set
+ Intersect(Set) Set
+ Union(Set) Set
+ Add(*Term)
+ Iter(func(*Term) error) error
+ Until(func(*Term) bool) bool
+ Foreach(func(*Term))
+ Contains(*Term) bool
+ Map(func(*Term) (*Term, error)) (Set, error)
+ Reduce(*Term, func(*Term, *Term) (*Term, error)) (*Term, error)
+ Sorted() *Array
+ Slice() []*Term
+}
+
+// NewSet returns a new Set containing t.
+func NewSet(t ...*Term) Set {
+ s := newset(len(t))
+ for _, term := range t {
+ s.insert(term, false)
+ }
+ return s
+}
+
+func newset(n int) *set {
+ var keys []*Term
+ if n > 0 {
+ keys = make([]*Term, 0, n)
+ }
+ return &set{
+ elems: make(map[int]*Term, n),
+ keys: keys,
+ hash: 0,
+ ground: true,
+ sortGuard: sync.Once{},
+ }
+}
+
+// SetTerm returns a new Term representing a set containing terms t.
+func SetTerm(t ...*Term) *Term {
+ set := NewSet(t...)
+ return &Term{
+ Value: set,
+ }
+}
+
+type set struct {
+ elems map[int]*Term
+ keys []*Term
+ hash int
+ ground bool
+ // Prevents race condition around sorting.
+ // We can avoid (the allocation cost of) using a pointer here as all
+ // methods of `set` use a pointer receiver, and the `sync.Once` value
+ // is never copied.
+ sortGuard sync.Once
+}
+
+// Copy returns a deep copy of s.
+func (s *set) Copy() Set {
+ terms := make([]*Term, len(s.keys))
+ for i := range s.keys {
+ terms[i] = s.keys[i].Copy()
+ }
+ cpy := NewSet(terms...).(*set)
+ cpy.hash = s.hash
+ cpy.ground = s.ground
+ return cpy
+}
+
+// IsGround returns true if all terms in s are ground.
+func (s *set) IsGround() bool {
+ return s.ground
+}
+
+// Hash returns a hash code for s.
+func (s *set) Hash() int {
+ return s.hash
+}
+
+func (s *set) String() string {
+ if s.Len() == 0 {
+ return "set()"
+ }
+
+ sb := sbPool.Get()
+ sb.Grow(s.Len() * 16)
+
+ defer sbPool.Put(sb)
+
+ sb.WriteByte('{')
+ for i := range s.sortedKeys() {
+ if i > 0 {
+ sb.WriteString(", ")
+ }
+ sb.WriteString(s.keys[i].Value.String())
+ }
+ sb.WriteByte('}')
+
+ return sb.String()
+}
+
+func (s *set) sortedKeys() []*Term {
+ s.sortGuard.Do(func() {
+ slices.SortFunc(s.keys, TermValueCompare)
+ })
+ return s.keys
+}
+
+// Compare compares s to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (s *set) Compare(other Value) int {
+ o1 := sortOrder(s)
+ o2 := sortOrder(other)
+ if o1 < o2 {
+ return -1
+ } else if o1 > o2 {
+ return 1
+ }
+ t := other.(*set)
+ return termSliceCompare(s.sortedKeys(), t.sortedKeys())
+}
+
+// Find returns the set or dereferences the element itself.
+func (s *set) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return s, nil
+ }
+ if !s.Contains(path[0]) {
+ return nil, errFindNotFound
+ }
+ return path[0].Value.Find(path[1:])
+}
+
+// Diff returns elements in s that are not in other.
+func (s *set) Diff(other Set) Set {
+ if s.Compare(other) == 0 {
+ return NewSet()
+ }
+
+ terms := make([]*Term, 0, len(s.keys))
+ for _, term := range s.sortedKeys() {
+ if !other.Contains(term) {
+ terms = append(terms, term)
+ }
+ }
+
+ return NewSet(terms...)
+}
+
+// Intersect returns the set containing elements in both s and other.
+func (s *set) Intersect(other Set) Set {
+ o := other.(*set)
+ n, m := s.Len(), o.Len()
+ ss := s
+ so := o
+ if m < n {
+ ss = o
+ so = s
+ n = m
+ }
+
+ terms := make([]*Term, 0, n)
+ for _, term := range ss.sortedKeys() {
+ if so.Contains(term) {
+ terms = append(terms, term)
+ }
+ }
+
+ return NewSet(terms...)
+}
+
+// Union returns the set containing all elements of s and other.
+func (s *set) Union(other Set) Set {
+ r := NewSet()
+ s.Foreach(r.Add)
+ other.Foreach(r.Add)
+ return r
+}
+
+// Add updates s to include t.
+func (s *set) Add(t *Term) {
+ s.insert(t, true)
+}
+
+// Iter calls f on each element in s. If f returns an error, iteration stops
+// and the return value is the error.
+func (s *set) Iter(f func(*Term) error) error {
+ for _, term := range s.sortedKeys() {
+ if err := f(term); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// Until calls f on each element in s. If f returns true, iteration stops.
+func (s *set) Until(f func(*Term) bool) bool {
+ return slices.ContainsFunc(s.sortedKeys(), f)
+}
+
+// Foreach calls f on each element in s.
+func (s *set) Foreach(f func(*Term)) {
+ for _, term := range s.sortedKeys() {
+ f(term)
+ }
+}
+
+// Map returns a new Set obtained by applying f to each value in s.
+func (s *set) Map(f func(*Term) (*Term, error)) (Set, error) {
+ mapped := make([]*Term, 0, len(s.keys))
+ for _, x := range s.sortedKeys() {
+ term, err := f(x)
+ if err != nil {
+ return nil, err
+ }
+ mapped = append(mapped, term)
+ }
+ return NewSet(mapped...), nil
+}
+
+// Reduce returns a Term produced by applying f to each value in s. The first
+// argument to f is the reduced value (starting with i) and the second argument
+// to f is the element in s.
+func (s *set) Reduce(i *Term, f func(*Term, *Term) (*Term, error)) (*Term, error) {
+ err := s.Iter(func(x *Term) error {
+ var err error
+ i, err = f(i, x)
+ if err != nil {
+ return err
+ }
+ return nil
+ })
+ return i, err
+}
+
+// Contains returns true if t is in s.
+func (s *set) Contains(t *Term) bool {
+ return s.get(t) != nil
+}
+
+// Len returns the number of elements in the set.
+func (s *set) Len() int {
+ return len(s.keys)
+}
+
+// MarshalJSON returns JSON encoded bytes representing s.
+func (s *set) MarshalJSON() ([]byte, error) {
+ if s.keys == nil {
+ return []byte(`[]`), nil
+ }
+ return json.Marshal(s.sortedKeys())
+}
+
+// Sorted returns an Array that contains the sorted elements of s.
+func (s *set) Sorted() *Array {
+ cpy := make([]*Term, len(s.keys))
+ copy(cpy, s.sortedKeys())
+ return NewArray(cpy...)
+}
+
+// Slice returns a slice of terms contained in the set.
+func (s *set) Slice() []*Term {
+ return s.sortedKeys()
+}
+
+// NOTE(philipc): We assume a many-readers, single-writer model here.
+// This method should NOT be used concurrently, or else we risk data races.
+func (s *set) insert(x *Term, resetSortGuard bool) {
+ hash := x.Hash()
+ insertHash := hash
+ // This `equal` utility is duplicated and manually inlined a number of
+ // time in this file. Inlining it avoids heap allocations, so it makes
+ // a big performance difference: some operations like lookup become twice
+ // as slow without it.
+ var equal func(v Value) bool
+
+ switch x := x.Value.(type) {
+ case Null, Boolean, String, Var:
+ equal = func(y Value) bool { return x == y }
+ case Number:
+ if xi, err := json.Number(x).Int64(); err == nil {
+ equal = func(y Value) bool {
+ if y, ok := y.(Number); ok {
+ if yi, err := json.Number(y).Int64(); err == nil {
+ return xi == yi
+ }
+ }
+
+ return false
+ }
+ break
+ }
+
+ // We use big.Rat for comparing big numbers.
+ // It replaces big.Float due to following reason:
+ // big.Float comes with a default precision of 64, and setting a
+ // larger precision results in more memory being allocated
+ // (regardless of the actual number we are parsing with SetString).
+ //
+ // Note: If we're so close to zero that big.Float says we are zero, do
+ // *not* big.Rat).SetString on the original string it'll potentially
+ // take very long.
+ var a *big.Rat
+ fa, ok := new(big.Float).SetString(string(x))
+ if !ok {
+ panic("illegal value")
+ }
+ if fa.IsInt() {
+ if i, _ := fa.Int64(); i == 0 {
+ a = new(big.Rat).SetInt64(0)
+ }
+ }
+ if a == nil {
+ a, ok = new(big.Rat).SetString(string(x))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ equal = func(b Value) bool {
+ if bNum, ok := b.(Number); ok {
+ var b *big.Rat
+ fb, ok := new(big.Float).SetString(string(bNum))
+ if !ok {
+ panic("illegal value")
+ }
+ if fb.IsInt() {
+ if i, _ := fb.Int64(); i == 0 {
+ b = new(big.Rat).SetInt64(0)
+ }
+ }
+ if b == nil {
+ b, ok = new(big.Rat).SetString(string(bNum))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ return a.Cmp(b) == 0
+ }
+
+ return false
+ }
+ default:
+ equal = func(y Value) bool { return Compare(x, y) == 0 }
+ }
+
+ for curr, ok := s.elems[insertHash]; ok; {
+ if equal(curr.Value) {
+ return
+ }
+
+ insertHash++
+ curr, ok = s.elems[insertHash]
+ }
+
+ s.elems[insertHash] = x
+ // O(1) insertion, but we'll have to re-sort the keys later.
+ s.keys = append(s.keys, x)
+
+ if resetSortGuard {
+ // Reset the sync.Once instance.
+ // See https://github.com/golang/go/issues/25955 for why we do it this way.
+ // Note that this will always be the case when external code calls insert via
+ // Add, or otherwise. Internal code may however benefit from not having to
+ // re-create this pointer when it's known not to be needed.
+ s.sortGuard = sync.Once{}
+ }
+
+ s.hash += hash
+ s.ground = s.ground && x.IsGround()
+}
+
+func (s *set) get(x *Term) *Term {
+ hash := x.Hash()
+ // This `equal` utility is duplicated and manually inlined a number of
+ // time in this file. Inlining it avoids heap allocations, so it makes
+ // a big performance difference: some operations like lookup become twice
+ // as slow without it.
+ var equal func(v Value) bool
+
+ switch x := x.Value.(type) {
+ case Null, Boolean, String, Var:
+ equal = func(y Value) bool { return x == y }
+ case Number:
+ if xi, err := json.Number(x).Int64(); err == nil {
+ equal = func(y Value) bool {
+ if y, ok := y.(Number); ok {
+ if yi, err := json.Number(y).Int64(); err == nil {
+ return xi == yi
+ }
+ }
+
+ return false
+ }
+ break
+ }
+
+ // We use big.Rat for comparing big numbers.
+ // It replaces big.Float due to following reason:
+ // big.Float comes with a default precision of 64, and setting a
+ // larger precision results in more memory being allocated
+ // (regardless of the actual number we are parsing with SetString).
+ //
+ // Note: If we're so close to zero that big.Float says we are zero, do
+ // *not* big.Rat).SetString on the original string it'll potentially
+ // take very long.
+ var a *big.Rat
+ fa, ok := new(big.Float).SetString(string(x))
+ if !ok {
+ panic("illegal value")
+ }
+ if fa.IsInt() {
+ if i, _ := fa.Int64(); i == 0 {
+ a = new(big.Rat).SetInt64(0)
+ }
+ }
+ if a == nil {
+ a, ok = new(big.Rat).SetString(string(x))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ equal = func(b Value) bool {
+ if bNum, ok := b.(Number); ok {
+ var b *big.Rat
+ fb, ok := new(big.Float).SetString(string(bNum))
+ if !ok {
+ panic("illegal value")
+ }
+ if fb.IsInt() {
+ if i, _ := fb.Int64(); i == 0 {
+ b = new(big.Rat).SetInt64(0)
+ }
+ }
+ if b == nil {
+ b, ok = new(big.Rat).SetString(string(bNum))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ return a.Cmp(b) == 0
+ }
+ return false
+
+ }
+
+ default:
+ equal = func(y Value) bool { return Compare(x, y) == 0 }
+ }
+
+ for curr, ok := s.elems[hash]; ok; {
+ if equal(curr.Value) {
+ return curr
+ }
+
+ hash++
+ curr, ok = s.elems[hash]
+ }
+ return nil
+}
+
+// Object represents an object as defined by the language.
+type Object interface {
+ Value
+ Len() int
+ Get(*Term) *Term
+ Copy() Object
+ Insert(*Term, *Term)
+ Iter(func(*Term, *Term) error) error
+ Until(func(*Term, *Term) bool) bool
+ Foreach(func(*Term, *Term))
+ Map(func(*Term, *Term) (*Term, *Term, error)) (Object, error)
+ Diff(other Object) Object
+ Intersect(other Object) [][3]*Term
+ Merge(other Object) (Object, bool)
+ MergeWith(other Object, conflictResolver func(v1, v2 *Term) (*Term, bool)) (Object, bool)
+ Filter(filter Object) (Object, error)
+ Keys() []*Term
+ KeysIterator() ObjectKeysIterator
+ get(k *Term) *objectElem // To prevent external implementations
+}
+
+// NewObject creates a new Object with t.
+func NewObject(t ...[2]*Term) Object {
+ obj := newobject(len(t))
+ for i := range t {
+ obj.insert(t[i][0], t[i][1], false)
+ }
+ return obj
+}
+
+// ObjectTerm creates a new Term with an Object value.
+func ObjectTerm(o ...[2]*Term) *Term {
+ return &Term{Value: NewObject(o...)}
+}
+
+func LazyObject(blob map[string]any) Object {
+ return &lazyObj{native: blob, cache: map[string]Value{}}
+}
+
+type lazyObj struct {
+ strict Object
+ cache map[string]Value
+ native map[string]any
+}
+
+func (l *lazyObj) force() Object {
+ if l.strict == nil {
+ l.strict = MustInterfaceToValue(l.native).(Object)
+ // NOTE(jf): a possible performance improvement here would be to check how many
+ // entries have been realized to AST in the cache, and if some threshold compared to the
+ // total number of keys is exceeded, realize the remaining entries and set l.strict to l.cache.
+ l.cache = map[string]Value{} // We don't need the cache anymore; drop it to free up memory.
+ }
+ return l.strict
+}
+
+func (l *lazyObj) Compare(other Value) int {
+ o1 := sortOrder(l)
+ o2 := sortOrder(other)
+ if o1 < o2 {
+ return -1
+ } else if o2 < o1 {
+ return 1
+ }
+ return l.force().Compare(other)
+}
+
+func (l *lazyObj) Copy() Object {
+ return l
+}
+
+func (l *lazyObj) Diff(other Object) Object {
+ return l.force().Diff(other)
+}
+
+func (l *lazyObj) Intersect(other Object) [][3]*Term {
+ return l.force().Intersect(other)
+}
+
+func (l *lazyObj) Iter(f func(*Term, *Term) error) error {
+ return l.force().Iter(f)
+}
+
+func (l *lazyObj) Until(f func(*Term, *Term) bool) bool {
+ // NOTE(sr): there could be benefits in not forcing here -- if we abort because
+ // `f` returns true, we could save us from converting the rest of the object.
+ return l.force().Until(f)
+}
+
+func (l *lazyObj) Foreach(f func(*Term, *Term)) {
+ l.force().Foreach(f)
+}
+
+func (l *lazyObj) Filter(filter Object) (Object, error) {
+ return l.force().Filter(filter)
+}
+
+func (l *lazyObj) Map(f func(*Term, *Term) (*Term, *Term, error)) (Object, error) {
+ return l.force().Map(f)
+}
+
+func (l *lazyObj) MarshalJSON() ([]byte, error) {
+ return l.force().(*object).MarshalJSON()
+}
+
+func (l *lazyObj) Merge(other Object) (Object, bool) {
+ return l.force().Merge(other)
+}
+
+func (l *lazyObj) MergeWith(other Object, conflictResolver func(v1, v2 *Term) (*Term, bool)) (Object, bool) {
+ return l.force().MergeWith(other, conflictResolver)
+}
+
+func (l *lazyObj) Len() int {
+ return len(l.native)
+}
+
+func (l *lazyObj) String() string {
+ return l.force().String()
+}
+
+// get is merely there to implement the Object interface -- `get` there serves the
+// purpose of prohibiting external implementations. It's never called for lazyObj.
+func (*lazyObj) get(*Term) *objectElem {
+ return nil
+}
+
+func (l *lazyObj) Get(k *Term) *Term {
+ if l.strict != nil {
+ return l.strict.Get(k)
+ }
+ if s, ok := k.Value.(String); ok {
+ if v, ok := l.cache[string(s)]; ok {
+ return NewTerm(v)
+ }
+
+ if val, ok := l.native[string(s)]; ok {
+ var converted Value
+ switch val := val.(type) {
+ case map[string]any:
+ converted = LazyObject(val)
+ default:
+ converted = MustInterfaceToValue(val)
+ }
+ l.cache[string(s)] = converted
+ return NewTerm(converted)
+ }
+ }
+ return nil
+}
+
+func (l *lazyObj) Insert(k, v *Term) {
+ l.force().Insert(k, v)
+}
+
+func (*lazyObj) IsGround() bool {
+ return true
+}
+
+func (l *lazyObj) Hash() int {
+ return l.force().Hash()
+}
+
+func (l *lazyObj) Keys() []*Term {
+ if l.strict != nil {
+ return l.strict.Keys()
+ }
+ ret := make([]*Term, 0, len(l.native))
+ for k := range l.native {
+ ret = append(ret, StringTerm(k))
+ }
+ slices.SortFunc(ret, TermValueCompare)
+
+ return ret
+}
+
+func (l *lazyObj) KeysIterator() ObjectKeysIterator {
+ return &lazyObjKeysIterator{keys: l.Keys()}
+}
+
+type lazyObjKeysIterator struct {
+ current int
+ keys []*Term
+}
+
+func (ki *lazyObjKeysIterator) Next() (*Term, bool) {
+ if ki.current == len(ki.keys) {
+ return nil, false
+ }
+ ki.current++
+ return ki.keys[ki.current-1], true
+}
+
+func (l *lazyObj) Find(path Ref) (Value, error) {
+ if l.strict != nil {
+ return l.strict.Find(path)
+ }
+ if len(path) == 0 {
+ return l, nil
+ }
+ if p0, ok := path[0].Value.(String); ok {
+ if v, ok := l.cache[string(p0)]; ok {
+ return v.Find(path[1:])
+ }
+
+ if v, ok := l.native[string(p0)]; ok {
+ var converted Value
+ switch v := v.(type) {
+ case map[string]any:
+ converted = LazyObject(v)
+ default:
+ converted = MustInterfaceToValue(v)
+ }
+ l.cache[string(p0)] = converted
+ return converted.Find(path[1:])
+ }
+ }
+ return nil, errFindNotFound
+}
+
+type object struct {
+ elems map[int]*objectElem
+ keys objectElemSlice
+ ground int // number of key and value grounds. Counting is
+ // required to support insert's key-value replace.
+ hash int
+ sortGuard sync.Once // Prevents race condition around sorting.
+}
+
+func newobject(n int) *object {
+ var keys objectElemSlice
+ if n > 0 {
+ keys = make(objectElemSlice, 0, n)
+ }
+ return &object{
+ elems: make(map[int]*objectElem, n),
+ keys: keys,
+ ground: 0,
+ hash: 0,
+ sortGuard: sync.Once{},
+ }
+}
+
+type objectElem struct {
+ key *Term
+ value *Term
+ next *objectElem
+}
+
+type objectElemSlice []*objectElem
+
+func (s objectElemSlice) Less(i, j int) bool { return Compare(s[i].key.Value, s[j].key.Value) < 0 }
+func (s objectElemSlice) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+func (s objectElemSlice) Len() int { return len(s) }
+
+// Item is a helper for constructing an tuple containing two Terms
+// representing a key/value pair in an Object.
+func Item(key, value *Term) [2]*Term {
+ return [2]*Term{key, value}
+}
+
+func (obj *object) sortedKeys() objectElemSlice {
+ obj.sortGuard.Do(func() {
+ slices.SortFunc(obj.keys, func(a, b *objectElem) int {
+ return a.key.Value.Compare(b.key.Value)
+ })
+ })
+ return obj.keys
+}
+
+// Compare compares obj to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (obj *object) Compare(other Value) int {
+ if x, ok := other.(*lazyObj); ok {
+ other = x.force()
+ }
+ o1 := sortOrder(obj)
+ o2 := sortOrder(other)
+ if o1 < o2 {
+ return -1
+ } else if o2 < o1 {
+ return 1
+ }
+ a := obj
+ b := other.(*object)
+ // Ensure that keys are in canonical sorted order before use!
+ akeys := a.sortedKeys()
+ bkeys := b.sortedKeys()
+ minLen := len(akeys)
+ if len(b.keys) < len(akeys) {
+ minLen = len(bkeys)
+ }
+ for i := range minLen {
+ keysCmp := Compare(akeys[i].key, bkeys[i].key)
+ if keysCmp < 0 {
+ return -1
+ }
+ if keysCmp > 0 {
+ return 1
+ }
+ valA := akeys[i].value
+ valB := bkeys[i].value
+ valCmp := Compare(valA, valB)
+ if valCmp != 0 {
+ return valCmp
+ }
+ }
+ if len(akeys) < len(bkeys) {
+ return -1
+ }
+ if len(bkeys) < len(akeys) {
+ return 1
+ }
+ return 0
+}
+
+// Find returns the value at the key or undefined.
+func (obj *object) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return obj, nil
+ }
+ term := obj.Get(path[0])
+ if term == nil {
+ return nil, errFindNotFound
+ }
+ // Using Find on scalar values costs an allocation (type -> Value conversion)
+ // and since we already have the Value here, we can avoid that.
+ if len(path) == 1 && IsScalar(term.Value) {
+ return term.Value, nil
+ }
+
+ return term.Value.Find(path[1:])
+}
+
+func (obj *object) Insert(k, v *Term) {
+ obj.insert(k, v, true)
+}
+
+// Get returns the value of k in obj if k exists, otherwise nil.
+func (obj *object) Get(k *Term) *Term {
+ if elem := obj.get(k); elem != nil {
+ return elem.value
+ }
+ return nil
+}
+
+// Hash returns the hash code for the Value.
+func (obj *object) Hash() int {
+ return obj.hash
+}
+
+// IsGround returns true if all of the Object key/value pairs are ground.
+func (obj *object) IsGround() bool {
+ return obj.ground == 2*len(obj.keys)
+}
+
+// Copy returns a deep copy of obj.
+func (obj *object) Copy() Object {
+ cpy, _ := obj.Map(func(k, v *Term) (*Term, *Term, error) {
+ return k.Copy(), v.Copy(), nil
+ })
+ cpy.(*object).hash = obj.hash
+ return cpy
+}
+
+// Diff returns a new Object that contains only the key/value pairs that exist in obj.
+func (obj *object) Diff(other Object) Object {
+ r := newobject(obj.Len())
+ for _, node := range obj.sortedKeys() {
+ if other.Get(node.key) == nil {
+ r.insert(node.key, node.value, false)
+ }
+ }
+ return r
+}
+
+// Intersect returns a slice of term triplets that represent the intersection of keys
+// between obj and other. For each intersecting key, the values from obj and other are included
+// as the last two terms in the triplet (respectively).
+func (obj *object) Intersect(other Object) [][3]*Term {
+ r := [][3]*Term{}
+ obj.Foreach(func(k, v *Term) {
+ if v2 := other.Get(k); v2 != nil {
+ r = append(r, [3]*Term{k, v, v2})
+ }
+ })
+ return r
+}
+
+// Iter calls the function f for each key-value pair in the object. If f
+// returns an error, iteration stops and the error is returned.
+func (obj *object) Iter(f func(*Term, *Term) error) error {
+ for _, node := range obj.sortedKeys() {
+ if err := f(node.key, node.value); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// Until calls f for each key-value pair in the object. If f returns
+// true, iteration stops and Until returns true. Otherwise, return
+// false.
+func (obj *object) Until(f func(*Term, *Term) bool) bool {
+ for _, node := range obj.sortedKeys() {
+ if f(node.key, node.value) {
+ return true
+ }
+ }
+ return false
+}
+
+// Foreach calls f for each key-value pair in the object.
+func (obj *object) Foreach(f func(*Term, *Term)) {
+ for _, node := range obj.sortedKeys() {
+ f(node.key, node.value)
+ }
+}
+
+// Map returns a new Object constructed by mapping each element in the object
+// using the function f. If f returns an error, the error is returned by Map.
+// If f return a nil key, the element is skipped.
+func (obj *object) Map(f func(*Term, *Term) (*Term, *Term, error)) (Object, error) {
+ cpy := newobject(obj.Len())
+ for _, node := range obj.sortedKeys() {
+ k, v, err := f(node.key, node.value)
+ if err != nil {
+ return nil, err
+ }
+ if k != nil {
+ cpy.insert(k, v, false)
+ }
+ }
+ return cpy, nil
+}
+
+// Keys returns the keys of obj.
+func (obj *object) Keys() []*Term {
+ keys := make([]*Term, len(obj.keys))
+
+ for i, elem := range obj.sortedKeys() {
+ keys[i] = elem.key
+ }
+
+ return keys
+}
+
+// Returns an iterator over the obj's keys.
+func (obj *object) KeysIterator() ObjectKeysIterator {
+ return newobjectKeysIterator(obj)
+}
+
+// MarshalJSON returns JSON encoded bytes representing obj.
+func (obj *object) MarshalJSON() ([]byte, error) {
+ sl := make([][2]*Term, obj.Len())
+ for i, node := range obj.sortedKeys() {
+ sl[i] = Item(node.key, node.value)
+ }
+ return json.Marshal(sl)
+}
+
+// Merge returns a new Object containing the non-overlapping keys of obj and other. If there are
+// overlapping keys between obj and other, the values of associated with the keys are merged. Only
+// objects can be merged with other objects. If the values cannot be merged, the second turn value
+// will be false.
+func (obj *object) Merge(other Object) (Object, bool) {
+ return obj.MergeWith(other, func(v1, v2 *Term) (*Term, bool) {
+ obj1, ok1 := v1.Value.(Object)
+ obj2, ok2 := v2.Value.(Object)
+ if !ok1 || !ok2 {
+ return nil, true
+ }
+ obj3, ok := obj1.Merge(obj2)
+ if !ok {
+ return nil, true
+ }
+ return NewTerm(obj3), false
+ })
+}
+
+// MergeWith returns a new Object containing the merged keys of obj and other.
+// If there are overlapping keys between obj and other, the conflictResolver
+// is called. The conflictResolver can return a merged value and a boolean
+// indicating if the merge has failed and should stop.
+func (obj *object) MergeWith(other Object, conflictResolver func(v1, v2 *Term) (*Term, bool)) (Object, bool) {
+ result := NewObject()
+ stop := obj.Until(func(k, v *Term) bool {
+ v2 := other.Get(k)
+ // The key didn't exist in other, keep the original value
+ if v2 == nil {
+ result.Insert(k, v)
+ return false
+ }
+
+ // The key exists in both, resolve the conflict if possible
+ merged, stop := conflictResolver(v, v2)
+ if !stop {
+ result.Insert(k, merged)
+ }
+ return stop
+ })
+
+ if stop {
+ return nil, false
+ }
+
+ // Copy in any values from other for keys that don't exist in obj
+ other.Foreach(func(k, v *Term) {
+ if v2 := obj.Get(k); v2 == nil {
+ result.Insert(k, v)
+ }
+ })
+ return result, true
+}
+
+// Filter returns a new object from values in obj where the keys are
+// found in filter. Array indices for values can be specified as
+// number strings.
+func (obj *object) Filter(filter Object) (Object, error) {
+ filtered, err := filterObject(obj, filter)
+ if err != nil {
+ return nil, err
+ }
+ return filtered.(Object), nil
+}
+
+// Len returns the number of elements in the object.
+func (obj *object) Len() int {
+ return len(obj.keys)
+}
+
+func (obj *object) String() string {
+ sb := sbPool.Get()
+ sb.Grow(obj.Len() * 32)
+
+ defer sbPool.Put(sb)
+
+ sb.WriteByte('{')
+
+ for i, elem := range obj.sortedKeys() {
+ if i > 0 {
+ sb.WriteString(", ")
+ }
+ sb.WriteString(elem.key.String())
+ sb.WriteString(": ")
+ sb.WriteString(elem.value.String())
+ }
+ sb.WriteByte('}')
+
+ return sb.String()
+}
+
+func (obj *object) get(k *Term) *objectElem {
+ hash := k.Hash()
+
+ // This `equal` utility is duplicated and manually inlined a number of
+ // time in this file. Inlining it avoids heap allocations, so it makes
+ // a big performance difference: some operations like lookup become twice
+ // as slow without it.
+ var equal func(v Value) bool
+
+ switch x := k.Value.(type) {
+ case Null, Boolean, String, Var:
+ equal = func(y Value) bool { return x == y }
+ case Number:
+ if xi, ok := x.Int64(); ok {
+ equal = func(y Value) bool {
+ if y, ok := y.(Number); ok {
+ if yi, ok := y.Int64(); ok {
+ return xi == yi
+ }
+ }
+
+ return false
+ }
+ break
+ }
+
+ // We use big.Rat for comparing big numbers.
+ // It replaces big.Float due to following reason:
+ // big.Float comes with a default precision of 64, and setting a
+ // larger precision results in more memory being allocated
+ // (regardless of the actual number we are parsing with SetString).
+ //
+ // Note: If we're so close to zero that big.Float says we are zero, do
+ // *not* big.Rat).SetString on the original string it'll potentially
+ // take very long.
+ var a *big.Rat
+ fa, ok := new(big.Float).SetString(string(x))
+ if !ok {
+ panic("illegal value")
+ }
+ if fa.IsInt() {
+ if i, _ := fa.Int64(); i == 0 {
+ a = new(big.Rat).SetInt64(0)
+ }
+ }
+ if a == nil {
+ a, ok = new(big.Rat).SetString(string(x))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ equal = func(b Value) bool {
+ if bNum, ok := b.(Number); ok {
+ var b *big.Rat
+ fb, ok := new(big.Float).SetString(string(bNum))
+ if !ok {
+ panic("illegal value")
+ }
+ if fb.IsInt() {
+ if i, _ := fb.Int64(); i == 0 {
+ b = new(big.Rat).SetInt64(0)
+ }
+ }
+ if b == nil {
+ b, ok = new(big.Rat).SetString(string(bNum))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ return a.Cmp(b) == 0
+ }
+
+ return false
+ }
+ default:
+ equal = func(y Value) bool { return Compare(x, y) == 0 }
+ }
+
+ for curr := obj.elems[hash]; curr != nil; curr = curr.next {
+ if equal(curr.key.Value) {
+ return curr
+ }
+ }
+ return nil
+}
+
+// NOTE(philipc): We assume a many-readers, single-writer model here.
+// This method should NOT be used concurrently, or else we risk data races.
+func (obj *object) insert(k, v *Term, resetSortGuard bool) {
+ hash := k.Hash()
+ head := obj.elems[hash]
+ // This `equal` utility is duplicated and manually inlined a number of
+ // time in this file. Inlining it avoids heap allocations, so it makes
+ // a big performance difference: some operations like lookup become twice
+ // as slow without it.
+ var equal func(v Value) bool
+
+ switch x := k.Value.(type) {
+ case Null, Boolean, String, Var:
+ equal = func(y Value) bool { return x == y }
+ case Number:
+ if xi, err := json.Number(x).Int64(); err == nil {
+ equal = func(y Value) bool {
+ if y, ok := y.(Number); ok {
+ if yi, err := json.Number(y).Int64(); err == nil {
+ return xi == yi
+ }
+ }
+
+ return false
+ }
+ break
+ }
+
+ // We use big.Rat for comparing big numbers.
+ // It replaces big.Float due to following reason:
+ // big.Float comes with a default precision of 64, and setting a
+ // larger precision results in more memory being allocated
+ // (regardless of the actual number we are parsing with SetString).
+ //
+ // Note: If we're so close to zero that big.Float says we are zero, do
+ // *not* big.Rat).SetString on the original string it'll potentially
+ // take very long.
+ var a *big.Rat
+ fa, ok := new(big.Float).SetString(string(x))
+ if !ok {
+ panic("illegal value")
+ }
+ if fa.IsInt() {
+ if i, _ := fa.Int64(); i == 0 {
+ a = new(big.Rat).SetInt64(0)
+ }
+ }
+ if a == nil {
+ a, ok = new(big.Rat).SetString(string(x))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ equal = func(b Value) bool {
+ if bNum, ok := b.(Number); ok {
+ var b *big.Rat
+ fb, ok := new(big.Float).SetString(string(bNum))
+ if !ok {
+ panic("illegal value")
+ }
+ if fb.IsInt() {
+ if i, _ := fb.Int64(); i == 0 {
+ b = new(big.Rat).SetInt64(0)
+ }
+ }
+ if b == nil {
+ b, ok = new(big.Rat).SetString(string(bNum))
+ if !ok {
+ panic("illegal value")
+ }
+ }
+
+ return a.Cmp(b) == 0
+ }
+
+ return false
+ }
+ default:
+ equal = func(y Value) bool { return Compare(x, y) == 0 }
+ }
+
+ for curr := head; curr != nil; curr = curr.next {
+ if equal(curr.key.Value) {
+ // The ground bit of the value may change in
+ // replace, hence adjust the counter per old
+ // and new value.
+
+ if curr.value.IsGround() {
+ obj.ground--
+ }
+ if v.IsGround() {
+ obj.ground++
+ }
+
+ curr.value = v
+
+ obj.rehash()
+ return
+ }
+ }
+ elem := &objectElem{
+ key: k,
+ value: v,
+ next: head,
+ }
+ obj.elems[hash] = elem
+ // O(1) insertion, but we'll have to re-sort the keys later.
+ obj.keys = append(obj.keys, elem)
+
+ if resetSortGuard {
+ // Reset the sync.Once instance.
+ // See https://github.com/golang/go/issues/25955 for why we do it this way.
+ // Note that this will always be the case when external code calls insert via
+ // Add, or otherwise. Internal code may however benefit from not having to
+ // re-create this when it's known not to be needed.
+ obj.sortGuard = sync.Once{}
+ }
+
+ obj.hash += hash + v.Hash()
+
+ if k.IsGround() {
+ obj.ground++
+ }
+ if v.IsGround() {
+ obj.ground++
+ }
+}
+
+func (obj *object) rehash() {
+ // obj.keys is considered truth, from which obj.hash and obj.elems are recalculated.
+
+ obj.hash = 0
+ obj.elems = make(map[int]*objectElem, len(obj.keys))
+
+ for _, elem := range obj.keys {
+ hash := elem.key.Hash()
+ obj.hash += hash + elem.value.Hash()
+ obj.elems[hash] = elem
+ }
+}
+
+func filterObject(o Value, filter Value) (Value, error) {
+ if (Null{}).Equal(filter) {
+ return o, nil
+ }
+
+ filteredObj, ok := filter.(*object)
+ if !ok {
+ return nil, fmt.Errorf("invalid filter value %q, expected an object", filter)
+ }
+
+ switch v := o.(type) {
+ case String, Number, Boolean, Null:
+ return o, nil
+ case *Array:
+ values := NewArray()
+ for i := range v.Len() {
+ subFilter := filteredObj.Get(InternedIntegerString(i))
+ if subFilter != nil {
+ filteredValue, err := filterObject(v.Elem(i).Value, subFilter.Value)
+ if err != nil {
+ return nil, err
+ }
+ values = values.Append(NewTerm(filteredValue))
+ }
+ }
+ return values, nil
+ case Set:
+ terms := make([]*Term, 0, v.Len())
+ for _, t := range v.Slice() {
+ if filteredObj.Get(t) != nil {
+ filteredValue, err := filterObject(t.Value, filteredObj.Get(t).Value)
+ if err != nil {
+ return nil, err
+ }
+ terms = append(terms, NewTerm(filteredValue))
+ }
+ }
+ return NewSet(terms...), nil
+ case *object:
+ values := NewObject()
+
+ iterObj := v
+ other := filteredObj
+ if v.Len() < filteredObj.Len() {
+ iterObj = filteredObj
+ other = v
+ }
+
+ err := iterObj.Iter(func(key *Term, _ *Term) error {
+ if other.Get(key) != nil {
+ filteredValue, err := filterObject(v.Get(key).Value, filteredObj.Get(key).Value)
+ if err != nil {
+ return err
+ }
+ values.Insert(key, NewTerm(filteredValue))
+ }
+ return nil
+ })
+ return values, err
+ default:
+ return nil, fmt.Errorf("invalid object value type %q", v)
+ }
+}
+
+// NOTE(philipc): The only way to get an ObjectKeyIterator should be
+// from an Object. This ensures that the iterator can have implementation-
+// specific details internally, with no contracts except to the very
+// limited interface.
+type ObjectKeysIterator interface {
+ Next() (*Term, bool)
+}
+
+type objectKeysIterator struct {
+ obj *object
+ numKeys int
+ index int
+}
+
+func newobjectKeysIterator(o *object) ObjectKeysIterator {
+ return &objectKeysIterator{
+ obj: o,
+ numKeys: o.Len(),
+ index: 0,
+ }
+}
+
+func (oki *objectKeysIterator) Next() (*Term, bool) {
+ if oki.index == oki.numKeys || oki.numKeys == 0 {
+ return nil, false
+ }
+ oki.index++
+ return oki.obj.sortedKeys()[oki.index-1].key, true
+}
+
+// ArrayComprehension represents an array comprehension as defined in the language.
+type ArrayComprehension struct {
+ Term *Term `json:"term"`
+ Body Body `json:"body"`
+}
+
+// ArrayComprehensionTerm creates a new Term with an ArrayComprehension value.
+func ArrayComprehensionTerm(term *Term, body Body) *Term {
+ return &Term{
+ Value: &ArrayComprehension{
+ Term: term,
+ Body: body,
+ },
+ }
+}
+
+// Copy returns a deep copy of ac.
+func (ac *ArrayComprehension) Copy() *ArrayComprehension {
+ cpy := *ac
+ cpy.Body = ac.Body.Copy()
+ cpy.Term = ac.Term.Copy()
+ return &cpy
+}
+
+// Equal returns true if ac is equal to other.
+func (ac *ArrayComprehension) Equal(other Value) bool {
+ return Compare(ac, other) == 0
+}
+
+// Compare compares ac to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (ac *ArrayComprehension) Compare(other Value) int {
+ return Compare(ac, other)
+}
+
+// Find returns the current value or a not found error.
+func (ac *ArrayComprehension) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return ac, nil
+ }
+ return nil, errFindNotFound
+}
+
+// Hash returns the hash code of the Value.
+func (ac *ArrayComprehension) Hash() int {
+ return ac.Term.Hash() + ac.Body.Hash()
+}
+
+// IsGround returns true if the Term and Body are ground.
+func (ac *ArrayComprehension) IsGround() bool {
+ return ac.Term.IsGround() && ac.Body.IsGround()
+}
+
+func (ac *ArrayComprehension) String() string {
+ return "[" + ac.Term.String() + " | " + ac.Body.String() + "]"
+}
+
+// ObjectComprehension represents an object comprehension as defined in the language.
+type ObjectComprehension struct {
+ Key *Term `json:"key"`
+ Value *Term `json:"value"`
+ Body Body `json:"body"`
+}
+
+// ObjectComprehensionTerm creates a new Term with an ObjectComprehension value.
+func ObjectComprehensionTerm(key, value *Term, body Body) *Term {
+ return &Term{
+ Value: &ObjectComprehension{
+ Key: key,
+ Value: value,
+ Body: body,
+ },
+ }
+}
+
+// Copy returns a deep copy of oc.
+func (oc *ObjectComprehension) Copy() *ObjectComprehension {
+ cpy := *oc
+ cpy.Body = oc.Body.Copy()
+ cpy.Key = oc.Key.Copy()
+ cpy.Value = oc.Value.Copy()
+ return &cpy
+}
+
+// Equal returns true if oc is equal to other.
+func (oc *ObjectComprehension) Equal(other Value) bool {
+ return Compare(oc, other) == 0
+}
+
+// Compare compares oc to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (oc *ObjectComprehension) Compare(other Value) int {
+ return Compare(oc, other)
+}
+
+// Find returns the current value or a not found error.
+func (oc *ObjectComprehension) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return oc, nil
+ }
+ return nil, errFindNotFound
+}
+
+// Hash returns the hash code of the Value.
+func (oc *ObjectComprehension) Hash() int {
+ return oc.Key.Hash() + oc.Value.Hash() + oc.Body.Hash()
+}
+
+// IsGround returns true if the Key, Value and Body are ground.
+func (oc *ObjectComprehension) IsGround() bool {
+ return oc.Key.IsGround() && oc.Value.IsGround() && oc.Body.IsGround()
+}
+
+func (oc *ObjectComprehension) String() string {
+ return "{" + oc.Key.String() + ": " + oc.Value.String() + " | " + oc.Body.String() + "}"
+}
+
+// SetComprehension represents a set comprehension as defined in the language.
+type SetComprehension struct {
+ Term *Term `json:"term"`
+ Body Body `json:"body"`
+}
+
+// SetComprehensionTerm creates a new Term with an SetComprehension value.
+func SetComprehensionTerm(term *Term, body Body) *Term {
+ return &Term{
+ Value: &SetComprehension{
+ Term: term,
+ Body: body,
+ },
+ }
+}
+
+// Copy returns a deep copy of sc.
+func (sc *SetComprehension) Copy() *SetComprehension {
+ cpy := *sc
+ cpy.Body = sc.Body.Copy()
+ cpy.Term = sc.Term.Copy()
+ return &cpy
+}
+
+// Equal returns true if sc is equal to other.
+func (sc *SetComprehension) Equal(other Value) bool {
+ return Compare(sc, other) == 0
+}
+
+// Compare compares sc to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (sc *SetComprehension) Compare(other Value) int {
+ return Compare(sc, other)
+}
+
+// Find returns the current value or a not found error.
+func (sc *SetComprehension) Find(path Ref) (Value, error) {
+ if len(path) == 0 {
+ return sc, nil
+ }
+ return nil, errFindNotFound
+}
+
+// Hash returns the hash code of the Value.
+func (sc *SetComprehension) Hash() int {
+ return sc.Term.Hash() + sc.Body.Hash()
+}
+
+// IsGround returns true if the Term and Body are ground.
+func (sc *SetComprehension) IsGround() bool {
+ return sc.Term.IsGround() && sc.Body.IsGround()
+}
+
+func (sc *SetComprehension) String() string {
+ return "{" + sc.Term.String() + " | " + sc.Body.String() + "}"
+}
+
+// Call represents as function call in the language.
+type Call []*Term
+
+// CallTerm returns a new Term with a Call value defined by terms. The first
+// term is the operator and the rest are operands.
+func CallTerm(terms ...*Term) *Term {
+ return NewTerm(Call(terms))
+}
+
+// Copy returns a deep copy of c.
+func (c Call) Copy() Call {
+ return termSliceCopy(c)
+}
+
+// Compare compares c to other, return <0, 0, or >0 if it is less than, equal to,
+// or greater than other.
+func (c Call) Compare(other Value) int {
+ return Compare(c, other)
+}
+
+// Find returns the current value or a not found error.
+func (Call) Find(Ref) (Value, error) {
+ return nil, errFindNotFound
+}
+
+// Hash returns the hash code for the Value.
+func (c Call) Hash() int {
+ return termSliceHash(c)
+}
+
+// IsGround returns true if the Value is ground.
+func (c Call) IsGround() bool {
+ return termSliceIsGround(c)
+}
+
+// MakeExpr returns an ew Expr from this call.
+func (c Call) MakeExpr(output *Term) *Expr {
+ terms := []*Term(c)
+ return NewExpr(append(terms, output))
+}
+
+func (c Call) String() string {
+ args := make([]string, len(c)-1)
+ for i := 1; i < len(c); i++ {
+ args[i-1] = c[i].String()
+ }
+ return fmt.Sprintf("%v(%v)", c[0], strings.Join(args, ", "))
+}
+
+func termSliceCopy(a []*Term) []*Term {
+ cpy := make([]*Term, len(a))
+ for i := range a {
+ cpy[i] = a[i].Copy()
+ }
+ return cpy
+}
+
+func termSliceEqual(a, b []*Term) bool {
+ if len(a) == len(b) {
+ for i := range a {
+ if !a[i].Equal(b[i]) {
+ return false
+ }
+ }
+ return true
+ }
+ return false
+}
+
+func termSliceHash(a []*Term) int {
+ var hash int
+ for _, v := range a {
+ hash += v.Value.Hash()
+ }
+ return hash
+}
+
+func termSliceIsGround(a []*Term) bool {
+ for _, v := range a {
+ if !v.IsGround() {
+ return false
+ }
+ }
+ return true
+}
+
+// Detect when String() need to use expensive JSON‐escaped form
+func isControlOrBackslash(r rune) bool {
+ return r == '\\' || unicode.IsControl(r)
+}
+
+// NOTE(tsandall): The unmarshalling errors in these functions are not
+// helpful for callers because they do not identify the source of the
+// unmarshalling error. Because OPA doesn't accept JSON describing ASTs
+// from callers, this is acceptable (for now). If that changes in the future,
+// the error messages should be revisited. The current approach focuses
+// on the happy path and treats all errors the same. If better error
+// reporting is needed, the error paths will need to be fleshed out.
+
+func unmarshalBody(b []any) (Body, error) {
+ buf := Body{}
+ for _, e := range b {
+ if m, ok := e.(map[string]any); ok {
+ expr := &Expr{}
+ if err := unmarshalExpr(expr, m); err == nil {
+ buf = append(buf, expr)
+ continue
+ }
+ }
+ goto unmarshal_error
+ }
+ return buf, nil
+unmarshal_error:
+ return nil, errors.New("ast: unable to unmarshal body")
+}
+
+func unmarshalExpr(expr *Expr, v map[string]any) error {
+ if x, ok := v["negated"]; ok {
+ if b, ok := x.(bool); ok {
+ expr.Negated = b
+ } else {
+ return fmt.Errorf("ast: unable to unmarshal negated field with type: %T (expected true or false)", v["negated"])
+ }
+ }
+ if generatedRaw, ok := v["generated"]; ok {
+ if b, ok := generatedRaw.(bool); ok {
+ expr.Generated = b
+ } else {
+ return fmt.Errorf("ast: unable to unmarshal generated field with type: %T (expected true or false)", v["generated"])
+ }
+ }
+
+ if err := unmarshalExprIndex(expr, v); err != nil {
+ return err
+ }
+ switch ts := v["terms"].(type) {
+ case map[string]any:
+ t, err := unmarshalTerm(ts)
+ if err != nil {
+ return err
+ }
+ expr.Terms = t
+ case []any:
+ terms, err := unmarshalTermSlice(ts)
+ if err != nil {
+ return err
+ }
+ expr.Terms = terms
+ default:
+ return fmt.Errorf(`ast: unable to unmarshal terms field with type: %T (expected {"value": ..., "type": ...} or [{"value": ..., "type": ...}, ...])`, v["terms"])
+ }
+ if x, ok := v["with"]; ok {
+ if sl, ok := x.([]any); ok {
+ ws := make([]*With, len(sl))
+ for i := range sl {
+ var err error
+ ws[i], err = unmarshalWith(sl[i])
+ if err != nil {
+ return err
+ }
+ }
+ expr.With = ws
+ }
+ }
+ if loc, ok := v["location"].(map[string]any); ok {
+ expr.Location = &Location{}
+ if err := unmarshalLocation(expr.Location, loc); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func unmarshalLocation(loc *Location, v map[string]any) error {
+ if x, ok := v["file"]; ok {
+ if s, ok := x.(string); ok {
+ loc.File = s
+ } else {
+ return fmt.Errorf("ast: unable to unmarshal file field with type: %T (expected string)", v["file"])
+ }
+ }
+ if x, ok := v["row"]; ok {
+ if n, ok := x.(json.Number); ok {
+ i64, err := n.Int64()
+ if err != nil {
+ return err
+ }
+ loc.Row = int(i64)
+ } else {
+ return fmt.Errorf("ast: unable to unmarshal row field with type: %T (expected number)", v["row"])
+ }
+ }
+ if x, ok := v["col"]; ok {
+ if n, ok := x.(json.Number); ok {
+ i64, err := n.Int64()
+ if err != nil {
+ return err
+ }
+ loc.Col = int(i64)
+ } else {
+ return fmt.Errorf("ast: unable to unmarshal col field with type: %T (expected number)", v["col"])
+ }
+ }
+
+ return nil
+}
+
+func unmarshalExprIndex(expr *Expr, v map[string]any) error {
+ if x, ok := v["index"]; ok {
+ if n, ok := x.(json.Number); ok {
+ i, err := n.Int64()
+ if err == nil {
+ expr.Index = int(i)
+ return nil
+ }
+ }
+ }
+ return fmt.Errorf("ast: unable to unmarshal index field with type: %T (expected integer)", v["index"])
+}
+
+func unmarshalTerm(m map[string]any) (*Term, error) {
+ var term Term
+
+ v, err := unmarshalValue(m)
+ if err != nil {
+ return nil, err
+ }
+ term.Value = v
+
+ if loc, ok := m["location"].(map[string]any); ok {
+ term.Location = &Location{}
+ if err := unmarshalLocation(term.Location, loc); err != nil {
+ return nil, err
+ }
+ }
+
+ return &term, nil
+}
+
+func unmarshalTermSlice(s []any) ([]*Term, error) {
+ buf := []*Term{}
+ for _, x := range s {
+ if m, ok := x.(map[string]any); ok {
+ t, err := unmarshalTerm(m)
+ if err == nil {
+ buf = append(buf, t)
+ continue
+ }
+ return nil, err
+ }
+ return nil, errors.New("ast: unable to unmarshal term")
+ }
+ return buf, nil
+}
+
+func unmarshalTermSliceValue(d map[string]any) ([]*Term, error) {
+ if s, ok := d["value"].([]any); ok {
+ return unmarshalTermSlice(s)
+ }
+ return nil, errors.New(`ast: unable to unmarshal term (expected {"value": [...], "type": ...} where type is one of: ref, array, or set)`)
+}
+
+func unmarshalWith(i any) (*With, error) {
+ if m, ok := i.(map[string]any); ok {
+ tgt, _ := m["target"].(map[string]any)
+ target, err := unmarshalTerm(tgt)
+ if err == nil {
+ val, _ := m["value"].(map[string]any)
+ value, err := unmarshalTerm(val)
+ if err == nil {
+ return &With{
+ Target: target,
+ Value: value,
+ }, nil
+ }
+ return nil, err
+ }
+ return nil, err
+ }
+ return nil, errors.New(`ast: unable to unmarshal with modifier (expected {"target": {...}, "value": {...}})`)
+}
+
+func unmarshalValue(d map[string]any) (Value, error) {
+ v := d["value"]
+ switch d["type"] {
+ case "null":
+ return NullValue, nil
+ case "boolean":
+ if b, ok := v.(bool); ok {
+ return Boolean(b), nil
+ }
+ case "number":
+ if n, ok := v.(json.Number); ok {
+ return Number(n), nil
+ }
+ case "string":
+ if s, ok := v.(string); ok {
+ return String(s), nil
+ }
+ case "var":
+ if s, ok := v.(string); ok {
+ return Var(s), nil
+ }
+ case "ref":
+ if s, err := unmarshalTermSliceValue(d); err == nil {
+ return Ref(s), nil
+ }
+ case "array":
+ if s, err := unmarshalTermSliceValue(d); err == nil {
+ return NewArray(s...), nil
+ }
+ case "set":
+ if s, err := unmarshalTermSliceValue(d); err == nil {
+ return NewSet(s...), nil
+ }
+ case "object":
+ if s, ok := v.([]any); ok {
+ buf := NewObject()
+ for _, x := range s {
+ if i, ok := x.([]any); ok && len(i) == 2 {
+ p, err := unmarshalTermSlice(i)
+ if err == nil {
+ buf.Insert(p[0], p[1])
+ continue
+ }
+ }
+ goto unmarshal_error
+ }
+ return buf, nil
+ }
+ case "arraycomprehension", "setcomprehension":
+ if m, ok := v.(map[string]any); ok {
+ t, ok := m["term"].(map[string]any)
+ if !ok {
+ goto unmarshal_error
+ }
+
+ term, err := unmarshalTerm(t)
+ if err != nil {
+ goto unmarshal_error
+ }
+
+ b, ok := m["body"].([]any)
+ if !ok {
+ goto unmarshal_error
+ }
+
+ body, err := unmarshalBody(b)
+ if err != nil {
+ goto unmarshal_error
+ }
+
+ if d["type"] == "arraycomprehension" {
+ return &ArrayComprehension{Term: term, Body: body}, nil
+ }
+ return &SetComprehension{Term: term, Body: body}, nil
+ }
+ case "objectcomprehension":
+ if m, ok := v.(map[string]any); ok {
+ k, ok := m["key"].(map[string]any)
+ if !ok {
+ goto unmarshal_error
+ }
+
+ key, err := unmarshalTerm(k)
+ if err != nil {
+ goto unmarshal_error
+ }
+
+ v, ok := m["value"].(map[string]any)
+ if !ok {
+ goto unmarshal_error
+ }
+
+ value, err := unmarshalTerm(v)
+ if err != nil {
+ goto unmarshal_error
+ }
+
+ b, ok := m["body"].([]any)
+ if !ok {
+ goto unmarshal_error
+ }
+
+ body, err := unmarshalBody(b)
+ if err != nil {
+ goto unmarshal_error
+ }
+
+ return &ObjectComprehension{Key: key, Value: value, Body: body}, nil
+ }
+ case "call":
+ if s, err := unmarshalTermSliceValue(d); err == nil {
+ return Call(s), nil
+ }
+ }
+unmarshal_error:
+ return nil, errors.New("ast: unable to unmarshal term")
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/transform.go b/vendor/github.com/open-policy-agent/opa/v1/ast/transform.go
new file mode 100644
index 0000000000..197ab6457d
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/transform.go
@@ -0,0 +1,431 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "fmt"
+)
+
+// Transformer defines the interface for transforming AST elements. If the
+// transformer returns nil and does not indicate an error, the AST element will
+// be set to nil and no transformations will be applied to children of the
+// element.
+type Transformer interface {
+ Transform(any) (any, error)
+}
+
+// Transform iterates the AST and calls the Transform function on the
+// Transformer t for x before recursing.
+func Transform(t Transformer, x any) (any, error) {
+
+ if term, ok := x.(*Term); ok {
+ return Transform(t, term.Value)
+ }
+
+ y, err := t.Transform(x)
+ if err != nil {
+ return x, err
+ }
+
+ if y == nil {
+ return nil, nil
+ }
+
+ var ok bool
+ switch y := y.(type) {
+ case *Module:
+ p, err := Transform(t, y.Package)
+ if err != nil {
+ return nil, err
+ }
+ if y.Package, ok = p.(*Package); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y.Package, p)
+ }
+ for i := range y.Imports {
+ imp, err := Transform(t, y.Imports[i])
+ if err != nil {
+ return nil, err
+ }
+ if y.Imports[i], ok = imp.(*Import); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y.Imports[i], imp)
+ }
+ }
+ for i := range y.Rules {
+ rule, err := Transform(t, y.Rules[i])
+ if err != nil {
+ return nil, err
+ }
+ if y.Rules[i], ok = rule.(*Rule); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y.Rules[i], rule)
+ }
+ }
+ for i := range y.Annotations {
+ a, err := Transform(t, y.Annotations[i])
+ if err != nil {
+ return nil, err
+ }
+ if y.Annotations[i], ok = a.(*Annotations); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y.Annotations[i], a)
+ }
+ }
+ for i := range y.Comments {
+ comment, err := Transform(t, y.Comments[i])
+ if err != nil {
+ return nil, err
+ }
+ if y.Comments[i], ok = comment.(*Comment); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y.Comments[i], comment)
+ }
+ }
+ return y, nil
+ case *Package:
+ ref, err := Transform(t, y.Path)
+ if err != nil {
+ return nil, err
+ }
+ if y.Path, ok = ref.(Ref); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y.Path, ref)
+ }
+ return y, nil
+ case *Import:
+ y.Path, err = transformTerm(t, y.Path)
+ if err != nil {
+ return nil, err
+ }
+ if y.Alias, err = transformVar(t, y.Alias); err != nil {
+ return nil, err
+ }
+ return y, nil
+ case *Rule:
+ if y.Head, err = transformHead(t, y.Head); err != nil {
+ return nil, err
+ }
+ if y.Body, err = transformBody(t, y.Body); err != nil {
+ return nil, err
+ }
+ if y.Else != nil {
+ rule, err := Transform(t, y.Else)
+ if err != nil {
+ return nil, err
+ }
+ if y.Else, ok = rule.(*Rule); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y.Else, rule)
+ }
+ }
+ return y, nil
+ case *Head:
+ if y.Reference, err = transformRef(t, y.Reference); err != nil {
+ return nil, err
+ }
+ if y.Name, err = transformVar(t, y.Name); err != nil {
+ return nil, err
+ }
+ if y.Args, err = transformArgs(t, y.Args); err != nil {
+ return nil, err
+ }
+ if y.Key != nil {
+ if y.Key, err = transformTerm(t, y.Key); err != nil {
+ return nil, err
+ }
+ }
+ if y.Value != nil {
+ if y.Value, err = transformTerm(t, y.Value); err != nil {
+ return nil, err
+ }
+ }
+ return y, nil
+ case Args:
+ for i := range y {
+ if y[i], err = transformTerm(t, y[i]); err != nil {
+ return nil, err
+ }
+ }
+ return y, nil
+ case Body:
+ for i, e := range y {
+ e, err := Transform(t, e)
+ if err != nil {
+ return nil, err
+ }
+ if y[i], ok = e.(*Expr); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y[i], e)
+ }
+ }
+ return y, nil
+ case *Expr:
+ switch ts := y.Terms.(type) {
+ case *SomeDecl:
+ decl, err := Transform(t, ts)
+ if err != nil {
+ return nil, err
+ }
+ if y.Terms, ok = decl.(*SomeDecl); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y, decl)
+ }
+ return y, nil
+ case []*Term:
+ for i := range ts {
+ if ts[i], err = transformTerm(t, ts[i]); err != nil {
+ return nil, err
+ }
+ }
+ case *Term:
+ if y.Terms, err = transformTerm(t, ts); err != nil {
+ return nil, err
+ }
+ case *Every:
+ if ts.Key != nil {
+ ts.Key, err = transformTerm(t, ts.Key)
+ if err != nil {
+ return nil, err
+ }
+ }
+ ts.Value, err = transformTerm(t, ts.Value)
+ if err != nil {
+ return nil, err
+ }
+ ts.Domain, err = transformTerm(t, ts.Domain)
+ if err != nil {
+ return nil, err
+ }
+ ts.Body, err = transformBody(t, ts.Body)
+ if err != nil {
+ return nil, err
+ }
+ y.Terms = ts
+ }
+ for i, w := range y.With {
+ w, err := Transform(t, w)
+ if err != nil {
+ return nil, err
+ }
+ if y.With[i], ok = w.(*With); !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", y.With[i], w)
+ }
+ }
+ return y, nil
+ case *With:
+ if y.Target, err = transformTerm(t, y.Target); err != nil {
+ return nil, err
+ }
+ if y.Value, err = transformTerm(t, y.Value); err != nil {
+ return nil, err
+ }
+ return y, nil
+ case Ref:
+ for i, term := range y {
+ if y[i], err = transformTerm(t, term); err != nil {
+ return nil, err
+ }
+ }
+ return y, nil
+ case *object:
+ return y.Map(func(k, v *Term) (*Term, *Term, error) {
+ k, err := transformTerm(t, k)
+ if err != nil {
+ return nil, nil, err
+ }
+ v, err = transformTerm(t, v)
+ if err != nil {
+ return nil, nil, err
+ }
+ return k, v, nil
+ })
+ case *Array:
+ for i := range y.Len() {
+ v, err := transformTerm(t, y.Elem(i))
+ if err != nil {
+ return nil, err
+ }
+ y.set(i, v)
+ }
+ return y, nil
+ case Set:
+ y, err = y.Map(func(term *Term) (*Term, error) {
+ return transformTerm(t, term)
+ })
+ if err != nil {
+ return nil, err
+ }
+ return y, nil
+ case *ArrayComprehension:
+ if y.Term, err = transformTerm(t, y.Term); err != nil {
+ return nil, err
+ }
+ if y.Body, err = transformBody(t, y.Body); err != nil {
+ return nil, err
+ }
+ return y, nil
+ case *ObjectComprehension:
+ if y.Key, err = transformTerm(t, y.Key); err != nil {
+ return nil, err
+ }
+ if y.Value, err = transformTerm(t, y.Value); err != nil {
+ return nil, err
+ }
+ if y.Body, err = transformBody(t, y.Body); err != nil {
+ return nil, err
+ }
+ return y, nil
+ case *SetComprehension:
+ if y.Term, err = transformTerm(t, y.Term); err != nil {
+ return nil, err
+ }
+ if y.Body, err = transformBody(t, y.Body); err != nil {
+ return nil, err
+ }
+ return y, nil
+ case Call:
+ for i := range y {
+ if y[i], err = transformTerm(t, y[i]); err != nil {
+ return nil, err
+ }
+ }
+ return y, nil
+ default:
+ return y, nil
+ }
+}
+
+// TransformRefs calls the function f on all references under x.
+func TransformRefs(x any, f func(Ref) (Value, error)) (any, error) {
+ t := &GenericTransformer{func(x any) (any, error) {
+ if r, ok := x.(Ref); ok {
+ return f(r)
+ }
+ return x, nil
+ }}
+ return Transform(t, x)
+}
+
+// TransformVars calls the function f on all vars under x.
+func TransformVars(x any, f func(Var) (Value, error)) (any, error) {
+ t := &GenericTransformer{func(x any) (any, error) {
+ if v, ok := x.(Var); ok {
+ return f(v)
+ }
+ return x, nil
+ }}
+ return Transform(t, x)
+}
+
+// TransformComprehensions calls the functio nf on all comprehensions under x.
+func TransformComprehensions(x any, f func(any) (Value, error)) (any, error) {
+ t := &GenericTransformer{func(x any) (any, error) {
+ switch x := x.(type) {
+ case *ArrayComprehension:
+ return f(x)
+ case *SetComprehension:
+ return f(x)
+ case *ObjectComprehension:
+ return f(x)
+ }
+ return x, nil
+ }}
+ return Transform(t, x)
+}
+
+// GenericTransformer implements the Transformer interface to provide a utility
+// to transform AST nodes using a closure.
+type GenericTransformer struct {
+ f func(any) (any, error)
+}
+
+// NewGenericTransformer returns a new GenericTransformer that will transform
+// AST nodes using the function f.
+func NewGenericTransformer(f func(x any) (any, error)) *GenericTransformer {
+ return &GenericTransformer{
+ f: f,
+ }
+}
+
+// Transform calls the function f on the GenericTransformer.
+func (t *GenericTransformer) Transform(x any) (any, error) {
+ return t.f(x)
+}
+
+func transformHead(t Transformer, head *Head) (*Head, error) {
+ y, err := Transform(t, head)
+ if err != nil {
+ return nil, err
+ }
+ h, ok := y.(*Head)
+ if !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", head, y)
+ }
+ return h, nil
+}
+
+func transformArgs(t Transformer, args Args) (Args, error) {
+ y, err := Transform(t, args)
+ if err != nil {
+ return nil, err
+ }
+ a, ok := y.(Args)
+ if !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", args, y)
+ }
+ return a, nil
+}
+
+func transformBody(t Transformer, body Body) (Body, error) {
+ y, err := Transform(t, body)
+ if err != nil {
+ return nil, err
+ }
+ r, ok := y.(Body)
+ if !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", body, y)
+ }
+ return r, nil
+}
+
+func transformTerm(t Transformer, term *Term) (*Term, error) {
+ v, err := transformValue(t, term.Value)
+ if err != nil {
+ return nil, err
+ }
+ r := &Term{
+ Value: v,
+ Location: term.Location,
+ }
+ return r, nil
+}
+
+func transformValue(t Transformer, v Value) (Value, error) {
+ v1, err := Transform(t, v)
+ if err != nil {
+ return nil, err
+ }
+ r, ok := v1.(Value)
+ if !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", v, v1)
+ }
+ return r, nil
+}
+
+func transformVar(t Transformer, v Var) (Var, error) {
+ v1, err := Transform(t, v)
+ if err != nil {
+ return "", err
+ }
+ r, ok := v1.(Var)
+ if !ok {
+ return "", fmt.Errorf("illegal transform: %T != %T", v, v1)
+ }
+ return r, nil
+}
+
+func transformRef(t Transformer, r Ref) (Ref, error) {
+ r1, err := Transform(t, r)
+ if err != nil {
+ return nil, err
+ }
+ r2, ok := r1.(Ref)
+ if !ok {
+ return nil, fmt.Errorf("illegal transform: %T != %T", r, r2)
+ }
+ return r2, nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/unify.go b/vendor/github.com/open-policy-agent/opa/v1/ast/unify.go
new file mode 100644
index 0000000000..3af52815f7
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/unify.go
@@ -0,0 +1,235 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+func isRefSafe(ref Ref, safe VarSet) bool {
+ switch head := ref[0].Value.(type) {
+ case Var:
+ return safe.Contains(head)
+ case Call:
+ return isCallSafe(head, safe)
+ default:
+ for v := range ref[0].Vars() {
+ if !safe.Contains(v) {
+ return false
+ }
+ }
+ return true
+ }
+}
+
+func isCallSafe(call Call, safe VarSet) bool {
+ vis := NewVarVisitor().WithParams(SafetyCheckVisitorParams)
+ vis.Walk(call)
+ unsafe := vis.Vars().Diff(safe)
+ return len(unsafe) == 0
+}
+
+// Unify returns a set of variables that will be unified when the equality expression defined by
+// terms a and b is evaluated. The unifier assumes that variables in the VarSet safe are already
+// unified.
+func Unify(safe VarSet, a *Term, b *Term) VarSet {
+ u := &unifier{
+ safe: safe,
+ unified: VarSet{},
+ unknown: map[Var]VarSet{},
+ }
+ u.unify(a, b)
+ return u.unified
+}
+
+type unifier struct {
+ safe VarSet
+ unified VarSet
+ unknown map[Var]VarSet
+}
+
+func (u *unifier) isSafe(x Var) bool {
+ return u.safe.Contains(x) || u.unified.Contains(x)
+}
+
+func (u *unifier) unify(a *Term, b *Term) {
+
+ switch a := a.Value.(type) {
+
+ case Var:
+ switch b := b.Value.(type) {
+ case Var:
+ if u.isSafe(b) {
+ u.markSafe(a)
+ } else if u.isSafe(a) {
+ u.markSafe(b)
+ } else {
+ u.markUnknown(a, b)
+ u.markUnknown(b, a)
+ }
+ case *Array, Object:
+ u.unifyAll(a, b)
+ case Ref:
+ if isRefSafe(b, u.safe) {
+ u.markSafe(a)
+ }
+ case Call:
+ if isCallSafe(b, u.safe) {
+ u.markSafe(a)
+ }
+ default:
+ u.markSafe(a)
+ }
+
+ case Ref:
+ if isRefSafe(a, u.safe) {
+ switch b := b.Value.(type) {
+ case Var:
+ u.markSafe(b)
+ case *Array, Object:
+ u.markAllSafe(b)
+ }
+ }
+
+ case Call:
+ if isCallSafe(a, u.safe) {
+ switch b := b.Value.(type) {
+ case Var:
+ u.markSafe(b)
+ case *Array, Object:
+ u.markAllSafe(b)
+ }
+ }
+
+ case *ArrayComprehension:
+ switch b := b.Value.(type) {
+ case Var:
+ u.markSafe(b)
+ case *Array:
+ u.markAllSafe(b)
+ }
+ case *ObjectComprehension:
+ switch b := b.Value.(type) {
+ case Var:
+ u.markSafe(b)
+ case *object:
+ u.markAllSafe(b)
+ }
+ case *SetComprehension:
+ switch b := b.Value.(type) {
+ case Var:
+ u.markSafe(b)
+ }
+
+ case *Array:
+ switch b := b.Value.(type) {
+ case Var:
+ u.unifyAll(b, a)
+ case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
+ u.markAllSafe(a)
+ case Ref:
+ if isRefSafe(b, u.safe) {
+ u.markAllSafe(a)
+ }
+ case Call:
+ if isCallSafe(b, u.safe) {
+ u.markAllSafe(a)
+ }
+ case *Array:
+ if a.Len() == b.Len() {
+ for i := range a.Len() {
+ u.unify(a.Elem(i), b.Elem(i))
+ }
+ }
+ }
+
+ case *object:
+ switch b := b.Value.(type) {
+ case Var:
+ u.unifyAll(b, a)
+ case Ref:
+ if isRefSafe(b, u.safe) {
+ u.markAllSafe(a)
+ }
+ case Call:
+ if isCallSafe(b, u.safe) {
+ u.markAllSafe(a)
+ }
+ case *object:
+ if a.Len() == b.Len() {
+ _ = a.Iter(func(k, v *Term) error {
+ if v2 := b.Get(k); v2 != nil {
+ u.unify(v, v2)
+ }
+ return nil
+ }) // impossible to return error
+ }
+ }
+
+ default:
+ switch b := b.Value.(type) {
+ case Var:
+ u.markSafe(b)
+ }
+ }
+}
+
+func (u *unifier) markAllSafe(x Value) {
+ vis := u.varVisitor()
+ vis.Walk(x)
+ for v := range vis.Vars() {
+ u.markSafe(v)
+ }
+}
+
+func (u *unifier) markSafe(x Var) {
+ u.unified.Add(x)
+
+ // Add dependencies of 'x' to safe set
+ vs := u.unknown[x]
+ delete(u.unknown, x)
+ for v := range vs {
+ u.markSafe(v)
+ }
+
+ // Add dependants of 'x' to safe set if they have no more
+ // dependencies.
+ for v, deps := range u.unknown {
+ if deps.Contains(x) {
+ delete(deps, x)
+ if len(deps) == 0 {
+ u.markSafe(v)
+ }
+ }
+ }
+}
+
+func (u *unifier) markUnknown(a, b Var) {
+ if _, ok := u.unknown[a]; !ok {
+ u.unknown[a] = NewVarSet()
+ }
+ u.unknown[a].Add(b)
+}
+
+func (u *unifier) unifyAll(a Var, b Value) {
+ if u.isSafe(a) {
+ u.markAllSafe(b)
+ } else {
+ vis := u.varVisitor()
+ vis.Walk(b)
+ unsafe := vis.Vars().Diff(u.safe).Diff(u.unified)
+ if len(unsafe) == 0 {
+ u.markSafe(a)
+ } else {
+ for v := range unsafe {
+ u.markUnknown(a, v)
+ }
+ }
+ }
+}
+
+func (*unifier) varVisitor() *VarVisitor {
+ return NewVarVisitor().WithParams(VarVisitorParams{
+ SkipRefHead: true,
+ SkipObjectKeys: true,
+ SkipClosures: true,
+ })
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/varset.go b/vendor/github.com/open-policy-agent/opa/v1/ast/varset.go
new file mode 100644
index 0000000000..bccb035e30
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/varset.go
@@ -0,0 +1,117 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+import (
+ "fmt"
+ "slices"
+
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// VarSet represents a set of variables.
+type VarSet map[Var]struct{}
+
+// NewVarSet returns a new VarSet containing the specified variables.
+func NewVarSet(vs ...Var) VarSet {
+ s := make(VarSet, len(vs))
+ for _, v := range vs {
+ s.Add(v)
+ }
+ return s
+}
+
+// NewVarSet returns a new VarSet containing the specified variables.
+func NewVarSetOfSize(size int) VarSet {
+ return make(VarSet, size)
+}
+
+// Add updates the set to include the variable "v".
+func (s VarSet) Add(v Var) {
+ s[v] = struct{}{}
+}
+
+// Contains returns true if the set contains the variable "v".
+func (s VarSet) Contains(v Var) bool {
+ _, ok := s[v]
+ return ok
+}
+
+// Copy returns a shallow copy of the VarSet.
+func (s VarSet) Copy() VarSet {
+ cpy := NewVarSetOfSize(len(s))
+ for v := range s {
+ cpy.Add(v)
+ }
+ return cpy
+}
+
+// Diff returns a VarSet containing variables in s that are not in vs.
+func (s VarSet) Diff(vs VarSet) VarSet {
+ i := 0
+ for v := range s {
+ if !vs.Contains(v) {
+ i++
+ }
+ }
+ r := NewVarSetOfSize(i)
+ for v := range s {
+ if !vs.Contains(v) {
+ r.Add(v)
+ }
+ }
+ return r
+}
+
+// Equal returns true if s contains exactly the same elements as vs.
+func (s VarSet) Equal(vs VarSet) bool {
+ if len(s) != len(vs) {
+ return false
+ }
+ for v := range s {
+ if !vs.Contains(v) {
+ return false
+ }
+ }
+ return true
+}
+
+// Intersect returns a VarSet containing variables in s that are in vs.
+func (s VarSet) Intersect(vs VarSet) VarSet {
+ i := 0
+ for v := range s {
+ if vs.Contains(v) {
+ i++
+ }
+ }
+ r := NewVarSetOfSize(i)
+ for v := range s {
+ if vs.Contains(v) {
+ r.Add(v)
+ }
+ }
+ return r
+}
+
+// Sorted returns a new sorted slice of vars from s.
+func (s VarSet) Sorted() []Var {
+ sorted := make([]Var, 0, len(s))
+ for v := range s {
+ sorted = append(sorted, v)
+ }
+ slices.SortFunc(sorted, VarCompare)
+ return sorted
+}
+
+// Update merges the other VarSet into this VarSet.
+func (s VarSet) Update(vs VarSet) {
+ for v := range vs {
+ s.Add(v)
+ }
+}
+
+func (s VarSet) String() string {
+ return fmt.Sprintf("%v", util.KeysSorted(s))
+}
diff --git a/vendor/github.com/open-policy-agent/opa/ast/version_index.json b/vendor/github.com/open-policy-agent/opa/v1/ast/version_index.json
similarity index 99%
rename from vendor/github.com/open-policy-agent/opa/ast/version_index.json
rename to vendor/github.com/open-policy-agent/opa/v1/ast/version_index.json
index 718df220f9..eecb68c772 100644
--- a/vendor/github.com/open-policy-agent/opa/ast/version_index.json
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/version_index.json
@@ -497,6 +497,13 @@
"PreRelease": "",
"Metadata": ""
},
+ "internal.test_case": {
+ "Major": 1,
+ "Minor": 2,
+ "Patch": 0,
+ "PreRelease": "",
+ "Metadata": ""
+ },
"intersection": {
"Major": 0,
"Minor": 17,
@@ -1395,6 +1402,13 @@
}
},
"features": {
+ "rego_v1": {
+ "Major": 1,
+ "Minor": 0,
+ "Patch": 0,
+ "PreRelease": "",
+ "Metadata": ""
+ },
"rego_v1_import": {
"Major": 0,
"Minor": 59,
diff --git a/vendor/github.com/open-policy-agent/opa/v1/ast/visit.go b/vendor/github.com/open-policy-agent/opa/v1/ast/visit.go
new file mode 100644
index 0000000000..16567014f4
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/ast/visit.go
@@ -0,0 +1,783 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package ast
+
+// Visitor defines the interface for iterating AST elements. The Visit function
+// can return a Visitor w which will be used to visit the children of the AST
+// element v. If the Visit function returns nil, the children will not be
+// visited.
+// Deprecated: use GenericVisitor or another visitor implementation
+type Visitor interface {
+ Visit(v any) (w Visitor)
+}
+
+// BeforeAndAfterVisitor wraps Visitor to provide hooks for being called before
+// and after the AST has been visited.
+// Deprecated: use GenericVisitor or another visitor implementation
+type BeforeAndAfterVisitor interface {
+ Visitor
+ Before(x any)
+ After(x any)
+}
+
+// Walk iterates the AST by calling the Visit function on the Visitor
+// v for x before recursing.
+// Deprecated: use GenericVisitor.Walk
+func Walk(v Visitor, x any) {
+ if bav, ok := v.(BeforeAndAfterVisitor); !ok {
+ walk(v, x)
+ } else {
+ bav.Before(x)
+ defer bav.After(x)
+ walk(bav, x)
+ }
+}
+
+// WalkBeforeAndAfter iterates the AST by calling the Visit function on the
+// Visitor v for x before recursing.
+// Deprecated: use GenericVisitor.Walk
+func WalkBeforeAndAfter(v BeforeAndAfterVisitor, x any) {
+ Walk(v, x)
+}
+
+func walk(v Visitor, x any) {
+ w := v.Visit(x)
+ if w == nil {
+ return
+ }
+ switch x := x.(type) {
+ case *Module:
+ Walk(w, x.Package)
+ for i := range x.Imports {
+ Walk(w, x.Imports[i])
+ }
+ for i := range x.Rules {
+ Walk(w, x.Rules[i])
+ }
+ for i := range x.Annotations {
+ Walk(w, x.Annotations[i])
+ }
+ for i := range x.Comments {
+ Walk(w, x.Comments[i])
+ }
+ case *Package:
+ Walk(w, x.Path)
+ case *Import:
+ Walk(w, x.Path)
+ Walk(w, x.Alias)
+ case *Rule:
+ Walk(w, x.Head)
+ Walk(w, x.Body)
+ if x.Else != nil {
+ Walk(w, x.Else)
+ }
+ case *Head:
+ Walk(w, x.Name)
+ Walk(w, x.Args)
+ if x.Key != nil {
+ Walk(w, x.Key)
+ }
+ if x.Value != nil {
+ Walk(w, x.Value)
+ }
+ case Body:
+ for i := range x {
+ Walk(w, x[i])
+ }
+ case Args:
+ for i := range x {
+ Walk(w, x[i])
+ }
+ case *Expr:
+ switch ts := x.Terms.(type) {
+ case *Term, *SomeDecl, *Every:
+ Walk(w, ts)
+ case []*Term:
+ for i := range ts {
+ Walk(w, ts[i])
+ }
+ }
+ for i := range x.With {
+ Walk(w, x.With[i])
+ }
+ case *With:
+ Walk(w, x.Target)
+ Walk(w, x.Value)
+ case *Term:
+ Walk(w, x.Value)
+ case Ref:
+ for i := range x {
+ Walk(w, x[i])
+ }
+ case *object:
+ x.Foreach(func(k, vv *Term) {
+ Walk(w, k)
+ Walk(w, vv)
+ })
+ case *Array:
+ x.Foreach(func(t *Term) {
+ Walk(w, t)
+ })
+ case Set:
+ x.Foreach(func(t *Term) {
+ Walk(w, t)
+ })
+ case *ArrayComprehension:
+ Walk(w, x.Term)
+ Walk(w, x.Body)
+ case *ObjectComprehension:
+ Walk(w, x.Key)
+ Walk(w, x.Value)
+ Walk(w, x.Body)
+ case *SetComprehension:
+ Walk(w, x.Term)
+ Walk(w, x.Body)
+ case Call:
+ for i := range x {
+ Walk(w, x[i])
+ }
+ case *Every:
+ if x.Key != nil {
+ Walk(w, x.Key)
+ }
+ Walk(w, x.Value)
+ Walk(w, x.Domain)
+ Walk(w, x.Body)
+ case *SomeDecl:
+ for i := range x.Symbols {
+ Walk(w, x.Symbols[i])
+ }
+ }
+}
+
+// WalkVars calls the function f on all vars under x. If the function f
+// returns true, AST nodes under the last node will not be visited.
+func WalkVars(x any, f func(Var) bool) {
+ vis := &GenericVisitor{func(x any) bool {
+ if v, ok := x.(Var); ok {
+ return f(v)
+ }
+ return false
+ }}
+ vis.Walk(x)
+}
+
+// WalkClosures calls the function f on all closures under x. If the function f
+// returns true, AST nodes under the last node will not be visited.
+func WalkClosures(x any, f func(any) bool) {
+ vis := &GenericVisitor{func(x any) bool {
+ switch x := x.(type) {
+ case *ArrayComprehension, *ObjectComprehension, *SetComprehension, *Every:
+ return f(x)
+ }
+ return false
+ }}
+ vis.Walk(x)
+}
+
+// WalkRefs calls the function f on all references under x. If the function f
+// returns true, AST nodes under the last node will not be visited.
+func WalkRefs(x any, f func(Ref) bool) {
+ vis := &GenericVisitor{func(x any) bool {
+ if r, ok := x.(Ref); ok {
+ return f(r)
+ }
+ return false
+ }}
+ vis.Walk(x)
+}
+
+// WalkTerms calls the function f on all terms under x. If the function f
+// returns true, AST nodes under the last node will not be visited.
+func WalkTerms(x any, f func(*Term) bool) {
+ vis := &GenericVisitor{func(x any) bool {
+ if term, ok := x.(*Term); ok {
+ return f(term)
+ }
+ return false
+ }}
+ vis.Walk(x)
+}
+
+// WalkWiths calls the function f on all with modifiers under x. If the function f
+// returns true, AST nodes under the last node will not be visited.
+func WalkWiths(x any, f func(*With) bool) {
+ vis := &GenericVisitor{func(x any) bool {
+ if w, ok := x.(*With); ok {
+ return f(w)
+ }
+ return false
+ }}
+ vis.Walk(x)
+}
+
+// WalkExprs calls the function f on all expressions under x. If the function f
+// returns true, AST nodes under the last node will not be visited.
+func WalkExprs(x any, f func(*Expr) bool) {
+ vis := &GenericVisitor{func(x any) bool {
+ if r, ok := x.(*Expr); ok {
+ return f(r)
+ }
+ return false
+ }}
+ vis.Walk(x)
+}
+
+// WalkBodies calls the function f on all bodies under x. If the function f
+// returns true, AST nodes under the last node will not be visited.
+func WalkBodies(x any, f func(Body) bool) {
+ vis := &GenericVisitor{func(x any) bool {
+ if b, ok := x.(Body); ok {
+ return f(b)
+ }
+ return false
+ }}
+ vis.Walk(x)
+}
+
+// WalkRules calls the function f on all rules under x. If the function f
+// returns true, AST nodes under the last node will not be visited.
+func WalkRules(x any, f func(*Rule) bool) {
+ vis := &GenericVisitor{func(x any) bool {
+ if r, ok := x.(*Rule); ok {
+ stop := f(r)
+ // NOTE(tsandall): since rules cannot be embedded inside of queries
+ // we can stop early if there is no else block.
+ if stop || r.Else == nil {
+ return true
+ }
+ }
+ return false
+ }}
+ vis.Walk(x)
+}
+
+// WalkNodes calls the function f on all nodes under x. If the function f
+// returns true, AST nodes under the last node will not be visited.
+func WalkNodes(x any, f func(Node) bool) {
+ vis := &GenericVisitor{func(x any) bool {
+ if n, ok := x.(Node); ok {
+ return f(n)
+ }
+ return false
+ }}
+ vis.Walk(x)
+}
+
+// GenericVisitor provides a utility to walk over AST nodes using a
+// closure. If the closure returns true, the visitor will not walk
+// over AST nodes under x.
+type GenericVisitor struct {
+ f func(x any) bool
+}
+
+// NewGenericVisitor returns a new GenericVisitor that will invoke the function
+// f on AST nodes.
+func NewGenericVisitor(f func(x any) bool) *GenericVisitor {
+ return &GenericVisitor{f}
+}
+
+// Walk iterates the AST by calling the function f on the
+// GenericVisitor before recursing. Contrary to the generic Walk, this
+// does not require allocating the visitor from heap.
+func (vis *GenericVisitor) Walk(x any) {
+ if vis.f(x) {
+ return
+ }
+
+ switch x := x.(type) {
+ case *Module:
+ vis.Walk(x.Package)
+ for i := range x.Imports {
+ vis.Walk(x.Imports[i])
+ }
+ for i := range x.Rules {
+ vis.Walk(x.Rules[i])
+ }
+ for i := range x.Annotations {
+ vis.Walk(x.Annotations[i])
+ }
+ for i := range x.Comments {
+ vis.Walk(x.Comments[i])
+ }
+ case *Package:
+ vis.Walk(x.Path)
+ case *Import:
+ vis.Walk(x.Path)
+ vis.Walk(x.Alias)
+ case *Rule:
+ vis.Walk(x.Head)
+ vis.Walk(x.Body)
+ if x.Else != nil {
+ vis.Walk(x.Else)
+ }
+ case *Head:
+ vis.Walk(x.Name)
+ vis.Walk(x.Args)
+ if x.Key != nil {
+ vis.Walk(x.Key)
+ }
+ if x.Value != nil {
+ vis.Walk(x.Value)
+ }
+ case Body:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case Args:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case *Expr:
+ switch ts := x.Terms.(type) {
+ case *Term, *SomeDecl, *Every:
+ vis.Walk(ts)
+ case []*Term:
+ for i := range ts {
+ vis.Walk(ts[i])
+ }
+ }
+ for i := range x.With {
+ vis.Walk(x.With[i])
+ }
+ case *With:
+ vis.Walk(x.Target)
+ vis.Walk(x.Value)
+ case *Term:
+ vis.Walk(x.Value)
+ case Ref:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case *object:
+ x.Foreach(func(k, _ *Term) {
+ vis.Walk(k)
+ vis.Walk(x.Get(k))
+ })
+ case Object:
+ for _, k := range x.Keys() {
+ vis.Walk(k)
+ vis.Walk(x.Get(k))
+ }
+ case *Array:
+ for i := range x.Len() {
+ vis.Walk(x.Elem(i))
+ }
+ case Set:
+ xSlice := x.Slice()
+ for i := range xSlice {
+ vis.Walk(xSlice[i])
+ }
+ case *ArrayComprehension:
+ vis.Walk(x.Term)
+ vis.Walk(x.Body)
+ case *ObjectComprehension:
+ vis.Walk(x.Key)
+ vis.Walk(x.Value)
+ vis.Walk(x.Body)
+ case *SetComprehension:
+ vis.Walk(x.Term)
+ vis.Walk(x.Body)
+ case Call:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case *Every:
+ if x.Key != nil {
+ vis.Walk(x.Key)
+ }
+ vis.Walk(x.Value)
+ vis.Walk(x.Domain)
+ vis.Walk(x.Body)
+ case *SomeDecl:
+ for i := range x.Symbols {
+ vis.Walk(x.Symbols[i])
+ }
+ }
+}
+
+// BeforeAfterVisitor provides a utility to walk over AST nodes using
+// closures. If the before closure returns true, the visitor will not
+// walk over AST nodes under x. The after closure is invoked always
+// after visiting a node.
+type BeforeAfterVisitor struct {
+ before func(x any) bool
+ after func(x any)
+}
+
+// NewBeforeAfterVisitor returns a new BeforeAndAfterVisitor that
+// will invoke the functions before and after AST nodes.
+func NewBeforeAfterVisitor(before func(x any) bool, after func(x any)) *BeforeAfterVisitor {
+ return &BeforeAfterVisitor{before, after}
+}
+
+// Walk iterates the AST by calling the functions on the
+// BeforeAndAfterVisitor before and after recursing. Contrary to the
+// generic Walk, this does not require allocating the visitor from
+// heap.
+func (vis *BeforeAfterVisitor) Walk(x any) {
+ defer vis.after(x)
+ if vis.before(x) {
+ return
+ }
+
+ switch x := x.(type) {
+ case *Module:
+ vis.Walk(x.Package)
+ for i := range x.Imports {
+ vis.Walk(x.Imports[i])
+ }
+ for i := range x.Rules {
+ vis.Walk(x.Rules[i])
+ }
+ for i := range x.Annotations {
+ vis.Walk(x.Annotations[i])
+ }
+ for i := range x.Comments {
+ vis.Walk(x.Comments[i])
+ }
+ case *Package:
+ vis.Walk(x.Path)
+ case *Import:
+ vis.Walk(x.Path)
+ vis.Walk(x.Alias)
+ case *Rule:
+ vis.Walk(x.Head)
+ vis.Walk(x.Body)
+ if x.Else != nil {
+ vis.Walk(x.Else)
+ }
+ case *Head:
+ if len(x.Reference) > 0 {
+ vis.Walk(x.Reference)
+ } else {
+ vis.Walk(x.Name)
+ if x.Key != nil {
+ vis.Walk(x.Key)
+ }
+ }
+ vis.Walk(x.Args)
+ if x.Value != nil {
+ vis.Walk(x.Value)
+ }
+ case Body:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case Args:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case *Expr:
+ switch ts := x.Terms.(type) {
+ case *Term, *SomeDecl, *Every:
+ vis.Walk(ts)
+ case []*Term:
+ for i := range ts {
+ vis.Walk(ts[i])
+ }
+ }
+ for i := range x.With {
+ vis.Walk(x.With[i])
+ }
+ case *With:
+ vis.Walk(x.Target)
+ vis.Walk(x.Value)
+ case *Term:
+ vis.Walk(x.Value)
+ case Ref:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case *object:
+ x.Foreach(func(k, _ *Term) {
+ vis.Walk(k)
+ vis.Walk(x.Get(k))
+ })
+ case Object:
+ x.Foreach(func(k, _ *Term) {
+ vis.Walk(k)
+ vis.Walk(x.Get(k))
+ })
+ case *Array:
+ x.Foreach(func(t *Term) {
+ vis.Walk(t)
+ })
+ case Set:
+ xSlice := x.Slice()
+ for i := range xSlice {
+ vis.Walk(xSlice[i])
+ }
+ case *ArrayComprehension:
+ vis.Walk(x.Term)
+ vis.Walk(x.Body)
+ case *ObjectComprehension:
+ vis.Walk(x.Key)
+ vis.Walk(x.Value)
+ vis.Walk(x.Body)
+ case *SetComprehension:
+ vis.Walk(x.Term)
+ vis.Walk(x.Body)
+ case Call:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case *Every:
+ if x.Key != nil {
+ vis.Walk(x.Key)
+ }
+ vis.Walk(x.Value)
+ vis.Walk(x.Domain)
+ vis.Walk(x.Body)
+ case *SomeDecl:
+ for i := range x.Symbols {
+ vis.Walk(x.Symbols[i])
+ }
+ }
+}
+
+// VarVisitor walks AST nodes under a given node and collects all encountered
+// variables. The collected variables can be controlled by specifying
+// VarVisitorParams when creating the visitor.
+type VarVisitor struct {
+ params VarVisitorParams
+ vars VarSet
+}
+
+// VarVisitorParams contains settings for a VarVisitor.
+type VarVisitorParams struct {
+ SkipRefHead bool
+ SkipRefCallHead bool
+ SkipObjectKeys bool
+ SkipClosures bool
+ SkipWithTarget bool
+ SkipSets bool
+}
+
+// NewVarVisitor returns a new VarVisitor object.
+func NewVarVisitor() *VarVisitor {
+ return &VarVisitor{
+ vars: NewVarSet(),
+ }
+}
+
+// WithParams sets the parameters in params on vis.
+func (vis *VarVisitor) WithParams(params VarVisitorParams) *VarVisitor {
+ vis.params = params
+ return vis
+}
+
+// Vars returns a VarSet that contains collected vars.
+func (vis *VarVisitor) Vars() VarSet {
+ return vis.vars
+}
+
+// visit determines if the VarVisitor will recurse into x: if it returns `true`,
+// the visitor will _skip_ that branch of the AST
+func (vis *VarVisitor) visit(v any) bool {
+ if vis.params.SkipObjectKeys {
+ if o, ok := v.(Object); ok {
+ o.Foreach(func(_, v *Term) {
+ vis.Walk(v)
+ })
+ return true
+ }
+ }
+ if vis.params.SkipRefHead {
+ if r, ok := v.(Ref); ok {
+ rSlice := r[1:]
+ for i := range rSlice {
+ vis.Walk(rSlice[i])
+ }
+ return true
+ }
+ }
+ if vis.params.SkipClosures {
+ switch v := v.(type) {
+ case *ArrayComprehension, *ObjectComprehension, *SetComprehension:
+ return true
+ case *Expr:
+ if ev, ok := v.Terms.(*Every); ok {
+ vis.Walk(ev.Domain)
+ // We're _not_ walking ev.Body -- that's the closure here
+ return true
+ }
+ }
+ }
+ if vis.params.SkipWithTarget {
+ if v, ok := v.(*With); ok {
+ vis.Walk(v.Value)
+ return true
+ }
+ }
+ if vis.params.SkipSets {
+ if _, ok := v.(Set); ok {
+ return true
+ }
+ }
+ if vis.params.SkipRefCallHead {
+ switch v := v.(type) {
+ case *Expr:
+ if terms, ok := v.Terms.([]*Term); ok {
+ termSlice := terms[0].Value.(Ref)[1:]
+ for i := range termSlice {
+ vis.Walk(termSlice[i])
+ }
+ for i := 1; i < len(terms); i++ {
+ vis.Walk(terms[i])
+ }
+ for i := range v.With {
+ vis.Walk(v.With[i])
+ }
+ return true
+ }
+ case Call:
+ operator := v[0].Value.(Ref)
+ for i := 1; i < len(operator); i++ {
+ vis.Walk(operator[i])
+ }
+ for i := 1; i < len(v); i++ {
+ vis.Walk(v[i])
+ }
+ return true
+ case *With:
+ if ref, ok := v.Target.Value.(Ref); ok {
+ refSlice := ref[1:]
+ for i := range refSlice {
+ vis.Walk(refSlice[i])
+ }
+ }
+ if ref, ok := v.Value.Value.(Ref); ok {
+ refSlice := ref[1:]
+ for i := range refSlice {
+ vis.Walk(refSlice[i])
+ }
+ } else {
+ vis.Walk(v.Value)
+ }
+ return true
+ }
+ }
+ if v, ok := v.(Var); ok {
+ vis.vars.Add(v)
+ }
+ return false
+}
+
+// Walk iterates the AST by calling the function f on the
+// GenericVisitor before recursing. Contrary to the generic Walk, this
+// does not require allocating the visitor from heap.
+func (vis *VarVisitor) Walk(x any) {
+ if vis.visit(x) {
+ return
+ }
+
+ switch x := x.(type) {
+ case *Module:
+ vis.Walk(x.Package)
+ for i := range x.Imports {
+ vis.Walk(x.Imports[i])
+ }
+ for i := range x.Rules {
+ vis.Walk(x.Rules[i])
+ }
+ for i := range x.Comments {
+ vis.Walk(x.Comments[i])
+ }
+ case *Package:
+ vis.Walk(x.Path)
+ case *Import:
+ vis.Walk(x.Path)
+ vis.Walk(x.Alias)
+ case *Rule:
+ vis.Walk(x.Head)
+ vis.Walk(x.Body)
+ if x.Else != nil {
+ vis.Walk(x.Else)
+ }
+ case *Head:
+ if len(x.Reference) > 0 {
+ vis.Walk(x.Reference)
+ } else {
+ vis.Walk(x.Name)
+ if x.Key != nil {
+ vis.Walk(x.Key)
+ }
+ }
+ vis.Walk(x.Args)
+
+ if x.Value != nil {
+ vis.Walk(x.Value)
+ }
+ case Body:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case Args:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case *Expr:
+ switch ts := x.Terms.(type) {
+ case *Term, *SomeDecl, *Every:
+ vis.Walk(ts)
+ case []*Term:
+ for i := range ts {
+ vis.Walk(ts[i])
+ }
+ }
+ for i := range x.With {
+ vis.Walk(x.With[i])
+ }
+ case *With:
+ vis.Walk(x.Target)
+ vis.Walk(x.Value)
+ case *Term:
+ vis.Walk(x.Value)
+ case Ref:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case *object:
+ x.Foreach(func(k, _ *Term) {
+ vis.Walk(k)
+ vis.Walk(x.Get(k))
+ })
+ case *Array:
+ x.Foreach(func(t *Term) {
+ vis.Walk(t)
+ })
+ case Set:
+ xSlice := x.Slice()
+ for i := range xSlice {
+ vis.Walk(xSlice[i])
+ }
+ case *ArrayComprehension:
+ vis.Walk(x.Term)
+ vis.Walk(x.Body)
+ case *ObjectComprehension:
+ vis.Walk(x.Key)
+ vis.Walk(x.Value)
+ vis.Walk(x.Body)
+ case *SetComprehension:
+ vis.Walk(x.Term)
+ vis.Walk(x.Body)
+ case Call:
+ for i := range x {
+ vis.Walk(x[i])
+ }
+ case *Every:
+ if x.Key != nil {
+ vis.Walk(x.Key)
+ }
+ vis.Walk(x.Value)
+ vis.Walk(x.Domain)
+ vis.Walk(x.Body)
+ case *SomeDecl:
+ for i := range x.Symbols {
+ vis.Walk(x.Symbols[i])
+ }
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/bundle/bundle.go b/vendor/github.com/open-policy-agent/opa/v1/bundle/bundle.go
new file mode 100644
index 0000000000..865e4b64b9
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/bundle/bundle.go
@@ -0,0 +1,1779 @@
+// Copyright 2018 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package bundle implements bundle loading.
+package bundle
+
+import (
+ "archive/tar"
+ "bytes"
+ "compress/gzip"
+ "encoding/hex"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "maps"
+ "net/url"
+ "os"
+ "path"
+ "path/filepath"
+ "reflect"
+ "strings"
+
+ "github.com/gobwas/glob"
+ "github.com/open-policy-agent/opa/internal/file/archive"
+ "github.com/open-policy-agent/opa/internal/merge"
+ "github.com/open-policy-agent/opa/v1/ast"
+ astJSON "github.com/open-policy-agent/opa/v1/ast/json"
+ "github.com/open-policy-agent/opa/v1/format"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// Common file extensions and file names.
+const (
+ RegoExt = ".rego"
+ WasmFile = "policy.wasm"
+ PlanFile = "plan.json"
+ ManifestExt = ".manifest"
+ SignaturesFile = "signatures.json"
+ patchFile = "patch.json"
+ dataFile = "data.json"
+ yamlDataFile = "data.yaml"
+ ymlDataFile = "data.yml"
+ defaultHashingAlg = "SHA-256"
+ DefaultSizeLimitBytes = (1024 * 1024 * 1024) // limit bundle reads to 1GB to protect against gzip bombs
+ DeltaBundleType = "delta"
+ SnapshotBundleType = "snapshot"
+)
+
+// Bundle represents a loaded bundle. The bundle can contain data and policies.
+type Bundle struct {
+ Signatures SignaturesConfig
+ Manifest Manifest
+ Data map[string]any
+ Modules []ModuleFile
+ Wasm []byte // Deprecated. Use WasmModules instead
+ WasmModules []WasmModuleFile
+ PlanModules []PlanModuleFile
+ Patch Patch
+ Etag string
+ Raw []Raw
+
+ lazyLoadingMode bool
+ sizeLimitBytes int64
+}
+
+// Raw contains raw bytes representing the bundle's content
+type Raw struct {
+ Path string
+ Value []byte
+ module *ModuleFile
+}
+
+// Patch contains an array of objects wherein each object represents the patch operation to be
+// applied to the bundle data.
+type Patch struct {
+ Data []PatchOperation `json:"data,omitempty"`
+}
+
+// PatchOperation models a single patch operation against a document.
+type PatchOperation struct {
+ Op string `json:"op"`
+ Path string `json:"path"`
+ Value any `json:"value"`
+}
+
+// SignaturesConfig represents an array of JWTs that encapsulate the signatures for the bundle.
+type SignaturesConfig struct {
+ Signatures []string `json:"signatures,omitempty"`
+ Plugin string `json:"plugin,omitempty"`
+}
+
+// isEmpty returns if the SignaturesConfig is empty.
+func (s SignaturesConfig) isEmpty() bool {
+ return reflect.DeepEqual(s, SignaturesConfig{})
+}
+
+// DecodedSignature represents the decoded JWT payload.
+type DecodedSignature struct {
+ Files []FileInfo `json:"files"`
+ KeyID string `json:"keyid"` // Deprecated, use kid in the JWT header instead.
+ Scope string `json:"scope"`
+ IssuedAt int64 `json:"iat"`
+ Issuer string `json:"iss"`
+}
+
+// FileInfo contains the hashing algorithm used, resulting digest etc.
+type FileInfo struct {
+ Name string `json:"name"`
+ Hash string `json:"hash"`
+ Algorithm string `json:"algorithm"`
+}
+
+// NewFile returns a new FileInfo.
+func NewFile(name, hash, alg string) FileInfo {
+ return FileInfo{
+ Name: name,
+ Hash: hash,
+ Algorithm: alg,
+ }
+}
+
+// Manifest represents the manifest from a bundle. The manifest may contain
+// metadata such as the bundle revision.
+type Manifest struct {
+ Revision string `json:"revision"`
+ Roots *[]string `json:"roots,omitempty"`
+ WasmResolvers []WasmResolver `json:"wasm,omitempty"`
+ // RegoVersion is the global Rego version for the bundle described by this Manifest.
+ // The Rego version of individual files can be overridden in FileRegoVersions.
+ // We don't use ast.RegoVersion here, as this iota type's order isn't guaranteed to be stable over time.
+ // We use a pointer so that we can support hand-made bundles that don't have an explicit version appropriately.
+ // E.g. in OPA 0.x if --v1-compatible is used when consuming the bundle, and there is no specified version,
+ // we should default to v1; if --v1-compatible isn't used, we should default to v0. In OPA 1.0, no --x-compatible
+ // flag and no explicit bundle version should default to v1.
+ RegoVersion *int `json:"rego_version,omitempty"`
+ // FileRegoVersions is a map from file paths to Rego versions.
+ // This allows individual files to override the global Rego version specified by RegoVersion.
+ FileRegoVersions map[string]int `json:"file_rego_versions,omitempty"`
+ Metadata map[string]any `json:"metadata,omitempty"`
+
+ compiledFileRegoVersions []fileRegoVersion
+}
+
+type fileRegoVersion struct {
+ path glob.Glob
+ version int
+}
+
+// WasmResolver maps a wasm module to an entrypoint ref.
+type WasmResolver struct {
+ Entrypoint string `json:"entrypoint,omitempty"`
+ Module string `json:"module,omitempty"`
+ Annotations []*ast.Annotations `json:"annotations,omitempty"`
+}
+
+// Init initializes the manifest. If you instantiate a manifest
+// manually, call Init to ensure that the roots are set properly.
+func (m *Manifest) Init() {
+ if m.Roots == nil {
+ defaultRoots := []string{""}
+ m.Roots = &defaultRoots
+ }
+}
+
+// AddRoot adds r to the roots of m. This function is idempotent.
+func (m *Manifest) AddRoot(r string) {
+ m.Init()
+ if !RootPathsContain(*m.Roots, r) {
+ *m.Roots = append(*m.Roots, r)
+ }
+}
+
+func (m *Manifest) SetRegoVersion(v ast.RegoVersion) {
+ m.Init()
+ regoVersion := 0
+ if v == ast.RegoV1 {
+ regoVersion = 1
+ }
+ m.RegoVersion = ®oVersion
+}
+
+// Equal returns true if m is semantically equivalent to other.
+func (m Manifest) Equal(other Manifest) bool {
+
+ // This is safe since both are passed by value.
+ m.Init()
+ other.Init()
+
+ if m.Revision != other.Revision {
+ return false
+ }
+
+ if m.RegoVersion == nil && other.RegoVersion != nil {
+ return false
+ }
+ if m.RegoVersion != nil && other.RegoVersion == nil {
+ return false
+ }
+ if m.RegoVersion != nil && other.RegoVersion != nil && *m.RegoVersion != *other.RegoVersion {
+ return false
+ }
+
+ // If both are nil, or both are empty, we consider them equal.
+ if !(len(m.FileRegoVersions) == 0 && len(other.FileRegoVersions) == 0) &&
+ !reflect.DeepEqual(m.FileRegoVersions, other.FileRegoVersions) {
+ return false
+ }
+
+ if !reflect.DeepEqual(m.Metadata, other.Metadata) {
+ return false
+ }
+
+ return m.equalWasmResolversAndRoots(other)
+}
+
+func (m Manifest) Empty() bool {
+ return m.Equal(Manifest{})
+}
+
+// Copy returns a deep copy of the manifest.
+func (m Manifest) Copy() Manifest {
+ m.Init()
+ roots := make([]string, len(*m.Roots))
+ copy(roots, *m.Roots)
+ m.Roots = &roots
+
+ wasmModules := make([]WasmResolver, len(m.WasmResolvers))
+ copy(wasmModules, m.WasmResolvers)
+ m.WasmResolvers = wasmModules
+
+ metadata := m.Metadata
+
+ if metadata != nil {
+ m.Metadata = make(map[string]any)
+ maps.Copy(m.Metadata, metadata)
+ }
+
+ return m
+}
+
+func (m Manifest) String() string {
+ m.Init()
+ if m.RegoVersion != nil {
+ return fmt.Sprintf("",
+ m.Revision, *m.RegoVersion, *m.Roots, m.WasmResolvers, m.Metadata)
+ }
+ return fmt.Sprintf("",
+ m.Revision, *m.Roots, m.WasmResolvers, m.Metadata)
+}
+
+func (m Manifest) rootSet() stringSet {
+ rs := map[string]struct{}{}
+
+ for _, r := range *m.Roots {
+ rs[r] = struct{}{}
+ }
+
+ return stringSet(rs)
+}
+
+func (m Manifest) equalWasmResolversAndRoots(other Manifest) bool {
+ if len(m.WasmResolvers) != len(other.WasmResolvers) {
+ return false
+ }
+
+ for i := range len(m.WasmResolvers) {
+ if !m.WasmResolvers[i].Equal(&other.WasmResolvers[i]) {
+ return false
+ }
+ }
+
+ return m.rootSet().Equal(other.rootSet())
+}
+
+func (wr *WasmResolver) Equal(other *WasmResolver) bool {
+ if wr == nil && other == nil {
+ return true
+ }
+
+ if wr == nil || other == nil {
+ return false
+ }
+
+ if wr.Module != other.Module {
+ return false
+ }
+
+ if wr.Entrypoint != other.Entrypoint {
+ return false
+ }
+
+ annotLen := len(wr.Annotations)
+ if annotLen != len(other.Annotations) {
+ return false
+ }
+
+ for i := range annotLen {
+ if wr.Annotations[i].Compare(other.Annotations[i]) != 0 {
+ return false
+ }
+ }
+
+ return true
+}
+
+type stringSet map[string]struct{}
+
+func (ss stringSet) Equal(other stringSet) bool {
+ if len(ss) != len(other) {
+ return false
+ }
+ for k := range other {
+ if _, ok := ss[k]; !ok {
+ return false
+ }
+ }
+ return true
+}
+
+func (m *Manifest) validateAndInjectDefaults(b Bundle) error {
+
+ m.Init()
+
+ // Validate roots in bundle.
+ roots := *m.Roots
+
+ // Standardize the roots (no starting or trailing slash)
+ for i := range roots {
+ roots[i] = strings.Trim(roots[i], "/")
+ }
+
+ for i := range len(roots) - 1 {
+ for j := i + 1; j < len(roots); j++ {
+ if RootPathsOverlap(roots[i], roots[j]) {
+ return fmt.Errorf("manifest has overlapped roots: '%v' and '%v'", roots[i], roots[j])
+ }
+ }
+ }
+
+ // Validate modules in bundle.
+ for _, module := range b.Modules {
+ found := false
+ if path, err := module.Parsed.Package.Path.Ptr(); err == nil {
+ found = RootPathsContain(roots, path)
+ }
+ if !found {
+ return fmt.Errorf("manifest roots %v do not permit '%v' in module '%v'", roots, module.Parsed.Package, module.Path)
+ }
+ }
+
+ // Build a set of wasm module entrypoints to validate
+ wasmModuleToEps := map[string]string{}
+ seenEps := map[string]struct{}{}
+ for _, wm := range b.WasmModules {
+ wasmModuleToEps[wm.Path] = ""
+ }
+
+ for _, wmConfig := range b.Manifest.WasmResolvers {
+ _, ok := wasmModuleToEps[wmConfig.Module]
+ if !ok {
+ return fmt.Errorf("manifest references wasm module '%s' but the module file does not exist", wmConfig.Module)
+ }
+
+ // Ensure wasm module entrypoint in within bundle roots
+ if !RootPathsContain(roots, wmConfig.Entrypoint) {
+ return fmt.Errorf("manifest roots %v do not permit '%v' entrypoint for wasm module '%v'", roots, wmConfig.Entrypoint, wmConfig.Module)
+ }
+
+ if _, ok := seenEps[wmConfig.Entrypoint]; ok {
+ return fmt.Errorf("entrypoint '%s' cannot be used by more than one wasm module", wmConfig.Entrypoint)
+ }
+ seenEps[wmConfig.Entrypoint] = struct{}{}
+
+ wasmModuleToEps[wmConfig.Module] = wmConfig.Entrypoint
+ }
+
+ // Validate data patches in bundle.
+ for _, patch := range b.Patch.Data {
+ path := strings.Trim(patch.Path, "/")
+ if !RootPathsContain(roots, path) {
+ return fmt.Errorf("manifest roots %v do not permit data patch at path '%s'", roots, path)
+ }
+ }
+
+ if b.lazyLoadingMode {
+ return nil
+ }
+
+ // Validate data in bundle.
+ return dfs(b.Data, "", func(path string, node any) (bool, error) {
+ path = strings.Trim(path, "/")
+ if RootPathsContain(roots, path) {
+ return true, nil
+ }
+
+ if _, ok := node.(map[string]any); ok {
+ for i := range roots {
+ if RootPathsContain(strings.Split(path, "/"), roots[i]) {
+ return false, nil
+ }
+ }
+ }
+ return false, fmt.Errorf("manifest roots %v do not permit data at path '/%s' (hint: check bundle directory structure)", roots, path)
+ })
+}
+
+// ModuleFile represents a single module contained in a bundle.
+type ModuleFile struct {
+ URL string
+ Path string
+ RelativePath string
+ Raw []byte
+ Parsed *ast.Module
+}
+
+// WasmModuleFile represents a single wasm module contained in a bundle.
+type WasmModuleFile struct {
+ URL string
+ Path string
+ Entrypoints []ast.Ref
+ Raw []byte
+}
+
+// PlanModuleFile represents a single plan module contained in a bundle.
+//
+// NOTE(tsandall): currently the plans are just opaque binary blobs. In the
+// future we could inject the entrypoints so that the plans could be executed
+// inside of OPA proper like we do for Wasm modules.
+type PlanModuleFile struct {
+ URL string
+ Path string
+ Raw []byte
+}
+
+// Reader contains the reader to load the bundle from.
+type Reader struct {
+ loader DirectoryLoader
+ includeManifestInData bool
+ metrics metrics.Metrics
+ baseDir string
+ verificationConfig *VerificationConfig
+ skipVerify bool
+ processAnnotations bool
+ capabilities *ast.Capabilities
+ files map[string]FileInfo // files in the bundle signature payload
+ sizeLimitBytes int64
+ etag string
+ lazyLoadingMode bool
+ name string
+ persist bool
+ regoVersion ast.RegoVersion
+ followSymlinks bool
+}
+
+// NewReader is deprecated. Use NewCustomReader instead.
+func NewReader(r io.Reader) *Reader {
+ return NewCustomReader(NewTarballLoader(r))
+}
+
+// NewCustomReader returns a new Reader configured to use the
+// specified DirectoryLoader.
+func NewCustomReader(loader DirectoryLoader) *Reader {
+ nr := Reader{
+ loader: loader,
+ metrics: metrics.New(),
+ files: make(map[string]FileInfo),
+ sizeLimitBytes: DefaultSizeLimitBytes + 1,
+ }
+ return &nr
+}
+
+// IncludeManifestInData sets whether the manifest metadata should be
+// included in the bundle's data.
+func (r *Reader) IncludeManifestInData(includeManifestInData bool) *Reader {
+ r.includeManifestInData = includeManifestInData
+ return r
+}
+
+// WithMetrics sets the metrics object to be used while loading bundles
+func (r *Reader) WithMetrics(m metrics.Metrics) *Reader {
+ r.metrics = m
+ return r
+}
+
+// WithBaseDir sets a base directory for file paths of loaded Rego
+// modules. This will *NOT* affect the loaded path of data files.
+func (r *Reader) WithBaseDir(dir string) *Reader {
+ r.baseDir = dir
+ return r
+}
+
+// WithBundleVerificationConfig sets the key configuration used to verify a signed bundle
+func (r *Reader) WithBundleVerificationConfig(config *VerificationConfig) *Reader {
+ r.verificationConfig = config
+ return r
+}
+
+// WithSkipBundleVerification skips verification of a signed bundle
+func (r *Reader) WithSkipBundleVerification(skipVerify bool) *Reader {
+ r.skipVerify = skipVerify
+ return r
+}
+
+// WithProcessAnnotations enables annotation processing during .rego file parsing.
+func (r *Reader) WithProcessAnnotations(yes bool) *Reader {
+ r.processAnnotations = yes
+ return r
+}
+
+// WithCapabilities sets the supported capabilities when loading the files
+func (r *Reader) WithCapabilities(caps *ast.Capabilities) *Reader {
+ r.capabilities = caps
+ return r
+}
+
+// WithJSONOptions sets the JSON options on the parser (now a no-op).
+//
+// Deprecated: Use SetOptions in the json package instead, where a longer description
+// of why this is deprecated also can be found.
+func (r *Reader) WithJSONOptions(*astJSON.Options) *Reader {
+ return r
+}
+
+// WithSizeLimitBytes sets the size limit to apply to files in the bundle. If files are larger
+// than this, an error will be returned by the reader.
+func (r *Reader) WithSizeLimitBytes(n int64) *Reader {
+ r.sizeLimitBytes = n + 1
+ return r
+}
+
+// WithBundleEtag sets the given etag value on the bundle
+func (r *Reader) WithBundleEtag(etag string) *Reader {
+ r.etag = etag
+ return r
+}
+
+// WithBundleName specifies the bundle name
+func (r *Reader) WithBundleName(name string) *Reader {
+ r.name = name
+ return r
+}
+
+func (r *Reader) WithFollowSymlinks(yes bool) *Reader {
+ r.followSymlinks = yes
+ return r
+}
+
+// WithLazyLoadingMode sets the bundle loading mode. If true,
+// bundles will be read in lazy mode. In this mode, data files in the bundle will not be
+// deserialized and the check to validate that the bundle data does not contain paths
+// outside the bundle's roots will not be performed while reading the bundle.
+func (r *Reader) WithLazyLoadingMode(yes bool) *Reader {
+ r.lazyLoadingMode = yes
+ return r
+}
+
+// WithBundlePersistence specifies if the downloaded bundle will eventually be persisted to disk.
+func (r *Reader) WithBundlePersistence(persist bool) *Reader {
+ r.persist = persist
+ return r
+}
+
+func (r *Reader) WithRegoVersion(version ast.RegoVersion) *Reader {
+ r.regoVersion = version
+ return r
+}
+
+func (r *Reader) ParserOptions() ast.ParserOptions {
+ return ast.ParserOptions{
+ ProcessAnnotation: r.processAnnotations,
+ Capabilities: r.capabilities,
+ RegoVersion: r.regoVersion,
+ }
+}
+
+// Read returns a new Bundle loaded from the reader.
+func (r *Reader) Read() (Bundle, error) {
+
+ var bundle Bundle
+ var descriptors []*Descriptor
+ var err error
+ var raw []Raw
+
+ bundle.Signatures, bundle.Patch, descriptors, err = preProcessBundle(r.loader, r.skipVerify, r.sizeLimitBytes)
+ if err != nil {
+ return bundle, err
+ }
+
+ bundle.lazyLoadingMode = r.lazyLoadingMode
+ bundle.sizeLimitBytes = r.sizeLimitBytes
+
+ if bundle.Type() == SnapshotBundleType {
+ err = r.checkSignaturesAndDescriptors(bundle.Signatures)
+ if err != nil {
+ return bundle, err
+ }
+
+ bundle.Data = map[string]any{}
+ }
+
+ var modules []ModuleFile
+ for _, f := range descriptors {
+ buf, err := readFile(f, r.sizeLimitBytes)
+ if err != nil {
+ return bundle, err
+ }
+
+ // verify the file content
+ if bundle.Type() == SnapshotBundleType && !bundle.Signatures.isEmpty() {
+ path := f.Path()
+ if r.baseDir != "" {
+ path = f.URL()
+ }
+ path = strings.TrimPrefix(path, "/")
+
+ // check if the file is to be excluded from bundle verification
+ if r.isFileExcluded(path) {
+ delete(r.files, path)
+ } else {
+ if err = r.verifyBundleFile(path, buf); err != nil {
+ return bundle, err
+ }
+ }
+ }
+
+ // Normalize the paths to use `/` separators
+ path := filepath.ToSlash(f.Path())
+
+ if strings.HasSuffix(path, RegoExt) {
+ fullPath := r.fullPath(path)
+ bs := buf.Bytes()
+
+ // Modules are parsed after we've had a chance to read the manifest
+ mf := ModuleFile{
+ URL: f.URL(),
+ Path: fullPath,
+ RelativePath: path,
+ Raw: bs,
+ }
+ modules = append(modules, mf)
+
+ if r.lazyLoadingMode {
+ p := fullPath
+ if r.name != "" {
+ p = modulePathWithPrefix(r.name, fullPath)
+ }
+
+ raw = append(raw, Raw{Path: p, Value: bs, module: &mf})
+ }
+ } else if filepath.Base(path) == WasmFile {
+ bundle.WasmModules = append(bundle.WasmModules, WasmModuleFile{
+ URL: f.URL(),
+ Path: r.fullPath(path),
+ Raw: buf.Bytes(),
+ })
+ } else if filepath.Base(path) == PlanFile {
+ bundle.PlanModules = append(bundle.PlanModules, PlanModuleFile{
+ URL: f.URL(),
+ Path: r.fullPath(path),
+ Raw: buf.Bytes(),
+ })
+ } else if filepath.Base(path) == dataFile {
+ if r.lazyLoadingMode {
+ raw = append(raw, Raw{Path: path, Value: buf.Bytes()})
+ continue
+ }
+
+ var value any
+
+ r.metrics.Timer(metrics.RegoDataParse).Start()
+ err := util.UnmarshalJSON(buf.Bytes(), &value)
+ r.metrics.Timer(metrics.RegoDataParse).Stop()
+
+ if err != nil {
+ return bundle, fmt.Errorf("bundle load failed on %v: %w", r.fullPath(path), err)
+ }
+
+ if err := insertValue(&bundle, path, value); err != nil {
+ return bundle, err
+ }
+
+ } else if filepath.Base(path) == yamlDataFile || filepath.Base(path) == ymlDataFile {
+ if r.lazyLoadingMode {
+ raw = append(raw, Raw{Path: path, Value: buf.Bytes()})
+ continue
+ }
+
+ var value any
+
+ r.metrics.Timer(metrics.RegoDataParse).Start()
+ err := util.Unmarshal(buf.Bytes(), &value)
+ r.metrics.Timer(metrics.RegoDataParse).Stop()
+
+ if err != nil {
+ return bundle, fmt.Errorf("bundle load failed on %v: %w", r.fullPath(path), err)
+ }
+
+ if err := insertValue(&bundle, path, value); err != nil {
+ return bundle, err
+ }
+
+ } else if strings.HasSuffix(path, ManifestExt) {
+ if err := util.NewJSONDecoder(&buf).Decode(&bundle.Manifest); err != nil {
+ return bundle, fmt.Errorf("bundle load failed on manifest decode: %w", err)
+ }
+ }
+ }
+
+ // Parse modules
+ popts := r.ParserOptions()
+ popts.RegoVersion = bundle.RegoVersion(popts.EffectiveRegoVersion())
+ for _, mf := range modules {
+ modulePopts := popts
+ if regoVersion, err := bundle.RegoVersionForFile(mf.RelativePath, popts.EffectiveRegoVersion()); err != nil {
+ return bundle, err
+ } else if regoVersion != ast.RegoUndefined {
+ // We don't expect ast.RegoUndefined here, but don't override configured rego-version if we do just to be extra protective
+ modulePopts.RegoVersion = regoVersion
+ }
+ r.metrics.Timer(metrics.RegoModuleParse).Start()
+ mf.Parsed, err = ast.ParseModuleWithOpts(mf.Path, string(mf.Raw), modulePopts)
+ r.metrics.Timer(metrics.RegoModuleParse).Stop()
+ if err != nil {
+ return bundle, err
+ }
+ bundle.Modules = append(bundle.Modules, mf)
+ }
+
+ if bundle.Type() == DeltaBundleType {
+ if len(bundle.Data) != 0 {
+ return bundle, errors.New("delta bundle expected to contain only patch file but data files found")
+ }
+
+ if len(bundle.Modules) != 0 {
+ return bundle, errors.New("delta bundle expected to contain only patch file but policy files found")
+ }
+
+ if len(bundle.WasmModules) != 0 {
+ return bundle, errors.New("delta bundle expected to contain only patch file but wasm files found")
+ }
+
+ if r.persist {
+ return bundle, errors.New("'persist' property is true in config. persisting delta bundle to disk is not supported")
+ }
+ }
+
+ // check if the bundle signatures specify any files that weren't found in the bundle
+ if bundle.Type() == SnapshotBundleType && len(r.files) != 0 {
+ extra := []string{}
+ for k := range r.files {
+ extra = append(extra, k)
+ }
+ return bundle, fmt.Errorf("file(s) %v specified in bundle signatures but not found in the target bundle", extra)
+ }
+
+ if err := bundle.Manifest.validateAndInjectDefaults(bundle); err != nil {
+ return bundle, err
+ }
+
+ // Inject the wasm module entrypoint refs into the WasmModuleFile structs
+ epMap := map[string][]string{}
+ for _, r := range bundle.Manifest.WasmResolvers {
+ epMap[r.Module] = append(epMap[r.Module], r.Entrypoint)
+ }
+ for i := range len(bundle.WasmModules) {
+ entrypoints := epMap[bundle.WasmModules[i].Path]
+ for _, entrypoint := range entrypoints {
+ ref, err := ast.PtrRef(ast.DefaultRootDocument, entrypoint)
+ if err != nil {
+ return bundle, fmt.Errorf("failed to parse wasm module entrypoint '%s': %s", entrypoint, err)
+ }
+ bundle.WasmModules[i].Entrypoints = append(bundle.WasmModules[i].Entrypoints, ref)
+ }
+ }
+
+ if r.includeManifestInData {
+ var metadata map[string]any
+
+ b, err := json.Marshal(&bundle.Manifest)
+ if err != nil {
+ return bundle, fmt.Errorf("bundle load failed on manifest marshal: %w", err)
+ }
+
+ err = util.UnmarshalJSON(b, &metadata)
+ if err != nil {
+ return bundle, fmt.Errorf("bundle load failed on manifest unmarshal: %w", err)
+ }
+
+ // For backwards compatibility always write to the old unnamed manifest path
+ // This will *not* be correct if >1 bundle is in use...
+ if err := bundle.insertData(legacyManifestStoragePath, metadata); err != nil {
+ return bundle, fmt.Errorf("bundle load failed on %v: %w", legacyRevisionStoragePath, err)
+ }
+ }
+
+ bundle.Etag = r.etag
+ bundle.Raw = raw
+
+ return bundle, nil
+}
+
+func (r *Reader) isFileExcluded(path string) bool {
+ for _, e := range r.verificationConfig.Exclude {
+ match, _ := filepath.Match(e, path)
+ if match {
+ return true
+ }
+ }
+ return false
+}
+
+func (r *Reader) checkSignaturesAndDescriptors(signatures SignaturesConfig) error {
+ if r.skipVerify {
+ return nil
+ }
+
+ if signatures.isEmpty() && r.verificationConfig != nil && r.verificationConfig.KeyID != "" {
+ return errors.New("bundle missing .signatures.json file")
+ }
+
+ if !signatures.isEmpty() {
+ if r.verificationConfig == nil {
+ return errors.New("verification key not provided")
+ }
+
+ // verify the JWT signatures included in the `.signatures.json` file
+ if err := r.verifyBundleSignature(signatures); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func (r *Reader) verifyBundleSignature(sc SignaturesConfig) error {
+ var err error
+ r.files, err = VerifyBundleSignature(sc, r.verificationConfig)
+ return err
+}
+
+func (r *Reader) verifyBundleFile(path string, data bytes.Buffer) error {
+ return VerifyBundleFile(path, data, r.files)
+}
+
+func (r *Reader) fullPath(path string) string {
+ if r.baseDir != "" {
+ path = filepath.Join(r.baseDir, path)
+ }
+ return path
+}
+
+// Write is deprecated. Use NewWriter instead.
+func Write(w io.Writer, bundle Bundle) error {
+ return NewWriter(w).
+ UseModulePath(true).
+ DisableFormat(true).
+ Write(bundle)
+}
+
+// Writer implements bundle serialization.
+type Writer struct {
+ usePath bool
+ disableFormat bool
+ w io.Writer
+}
+
+// NewWriter returns a bundle writer that writes to w.
+func NewWriter(w io.Writer) *Writer {
+ return &Writer{
+ w: w,
+ }
+}
+
+// UseModulePath configures the writer to use the module file path instead of the
+// module file URL during serialization. This is for backwards compatibility.
+func (w *Writer) UseModulePath(yes bool) *Writer {
+ w.usePath = yes
+ return w
+}
+
+// DisableFormat configures the writer to just write out raw bytes instead
+// of formatting modules before serialization.
+func (w *Writer) DisableFormat(yes bool) *Writer {
+ w.disableFormat = yes
+ return w
+}
+
+// Write writes the bundle to the writer's output stream.
+func (w *Writer) Write(bundle Bundle) error {
+ gw := gzip.NewWriter(w.w)
+ tw := tar.NewWriter(gw)
+
+ bundleType := bundle.Type()
+
+ if bundleType == SnapshotBundleType {
+ var buf bytes.Buffer
+
+ if err := json.NewEncoder(&buf).Encode(bundle.Data); err != nil {
+ return err
+ }
+
+ if err := archive.WriteFile(tw, "data.json", buf.Bytes()); err != nil {
+ return err
+ }
+
+ for _, module := range bundle.Modules {
+ path := module.URL
+ if w.usePath {
+ path = module.Path
+ }
+
+ if err := archive.WriteFile(tw, path, module.Raw); err != nil {
+ return err
+ }
+ }
+
+ if err := w.writeWasm(tw, bundle); err != nil {
+ return err
+ }
+
+ if err := writeSignatures(tw, bundle); err != nil {
+ return err
+ }
+
+ if err := w.writePlan(tw, bundle); err != nil {
+ return err
+ }
+ } else if bundleType == DeltaBundleType {
+ if err := writePatch(tw, bundle); err != nil {
+ return err
+ }
+ }
+
+ if err := writeManifest(tw, bundle); err != nil {
+ return err
+ }
+
+ if err := tw.Close(); err != nil {
+ return err
+ }
+
+ return gw.Close()
+}
+
+func (w *Writer) writeWasm(tw *tar.Writer, bundle Bundle) error {
+ for _, wm := range bundle.WasmModules {
+ path := wm.URL
+ if w.usePath {
+ path = wm.Path
+ }
+
+ err := archive.WriteFile(tw, path, wm.Raw)
+ if err != nil {
+ return err
+ }
+ }
+
+ if len(bundle.Wasm) > 0 {
+ err := archive.WriteFile(tw, "/"+WasmFile, bundle.Wasm)
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+func (w *Writer) writePlan(tw *tar.Writer, bundle Bundle) error {
+ for _, wm := range bundle.PlanModules {
+ path := wm.URL
+ if w.usePath {
+ path = wm.Path
+ }
+
+ err := archive.WriteFile(tw, path, wm.Raw)
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+func writeManifest(tw *tar.Writer, bundle Bundle) error {
+
+ if bundle.Manifest.Empty() {
+ return nil
+ }
+
+ var buf bytes.Buffer
+
+ if err := json.NewEncoder(&buf).Encode(bundle.Manifest); err != nil {
+ return err
+ }
+
+ return archive.WriteFile(tw, ManifestExt, buf.Bytes())
+}
+
+func writePatch(tw *tar.Writer, bundle Bundle) error {
+
+ var buf bytes.Buffer
+
+ if err := json.NewEncoder(&buf).Encode(bundle.Patch); err != nil {
+ return err
+ }
+
+ return archive.WriteFile(tw, patchFile, buf.Bytes())
+}
+
+func writeSignatures(tw *tar.Writer, bundle Bundle) error {
+
+ if bundle.Signatures.isEmpty() {
+ return nil
+ }
+
+ bs, err := json.MarshalIndent(bundle.Signatures, "", " ")
+ if err != nil {
+ return err
+ }
+
+ return archive.WriteFile(tw, fmt.Sprintf(".%v", SignaturesFile), bs)
+}
+
+func hashBundleFiles(hash SignatureHasher, b *Bundle) ([]FileInfo, error) {
+
+ files := []FileInfo{}
+
+ bs, err := hash.HashFile(b.Data)
+ if err != nil {
+ return files, err
+ }
+ files = append(files, NewFile(strings.TrimPrefix("data.json", "/"), hex.EncodeToString(bs), defaultHashingAlg))
+
+ if len(b.Wasm) != 0 {
+ bs, err := hash.HashFile(b.Wasm)
+ if err != nil {
+ return files, err
+ }
+ files = append(files, NewFile(strings.TrimPrefix(WasmFile, "/"), hex.EncodeToString(bs), defaultHashingAlg))
+ }
+
+ for _, wasmModule := range b.WasmModules {
+ bs, err := hash.HashFile(wasmModule.Raw)
+ if err != nil {
+ return files, err
+ }
+ files = append(files, NewFile(strings.TrimPrefix(wasmModule.Path, "/"), hex.EncodeToString(bs), defaultHashingAlg))
+ }
+
+ for _, planmodule := range b.PlanModules {
+ bs, err := hash.HashFile(planmodule.Raw)
+ if err != nil {
+ return files, err
+ }
+ files = append(files, NewFile(strings.TrimPrefix(planmodule.Path, "/"), hex.EncodeToString(bs), defaultHashingAlg))
+ }
+
+ // If the manifest is essentially empty, don't add it to the signatures since it
+ // won't be written to the bundle. Otherwise:
+ // parse the manifest into a JSON structure;
+ // then recursively order the fields of all objects alphabetically and then apply
+ // the hash function to result to compute the hash.
+ if !b.Manifest.Empty() {
+ mbs, err := json.Marshal(b.Manifest)
+ if err != nil {
+ return files, err
+ }
+
+ var result map[string]any
+ if err := util.Unmarshal(mbs, &result); err != nil {
+ return files, err
+ }
+
+ bs, err = hash.HashFile(result)
+ if err != nil {
+ return files, err
+ }
+
+ files = append(files, NewFile(strings.TrimPrefix(ManifestExt, "/"), hex.EncodeToString(bs), defaultHashingAlg))
+ }
+
+ return files, err
+}
+
+// FormatModules formats Rego modules
+// Modules will be formatted to comply with [ast.DefaultRegoVersion], but Rego compatibility of individual parsed modules will be respected (e.g. if 'rego.v1' is imported).
+func (b *Bundle) FormatModules(useModulePath bool) error {
+ return b.FormatModulesForRegoVersion(ast.DefaultRegoVersion, true, useModulePath)
+}
+
+// FormatModulesForRegoVersion formats Rego modules to comply with a given Rego version
+func (b *Bundle) FormatModulesForRegoVersion(version ast.RegoVersion, preserveModuleRegoVersion bool, useModulePath bool) error {
+ var err error
+
+ for i, module := range b.Modules {
+ opts := format.Opts{}
+ if preserveModuleRegoVersion {
+ opts.RegoVersion = module.Parsed.RegoVersion()
+ opts.ParserOptions = &ast.ParserOptions{
+ RegoVersion: opts.RegoVersion,
+ }
+ } else {
+ opts.RegoVersion = version
+ }
+
+ if module.Raw == nil {
+ module.Raw, err = format.AstWithOpts(module.Parsed, opts)
+ if err != nil {
+ return err
+ }
+ } else {
+ path := module.URL
+ if useModulePath {
+ path = module.Path
+ }
+
+ module.Raw, err = format.SourceWithOpts(path, module.Raw, opts)
+ if err != nil {
+ return err
+ }
+ }
+ b.Modules[i].Raw = module.Raw
+ }
+ return nil
+}
+
+// GenerateSignature generates the signature for the given bundle.
+func (b *Bundle) GenerateSignature(signingConfig *SigningConfig, keyID string, useModulePath bool) error {
+
+ hash, err := NewSignatureHasher(HashingAlgorithm(defaultHashingAlg))
+ if err != nil {
+ return err
+ }
+
+ files := []FileInfo{}
+
+ for _, module := range b.Modules {
+ bytes, err := hash.HashFile(module.Raw)
+ if err != nil {
+ return err
+ }
+
+ path := module.URL
+ if useModulePath {
+ path = module.Path
+ }
+ files = append(files, NewFile(strings.TrimPrefix(path, "/"), hex.EncodeToString(bytes), defaultHashingAlg))
+ }
+
+ result, err := hashBundleFiles(hash, b)
+ if err != nil {
+ return err
+ }
+ files = append(files, result...)
+
+ // generate signed token
+ token, err := GenerateSignedToken(files, signingConfig, keyID)
+ if err != nil {
+ return err
+ }
+
+ if b.Signatures.isEmpty() {
+ b.Signatures = SignaturesConfig{}
+ }
+
+ if signingConfig.Plugin != "" {
+ b.Signatures.Plugin = signingConfig.Plugin
+ }
+
+ b.Signatures.Signatures = []string{token}
+
+ return nil
+}
+
+// ParsedModules returns a map of parsed modules with names that are
+// unique and human readable for the given a bundle name.
+func (b *Bundle) ParsedModules(bundleName string) map[string]*ast.Module {
+
+ mods := make(map[string]*ast.Module, len(b.Modules))
+
+ for _, mf := range b.Modules {
+ mods[modulePathWithPrefix(bundleName, mf.Path)] = mf.Parsed
+ }
+
+ return mods
+}
+
+func (b *Bundle) RegoVersion(def ast.RegoVersion) ast.RegoVersion {
+ if v := b.Manifest.RegoVersion; v != nil {
+ if *v == 0 {
+ return ast.RegoV0
+ } else if *v == 1 {
+ return ast.RegoV1
+ }
+ }
+ return def
+}
+
+func (b *Bundle) SetRegoVersion(v ast.RegoVersion) {
+ b.Manifest.SetRegoVersion(v)
+}
+
+// RegoVersionForFile returns the rego-version for the specified file path.
+// If there is no defined version for the given path, the default version def is returned.
+// If the version does not correspond to ast.RegoV0 or ast.RegoV1, an error is returned.
+func (b *Bundle) RegoVersionForFile(path string, def ast.RegoVersion) (ast.RegoVersion, error) {
+ version, err := b.Manifest.numericRegoVersionForFile(path)
+ if err != nil {
+ return def, err
+ } else if version == nil {
+ return def, nil
+ } else if *version == 0 {
+ return ast.RegoV0, nil
+ } else if *version == 1 {
+ return ast.RegoV1, nil
+ }
+ return def, fmt.Errorf("unknown bundle rego-version %d for file '%s'", *version, path)
+}
+
+func (m *Manifest) RegoVersionForFile(path string) (ast.RegoVersion, error) {
+ v, err := m.numericRegoVersionForFile(path)
+ if err != nil {
+ return ast.RegoUndefined, err
+ }
+
+ if v == nil {
+ return ast.RegoUndefined, nil
+ }
+
+ return ast.RegoVersionFromInt(*v), nil
+}
+
+func (m *Manifest) numericRegoVersionForFile(path string) (*int, error) {
+ var version *int
+
+ if len(m.FileRegoVersions) != len(m.compiledFileRegoVersions) {
+ m.compiledFileRegoVersions = make([]fileRegoVersion, 0, len(m.FileRegoVersions))
+ for pattern, v := range m.FileRegoVersions {
+ compiled, err := glob.Compile(pattern)
+ if err != nil {
+ return nil, fmt.Errorf("failed to compile glob pattern %s: %s", pattern, err)
+ }
+ m.compiledFileRegoVersions = append(m.compiledFileRegoVersions, fileRegoVersion{compiled, v})
+ }
+ }
+
+ for _, fv := range m.compiledFileRegoVersions {
+ if fv.path.Match(path) {
+ version = &fv.version
+ break
+ }
+ }
+
+ if version == nil {
+ version = m.RegoVersion
+ }
+ return version, nil
+}
+
+// Equal returns true if this bundle's contents equal the other bundle's
+// contents.
+func (b Bundle) Equal(other Bundle) bool {
+ if !reflect.DeepEqual(b.Data, other.Data) {
+ return false
+ }
+
+ if len(b.Modules) != len(other.Modules) {
+ return false
+ }
+ for i := range b.Modules {
+ // To support bundles built from rootless filesystems we ignore a "/" prefix
+ // for URLs and Paths, such that "/file" and "file" are equivalent
+ if strings.TrimPrefix(b.Modules[i].URL, string(filepath.Separator)) !=
+ strings.TrimPrefix(other.Modules[i].URL, string(filepath.Separator)) {
+ return false
+ }
+ if strings.TrimPrefix(b.Modules[i].Path, string(filepath.Separator)) !=
+ strings.TrimPrefix(other.Modules[i].Path, string(filepath.Separator)) {
+ return false
+ }
+ if !b.Modules[i].Parsed.Equal(other.Modules[i].Parsed) {
+ return false
+ }
+ if !bytes.Equal(b.Modules[i].Raw, other.Modules[i].Raw) {
+ return false
+ }
+ }
+ if (b.Wasm == nil && other.Wasm != nil) || (b.Wasm != nil && other.Wasm == nil) {
+ return false
+ }
+
+ return bytes.Equal(b.Wasm, other.Wasm)
+}
+
+// Copy returns a deep copy of the bundle.
+func (b Bundle) Copy() Bundle {
+
+ // Copy data.
+ var x any = b.Data
+
+ if err := util.RoundTrip(&x); err != nil {
+ panic(err)
+ }
+
+ if x != nil {
+ b.Data = x.(map[string]any)
+ }
+
+ // Copy modules.
+ for i := range b.Modules {
+ bs := make([]byte, len(b.Modules[i].Raw))
+ copy(bs, b.Modules[i].Raw)
+ b.Modules[i].Raw = bs
+ b.Modules[i].Parsed = b.Modules[i].Parsed.Copy()
+ }
+
+ // Copy manifest.
+ b.Manifest = b.Manifest.Copy()
+
+ return b
+}
+
+func (b *Bundle) insertData(key []string, value any) error {
+ // Build an object with the full structure for the value
+ obj, err := mktree(key, value)
+ if err != nil {
+ return err
+ }
+
+ // Merge the new data in with the current bundle data object
+ merged, ok := merge.InterfaceMaps(b.Data, obj)
+ if !ok {
+ return fmt.Errorf("failed to insert data file from path %s", filepath.Join(key...))
+ }
+
+ b.Data = merged
+
+ return nil
+}
+
+func (b *Bundle) readData(key []string) *any {
+
+ if len(key) == 0 {
+ if len(b.Data) == 0 {
+ return nil
+ }
+ var result any = b.Data
+ return &result
+ }
+
+ node := b.Data
+
+ for i := range len(key) - 1 {
+
+ child, ok := node[key[i]]
+ if !ok {
+ return nil
+ }
+
+ childObj, ok := child.(map[string]any)
+ if !ok {
+ return nil
+ }
+
+ node = childObj
+ }
+
+ child, ok := node[key[len(key)-1]]
+ if !ok {
+ return nil
+ }
+
+ return &child
+}
+
+// Type returns the type of the bundle.
+func (b *Bundle) Type() string {
+ if len(b.Patch.Data) != 0 {
+ return DeltaBundleType
+ }
+ return SnapshotBundleType
+}
+
+func mktree(path []string, value any) (map[string]any, error) {
+ if len(path) == 0 {
+ // For 0 length path the value is the full tree.
+ obj, ok := value.(map[string]any)
+ if !ok {
+ return nil, errors.New("root value must be object")
+ }
+ return obj, nil
+ }
+
+ dir := map[string]any{}
+ for i := len(path) - 1; i > 0; i-- {
+ dir[path[i]] = value
+ value = dir
+ dir = map[string]any{}
+ }
+ dir[path[0]] = value
+
+ return dir, nil
+}
+
+// Merge accepts a set of bundles and merges them into a single result bundle. If there are
+// any conflicts during the merge (e.g., with roots) an error is returned. The result bundle
+// will have an empty revision except in the special case where a single bundle is provided
+// (and in that case the bundle is just returned unmodified.)
+func Merge(bundles []*Bundle) (*Bundle, error) {
+ return MergeWithRegoVersion(bundles, ast.DefaultRegoVersion, false)
+}
+
+// MergeWithRegoVersion creates a merged bundle from the provided bundles, similar to Merge.
+// If more than one bundle is provided, the rego version of the result bundle is set to the provided regoVersion.
+// Any Rego files in a bundle of conflicting rego version will be marked in the result's manifest with the rego version
+// of its original bundle. If the Rego file already had an overriding rego version, it will be preserved.
+// If a single bundle is provided, it will retain any rego version information it already had. If it has none, the
+// provided regoVersion will be applied to it.
+// If usePath is true, per-file rego-versions will be calculated using the file's ModuleFile.Path; otherwise, the file's
+// ModuleFile.URL will be used.
+func MergeWithRegoVersion(bundles []*Bundle, regoVersion ast.RegoVersion, usePath bool) (*Bundle, error) {
+
+ if len(bundles) == 0 {
+ return nil, errors.New("expected at least one bundle")
+ }
+
+ if regoVersion == ast.RegoUndefined {
+ regoVersion = ast.DefaultRegoVersion
+ }
+
+ if len(bundles) == 1 {
+ result := bundles[0]
+ // We respect the bundle rego-version, defaulting to the provided rego version if not set.
+ result.SetRegoVersion(result.RegoVersion(regoVersion))
+ fileRegoVersions, err := bundleRegoVersions(result, result.RegoVersion(regoVersion), usePath)
+ if err != nil {
+ return nil, err
+ }
+ result.Manifest.FileRegoVersions = fileRegoVersions
+ return result, nil
+ }
+
+ var roots []string
+ var result Bundle
+
+ for _, b := range bundles {
+
+ if b.Manifest.Roots == nil {
+ return nil, errors.New("bundle manifest not initialized")
+ }
+
+ roots = append(roots, *b.Manifest.Roots...)
+
+ result.Modules = append(result.Modules, b.Modules...)
+
+ for _, root := range *b.Manifest.Roots {
+ key := strings.Split(root, "/")
+ if val := b.readData(key); val != nil {
+ if err := result.insertData(key, *val); err != nil {
+ return nil, err
+ }
+ }
+ }
+
+ result.Manifest.WasmResolvers = append(result.Manifest.WasmResolvers, b.Manifest.WasmResolvers...)
+ result.WasmModules = append(result.WasmModules, b.WasmModules...)
+ result.PlanModules = append(result.PlanModules, b.PlanModules...)
+
+ if b.Manifest.RegoVersion != nil || len(b.Manifest.FileRegoVersions) > 0 {
+ if result.Manifest.FileRegoVersions == nil {
+ result.Manifest.FileRegoVersions = map[string]int{}
+ }
+
+ fileRegoVersions, err := bundleRegoVersions(b, regoVersion, usePath)
+ if err != nil {
+ return nil, err
+ }
+ maps.Copy(result.Manifest.FileRegoVersions, fileRegoVersions)
+ }
+ }
+
+ // We respect the bundle rego-version, defaulting to the provided rego version if not set.
+ result.SetRegoVersion(result.RegoVersion(regoVersion))
+
+ if result.Data == nil {
+ result.Data = map[string]any{}
+ }
+
+ result.Manifest.Roots = &roots
+
+ if err := result.Manifest.validateAndInjectDefaults(result); err != nil {
+ return nil, err
+ }
+
+ return &result, nil
+}
+
+func bundleRegoVersions(bundle *Bundle, regoVersion ast.RegoVersion, usePath bool) (map[string]int, error) {
+ fileRegoVersions := map[string]int{}
+
+ // we drop the bundle-global rego versions and record individual rego versions for each module.
+ for _, m := range bundle.Modules {
+ // We fetch rego-version by the path relative to the bundle root, as the complete path of the module might
+ // contain the path between OPA working directory and the bundle root.
+ v, err := bundle.RegoVersionForFile(bundleRelativePath(m, usePath), bundle.RegoVersion(regoVersion))
+ if err != nil {
+ return nil, err
+ }
+
+ // only record the rego version if it's different from the one applied globally to the result bundle
+ if v != ast.RegoUndefined {
+ if regoVersion == ast.RegoUndefined {
+ // We store the rego version by the absolute path to the bundle root, as this will be the - possibly new - path
+ // to the module inside the merged bundle.
+ fileRegoVersions[bundleAbsolutePath(m, usePath)] = v.Int()
+ } else {
+ vInt := v.Int()
+ gVInt := regoVersion.Int()
+ if vInt != gVInt {
+ fileRegoVersions[bundleAbsolutePath(m, usePath)] = vInt
+ }
+ }
+ }
+ }
+
+ return fileRegoVersions, nil
+}
+
+func bundleRelativePath(m ModuleFile, usePath bool) string {
+ p := m.RelativePath
+ if p == "" {
+ if usePath {
+ p = m.Path
+ } else {
+ p = m.URL
+ }
+ }
+ return p
+}
+
+func bundleAbsolutePath(m ModuleFile, usePath bool) string {
+ var p string
+ if usePath {
+ p = m.Path
+ } else {
+ p = m.URL
+ }
+ if !path.IsAbs(p) {
+ p = "/" + p
+ }
+ return path.Clean(p)
+}
+
+// RootPathsOverlap takes in two bundle root paths and returns true if they overlap.
+func RootPathsOverlap(pathA string, pathB string) bool {
+ a := rootPathSegments(pathA)
+ b := rootPathSegments(pathB)
+ return rootContains(a, b) || rootContains(b, a)
+}
+
+// RootPathsContain takes a set of bundle root paths and returns true if the path is contained.
+func RootPathsContain(roots []string, path string) bool {
+ segments := rootPathSegments(path)
+ for i := range roots {
+ if rootContains(rootPathSegments(roots[i]), segments) {
+ return true
+ }
+ }
+ return false
+}
+
+func rootPathSegments(path string) []string {
+ return strings.Split(path, "/")
+}
+
+func rootContains(root []string, other []string) bool {
+
+ // A single segment, empty string root always contains the other.
+ if len(root) == 1 && root[0] == "" {
+ return true
+ }
+
+ if len(root) > len(other) {
+ return false
+ }
+
+ for j := range root {
+ if root[j] != other[j] {
+ return false
+ }
+ }
+
+ return true
+}
+
+func insertValue(b *Bundle, path string, value any) error {
+ if err := b.insertData(getNormalizedPath(path), value); err != nil {
+ return fmt.Errorf("bundle load failed on %v: %w", path, err)
+ }
+ return nil
+}
+
+func getNormalizedPath(path string) []string {
+ // Remove leading / and . characters from the directory path. If the bundle
+ // was written with OPA then the paths will contain a leading slash. On the
+ // other hand, if the path is empty, filepath.Dir will return '.'.
+ // Note: filepath.Dir can return paths with '\' separators, always use
+ // filepath.ToSlash to keep them normalized.
+ dirpath := strings.TrimLeft(normalizePath(filepath.Dir(path)), "/.")
+ var key []string
+ if dirpath != "" {
+ key = strings.Split(dirpath, "/")
+ }
+ return key
+}
+
+func dfs(value any, path string, fn func(string, any) (bool, error)) error {
+ if stop, err := fn(path, value); err != nil {
+ return err
+ } else if stop {
+ return nil
+ }
+ obj, ok := value.(map[string]any)
+ if !ok {
+ return nil
+ }
+ for key := range obj {
+ if err := dfs(obj[key], path+"/"+key, fn); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func modulePathWithPrefix(bundleName string, modulePath string) string {
+ // Default prefix is just the bundle name
+ prefix := bundleName
+
+ // Bundle names are sometimes just file paths, some of which
+ // are full urls (file:///foo/). Parse these and only use the path.
+ parsed, err := url.Parse(bundleName)
+ if err == nil {
+ prefix = filepath.Join(parsed.Host, parsed.Path)
+ }
+
+ // Note: filepath.Join can return paths with '\' separators, always use
+ // filepath.ToSlash to keep them normalized.
+ return normalizePath(filepath.Join(prefix, modulePath))
+}
+
+// IsStructuredDoc checks if the file name equals a structured file extension ex. ".json"
+func IsStructuredDoc(name string) bool {
+ return filepath.Base(name) == dataFile || filepath.Base(name) == yamlDataFile ||
+ filepath.Base(name) == SignaturesFile || filepath.Base(name) == ManifestExt
+}
+
+func preProcessBundle(loader DirectoryLoader, skipVerify bool, sizeLimitBytes int64) (SignaturesConfig, Patch, []*Descriptor, error) {
+ descriptors := []*Descriptor{}
+ var signatures SignaturesConfig
+ var patch Patch
+
+ for {
+ f, err := loader.NextFile()
+ if err == io.EOF {
+ break
+ }
+
+ if err != nil {
+ return signatures, patch, nil, fmt.Errorf("bundle read failed: %w", err)
+ }
+
+ // check for the signatures file
+ if !skipVerify && strings.HasSuffix(f.Path(), SignaturesFile) {
+ buf, err := readFile(f, sizeLimitBytes)
+ if err != nil {
+ return signatures, patch, nil, err
+ }
+
+ if err := util.NewJSONDecoder(&buf).Decode(&signatures); err != nil {
+ return signatures, patch, nil, fmt.Errorf("bundle load failed on signatures decode: %w", err)
+ }
+ } else if !strings.HasSuffix(f.Path(), SignaturesFile) {
+ descriptors = append(descriptors, f)
+
+ if filepath.Base(f.Path()) == patchFile {
+
+ var b bytes.Buffer
+ tee := io.TeeReader(f.reader, &b)
+ f.reader = tee
+
+ buf, err := readFile(f, sizeLimitBytes)
+ if err != nil {
+ return signatures, patch, nil, err
+ }
+
+ if err := util.NewJSONDecoder(&buf).Decode(&patch); err != nil {
+ return signatures, patch, nil, fmt.Errorf("bundle load failed on patch decode: %w", err)
+ }
+
+ f.reader = &b
+ }
+ }
+ }
+ return signatures, patch, descriptors, nil
+}
+
+func readFile(f *Descriptor, sizeLimitBytes int64) (bytes.Buffer, error) {
+ // Case for pre-loaded byte buffers, like those from the tarballLoader.
+ if bb, ok := f.reader.(*bytes.Buffer); ok {
+ _ = f.Close() // always close, even on error
+
+ if int64(bb.Len()) >= sizeLimitBytes {
+ return *bb, fmt.Errorf("bundle file '%v' size (%d bytes) exceeded max size (%v bytes)",
+ strings.TrimPrefix(f.Path(), "/"), bb.Len(), sizeLimitBytes-1)
+ }
+
+ return *bb, nil
+ }
+
+ // Case for *lazyFile readers:
+ if lf, ok := f.reader.(*lazyFile); ok {
+ var buf bytes.Buffer
+ if lf.file == nil {
+ var err error
+ if lf.file, err = os.Open(lf.path); err != nil {
+ return buf, fmt.Errorf("failed to open file %s: %w", f.path, err)
+ }
+ }
+ // Bail out if we can't read the whole file-- there's nothing useful we can do at that point!
+ fileSize, _ := fstatFileSize(lf.file)
+ if fileSize > sizeLimitBytes {
+ return buf, fmt.Errorf(maxSizeLimitBytesErrMsg, strings.TrimPrefix(f.Path(), "/"), fileSize, sizeLimitBytes-1)
+ }
+ // Prealloc the buffer for the file read.
+ buffer := make([]byte, fileSize)
+ _, err := io.ReadFull(lf.file, buffer)
+ if err != nil {
+ return buf, err
+ }
+ _ = lf.file.Close() // always close, even on error
+
+ // Note(philipc): Replace the lazyFile reader in the *Descriptor with a
+ // pointer to the wrapping bytes.Buffer, so that we don't re-read the
+ // file on disk again by accident.
+ buf = *bytes.NewBuffer(buffer)
+ f.reader = &buf
+ return buf, nil
+ }
+
+ // Fallback case:
+ var buf bytes.Buffer
+ n, err := f.Read(&buf, sizeLimitBytes)
+ _ = f.Close() // always close, even on error
+
+ if err != nil && err != io.EOF {
+ return buf, err
+ } else if err == nil && n >= sizeLimitBytes {
+ return buf, fmt.Errorf(maxSizeLimitBytesErrMsg, strings.TrimPrefix(f.Path(), "/"), n, sizeLimitBytes-1)
+ }
+
+ return buf, nil
+}
+
+// Takes an already open file handle and invokes the os.Stat system call on it
+// to determine the file's size. Passes any errors from *File.Stat on up to the
+// caller.
+func fstatFileSize(f *os.File) (int64, error) {
+ fileInfo, err := f.Stat()
+ if err != nil {
+ return 0, err
+ }
+ return fileInfo.Size(), nil
+}
+
+func normalizePath(p string) string {
+ return filepath.ToSlash(p)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/bundle/file.go b/vendor/github.com/open-policy-agent/opa/v1/bundle/file.go
new file mode 100644
index 0000000000..12e159254c
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/bundle/file.go
@@ -0,0 +1,517 @@
+package bundle
+
+import (
+ "archive/tar"
+ "bytes"
+ "compress/gzip"
+ "fmt"
+ "io"
+ "io/fs"
+ "os"
+ "path/filepath"
+ "sort"
+ "strings"
+ "sync"
+
+ "github.com/open-policy-agent/opa/v1/loader/filter"
+
+ "github.com/open-policy-agent/opa/v1/storage"
+)
+
+const maxSizeLimitBytesErrMsg = "bundle file %s size (%d bytes) exceeds configured size_limit_bytes (%d bytes)"
+
+// Descriptor contains information about a file and
+// can be used to read the file contents.
+type Descriptor struct {
+ url string
+ path string
+ reader io.Reader
+ closer io.Closer
+ closeOnce *sync.Once
+}
+
+// lazyFile defers reading the file until the first call of Read
+type lazyFile struct {
+ path string
+ file *os.File
+}
+
+// newLazyFile creates a new instance of lazyFile
+func newLazyFile(path string) *lazyFile {
+ return &lazyFile{path: path}
+}
+
+// Read implements io.Reader. It will check if the file has been opened
+// and open it if it has not before attempting to read using the file's
+// read method
+func (f *lazyFile) Read(b []byte) (int, error) {
+ var err error
+
+ if f.file == nil {
+ if f.file, err = os.Open(f.path); err != nil {
+ return 0, fmt.Errorf("failed to open file %s: %w", f.path, err)
+ }
+ }
+
+ return f.file.Read(b)
+}
+
+// Close closes the lazy file if it has been opened using the file's
+// close method
+func (f *lazyFile) Close() error {
+ if f.file != nil {
+ return f.file.Close()
+ }
+
+ return nil
+}
+
+func NewDescriptor(url, path string, reader io.Reader) *Descriptor {
+ return &Descriptor{
+ url: url,
+ path: path,
+ reader: reader,
+ }
+}
+
+func (d *Descriptor) WithCloser(closer io.Closer) *Descriptor {
+ d.closer = closer
+ d.closeOnce = new(sync.Once)
+ return d
+}
+
+// Path returns the path of the file.
+func (d *Descriptor) Path() string {
+ return d.path
+}
+
+// URL returns the url of the file.
+func (d *Descriptor) URL() string {
+ return d.url
+}
+
+// Read will read all the contents from the file the Descriptor refers to
+// into the dest writer up n bytes. Will return an io.EOF error
+// if EOF is encountered before n bytes are read.
+func (d *Descriptor) Read(dest io.Writer, n int64) (int64, error) {
+ n, err := io.CopyN(dest, d.reader, n)
+ return n, err
+}
+
+// Close the file, on some Loader implementations this might be a no-op.
+// It should *always* be called regardless of file.
+func (d *Descriptor) Close() error {
+ var err error
+ if d.closer != nil {
+ d.closeOnce.Do(func() {
+ err = d.closer.Close()
+ })
+ }
+ return err
+}
+
+type PathFormat int64
+
+const (
+ Chrooted PathFormat = iota
+ SlashRooted
+ Passthrough
+)
+
+// DirectoryLoader defines an interface which can be used to load
+// files from a directory by iterating over each one in the tree.
+type DirectoryLoader interface {
+ // NextFile must return io.EOF if there is no next value. The returned
+ // descriptor should *always* be closed when no longer needed.
+ NextFile() (*Descriptor, error)
+ WithFilter(filter filter.LoaderFilter) DirectoryLoader
+ WithPathFormat(PathFormat) DirectoryLoader
+ WithSizeLimitBytes(sizeLimitBytes int64) DirectoryLoader
+ WithFollowSymlinks(followSymlinks bool) DirectoryLoader
+}
+
+type dirLoader struct {
+ root string
+ files []string
+ idx int
+ filter filter.LoaderFilter
+ pathFormat PathFormat
+ maxSizeLimitBytes int64
+ followSymlinks bool
+}
+
+// Normalize root directory, ex "./src/bundle" -> "src/bundle"
+// We don't need an absolute path, but this makes the joined/trimmed
+// paths more uniform.
+func normalizeRootDirectory(root string) string {
+ if len(root) > 1 {
+ if root[0] == '.' && root[1] == filepath.Separator {
+ if len(root) == 2 {
+ root = root[:1] // "./" -> "."
+ } else {
+ root = root[2:] // remove leading "./"
+ }
+ }
+ }
+ return root
+}
+
+// NewDirectoryLoader returns a basic DirectoryLoader implementation
+// that will load files from a given root directory path.
+func NewDirectoryLoader(root string) DirectoryLoader {
+ d := dirLoader{
+ root: normalizeRootDirectory(root),
+ pathFormat: Chrooted,
+ }
+ return &d
+}
+
+// WithFilter specifies the filter object to use to filter files while loading bundles
+func (d *dirLoader) WithFilter(filter filter.LoaderFilter) DirectoryLoader {
+ d.filter = filter
+ return d
+}
+
+// WithPathFormat specifies how a path is formatted in a Descriptor
+func (d *dirLoader) WithPathFormat(pathFormat PathFormat) DirectoryLoader {
+ d.pathFormat = pathFormat
+ return d
+}
+
+// WithSizeLimitBytes specifies the maximum size of any file in the directory to read
+func (d *dirLoader) WithSizeLimitBytes(sizeLimitBytes int64) DirectoryLoader {
+ d.maxSizeLimitBytes = sizeLimitBytes
+ return d
+}
+
+// WithFollowSymlinks specifies whether to follow symlinks when loading files from the directory
+func (d *dirLoader) WithFollowSymlinks(followSymlinks bool) DirectoryLoader {
+ d.followSymlinks = followSymlinks
+ return d
+}
+
+func formatPath(fileName string, root string, pathFormat PathFormat) string {
+ switch pathFormat {
+ case SlashRooted:
+ if !strings.HasPrefix(fileName, string(filepath.Separator)) {
+ return string(filepath.Separator) + fileName
+ }
+ return fileName
+ case Chrooted:
+ // Trim off the root directory and return path as if chrooted
+ result := strings.TrimPrefix(fileName, filepath.FromSlash(root))
+ if root == "." && filepath.Base(fileName) == ManifestExt {
+ result = fileName
+ }
+ if !strings.HasPrefix(result, string(filepath.Separator)) {
+ result = string(filepath.Separator) + result
+ }
+ return result
+ case Passthrough:
+ fallthrough
+ default:
+ return fileName
+ }
+}
+
+// NextFile iterates to the next file in the directory tree
+// and returns a file Descriptor for the file.
+func (d *dirLoader) NextFile() (*Descriptor, error) {
+ // build a list of all files we will iterate over and read, but only one time
+ if d.files == nil {
+ d.files = []string{}
+ err := filepath.Walk(d.root, func(path string, info os.FileInfo, _ error) error {
+ if info == nil {
+ return nil
+ }
+
+ if info.Mode().IsRegular() {
+ if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, false)) {
+ return nil
+ }
+ if d.maxSizeLimitBytes > 0 && info.Size() > d.maxSizeLimitBytes {
+ return fmt.Errorf(maxSizeLimitBytesErrMsg, strings.TrimPrefix(path, "/"), info.Size(), d.maxSizeLimitBytes)
+ }
+ d.files = append(d.files, path)
+ } else if d.followSymlinks && info.Mode().Type()&fs.ModeSymlink == fs.ModeSymlink {
+ if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, false)) {
+ return nil
+ }
+ if d.maxSizeLimitBytes > 0 && info.Size() > d.maxSizeLimitBytes {
+ return fmt.Errorf(maxSizeLimitBytesErrMsg, strings.TrimPrefix(path, "/"), info.Size(), d.maxSizeLimitBytes)
+ }
+ d.files = append(d.files, path)
+ } else if info.Mode().IsDir() {
+ if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, true)) {
+ return filepath.SkipDir
+ }
+ }
+ return nil
+ })
+ if err != nil {
+ return nil, fmt.Errorf("failed to list files: %w", err)
+ }
+ }
+
+ // If done reading files then just return io.EOF
+ // errors for each NextFile() call
+ if d.idx >= len(d.files) {
+ return nil, io.EOF
+ }
+
+ fileName := d.files[d.idx]
+ d.idx++
+ fh := newLazyFile(fileName)
+
+ cleanedPath := formatPath(fileName, d.root, d.pathFormat)
+ f := NewDescriptor(filepath.Join(d.root, cleanedPath), cleanedPath, fh).WithCloser(fh)
+ return f, nil
+}
+
+type tarballLoader struct {
+ baseURL string
+ r io.Reader
+ tr *tar.Reader
+ files []file
+ idx int
+ filter filter.LoaderFilter
+ skipDir map[string]struct{}
+ pathFormat PathFormat
+ maxSizeLimitBytes int64
+}
+
+type file struct {
+ name string
+ reader io.Reader
+ path storage.Path
+ raw []byte
+}
+
+// NewTarballLoader is deprecated. Use NewTarballLoaderWithBaseURL instead.
+func NewTarballLoader(r io.Reader) DirectoryLoader {
+ l := tarballLoader{
+ r: r,
+ pathFormat: Passthrough,
+ }
+ return &l
+}
+
+// NewTarballLoaderWithBaseURL returns a new DirectoryLoader that reads
+// files out of a gzipped tar archive. The file URLs will be prefixed
+// with the baseURL.
+func NewTarballLoaderWithBaseURL(r io.Reader, baseURL string) DirectoryLoader {
+ l := tarballLoader{
+ baseURL: strings.TrimSuffix(baseURL, "/"),
+ r: r,
+ pathFormat: Passthrough,
+ }
+ return &l
+}
+
+// WithFilter specifies the filter object to use to filter files while loading bundles
+func (t *tarballLoader) WithFilter(filter filter.LoaderFilter) DirectoryLoader {
+ t.filter = filter
+ return t
+}
+
+// WithPathFormat specifies how a path is formatted in a Descriptor
+func (t *tarballLoader) WithPathFormat(pathFormat PathFormat) DirectoryLoader {
+ t.pathFormat = pathFormat
+ return t
+}
+
+// WithSizeLimitBytes specifies the maximum size of any file in the tarball to read
+func (t *tarballLoader) WithSizeLimitBytes(sizeLimitBytes int64) DirectoryLoader {
+ t.maxSizeLimitBytes = sizeLimitBytes
+ return t
+}
+
+// WithFollowSymlinks is a no-op for tarballLoader
+func (t *tarballLoader) WithFollowSymlinks(_ bool) DirectoryLoader {
+ return t
+}
+
+// NextFile iterates to the next file in the directory tree
+// and returns a file Descriptor for the file.
+func (t *tarballLoader) NextFile() (*Descriptor, error) {
+ if t.tr == nil {
+ gr, err := gzip.NewReader(t.r)
+ if err != nil {
+ return nil, fmt.Errorf("archive read failed: %w", err)
+ }
+
+ t.tr = tar.NewReader(gr)
+ }
+
+ if t.files == nil {
+ t.files = []file{}
+
+ if t.skipDir == nil {
+ t.skipDir = map[string]struct{}{}
+ }
+
+ for {
+ header, err := t.tr.Next()
+
+ if err == io.EOF {
+ break
+ }
+
+ if err != nil {
+ return nil, err
+ }
+
+ // Keep iterating on the archive until we find a normal file
+ if header.Typeflag == tar.TypeReg {
+
+ if t.filter != nil {
+
+ if t.filter(filepath.ToSlash(header.Name), header.FileInfo(), getdepth(header.Name, false)) {
+ continue
+ }
+
+ basePath := strings.Trim(filepath.Dir(filepath.ToSlash(header.Name)), "/")
+
+ // check if the directory is to be skipped
+ if _, ok := t.skipDir[basePath]; ok {
+ continue
+ }
+
+ match := false
+ for p := range t.skipDir {
+ if strings.HasPrefix(basePath, p) {
+ match = true
+ break
+ }
+ }
+
+ if match {
+ continue
+ }
+ }
+
+ if t.maxSizeLimitBytes > 0 && header.Size > t.maxSizeLimitBytes {
+ return nil, fmt.Errorf(maxSizeLimitBytesErrMsg, header.Name, header.Size, t.maxSizeLimitBytes)
+ }
+
+ f := file{name: header.Name}
+
+ // Note(philipc): We rely on the previous size check in this loop for safety.
+ buf := bytes.NewBuffer(make([]byte, 0, header.Size))
+ if _, err := io.Copy(buf, t.tr); err != nil {
+ return nil, fmt.Errorf("failed to copy file %s: %w", header.Name, err)
+ }
+
+ f.reader = buf
+
+ t.files = append(t.files, f)
+ } else if header.Typeflag == tar.TypeDir {
+ cleanedPath := filepath.ToSlash(header.Name)
+ if t.filter != nil && t.filter(cleanedPath, header.FileInfo(), getdepth(header.Name, true)) {
+ t.skipDir[strings.Trim(cleanedPath, "/")] = struct{}{}
+ }
+ }
+ }
+ }
+
+ // If done reading files then just return io.EOF
+ // errors for each NextFile() call
+ if t.idx >= len(t.files) {
+ return nil, io.EOF
+ }
+
+ f := t.files[t.idx]
+ t.idx++
+
+ cleanedPath := formatPath(f.name, "", t.pathFormat)
+ d := NewDescriptor(filepath.Join(t.baseURL, cleanedPath), cleanedPath, f.reader)
+ return d, nil
+}
+
+// Next implements the storage.Iterator interface.
+// It iterates to the next policy or data file in the directory tree
+// and returns a storage.Update for the file.
+func (it *iterator) Next() (*storage.Update, error) {
+ if it.files == nil {
+ it.files = []file{}
+
+ for _, item := range it.raw {
+ f := file{name: item.Path}
+
+ p, err := getFileStoragePath(f.name)
+ if err != nil {
+ return nil, err
+ }
+
+ f.path = p
+
+ f.raw = item.Value
+
+ it.files = append(it.files, f)
+ }
+
+ sortFilePathAscend(it.files)
+ }
+
+ // If done reading files then just return io.EOF
+ // errors for each NextFile() call
+ if it.idx >= len(it.files) {
+ return nil, io.EOF
+ }
+
+ f := it.files[it.idx]
+ it.idx++
+
+ isPolicy := false
+ if strings.HasSuffix(f.name, RegoExt) {
+ isPolicy = true
+ }
+
+ return &storage.Update{
+ Path: f.path,
+ Value: f.raw,
+ IsPolicy: isPolicy,
+ }, nil
+}
+
+type iterator struct {
+ raw []Raw
+ files []file
+ idx int
+}
+
+func NewIterator(raw []Raw) storage.Iterator {
+ it := iterator{
+ raw: raw,
+ }
+ return &it
+}
+
+func sortFilePathAscend(files []file) {
+ sort.Slice(files, func(i, j int) bool {
+ return len(files[i].path) < len(files[j].path)
+ })
+}
+
+func getdepth(path string, isDir bool) int {
+ if isDir {
+ cleanedPath := strings.Trim(filepath.ToSlash(path), "/")
+ return len(strings.Split(cleanedPath, "/"))
+ }
+
+ basePath := strings.Trim(filepath.Dir(filepath.ToSlash(path)), "/")
+ return len(strings.Split(basePath, "/"))
+}
+
+func getFileStoragePath(path string) (storage.Path, error) {
+ fpath := strings.TrimLeft(normalizePath(filepath.Dir(path)), "/.")
+ if strings.HasSuffix(path, RegoExt) {
+ fpath = strings.Trim(normalizePath(path), "/")
+ }
+
+ p, ok := storage.ParsePathEscaped("/" + fpath)
+ if !ok {
+ return nil, fmt.Errorf("storage path invalid: %v", path)
+ }
+ return p, nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/bundle/filefs.go b/vendor/github.com/open-policy-agent/opa/v1/bundle/filefs.go
new file mode 100644
index 0000000000..7ab3de989c
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/bundle/filefs.go
@@ -0,0 +1,143 @@
+//go:build go1.16
+// +build go1.16
+
+package bundle
+
+import (
+ "fmt"
+ "io"
+ "io/fs"
+ "path/filepath"
+ "sync"
+
+ "github.com/open-policy-agent/opa/v1/loader/filter"
+)
+
+const (
+ defaultFSLoaderRoot = "."
+)
+
+type dirLoaderFS struct {
+ sync.Mutex
+ filesystem fs.FS
+ files []string
+ idx int
+ filter filter.LoaderFilter
+ root string
+ pathFormat PathFormat
+ maxSizeLimitBytes int64
+ followSymlinks bool
+}
+
+// NewFSLoader returns a basic DirectoryLoader implementation
+// that will load files from a fs.FS interface
+func NewFSLoader(filesystem fs.FS) (DirectoryLoader, error) {
+ return NewFSLoaderWithRoot(filesystem, defaultFSLoaderRoot), nil
+}
+
+// NewFSLoaderWithRoot returns a basic DirectoryLoader implementation
+// that will load files from a fs.FS interface at the supplied root
+func NewFSLoaderWithRoot(filesystem fs.FS, root string) DirectoryLoader {
+ d := dirLoaderFS{
+ filesystem: filesystem,
+ root: normalizeRootDirectory(root),
+ pathFormat: Chrooted,
+ }
+
+ return &d
+}
+
+func (d *dirLoaderFS) walkDir(path string, dirEntry fs.DirEntry, err error) error {
+ if err != nil {
+ return err
+ }
+
+ if dirEntry != nil {
+ info, err := dirEntry.Info()
+ if err != nil {
+ return err
+ }
+
+ if dirEntry.Type().IsRegular() {
+ if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, false)) {
+ return nil
+ }
+
+ if d.maxSizeLimitBytes > 0 && info.Size() > d.maxSizeLimitBytes {
+ return fmt.Errorf("file %s size %d exceeds limit of %d", path, info.Size(), d.maxSizeLimitBytes)
+ }
+
+ d.files = append(d.files, path)
+ } else if dirEntry.Type()&fs.ModeSymlink != 0 && d.followSymlinks {
+ if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, false)) {
+ return nil
+ }
+
+ if d.maxSizeLimitBytes > 0 && info.Size() > d.maxSizeLimitBytes {
+ return fmt.Errorf("file %s size %d exceeds limit of %d", path, info.Size(), d.maxSizeLimitBytes)
+ }
+
+ d.files = append(d.files, path)
+ } else if dirEntry.Type().IsDir() {
+ if d.filter != nil && d.filter(filepath.ToSlash(path), info, getdepth(path, true)) {
+ return fs.SkipDir
+ }
+ }
+ }
+ return nil
+}
+
+// WithFilter specifies the filter object to use to filter files while loading bundles
+func (d *dirLoaderFS) WithFilter(filter filter.LoaderFilter) DirectoryLoader {
+ d.filter = filter
+ return d
+}
+
+// WithPathFormat specifies how a path is formatted in a Descriptor
+func (d *dirLoaderFS) WithPathFormat(pathFormat PathFormat) DirectoryLoader {
+ d.pathFormat = pathFormat
+ return d
+}
+
+// WithSizeLimitBytes specifies the maximum size of any file in the filesystem directory to read
+func (d *dirLoaderFS) WithSizeLimitBytes(sizeLimitBytes int64) DirectoryLoader {
+ d.maxSizeLimitBytes = sizeLimitBytes
+ return d
+}
+
+func (d *dirLoaderFS) WithFollowSymlinks(followSymlinks bool) DirectoryLoader {
+ d.followSymlinks = followSymlinks
+ return d
+}
+
+// NextFile iterates to the next file in the directory tree
+// and returns a file Descriptor for the file.
+func (d *dirLoaderFS) NextFile() (*Descriptor, error) {
+ d.Lock()
+ defer d.Unlock()
+
+ if d.files == nil {
+ err := fs.WalkDir(d.filesystem, d.root, d.walkDir)
+ if err != nil {
+ return nil, fmt.Errorf("failed to list files: %w", err)
+ }
+ }
+
+ // If done reading files then just return io.EOF
+ // errors for each NextFile() call
+ if d.idx >= len(d.files) {
+ return nil, io.EOF
+ }
+
+ fileName := d.files[d.idx]
+ d.idx++
+
+ fh, err := d.filesystem.Open(fileName)
+ if err != nil {
+ return nil, fmt.Errorf("failed to open file %s: %w", fileName, err)
+ }
+
+ cleanedPath := formatPath(fileName, d.root, d.pathFormat)
+ f := NewDescriptor(cleanedPath, cleanedPath, fh).WithCloser(fh)
+ return f, nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/bundle/hash.go b/vendor/github.com/open-policy-agent/opa/v1/bundle/hash.go
new file mode 100644
index 0000000000..5a62d2dc00
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/bundle/hash.go
@@ -0,0 +1,136 @@
+// Copyright 2020 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package bundle
+
+import (
+ "bytes"
+ "crypto/md5"
+ "crypto/sha1"
+ "crypto/sha256"
+ "crypto/sha512"
+ "encoding/json"
+ "fmt"
+ "hash"
+ "io"
+ "strings"
+
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// HashingAlgorithm represents a subset of hashing algorithms implemented in Go
+type HashingAlgorithm string
+
+// Supported values for HashingAlgorithm
+const (
+ MD5 HashingAlgorithm = "MD5"
+ SHA1 HashingAlgorithm = "SHA-1"
+ SHA224 HashingAlgorithm = "SHA-224"
+ SHA256 HashingAlgorithm = "SHA-256"
+ SHA384 HashingAlgorithm = "SHA-384"
+ SHA512 HashingAlgorithm = "SHA-512"
+ SHA512224 HashingAlgorithm = "SHA-512-224"
+ SHA512256 HashingAlgorithm = "SHA-512-256"
+)
+
+// String returns the string representation of a HashingAlgorithm
+func (alg HashingAlgorithm) String() string {
+ return string(alg)
+}
+
+// SignatureHasher computes a signature digest for a file with (structured or unstructured) data and policy
+type SignatureHasher interface {
+ HashFile(v any) ([]byte, error)
+}
+
+type hasher struct {
+ h func() hash.Hash // hash function factory
+}
+
+// NewSignatureHasher returns a signature hasher suitable for a particular hashing algorithm
+func NewSignatureHasher(alg HashingAlgorithm) (SignatureHasher, error) {
+ h := &hasher{}
+
+ switch alg {
+ case MD5:
+ h.h = md5.New
+ case SHA1:
+ h.h = sha1.New
+ case SHA224:
+ h.h = sha256.New224
+ case SHA256:
+ h.h = sha256.New
+ case SHA384:
+ h.h = sha512.New384
+ case SHA512:
+ h.h = sha512.New
+ case SHA512224:
+ h.h = sha512.New512_224
+ case SHA512256:
+ h.h = sha512.New512_256
+ default:
+ return nil, fmt.Errorf("unsupported hashing algorithm: %s", alg)
+ }
+
+ return h, nil
+}
+
+// HashFile hashes the file content, JSON or binary, both in golang native format.
+func (h *hasher) HashFile(v any) ([]byte, error) {
+ hf := h.h()
+ walk(v, hf)
+ return hf.Sum(nil), nil
+}
+
+// walk hashes the file content, JSON or binary, both in golang native format.
+//
+// Computation for unstructured documents is a hash of the document.
+//
+// Computation for the types of structured JSON document is as follows:
+//
+// object: Hash {, then each key (in alphabetical order) and digest of the value, then comma (between items) and finally }.
+//
+// array: Hash [, then digest of the value, then comma (between items) and finally ].
+func walk(v any, h io.Writer) {
+
+ switch x := v.(type) {
+ case map[string]any:
+ _, _ = h.Write([]byte("{"))
+
+ for i, key := range util.KeysSorted(x) {
+ if i > 0 {
+ _, _ = h.Write([]byte(","))
+ }
+
+ _, _ = h.Write(encodePrimitive(key))
+ _, _ = h.Write([]byte(":"))
+ walk(x[key], h)
+ }
+
+ _, _ = h.Write([]byte("}"))
+ case []any:
+ _, _ = h.Write([]byte("["))
+
+ for i, e := range x {
+ if i > 0 {
+ _, _ = h.Write([]byte(","))
+ }
+ walk(e, h)
+ }
+
+ _, _ = h.Write([]byte("]"))
+ case []byte:
+ _, _ = h.Write(x)
+ default:
+ _, _ = h.Write(encodePrimitive(x))
+ }
+}
+
+func encodePrimitive(v any) []byte {
+ var buf bytes.Buffer
+ encoder := json.NewEncoder(&buf)
+ encoder.SetEscapeHTML(false)
+ _ = encoder.Encode(v)
+ return []byte(strings.Trim(buf.String(), "\n"))
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/bundle/keys.go b/vendor/github.com/open-policy-agent/opa/v1/bundle/keys.go
new file mode 100644
index 0000000000..dbd8ff2697
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/bundle/keys.go
@@ -0,0 +1,144 @@
+// Copyright 2020 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package bundle provide helpers that assist in creating the verification and signing key configuration
+package bundle
+
+import (
+ "encoding/pem"
+ "fmt"
+ "os"
+
+ "github.com/open-policy-agent/opa/internal/jwx/jwa"
+ "github.com/open-policy-agent/opa/internal/jwx/jws/sign"
+ "github.com/open-policy-agent/opa/v1/keys"
+
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+const (
+ defaultTokenSigningAlg = "RS256"
+)
+
+// KeyConfig holds the keys used to sign or verify bundles and tokens
+// Moved to own package, alias kept for backwards compatibility
+type KeyConfig = keys.Config
+
+// VerificationConfig represents the key configuration used to verify a signed bundle
+type VerificationConfig struct {
+ PublicKeys map[string]*KeyConfig
+ KeyID string `json:"keyid"`
+ Scope string `json:"scope"`
+ Exclude []string `json:"exclude_files"`
+}
+
+// NewVerificationConfig return a new VerificationConfig
+func NewVerificationConfig(keys map[string]*KeyConfig, id, scope string, exclude []string) *VerificationConfig {
+ return &VerificationConfig{
+ PublicKeys: keys,
+ KeyID: id,
+ Scope: scope,
+ Exclude: exclude,
+ }
+}
+
+// ValidateAndInjectDefaults validates the config and inserts default values
+func (vc *VerificationConfig) ValidateAndInjectDefaults(keys map[string]*KeyConfig) error {
+ vc.PublicKeys = keys
+
+ if vc.KeyID != "" {
+ found := false
+ for key := range keys {
+ if key == vc.KeyID {
+ found = true
+ break
+ }
+ }
+
+ if !found {
+ return fmt.Errorf("key id %s not found", vc.KeyID)
+ }
+ }
+ return nil
+}
+
+// GetPublicKey returns the public key corresponding to the given key id
+func (vc *VerificationConfig) GetPublicKey(id string) (*KeyConfig, error) {
+ var kc *KeyConfig
+ var ok bool
+
+ if kc, ok = vc.PublicKeys[id]; !ok {
+ return nil, fmt.Errorf("verification key corresponding to ID %v not found", id)
+ }
+ return kc, nil
+}
+
+// SigningConfig represents the key configuration used to generate a signed bundle
+type SigningConfig struct {
+ Plugin string
+ Key string
+ Algorithm string
+ ClaimsPath string
+}
+
+// NewSigningConfig return a new SigningConfig
+func NewSigningConfig(key, alg, claimsPath string) *SigningConfig {
+ if alg == "" {
+ alg = defaultTokenSigningAlg
+ }
+
+ return &SigningConfig{
+ Plugin: defaultSignerID,
+ Key: key,
+ Algorithm: alg,
+ ClaimsPath: claimsPath,
+ }
+}
+
+// WithPlugin sets the signing plugin in the signing config
+func (s *SigningConfig) WithPlugin(plugin string) *SigningConfig {
+ if plugin != "" {
+ s.Plugin = plugin
+ }
+ return s
+}
+
+// GetPrivateKey returns the private key or secret from the signing config
+func (s *SigningConfig) GetPrivateKey() (any, error) {
+
+ block, _ := pem.Decode([]byte(s.Key))
+ if block != nil {
+ return sign.GetSigningKey(s.Key, jwa.SignatureAlgorithm(s.Algorithm))
+ }
+
+ var priv string
+ if _, err := os.Stat(s.Key); err == nil {
+ bs, err := os.ReadFile(s.Key)
+ if err != nil {
+ return nil, err
+ }
+ priv = string(bs)
+ } else if os.IsNotExist(err) {
+ priv = s.Key
+ } else {
+ return nil, err
+ }
+
+ return sign.GetSigningKey(priv, jwa.SignatureAlgorithm(s.Algorithm))
+}
+
+// GetClaims returns the claims by reading the file specified in the signing config
+func (s *SigningConfig) GetClaims() (map[string]any, error) {
+ var claims map[string]any
+
+ bs, err := os.ReadFile(s.ClaimsPath)
+ if err != nil {
+ return claims, err
+ }
+
+ if err := util.UnmarshalJSON(bs, &claims); err != nil {
+ return claims, err
+ }
+ return claims, nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/bundle/sign.go b/vendor/github.com/open-policy-agent/opa/v1/bundle/sign.go
new file mode 100644
index 0000000000..edc41a1e50
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/bundle/sign.go
@@ -0,0 +1,132 @@
+// Copyright 2020 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package bundle provide helpers that assist in the creating a signed bundle
+package bundle
+
+import (
+ "crypto/rand"
+ "encoding/json"
+ "fmt"
+ "maps"
+
+ "github.com/open-policy-agent/opa/internal/jwx/jwa"
+ "github.com/open-policy-agent/opa/internal/jwx/jws"
+)
+
+const defaultSignerID = "_default"
+
+var signers map[string]Signer
+
+// Signer is the interface expected for implementations that generate bundle signatures.
+type Signer interface {
+ GenerateSignedToken([]FileInfo, *SigningConfig, string) (string, error)
+}
+
+// GenerateSignedToken will retrieve the Signer implementation based on the Plugin specified
+// in SigningConfig, and call its implementation of GenerateSignedToken. The signer generates
+// a signed token given the list of files to be included in the payload and the bundle
+// signing config. The keyID if non-empty, represents the value for the "keyid" claim in the token.
+func GenerateSignedToken(files []FileInfo, sc *SigningConfig, keyID string) (string, error) {
+ var plugin string
+ // for backwards compatibility, check if there is no plugin specified, and use default
+ if sc.Plugin == "" {
+ plugin = defaultSignerID
+ } else {
+ plugin = sc.Plugin
+ }
+ signer, err := GetSigner(plugin)
+ if err != nil {
+ return "", err
+ }
+ return signer.GenerateSignedToken(files, sc, keyID)
+}
+
+// DefaultSigner is the default bundle signing implementation. It signs bundles by generating
+// a JWT and signing it using a locally-accessible private key.
+type DefaultSigner struct{}
+
+// GenerateSignedToken generates a signed token given the list of files to be
+// included in the payload and the bundle signing config. The keyID if non-empty,
+// represents the value for the "keyid" claim in the token
+func (*DefaultSigner) GenerateSignedToken(files []FileInfo, sc *SigningConfig, keyID string) (string, error) {
+ payload, err := generatePayload(files, sc, keyID)
+ if err != nil {
+ return "", err
+ }
+
+ privateKey, err := sc.GetPrivateKey()
+ if err != nil {
+ return "", err
+ }
+
+ var headers jws.StandardHeaders
+
+ if err := headers.Set(jws.AlgorithmKey, jwa.SignatureAlgorithm(sc.Algorithm)); err != nil {
+ return "", err
+ }
+
+ if keyID != "" {
+ if err := headers.Set(jws.KeyIDKey, keyID); err != nil {
+ return "", err
+ }
+ }
+
+ hdr, err := json.Marshal(headers)
+ if err != nil {
+ return "", err
+ }
+
+ token, err := jws.SignLiteral(payload,
+ jwa.SignatureAlgorithm(sc.Algorithm),
+ privateKey,
+ hdr,
+ rand.Reader)
+ if err != nil {
+ return "", err
+ }
+ return string(token), nil
+}
+
+func generatePayload(files []FileInfo, sc *SigningConfig, keyID string) ([]byte, error) {
+ payload := make(map[string]any)
+ payload["files"] = files
+
+ if sc.ClaimsPath != "" {
+ claims, err := sc.GetClaims()
+ if err != nil {
+ return nil, err
+ }
+
+ maps.Copy(payload, claims)
+ } else if keyID != "" {
+ // keyid claim is deprecated but include it for backwards compatibility.
+ payload["keyid"] = keyID
+ }
+ return json.Marshal(payload)
+}
+
+// GetSigner returns the Signer registered under the given id
+func GetSigner(id string) (Signer, error) {
+ signer, ok := signers[id]
+ if !ok {
+ return nil, fmt.Errorf("no signer exists under id %s", id)
+ }
+ return signer, nil
+}
+
+// RegisterSigner registers a Signer under the given id
+func RegisterSigner(id string, s Signer) error {
+ if id == defaultSignerID {
+ return fmt.Errorf("signer id %s is reserved, use a different id", id)
+ }
+ signers[id] = s
+ return nil
+}
+
+func init() {
+ signers = map[string]Signer{
+ defaultSignerID: &DefaultSigner{},
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/bundle/store.go b/vendor/github.com/open-policy-agent/opa/v1/bundle/store.go
new file mode 100644
index 0000000000..33e6887d84
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/bundle/store.go
@@ -0,0 +1,1151 @@
+// Copyright 2019 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package bundle
+
+import (
+ "context"
+ "encoding/base64"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "maps"
+ "path/filepath"
+ "strings"
+
+ iCompiler "github.com/open-policy-agent/opa/internal/compiler"
+ "github.com/open-policy-agent/opa/internal/json/patch"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// BundlesBasePath is the storage path used for storing bundle metadata
+var BundlesBasePath = storage.MustParsePath("/system/bundles")
+
+var ModulesInfoBasePath = storage.MustParsePath("/system/modules")
+
+// Note: As needed these helpers could be memoized.
+
+// ManifestStoragePath is the storage path used for the given named bundle manifest.
+func ManifestStoragePath(name string) storage.Path {
+ return append(BundlesBasePath, name, "manifest")
+}
+
+// EtagStoragePath is the storage path used for the given named bundle etag.
+func EtagStoragePath(name string) storage.Path {
+ return append(BundlesBasePath, name, "etag")
+}
+
+func namedBundlePath(name string) storage.Path {
+ return append(BundlesBasePath, name)
+}
+
+func rootsPath(name string) storage.Path {
+ return append(BundlesBasePath, name, "manifest", "roots")
+}
+
+func revisionPath(name string) storage.Path {
+ return append(BundlesBasePath, name, "manifest", "revision")
+}
+
+func wasmModulePath(name string) storage.Path {
+ return append(BundlesBasePath, name, "wasm")
+}
+
+func wasmEntrypointsPath(name string) storage.Path {
+ return append(BundlesBasePath, name, "manifest", "wasm")
+}
+
+func metadataPath(name string) storage.Path {
+ return append(BundlesBasePath, name, "manifest", "metadata")
+}
+
+func moduleRegoVersionPath(id string) storage.Path {
+ return append(ModulesInfoBasePath, strings.Trim(id, "/"), "rego_version")
+}
+
+func moduleInfoPath(id string) storage.Path {
+ return append(ModulesInfoBasePath, strings.Trim(id, "/"))
+}
+
+func read(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path) (any, error) {
+ value, err := store.Read(ctx, txn, path)
+ if err != nil {
+ return nil, err
+ }
+
+ if astValue, ok := value.(ast.Value); ok {
+ value, err = ast.JSON(astValue)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return value, nil
+}
+
+// ReadBundleNamesFromStore will return a list of bundle names which have had their metadata stored.
+func ReadBundleNamesFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) ([]string, error) {
+ value, err := read(ctx, store, txn, BundlesBasePath)
+ if err != nil {
+ return nil, err
+ }
+
+ bundleMap, ok := value.(map[string]any)
+ if !ok {
+ return nil, errors.New("corrupt manifest roots")
+ }
+
+ bundles := make([]string, len(bundleMap))
+ idx := 0
+ for name := range bundleMap {
+ bundles[idx] = name
+ idx++
+ }
+ return bundles, nil
+}
+
+// WriteManifestToStore will write the manifest into the storage. This function is called when
+// the bundle is activated.
+func WriteManifestToStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string, manifest Manifest) error {
+ return write(ctx, store, txn, ManifestStoragePath(name), manifest)
+}
+
+// WriteEtagToStore will write the bundle etag into the storage. This function is called when the bundle is activated.
+func WriteEtagToStore(ctx context.Context, store storage.Store, txn storage.Transaction, name, etag string) error {
+ return write(ctx, store, txn, EtagStoragePath(name), etag)
+}
+
+func write(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path, value any) error {
+ if err := util.RoundTrip(&value); err != nil {
+ return err
+ }
+
+ var dir []string
+ if len(path) > 1 {
+ dir = path[:len(path)-1]
+ }
+
+ if err := storage.MakeDir(ctx, store, txn, dir); err != nil {
+ return err
+ }
+
+ return store.Write(ctx, txn, storage.AddOp, path, value)
+}
+
+// EraseManifestFromStore will remove the manifest from storage. This function is called
+// when the bundle is deactivated.
+func EraseManifestFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) error {
+ path := namedBundlePath(name)
+ err := store.Write(ctx, txn, storage.RemoveOp, path, nil)
+ return suppressNotFound(err)
+}
+
+// eraseBundleEtagFromStore will remove the bundle etag from storage. This function is called
+// when the bundle is deactivated.
+func eraseBundleEtagFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) error {
+ path := EtagStoragePath(name)
+ err := store.Write(ctx, txn, storage.RemoveOp, path, nil)
+ return suppressNotFound(err)
+}
+
+func suppressNotFound(err error) error {
+ if err == nil || storage.IsNotFound(err) {
+ return nil
+ }
+ return err
+}
+
+func writeWasmModulesToStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string, b *Bundle) error {
+ basePath := wasmModulePath(name)
+ for _, wm := range b.WasmModules {
+ path := append(basePath, wm.Path)
+ err := write(ctx, store, txn, path, base64.StdEncoding.EncodeToString(wm.Raw))
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func eraseWasmModulesFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) error {
+ path := wasmModulePath(name)
+
+ err := store.Write(ctx, txn, storage.RemoveOp, path, nil)
+ return suppressNotFound(err)
+}
+
+func eraseModuleRegoVersionsFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, modules []string) error {
+ for _, module := range modules {
+ err := store.Write(ctx, txn, storage.RemoveOp, moduleInfoPath(module), nil)
+ if err := suppressNotFound(err); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// ReadWasmMetadataFromStore will read Wasm module resolver metadata from the store.
+func ReadWasmMetadataFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) ([]WasmResolver, error) {
+ path := wasmEntrypointsPath(name)
+ value, err := read(ctx, store, txn, path)
+ if err != nil {
+ return nil, err
+ }
+
+ bs, err := json.Marshal(value)
+ if err != nil {
+ return nil, errors.New("corrupt wasm manifest data")
+ }
+
+ var wasmMetadata []WasmResolver
+
+ err = util.UnmarshalJSON(bs, &wasmMetadata)
+ if err != nil {
+ return nil, errors.New("corrupt wasm manifest data")
+ }
+
+ return wasmMetadata, nil
+}
+
+// ReadWasmModulesFromStore will write Wasm module resolver metadata from the store.
+func ReadWasmModulesFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) (map[string][]byte, error) {
+ path := wasmModulePath(name)
+ value, err := read(ctx, store, txn, path)
+ if err != nil {
+ return nil, err
+ }
+
+ encodedModules, ok := value.(map[string]any)
+ if !ok {
+ return nil, errors.New("corrupt wasm modules")
+ }
+
+ rawModules := map[string][]byte{}
+ for path, enc := range encodedModules {
+ encStr, ok := enc.(string)
+ if !ok {
+ return nil, errors.New("corrupt wasm modules")
+ }
+ bs, err := base64.StdEncoding.DecodeString(encStr)
+ if err != nil {
+ return nil, err
+ }
+ rawModules[path] = bs
+ }
+ return rawModules, nil
+}
+
+// ReadBundleRootsFromStore returns the roots in the specified bundle.
+// If the bundle is not activated, this function will return
+// storage NotFound error.
+func ReadBundleRootsFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) ([]string, error) {
+ value, err := read(ctx, store, txn, rootsPath(name))
+ if err != nil {
+ return nil, err
+ }
+
+ sl, ok := value.([]any)
+ if !ok {
+ return nil, errors.New("corrupt manifest roots")
+ }
+
+ roots := make([]string, len(sl))
+
+ for i := range sl {
+ roots[i], ok = sl[i].(string)
+ if !ok {
+ return nil, errors.New("corrupt manifest root")
+ }
+ }
+
+ return roots, nil
+}
+
+// ReadBundleRevisionFromStore returns the revision in the specified bundle.
+// If the bundle is not activated, this function will return
+// storage NotFound error.
+func ReadBundleRevisionFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) (string, error) {
+ return readRevisionFromStore(ctx, store, txn, revisionPath(name))
+}
+
+func readRevisionFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path) (string, error) {
+ value, err := read(ctx, store, txn, path)
+ if err != nil {
+ return "", err
+ }
+
+ str, ok := value.(string)
+ if !ok {
+ return "", errors.New("corrupt manifest revision")
+ }
+
+ return str, nil
+}
+
+// ReadBundleMetadataFromStore returns the metadata in the specified bundle.
+// If the bundle is not activated, this function will return
+// storage NotFound error.
+func ReadBundleMetadataFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) (map[string]any, error) {
+ return readMetadataFromStore(ctx, store, txn, metadataPath(name))
+}
+
+func readMetadataFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path) (map[string]any, error) {
+ value, err := read(ctx, store, txn, path)
+ if err != nil {
+ return nil, suppressNotFound(err)
+ }
+
+ data, ok := value.(map[string]any)
+ if !ok {
+ return nil, errors.New("corrupt manifest metadata")
+ }
+
+ return data, nil
+}
+
+// ReadBundleEtagFromStore returns the etag for the specified bundle.
+// If the bundle is not activated, this function will return
+// storage NotFound error.
+func ReadBundleEtagFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) (string, error) {
+ return readEtagFromStore(ctx, store, txn, EtagStoragePath(name))
+}
+
+func readEtagFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path) (string, error) {
+ value, err := read(ctx, store, txn, path)
+ if err != nil {
+ return "", err
+ }
+
+ str, ok := value.(string)
+ if !ok {
+ return "", errors.New("corrupt bundle etag")
+ }
+
+ return str, nil
+}
+
+// ActivateOpts defines options for the Activate API call.
+type ActivateOpts struct {
+ Ctx context.Context
+ Store storage.Store
+ Txn storage.Transaction
+ TxnCtx *storage.Context
+ Compiler *ast.Compiler
+ Metrics metrics.Metrics
+ Bundles map[string]*Bundle // Optional
+ ExtraModules map[string]*ast.Module // Optional
+ AuthorizationDecisionRef ast.Ref
+ ParserOptions ast.ParserOptions
+
+ legacy bool
+}
+
+// Activate the bundle(s) by loading into the given Store. This will load policies, data, and record
+// the manifest in storage. The compiler provided will have had the polices compiled on it.
+func Activate(opts *ActivateOpts) error {
+ opts.legacy = false
+ return activateBundles(opts)
+}
+
+// DeactivateOpts defines options for the Deactivate API call
+type DeactivateOpts struct {
+ Ctx context.Context
+ Store storage.Store
+ Txn storage.Transaction
+ BundleNames map[string]struct{}
+ ParserOptions ast.ParserOptions
+}
+
+// Deactivate the bundle(s). This will erase associated data, policies, and the manifest entry from the store.
+func Deactivate(opts *DeactivateOpts) error {
+ erase := map[string]struct{}{}
+ for name := range opts.BundleNames {
+ roots, err := ReadBundleRootsFromStore(opts.Ctx, opts.Store, opts.Txn, name)
+ if suppressNotFound(err) != nil {
+ return err
+ }
+ for _, root := range roots {
+ erase[root] = struct{}{}
+ }
+ }
+ _, err := eraseBundles(opts.Ctx, opts.Store, opts.Txn, opts.ParserOptions, opts.BundleNames, erase)
+ return err
+}
+
+func activateBundles(opts *ActivateOpts) error {
+
+ // Build collections of bundle names, modules, and roots to erase
+ erase := map[string]struct{}{}
+ names := map[string]struct{}{}
+ deltaBundles := map[string]*Bundle{}
+ snapshotBundles := map[string]*Bundle{}
+
+ for name, b := range opts.Bundles {
+ if b.Type() == DeltaBundleType {
+ deltaBundles[name] = b
+ } else {
+ snapshotBundles[name] = b
+ names[name] = struct{}{}
+
+ roots, err := ReadBundleRootsFromStore(opts.Ctx, opts.Store, opts.Txn, name)
+ if suppressNotFound(err) != nil {
+ return err
+ }
+ for _, root := range roots {
+ erase[root] = struct{}{}
+ }
+
+ // Erase data at new roots to prepare for writing the new data
+ for _, root := range *b.Manifest.Roots {
+ erase[root] = struct{}{}
+ }
+ }
+ }
+
+ // Before changing anything make sure the roots don't collide with any
+ // other bundles that already are activated or other bundles being activated.
+ err := hasRootsOverlap(opts.Ctx, opts.Store, opts.Txn, opts.Bundles)
+ if err != nil {
+ return err
+ }
+
+ if len(deltaBundles) != 0 {
+ err := activateDeltaBundles(opts, deltaBundles)
+ if err != nil {
+ return err
+ }
+ }
+
+ // Erase data and policies at new + old roots, and remove the old
+ // manifests before activating a new snapshot bundle.
+ remaining, err := eraseBundles(opts.Ctx, opts.Store, opts.Txn, opts.ParserOptions, names, erase)
+ if err != nil {
+ return err
+ }
+
+ // Validate data in bundle does not contain paths outside the bundle's roots.
+ for _, b := range snapshotBundles {
+
+ if b.lazyLoadingMode {
+
+ for _, item := range b.Raw {
+ path := filepath.ToSlash(item.Path)
+
+ if filepath.Base(path) == dataFile || filepath.Base(path) == yamlDataFile {
+ var val map[string]json.RawMessage
+ err = util.Unmarshal(item.Value, &val)
+ if err == nil {
+ err = doDFS(val, filepath.Dir(strings.Trim(path, "/")), *b.Manifest.Roots)
+ if err != nil {
+ return err
+ }
+ } else {
+ // Build an object for the value
+ p := getNormalizedPath(path)
+
+ if len(p) == 0 {
+ return errors.New("root value must be object")
+ }
+
+ // verify valid YAML or JSON value
+ var x any
+ err := util.Unmarshal(item.Value, &x)
+ if err != nil {
+ return err
+ }
+
+ value := item.Value
+ dir := map[string]json.RawMessage{}
+ for i := len(p) - 1; i > 0; i-- {
+ dir[p[i]] = value
+
+ bs, err := json.Marshal(dir)
+ if err != nil {
+ return err
+ }
+
+ value = bs
+ dir = map[string]json.RawMessage{}
+ }
+ dir[p[0]] = value
+
+ err = doDFS(dir, filepath.Dir(strings.Trim(path, "/")), *b.Manifest.Roots)
+ if err != nil {
+ return err
+ }
+ }
+ }
+ }
+ }
+ }
+
+ // Compile the modules all at once to avoid having to re-do work.
+ remainingAndExtra := make(map[string]*ast.Module)
+ maps.Copy(remainingAndExtra, remaining)
+ maps.Copy(remainingAndExtra, opts.ExtraModules)
+
+ err = compileModules(opts.Compiler, opts.Metrics, snapshotBundles, remainingAndExtra, opts.legacy, opts.AuthorizationDecisionRef)
+ if err != nil {
+ return err
+ }
+
+ if err := writeDataAndModules(opts.Ctx, opts.Store, opts.Txn, opts.TxnCtx, snapshotBundles, opts.legacy, opts.ParserOptions.RegoVersion); err != nil {
+ return err
+ }
+
+ if err := ast.CheckPathConflicts(opts.Compiler, storage.NonEmpty(opts.Ctx, opts.Store, opts.Txn)); len(err) > 0 {
+ return err
+ }
+
+ for name, b := range snapshotBundles {
+ if err := writeManifestToStore(opts, name, b.Manifest); err != nil {
+ return err
+ }
+
+ if err := writeEtagToStore(opts, name, b.Etag); err != nil {
+ return err
+ }
+
+ if err := writeWasmModulesToStore(opts.Ctx, opts.Store, opts.Txn, name, b); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+func doDFS(obj map[string]json.RawMessage, path string, roots []string) error {
+ if len(roots) == 1 && roots[0] == "" {
+ return nil
+ }
+
+ for key := range obj {
+
+ newPath := filepath.Join(strings.Trim(path, "/"), key)
+
+ // Note: filepath.Join can return paths with '\' separators, always use
+ // filepath.ToSlash to keep them normalized.
+ newPath = strings.TrimLeft(normalizePath(newPath), "/.")
+
+ contains := false
+ prefix := false
+ if RootPathsContain(roots, newPath) {
+ contains = true
+ } else {
+ for i := range roots {
+ if strings.HasPrefix(strings.Trim(roots[i], "/"), newPath) {
+ prefix = true
+ break
+ }
+ }
+ }
+
+ if !contains && !prefix {
+ return fmt.Errorf("manifest roots %v do not permit data at path '/%s' (hint: check bundle directory structure)", roots, newPath)
+ }
+
+ if contains {
+ continue
+ }
+
+ var next map[string]json.RawMessage
+ err := util.Unmarshal(obj[key], &next)
+ if err != nil {
+ return fmt.Errorf("manifest roots %v do not permit data at path '/%s' (hint: check bundle directory structure)", roots, newPath)
+ }
+
+ if err := doDFS(next, newPath, roots); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func activateDeltaBundles(opts *ActivateOpts, bundles map[string]*Bundle) error {
+
+ // Check that the manifest roots and wasm resolvers in the delta bundle
+ // match with those currently in the store
+ for name, b := range bundles {
+ value, err := opts.Store.Read(opts.Ctx, opts.Txn, ManifestStoragePath(name))
+ if err != nil {
+ if storage.IsNotFound(err) {
+ continue
+ }
+ return err
+ }
+
+ manifest, err := valueToManifest(value)
+ if err != nil {
+ return fmt.Errorf("corrupt manifest data: %w", err)
+ }
+
+ if !b.Manifest.equalWasmResolversAndRoots(manifest) {
+ return fmt.Errorf("delta bundle '%s' has wasm resolvers or manifest roots that are different from those in the store", name)
+ }
+ }
+
+ for _, b := range bundles {
+ err := applyPatches(opts.Ctx, opts.Store, opts.Txn, b.Patch.Data)
+ if err != nil {
+ return err
+ }
+ }
+
+ if err := ast.CheckPathConflicts(opts.Compiler, storage.NonEmpty(opts.Ctx, opts.Store, opts.Txn)); len(err) > 0 {
+ return err
+ }
+
+ for name, b := range bundles {
+ if err := writeManifestToStore(opts, name, b.Manifest); err != nil {
+ return err
+ }
+
+ if err := writeEtagToStore(opts, name, b.Etag); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+func valueToManifest(v any) (Manifest, error) {
+ if astV, ok := v.(ast.Value); ok {
+ var err error
+ v, err = ast.JSON(astV)
+ if err != nil {
+ return Manifest{}, err
+ }
+ }
+
+ var manifest Manifest
+
+ bs, err := json.Marshal(v)
+ if err != nil {
+ return Manifest{}, err
+ }
+
+ err = util.UnmarshalJSON(bs, &manifest)
+ if err != nil {
+ return Manifest{}, err
+ }
+
+ return manifest, nil
+}
+
+// erase bundles by name and roots. This will clear all policies and data at its roots and remove its
+// manifest from storage.
+func eraseBundles(ctx context.Context, store storage.Store, txn storage.Transaction, parserOpts ast.ParserOptions, names map[string]struct{}, roots map[string]struct{}) (map[string]*ast.Module, error) {
+
+ if err := eraseData(ctx, store, txn, roots); err != nil {
+ return nil, err
+ }
+
+ remaining, removed, err := erasePolicies(ctx, store, txn, parserOpts, roots)
+ if err != nil {
+ return nil, err
+ }
+
+ for name := range names {
+ if err := EraseManifestFromStore(ctx, store, txn, name); suppressNotFound(err) != nil {
+ return nil, err
+ }
+
+ if err := LegacyEraseManifestFromStore(ctx, store, txn); suppressNotFound(err) != nil {
+ return nil, err
+ }
+
+ if err := eraseBundleEtagFromStore(ctx, store, txn, name); suppressNotFound(err) != nil {
+ return nil, err
+ }
+
+ if err := eraseWasmModulesFromStore(ctx, store, txn, name); suppressNotFound(err) != nil {
+ return nil, err
+ }
+ }
+
+ err = eraseModuleRegoVersionsFromStore(ctx, store, txn, removed)
+ if err != nil {
+ return nil, err
+ }
+
+ return remaining, nil
+}
+
+func eraseData(ctx context.Context, store storage.Store, txn storage.Transaction, roots map[string]struct{}) error {
+ for root := range roots {
+ path, ok := storage.ParsePathEscaped("/" + root)
+ if !ok {
+ return fmt.Errorf("manifest root path invalid: %v", root)
+ }
+
+ if len(path) > 0 {
+ if err := store.Write(ctx, txn, storage.RemoveOp, path, nil); suppressNotFound(err) != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
+
+type moduleInfo struct {
+ RegoVersion ast.RegoVersion `json:"rego_version"`
+}
+
+func readModuleInfoFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) (map[string]moduleInfo, error) {
+ value, err := read(ctx, store, txn, ModulesInfoBasePath)
+ if suppressNotFound(err) != nil {
+ return nil, err
+ }
+
+ if value == nil {
+ return nil, nil
+ }
+
+ if m, ok := value.(map[string]any); ok {
+ versions := make(map[string]moduleInfo, len(m))
+
+ for k, v := range m {
+ if m0, ok := v.(map[string]any); ok {
+ if ver, ok := m0["rego_version"]; ok {
+ if vs, ok := ver.(json.Number); ok {
+ i, err := vs.Int64()
+ if err != nil {
+ return nil, errors.New("corrupt rego version")
+ }
+ versions[k] = moduleInfo{RegoVersion: ast.RegoVersionFromInt(int(i))}
+ }
+ }
+ }
+ }
+ return versions, nil
+ }
+
+ return nil, errors.New("corrupt rego version")
+}
+
+func erasePolicies(ctx context.Context, store storage.Store, txn storage.Transaction, parserOpts ast.ParserOptions, roots map[string]struct{}) (map[string]*ast.Module, []string, error) {
+
+ ids, err := store.ListPolicies(ctx, txn)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ modulesInfo, err := readModuleInfoFromStore(ctx, store, txn)
+ if err != nil {
+ return nil, nil, fmt.Errorf("failed to read module info from store: %w", err)
+ }
+
+ getRegoVersion := func(modId string) (ast.RegoVersion, bool) {
+ info, ok := modulesInfo[modId]
+ if !ok {
+ return ast.RegoUndefined, false
+ }
+ return info.RegoVersion, true
+ }
+
+ remaining := map[string]*ast.Module{}
+ var removed []string
+
+ for _, id := range ids {
+ bs, err := store.GetPolicy(ctx, txn, id)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ parserOptsCpy := parserOpts
+ if regoVersion, ok := getRegoVersion(id); ok {
+ parserOptsCpy.RegoVersion = regoVersion
+ }
+
+ module, err := ast.ParseModuleWithOpts(id, string(bs), parserOptsCpy)
+ if err != nil {
+ return nil, nil, err
+ }
+ path, err := module.Package.Path.Ptr()
+ if err != nil {
+ return nil, nil, err
+ }
+ deleted := false
+ for root := range roots {
+ if RootPathsContain([]string{root}, path) {
+ if err := store.DeletePolicy(ctx, txn, id); err != nil {
+ return nil, nil, err
+ }
+ deleted = true
+ break
+ }
+ }
+
+ if deleted {
+ removed = append(removed, id)
+ } else {
+ remaining[id] = module
+ }
+ }
+
+ return remaining, removed, nil
+}
+
+func writeManifestToStore(opts *ActivateOpts, name string, manifest Manifest) error {
+ // Always write manifests to the named location. If the plugin is in the older style config
+ // then also write to the old legacy unnamed location.
+ if err := WriteManifestToStore(opts.Ctx, opts.Store, opts.Txn, name, manifest); err != nil {
+ return err
+ }
+
+ if opts.legacy {
+ if err := LegacyWriteManifestToStore(opts.Ctx, opts.Store, opts.Txn, manifest); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+func writeEtagToStore(opts *ActivateOpts, name, etag string) error {
+ if err := WriteEtagToStore(opts.Ctx, opts.Store, opts.Txn, name, etag); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func writeModuleRegoVersionToStore(ctx context.Context, store storage.Store, txn storage.Transaction, b *Bundle,
+ mf ModuleFile, storagePath string, runtimeRegoVersion ast.RegoVersion) error {
+
+ var regoVersion ast.RegoVersion
+ if mf.Parsed != nil {
+ regoVersion = mf.Parsed.RegoVersion()
+ }
+
+ if regoVersion == ast.RegoUndefined {
+ var err error
+ regoVersion, err = b.RegoVersionForFile(mf.Path, runtimeRegoVersion)
+ if err != nil {
+ return fmt.Errorf("failed to get rego version for module '%s' in bundle: %w", mf.Path, err)
+ }
+ }
+
+ if regoVersion != ast.RegoUndefined && regoVersion != runtimeRegoVersion {
+ if err := write(ctx, store, txn, moduleRegoVersionPath(storagePath), regoVersion.Int()); err != nil {
+ return fmt.Errorf("failed to write rego version for module '%s': %w", storagePath, err)
+ }
+ }
+ return nil
+}
+
+func writeDataAndModules(ctx context.Context, store storage.Store, txn storage.Transaction, txnCtx *storage.Context, bundles map[string]*Bundle, legacy bool, runtimeRegoVersion ast.RegoVersion) error {
+ params := storage.WriteParams
+ params.Context = txnCtx
+
+ for name, b := range bundles {
+ if len(b.Raw) == 0 {
+ // Write data from each new bundle into the store. Only write under the
+ // roots contained in their manifest.
+ if err := writeData(ctx, store, txn, *b.Manifest.Roots, b.Data); err != nil {
+ return err
+ }
+
+ for _, mf := range b.Modules {
+ var path string
+
+ // For backwards compatibility, in legacy mode, upsert policies to
+ // the unprefixed path.
+ if legacy {
+ path = mf.Path
+ } else {
+ path = modulePathWithPrefix(name, mf.Path)
+ }
+
+ if err := store.UpsertPolicy(ctx, txn, path, mf.Raw); err != nil {
+ return err
+ }
+
+ if err := writeModuleRegoVersionToStore(ctx, store, txn, b, mf, path, runtimeRegoVersion); err != nil {
+ return err
+ }
+ }
+ } else {
+ params.BasePaths = *b.Manifest.Roots
+
+ err := store.Truncate(ctx, txn, params, NewIterator(b.Raw))
+ if err != nil {
+ return fmt.Errorf("store truncate failed for bundle '%s': %v", name, err)
+ }
+
+ for _, f := range b.Raw {
+ if strings.HasSuffix(f.Path, RegoExt) {
+ p, err := getFileStoragePath(f.Path)
+ if err != nil {
+ return fmt.Errorf("failed get storage path for module '%s' in bundle '%s': %w", f.Path, name, err)
+ }
+
+ if m := f.module; m != nil {
+ // 'f.module.Path' contains the module's path as it relates to the bundle root, and can be used for looking up the rego-version.
+ // 'f.Path' can differ, based on how the bundle reader was initialized.
+ if err := writeModuleRegoVersionToStore(ctx, store, txn, b, *m, p.String(), runtimeRegoVersion); err != nil {
+ return err
+ }
+ }
+ }
+ }
+ }
+ }
+
+ return nil
+}
+
+func writeData(ctx context.Context, store storage.Store, txn storage.Transaction, roots []string, data map[string]any) error {
+ for _, root := range roots {
+ path, ok := storage.ParsePathEscaped("/" + root)
+ if !ok {
+ return fmt.Errorf("manifest root path invalid: %v", root)
+ }
+ if value, ok := lookup(path, data); ok {
+ if len(path) > 0 {
+ if err := storage.MakeDir(ctx, store, txn, path[:len(path)-1]); err != nil {
+ return err
+ }
+ }
+ if err := store.Write(ctx, txn, storage.AddOp, path, value); err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
+
+func compileModules(compiler *ast.Compiler, m metrics.Metrics, bundles map[string]*Bundle, extraModules map[string]*ast.Module, legacy bool, authorizationDecisionRef ast.Ref) error {
+
+ m.Timer(metrics.RegoModuleCompile).Start()
+ defer m.Timer(metrics.RegoModuleCompile).Stop()
+
+ modules := map[string]*ast.Module{}
+
+ // preserve any modules already on the compiler
+ maps.Copy(modules, compiler.Modules)
+
+ // preserve any modules passed in from the store
+ maps.Copy(modules, extraModules)
+
+ // include all the new bundle modules
+ for bundleName, b := range bundles {
+ if legacy {
+ for _, mf := range b.Modules {
+ modules[mf.Path] = mf.Parsed
+ }
+ } else {
+ maps.Copy(modules, b.ParsedModules(bundleName))
+ }
+ }
+
+ if compiler.Compile(modules); compiler.Failed() {
+ return compiler.Errors
+ }
+
+ if authorizationDecisionRef.Equal(ast.EmptyRef()) {
+ return nil
+ }
+
+ return iCompiler.VerifyAuthorizationPolicySchema(compiler, authorizationDecisionRef)
+}
+
+func writeModules(ctx context.Context, store storage.Store, txn storage.Transaction, compiler *ast.Compiler, m metrics.Metrics, bundles map[string]*Bundle, extraModules map[string]*ast.Module, legacy bool) error {
+
+ m.Timer(metrics.RegoModuleCompile).Start()
+ defer m.Timer(metrics.RegoModuleCompile).Stop()
+
+ modules := map[string]*ast.Module{}
+
+ // preserve any modules already on the compiler
+ maps.Copy(modules, compiler.Modules)
+
+ // preserve any modules passed in from the store
+ maps.Copy(modules, extraModules)
+
+ // include all the new bundle modules
+ for bundleName, b := range bundles {
+ if legacy {
+ for _, mf := range b.Modules {
+ modules[mf.Path] = mf.Parsed
+ }
+ } else {
+ maps.Copy(modules, b.ParsedModules(bundleName))
+ }
+ }
+
+ if compiler.Compile(modules); compiler.Failed() {
+ return compiler.Errors
+ }
+ for bundleName, b := range bundles {
+ for _, mf := range b.Modules {
+ var path string
+
+ // For backwards compatibility, in legacy mode, upsert policies to
+ // the unprefixed path.
+ if legacy {
+ path = mf.Path
+ } else {
+ path = modulePathWithPrefix(bundleName, mf.Path)
+ }
+
+ if err := store.UpsertPolicy(ctx, txn, path, mf.Raw); err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
+
+func lookup(path storage.Path, data map[string]any) (any, bool) {
+ if len(path) == 0 {
+ return data, true
+ }
+ for i := range len(path) - 1 {
+ value, ok := data[path[i]]
+ if !ok {
+ return nil, false
+ }
+ obj, ok := value.(map[string]any)
+ if !ok {
+ return nil, false
+ }
+ data = obj
+ }
+ value, ok := data[path[len(path)-1]]
+ return value, ok
+}
+
+func hasRootsOverlap(ctx context.Context, store storage.Store, txn storage.Transaction, bundles map[string]*Bundle) error {
+ collisions := map[string][]string{}
+ allBundles, err := ReadBundleNamesFromStore(ctx, store, txn)
+ if suppressNotFound(err) != nil {
+ return err
+ }
+
+ allRoots := map[string][]string{}
+
+ // Build a map of roots for existing bundles already in the system
+ for _, name := range allBundles {
+ roots, err := ReadBundleRootsFromStore(ctx, store, txn, name)
+ if suppressNotFound(err) != nil {
+ return err
+ }
+ allRoots[name] = roots
+ }
+
+ // Add in any bundles that are being activated, overwrite existing roots
+ // with new ones where bundles are in both groups.
+ for name, bundle := range bundles {
+ allRoots[name] = *bundle.Manifest.Roots
+ }
+
+ // Now check for each new bundle if it conflicts with any of the others
+ for name, bundle := range bundles {
+ for otherBundle, otherRoots := range allRoots {
+ if name == otherBundle {
+ // Skip the current bundle being checked
+ continue
+ }
+
+ // Compare the "new" roots with other existing (or a different bundles new roots)
+ for _, newRoot := range *bundle.Manifest.Roots {
+ for _, otherRoot := range otherRoots {
+ if RootPathsOverlap(newRoot, otherRoot) {
+ collisions[otherBundle] = append(collisions[otherBundle], newRoot)
+ }
+ }
+ }
+ }
+ }
+
+ if len(collisions) > 0 {
+ var bundleNames []string
+ for name := range collisions {
+ bundleNames = append(bundleNames, name)
+ }
+ return fmt.Errorf("detected overlapping roots in bundle manifest with: %s", bundleNames)
+ }
+ return nil
+}
+
+func applyPatches(ctx context.Context, store storage.Store, txn storage.Transaction, patches []PatchOperation) error {
+ for _, pat := range patches {
+
+ // construct patch path
+ path, ok := patch.ParsePatchPathEscaped("/" + strings.Trim(pat.Path, "/"))
+ if !ok {
+ return errors.New("error parsing patch path")
+ }
+
+ var op storage.PatchOp
+ switch pat.Op {
+ case "upsert":
+ op = storage.AddOp
+
+ _, err := store.Read(ctx, txn, path[:len(path)-1])
+ if err != nil {
+ if !storage.IsNotFound(err) {
+ return err
+ }
+
+ if err := storage.MakeDir(ctx, store, txn, path[:len(path)-1]); err != nil {
+ return err
+ }
+ }
+ case "remove":
+ op = storage.RemoveOp
+ case "replace":
+ op = storage.ReplaceOp
+ default:
+ return fmt.Errorf("bad patch operation: %v", pat.Op)
+ }
+
+ // apply the patch
+ if err := store.Write(ctx, txn, op, path, pat.Value); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+// Helpers for the older single (unnamed) bundle style manifest storage.
+
+// LegacyManifestStoragePath is the older unnamed bundle path for manifests to be stored.
+// Deprecated: Use ManifestStoragePath and named bundles instead.
+var legacyManifestStoragePath = storage.MustParsePath("/system/bundle/manifest")
+var legacyRevisionStoragePath = append(legacyManifestStoragePath, "revision")
+
+// LegacyWriteManifestToStore will write the bundle manifest to the older single (unnamed) bundle manifest location.
+// Deprecated: Use WriteManifestToStore and named bundles instead.
+func LegacyWriteManifestToStore(ctx context.Context, store storage.Store, txn storage.Transaction, manifest Manifest) error {
+ return write(ctx, store, txn, legacyManifestStoragePath, manifest)
+}
+
+// LegacyEraseManifestFromStore will erase the bundle manifest from the older single (unnamed) bundle manifest location.
+// Deprecated: Use WriteManifestToStore and named bundles instead.
+func LegacyEraseManifestFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) error {
+ err := store.Write(ctx, txn, storage.RemoveOp, legacyManifestStoragePath, nil)
+ if err != nil {
+ return err
+ }
+ return nil
+}
+
+// LegacyReadRevisionFromStore will read the bundle manifest revision from the older single (unnamed) bundle manifest location.
+// Deprecated: Use ReadBundleRevisionFromStore and named bundles instead.
+func LegacyReadRevisionFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) (string, error) {
+ return readRevisionFromStore(ctx, store, txn, legacyRevisionStoragePath)
+}
+
+// ActivateLegacy calls Activate for the bundles but will also write their manifest to the older unnamed store location.
+// Deprecated: Use Activate with named bundles instead.
+func ActivateLegacy(opts *ActivateOpts) error {
+ opts.legacy = true
+ return activateBundles(opts)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/bundle/verify.go b/vendor/github.com/open-policy-agent/opa/v1/bundle/verify.go
new file mode 100644
index 0000000000..829e98acdf
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/bundle/verify.go
@@ -0,0 +1,232 @@
+// Copyright 2020 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package bundle provide helpers that assist in the bundle signature verification process
+package bundle
+
+import (
+ "bytes"
+ "encoding/base64"
+ "encoding/hex"
+ "encoding/json"
+ "errors"
+ "fmt"
+
+ "github.com/open-policy-agent/opa/internal/jwx/jwa"
+ "github.com/open-policy-agent/opa/internal/jwx/jws"
+ "github.com/open-policy-agent/opa/internal/jwx/jws/verify"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+const defaultVerifierID = "_default"
+
+var verifiers map[string]Verifier
+
+// Verifier is the interface expected for implementations that verify bundle signatures.
+type Verifier interface {
+ VerifyBundleSignature(SignaturesConfig, *VerificationConfig) (map[string]FileInfo, error)
+}
+
+// VerifyBundleSignature will retrieve the Verifier implementation based
+// on the Plugin specified in SignaturesConfig, and call its implementation
+// of VerifyBundleSignature. VerifyBundleSignature verifies the bundle signature
+// using the given public keys or secret. If a signature is verified, it keeps
+// track of the files specified in the JWT payload
+func VerifyBundleSignature(sc SignaturesConfig, bvc *VerificationConfig) (map[string]FileInfo, error) {
+ // default implementation does not return a nil for map, so don't
+ // do it here either
+ files := make(map[string]FileInfo)
+ var plugin string
+ // for backwards compatibility, check if there is no plugin specified, and use default
+ if sc.Plugin == "" {
+ plugin = defaultVerifierID
+ } else {
+ plugin = sc.Plugin
+ }
+ verifier, err := GetVerifier(plugin)
+ if err != nil {
+ return files, err
+ }
+ return verifier.VerifyBundleSignature(sc, bvc)
+}
+
+// DefaultVerifier is the default bundle verification implementation. It verifies bundles by checking
+// the JWT signature using a locally-accessible public key.
+type DefaultVerifier struct{}
+
+// VerifyBundleSignature verifies the bundle signature using the given public keys or secret.
+// If a signature is verified, it keeps track of the files specified in the JWT payload
+func (*DefaultVerifier) VerifyBundleSignature(sc SignaturesConfig, bvc *VerificationConfig) (map[string]FileInfo, error) {
+ files := make(map[string]FileInfo)
+
+ if len(sc.Signatures) == 0 {
+ return files, errors.New(".signatures.json: missing JWT (expected exactly one)")
+ }
+
+ if len(sc.Signatures) > 1 {
+ return files, errors.New(".signatures.json: multiple JWTs not supported (expected exactly one)")
+ }
+
+ for _, token := range sc.Signatures {
+ payload, err := verifyJWTSignature(token, bvc)
+ if err != nil {
+ return files, err
+ }
+
+ for _, file := range payload.Files {
+ files[file.Name] = file
+ }
+ }
+ return files, nil
+}
+
+func verifyJWTSignature(token string, bvc *VerificationConfig) (*DecodedSignature, error) {
+ // decode JWT to check if the header specifies the key to use and/or if claims have the scope.
+
+ parts, err := jws.SplitCompact(token)
+ if err != nil {
+ return nil, err
+ }
+
+ var decodedHeader []byte
+ if decodedHeader, err = base64.RawURLEncoding.DecodeString(parts[0]); err != nil {
+ return nil, fmt.Errorf("failed to base64 decode JWT headers: %w", err)
+ }
+
+ var hdr jws.StandardHeaders
+ if err := json.Unmarshal(decodedHeader, &hdr); err != nil {
+ return nil, fmt.Errorf("failed to parse JWT headers: %w", err)
+ }
+
+ payload, err := base64.RawURLEncoding.DecodeString(parts[1])
+ if err != nil {
+ return nil, err
+ }
+
+ var ds DecodedSignature
+ if err := json.Unmarshal(payload, &ds); err != nil {
+ return nil, err
+ }
+
+ // check for the id of the key to use for JWT signature verification
+ // first in the OPA config. If not found, then check the JWT kid.
+ keyID := bvc.KeyID
+ if keyID == "" {
+ keyID = hdr.KeyID
+ }
+ if keyID == "" {
+ // If header has no key id, check the deprecated key claim.
+ keyID = ds.KeyID
+ }
+
+ if keyID == "" {
+ return nil, errors.New("verification key ID is empty")
+ }
+
+ // now that we have the keyID, fetch the actual key
+ keyConfig, err := bvc.GetPublicKey(keyID)
+ if err != nil {
+ return nil, err
+ }
+
+ // verify JWT signature
+ alg := jwa.SignatureAlgorithm(keyConfig.Algorithm)
+ key, err := verify.GetSigningKey(keyConfig.Key, alg)
+ if err != nil {
+ return nil, err
+ }
+
+ _, err = jws.Verify([]byte(token), alg, key)
+ if err != nil {
+ return nil, err
+ }
+
+ // verify the scope
+ scope := bvc.Scope
+ if scope == "" {
+ scope = keyConfig.Scope
+ }
+
+ if ds.Scope != scope {
+ return nil, errors.New("scope mismatch")
+ }
+ return &ds, nil
+}
+
+// VerifyBundleFile verifies the hash of a file in the bundle matches to that provided in the bundle's signature
+func VerifyBundleFile(path string, data bytes.Buffer, files map[string]FileInfo) error {
+ var file FileInfo
+ var ok bool
+
+ if file, ok = files[path]; !ok {
+ return fmt.Errorf("file %v not included in bundle signature", path)
+ }
+
+ if file.Algorithm == "" {
+ return fmt.Errorf("no hashing algorithm provided for file %v", path)
+ }
+
+ hash, err := NewSignatureHasher(HashingAlgorithm(file.Algorithm))
+ if err != nil {
+ return err
+ }
+
+ // hash the file content
+ // For unstructured files, hash the byte stream of the file
+ // For structured files, read the byte stream and parse into a JSON structure;
+ // then recursively order the fields of all objects alphabetically and then apply
+ // the hash function to result to compute the hash. This ensures that the digital signature is
+ // independent of whitespace and other non-semantic JSON features.
+ var value any
+ if IsStructuredDoc(path) {
+ err := util.Unmarshal(data.Bytes(), &value)
+ if err != nil {
+ return err
+ }
+ } else {
+ value = data.Bytes()
+ }
+
+ bs, err := hash.HashFile(value)
+ if err != nil {
+ return err
+ }
+
+ // compare file hash with same file in the JWT payloads
+ fb, err := hex.DecodeString(file.Hash)
+ if err != nil {
+ return err
+ }
+
+ if !bytes.Equal(fb, bs) {
+ return fmt.Errorf("%v: digest mismatch (want: %x, got: %x)", path, fb, bs)
+ }
+
+ delete(files, path)
+ return nil
+}
+
+// GetVerifier returns the Verifier registered under the given id
+func GetVerifier(id string) (Verifier, error) {
+ verifier, ok := verifiers[id]
+ if !ok {
+ return nil, fmt.Errorf("no verifier exists under id %s", id)
+ }
+ return verifier, nil
+}
+
+// RegisterVerifier registers a Verifier under the given id
+func RegisterVerifier(id string, v Verifier) error {
+ if id == defaultVerifierID {
+ return fmt.Errorf("verifier id %s is reserved, use a different id", id)
+ }
+ verifiers[id] = v
+ return nil
+}
+
+func init() {
+ verifiers = map[string]Verifier{
+ defaultVerifierID: &DefaultVerifier{},
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/capabilities/capabilities.go b/vendor/github.com/open-policy-agent/opa/v1/capabilities/capabilities.go
new file mode 100644
index 0000000000..5b0bb1ea52
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/capabilities/capabilities.go
@@ -0,0 +1,18 @@
+// Copyright 2021 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+//go:build go1.16
+// +build go1.16
+
+package capabilities
+
+import (
+ v0 "github.com/open-policy-agent/opa/capabilities"
+)
+
+// FS contains the embedded capabilities/ directory of the built version,
+// which has all the capabilities of previous versions:
+// "v0.18.0.json" contains the capabilities JSON of version v0.18.0, etc
+
+var FS = v0.FS
diff --git a/vendor/github.com/open-policy-agent/opa/config/config.go b/vendor/github.com/open-policy-agent/opa/v1/config/config.go
similarity index 92%
rename from vendor/github.com/open-policy-agent/opa/config/config.go
rename to vendor/github.com/open-policy-agent/opa/v1/config/config.go
index 87ab109113..62bfc65537 100644
--- a/vendor/github.com/open-policy-agent/opa/config/config.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/config/config.go
@@ -7,6 +7,7 @@ package config
import (
"encoding/json"
+ "errors"
"fmt"
"os"
"path/filepath"
@@ -14,10 +15,10 @@ import (
"sort"
"strings"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/ref"
- "github.com/open-policy-agent/opa/util"
- "github.com/open-policy-agent/opa/version"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/util"
+ "github.com/open-policy-agent/opa/v1/version"
)
// Config represents the configuration file that OPA can be started with.
@@ -98,7 +99,7 @@ func (c Config) PluginNames() (result []string) {
// PluginsEnabled returns true if one or more plugin features are enabled.
//
-// Deprecated. Use PluginNames instead.
+// Deprecated: Use PluginNames instead.
func (c Config) PluginsEnabled() bool {
return c.Bundle != nil || c.Bundles != nil || c.DecisionLogs != nil || c.Status != nil || len(c.Plugins) > 0
}
@@ -167,13 +168,13 @@ func (c Config) GetPersistenceDirectory() (string, error) {
// ActiveConfig returns OPA's active configuration
// with the credentials and crypto keys removed
-func (c *Config) ActiveConfig() (interface{}, error) {
+func (c *Config) ActiveConfig() (any, error) {
bs, err := json.Marshal(c)
if err != nil {
return nil, err
}
- var result map[string]interface{}
+ var result map[string]any
if err := util.UnmarshalJSON(bs, &result); err != nil {
return nil, err
}
@@ -196,11 +197,11 @@ func (c *Config) ActiveConfig() (interface{}, error) {
return result, nil
}
-func removeServiceCredentials(x interface{}) error {
+func removeServiceCredentials(x any) error {
switch x := x.(type) {
case nil:
return nil
- case []interface{}:
+ case []any:
for _, v := range x {
err := removeKey(v, "credentials")
if err != nil {
@@ -208,7 +209,7 @@ func removeServiceCredentials(x interface{}) error {
}
}
- case map[string]interface{}:
+ case map[string]any:
for _, v := range x {
err := removeKey(v, "credentials")
if err != nil {
@@ -222,11 +223,11 @@ func removeServiceCredentials(x interface{}) error {
return nil
}
-func removeCryptoKeys(x interface{}) error {
+func removeCryptoKeys(x any) error {
switch x := x.(type) {
case nil:
return nil
- case map[string]interface{}:
+ case map[string]any:
for _, v := range x {
err := removeKey(v, "key", "private_key")
if err != nil {
@@ -240,10 +241,10 @@ func removeCryptoKeys(x interface{}) error {
return nil
}
-func removeKey(x interface{}, keys ...string) error {
- val, ok := x.(map[string]interface{})
+func removeKey(x any, keys ...string) error {
+ val, ok := x.(map[string]any)
if !ok {
- return fmt.Errorf("type assertion error")
+ return errors.New("type assertion error")
}
for _, key := range keys {
diff --git a/vendor/github.com/open-policy-agent/opa/format/format.go b/vendor/github.com/open-policy-agent/opa/v1/format/format.go
similarity index 55%
rename from vendor/github.com/open-policy-agent/opa/format/format.go
rename to vendor/github.com/open-policy-agent/opa/v1/format/format.go
index 43e5594669..9b4237280a 100644
--- a/vendor/github.com/open-policy-agent/opa/format/format.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/format/format.go
@@ -7,15 +7,17 @@ package format
import (
"bytes"
+ "errors"
"fmt"
"regexp"
+ "slices"
"sort"
"strings"
"unicode"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/future"
- "github.com/open-policy-agent/opa/types"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/types"
)
// Opts lets you control the code formatting via `AstWithOpts()`.
@@ -31,6 +33,17 @@ type Opts struct {
// ParserOptions is the parser options used when parsing the module to be formatted.
ParserOptions *ast.ParserOptions
+
+ // DropV0Imports instructs the formatter to drop all v0 imports from the module; i.e. 'rego.v1' and 'future.keywords' imports.
+ // Imports are only removed if [Opts.RegoVersion] makes them redundant.
+ DropV0Imports bool
+}
+
+func (o Opts) effectiveRegoVersion() ast.RegoVersion {
+ if o.RegoVersion == ast.RegoUndefined {
+ return ast.DefaultRegoVersion
+ }
+ return o.RegoVersion
}
// defaultLocationFile is the file name used in `Ast()` for terms
@@ -46,15 +59,19 @@ func Source(filename string, src []byte) ([]byte, error) {
}
func SourceWithOpts(filename string, src []byte, opts Opts) ([]byte, error) {
+ regoVersion := opts.effectiveRegoVersion()
+
var parserOpts ast.ParserOptions
if opts.ParserOptions != nil {
parserOpts = *opts.ParserOptions
- } else {
- if opts.RegoVersion == ast.RegoV1 {
- // If the rego version is V1, we need to parse it as such, to allow for future keywords not being imported.
- // Otherwise, we'll default to the default rego-version.
- parserOpts.RegoVersion = ast.RegoV1
- }
+ } else if regoVersion == ast.RegoV1 {
+ // If the rego version is V1, we need to parse it as such, to allow for future keywords not being imported.
+ // Otherwise, we'll default to the default rego-version.
+ parserOpts.RegoVersion = ast.RegoV1
+ }
+
+ if parserOpts.RegoVersion == ast.RegoUndefined {
+ parserOpts.RegoVersion = ast.DefaultRegoVersion
}
module, err := ast.ParseModuleWithOpts(filename, string(src), parserOpts)
@@ -62,15 +79,15 @@ func SourceWithOpts(filename string, src []byte, opts Opts) ([]byte, error) {
return nil, err
}
- if opts.RegoVersion == ast.RegoV0CompatV1 || opts.RegoVersion == ast.RegoV1 {
+ if regoVersion == ast.RegoV0CompatV1 || regoVersion == ast.RegoV1 {
checkOpts := ast.NewRegoCheckOptions()
// The module is parsed as v0, so we need to disable checks that will be automatically amended by the AstWithOpts call anyways.
checkOpts.RequireIfKeyword = false
checkOpts.RequireContainsKeyword = false
checkOpts.RequireRuleBodyOrValue = false
- errors := ast.CheckRegoV1WithOptions(module, checkOpts)
- if len(errors) > 0 {
- return nil, errors
+ errs := ast.CheckRegoV1WithOptions(module, checkOpts)
+ if len(errs) > 0 {
+ return nil, errs
}
}
@@ -83,8 +100,8 @@ func SourceWithOpts(filename string, src []byte, opts Opts) ([]byte, error) {
}
// MustAst is a helper function to format a Rego AST element. If any errors
-// occurs this function will panic. This is mostly used for test
-func MustAst(x interface{}) []byte {
+// occur this function will panic. This is mostly used for test
+func MustAst(x any) []byte {
bs, err := Ast(x)
if err != nil {
panic(err)
@@ -93,8 +110,8 @@ func MustAst(x interface{}) []byte {
}
// MustAstWithOpts is a helper function to format a Rego AST element. If any errors
-// occurs this function will panic. This is mostly used for test
-func MustAstWithOpts(x interface{}, opts Opts) []byte {
+// occur this function will panic. This is mostly used for test
+func MustAstWithOpts(x any, opts Opts) []byte {
bs, err := AstWithOpts(x, opts)
if err != nil {
panic(err)
@@ -105,7 +122,7 @@ func MustAstWithOpts(x interface{}, opts Opts) []byte {
// Ast formats a Rego AST element. If the passed value is not a valid AST
// element, Ast returns nil and an error. If AST nodes are missing locations
// an arbitrary location will be used.
-func Ast(x interface{}) ([]byte, error) {
+func Ast(x any) ([]byte, error) {
return AstWithOpts(x, Opts{})
}
@@ -127,6 +144,7 @@ type fmtOpts struct {
refHeads bool
regoV1 bool
+ regoV1Imported bool
futureKeywords []string
}
@@ -138,7 +156,7 @@ func (o fmtOpts) keywords() []string {
return append(kws, o.futureKeywords...)
}
-func AstWithOpts(x interface{}, opts Opts) ([]byte, error) {
+func AstWithOpts(x any, opts Opts) ([]byte, error) {
// The node has to be deep copied because it may be mutated below. Alternatively,
// we could avoid the copy by checking if mutation will occur first. For now,
// since format is not latency sensitive, just deep copy in all cases.
@@ -154,12 +172,16 @@ func AstWithOpts(x interface{}, opts Opts) ([]byte, error) {
o := fmtOpts{}
- if opts.RegoVersion == ast.RegoV0CompatV1 || opts.RegoVersion == ast.RegoV1 {
+ regoVersion := opts.effectiveRegoVersion()
+ if regoVersion == ast.RegoV0CompatV1 || regoVersion == ast.RegoV1 {
o.regoV1 = true
o.ifs = true
o.contains = true
}
+ memberRef := ast.Member.Ref()
+ memberWithKeyRef := ast.MemberWithKey.Ref()
+
// Preprocess the AST. Set any required defaults and calculate
// values required for printing the formatted output.
ast.WalkNodes(x, func(x ast.Node) bool {
@@ -173,7 +195,7 @@ func AstWithOpts(x interface{}, opts Opts) ([]byte, error) {
case *ast.Expr:
switch {
- case n.IsCall() && ast.Member.Ref().Equal(n.Operator()) || ast.MemberWithKey.Ref().Equal(n.Operator()):
+ case n.IsCall() && memberRef.Equal(n.Operator()) || memberWithKeyRef.Equal(n.Operator()):
extraFutureKeywordImports["in"] = struct{}{}
case n.IsEvery():
extraFutureKeywordImports["every"] = struct{}{}
@@ -186,6 +208,7 @@ func AstWithOpts(x interface{}, opts Opts) ([]byte, error) {
switch {
case isRegoV1Compatible(n):
+ o.regoV1Imported = true
o.contains = true
o.ifs = true
case future.IsAllFutureKeywords(n):
@@ -220,43 +243,83 @@ func AstWithOpts(x interface{}, opts Opts) ([]byte, error) {
switch x := x.(type) {
case *ast.Module:
- if opts.RegoVersion == ast.RegoV1 {
+ if regoVersion == ast.RegoV1 && opts.DropV0Imports {
x.Imports = filterRegoV1Import(x.Imports)
- } else if opts.RegoVersion == ast.RegoV0CompatV1 {
+ } else if regoVersion == ast.RegoV0CompatV1 {
x.Imports = ensureRegoV1Import(x.Imports)
}
- if opts.RegoVersion == ast.RegoV0CompatV1 || opts.RegoVersion == ast.RegoV1 || moduleIsRegoV1Compatible(x) {
- x.Imports = future.FilterFutureImports(x.Imports)
+ regoV1Imported := slices.ContainsFunc(x.Imports, isRegoV1Compatible)
+ if regoVersion == ast.RegoV0CompatV1 || regoVersion == ast.RegoV1 || regoV1Imported {
+ if !opts.DropV0Imports && !regoV1Imported {
+ for _, kw := range o.futureKeywords {
+ x.Imports = ensureFutureKeywordImport(x.Imports, kw)
+ }
+ } else {
+ x.Imports = future.FilterFutureImports(x.Imports)
+ }
} else {
for kw := range extraFutureKeywordImports {
x.Imports = ensureFutureKeywordImport(x.Imports, kw)
}
}
- w.writeModule(x)
+ err := w.writeModule(x)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
case *ast.Package:
- w.writePackage(x, nil)
+ _, err := w.writePackage(x, nil)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
case *ast.Import:
- w.writeImports([]*ast.Import{x}, nil)
+ _, err := w.writeImports([]*ast.Import{x}, nil)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
case *ast.Rule:
- w.writeRule(x, false /* isElse */, nil)
+ _, err := w.writeRule(x, false /* isElse */, nil)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
case *ast.Head:
- w.writeHead(x,
+ _, err := w.writeHead(x,
false, // isDefault
false, // isExpandedConst
nil)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
case ast.Body:
- w.writeBody(x, nil)
+ _, err := w.writeBody(x, nil)
+ if err != nil {
+ return nil, err
+ }
case *ast.Expr:
- w.writeExpr(x, nil)
+ _, err := w.writeExpr(x, nil)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
case *ast.With:
- w.writeWith(x, nil, false)
+ _, err := w.writeWith(x, nil, false)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
case *ast.Term:
- w.writeTerm(x, nil)
+ _, err := w.writeTerm(x, nil)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
case ast.Value:
- w.writeTerm(&ast.Term{Value: x, Location: &ast.Location{}}, nil)
+ _, err := w.writeTerm(&ast.Term{Value: x, Location: &ast.Location{}}, nil)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
case *ast.Comment:
- w.writeComments([]*ast.Comment{x})
+ err := w.writeComments([]*ast.Comment{x})
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
default:
return nil, fmt.Errorf("not an ast element: %v", x)
}
@@ -309,20 +372,21 @@ func defaultLocation(x ast.Node) *ast.Location {
type writer struct {
buf bytes.Buffer
- indent string
- level int
- inline bool
- beforeEnd *ast.Comment
- delay bool
- errs ast.Errors
- fmtOpts fmtOpts
+ indent string
+ level int
+ inline bool
+ beforeEnd *ast.Comment
+ delay bool
+ errs ast.Errors
+ fmtOpts fmtOpts
+ writeCommentOnFinalLine bool
}
-func (w *writer) writeModule(module *ast.Module) {
+func (w *writer) writeModule(module *ast.Module) error {
var pkg *ast.Package
- var others []interface{}
+ var others []any
var comments []*ast.Comment
- visitor := ast.NewGenericVisitor(func(x interface{}) bool {
+ visitor := ast.NewGenericVisitor(func(x any) bool {
switch x := x.(type) {
case *ast.Comment:
comments = append(comments, x)
@@ -340,23 +404,41 @@ func (w *writer) writeModule(module *ast.Module) {
visitor.Walk(module)
sort.Slice(comments, func(i, j int) bool {
- return locLess(comments[i], comments[j])
+ l, err := locLess(comments[i], comments[j])
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
+ return l
})
sort.Slice(others, func(i, j int) bool {
- return locLess(others[i], others[j])
+ l, err := locLess(others[i], others[j])
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
+ return l
})
comments = trimTrailingWhitespaceInComments(comments)
- comments = w.writePackage(pkg, comments)
+ var err error
+ comments, err = w.writePackage(pkg, comments)
+ if err != nil {
+ return err
+ }
var imports []*ast.Import
var rules []*ast.Rule
for len(others) > 0 {
imports, others = gatherImports(others)
- comments = w.writeImports(imports, comments)
+ comments, err = w.writeImports(imports, comments)
+ if err != nil {
+ return err
+ }
rules, others = gatherRules(others)
- comments = w.writeRules(rules, comments)
+ comments, err = w.writeRules(rules, comments)
+ if err != nil {
+ return err
+ }
}
for i, c := range comments {
@@ -365,6 +447,8 @@ func (w *writer) writeModule(module *ast.Module) {
w.write("\n")
}
}
+
+ return nil
}
func trimTrailingWhitespaceInComments(comments []*ast.Comment) []*ast.Comment {
@@ -375,45 +459,97 @@ func trimTrailingWhitespaceInComments(comments []*ast.Comment) []*ast.Comment {
return comments
}
-func (w *writer) writePackage(pkg *ast.Package, comments []*ast.Comment) []*ast.Comment {
- comments = w.insertComments(comments, pkg.Location)
+func (w *writer) writePackage(pkg *ast.Package, comments []*ast.Comment) ([]*ast.Comment, error) {
+ var err error
+ comments, err = w.insertComments(comments, pkg.Location)
+ if err != nil {
+ return nil, err
+ }
w.startLine()
// Omit head as all packages have the DefaultRootDocument prepended at parse time.
path := make(ast.Ref, len(pkg.Path)-1)
+ if len(path) == 0 {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, pkg.Location, "invalid package path: %s", pkg.Path))
+ return comments, nil
+ }
+
path[0] = ast.VarTerm(string(pkg.Path[1].Value.(ast.String)))
copy(path[1:], pkg.Path[2:])
w.write("package ")
- w.writeRef(path)
+ _, err = w.writeRef(path, nil)
+ if err != nil {
+ return nil, err
+ }
w.blankLine()
- return comments
+ return comments, nil
}
-func (w *writer) writeComments(comments []*ast.Comment) {
- for i := 0; i < len(comments); i++ {
- if i > 0 && locCmp(comments[i], comments[i-1]) > 1 {
- w.blankLine()
+func (w *writer) writeComments(comments []*ast.Comment) error {
+ for i := range comments {
+ if i > 0 {
+ l, err := locCmp(comments[i], comments[i-1])
+ if err != nil {
+ return err
+ }
+ if l > 1 {
+ w.blankLine()
+ }
}
+
w.writeLine(comments[i].String())
}
+
+ return nil
}
-func (w *writer) writeRules(rules []*ast.Rule, comments []*ast.Comment) []*ast.Comment {
- for _, rule := range rules {
- comments = w.insertComments(comments, rule.Location)
- comments = w.writeRule(rule, false, comments)
+func (w *writer) writeRules(rules []*ast.Rule, comments []*ast.Comment) ([]*ast.Comment, error) {
+ for i, rule := range rules {
+ var err error
+ comments, err = w.insertComments(comments, rule.Location)
+ if err != nil && !errors.As(err, &unexpectedCommentError{}) {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
+
+ comments, err = w.writeRule(rule, false, comments)
+ if err != nil && !errors.As(err, &unexpectedCommentError{}) {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
+
+ if i < len(rules)-1 && w.groupableOneLiner(rule) {
+ next := rules[i+1]
+ if w.groupableOneLiner(next) && next.Location.Row == rule.Location.Row+1 {
+ // Current rule and the next are both groupable one-liners, and
+ // adjacent in the original policy (i.e. no extra newlines between them).
+ continue
+ }
+ }
w.blankLine()
}
- return comments
+ return comments, nil
+}
+
+var expandedConst = ast.NewBody(ast.NewExpr(ast.InternedBooleanTerm(true)))
+
+func (w *writer) groupableOneLiner(rule *ast.Rule) bool {
+ // Location required to determine if two rules are adjacent in the policy.
+ // If not, we respect line breaks between rules.
+ if len(rule.Body) > 1 || rule.Default || rule.Location == nil {
+ return false
+ }
+
+ partialSetException := w.fmtOpts.contains || rule.Head.Value != nil
+
+ return (w.fmtOpts.regoV1 || w.fmtOpts.ifs) && partialSetException
}
-func (w *writer) writeRule(rule *ast.Rule, isElse bool, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeRule(rule *ast.Rule, isElse bool, comments []*ast.Comment) ([]*ast.Comment, error) {
if rule == nil {
- return comments
+ return comments, nil
}
if !isElse {
@@ -428,37 +564,67 @@ func (w *writer) writeRule(rule *ast.Rule, isElse bool, comments []*ast.Comment)
// `foo = {"a": "b"} { true }` in the AST. We want to preserve that notation
// in the formatted code instead of expanding the bodies into rules, so we
// pretend that the rule has no body in this case.
- isExpandedConst := rule.Body.Equal(ast.NewBody(ast.NewExpr(ast.BooleanTerm(true)))) && rule.Else == nil
+ isExpandedConst := rule.Body.Equal(expandedConst) && rule.Else == nil
+ w.writeCommentOnFinalLine = isExpandedConst
- comments = w.writeHead(rule.Head, rule.Default, isExpandedConst, comments)
-
- // this excludes partial sets UNLESS `contains` is used
- partialSetException := w.fmtOpts.contains || rule.Head.Value != nil
+ var err error
+ var unexpectedComment bool
+ comments, err = w.writeHead(rule.Head, rule.Default, isExpandedConst, comments)
+ if err != nil {
+ if errors.As(err, &unexpectedCommentError{}) {
+ unexpectedComment = true
+ } else {
+ return nil, err
+ }
+ }
if len(rule.Body) == 0 || isExpandedConst {
w.endLine()
- return comments
+ return comments, nil
}
+ w.writeCommentOnFinalLine = true
+
+ // this excludes partial sets UNLESS `contains` is used
+ partialSetException := w.fmtOpts.contains || rule.Head.Value != nil
+
if (w.fmtOpts.regoV1 || w.fmtOpts.ifs) && partialSetException {
w.write(" if")
if len(rule.Body) == 1 {
if rule.Body[0].Location.Row == rule.Head.Location.Row {
w.write(" ")
- comments = w.writeExpr(rule.Body[0], comments)
+ var err error
+ comments, err = w.writeExpr(rule.Body[0], comments)
+ if err != nil {
+ return nil, err
+ }
w.endLine()
if rule.Else != nil {
- comments = w.writeElse(rule, comments)
+ comments, err = w.writeElse(rule, comments)
+ if err != nil {
+ return nil, err
+ }
}
- return comments
+ return comments, nil
}
}
}
- w.write(" {")
- w.endLine()
+ if unexpectedComment && len(comments) > 0 {
+ w.write(" { ")
+ } else {
+ w.write(" {")
+ w.endLine()
+ }
+
w.up()
- comments = w.writeBody(rule.Body, comments)
+ comments, err = w.writeBody(rule.Body, comments)
+ if err != nil {
+ // the unexpected comment error is passed up to be handled by writeHead
+ if !errors.As(err, &unexpectedCommentError{}) {
+ return nil, err
+ }
+ }
var closeLoc *ast.Location
@@ -470,18 +636,28 @@ func (w *writer) writeRule(rule *ast.Rule, isElse bool, comments []*ast.Comment)
closeLoc = closingLoc(0, 0, '{', '}', rule.Location)
}
- comments = w.insertComments(comments, closeLoc)
+ comments, err = w.insertComments(comments, closeLoc)
+ if err != nil {
+ return nil, err
+ }
- w.down()
+ if err := w.down(); err != nil {
+ return nil, err
+ }
w.startLine()
w.write("}")
if rule.Else != nil {
- comments = w.writeElse(rule, comments)
+ comments, err = w.writeElse(rule, comments)
+ if err != nil {
+ return nil, err
+ }
}
- return comments
+ return comments, nil
}
-func (w *writer) writeElse(rule *ast.Rule, comments []*ast.Comment) []*ast.Comment {
+var elseVar ast.Value = ast.Var("else")
+
+func (w *writer) writeElse(rule *ast.Rule, comments []*ast.Comment) ([]*ast.Comment, error) {
// If there was nothing else on the line before the "else" starts
// then preserve this style of else block, otherwise it will be
// started as an "inline" else eg:
@@ -526,9 +702,17 @@ func (w *writer) writeElse(rule *ast.Rule, comments []*ast.Comment) []*ast.Comme
}
rule.Else.Head.Name = "else" // NOTE(sr): whaaat
- rule.Else.Head.Reference = ast.Ref{ast.VarTerm("else")}
+
+ elseHeadReference := ast.NewTerm(elseVar) // construct a reference for the term
+ elseHeadReference.Location = rule.Else.Head.Location // and set the location to match the rule location
+
+ rule.Else.Head.Reference = ast.Ref{elseHeadReference}
rule.Else.Head.Args = nil
- comments = w.insertComments(comments, rule.Else.Head.Location)
+ var err error
+ comments, err = w.insertComments(comments, rule.Else.Head.Location)
+ if err != nil {
+ return nil, err
+ }
if hasCommentAbove && !wasInline {
// The comments would have ended the line, be sure to start one again
@@ -546,14 +730,27 @@ func (w *writer) writeElse(rule *ast.Rule, comments []*ast.Comment) []*ast.Comme
return w.writeRule(rule.Else, true, comments)
}
-func (w *writer) writeHead(head *ast.Head, isDefault, isExpandedConst bool, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeHead(head *ast.Head, isDefault bool, isExpandedConst bool, comments []*ast.Comment) ([]*ast.Comment, error) {
ref := head.Ref()
if head.Key != nil && head.Value == nil && !head.HasDynamicRef() {
ref = ref.GroundPrefix()
}
if w.fmtOpts.refHeads || len(ref) == 1 {
- w.writeRef(ref)
+ var err error
+ comments, err = w.writeRef(ref, comments)
+ if err != nil {
+ return nil, err
+ }
} else {
+ // if there are comments within the object in the rule head, don't format it
+ if len(comments) > 0 && ref[1].Location.Row == comments[0].Location.Row {
+ comments, err := w.writeUnformatted(head.Location, comments)
+ if err != nil {
+ return nil, err
+ }
+ return comments, nil
+ }
+
w.write(ref[0].String())
w.write("[")
w.write(ref[1].String())
@@ -562,26 +759,38 @@ func (w *writer) writeHead(head *ast.Head, isDefault, isExpandedConst bool, comm
if len(head.Args) > 0 {
w.write("(")
- var args []interface{}
+ var args []any
for _, arg := range head.Args {
args = append(args, arg)
}
- comments = w.writeIterable(args, head.Location, closingLoc(0, 0, '(', ')', head.Location), comments, w.listWriter())
+ var err error
+ comments, err = w.writeIterable(args, head.Location, closingLoc(0, 0, '(', ')', head.Location), comments, w.listWriter())
w.write(")")
+ if err != nil {
+ return comments, err
+ }
}
if head.Key != nil {
if w.fmtOpts.contains && head.Value == nil {
w.write(" contains ")
- comments = w.writeTerm(head.Key, comments)
+ var err error
+ comments, err = w.writeTerm(head.Key, comments)
+ if err != nil {
+ return comments, err
+ }
} else if head.Value == nil { // no `if` for p[x] notation
w.write("[")
- comments = w.writeTerm(head.Key, comments)
+ var err error
+ comments, err = w.writeTerm(head.Key, comments)
+ if err != nil {
+ return comments, err
+ }
w.write("]")
}
}
if head.Value != nil &&
- (head.Key != nil || ast.Compare(head.Value, ast.BooleanTerm(true)) != 0 || isExpandedConst || isDefault) {
+ (head.Key != nil || !ast.InternedBooleanTerm(true).Equal(head.Value) || isExpandedConst || isDefault) {
// in rego v1, explicitly print value for ref-head constants that aren't partial set assignments, e.g.:
// * a -> parser error, won't reach here
@@ -592,12 +801,12 @@ func (w *writer) writeHead(head *ast.Head, isDefault, isExpandedConst bool, comm
if head.Location == head.Value.Location &&
head.Name != "else" &&
- ast.Compare(head.Value, ast.BooleanTerm(true)) == 0 &&
+ ast.InternedBooleanTerm(true).Equal(head.Value) &&
!isRegoV1RefConst {
// If the value location is the same as the location of the head,
// we know that the value is generated, i.e. f(1)
// Don't print the value (` = true`) as it is implied.
- return comments
+ return comments, nil
}
if head.Assign || w.fmtOpts.regoV1 {
@@ -606,24 +815,35 @@ func (w *writer) writeHead(head *ast.Head, isDefault, isExpandedConst bool, comm
} else {
w.write(" = ")
}
- comments = w.writeTerm(head.Value, comments)
+ var err error
+ comments, err = w.writeTerm(head.Value, comments)
+ if err != nil {
+ return comments, err
+ }
}
- return comments
+ return comments, nil
}
-func (w *writer) insertComments(comments []*ast.Comment, loc *ast.Location) []*ast.Comment {
+func (w *writer) insertComments(comments []*ast.Comment, loc *ast.Location) ([]*ast.Comment, error) {
before, at, comments := partitionComments(comments, loc)
- w.writeComments(before)
+
+ err := w.writeComments(before)
+ if err != nil {
+ return nil, err
+ }
if len(before) > 0 && loc.Row-before[len(before)-1].Location.Row > 1 {
w.blankLine()
}
- w.beforeLineEnd(at)
- return comments
+ return comments, w.beforeLineEnd(at)
}
-func (w *writer) writeBody(body ast.Body, comments []*ast.Comment) []*ast.Comment {
- comments = w.insertComments(comments, body.Loc())
+func (w *writer) writeBody(body ast.Body, comments []*ast.Comment) ([]*ast.Comment, error) {
+ var err error
+ comments, err = w.insertComments(comments, body.Loc())
+ if err != nil {
+ return comments, err
+ }
for i, expr := range body {
// Insert a blank line in before the expression if it was not right
// after the previous expression.
@@ -640,14 +860,21 @@ func (w *writer) writeBody(body ast.Body, comments []*ast.Comment) []*ast.Commen
}
w.startLine()
- comments = w.writeExpr(expr, comments)
+ comments, err = w.writeExpr(expr, comments)
+ if err != nil && !errors.As(err, &unexpectedCommentError{}) {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
w.endLine()
}
- return comments
+ return comments, nil
}
-func (w *writer) writeExpr(expr *ast.Expr, comments []*ast.Comment) []*ast.Comment {
- comments = w.insertComments(comments, expr.Location)
+func (w *writer) writeExpr(expr *ast.Expr, comments []*ast.Comment) ([]*ast.Comment, error) {
+ var err error
+ comments, err = w.insertComments(comments, expr.Location)
+ if err != nil {
+ return comments, err
+ }
if !w.inline {
w.startLine()
}
@@ -658,37 +885,65 @@ func (w *writer) writeExpr(expr *ast.Expr, comments []*ast.Comment) []*ast.Comme
switch t := expr.Terms.(type) {
case *ast.SomeDecl:
- comments = w.writeSomeDecl(t, comments)
+ comments, err = w.writeSomeDecl(t, comments)
+ if err != nil {
+ return nil, err
+ }
case *ast.Every:
- comments = w.writeEvery(t, comments)
+ comments, err = w.writeEvery(t, comments)
+ if err != nil {
+ return nil, err
+ }
case []*ast.Term:
- comments = w.writeFunctionCall(expr, comments)
+ comments, err = w.writeFunctionCall(expr, comments)
+ if err != nil {
+ return comments, err
+ }
case *ast.Term:
- comments = w.writeTerm(t, comments)
+ comments, err = w.writeTerm(t, comments)
+ if err != nil {
+ return comments, err
+ }
}
- var indented bool
+ var indented, down bool
for i, with := range expr.With {
if i == 0 || with.Location.Row == expr.With[i-1].Location.Row { // we're on the same line
- comments = w.writeWith(with, comments, false)
+ comments, err = w.writeWith(with, comments, false)
+ if err != nil {
+ return nil, err
+ }
} else { // we're on a new line
if !indented {
indented = true
w.up()
- defer w.down()
+ down = true
}
w.endLine()
w.startLine()
- comments = w.writeWith(with, comments, true)
+ comments, err = w.writeWith(with, comments, true)
+ if err != nil {
+ return nil, err
+ }
}
}
- return comments
+ if down {
+ if err := w.down(); err != nil {
+ return nil, err
+ }
+ }
+
+ return comments, nil
}
-func (w *writer) writeSomeDecl(decl *ast.SomeDecl, comments []*ast.Comment) []*ast.Comment {
- comments = w.insertComments(comments, decl.Location)
+func (w *writer) writeSomeDecl(decl *ast.SomeDecl, comments []*ast.Comment) ([]*ast.Comment, error) {
+ var err error
+ comments, err = w.insertComments(comments, decl.Location)
+ if err != nil {
+ return nil, err
+ }
w.write("some ")
row := decl.Location.Row
@@ -705,41 +960,66 @@ func (w *writer) writeSomeDecl(decl *ast.SomeDecl, comments []*ast.Comment) []*a
w.write(" ")
}
- comments = w.writeTerm(term, comments)
+ comments, err = w.writeTerm(term, comments)
+ if err != nil {
+ return nil, err
+ }
if i < len(decl.Symbols)-1 {
w.write(",")
}
case ast.Call:
- comments = w.writeInOperator(false, val[1:], comments, decl.Location, ast.BuiltinMap[val[0].String()].Decl)
+ comments, err = w.writeInOperator(false, val[1:], comments, decl.Location, ast.BuiltinMap[val[0].String()].Decl)
+ if err != nil {
+ return nil, err
+ }
}
}
- return comments
+ return comments, nil
}
-func (w *writer) writeEvery(every *ast.Every, comments []*ast.Comment) []*ast.Comment {
- comments = w.insertComments(comments, every.Location)
+func (w *writer) writeEvery(every *ast.Every, comments []*ast.Comment) ([]*ast.Comment, error) {
+ var err error
+ comments, err = w.insertComments(comments, every.Location)
+ if err != nil {
+ return nil, err
+ }
w.write("every ")
if every.Key != nil {
- comments = w.writeTerm(every.Key, comments)
+ comments, err = w.writeTerm(every.Key, comments)
+ if err != nil {
+ return nil, err
+ }
w.write(", ")
}
- comments = w.writeTerm(every.Value, comments)
+ comments, err = w.writeTerm(every.Value, comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" in ")
- comments = w.writeTerm(every.Domain, comments)
+ comments, err = w.writeTerm(every.Domain, comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" {")
- comments = w.writeComprehensionBody('{', '}', every.Body, every.Loc(), every.Loc(), comments)
+ comments, err = w.writeComprehensionBody('{', '}', every.Body, every.Loc(), every.Loc(), comments)
+ if err != nil {
+ // the unexpected comment error is passed up to be handled by writeHead
+ if !errors.As(err, &unexpectedCommentError{}) {
+ return nil, err
+ }
+ }
if len(every.Body) == 1 &&
every.Body[0].Location.Row == every.Location.Row {
w.write(" ")
}
w.write("}")
- return comments
+ return comments, nil
}
-func (w *writer) writeFunctionCall(expr *ast.Expr, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeFunctionCall(expr *ast.Expr, comments []*ast.Comment) ([]*ast.Comment, error) {
terms := expr.Terms.([]*ast.Term)
operator := terms[0].Value.String()
@@ -754,22 +1034,34 @@ func (w *writer) writeFunctionCall(expr *ast.Expr, comments []*ast.Comment) []*a
return w.writeFunctionCallPlain(terms, comments)
}
- numDeclArgs := len(bi.Decl.Args())
+ numDeclArgs := bi.Decl.Arity()
numCallArgs := len(terms) - 1
+ var err error
switch numCallArgs {
case numDeclArgs: // Print infix where result is unassigned (e.g., x != y)
- comments = w.writeTerm(terms[1], comments)
+ comments, err = w.writeTerm(terms[1], comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" " + bi.Infix + " ")
return w.writeTerm(terms[2], comments)
-
case numDeclArgs + 1: // Print infix where result is assigned (e.g., z = x + y)
- comments = w.writeTerm(terms[3], comments)
+ comments, err = w.writeTerm(terms[3], comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" " + ast.Equality.Infix + " ")
- comments = w.writeTerm(terms[1], comments)
+ comments, err = w.writeTerm(terms[1], comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" " + bi.Infix + " ")
- comments = w.writeTerm(terms[2], comments)
- return comments
+ comments, err = w.writeTerm(terms[2], comments)
+ if err != nil {
+ return nil, err
+ }
+ return comments, nil
}
// NOTE(Trolloldem): in this point we are operating with a built-in function with the
// wrong arity even when the assignment notation is used
@@ -777,65 +1069,175 @@ func (w *writer) writeFunctionCall(expr *ast.Expr, comments []*ast.Comment) []*a
return w.writeFunctionCallPlain(terms, comments)
}
-func (w *writer) writeFunctionCallPlain(terms []*ast.Term, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeFunctionCallPlain(terms []*ast.Term, comments []*ast.Comment) ([]*ast.Comment, error) {
w.write(terms[0].String() + "(")
defer w.write(")")
- args := make([]interface{}, len(terms)-1)
+ args := make([]any, len(terms)-1)
for i, t := range terms[1:] {
args[i] = t
}
loc := terms[0].Location
- return w.writeIterable(args, loc, closingLoc(0, 0, '(', ')', loc), comments, w.listWriter())
+ var err error
+ comments, err = w.writeIterable(args, loc, closingLoc(0, 0, '(', ')', loc), comments, w.listWriter())
+ if err != nil {
+ return nil, err
+ }
+ return comments, nil
}
-func (w *writer) writeWith(with *ast.With, comments []*ast.Comment, indented bool) []*ast.Comment {
- comments = w.insertComments(comments, with.Location)
+func (w *writer) writeWith(with *ast.With, comments []*ast.Comment, indented bool) ([]*ast.Comment, error) {
+ var err error
+ comments, err = w.insertComments(comments, with.Location)
+ if err != nil {
+ return nil, err
+ }
if !indented {
w.write(" ")
}
w.write("with ")
- comments = w.writeTerm(with.Target, comments)
+ comments, err = w.writeTerm(with.Target, comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" as ")
- return w.writeTerm(with.Value, comments)
+ comments, err = w.writeTerm(with.Value, comments)
+ if err != nil {
+ return nil, err
+ }
+ return comments, nil
}
-func (w *writer) writeTerm(term *ast.Term, comments []*ast.Comment) []*ast.Comment {
- return w.writeTermParens(false, term, comments)
+func (w *writer) writeTerm(term *ast.Term, comments []*ast.Comment) ([]*ast.Comment, error) {
+ currentComments := make([]*ast.Comment, len(comments))
+ copy(currentComments, comments)
+
+ currentLen := w.buf.Len()
+
+ comments, err := w.writeTermParens(false, term, comments)
+ if err != nil {
+ if errors.As(err, &unexpectedCommentError{}) {
+ w.buf.Truncate(currentLen)
+
+ comments, uErr := w.writeUnformatted(term.Location, currentComments)
+ if uErr != nil {
+ return nil, uErr
+ }
+ return comments, err
+ }
+ return nil, err
+ }
+
+ return comments, nil
+}
+
+// writeUnformatted writes the unformatted text instead and updates the comment state
+func (w *writer) writeUnformatted(location *ast.Location, currentComments []*ast.Comment) ([]*ast.Comment, error) {
+ if len(location.Text) == 0 {
+ return nil, errors.New("original unformatted text is empty")
+ }
+
+ rawRule := string(location.Text)
+ rowNum := len(strings.Split(rawRule, "\n"))
+
+ w.write(string(location.Text))
+
+ comments := make([]*ast.Comment, 0, len(currentComments))
+ for _, c := range currentComments {
+ // if there is a body then wait to write the last comment
+ if w.writeCommentOnFinalLine && c.Location.Row == location.Row+rowNum-1 {
+ w.write(" " + string(c.Location.Text))
+ continue
+ }
+
+ // drop comments that occur within the rule raw text
+ if c.Location.Row < location.Row+rowNum-1 {
+ continue
+ }
+ comments = append(comments, c)
+ }
+ return comments, nil
}
-func (w *writer) writeTermParens(parens bool, term *ast.Term, comments []*ast.Comment) []*ast.Comment {
- comments = w.insertComments(comments, term.Location)
+func (w *writer) writeTermParens(parens bool, term *ast.Term, comments []*ast.Comment) ([]*ast.Comment, error) {
+ var err error
+ comments, err = w.insertComments(comments, term.Location)
+ if err != nil {
+ return nil, err
+ }
if !w.inline {
w.startLine()
}
switch x := term.Value.(type) {
case ast.Ref:
- w.writeRef(x)
+ comments, err = w.writeRef(x, comments)
+ if err != nil {
+ return nil, err
+ }
case ast.Object:
- comments = w.writeObject(x, term.Location, comments)
+ comments, err = w.writeObject(x, term.Location, comments)
+ if err != nil {
+ return nil, err
+ }
case *ast.Array:
- comments = w.writeArray(x, term.Location, comments)
+ comments, err = w.writeArray(x, term.Location, comments)
+ if err != nil {
+ return nil, err
+ }
case ast.Set:
- comments = w.writeSet(x, term.Location, comments)
+ comments, err = w.writeSet(x, term.Location, comments)
+ if err != nil {
+ return nil, err
+ }
case *ast.ArrayComprehension:
- comments = w.writeArrayComprehension(x, term.Location, comments)
+ comments, err = w.writeArrayComprehension(x, term.Location, comments)
+ if err != nil {
+ return nil, err
+ }
case *ast.ObjectComprehension:
- comments = w.writeObjectComprehension(x, term.Location, comments)
+ comments, err = w.writeObjectComprehension(x, term.Location, comments)
+ if err != nil {
+ return nil, err
+ }
case *ast.SetComprehension:
- comments = w.writeSetComprehension(x, term.Location, comments)
+ comments, err = w.writeSetComprehension(x, term.Location, comments)
+ if err != nil {
+ return nil, err
+ }
case ast.String:
if term.Location.Text[0] == '`' {
// To preserve raw strings, we need to output the original text,
- // not what x.String() would give us.
w.write(string(term.Location.Text))
} else {
- w.write(x.String())
+ // x.String() cannot be used by default because it can change the input string "\u0000" to "\x00"
+ var after, quote string
+ var found bool
+ // term.Location.Text could contain the prefix `else :=`, remove it
+ switch term.Location.Text[len(term.Location.Text)-1] {
+ case '"':
+ quote = "\""
+ _, after, found = strings.Cut(string(term.Location.Text), quote)
+ case '`':
+ quote = "`"
+ _, after, found = strings.Cut(string(term.Location.Text), quote)
+ }
+
+ if !found {
+ // If no quoted string was found, that means it is a key being formatted to a string
+ // e.g. partial_set.y to partial_set["y"]
+ w.write(x.String())
+ } else {
+ w.write(quote + after)
+ }
+
}
case ast.Var:
w.write(w.formatVar(x))
case ast.Call:
- comments = w.writeCall(parens, x, term.Location, comments)
+ comments, err = w.writeCall(parens, x, term.Location, comments)
+ if err != nil {
+ return nil, err
+ }
case fmt.Stringer:
w.write(x.String())
}
@@ -843,17 +1245,21 @@ func (w *writer) writeTermParens(parens bool, term *ast.Term, comments []*ast.Co
if !w.inline {
w.startLine()
}
- return comments
+ return comments, nil
}
-func (w *writer) writeRef(x ast.Ref) {
+func (w *writer) writeRef(x ast.Ref, comments []*ast.Comment) ([]*ast.Comment, error) {
if len(x) > 0 {
parens := false
_, ok := x[0].Value.(ast.Call)
if ok {
parens = x[0].Location.Text[0] == 40 // Starts with "("
}
- w.writeTermParens(parens, x[0], nil)
+ var err error
+ comments, err = w.writeTermParens(parens, x[0], comments)
+ if err != nil {
+ return nil, err
+ }
path := x[1:]
for _, t := range path {
switch p := t.Value.(type) {
@@ -863,11 +1269,21 @@ func (w *writer) writeRef(x ast.Ref) {
w.writeBracketed(w.formatVar(p))
default:
w.write("[")
- w.writeTerm(t, nil)
+ comments, err = w.writeTerm(t, comments)
+ if err != nil {
+ if errors.As(err, &unexpectedCommentError{}) {
+ // add a new line so that the closing bracket isn't part of the unexpected comment
+ w.write("\n")
+ } else {
+ return nil, err
+ }
+ }
w.write("]")
}
}
}
+
+ return comments, nil
}
func (w *writer) writeBracketed(str string) {
@@ -885,14 +1301,14 @@ func (w *writer) writeRefStringPath(s ast.String) {
}
}
-func (w *writer) formatVar(v ast.Var) string {
+func (*writer) formatVar(v ast.Var) string {
if v.IsWildcard() {
return ast.Wildcard.String()
}
return v.String()
}
-func (w *writer) writeCall(parens bool, x ast.Call, loc *ast.Location, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeCall(parens bool, x ast.Call, loc *ast.Location, comments []*ast.Comment) ([]*ast.Comment, error) {
bi, ok := ast.BuiltinMap[x[0].String()]
if !ok || bi.Infix == "" {
return w.writeFunctionCallPlain(x, comments)
@@ -912,110 +1328,148 @@ func (w *writer) writeCall(parens bool, x ast.Call, loc *ast.Location, comments
// NOTE(Trolloldem): writeCall is only invoked when the function call is a term
// of another function. The only valid arity is the one of the
// built-in function
- if len(bi.Decl.Args()) != len(x)-1 {
+ if bi.Decl.Arity() != len(x)-1 {
w.errs = append(w.errs, ArityFormatMismatchError(x[1:], x[0].String(), loc, bi.Decl))
- return comments
+ return comments, nil
}
- comments = w.writeTermParens(true, x[1], comments)
+ var err error
+ comments, err = w.writeTermParens(true, x[1], comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" " + bi.Infix + " ")
- comments = w.writeTermParens(true, x[2], comments)
+ comments, err = w.writeTermParens(true, x[2], comments)
+ if err != nil {
+ return nil, err
+ }
if parens {
w.write(")")
}
- return comments
+ return comments, nil
}
-func (w *writer) writeInOperator(parens bool, operands []*ast.Term, comments []*ast.Comment, loc *ast.Location, f *types.Function) []*ast.Comment {
+func (w *writer) writeInOperator(parens bool, operands []*ast.Term, comments []*ast.Comment, loc *ast.Location, f *types.Function) ([]*ast.Comment, error) {
- if len(operands) != len(f.Args()) {
+ if len(operands) != f.Arity() {
// The number of operands does not math the arity of the `in` operator
operator := ast.Member.Name
- if len(f.Args()) == 3 {
+ if f.Arity() == 3 {
operator = ast.MemberWithKey.Name
}
w.errs = append(w.errs, ArityFormatMismatchError(operands, operator, loc, f))
- return comments
+ return comments, nil
}
kw := "in"
+ var err error
switch len(operands) {
case 2:
- comments = w.writeTermParens(true, operands[0], comments)
+ comments, err = w.writeTermParens(true, operands[0], comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" ")
w.write(kw)
w.write(" ")
- comments = w.writeTermParens(true, operands[1], comments)
+ comments, err = w.writeTermParens(true, operands[1], comments)
+ if err != nil {
+ return nil, err
+ }
case 3:
if parens {
w.write("(")
defer w.write(")")
}
- comments = w.writeTermParens(true, operands[0], comments)
+ comments, err = w.writeTermParens(true, operands[0], comments)
+ if err != nil {
+ return nil, err
+ }
w.write(", ")
- comments = w.writeTermParens(true, operands[1], comments)
+ comments, err = w.writeTermParens(true, operands[1], comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" ")
w.write(kw)
w.write(" ")
- comments = w.writeTermParens(true, operands[2], comments)
+ comments, err = w.writeTermParens(true, operands[2], comments)
+ if err != nil {
+ return nil, err
+ }
}
- return comments
+ return comments, nil
}
-func (w *writer) writeObject(obj ast.Object, loc *ast.Location, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeObject(obj ast.Object, loc *ast.Location, comments []*ast.Comment) ([]*ast.Comment, error) {
w.write("{")
defer w.write("}")
- var s []interface{}
+ var s []any
obj.Foreach(func(k, v *ast.Term) {
s = append(s, ast.Item(k, v))
})
return w.writeIterable(s, loc, closingLoc(0, 0, '{', '}', loc), comments, w.objectWriter())
}
-func (w *writer) writeArray(arr *ast.Array, loc *ast.Location, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeArray(arr *ast.Array, loc *ast.Location, comments []*ast.Comment) ([]*ast.Comment, error) {
w.write("[")
defer w.write("]")
- var s []interface{}
+ var s []any
arr.Foreach(func(t *ast.Term) {
s = append(s, t)
})
- return w.writeIterable(s, loc, closingLoc(0, 0, '[', ']', loc), comments, w.listWriter())
+ var err error
+ comments, err = w.writeIterable(s, loc, closingLoc(0, 0, '[', ']', loc), comments, w.listWriter())
+ if err != nil {
+ return nil, err
+ }
+ return comments, nil
}
-func (w *writer) writeSet(set ast.Set, loc *ast.Location, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeSet(set ast.Set, loc *ast.Location, comments []*ast.Comment) ([]*ast.Comment, error) {
if set.Len() == 0 {
w.write("set()")
- return w.insertComments(comments, closingLoc(0, 0, '(', ')', loc))
+ var err error
+ comments, err = w.insertComments(comments, closingLoc(0, 0, '(', ')', loc))
+ if err != nil {
+ return nil, err
+ }
+ return comments, nil
}
w.write("{")
defer w.write("}")
- var s []interface{}
+ var s []any
set.Foreach(func(t *ast.Term) {
s = append(s, t)
})
- return w.writeIterable(s, loc, closingLoc(0, 0, '{', '}', loc), comments, w.listWriter())
+ var err error
+ comments, err = w.writeIterable(s, loc, closingLoc(0, 0, '{', '}', loc), comments, w.listWriter())
+ if err != nil {
+ return nil, err
+ }
+ return comments, nil
}
-func (w *writer) writeArrayComprehension(arr *ast.ArrayComprehension, loc *ast.Location, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeArrayComprehension(arr *ast.ArrayComprehension, loc *ast.Location, comments []*ast.Comment) ([]*ast.Comment, error) {
w.write("[")
defer w.write("]")
return w.writeComprehension('[', ']', arr.Term, arr.Body, loc, comments)
}
-func (w *writer) writeSetComprehension(set *ast.SetComprehension, loc *ast.Location, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeSetComprehension(set *ast.SetComprehension, loc *ast.Location, comments []*ast.Comment) ([]*ast.Comment, error) {
w.write("{")
defer w.write("}")
return w.writeComprehension('{', '}', set.Term, set.Body, loc, comments)
}
-func (w *writer) writeObjectComprehension(object *ast.ObjectComprehension, loc *ast.Location, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeObjectComprehension(object *ast.ObjectComprehension, loc *ast.Location, comments []*ast.Comment) ([]*ast.Comment, error) {
w.write("{")
defer w.write("}")
@@ -1025,12 +1479,16 @@ func (w *writer) writeObjectComprehension(object *ast.ObjectComprehension, loc *
w.startLine()
}
- comments = w.writeTerm(object.Key, comments)
+ var err error
+ comments, err = w.writeTerm(object.Key, comments)
+ if err != nil {
+ return nil, err
+ }
w.write(": ")
return w.writeComprehension('{', '}', object.Value, object.Body, loc, comments)
}
-func (w *writer) writeComprehension(open, close byte, term *ast.Term, body ast.Body, loc *ast.Location, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeComprehension(openChar, closeChar byte, term *ast.Term, body ast.Body, loc *ast.Location, comments []*ast.Comment) ([]*ast.Comment, error) {
if term.Location.Row-loc.Row >= 1 {
w.endLine()
w.startLine()
@@ -1041,55 +1499,82 @@ func (w *writer) writeComprehension(open, close byte, term *ast.Term, body ast.B
if ok {
parens = term.Location.Text[0] == 40 // Starts with "("
}
- comments = w.writeTermParens(parens, term, comments)
+ var err error
+ comments, err = w.writeTermParens(parens, term, comments)
+ if err != nil {
+ return nil, err
+ }
w.write(" |")
- return w.writeComprehensionBody(open, close, body, term.Location, loc, comments)
+ return w.writeComprehensionBody(openChar, closeChar, body, term.Location, loc, comments)
}
-func (w *writer) writeComprehensionBody(open, close byte, body ast.Body, term, compr *ast.Location, comments []*ast.Comment) []*ast.Comment {
- exprs := make([]interface{}, 0, len(body))
+func (w *writer) writeComprehensionBody(openChar, closeChar byte, body ast.Body, term, compr *ast.Location, comments []*ast.Comment) ([]*ast.Comment, error) {
+ exprs := make([]any, 0, len(body))
for _, expr := range body {
exprs = append(exprs, expr)
}
- lines := groupIterable(exprs, term)
+ lines, err := w.groupIterable(exprs, term)
+ if err != nil {
+ return nil, err
+ }
if body.Loc().Row-term.Row > 0 || len(lines) > 1 {
w.endLine()
w.up()
defer w.startLine()
- defer w.down()
+ defer func() {
+ if err := w.down(); err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
+ }()
- comments = w.writeBody(body, comments)
+ var err error
+ comments, err = w.writeBody(body, comments)
+ if err != nil {
+ return comments, err
+ }
} else {
w.write(" ")
i := 0
for ; i < len(body)-1; i++ {
- comments = w.writeExpr(body[i], comments)
+ comments, err = w.writeExpr(body[i], comments)
+ if err != nil {
+ return comments, err
+ }
w.write("; ")
}
- comments = w.writeExpr(body[i], comments)
+ comments, err = w.writeExpr(body[i], comments)
+ if err != nil {
+ return comments, err
+ }
}
-
- return w.insertComments(comments, closingLoc(0, 0, open, close, compr))
+ comments, err = w.insertComments(comments, closingLoc(0, 0, openChar, closeChar, compr))
+ if err != nil {
+ return nil, err
+ }
+ return comments, nil
}
-func (w *writer) writeImports(imports []*ast.Import, comments []*ast.Comment) []*ast.Comment {
+func (w *writer) writeImports(imports []*ast.Import, comments []*ast.Comment) ([]*ast.Comment, error) {
m, comments := mapImportsToComments(imports, comments)
groups := groupImports(imports)
for _, group := range groups {
- comments = w.insertComments(comments, group[0].Loc())
+ var err error
+ comments, err = w.insertComments(comments, group[0].Loc())
+ if err != nil {
+ return nil, err
+ }
// Sort imports within a newline grouping.
- sort.Slice(group, func(i, j int) bool {
- a := group[i]
- b := group[j]
- return a.Compare(b) < 0
- })
+ slices.SortFunc(group, (*ast.Import).Compare)
for _, i := range group {
w.startLine()
- w.writeImport(i)
+ err = w.writeImport(i)
+ if err != nil {
+ return nil, err
+ }
if c, ok := m[i]; ok {
w.write(" " + c.String())
}
@@ -1098,10 +1583,10 @@ func (w *writer) writeImports(imports []*ast.Import, comments []*ast.Comment) []
w.blankLine()
}
- return comments
+ return comments, nil
}
-func (w *writer) writeImport(imp *ast.Import) {
+func (w *writer) writeImport(imp *ast.Import) error {
path := imp.Path.Value.(ast.Ref)
buf := []string{"import"}
@@ -1111,7 +1596,10 @@ func (w *writer) writeImport(imp *ast.Import) {
w2 := writer{
buf: bytes.Buffer{},
}
- w2.writeRef(path)
+ _, err := w2.writeRef(path, nil)
+ if err != nil {
+ return err
+ }
buf = append(buf, w2.buf.String())
} else {
buf = append(buf, path.String())
@@ -1121,12 +1609,17 @@ func (w *writer) writeImport(imp *ast.Import) {
buf = append(buf, "as "+imp.Alias.String())
}
w.write(strings.Join(buf, " "))
+
+ return nil
}
-type entryWriter func(interface{}, []*ast.Comment) []*ast.Comment
+type entryWriter func(any, []*ast.Comment) ([]*ast.Comment, error)
-func (w *writer) writeIterable(elements []interface{}, last *ast.Location, close *ast.Location, comments []*ast.Comment, fn entryWriter) []*ast.Comment {
- lines := groupIterable(elements, last)
+func (w *writer) writeIterable(elements []any, last *ast.Location, close *ast.Location, comments []*ast.Comment, fn entryWriter) ([]*ast.Comment, error) {
+ lines, err := w.groupIterable(elements, last)
+ if err != nil {
+ return nil, err
+ }
if len(lines) > 1 {
w.delayBeforeEnd()
w.startMultilineSeq()
@@ -1134,34 +1627,49 @@ func (w *writer) writeIterable(elements []interface{}, last *ast.Location, close
i := 0
for ; i < len(lines)-1; i++ {
- comments = w.writeIterableLine(lines[i], comments, fn)
+ comments, err = w.writeIterableLine(lines[i], comments, fn)
+ if err != nil {
+ return nil, err
+ }
w.write(",")
w.endLine()
w.startLine()
}
- comments = w.writeIterableLine(lines[i], comments, fn)
+ comments, err = w.writeIterableLine(lines[i], comments, fn)
+ if err != nil {
+ return nil, err
+ }
if len(lines) > 1 {
w.write(",")
w.endLine()
- comments = w.insertComments(comments, close)
- w.down()
+ comments, err = w.insertComments(comments, close)
+ if err != nil {
+ return nil, err
+ }
+ if err := w.down(); err != nil {
+ return nil, err
+ }
w.startLine()
}
- return comments
+ return comments, nil
}
-func (w *writer) writeIterableLine(elements []interface{}, comments []*ast.Comment, fn entryWriter) []*ast.Comment {
+func (w *writer) writeIterableLine(elements []any, comments []*ast.Comment, fn entryWriter) ([]*ast.Comment, error) {
if len(elements) == 0 {
- return comments
+ return comments, nil
}
i := 0
for ; i < len(elements)-1; i++ {
- comments = fn(elements[i], comments)
+ var err error
+ comments, err = fn(elements[i], comments)
+ if err != nil {
+ return nil, err
+ }
w.write(", ")
}
@@ -1169,7 +1677,7 @@ func (w *writer) writeIterableLine(elements []interface{}, comments []*ast.Comme
}
func (w *writer) objectWriter() entryWriter {
- return func(x interface{}, comments []*ast.Comment) []*ast.Comment {
+ return func(x any, comments []*ast.Comment) ([]*ast.Comment, error) {
entry := x.([2]*ast.Term)
call, isCall := entry[0].Value.(ast.Call)
@@ -1180,7 +1688,11 @@ func (w *writer) objectWriter() entryWriter {
w.write("(")
}
- comments = w.writeTerm(entry[0], comments)
+ var err error
+ comments, err = w.writeTerm(entry[0], comments)
+ if err != nil {
+ return nil, err
+ }
if paren {
w.write(")")
}
@@ -1198,7 +1710,7 @@ func (w *writer) objectWriter() entryWriter {
}
func (w *writer) listWriter() entryWriter {
- return func(x interface{}, comments []*ast.Comment) []*ast.Comment {
+ return func(x any, comments []*ast.Comment) ([]*ast.Comment, error) {
t, ok := x.(*ast.Term)
if ok {
call, isCall := t.Value.(ast.Call)
@@ -1214,7 +1726,7 @@ func (w *writer) listWriter() entryWriter {
// groupIterable will group the `elements` slice into slices according to their
// location: anything on the same line will be put into a slice.
-func groupIterable(elements []interface{}, last *ast.Location) [][]interface{} {
+func (w *writer) groupIterable(elements []any, last *ast.Location) ([][]any, error) {
// Generated vars occur in the AST when we're rendering the result of
// partial evaluation in a bundle build with optimization.
// Those variables, and wildcard variables have the "default location",
@@ -1241,18 +1753,26 @@ func groupIterable(elements []interface{}, last *ast.Location) [][]interface{} {
return false
})
if def { // return as-is
- return [][]interface{}{elements}
+ return [][]any{elements}, nil
}
}
- sort.Slice(elements, func(i, j int) bool {
- return locLess(elements[i], elements[j])
+
+ slices.SortFunc(elements, func(i, j any) int {
+ l, err := locCmp(i, j)
+ if err != nil {
+ w.errs = append(w.errs, ast.NewError(ast.FormatErr, &ast.Location{}, err.Error()))
+ }
+ return l
})
- var lines [][]interface{}
- cur := make([]interface{}, 0, len(elements))
+ var lines [][]any
+ cur := make([]any, 0, len(elements))
for i, t := range elements {
elem := t
- loc := getLoc(elem)
+ loc, err := getLoc(elem)
+ if err != nil {
+ return nil, err
+ }
lineDiff := loc.Row - last.Row
if lineDiff > 0 && i > 0 {
lines = append(lines, cur)
@@ -1262,7 +1782,7 @@ func groupIterable(elements []interface{}, last *ast.Location) [][]interface{} {
last = loc
cur = append(cur, elem)
}
- return append(lines, cur)
+ return append(lines, cur), nil
}
func mapImportsToComments(imports []*ast.Import, comments []*ast.Comment) (map[*ast.Import]*ast.Comment, []*ast.Comment) {
@@ -1318,14 +1838,37 @@ func groupImports(imports []*ast.Import) [][]*ast.Import {
return groups
}
-func partitionComments(comments []*ast.Comment, l *ast.Location) (before []*ast.Comment, at *ast.Comment, after []*ast.Comment) {
+func partitionComments(comments []*ast.Comment, l *ast.Location) ([]*ast.Comment, *ast.Comment, []*ast.Comment) {
+ if len(comments) == 0 {
+ return nil, nil, nil
+ }
+
+ numBefore, numAfter := 0, 0
+ for _, c := range comments {
+ switch cmp := c.Location.Row - l.Row; {
+ case cmp < 0:
+ numBefore++
+ case cmp > 0:
+ numAfter++
+ }
+ }
+
+ if numAfter == len(comments) {
+ return nil, nil, comments
+ }
+
+ var at *ast.Comment
+
+ before := make([]*ast.Comment, 0, numBefore)
+ after := comments[0 : 0 : len(comments)-numBefore]
+
for _, c := range comments {
switch cmp := c.Location.Row - l.Row; {
case cmp < 0:
before = append(before, c)
case cmp > 0:
after = append(after, c)
- case cmp == 0:
+ default:
at = c
}
}
@@ -1333,7 +1876,7 @@ func partitionComments(comments []*ast.Comment, l *ast.Location) (before []*ast.
return before, at, after
}
-func gatherImports(others []interface{}) (imports []*ast.Import, rest []interface{}) {
+func gatherImports(others []any) (imports []*ast.Import, rest []any) {
i := 0
loop:
for ; i < len(others); i++ {
@@ -1347,7 +1890,7 @@ loop:
return imports, others[i:]
}
-func gatherRules(others []interface{}) (rules []*ast.Rule, rest []interface{}) {
+func gatherRules(others []any) (rules []*ast.Rule, rest []any) {
i := 0
loop:
for ; i < len(others); i++ {
@@ -1361,43 +1904,52 @@ loop:
return rules, others[i:]
}
-func locLess(a, b interface{}) bool {
- return locCmp(a, b) < 0
+func locLess(a, b any) (bool, error) {
+ c, err := locCmp(a, b)
+ return c < 0, err
}
-func locCmp(a, b interface{}) int {
- al := getLoc(a)
- bl := getLoc(b)
+func locCmp(a, b any) (int, error) {
+ al, err := getLoc(a)
+ if err != nil {
+ return 0, err
+ }
+ bl, err := getLoc(b)
+ if err != nil {
+ return 0, err
+ }
switch {
case al == nil && bl == nil:
- return 0
+ return 0, nil
case al == nil:
- return -1
+ return -1, nil
case bl == nil:
- return 1
+ return 1, nil
}
if cmp := al.Row - bl.Row; cmp != 0 {
- return cmp
+ return cmp, nil
}
- return al.Col - bl.Col
+ return al.Col - bl.Col, nil
}
-func getLoc(x interface{}) *ast.Location {
+func getLoc(x any) (*ast.Location, error) {
switch x := x.(type) {
case ast.Node: // *ast.Head, *ast.Expr, *ast.With, *ast.Term
- return x.Loc()
+ return x.Loc(), nil
case *ast.Location:
- return x
+ return x, nil
case [2]*ast.Term: // Special case to allow for easy printing of objects.
- return x[0].Location
+ return x[0].Location, nil
default:
- panic("Not reached")
+ return nil, fmt.Errorf("unable to get location for type %v", x)
}
}
-func closingLoc(skipOpen, skipClose, open, close byte, loc *ast.Location) *ast.Location {
+var negativeRow = &ast.Location{Row: -1}
+
+func closingLoc(skipOpen, skipClose, openChar, closeChar byte, loc *ast.Location) *ast.Location {
i, offset := 0, 0
// Skip past parens/brackets/braces in rule heads.
@@ -1406,26 +1958,26 @@ func closingLoc(skipOpen, skipClose, open, close byte, loc *ast.Location) *ast.L
}
for ; i < len(loc.Text); i++ {
- if loc.Text[i] == open {
+ if loc.Text[i] == openChar {
break
}
}
if i >= len(loc.Text) {
- return &ast.Location{Row: -1}
+ return negativeRow
}
state := 1
for state > 0 {
i++
if i >= len(loc.Text) {
- return &ast.Location{Row: -1}
+ return negativeRow
}
switch loc.Text[i] {
- case open:
+ case openChar:
state++
- case close:
+ case closeChar:
state--
case '\n':
offset++
@@ -1435,10 +1987,10 @@ func closingLoc(skipOpen, skipClose, open, close byte, loc *ast.Location) *ast.L
return &ast.Location{Row: loc.Row + offset}
}
-func skipPast(open, close byte, loc *ast.Location) (int, int) {
+func skipPast(openChar, closeChar byte, loc *ast.Location) (int, int) {
i := 0
for ; i < len(loc.Text); i++ {
- if loc.Text[i] == open {
+ if loc.Text[i] == openChar {
break
}
}
@@ -1452,9 +2004,9 @@ func skipPast(open, close byte, loc *ast.Location) (int, int) {
}
switch loc.Text[i] {
- case open:
+ case openChar:
state++
- case close:
+ case closeChar:
state--
case '\n':
offset++
@@ -1467,7 +2019,7 @@ func skipPast(open, close byte, loc *ast.Location) (int, int) {
// startLine begins a line with the current indentation level.
func (w *writer) startLine() {
w.inline = true
- for i := 0; i < w.level; i++ {
+ for range w.level {
w.write(w.indent)
}
}
@@ -1483,15 +2035,46 @@ func (w *writer) endLine() {
w.write("\n")
}
+type unexpectedCommentError struct {
+ newComment string
+ newCommentRow int
+ existingComment string
+ existingCommentRow int
+}
+
+func (u unexpectedCommentError) Error() string {
+ return fmt.Sprintf("unexpected new comment (%s) on line %d because there is already a comment (%s) registered for line %d",
+ u.newComment, u.newCommentRow, u.existingComment, u.existingCommentRow)
+}
+
// beforeLineEnd registers a comment to be printed at the end of the current line.
-func (w *writer) beforeLineEnd(c *ast.Comment) {
+func (w *writer) beforeLineEnd(c *ast.Comment) error {
if w.beforeEnd != nil {
if c == nil {
- return
+ return nil
+ }
+
+ existingComment := truncatedString(w.beforeEnd.String(), 100)
+ existingCommentRow := w.beforeEnd.Location.Row
+ newComment := truncatedString(c.String(), 100)
+ w.beforeEnd = nil
+
+ return unexpectedCommentError{
+ newComment: newComment,
+ newCommentRow: c.Location.Row,
+ existingComment: existingComment,
+ existingCommentRow: existingCommentRow,
}
- panic("overwriting non-nil beforeEnd")
}
w.beforeEnd = c
+ return nil
+}
+
+func truncatedString(s string, max int) string {
+ if len(s) > max {
+ return s[:max-2] + "..."
+ }
+ return s
}
func (w *writer) delayBeforeEnd() {
@@ -1533,11 +2116,12 @@ func (w *writer) up() {
}
// down decreases the indentation level
-func (w *writer) down() {
+func (w *writer) down() error {
if w.level == 0 {
- panic("negative indentation level")
+ return errors.New("negative indentation level")
}
w.level--
+ return nil
}
func ensureFutureKeywordImport(imps []*ast.Import, kw string) []*ast.Import {
@@ -1589,22 +2173,22 @@ func ensureImport(imps []*ast.Import, path ast.Ref) []*ast.Import {
return append(imps, imp)
}
-// ArgErrDetail but for `fmt` checks since compiler has not run yet.
+// ArityFormatErrDetail but for `fmt` checks since compiler has not run yet.
type ArityFormatErrDetail struct {
Have []string `json:"have"`
Want []string `json:"want"`
}
-// arityMismatchError but for `fmt` checks since the compiler has not run yet.
+// ArityFormatMismatchError but for `fmt` checks since the compiler has not run yet.
func ArityFormatMismatchError(operands []*ast.Term, operator string, loc *ast.Location, f *types.Function) *ast.Error {
- want := make([]string, len(f.Args()))
- for i := range f.Args() {
- want[i] = types.Sprint(f.Args()[i])
+ want := make([]string, f.Arity())
+ for i, arg := range f.FuncArgs().Args {
+ want[i] = types.Sprint(arg)
}
have := make([]string, len(operands))
- for i := 0; i < len(operands); i++ {
- have[i] = ast.TypeName(operands[i].Value)
+ for i := range operands {
+ have[i] = ast.ValueName(operands[i].Value)
}
err := ast.NewError(ast.TypeErr, loc, "%s: %s", operator, "arity mismatch")
err.Details = &ArityFormatErrDetail{
@@ -1617,18 +2201,9 @@ func ArityFormatMismatchError(operands []*ast.Term, operator string, loc *ast.Lo
// Lines returns the string representation of the detail.
func (d *ArityFormatErrDetail) Lines() []string {
return []string{
- "have: " + "(" + strings.Join(d.Have, ",") + ")",
- "want: " + "(" + strings.Join(d.Want, ",") + ")",
- }
-}
-
-func moduleIsRegoV1Compatible(m *ast.Module) bool {
- for _, imp := range m.Imports {
- if isRegoV1Compatible(imp) {
- return true
- }
+ "have: (" + strings.Join(d.Have, ",") + ")",
+ "want: (" + strings.Join(d.Want, ",") + ")",
}
- return false
}
// isRegoV1Compatible returns true if the passed *ast.Import is `rego.v1`
@@ -1636,5 +2211,5 @@ func isRegoV1Compatible(imp *ast.Import) bool {
path := imp.Path.Value.(ast.Ref)
return len(path) == 2 &&
ast.RegoRootDocument.Equal(path[0]) &&
- path[1].Equal(ast.StringTerm("v1"))
+ path[1].Equal(ast.InternedStringTerm("v1"))
}
diff --git a/vendor/github.com/open-policy-agent/opa/hooks/hooks.go b/vendor/github.com/open-policy-agent/opa/v1/hooks/hooks.go
similarity index 98%
rename from vendor/github.com/open-policy-agent/opa/hooks/hooks.go
rename to vendor/github.com/open-policy-agent/opa/v1/hooks/hooks.go
index 9659d7b499..caf69b1242 100644
--- a/vendor/github.com/open-policy-agent/opa/hooks/hooks.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/hooks/hooks.go
@@ -8,7 +8,7 @@ import (
"context"
"fmt"
- "github.com/open-policy-agent/opa/config"
+ "github.com/open-policy-agent/opa/v1/config"
)
// Hook is a hook to be called in some select places in OPA's operation.
diff --git a/vendor/github.com/open-policy-agent/opa/ir/ir.go b/vendor/github.com/open-policy-agent/opa/v1/ir/ir.go
similarity index 99%
rename from vendor/github.com/open-policy-agent/opa/ir/ir.go
rename to vendor/github.com/open-policy-agent/opa/v1/ir/ir.go
index c07670704e..3657a9b673 100644
--- a/vendor/github.com/open-policy-agent/opa/ir/ir.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/ir/ir.go
@@ -11,7 +11,7 @@ package ir
import (
"fmt"
- "github.com/open-policy-agent/opa/types"
+ "github.com/open-policy-agent/opa/v1/types"
)
type (
@@ -106,7 +106,7 @@ const (
Unused
)
-func (a *Policy) String() string {
+func (*Policy) String() string {
return "Policy"
}
diff --git a/vendor/github.com/open-policy-agent/opa/ir/marshal.go b/vendor/github.com/open-policy-agent/opa/v1/ir/marshal.go
similarity index 93%
rename from vendor/github.com/open-policy-agent/opa/ir/marshal.go
rename to vendor/github.com/open-policy-agent/opa/v1/ir/marshal.go
index 69f4b5caf6..f792e2c1b6 100644
--- a/vendor/github.com/open-policy-agent/opa/ir/marshal.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/ir/marshal.go
@@ -6,6 +6,7 @@ package ir
import (
"encoding/json"
+ "fmt"
"reflect"
)
@@ -50,7 +51,11 @@ func (a *Operand) UnmarshalJSON(bs []byte) error {
if err := json.Unmarshal(bs, &typed); err != nil {
return err
}
- x := valFactories[typed.Type]()
+ f, ok := valFactories[typed.Type]
+ if !ok {
+ return fmt.Errorf("unrecognized value type %q", typed.Type)
+ }
+ x := f()
if err := json.Unmarshal(typed.Value, &x); err != nil {
return err
}
@@ -77,7 +82,11 @@ type rawTypedStmt struct {
}
func (raw rawTypedStmt) Unmarshal() (Stmt, error) {
- x := stmtFactories[raw.Type]()
+ f, ok := stmtFactories[raw.Type]
+ if !ok {
+ return nil, fmt.Errorf("unrecognized statement type %q", raw.Type)
+ }
+ x := f()
if err := json.Unmarshal(raw.Stmt, &x); err != nil {
return nil, err
}
@@ -119,6 +128,7 @@ var stmtFactories = map[string]func() Stmt{
"IsArrayStmt": func() Stmt { return &IsArrayStmt{} },
"IsObjectStmt": func() Stmt { return &IsObjectStmt{} },
"IsDefinedStmt": func() Stmt { return &IsDefinedStmt{} },
+ "IsSetStmt": func() Stmt { return &IsSetStmt{} },
"IsUndefinedStmt": func() Stmt { return &IsUndefinedStmt{} },
"ArrayAppendStmt": func() Stmt { return &ArrayAppendStmt{} },
"ObjectInsertStmt": func() Stmt { return &ObjectInsertStmt{} },
diff --git a/vendor/github.com/open-policy-agent/opa/ir/pretty.go b/vendor/github.com/open-policy-agent/opa/v1/ir/pretty.go
similarity index 67%
rename from vendor/github.com/open-policy-agent/opa/ir/pretty.go
rename to vendor/github.com/open-policy-agent/opa/v1/ir/pretty.go
index 6102c5a911..53d7cbae88 100644
--- a/vendor/github.com/open-policy-agent/opa/ir/pretty.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/ir/pretty.go
@@ -11,7 +11,7 @@ import (
)
// Pretty writes a human-readable representation of an IR object to w.
-func Pretty(w io.Writer, x interface{}) error {
+func Pretty(w io.Writer, x any) error {
pp := &prettyPrinter{
depth: -1,
@@ -25,20 +25,20 @@ type prettyPrinter struct {
w io.Writer
}
-func (pp *prettyPrinter) Before(_ interface{}) {
+func (pp *prettyPrinter) Before(_ any) {
pp.depth++
}
-func (pp *prettyPrinter) After(_ interface{}) {
+func (pp *prettyPrinter) After(_ any) {
pp.depth--
}
-func (pp *prettyPrinter) Visit(x interface{}) (Visitor, error) {
+func (pp *prettyPrinter) Visit(x any) (Visitor, error) {
pp.writeIndent("%T %+v", x, x)
return pp, nil
}
-func (pp *prettyPrinter) writeIndent(f string, a ...interface{}) {
+func (pp *prettyPrinter) writeIndent(f string, a ...any) {
pad := strings.Repeat("| ", pp.depth)
fmt.Fprintf(pp.w, pad+f+"\n", a...)
}
diff --git a/vendor/github.com/open-policy-agent/opa/ir/walk.go b/vendor/github.com/open-policy-agent/opa/v1/ir/walk.go
similarity index 89%
rename from vendor/github.com/open-policy-agent/opa/ir/walk.go
rename to vendor/github.com/open-policy-agent/opa/v1/ir/walk.go
index 08a8f42440..788f36cd8e 100644
--- a/vendor/github.com/open-policy-agent/opa/ir/walk.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/ir/walk.go
@@ -6,13 +6,13 @@ package ir
// Visitor defines the interface for visiting IR nodes.
type Visitor interface {
- Before(x interface{})
- Visit(x interface{}) (Visitor, error)
- After(x interface{})
+ Before(x any)
+ Visit(x any) (Visitor, error)
+ After(x any)
}
// Walk invokes the visitor for nodes under x.
-func Walk(vis Visitor, x interface{}) error {
+func Walk(vis Visitor, x any) error {
impl := walkerImpl{
vis: vis,
}
@@ -25,7 +25,7 @@ type walkerImpl struct {
err error
}
-func (w *walkerImpl) walk(x interface{}) {
+func (w *walkerImpl) walk(x any) {
if w.err != nil { // abort on error
return
}
diff --git a/vendor/github.com/open-policy-agent/opa/keys/keys.go b/vendor/github.com/open-policy-agent/opa/v1/keys/keys.go
similarity index 98%
rename from vendor/github.com/open-policy-agent/opa/keys/keys.go
rename to vendor/github.com/open-policy-agent/opa/v1/keys/keys.go
index de03496943..fba7a9c939 100644
--- a/vendor/github.com/open-policy-agent/opa/keys/keys.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/keys/keys.go
@@ -5,7 +5,7 @@ import (
"fmt"
"os"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/util"
)
const defaultSigningAlgorithm = "RS256"
diff --git a/vendor/github.com/open-policy-agent/opa/v1/loader/errors.go b/vendor/github.com/open-policy-agent/opa/v1/loader/errors.go
new file mode 100644
index 0000000000..55b8e7dc44
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/loader/errors.go
@@ -0,0 +1,62 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package loader
+
+import (
+ "fmt"
+ "strings"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+)
+
+// Errors is a wrapper for multiple loader errors.
+type Errors []error
+
+func (e Errors) Error() string {
+ if len(e) == 0 {
+ return "no error(s)"
+ }
+ if len(e) == 1 {
+ return "1 error occurred during loading: " + e[0].Error()
+ }
+ buf := make([]string, len(e))
+ for i := range buf {
+ buf[i] = e[i].Error()
+ }
+ return fmt.Sprintf("%v errors occurred during loading:\n", len(e)) + strings.Join(buf, "\n")
+}
+
+func (e *Errors) add(err error) {
+ if errs, ok := err.(ast.Errors); ok {
+ for i := range errs {
+ *e = append(*e, errs[i])
+ }
+ } else {
+ *e = append(*e, err)
+ }
+}
+
+type unsupportedDocumentType string
+
+func (path unsupportedDocumentType) Error() string {
+ return string(path) + ": document must be of type object"
+}
+
+type unrecognizedFile string
+
+func (path unrecognizedFile) Error() string {
+ return string(path) + ": can't recognize file type"
+}
+
+func isUnrecognizedFile(err error) bool {
+ _, ok := err.(unrecognizedFile)
+ return ok
+}
+
+type mergeError string
+
+func (e mergeError) Error() string {
+ return string(e) + ": merge error"
+}
diff --git a/vendor/github.com/open-policy-agent/opa/loader/extension/extension.go b/vendor/github.com/open-policy-agent/opa/v1/loader/extension/extension.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/loader/extension/extension.go
rename to vendor/github.com/open-policy-agent/opa/v1/loader/extension/extension.go
diff --git a/vendor/github.com/open-policy-agent/opa/loader/filter/filter.go b/vendor/github.com/open-policy-agent/opa/v1/loader/filter/filter.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/loader/filter/filter.go
rename to vendor/github.com/open-policy-agent/opa/v1/loader/filter/filter.go
diff --git a/vendor/github.com/open-policy-agent/opa/v1/loader/loader.go b/vendor/github.com/open-policy-agent/opa/v1/loader/loader.go
new file mode 100644
index 0000000000..d7a70ab781
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/loader/loader.go
@@ -0,0 +1,834 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package loader contains utilities for loading files into OPA.
+package loader
+
+import (
+ "bytes"
+ "fmt"
+ "io"
+ "io/fs"
+ "os"
+ "path/filepath"
+ "strings"
+
+ "sigs.k8s.io/yaml"
+
+ fileurl "github.com/open-policy-agent/opa/internal/file/url"
+ "github.com/open-policy-agent/opa/internal/merge"
+ "github.com/open-policy-agent/opa/v1/ast"
+ astJSON "github.com/open-policy-agent/opa/v1/ast/json"
+ "github.com/open-policy-agent/opa/v1/bundle"
+ "github.com/open-policy-agent/opa/v1/loader/filter"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/storage/inmem"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// Result represents the result of successfully loading zero or more files.
+type Result struct {
+ Documents map[string]any
+ Modules map[string]*RegoFile
+ path []string
+}
+
+// ParsedModules returns the parsed modules stored on the result.
+func (l *Result) ParsedModules() map[string]*ast.Module {
+ modules := make(map[string]*ast.Module)
+ for _, module := range l.Modules {
+ modules[module.Name] = module.Parsed
+ }
+ return modules
+}
+
+// Compiler returns a Compiler object with the compiled modules from this loader
+// result.
+func (l *Result) Compiler() (*ast.Compiler, error) {
+ compiler := ast.NewCompiler()
+ compiler.Compile(l.ParsedModules())
+ if compiler.Failed() {
+ return nil, compiler.Errors
+ }
+ return compiler, nil
+}
+
+// Store returns a Store object with the documents from this loader result.
+func (l *Result) Store() (storage.Store, error) {
+ return l.StoreWithOpts()
+}
+
+// StoreWithOpts returns a Store object with the documents from this loader result,
+// instantiated with the passed options.
+func (l *Result) StoreWithOpts(opts ...inmem.Opt) (storage.Store, error) {
+ return inmem.NewFromObjectWithOpts(l.Documents, opts...), nil
+}
+
+// RegoFile represents the result of loading a single Rego source file.
+type RegoFile struct {
+ Name string
+ Parsed *ast.Module
+ Raw []byte
+}
+
+// Filter defines the interface for filtering files during loading. If the
+// filter returns true, the file should be excluded from the result.
+type Filter = filter.LoaderFilter
+
+// GlobExcludeName excludes files and directories whose names do not match the
+// shell style pattern at minDepth or greater.
+func GlobExcludeName(pattern string, minDepth int) Filter {
+ return func(_ string, info fs.FileInfo, depth int) bool {
+ match, _ := filepath.Match(pattern, info.Name())
+ return match && depth >= minDepth
+ }
+}
+
+// FileLoader defines an interface for loading OPA data files
+// and Rego policies.
+type FileLoader interface {
+ All(paths []string) (*Result, error)
+ Filtered(paths []string, filter Filter) (*Result, error)
+ AsBundle(path string) (*bundle.Bundle, error)
+ WithReader(io.Reader) FileLoader
+ WithFS(fs.FS) FileLoader
+ WithMetrics(metrics.Metrics) FileLoader
+ WithFilter(Filter) FileLoader
+ WithBundleVerificationConfig(*bundle.VerificationConfig) FileLoader
+ WithSkipBundleVerification(bool) FileLoader
+ WithProcessAnnotation(bool) FileLoader
+ WithCapabilities(*ast.Capabilities) FileLoader
+ // Deprecated: Use SetOptions in the json package instead, where a longer description
+ // of why this is deprecated also can be found.
+ WithJSONOptions(*astJSON.Options) FileLoader
+ WithRegoVersion(ast.RegoVersion) FileLoader
+ WithFollowSymlinks(bool) FileLoader
+}
+
+// NewFileLoader returns a new FileLoader instance.
+func NewFileLoader() FileLoader {
+ return &fileLoader{
+ metrics: metrics.New(),
+ files: make(map[string]bundle.FileInfo),
+ }
+}
+
+type fileLoader struct {
+ metrics metrics.Metrics
+ filter Filter
+ bvc *bundle.VerificationConfig
+ skipVerify bool
+ files map[string]bundle.FileInfo
+ opts ast.ParserOptions
+ fsys fs.FS
+ reader io.Reader
+ followSymlinks bool
+}
+
+// WithFS provides an fs.FS to use for loading files. You can pass nil to
+// use plain IO calls (e.g. os.Open, os.Stat, etc.), this is the default
+// behaviour.
+func (fl *fileLoader) WithFS(fsys fs.FS) FileLoader {
+ fl.fsys = fsys
+ return fl
+}
+
+// WithReader provides an io.Reader to use for loading the bundle tarball.
+// An io.Reader passed via WithReader takes precedence over an fs.FS passed
+// via WithFS.
+func (fl *fileLoader) WithReader(rdr io.Reader) FileLoader {
+ fl.reader = rdr
+ return fl
+}
+
+// WithMetrics provides the metrics instance to use while loading
+func (fl *fileLoader) WithMetrics(m metrics.Metrics) FileLoader {
+ fl.metrics = m
+ return fl
+}
+
+// WithFilter specifies the filter object to use to filter files while loading
+func (fl *fileLoader) WithFilter(filter Filter) FileLoader {
+ fl.filter = filter
+ return fl
+}
+
+// WithBundleVerificationConfig sets the key configuration used to verify a signed bundle
+func (fl *fileLoader) WithBundleVerificationConfig(config *bundle.VerificationConfig) FileLoader {
+ fl.bvc = config
+ return fl
+}
+
+// WithSkipBundleVerification skips verification of a signed bundle
+func (fl *fileLoader) WithSkipBundleVerification(skipVerify bool) FileLoader {
+ fl.skipVerify = skipVerify
+ return fl
+}
+
+// WithProcessAnnotation enables or disables processing of schema annotations on rules
+func (fl *fileLoader) WithProcessAnnotation(processAnnotation bool) FileLoader {
+ fl.opts.ProcessAnnotation = processAnnotation
+ return fl
+}
+
+// WithCapabilities sets the supported capabilities when loading the files
+func (fl *fileLoader) WithCapabilities(caps *ast.Capabilities) FileLoader {
+ fl.opts.Capabilities = caps
+ return fl
+}
+
+// WithJSONOptions sets the JSON options on the parser (now a no-op).
+//
+// Deprecated: Use SetOptions in the json package instead, where a longer description
+// of why this is deprecated also can be found.
+func (fl *fileLoader) WithJSONOptions(*astJSON.Options) FileLoader {
+ return fl
+}
+
+// WithRegoVersion sets the ast.RegoVersion to use when parsing and compiling modules.
+func (fl *fileLoader) WithRegoVersion(version ast.RegoVersion) FileLoader {
+ fl.opts.RegoVersion = version
+ return fl
+}
+
+// WithFollowSymlinks enables or disables following symlinks when loading files
+func (fl *fileLoader) WithFollowSymlinks(followSymlinks bool) FileLoader {
+ fl.followSymlinks = followSymlinks
+ return fl
+}
+
+// All returns a Result object loaded (recursively) from the specified paths.
+func (fl fileLoader) All(paths []string) (*Result, error) {
+ return fl.Filtered(paths, nil)
+}
+
+// Filtered returns a Result object loaded (recursively) from the specified
+// paths while applying the given filters. If any filter returns true, the
+// file/directory is excluded.
+func (fl fileLoader) Filtered(paths []string, filter Filter) (*Result, error) {
+ return all(fl.fsys, paths, filter, func(curr *Result, path string, depth int) error {
+
+ var (
+ bs []byte
+ err error
+ )
+ if fl.fsys != nil {
+ bs, err = fs.ReadFile(fl.fsys, path)
+ } else {
+ bs, err = os.ReadFile(path)
+ }
+ if err != nil {
+ return err
+ }
+
+ result, err := loadKnownTypes(path, bs, fl.metrics, fl.opts)
+ if err != nil {
+ if !isUnrecognizedFile(err) {
+ return err
+ }
+ if depth > 0 {
+ return nil
+ }
+ result, err = loadFileForAnyType(path, bs, fl.metrics, fl.opts)
+ if err != nil {
+ return err
+ }
+ }
+
+ return curr.merge(path, result)
+ })
+}
+
+// AsBundle loads a path as a bundle. If it is a single file
+// it will be treated as a normal tarball bundle. If a directory
+// is supplied it will be loaded as an unzipped bundle tree.
+func (fl fileLoader) AsBundle(path string) (*bundle.Bundle, error) {
+ path, err := fileurl.Clean(path)
+ if err != nil {
+ return nil, err
+ }
+
+ if err := checkForUNCPath(path); err != nil {
+ return nil, err
+ }
+
+ var bundleLoader bundle.DirectoryLoader
+ var isDir bool
+ if fl.reader != nil {
+ bundleLoader = bundle.NewTarballLoaderWithBaseURL(fl.reader, path).WithFilter(fl.filter)
+ } else {
+ bundleLoader, isDir, err = GetBundleDirectoryLoaderFS(fl.fsys, path, fl.filter)
+ }
+
+ if err != nil {
+ return nil, err
+ }
+ bundleLoader = bundleLoader.WithFollowSymlinks(fl.followSymlinks)
+
+ br := bundle.NewCustomReader(bundleLoader).
+ WithMetrics(fl.metrics).
+ WithBundleVerificationConfig(fl.bvc).
+ WithSkipBundleVerification(fl.skipVerify).
+ WithProcessAnnotations(fl.opts.ProcessAnnotation).
+ WithCapabilities(fl.opts.Capabilities).
+ WithFollowSymlinks(fl.followSymlinks).
+ WithRegoVersion(fl.opts.RegoVersion)
+
+ // For bundle directories add the full path in front of module file names
+ // to simplify debugging.
+ if isDir {
+ br.WithBaseDir(path)
+ }
+
+ b, err := br.Read()
+ if err != nil {
+ err = fmt.Errorf("bundle %s: %w", path, err)
+ }
+
+ return &b, err
+}
+
+// GetBundleDirectoryLoader returns a bundle directory loader which can be used to load
+// files in the directory
+func GetBundleDirectoryLoader(path string) (bundle.DirectoryLoader, bool, error) {
+ return GetBundleDirectoryLoaderFS(nil, path, nil)
+}
+
+// GetBundleDirectoryLoaderWithFilter returns a bundle directory loader which can be used to load
+// files in the directory after applying the given filter.
+func GetBundleDirectoryLoaderWithFilter(path string, filter Filter) (bundle.DirectoryLoader, bool, error) {
+ return GetBundleDirectoryLoaderFS(nil, path, filter)
+}
+
+// GetBundleDirectoryLoaderFS returns a bundle directory loader which can be used to load
+// files in the directory.
+func GetBundleDirectoryLoaderFS(fsys fs.FS, path string, filter Filter) (bundle.DirectoryLoader, bool, error) {
+ path, err := fileurl.Clean(path)
+ if err != nil {
+ return nil, false, err
+ }
+
+ if err := checkForUNCPath(path); err != nil {
+ return nil, false, err
+ }
+
+ var fi fs.FileInfo
+ if fsys != nil {
+ fi, err = fs.Stat(fsys, path)
+ } else {
+ fi, err = os.Stat(path)
+ }
+ if err != nil {
+ return nil, false, fmt.Errorf("error reading %q: %s", path, err)
+ }
+
+ var bundleLoader bundle.DirectoryLoader
+ if fi.IsDir() {
+ if fsys != nil {
+ bundleLoader = bundle.NewFSLoaderWithRoot(fsys, path)
+ } else {
+ bundleLoader = bundle.NewDirectoryLoader(path)
+ }
+ } else {
+ var fh fs.File
+ if fsys != nil {
+ fh, err = fsys.Open(path)
+ } else {
+ fh, err = os.Open(path)
+ }
+ if err != nil {
+ return nil, false, err
+ }
+ bundleLoader = bundle.NewTarballLoaderWithBaseURL(fh, path)
+ }
+
+ if filter != nil {
+ bundleLoader = bundleLoader.WithFilter(filter)
+ }
+ return bundleLoader, fi.IsDir(), nil
+}
+
+// FilteredPaths is the same as FilterPathsFS using the current diretory file
+// system
+func FilteredPaths(paths []string, filter Filter) ([]string, error) {
+ return FilteredPathsFS(nil, paths, filter)
+}
+
+// FilteredPathsFS return a list of files from the specified
+// paths while applying the given filters. If any filter returns true, the
+// file/directory is excluded.
+func FilteredPathsFS(fsys fs.FS, paths []string, filter Filter) ([]string, error) {
+ result := []string{}
+
+ _, err := all(fsys, paths, filter, func(_ *Result, path string, _ int) error {
+ result = append(result, path)
+ return nil
+ })
+ if err != nil {
+ return nil, err
+ }
+ return result, nil
+}
+
+// Schemas loads a schema set from the specified file path.
+func Schemas(schemaPath string) (*ast.SchemaSet, error) {
+
+ var errs Errors
+ ss, err := loadSchemas(schemaPath)
+ if err != nil {
+ errs.add(err)
+ return nil, errs
+ }
+
+ return ss, nil
+}
+
+func loadSchemas(schemaPath string) (*ast.SchemaSet, error) {
+
+ if schemaPath == "" {
+ return nil, nil
+ }
+
+ ss := ast.NewSchemaSet()
+ path, err := fileurl.Clean(schemaPath)
+ if err != nil {
+ return nil, err
+ }
+
+ info, err := os.Stat(path)
+ if err != nil {
+ return nil, err
+ }
+
+ // Handle single file case.
+ if !info.IsDir() {
+ schema, err := loadOneSchema(path)
+ if err != nil {
+ return nil, err
+ }
+ ss.Put(ast.SchemaRootRef, schema)
+ return ss, nil
+
+ }
+
+ // Handle directory case.
+ rootDir := path
+
+ err = filepath.Walk(path,
+ func(path string, info os.FileInfo, err error) error {
+ if err != nil {
+ return err
+ } else if info.IsDir() {
+ return nil
+ }
+
+ schema, err := loadOneSchema(path)
+ if err != nil {
+ return err
+ }
+
+ relPath, err := filepath.Rel(rootDir, path)
+ if err != nil {
+ return err
+ }
+
+ key := getSchemaSetByPathKey(relPath)
+ ss.Put(key, schema)
+ return nil
+ })
+
+ if err != nil {
+ return nil, err
+ }
+
+ return ss, nil
+}
+
+func getSchemaSetByPathKey(path string) ast.Ref {
+
+ front := filepath.Dir(path)
+ last := strings.TrimSuffix(filepath.Base(path), filepath.Ext(path))
+
+ var parts []string
+
+ if front != "." {
+ parts = append(strings.Split(filepath.ToSlash(front), "/"), last)
+ } else {
+ parts = []string{last}
+ }
+
+ key := make(ast.Ref, 1+len(parts))
+ key[0] = ast.SchemaRootDocument
+ for i := range parts {
+ key[i+1] = ast.StringTerm(parts[i])
+ }
+
+ return key
+}
+
+func loadOneSchema(path string) (any, error) {
+ bs, err := os.ReadFile(path)
+ if err != nil {
+ return nil, err
+ }
+
+ var schema any
+ if err := util.Unmarshal(bs, &schema); err != nil {
+ return nil, fmt.Errorf("%s: %w", path, err)
+ }
+
+ return schema, nil
+}
+
+// All returns a Result object loaded (recursively) from the specified paths.
+// Deprecated: Use FileLoader.Filtered() instead.
+func All(paths []string) (*Result, error) {
+ return NewFileLoader().Filtered(paths, nil)
+}
+
+// Filtered returns a Result object loaded (recursively) from the specified
+// paths while applying the given filters. If any filter returns true, the
+// file/directory is excluded.
+// Deprecated: Use FileLoader.Filtered() instead.
+func Filtered(paths []string, filter Filter) (*Result, error) {
+ return NewFileLoader().Filtered(paths, filter)
+}
+
+// AsBundle loads a path as a bundle. If it is a single file
+// it will be treated as a normal tarball bundle. If a directory
+// is supplied it will be loaded as an unzipped bundle tree.
+// Deprecated: Use FileLoader.AsBundle() instead.
+func AsBundle(path string) (*bundle.Bundle, error) {
+ return NewFileLoader().AsBundle(path)
+}
+
+// AllRegos returns a Result object loaded (recursively) with all Rego source
+// files from the specified paths.
+func AllRegos(paths []string) (*Result, error) {
+ return NewFileLoader().Filtered(paths, func(_ string, info os.FileInfo, _ int) bool {
+ return !info.IsDir() && !strings.HasSuffix(info.Name(), bundle.RegoExt)
+ })
+}
+
+// Rego is deprecated. Use RegoWithOpts instead.
+func Rego(path string) (*RegoFile, error) {
+ return RegoWithOpts(path, ast.ParserOptions{})
+}
+
+// RegoWithOpts returns a RegoFile object loaded from the given path.
+func RegoWithOpts(path string, opts ast.ParserOptions) (*RegoFile, error) {
+ path, err := fileurl.Clean(path)
+ if err != nil {
+ return nil, err
+ }
+ bs, err := os.ReadFile(path)
+ if err != nil {
+ return nil, err
+ }
+ return loadRego(path, bs, metrics.New(), opts)
+}
+
+// CleanPath returns the normalized version of a path that can be used as an identifier.
+func CleanPath(path string) string {
+ return strings.Trim(path, "/")
+}
+
+// Paths returns a sorted list of files contained at path. If recurse is true
+// and path is a directory, then Paths will walk the directory structure
+// recursively and list files at each level.
+func Paths(path string, recurse bool) (paths []string, err error) {
+ path, err = fileurl.Clean(path)
+ if err != nil {
+ return nil, err
+ }
+ err = filepath.Walk(path, func(f string, _ os.FileInfo, _ error) error {
+ if !recurse {
+ if path != f && path != filepath.Dir(f) {
+ return filepath.SkipDir
+ }
+ }
+ paths = append(paths, f)
+ return nil
+ })
+ return paths, err
+}
+
+// Dirs resolves filepaths to directories. It will return a list of unique
+// directories.
+func Dirs(paths []string) []string {
+ unique := map[string]struct{}{}
+
+ for _, path := range paths {
+ // TODO: /dir/dir will register top level directory /dir
+ dir := filepath.Dir(path)
+ unique[dir] = struct{}{}
+ }
+
+ return util.KeysSorted(unique)
+}
+
+// SplitPrefix returns a tuple specifying the document prefix and the file
+// path.
+func SplitPrefix(path string) ([]string, string) {
+ // Non-prefixed URLs can be returned without modification and their contents
+ // can be rooted directly under data.
+ if strings.Index(path, "://") == strings.Index(path, ":") {
+ return nil, path
+ }
+ parts := strings.SplitN(path, ":", 2)
+ if len(parts) == 2 && len(parts[0]) > 0 {
+ return strings.Split(parts[0], "."), parts[1]
+ }
+ return nil, path
+}
+
+func (l *Result) merge(path string, result any) error {
+ switch result := result.(type) {
+ case bundle.Bundle:
+ for _, module := range result.Modules {
+ l.Modules[module.Path] = &RegoFile{
+ Name: module.Path,
+ Parsed: module.Parsed,
+ Raw: module.Raw,
+ }
+ }
+ return l.mergeDocument(path, result.Data)
+ case *RegoFile:
+ l.Modules[CleanPath(path)] = result
+ return nil
+ default:
+ return l.mergeDocument(path, result)
+ }
+}
+
+func (l *Result) mergeDocument(path string, doc any) error {
+ obj, ok := makeDir(l.path, doc)
+ if !ok {
+ return unsupportedDocumentType(path)
+ }
+ merged, ok := merge.InterfaceMaps(l.Documents, obj)
+ if !ok {
+ return mergeError(path)
+ }
+ for k := range merged {
+ l.Documents[k] = merged[k]
+ }
+ return nil
+}
+
+func (l *Result) withParent(p string) *Result {
+ path := append(l.path, p)
+ return &Result{
+ Documents: l.Documents,
+ Modules: l.Modules,
+ path: path,
+ }
+}
+
+func newResult() *Result {
+ return &Result{
+ Documents: map[string]any{},
+ Modules: map[string]*RegoFile{},
+ }
+}
+
+func all(fsys fs.FS, paths []string, filter Filter, f func(*Result, string, int) error) (*Result, error) {
+ errs := Errors{}
+ root := newResult()
+
+ for _, path := range paths {
+
+ // Paths can be prefixed with a string that specifies where content should be
+ // loaded under data. E.g., foo.bar:/path/to/some.json will load the content
+ // of some.json under {"foo": {"bar": ...}}.
+ loaded := root
+ prefix, path := SplitPrefix(path)
+ if len(prefix) > 0 {
+ for _, part := range prefix {
+ loaded = loaded.withParent(part)
+ }
+ }
+
+ allRec(fsys, path, filter, &errs, loaded, 0, f)
+ }
+
+ if len(errs) > 0 {
+ return nil, errs
+ }
+
+ return root, nil
+}
+
+func allRec(fsys fs.FS, path string, filter Filter, errors *Errors, loaded *Result, depth int, f func(*Result, string, int) error) {
+
+ path, err := fileurl.Clean(path)
+ if err != nil {
+ errors.add(err)
+ return
+ }
+
+ if err := checkForUNCPath(path); err != nil {
+ errors.add(err)
+ return
+ }
+
+ var info fs.FileInfo
+ if fsys != nil {
+ info, err = fs.Stat(fsys, path)
+ } else {
+ info, err = os.Stat(path)
+ }
+
+ if err != nil {
+ errors.add(err)
+ return
+ }
+
+ if filter != nil && filter(path, info, depth) {
+ return
+ }
+
+ if !info.IsDir() {
+ if err := f(loaded, path, depth); err != nil {
+ errors.add(err)
+ }
+ return
+ }
+
+ // If we are recursing on directories then content must be loaded under path
+ // specified by directory hierarchy.
+ if depth > 0 {
+ loaded = loaded.withParent(info.Name())
+ }
+
+ var files []fs.DirEntry
+ if fsys != nil {
+ files, err = fs.ReadDir(fsys, path)
+ } else {
+ files, err = os.ReadDir(path)
+ }
+ if err != nil {
+ errors.add(err)
+ return
+ }
+
+ for _, file := range files {
+ allRec(fsys, filepath.Join(path, file.Name()), filter, errors, loaded, depth+1, f)
+ }
+}
+
+func loadKnownTypes(path string, bs []byte, m metrics.Metrics, opts ast.ParserOptions) (any, error) {
+ switch filepath.Ext(path) {
+ case ".json":
+ return loadJSON(path, bs, m)
+ case ".rego":
+ return loadRego(path, bs, m, opts)
+ case ".yaml", ".yml":
+ return loadYAML(path, bs, m)
+ default:
+ if strings.HasSuffix(path, ".tar.gz") {
+ r, err := loadBundleFile(path, bs, m, opts)
+ if err != nil {
+ err = fmt.Errorf("bundle %s: %w", path, err)
+ }
+ return r, err
+ }
+ }
+ return nil, unrecognizedFile(path)
+}
+
+func loadFileForAnyType(path string, bs []byte, m metrics.Metrics, opts ast.ParserOptions) (any, error) {
+ module, err := loadRego(path, bs, m, opts)
+ if err == nil {
+ return module, nil
+ }
+ doc, err := loadJSON(path, bs, m)
+ if err == nil {
+ return doc, nil
+ }
+ doc, err = loadYAML(path, bs, m)
+ if err == nil {
+ return doc, nil
+ }
+ return nil, unrecognizedFile(path)
+}
+
+func loadBundleFile(path string, bs []byte, m metrics.Metrics, opts ast.ParserOptions) (bundle.Bundle, error) {
+ tl := bundle.NewTarballLoaderWithBaseURL(bytes.NewBuffer(bs), path)
+ br := bundle.NewCustomReader(tl).
+ WithRegoVersion(opts.RegoVersion).
+ WithCapabilities(opts.Capabilities).
+ WithProcessAnnotations(opts.ProcessAnnotation).
+ WithMetrics(m).
+ WithSkipBundleVerification(true).
+ IncludeManifestInData(true)
+ return br.Read()
+}
+
+func loadRego(path string, bs []byte, m metrics.Metrics, opts ast.ParserOptions) (*RegoFile, error) {
+ m.Timer(metrics.RegoModuleParse).Start()
+ var module *ast.Module
+ var err error
+ module, err = ast.ParseModuleWithOpts(path, string(bs), opts)
+ m.Timer(metrics.RegoModuleParse).Stop()
+ if err != nil {
+ return nil, err
+ }
+ result := &RegoFile{
+ Name: path,
+ Parsed: module,
+ Raw: bs,
+ }
+ return result, nil
+}
+
+func loadJSON(path string, bs []byte, m metrics.Metrics) (any, error) {
+ m.Timer(metrics.RegoDataParse).Start()
+ var x any
+ err := util.UnmarshalJSON(bs, &x)
+ m.Timer(metrics.RegoDataParse).Stop()
+
+ if err != nil {
+ return nil, fmt.Errorf("%s: %w", path, err)
+ }
+ return x, nil
+}
+
+func loadYAML(path string, bs []byte, m metrics.Metrics) (any, error) {
+ m.Timer(metrics.RegoDataParse).Start()
+ bs, err := yaml.YAMLToJSON(bs)
+ m.Timer(metrics.RegoDataParse).Stop()
+ if err != nil {
+ return nil, fmt.Errorf("%v: error converting YAML to JSON: %v", path, err)
+ }
+ return loadJSON(path, bs, m)
+}
+
+func makeDir(path []string, x any) (map[string]any, bool) {
+ if len(path) == 0 {
+ obj, ok := x.(map[string]any)
+ if !ok {
+ return nil, false
+ }
+ return obj, true
+ }
+ return makeDir(path[:len(path)-1], map[string]any{path[len(path)-1]: x})
+}
+
+// isUNC reports whether path is a UNC path.
+func isUNC(path string) bool {
+ return len(path) > 1 && isSlash(path[0]) && isSlash(path[1])
+}
+
+func isSlash(c uint8) bool {
+ return c == '\\' || c == '/'
+}
+
+func checkForUNCPath(path string) error {
+ if isUNC(path) {
+ return fmt.Errorf("UNC path read is not allowed: %s", path)
+ }
+ return nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/logging/logging.go b/vendor/github.com/open-policy-agent/opa/v1/logging/logging.go
similarity index 83%
rename from vendor/github.com/open-policy-agent/opa/logging/logging.go
rename to vendor/github.com/open-policy-agent/opa/v1/logging/logging.go
index 7a1edfb563..9e36a20bf8 100644
--- a/vendor/github.com/open-policy-agent/opa/logging/logging.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/logging/logging.go
@@ -3,6 +3,7 @@ package logging
import (
"context"
"io"
+ "maps"
"net/http"
"github.com/sirupsen/logrus"
@@ -24,12 +25,12 @@ const (
// Logger provides interface for OPA logger implementations
type Logger interface {
- Debug(fmt string, a ...interface{})
- Info(fmt string, a ...interface{})
- Error(fmt string, a ...interface{})
- Warn(fmt string, a ...interface{})
+ Debug(fmt string, a ...any)
+ Info(fmt string, a ...any)
+ Error(fmt string, a ...any)
+ Warn(fmt string, a ...any)
- WithFields(map[string]interface{}) Logger
+ WithFields(map[string]any) Logger
GetLevel() Level
SetLevel(Level)
@@ -38,7 +39,7 @@ type Logger interface {
// StandardLogger is the default OPA logger implementation.
type StandardLogger struct {
logger *logrus.Logger
- fields map[string]interface{}
+ fields map[string]any
}
// New returns a new standard logger.
@@ -68,20 +69,16 @@ func (l *StandardLogger) SetFormatter(formatter logrus.Formatter) {
}
// WithFields provides additional fields to include in log output
-func (l *StandardLogger) WithFields(fields map[string]interface{}) Logger {
+func (l *StandardLogger) WithFields(fields map[string]any) Logger {
cp := *l
- cp.fields = make(map[string]interface{})
- for k, v := range l.fields {
- cp.fields[k] = v
- }
- for k, v := range fields {
- cp.fields[k] = v
- }
+ cp.fields = make(map[string]any)
+ maps.Copy(cp.fields, l.fields)
+ maps.Copy(cp.fields, fields)
return &cp
}
// getFields returns additional fields of this logger
-func (l *StandardLogger) getFields() map[string]interface{} {
+func (l *StandardLogger) getFields() map[string]any {
return l.fields
}
@@ -126,7 +123,7 @@ func (l *StandardLogger) GetLevel() Level {
}
// Debug logs at debug level
-func (l *StandardLogger) Debug(fmt string, a ...interface{}) {
+func (l *StandardLogger) Debug(fmt string, a ...any) {
if len(a) == 0 {
l.logger.WithFields(l.getFields()).Debug(fmt)
return
@@ -135,7 +132,7 @@ func (l *StandardLogger) Debug(fmt string, a ...interface{}) {
}
// Info logs at info level
-func (l *StandardLogger) Info(fmt string, a ...interface{}) {
+func (l *StandardLogger) Info(fmt string, a ...any) {
if len(a) == 0 {
l.logger.WithFields(l.getFields()).Info(fmt)
return
@@ -144,7 +141,7 @@ func (l *StandardLogger) Info(fmt string, a ...interface{}) {
}
// Error logs at error level
-func (l *StandardLogger) Error(fmt string, a ...interface{}) {
+func (l *StandardLogger) Error(fmt string, a ...any) {
if len(a) == 0 {
l.logger.WithFields(l.getFields()).Error(fmt)
return
@@ -153,7 +150,7 @@ func (l *StandardLogger) Error(fmt string, a ...interface{}) {
}
// Warn logs at warn level
-func (l *StandardLogger) Warn(fmt string, a ...interface{}) {
+func (l *StandardLogger) Warn(fmt string, a ...any) {
if len(a) == 0 {
l.logger.WithFields(l.getFields()).Warn(fmt)
return
@@ -164,7 +161,7 @@ func (l *StandardLogger) Warn(fmt string, a ...interface{}) {
// NoOpLogger logging implementation that does nothing
type NoOpLogger struct {
level Level
- fields map[string]interface{}
+ fields map[string]any
}
// NewNoOpLogger instantiates new NoOpLogger
@@ -176,23 +173,23 @@ func NewNoOpLogger() *NoOpLogger {
// WithFields provides additional fields to include in log output.
// Implemented here primarily to be able to switch between implementations without loss of data.
-func (l *NoOpLogger) WithFields(fields map[string]interface{}) Logger {
+func (l *NoOpLogger) WithFields(fields map[string]any) Logger {
cp := *l
cp.fields = fields
return &cp
}
// Debug noop
-func (*NoOpLogger) Debug(string, ...interface{}) {}
+func (*NoOpLogger) Debug(string, ...any) {}
// Info noop
-func (*NoOpLogger) Info(string, ...interface{}) {}
+func (*NoOpLogger) Info(string, ...any) {}
// Error noop
-func (*NoOpLogger) Error(string, ...interface{}) {}
+func (*NoOpLogger) Error(string, ...any) {}
// Warn noop
-func (*NoOpLogger) Warn(string, ...interface{}) {}
+func (*NoOpLogger) Warn(string, ...any) {}
// SetLevel set log level
func (l *NoOpLogger) SetLevel(level Level) {
diff --git a/vendor/github.com/open-policy-agent/opa/metrics/metrics.go b/vendor/github.com/open-policy-agent/opa/v1/metrics/metrics.go
similarity index 89%
rename from vendor/github.com/open-policy-agent/opa/metrics/metrics.go
rename to vendor/github.com/open-policy-agent/opa/v1/metrics/metrics.go
index 53cd606a36..19d9c7d372 100644
--- a/vendor/github.com/open-policy-agent/opa/metrics/metrics.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/metrics/metrics.go
@@ -8,7 +8,7 @@ package metrics
import (
"encoding/json"
"fmt"
- "sort"
+ "slices"
"strings"
"sync"
"sync/atomic"
@@ -48,13 +48,13 @@ type Metrics interface {
Timer(name string) Timer
Histogram(name string) Histogram
Counter(name string) Counter
- All() map[string]interface{}
+ All() map[string]any
Clear()
json.Marshaler
}
type TimerMetrics interface {
- Timers() map[string]interface{}
+ Timers() map[string]any
}
type metrics struct {
@@ -73,7 +73,7 @@ func New() Metrics {
type metric struct {
Key string
- Value interface{}
+ Value any
}
func (*metrics) Info() Info {
@@ -94,8 +94,8 @@ func (m *metrics) String() string {
})
}
- sort.Slice(sorted, func(i, j int) bool {
- return sorted[i].Key < sorted[j].Key
+ slices.SortFunc(sorted, func(a, b metric) int {
+ return strings.Compare(a.Key, b.Key)
})
buf := make([]string, len(sorted))
@@ -144,10 +144,10 @@ func (m *metrics) Counter(name string) Counter {
return c
}
-func (m *metrics) All() map[string]interface{} {
+func (m *metrics) All() map[string]any {
m.mtx.Lock()
defer m.mtx.Unlock()
- result := map[string]interface{}{}
+ result := map[string]any{}
for name, timer := range m.timers {
result[m.formatKey(name, timer)] = timer.Value()
}
@@ -160,10 +160,10 @@ func (m *metrics) All() map[string]interface{} {
return result
}
-func (m *metrics) Timers() map[string]interface{} {
+func (m *metrics) Timers() map[string]any {
m.mtx.Lock()
defer m.mtx.Unlock()
- ts := map[string]interface{}{}
+ ts := map[string]any{}
for n, t := range m.timers {
ts[m.formatKey(n, t)] = t.Value()
}
@@ -178,7 +178,7 @@ func (m *metrics) Clear() {
m.counters = map[string]Counter{}
}
-func (m *metrics) formatKey(name string, metrics interface{}) string {
+func (*metrics) formatKey(name string, metrics any) string {
switch metrics.(type) {
case Timer:
return "timer_" + name + "_ns"
@@ -194,7 +194,7 @@ func (m *metrics) formatKey(name string, metrics interface{}) string {
// Timer defines the interface for a restartable timer that accumulates elapsed
// time.
type Timer interface {
- Value() interface{}
+ Value() any
Int64() int64
Start()
Stop() int64
@@ -220,7 +220,7 @@ func (t *timer) Stop() int64 {
return delta
}
-func (t *timer) Value() interface{} {
+func (t *timer) Value() any {
return t.Int64()
}
@@ -232,7 +232,7 @@ func (t *timer) Int64() int64 {
// Histogram defines the interface for a histogram with hardcoded percentiles.
type Histogram interface {
- Value() interface{}
+ Value() any
Update(int64)
}
@@ -253,8 +253,8 @@ func (h *histogram) Update(v int64) {
h.hist.Update(v)
}
-func (h *histogram) Value() interface{} {
- values := map[string]interface{}{}
+func (h *histogram) Value() any {
+ values := map[string]any{}
snap := h.hist.Snapshot()
percentiles := snap.Percentiles([]float64{
0.5,
@@ -282,7 +282,7 @@ func (h *histogram) Value() interface{} {
// Counter defines the interface for a monotonic increasing counter.
type Counter interface {
- Value() interface{}
+ Value() any
Incr()
Add(n uint64)
}
@@ -299,11 +299,11 @@ func (c *counter) Add(n uint64) {
atomic.AddUint64(&c.c, n)
}
-func (c *counter) Value() interface{} {
+func (c *counter) Value() any {
return atomic.LoadUint64(&c.c)
}
-func Statistics(num ...int64) interface{} {
+func Statistics(num ...int64) any {
t := newHistogram()
for _, n := range num {
t.Update(n)
diff --git a/vendor/github.com/open-policy-agent/opa/plugins/plugins.go b/vendor/github.com/open-policy-agent/opa/v1/plugins/plugins.go
similarity index 93%
rename from vendor/github.com/open-policy-agent/opa/plugins/plugins.go
rename to vendor/github.com/open-policy-agent/opa/v1/plugins/plugins.go
index 567acfb817..430b15efdb 100644
--- a/vendor/github.com/open-policy-agent/opa/plugins/plugins.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/plugins/plugins.go
@@ -9,6 +9,7 @@ import (
"context"
"errors"
"fmt"
+ "maps"
mr "math/rand"
"sync"
"time"
@@ -19,22 +20,22 @@ import (
"github.com/gorilla/mux"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/bundle"
- "github.com/open-policy-agent/opa/config"
- "github.com/open-policy-agent/opa/hooks"
bundleUtils "github.com/open-policy-agent/opa/internal/bundle"
cfg "github.com/open-policy-agent/opa/internal/config"
initload "github.com/open-policy-agent/opa/internal/runtime/init"
- "github.com/open-policy-agent/opa/keys"
- "github.com/open-policy-agent/opa/loader"
- "github.com/open-policy-agent/opa/logging"
- "github.com/open-policy-agent/opa/plugins/rest"
- "github.com/open-policy-agent/opa/resolver/wasm"
- "github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/topdown/cache"
- "github.com/open-policy-agent/opa/topdown/print"
- "github.com/open-policy-agent/opa/tracing"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/bundle"
+ "github.com/open-policy-agent/opa/v1/config"
+ "github.com/open-policy-agent/opa/v1/hooks"
+ "github.com/open-policy-agent/opa/v1/keys"
+ "github.com/open-policy-agent/opa/v1/loader"
+ "github.com/open-policy-agent/opa/v1/logging"
+ "github.com/open-policy-agent/opa/v1/plugins/rest"
+ "github.com/open-policy-agent/opa/v1/resolver/wasm"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
+ "github.com/open-policy-agent/opa/v1/topdown/print"
+ "github.com/open-policy-agent/opa/v1/tracing"
)
// Factory defines the interface OPA uses to instantiate your plugin.
@@ -85,8 +86,8 @@ import (
// After a plugin has been created subsequent status updates can be
// send anytime the plugin enters a ready or error state.
type Factory interface {
- Validate(manager *Manager, config []byte) (interface{}, error)
- New(manager *Manager, config interface{}) Plugin
+ Validate(manager *Manager, config []byte) (any, error)
+ New(manager *Manager, config any) Plugin
}
// Plugin defines the interface OPA uses to manage your plugin.
@@ -104,7 +105,7 @@ type Factory interface {
type Plugin interface {
Start(ctx context.Context) error
Stop(ctx context.Context)
- Reconfigure(ctx context.Context, config interface{})
+ Reconfigure(ctx context.Context, config any)
}
// Triggerable defines the interface plugins use for manual plugin triggers.
@@ -163,6 +164,14 @@ func (s *Status) String() string {
return fmt.Sprintf("{%v %q}", s.State, s.Message)
}
+func (s *Status) Equal(other *Status) bool {
+ if s == nil || other == nil {
+ return s == nil && other == nil
+ }
+
+ return s.State == other.State && s.Message == other.Message
+}
+
// StatusListener defines a handler to register for status updates.
type StatusListener func(status map[string]*Status)
@@ -440,6 +449,11 @@ func New(raw []byte, id string, store storage.Store, opts ...func(*Manager)) (*M
f(m)
}
+ if m.parserOptions.RegoVersion == ast.RegoUndefined {
+ // Default to v1 if rego-version is not set through options
+ m.parserOptions.RegoVersion = ast.DefaultRegoVersion
+ }
+
if m.logger == nil {
m.logger = logging.Get()
}
@@ -472,13 +486,7 @@ func New(raw []byte, id string, store storage.Store, opts ...func(*Manager)) (*M
return nil, err
}
- serviceOpts := cfg.ServiceOptions{
- Raw: parsedConfig.Services,
- AuthPlugin: m.AuthPlugin,
- Keys: m.keys,
- Logger: m.logger,
- DistributedTacingOpts: m.distributedTacingOpts,
- }
+ serviceOpts := m.DefaultServiceOpts(parsedConfig)
m.services, err = cfg.ParseServicesConfig(serviceOpts)
if err != nil {
@@ -494,8 +502,8 @@ func New(raw []byte, id string, store storage.Store, opts ...func(*Manager)) (*M
m.reporter.RegisterGatherer("min_compatible_version", func(_ context.Context) (any, error) {
var minimumCompatibleVersion string
- if m.compiler != nil && m.compiler.Required != nil {
- minimumCompatibleVersion, _ = m.compiler.Required.MinimumCompatibleVersion()
+ if c := m.GetCompiler(); c != nil && c.Required != nil {
+ minimumCompatibleVersion, _ = c.Required.MinimumCompatibleVersion()
}
return minimumCompatibleVersion, nil
})
@@ -537,6 +545,7 @@ func (m *Manager) Init(ctx context.Context) error {
Bundles: m.initBundles,
MaxErrors: m.maxErrors,
EnablePrintStatements: m.enablePrintStatements,
+ ParserOptions: m.parserOptions,
})
if err != nil {
@@ -746,14 +755,19 @@ func (m *Manager) Stop(ctx context.Context) {
}
}
-// Reconfigure updates the configuration on the manager.
-func (m *Manager) Reconfigure(config *config.Config) error {
- opts := cfg.ServiceOptions{
+func (m *Manager) DefaultServiceOpts(config *config.Config) cfg.ServiceOptions {
+ return cfg.ServiceOptions{
Raw: config.Services,
AuthPlugin: m.AuthPlugin,
Logger: m.logger,
+ Keys: m.keys,
DistributedTacingOpts: m.distributedTacingOpts,
}
+}
+
+// Reconfigure updates the configuration on the manager.
+func (m *Manager) Reconfigure(config *config.Config) error {
+ opts := m.DefaultServiceOpts(config)
keys, err := keys.ParseKeysConfig(config.Keys)
if err != nil {
@@ -778,9 +792,7 @@ func (m *Manager) Reconfigure(config *config.Config) error {
if config.Labels == nil {
config.Labels = m.bootstrapConfigLabels
} else {
- for label, value := range m.bootstrapConfigLabels {
- config.Labels[label] = value
- }
+ maps.Copy(config.Labels, m.bootstrapConfigLabels)
}
// don't erase persistence directory
@@ -790,13 +802,9 @@ func (m *Manager) Reconfigure(config *config.Config) error {
m.Config = config
m.interQueryBuiltinCacheConfig = interQueryBuiltinCacheConfig
- for name, client := range services {
- m.services[name] = client
- }
- for name, key := range keys {
- m.keys[name] = key
- }
+ maps.Copy(m.services, services)
+ maps.Copy(m.keys, keys)
for _, trigger := range m.registeredCacheTriggers {
trigger(interQueryBuiltinCacheConfig)
@@ -848,9 +856,7 @@ func (m *Manager) UpdatePluginStatus(pluginName string, status *Status) {
defer m.mtx.Unlock()
m.pluginStatus[pluginName] = status
toNotify = make(map[string]StatusListener, len(m.pluginStatusListeners))
- for k, v := range m.pluginStatusListeners {
- toNotify[k] = v
- }
+ maps.Copy(toNotify, m.pluginStatusListeners)
statuses = m.copyPluginStatus()
}()
@@ -939,7 +945,13 @@ func loadCompilerFromStore(ctx context.Context, store storage.Store, txn storage
modules[policy] = module
}
- compiler := ast.NewCompiler().WithEnablePrintStatements(enablePrintStatements)
+ compiler := ast.NewCompiler().
+ WithEnablePrintStatements(enablePrintStatements)
+
+ if popts.RegoVersion != ast.RegoUndefined {
+ compiler = compiler.WithDefaultRegoVersion(popts.RegoVersion)
+ }
+
compiler.Compile(modules)
return compiler, nil
}
@@ -1078,7 +1090,7 @@ func (m *Manager) sendOPAUpdateLoop(ctx context.Context) {
opaReportNotify = false
_, err := m.reporter.SendReport(ctx)
if err != nil {
- m.logger.WithFields(map[string]interface{}{"err": err}).Debug("Unable to send OPA telemetry report.")
+ m.logger.WithFields(map[string]any{"err": err}).Debug("Unable to send OPA telemetry report.")
}
}
diff --git a/vendor/github.com/open-policy-agent/opa/plugins/rest/auth.go b/vendor/github.com/open-policy-agent/opa/v1/plugins/rest/auth.go
similarity index 73%
rename from vendor/github.com/open-policy-agent/opa/plugins/rest/auth.go
rename to vendor/github.com/open-policy-agent/opa/v1/plugins/rest/auth.go
index 11e72001a2..9a8d58cc66 100644
--- a/vendor/github.com/open-policy-agent/opa/plugins/rest/auth.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/plugins/rest/auth.go
@@ -21,6 +21,7 @@ import (
"fmt"
"hash"
"io"
+ "maps"
"math/big"
"net/http"
"net/url"
@@ -33,8 +34,8 @@ import (
"github.com/open-policy-agent/opa/internal/jwx/jws/sign"
"github.com/open-policy-agent/opa/internal/providers/aws"
"github.com/open-policy-agent/opa/internal/uuid"
- "github.com/open-policy-agent/opa/keys"
- "github.com/open-policy-agent/opa/logging"
+ "github.com/open-policy-agent/opa/v1/keys"
+ "github.com/open-policy-agent/opa/v1/logging"
)
const (
@@ -126,10 +127,14 @@ type bearerAuthPlugin struct {
// encode is set to true for the OCIDownloader because
// it expects tokens in plain text but needs them in base64.
encode bool
+ logger logging.Logger
}
func (ap *bearerAuthPlugin) NewClient(c Config) (*http.Client, error) {
t, err := DefaultTLSConfig(c)
+
+ ap.logger = c.logger
+
if err != nil {
return nil, err
}
@@ -153,6 +158,9 @@ func (ap *bearerAuthPlugin) NewClient(c Config) (*http.Client, error) {
func (ap *bearerAuthPlugin) Prepare(req *http.Request) error {
token := ap.Token
+ if ap.logger == nil {
+ ap.logger = logging.Get()
+ }
if ap.TokenPath != "" {
bytes, err := os.ReadFile(ap.TokenPath)
@@ -166,7 +174,12 @@ func (ap *bearerAuthPlugin) Prepare(req *http.Request) error {
token = base64.StdEncoding.EncodeToString([]byte(token))
}
- req.Header.Add("Authorization", fmt.Sprintf("%v %v", ap.Scheme, token))
+ if req.Response != nil && (req.Response.StatusCode == http.StatusPermanentRedirect || req.Response.StatusCode == http.StatusTemporaryRedirect) {
+ ap.logger.Debug("not attaching authorization header as the response contains a redirect")
+ } else {
+ ap.logger.Debug("attaching authorization header")
+ req.Header.Add("Authorization", fmt.Sprintf("%v %v", ap.Scheme, token))
+ }
return nil
}
@@ -181,6 +194,15 @@ type awsKmsKeyConfig struct {
Algorithm string `json:"algorithm"`
}
+type azureKeyVaultConfig struct {
+ Key string `json:"key"`
+ KeyVersion string `json:"key_version"`
+ Alg string `json:"key_algorithm"`
+ Vault string `json:"vault"`
+ URL *url.URL
+ APIVersion string `json:"api_version"`
+}
+
func convertSignatureToBase64(alg string, der []byte) (string, error) {
r, s, derErr := pointsFromDER(der)
if derErr != nil {
@@ -194,7 +216,7 @@ func convertSignatureToBase64(alg string, der []byte) (string, error) {
return signatureData, nil
}
-func pointsFromDER(der []byte) (R, S *big.Int, err error) {
+func pointsFromDER(der []byte) (R, S *big.Int, err error) { //nolint:gocritic
R, S = &big.Int{}, &big.Int{}
data := asn1.RawValue{}
if _, err := asn1.Unmarshal(der, &data); err != nil {
@@ -253,42 +275,47 @@ func messageDigest(message []byte, alg string) ([]byte, error) {
var digest hash.Hash
switch alg {
- case "ECDSA_SHA_256":
+ case "ECDSA_SHA_256", "ES256", "ES256K", "PS256", "RS256":
digest = sha256.New()
- case "ECDSA_SHA_384":
+ case "ECDSA_SHA_384", "ES384", "PS384", "RS384":
digest = sha512.New384()
- case "ECDSA_SHA_512":
+ case "ECDSA_SHA_512", "ES512", "PS512", "RS512":
digest = sha512.New()
default:
return []byte{}, fmt.Errorf("unsupported sign algorithm %s", alg)
}
- digest.Write(message)
+ _, err := digest.Write(message)
+ if err != nil {
+ return nil, err
+ }
return digest.Sum(nil), nil
}
// oauth2ClientCredentialsAuthPlugin represents authentication via a bearer token in the HTTP Authorization header
// obtained through the OAuth2 client credentials flow
type oauth2ClientCredentialsAuthPlugin struct {
- GrantType string `json:"grant_type"`
- TokenURL string `json:"token_url"`
- ClientID string `json:"client_id"`
- ClientSecret string `json:"client_secret"`
- SigningKeyID string `json:"signing_key"`
- Thumbprint string `json:"thumbprint"`
- Claims map[string]interface{} `json:"additional_claims"`
- IncludeJti bool `json:"include_jti_claim"`
- Scopes []string `json:"scopes,omitempty"`
- AdditionalHeaders map[string]string `json:"additional_headers,omitempty"`
- AdditionalParameters map[string]string `json:"additional_parameters,omitempty"`
- AWSKmsKey *awsKmsKeyConfig `json:"aws_kms,omitempty"`
- AWSSigningPlugin *awsSigningAuthPlugin `json:"aws_signing,omitempty"`
- ClientAssertionType string `json:"client_assertion_type"`
- ClientAssertion string `json:"client_assertion"`
- ClientAssertionPath string `json:"client_assertion_path"`
+ GrantType string `json:"grant_type"`
+ TokenURL string `json:"token_url"`
+ ClientID string `json:"client_id"`
+ ClientSecret string `json:"client_secret"`
+ SigningKeyID string `json:"signing_key"`
+ Thumbprint string `json:"thumbprint"`
+ Claims map[string]any `json:"additional_claims"`
+ IncludeJti bool `json:"include_jti_claim"`
+ Scopes []string `json:"scopes,omitempty"`
+ AdditionalHeaders map[string]string `json:"additional_headers,omitempty"`
+ AdditionalParameters map[string]string `json:"additional_parameters,omitempty"`
+ AWSKmsKey *awsKmsKeyConfig `json:"aws_kms,omitempty"`
+ AWSSigningPlugin *awsSigningAuthPlugin `json:"aws_signing,omitempty"`
+ AzureKeyVault *azureKeyVaultConfig `json:"azure_keyvault,omitempty"`
+ AzureSigningPlugin *azureSigningAuthPlugin `json:"azure_signing,omitempty"`
+ ClientAssertionType string `json:"client_assertion_type"`
+ ClientAssertion string `json:"client_assertion"`
+ ClientAssertionPath string `json:"client_assertion_path"`
signingKey *keys.Config
- signingKeyParsed interface{}
+ signingKeyParsed any
tokenCache *oauth2Token
tlsSkipVerify bool
logger logging.Logger
@@ -299,15 +326,13 @@ type oauth2Token struct {
ExpiresAt time.Time
}
-func (ap *oauth2ClientCredentialsAuthPlugin) createAuthJWT(ctx context.Context, extClaims map[string]interface{}, signingKey interface{}) (*string, error) {
+func (ap *oauth2ClientCredentialsAuthPlugin) createJWSParts(extClaims map[string]any) ([]byte, []byte, string, error) {
now := time.Now()
- claims := map[string]interface{}{
+ claims := map[string]any{
"iat": now.Unix(),
"exp": now.Add(10 * time.Minute).Unix(),
}
- for k, v := range extClaims {
- claims[k] = v
- }
+ maps.Copy(claims, extClaims)
if len(ap.Scopes) > 0 {
claims["scope"] = strings.Join(ap.Scopes, " ")
@@ -316,55 +341,71 @@ func (ap *oauth2ClientCredentialsAuthPlugin) createAuthJWT(ctx context.Context,
if ap.IncludeJti {
jti, err := uuid.New(rand.Reader)
if err != nil {
- return nil, err
+ return nil, nil, "", err
}
claims["jti"] = jti
}
payload, err := json.Marshal(claims)
if err != nil {
- return nil, err
+ return nil, nil, "", err
}
var jwsHeaders []byte
var signatureAlg string
- if ap.AWSKmsKey == nil {
+ switch {
+ case ap.AWSKmsKey == nil && ap.AzureKeyVault == nil:
signatureAlg = ap.signingKey.Algorithm
- } else {
+ case ap.AWSKmsKey != nil && ap.AWSKmsKey.Algorithm != "":
signatureAlg, err = ap.mapKMSAlgToSign(ap.AWSKmsKey.Algorithm)
if err != nil {
- return nil, err
+ return nil, nil, "", err
}
+ case ap.AzureKeyVault != nil && ap.AzureKeyVault.Alg != "":
+ signatureAlg = ap.AzureKeyVault.Alg
}
if ap.Thumbprint != "" {
bytes, err := hex.DecodeString(ap.Thumbprint)
if err != nil {
- return nil, err
+ return nil, nil, "", err
}
x5t := base64.URLEncoding.EncodeToString(bytes)
- jwsHeaders = []byte(fmt.Sprintf(`{"typ":"JWT","alg":"%s","x5t":"%s"}`, signatureAlg, x5t))
+ jwsHeaders = fmt.Appendf(nil, `{"typ":"JWT","alg":"%s","x5t":"%s"}`, signatureAlg, x5t)
} else {
- jwsHeaders = []byte(fmt.Sprintf(`{"typ":"JWT","alg":"%s"}`, signatureAlg))
+ jwsHeaders = fmt.Appendf(nil, `{"typ":"JWT","alg":"%s"}`, signatureAlg)
+ }
+
+ return jwsHeaders, payload, signatureAlg, nil
+}
+
+func (ap *oauth2ClientCredentialsAuthPlugin) createAuthJWT(ctx context.Context, extClaims map[string]any, signingKey any) (*string, error) {
+ header, payload, alg, err := ap.createJWSParts(extClaims)
+ if err != nil {
+ return nil, err
}
- var jwsCompact []byte
- if ap.AWSKmsKey == nil {
- jwsCompact, err = jws.SignLiteral(payload,
- jwa.SignatureAlgorithm(signatureAlg),
+
+ var clientAssertion []byte
+ switch {
+ case ap.AWSKmsKey != nil:
+ clientAssertion, err = ap.SignWithKMS(ctx, payload, header)
+ case ap.AzureKeyVault != nil:
+ clientAssertion, err = ap.SignWithKeyVault(ctx, payload, header)
+ default:
+ clientAssertion, err = jws.SignLiteral(payload,
+ jwa.SignatureAlgorithm(alg),
signingKey,
- jwsHeaders,
+ header,
rand.Reader)
- } else {
- jwsCompact, err = ap.SignWithKMS(ctx, payload, jwsHeaders)
}
if err != nil {
return nil, err
}
- jwt := string(jwsCompact)
+ jwt := string(clientAssertion)
return &jwt, nil
}
-func (ap *oauth2ClientCredentialsAuthPlugin) mapKMSAlgToSign(alg string) (string, error) {
+func (*oauth2ClientCredentialsAuthPlugin) mapKMSAlgToSign(alg string) (string, error) {
switch alg {
case "ECDSA_SHA_256":
return "ES256", nil
@@ -382,12 +423,7 @@ func (ap *oauth2ClientCredentialsAuthPlugin) SignWithKMS(ctx context.Context, pa
encodedHdr := base64.RawURLEncoding.EncodeToString(hdrBuf)
encodedPayload := base64.RawURLEncoding.EncodeToString(payload)
- input := strings.Join(
- []string{
- encodedHdr,
- encodedPayload,
- }, ".",
- )
+ input := encodedHdr + "." + encodedPayload
digest, err := messageDigest([]byte(input), ap.AWSKmsKey.Algorithm)
if err != nil {
return nil, err
@@ -413,6 +449,28 @@ func (ap *oauth2ClientCredentialsAuthPlugin) SignWithKMS(ctx context.Context, pa
return nil, errors.New("missing AWS credentials, failed to sign the assertion with kms")
}
+func (ap *oauth2ClientCredentialsAuthPlugin) SignWithKeyVault(ctx context.Context, payload []byte, hdrBuf []byte) ([]byte, error) {
+ if ap.AzureSigningPlugin == nil {
+ return nil, errors.New("missing Azure credentials, failed to sign the assertion with KeyVault")
+ }
+
+ encodedHdr := base64.RawURLEncoding.EncodeToString(hdrBuf)
+ encodedPayload := base64.RawURLEncoding.EncodeToString(payload)
+ input := encodedHdr + "." + encodedPayload
+ digest, err := messageDigest([]byte(input), ap.AzureSigningPlugin.keyVaultSignPlugin.config.Alg)
+ if err != nil {
+ fmt.Println("unsupported algorithm", ap.AzureSigningPlugin.keyVaultSignPlugin.config.Alg)
+ return nil, err
+ }
+
+ signature, err := ap.AzureSigningPlugin.SignDigest(ctx, digest)
+ if err != nil {
+ return nil, err
+ }
+
+ return []byte(input + "." + signature), nil
+}
+
func (ap *oauth2ClientCredentialsAuthPlugin) parseSigningKey(c Config) (err error) {
if ap.SigningKeyID == "" {
return errors.New("signing_key required for jwt_bearer grant type")
@@ -468,6 +526,7 @@ func (ap *oauth2ClientCredentialsAuthPlugin) NewClient(c Config) (*http.Client,
clientCredentialExists["client_secret"] = ap.ClientSecret != ""
clientCredentialExists["signing_key"] = ap.SigningKeyID != ""
clientCredentialExists["aws_kms"] = ap.AWSKmsKey != nil
+ clientCredentialExists["azure_keyvault"] = ap.AzureKeyVault != nil
clientCredentialExists["client_assertion"] = ap.ClientAssertion != ""
clientCredentialExists["client_assertion_path"] = ap.ClientAssertionPath != ""
@@ -480,14 +539,15 @@ func (ap *oauth2ClientCredentialsAuthPlugin) NewClient(c Config) (*http.Client,
}
if notEmptyVarCount == 0 {
- return nil, errors.New("please provide one of client_secret, signing_key, aws_kms, client_assertion, or client_assertion_path required")
+ return nil, errors.New("please provide one of client_secret, signing_key, aws_kms, azure_keyvault, client_assertion, or client_assertion_path required")
}
if notEmptyVarCount > 1 {
- return nil, errors.New("can only use one of client_secret, signing_key, aws_kms, client_assertion, or client_assertion_path")
+ return nil, errors.New("can only use one of client_secret, signing_key, aws_kms, azure_keyvault, client_assertion, or client_assertion_path")
}
- if clientCredentialExists["aws_kms"] {
+ switch {
+ case clientCredentialExists["aws_kms"]:
if ap.AWSSigningPlugin == nil {
return nil, errors.New("aws_kms and aws_signing required")
}
@@ -496,91 +556,107 @@ func (ap *oauth2ClientCredentialsAuthPlugin) NewClient(c Config) (*http.Client,
if err != nil {
return nil, err
}
- } else if clientCredentialExists["client_assertion"] {
+ case clientCredentialExists["azure_keyvault"]:
+ _, err := ap.AzureSigningPlugin.NewClient(c)
+ if err != nil {
+ return nil, err
+ }
+ case clientCredentialExists["client_assertion"]:
if ap.ClientAssertionType == "" {
ap.ClientAssertionType = defaultClientAssertionType
}
if ap.ClientID == "" {
return nil, errors.New("client_id and client_assertion required")
}
- } else if clientCredentialExists["client_assertion_path"] {
+ case clientCredentialExists["client_assertion_path"]:
if ap.ClientAssertionType == "" {
ap.ClientAssertionType = defaultClientAssertionType
}
if ap.ClientID == "" {
return nil, errors.New("client_id and client_assertion_path required")
}
- } else if clientCredentialExists["client_secret"] {
- if ap.ClientID == "" {
- return nil, errors.New("client_id and client_secret required")
- }
+ case clientCredentialExists["client_secret"] && ap.ClientID == "":
+ return nil, errors.New("client_id and client_secret required")
}
}
return DefaultRoundTripperClient(t, *c.ResponseHeaderTimeoutSeconds), nil
}
-// requestToken tries to obtain an access token using either the client credentials flow
-// https://tools.ietf.org/html/rfc6749#section-4.4
-// or the JWT authorization grant
-// https://tools.ietf.org/html/rfc7523
-func (ap *oauth2ClientCredentialsAuthPlugin) requestToken(ctx context.Context) (*oauth2Token, error) {
+func (ap *oauth2ClientCredentialsAuthPlugin) createTokenReqBody(ctx context.Context) (url.Values, error) {
body := url.Values{}
+
+ if len(ap.Scopes) > 0 {
+ body.Add("scope", strings.Join(ap.Scopes, " "))
+ }
+
+ for k, v := range ap.AdditionalParameters {
+ body.Set(k, v)
+ }
+
if ap.GrantType == grantTypeJwtBearer {
- authJwt, err := ap.createAuthJWT(ctx, ap.Claims, ap.signingKeyParsed)
+ authJWT, err := ap.createAuthJWT(ctx, ap.Claims, ap.signingKeyParsed)
if err != nil {
return nil, err
}
body.Add("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer")
- body.Add("assertion", *authJwt)
- } else {
- body.Add("grant_type", grantTypeClientCredentials)
+ body.Add("assertion", *authJWT)
+ return body, nil
+ }
- if ap.SigningKeyID != "" || ap.AWSKmsKey != nil {
- authJwt, err := ap.createAuthJWT(ctx, ap.Claims, ap.signingKeyParsed)
- if err != nil {
- return nil, err
- }
- body.Add("client_assertion_type", defaultClientAssertionType)
- body.Add("client_assertion", *authJwt)
+ body.Add("grant_type", grantTypeClientCredentials)
- if ap.ClientID != "" {
- body.Add("client_id", ap.ClientID)
- }
- } else if ap.ClientAssertion != "" {
- if ap.ClientAssertionType == "" {
- ap.ClientAssertionType = defaultClientAssertionType
- }
- if ap.ClientID != "" {
- body.Add("client_id", ap.ClientID)
- }
- body.Add("client_assertion_type", ap.ClientAssertionType)
- body.Add("client_assertion", ap.ClientAssertion)
- } else if ap.ClientAssertionPath != "" {
- if ap.ClientAssertionType == "" {
- ap.ClientAssertionType = defaultClientAssertionType
- }
- bytes, err := os.ReadFile(ap.ClientAssertionPath)
- if err != nil {
- return nil, err
- }
- if ap.ClientID != "" {
- body.Add("client_id", ap.ClientID)
- }
- body.Add("client_assertion_type", ap.ClientAssertionType)
- body.Add("client_assertion", strings.TrimSpace(string(bytes)))
+ switch {
+ case ap.SigningKeyID != "" || ap.AWSKmsKey != nil || ap.AzureKeyVault != nil:
+ authJwt, err := ap.createAuthJWT(ctx, ap.Claims, ap.signingKeyParsed)
+ if err != nil {
+ return nil, err
}
- }
+ body.Add("client_assertion_type", defaultClientAssertionType)
+ body.Add("client_assertion", *authJwt)
- if len(ap.Scopes) > 0 {
- body.Add("scope", strings.Join(ap.Scopes, " "))
+ if ap.ClientID != "" {
+ body.Add("client_id", ap.ClientID)
+ }
+ case ap.ClientAssertion != "":
+ if ap.ClientAssertionType == "" {
+ ap.ClientAssertionType = defaultClientAssertionType
+ }
+ if ap.ClientID != "" {
+ body.Add("client_id", ap.ClientID)
+ }
+ body.Add("client_assertion_type", ap.ClientAssertionType)
+ body.Add("client_assertion", ap.ClientAssertion)
+
+ case ap.ClientAssertionPath != "":
+ if ap.ClientAssertionType == "" {
+ ap.ClientAssertionType = defaultClientAssertionType
+ }
+ bytes, err := os.ReadFile(ap.ClientAssertionPath)
+ if err != nil {
+ return nil, err
+ }
+ if ap.ClientID != "" {
+ body.Add("client_id", ap.ClientID)
+ }
+ body.Add("client_assertion_type", ap.ClientAssertionType)
+ body.Add("client_assertion", strings.TrimSpace(string(bytes)))
}
- for k, v := range ap.AdditionalParameters {
- body.Set(k, v)
+ return body, nil
+}
+
+// requestToken tries to obtain an access token using either the client credentials flow
+// https://tools.ietf.org/html/rfc6749#section-4.4
+// or the JWT authorization grant
+// https://tools.ietf.org/html/rfc7523
+func (ap *oauth2ClientCredentialsAuthPlugin) requestToken(ctx context.Context) (*oauth2Token, error) {
+ body, err := ap.createTokenReqBody(ctx)
+ if err != nil {
+ return nil, err
}
- r, err := http.NewRequestWithContext(ctx, "POST", ap.TokenURL, strings.NewReader(body.Encode()))
+ r, err := http.NewRequestWithContext(ctx, http.MethodPost, ap.TokenURL, strings.NewReader(body.Encode()))
if err != nil {
return nil, err
}
@@ -616,7 +692,7 @@ func (ap *oauth2ClientCredentialsAuthPlugin) requestToken(ctx context.Context) (
return nil, err
}
- if strings.ToLower(tokenResponse.TokenType) != "bearer" {
+ if !strings.EqualFold(tokenResponse.TokenType, "bearer") {
return nil, errors.New("unknown token type returned from token endpoint")
}
@@ -751,7 +827,7 @@ func (ap *clientTLSAuthPlugin) NewClient(c Config) (*http.Client, error) {
return client, nil
}
-func (ap *clientTLSAuthPlugin) Prepare(_ *http.Request) error {
+func (*clientTLSAuthPlugin) Prepare(_ *http.Request) error {
return nil
}
@@ -762,6 +838,7 @@ type awsSigningAuthPlugin struct {
AWSAssumeRoleCredentials *awsAssumeRoleCredentialService `json:"assume_role_credentials,omitempty"`
AWSWebIdentityCredentials *awsWebIdentityCredentialService `json:"web_identity_credentials,omitempty"`
AWSProfileCredentials *awsProfileCredentialService `json:"profile_credentials,omitempty"`
+ AWSSSOCredentials *awsSSOCredentialsService `json:"sso_credentials,omitempty"`
AWSService string `json:"service,omitempty"`
AWSSignatureVersion string `json:"signature_version,omitempty"`
@@ -877,6 +954,11 @@ func (ap *awsSigningAuthPlugin) awsCredentialService() awsCredentialService {
chain.addService(ap.AWSMetadataCredentials)
}
+ if ap.AWSSSOCredentials != nil {
+ ap.AWSSSOCredentials.logger = ap.logger
+ chain.addService(ap.AWSSSOCredentials)
+ }
+
return &chain
}
@@ -934,6 +1016,7 @@ func (ap *awsSigningAuthPlugin) validateAndSetDefaults(serviceType string) error
cfgs[ap.AWSAssumeRoleCredentials != nil]++
cfgs[ap.AWSWebIdentityCredentials != nil]++
cfgs[ap.AWSProfileCredentials != nil]++
+ cfgs[ap.AWSSSOCredentials != nil]++
if cfgs[true] == 0 {
return errors.New("a AWS credential service must be specified when S3 signing is enabled")
@@ -1000,3 +1083,84 @@ func (ap *awsSigningAuthPlugin) SignDigest(ctx context.Context, digest []byte, k
return "", fmt.Errorf(`cannot use SignDigest with aws service %q`, ap.AWSService)
}
}
+
+type azureSigningAuthPlugin struct {
+ MIAuthPlugin *azureManagedIdentitiesAuthPlugin `json:"azure_managed_identity,omitempty"`
+ keyVaultSignPlugin *azureKeyVaultSignPlugin
+ keyVaultConfig *azureKeyVaultConfig
+ host string
+ Service string `json:"service"`
+ logger logging.Logger
+}
+
+func (ap *azureSigningAuthPlugin) NewClient(c Config) (*http.Client, error) {
+ t, err := DefaultTLSConfig(c)
+ if err != nil {
+ return nil, err
+ }
+
+ tknURL, err := url.Parse(c.URL)
+ if err != nil {
+ return nil, err
+ }
+
+ ap.host = tknURL.Host
+
+ if ap.logger == nil {
+ ap.logger = c.logger
+ }
+
+ if c.Credentials.OAuth2.AzureKeyVault == nil {
+ return nil, errors.New("missing keyvault config")
+ }
+ ap.keyVaultConfig = c.Credentials.OAuth2.AzureKeyVault
+
+ if err := ap.validateAndSetDefaults(); err != nil {
+ return nil, err
+ }
+
+ return DefaultRoundTripperClient(t, *c.ResponseHeaderTimeoutSeconds), nil
+}
+
+func (ap *azureSigningAuthPlugin) validateAndSetDefaults() error {
+ if ap.MIAuthPlugin == nil {
+ return errors.New("missing azure managed identity config")
+ }
+ ap.MIAuthPlugin.setDefaults()
+
+ if ap.keyVaultSignPlugin != nil {
+ return nil
+ }
+ ap.keyVaultConfig.URL = &url.URL{
+ Scheme: "https",
+ Host: ap.keyVaultConfig.Vault + ".vault.azure.net",
+ }
+ ap.keyVaultSignPlugin = newKeyVaultSignPlugin(ap.MIAuthPlugin, ap.keyVaultConfig)
+ ap.keyVaultSignPlugin.setDefaults()
+ ap.keyVaultConfig = &ap.keyVaultSignPlugin.config
+
+ return nil
+}
+
+func (ap *azureSigningAuthPlugin) Prepare(req *http.Request) error {
+ switch ap.Service {
+ case "keyvault":
+ tkn, err := ap.keyVaultSignPlugin.tokener()
+ if err != nil {
+ return err
+ }
+ req.Header.Add("Authorization", "Bearer "+tkn)
+ return nil
+ default:
+ return fmt.Errorf("azureSigningAuthPlugin.Prepare() with %s not supported", ap.Service)
+ }
+}
+
+func (ap *azureSigningAuthPlugin) SignDigest(ctx context.Context, digest []byte) (string, error) {
+ switch ap.Service {
+ case "keyvault":
+ return ap.keyVaultSignPlugin.SignDigest(ctx, digest)
+ default:
+ return "", fmt.Errorf(`cannot use SignDigest with azure service %q`, ap.Service)
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/plugins/rest/aws.go b/vendor/github.com/open-policy-agent/opa/v1/plugins/rest/aws.go
similarity index 73%
rename from vendor/github.com/open-policy-agent/opa/plugins/rest/aws.go
rename to vendor/github.com/open-policy-agent/opa/v1/plugins/rest/aws.go
index cc45dfa9c7..45c708ab80 100644
--- a/vendor/github.com/open-policy-agent/opa/plugins/rest/aws.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/plugins/rest/aws.go
@@ -5,7 +5,10 @@
package rest
import (
+ "bytes"
"context"
+ "crypto/sha1"
+ "encoding/hex"
"encoding/json"
"encoding/xml"
"errors"
@@ -13,13 +16,14 @@ import (
"net/http"
"net/url"
"os"
+ "path"
"path/filepath"
"strings"
"time"
"github.com/go-ini/ini"
"github.com/open-policy-agent/opa/internal/providers/aws"
- "github.com/open-policy-agent/opa/logging"
+ "github.com/open-policy-agent/opa/v1/logging"
)
const (
@@ -51,6 +55,7 @@ const (
awsRoleArnEnvVar = "AWS_ROLE_ARN"
awsWebIdentityTokenFileEnvVar = "AWS_WEB_IDENTITY_TOKEN_FILE"
awsCredentialsFileEnvVar = "AWS_SHARED_CREDENTIALS_FILE"
+ awsConfigFileEnvVar = "AWS_CONFIG_FILE"
awsProfileEnvVar = "AWS_PROFILE"
// ref. https://docs.aws.amazon.com/sdkref/latest/guide/settings-global.html
@@ -69,7 +74,7 @@ type awsEnvironmentCredentialService struct {
logger logging.Logger
}
-func (cs *awsEnvironmentCredentialService) credentials(context.Context) (aws.Credentials, error) {
+func (*awsEnvironmentCredentialService) credentials(context.Context) (aws.Credentials, error) {
var creds aws.Credentials
creds.AccessKey = os.Getenv(accessKeyEnvVar)
if creds.AccessKey == "" {
@@ -95,6 +100,333 @@ func (cs *awsEnvironmentCredentialService) credentials(context.Context) (aws.Cre
return creds, nil
}
+type ssoSessionDetails struct {
+ StartUrl string `json:"startUrl"`
+ Region string `json:"region"`
+ Name string
+ AccountID string
+ RoleName string
+ AccessToken string `json:"accessToken"`
+ ExpiresAt time.Time `json:"expiresAt"`
+ RegistrationExpiresAt time.Time `json:"registrationExpiresAt"`
+ RefreshToken string `json:"refreshToken"`
+ ClientId string `json:"clientId"`
+ ClientSecret string `json:"clientSecret"`
+}
+
+type awsSSOCredentialsService struct {
+ Path string `json:"path,omitempty"`
+ SSOCachePath string `json:"cache_path,omitempty"`
+
+ Profile string `json:"profile,omitempty"`
+
+ logger logging.Logger
+
+ creds aws.Credentials
+
+ credentialsExpiresAt time.Time
+
+ session *ssoSessionDetails
+}
+
+func (cs *awsSSOCredentialsService) configPath() (string, error) {
+ if len(cs.Path) != 0 {
+ return cs.Path, nil
+ }
+
+ if cs.Path = os.Getenv(awsConfigFileEnvVar); len(cs.Path) != 0 {
+ return cs.Path, nil
+ }
+
+ homeDir, err := os.UserHomeDir()
+ if err != nil {
+ return "", fmt.Errorf("user home directory not found: %w", err)
+ }
+
+ cs.Path = filepath.Join(homeDir, ".aws", "config")
+
+ return cs.Path, nil
+}
+func (cs *awsSSOCredentialsService) ssoCachePath() (string, error) {
+ if len(cs.SSOCachePath) != 0 {
+ return cs.SSOCachePath, nil
+ }
+
+ homeDir, err := os.UserHomeDir()
+ if err != nil {
+ return "", fmt.Errorf("user home directory not found: %w", err)
+ }
+
+ cs.Path = filepath.Join(homeDir, ".aws", "sso", "cache")
+
+ return cs.Path, nil
+}
+
+func (cs *awsSSOCredentialsService) cacheKeyFileName() (string, error) {
+
+ val := cs.session.StartUrl
+ if cs.session.Name != "" {
+ val = cs.session.Name
+ }
+
+ hash := sha1.New()
+ hash.Write([]byte(val))
+ cacheKey := hex.EncodeToString(hash.Sum(nil))
+
+ return cacheKey + ".json", nil
+}
+
+func (cs *awsSSOCredentialsService) loadSSOCredentials() error {
+ ssoCachePath, err := cs.ssoCachePath()
+ if err != nil {
+ return fmt.Errorf("failed to get sso cache path: %w", err)
+ }
+
+ cacheKeyFile, err := cs.cacheKeyFileName()
+ if err != nil {
+ return err
+ }
+
+ cacheFile := path.Join(ssoCachePath, cacheKeyFile)
+ cache, err := os.ReadFile(cacheFile)
+ if err != nil {
+ return fmt.Errorf("failed to load cache file: %v", err)
+ }
+
+ if err := json.Unmarshal(cache, &cs.session); err != nil {
+ return fmt.Errorf("failed to unmarshal cache file: %v", err)
+ }
+
+ return nil
+
+}
+
+func (cs *awsSSOCredentialsService) loadSession() error {
+ configPath, err := cs.configPath()
+ if err != nil {
+ return fmt.Errorf("failed to get config path: %w", err)
+ }
+ config, err := ini.Load(configPath)
+ if err != nil {
+ return fmt.Errorf("failed to load config file: %w", err)
+ }
+
+ section, err := config.GetSection("profile " + cs.Profile)
+
+ if err != nil {
+ return fmt.Errorf("failed to find profile %s", cs.Profile)
+ }
+
+ accountID, err := section.GetKey("sso_account_id")
+ if err != nil {
+ return fmt.Errorf("failed to find sso_account_id key in profile %s", cs.Profile)
+ }
+
+ region, err := section.GetKey("region")
+ if err != nil {
+ return fmt.Errorf("failed to find region key in profile %s", cs.Profile)
+ }
+
+ roleName, err := section.GetKey("sso_role_name")
+ if err != nil {
+ return fmt.Errorf("failed to find sso_role_name key in profile %s", cs.Profile)
+ }
+
+ ssoSession, err := section.GetKey("sso_session")
+ if err != nil {
+ return fmt.Errorf("failed to find sso_session key in profile %s", cs.Profile)
+ }
+
+ sessionName := ssoSession.Value()
+
+ session, err := config.GetSection("sso-session " + sessionName)
+ if err != nil {
+ return fmt.Errorf("failed to find sso-session %s", sessionName)
+ }
+
+ startUrl, err := session.GetKey("sso_start_url")
+ if err != nil {
+ return fmt.Errorf("failed to find sso_start_url key in sso-session %s", sessionName)
+ }
+
+ cs.session = &ssoSessionDetails{
+ StartUrl: startUrl.Value(),
+ Name: sessionName,
+ AccountID: accountID.Value(),
+ Region: region.Value(),
+ RoleName: roleName.Value(),
+ }
+
+ return nil
+}
+
+func (cs *awsSSOCredentialsService) tryRefreshToken() error {
+ // Check if refresh token is empty
+ if cs.session.RefreshToken == "" {
+ return errors.New("refresh token is empty")
+ }
+
+ // Use the refresh token to get a new access token
+ // using the clientId, clientSecret and refreshToken from the loaded token
+ // return the new token
+ // if error, return error
+
+ type refreshTokenRequest struct {
+ ClientId string `json:"clientId"`
+ ClientSecret string `json:"clientSecret"`
+ RefreshToken string `json:"refreshToken"`
+ GrantType string `json:"grantType"`
+ }
+
+ data := refreshTokenRequest{
+ ClientId: cs.session.ClientId,
+ ClientSecret: cs.session.ClientSecret,
+ RefreshToken: cs.session.RefreshToken,
+ GrantType: "refresh_token",
+ }
+
+ body, err := json.Marshal(data)
+ if err != nil {
+ return fmt.Errorf("failed to marshal refresh token request: %v", err)
+ }
+
+ endpoint := fmt.Sprintf("https://oidc.%s.amazonaws.com/token", cs.session.Region)
+ r, err := http.NewRequest("POST", endpoint, bytes.NewReader(body))
+ if err != nil {
+ return fmt.Errorf("failed to create new request: %v", err)
+ }
+
+ r.Header.Add("Content-Type", "application/json")
+ c := &http.Client{}
+ resp, err := c.Do(r)
+ if err != nil {
+ return fmt.Errorf("failed to do request: %v", err)
+ }
+ defer resp.Body.Close()
+
+ type refreshTokenResponse struct {
+ AccessToken string `json:"accessToken"`
+ ExpiresIn int `json:"expiresIn"`
+ RefreshToken string `json:"refreshToken"`
+ }
+
+ refreshedToken := refreshTokenResponse{}
+
+ if err := json.NewDecoder(resp.Body).Decode(&refreshedToken); err != nil {
+ return fmt.Errorf("failed to decode response: %v", err)
+ }
+
+ cs.session.AccessToken = refreshedToken.AccessToken
+ cs.session.ExpiresAt = time.Now().Add(time.Duration(refreshedToken.ExpiresIn) * time.Second)
+ cs.session.RefreshToken = refreshedToken.RefreshToken
+
+ return nil
+}
+
+func (cs *awsSSOCredentialsService) refreshCredentials() error {
+ url := fmt.Sprintf("https://portal.sso.%s.amazonaws.com/federation/credentials?account_id=%s&role_name=%s", cs.session.Region, cs.session.AccountID, cs.session.RoleName)
+
+ req, err := http.NewRequest("GET", url, nil)
+ if err != nil {
+ return err
+ }
+
+ req.Header.Set("Authorization", "Bearer "+cs.session.AccessToken)
+ req.Header.Set("Content-Type", "application/json")
+
+ client := &http.Client{}
+ resp, err := client.Do(req)
+ if err != nil {
+ return err
+ }
+ defer resp.Body.Close()
+
+ type roleCredentials struct {
+ AccessKeyId string `json:"accessKeyId"`
+ SecretAccessKey string `json:"secretAccessKey"`
+ SessionToken string `json:"sessionToken"`
+ Expiration int64 `json:"expiration"`
+ }
+ type getRoleCredentialsResponse struct {
+ RoleCredentials roleCredentials `json:"roleCredentials"`
+ }
+
+ var result getRoleCredentialsResponse
+
+ if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
+ return fmt.Errorf("failed to decode response: %v", err)
+ }
+
+ cs.creds = aws.Credentials{
+ AccessKey: result.RoleCredentials.AccessKeyId,
+ SecretKey: result.RoleCredentials.SecretAccessKey,
+ SessionToken: result.RoleCredentials.SessionToken,
+ RegionName: cs.session.Region,
+ }
+
+ cs.credentialsExpiresAt = time.Unix(result.RoleCredentials.Expiration, 0)
+
+ return nil
+}
+
+func (cs *awsSSOCredentialsService) loadProfile() {
+ if cs.Profile != "" {
+ return
+ }
+
+ cs.Profile = os.Getenv(awsProfileEnvVar)
+
+ if cs.Profile == "" {
+ cs.Profile = "default"
+ }
+
+}
+
+func (cs *awsSSOCredentialsService) init() error {
+ cs.loadProfile()
+
+ if err := cs.loadSession(); err != nil {
+ return fmt.Errorf("failed to load session: %w", err)
+ }
+
+ if err := cs.loadSSOCredentials(); err != nil {
+ return fmt.Errorf("failed to load SSO credentials: %w", err)
+ }
+
+ // this enforces fetching credentials
+ cs.credentialsExpiresAt = time.Unix(0, 0)
+ return nil
+}
+
+func (cs *awsSSOCredentialsService) credentials(context.Context) (aws.Credentials, error) {
+ if cs.session == nil {
+ if err := cs.init(); err != nil {
+ return aws.Credentials{}, err
+ }
+ }
+
+ if cs.credentialsExpiresAt.Before(time.Now().Add(5 * time.Minute)) {
+ // Check if the sso token we have is still valid,
+ // if not, try to refresh it
+ if cs.session.ExpiresAt.Before(time.Now()) {
+ // we try and get a new token if we can
+ if cs.session.RegistrationExpiresAt.Before(time.Now()) {
+ return aws.Credentials{}, errors.New("cannot refresh token, registration expired")
+ }
+
+ if err := cs.tryRefreshToken(); err != nil {
+ return aws.Credentials{}, fmt.Errorf("failed to refresh token: %w", err)
+ }
+ }
+
+ if err := cs.refreshCredentials(); err != nil {
+ return aws.Credentials{}, fmt.Errorf("failed to refresh credentials: %w", err)
+ }
+ }
+
+ return cs.creds, nil
+}
+
// awsProfileCredentialService represents a credential provider for AWS that extracts credentials from the AWS
// credentials file
type awsProfileCredentialService struct {
@@ -678,7 +1010,7 @@ func (ap *ecrAuthPlugin) Prepare(r *http.Request) error {
ap.logger.Debug("Signing request with ECR authorization token")
- r.Header.Set("Authorization", fmt.Sprintf("Basic %s", ap.token.AuthorizationToken))
+ r.Header.Set("Authorization", "Basic "+ap.token.AuthorizationToken)
return nil
}
diff --git a/vendor/github.com/open-policy-agent/opa/plugins/rest/azure.go b/vendor/github.com/open-policy-agent/opa/v1/plugins/rest/azure.go
similarity index 63%
rename from vendor/github.com/open-policy-agent/opa/plugins/rest/azure.go
rename to vendor/github.com/open-policy-agent/opa/v1/plugins/rest/azure.go
index ae00d48a7c..9f7a164327 100644
--- a/vendor/github.com/open-policy-agent/opa/plugins/rest/azure.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/plugins/rest/azure.go
@@ -1,6 +1,9 @@
package rest
import (
+ "bytes"
+ "context"
+ "encoding/base64"
"encoding/json"
"errors"
"fmt"
@@ -17,6 +20,7 @@ var (
defaultResource = "https://storage.azure.com/"
timeout = 5 * time.Second
defaultAPIVersionForAppServiceMsi = "2019-08-01"
+ defaultKeyVaultAPIVersion = "7.4"
)
// azureManagedIdentitiesToken holds a token for managed identities for Azure resources
@@ -52,11 +56,7 @@ type azureManagedIdentitiesAuthPlugin struct {
UseAppServiceMsi bool `json:"use_app_service_msi,omitempty"`
}
-func (ap *azureManagedIdentitiesAuthPlugin) NewClient(c Config) (*http.Client, error) {
- if c.Type == "oci" {
- return nil, errors.New("azure managed identities auth: OCI service not supported")
- }
-
+func (ap *azureManagedIdentitiesAuthPlugin) setDefaults() {
if ap.Endpoint == "" {
identityEndpoint := os.Getenv("IDENTITY_ENDPOINT")
if identityEndpoint != "" {
@@ -79,6 +79,13 @@ func (ap *azureManagedIdentitiesAuthPlugin) NewClient(c Config) (*http.Client, e
}
}
+}
+
+func (ap *azureManagedIdentitiesAuthPlugin) NewClient(c Config) (*http.Client, error) {
+ if c.Type == "oci" {
+ return nil, errors.New("azure managed identities auth: OCI service not supported")
+ }
+ ap.setDefaults()
t, err := DefaultTLSConfig(c)
if err != nil {
return nil, err
@@ -151,7 +158,6 @@ func azureManagedIdentitiesTokenRequest(
if err != nil {
return token, err
}
-
return token, nil
}
@@ -178,3 +184,104 @@ func buildAzureManagedIdentitiesRequestPath(
return endpoint + "?" + params.Encode()
}
+
+type azureKeyVaultSignPlugin struct {
+ config azureKeyVaultConfig
+ tokener func() (string, error)
+}
+
+func newKeyVaultSignPlugin(ap *azureManagedIdentitiesAuthPlugin, cfg *azureKeyVaultConfig) *azureKeyVaultSignPlugin {
+ resp := &azureKeyVaultSignPlugin{
+ tokener: func() (string, error) {
+ resp, err := azureManagedIdentitiesTokenRequest(
+ ap.Endpoint,
+ ap.APIVersion,
+ cfg.URL.String(),
+ ap.ObjectID,
+ ap.ClientID,
+ ap.MiResID,
+ ap.UseAppServiceMsi)
+ if err != nil {
+ return "", err
+ }
+ return resp.AccessToken, nil
+ },
+ config: *cfg,
+ }
+ return resp
+}
+
+func (akv *azureKeyVaultSignPlugin) setDefaults() {
+ if akv.config.APIVersion == "" {
+ akv.config.APIVersion = defaultKeyVaultAPIVersion
+ }
+}
+
+type kvRequest struct {
+ Alg string `json:"alg"`
+ Value string `json:"value"`
+}
+
+type kvResponse struct {
+ KID string `json:"kid"`
+ Value string `json:"value"`
+}
+
+// SignDigest() uses the Microsoft keyvault rest api to sign a byte digest
+// https://learn.microsoft.com/en-us/rest/api/keyvault/keys/sign/sign
+func (ap *azureKeyVaultSignPlugin) SignDigest(ctx context.Context, digest []byte) (string, error) {
+ tkn, err := ap.tokener()
+ if err != nil {
+ return "", err
+ }
+ if ap.config.URL.Host == "" {
+ return "", errors.New("keyvault host not set")
+ }
+
+ signingURL := ap.config.URL.JoinPath("keys", ap.config.Key, ap.config.KeyVersion, "sign")
+ q := signingURL.Query()
+ q.Set("api-version", ap.config.APIVersion)
+ signingURL.RawQuery = q.Encode()
+ reqBody, err := json.Marshal(kvRequest{
+ Alg: ap.config.Alg,
+ Value: base64.StdEncoding.EncodeToString(digest)})
+ if err != nil {
+ return "", err
+ }
+
+ req, err := http.NewRequestWithContext(ctx, http.MethodPost, signingURL.String(), bytes.NewBuffer(reqBody))
+ if err != nil {
+ return "", err
+ }
+
+ req.Header.Add("Authorization", "Bearer "+tkn)
+ req.Header.Add("Content-Type", "application/json")
+
+ resp, err := http.DefaultClient.Do(req)
+ if err != nil {
+ return "", err
+ }
+
+ if resp.StatusCode != http.StatusOK {
+ if resp.Body != nil {
+ defer resp.Body.Close()
+ b, _ := io.ReadAll(resp.Body)
+ return "", fmt.Errorf("non 200 status code, got: %d. Body: %v", resp.StatusCode, string(b))
+ }
+ return "", fmt.Errorf("non 200 status code from keyvault sign, got: %d", resp.StatusCode)
+ }
+ defer resp.Body.Close()
+
+ respBytes, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return "", errors.New("failed to read keyvault response body")
+ }
+
+ var res kvResponse
+ err = json.Unmarshal(respBytes, &res)
+ if err != nil {
+ return "", fmt.Errorf("no valid keyvault response, got: %v", string(respBytes))
+ }
+
+ return res.Value, nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/plugins/rest/gcp.go b/vendor/github.com/open-policy-agent/opa/v1/plugins/rest/gcp.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/plugins/rest/gcp.go
rename to vendor/github.com/open-policy-agent/opa/v1/plugins/rest/gcp.go
diff --git a/vendor/github.com/open-policy-agent/opa/plugins/rest/rest.go b/vendor/github.com/open-policy-agent/opa/v1/plugins/rest/rest.go
similarity index 92%
rename from vendor/github.com/open-policy-agent/opa/plugins/rest/rest.go
rename to vendor/github.com/open-policy-agent/opa/v1/plugins/rest/rest.go
index fd59058ca1..f8be30af5e 100644
--- a/vendor/github.com/open-policy-agent/opa/plugins/rest/rest.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/plugins/rest/rest.go
@@ -12,16 +12,17 @@ import (
"errors"
"fmt"
"io"
+ "maps"
"net/http"
"net/http/httputil"
"reflect"
"strings"
"github.com/open-policy-agent/opa/internal/version"
- "github.com/open-policy-agent/opa/keys"
- "github.com/open-policy-agent/opa/logging"
- "github.com/open-policy-agent/opa/tracing"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/keys"
+ "github.com/open-policy-agent/opa/v1/logging"
+ "github.com/open-policy-agent/opa/v1/tracing"
+ "github.com/open-policy-agent/opa/v1/util"
)
const (
@@ -94,7 +95,7 @@ func (c *Config) AuthPlugin(lookup AuthPluginLookupFunc) (HTTPAuthPlugin, error)
}
// reflection avoids need for this code to change as auth plugins are added
s := reflect.ValueOf(c.Credentials)
- for i := 0; i < s.NumField(); i++ {
+ for i := range s.NumField() {
if s.Field(i).IsNil() {
continue
}
@@ -132,12 +133,12 @@ func (c *Config) authPrepare(req *http.Request, lookup AuthPluginLookupFunc) err
// services.
type Client struct {
bytes *[]byte
- json *interface{}
+ json *any
config Config
headers map[string]string
authPluginLookup AuthPluginLookupFunc
logger logging.Logger
- loggerFields map[string]interface{}
+ loggerFields map[string]any
distributedTacingOpts tracing.Options
}
@@ -233,7 +234,7 @@ func (c Client) Logger() logging.Logger {
}
// LoggerFields returns the fields used for log statements used by Client
-func (c Client) LoggerFields() map[string]interface{} {
+func (c Client) LoggerFields() map[string]any {
return c.loggerFields
}
@@ -253,7 +254,7 @@ func (c Client) WithHeader(k, v string) Client {
// WithJSON returns a shallow copy of the client with the JSON value set as the
// message body to include the requests. This function sets the Content-Type
// header.
-func (c Client) WithJSON(body interface{}) Client {
+func (c Client) WithJSON(body any) Client {
c = c.WithHeader("Content-Type", "application/json")
c.json = &body
return c
@@ -293,7 +294,7 @@ func (c Client) Do(ctx context.Context, method, path string) (*http.Response, er
}
url := c.config.URL + "/" + path
- req, err := http.NewRequest(method, url, body)
+ req, err := http.NewRequestWithContext(ctx, method, url, body)
if err != nil {
return nil, err
}
@@ -303,28 +304,21 @@ func (c Client) Do(ctx context.Context, method, path string) (*http.Response, er
}
// Copy custom headers from config.
- for key, value := range c.config.Headers {
- headers[key] = value
- }
+ maps.Copy(headers, c.config.Headers)
// Overwrite with headers set directly on client.
- for key, value := range c.headers {
- headers[key] = value
- }
+ maps.Copy(headers, c.headers)
for key, value := range headers {
req.Header.Add(key, value)
}
- req = req.WithContext(ctx)
-
- err = c.config.authPrepare(req, c.authPluginLookup)
- if err != nil {
+ if err = c.config.authPrepare(req, c.authPluginLookup); err != nil {
return nil, err
}
if c.logger.GetLevel() >= logging.Debug {
- c.loggerFields = map[string]interface{}{
+ c.loggerFields = map[string]any{
"method": method,
"url": url,
"headers": withMaskedHeaders(req.Header),
@@ -347,7 +341,7 @@ func (c Client) Do(ctx context.Context, method, path string) (*http.Response, er
return nil, err
}
- if len(string(dump)) < defaultResponseSizeLimitBytes {
+ if len(dump) < defaultResponseSizeLimitBytes {
c.loggerFields["response"] = string(dump)
} else {
c.loggerFields["response"] = fmt.Sprintf("%v...", string(dump[:defaultResponseSizeLimitBytes]))
diff --git a/vendor/github.com/open-policy-agent/opa/v1/rego/errors.go b/vendor/github.com/open-policy-agent/opa/v1/rego/errors.go
new file mode 100644
index 0000000000..dcc5e2679d
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/rego/errors.go
@@ -0,0 +1,24 @@
+package rego
+
+// HaltError is an error type to return from a custom function implementation
+// that will abort the evaluation process (analogous to topdown.Halt).
+type HaltError struct {
+ err error
+}
+
+// Error delegates to the wrapped error
+func (h *HaltError) Error() string {
+ return h.err.Error()
+}
+
+// NewHaltError wraps an error such that the evaluation process will stop
+// when it occurs.
+func NewHaltError(err error) error {
+ return &HaltError{err: err}
+}
+
+// ErrorDetails interface is satisfied by an error that provides further
+// details.
+type ErrorDetails interface {
+ Lines() []string
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/rego/plugins.go b/vendor/github.com/open-policy-agent/opa/v1/rego/plugins.go
new file mode 100644
index 0000000000..55b5ed7803
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/rego/plugins.go
@@ -0,0 +1,43 @@
+// Copyright 2023 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package rego
+
+import (
+ "context"
+ "sync"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/ir"
+)
+
+var targetPlugins = map[string]TargetPlugin{}
+var pluginMtx sync.Mutex
+
+type TargetPlugin interface {
+ IsTarget(string) bool
+ PrepareForEval(context.Context, *ir.Policy, ...PrepareOption) (TargetPluginEval, error)
+}
+
+type TargetPluginEval interface {
+ Eval(context.Context, *EvalContext, ast.Value) (ast.Value, error)
+}
+
+func (*Rego) targetPlugin(tgt string) TargetPlugin {
+ for _, p := range targetPlugins {
+ if p.IsTarget(tgt) {
+ return p
+ }
+ }
+ return nil
+}
+
+func RegisterPlugin(name string, p TargetPlugin) {
+ pluginMtx.Lock()
+ defer pluginMtx.Unlock()
+ if _, ok := targetPlugins[name]; ok {
+ panic("plugin already registered " + name)
+ }
+ targetPlugins[name] = p
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/rego/rego.go b/vendor/github.com/open-policy-agent/opa/v1/rego/rego.go
new file mode 100644
index 0000000000..ed51ed4e3e
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/rego/rego.go
@@ -0,0 +1,2946 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package rego exposes high level APIs for evaluating Rego policies.
+package rego
+
+import (
+ "bytes"
+ "context"
+ "errors"
+ "fmt"
+ "io"
+ "maps"
+ "strings"
+ "time"
+
+ bundleUtils "github.com/open-policy-agent/opa/internal/bundle"
+ "github.com/open-policy-agent/opa/internal/compiler/wasm"
+ "github.com/open-policy-agent/opa/internal/future"
+ "github.com/open-policy-agent/opa/internal/planner"
+ "github.com/open-policy-agent/opa/internal/rego/opa"
+ "github.com/open-policy-agent/opa/internal/wasm/encoding"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/bundle"
+ "github.com/open-policy-agent/opa/v1/ir"
+ "github.com/open-policy-agent/opa/v1/loader"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/plugins"
+ "github.com/open-policy-agent/opa/v1/resolver"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/storage/inmem"
+ "github.com/open-policy-agent/opa/v1/topdown"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
+ "github.com/open-policy-agent/opa/v1/topdown/print"
+ "github.com/open-policy-agent/opa/v1/tracing"
+ "github.com/open-policy-agent/opa/v1/types"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+const (
+ defaultPartialNamespace = "partial"
+ wasmVarPrefix = "^"
+)
+
+// nolint: deadcode,varcheck
+const (
+ targetWasm = "wasm"
+ targetRego = "rego"
+)
+
+// CompileResult represents the result of compiling a Rego query, zero or more
+// Rego modules, and arbitrary contextual data into an executable.
+type CompileResult struct {
+ Bytes []byte `json:"bytes"`
+}
+
+// PartialQueries contains the queries and support modules produced by partial
+// evaluation.
+type PartialQueries struct {
+ Queries []ast.Body `json:"queries,omitempty"`
+ Support []*ast.Module `json:"modules,omitempty"`
+}
+
+// PartialResult represents the result of partial evaluation. The result can be
+// used to generate a new query that can be run when inputs are known.
+type PartialResult struct {
+ compiler *ast.Compiler
+ store storage.Store
+ body ast.Body
+ builtinDecls map[string]*ast.Builtin
+ builtinFuncs map[string]*topdown.Builtin
+}
+
+// Rego returns an object that can be evaluated to produce a query result.
+func (pr PartialResult) Rego(options ...func(*Rego)) *Rego {
+ options = append(options, Compiler(pr.compiler), Store(pr.store), ParsedQuery(pr.body))
+ r := New(options...)
+
+ // Propagate any custom builtins.
+ maps.Copy(r.builtinDecls, pr.builtinDecls)
+ maps.Copy(r.builtinFuncs, pr.builtinFuncs)
+ return r
+}
+
+// preparedQuery is a wrapper around a Rego object which has pre-processed
+// state stored on it. Once prepared there are a more limited number of actions
+// that can be taken with it. It will, however, be able to evaluate faster since
+// it will not have to re-parse or compile as much.
+type preparedQuery struct {
+ r *Rego
+ cfg *PrepareConfig
+}
+
+// EvalContext defines the set of options allowed to be set at evaluation
+// time. Any other options will need to be set on a new Rego object.
+type EvalContext struct {
+ hasInput bool
+ time time.Time
+ seed io.Reader
+ rawInput *any
+ parsedInput ast.Value
+ metrics metrics.Metrics
+ txn storage.Transaction
+ instrument bool
+ instrumentation *topdown.Instrumentation
+ partialNamespace string
+ queryTracers []topdown.QueryTracer
+ compiledQuery compiledQuery
+ unknowns []string
+ disableInlining []ast.Ref
+ nondeterministicBuiltins bool
+ parsedUnknowns []*ast.Term
+ indexing bool
+ earlyExit bool
+ interQueryBuiltinCache cache.InterQueryCache
+ interQueryBuiltinValueCache cache.InterQueryValueCache
+ ndBuiltinCache builtins.NDBCache
+ resolvers []refResolver
+ httpRoundTripper topdown.CustomizeRoundTripper
+ sortSets bool
+ copyMaps bool
+ printHook print.Hook
+ capabilities *ast.Capabilities
+ strictBuiltinErrors bool
+ virtualCache topdown.VirtualCache
+ baseCache topdown.BaseCache
+}
+
+func (e *EvalContext) RawInput() *any {
+ return e.rawInput
+}
+
+func (e *EvalContext) ParsedInput() ast.Value {
+ return e.parsedInput
+}
+
+func (e *EvalContext) Time() time.Time {
+ return e.time
+}
+
+func (e *EvalContext) Seed() io.Reader {
+ return e.seed
+}
+
+func (e *EvalContext) InterQueryBuiltinCache() cache.InterQueryCache {
+ return e.interQueryBuiltinCache
+}
+
+func (e *EvalContext) InterQueryBuiltinValueCache() cache.InterQueryValueCache {
+ return e.interQueryBuiltinValueCache
+}
+
+func (e *EvalContext) PrintHook() print.Hook {
+ return e.printHook
+}
+
+func (e *EvalContext) Metrics() metrics.Metrics {
+ return e.metrics
+}
+
+func (e *EvalContext) StrictBuiltinErrors() bool {
+ return e.strictBuiltinErrors
+}
+
+func (e *EvalContext) NDBCache() builtins.NDBCache {
+ return e.ndBuiltinCache
+}
+
+func (e *EvalContext) CompiledQuery() ast.Body {
+ return e.compiledQuery.query
+}
+
+func (e *EvalContext) Capabilities() *ast.Capabilities {
+ return e.capabilities
+}
+
+func (e *EvalContext) Transaction() storage.Transaction {
+ return e.txn
+}
+
+// EvalOption defines a function to set an option on an EvalConfig
+type EvalOption func(*EvalContext)
+
+// EvalInput configures the input for a Prepared Query's evaluation
+func EvalInput(input any) EvalOption {
+ return func(e *EvalContext) {
+ e.rawInput = &input
+ e.hasInput = true
+ }
+}
+
+// EvalParsedInput configures the input for a Prepared Query's evaluation
+func EvalParsedInput(input ast.Value) EvalOption {
+ return func(e *EvalContext) {
+ e.parsedInput = input
+ e.hasInput = true
+ }
+}
+
+// EvalMetrics configures the metrics for a Prepared Query's evaluation
+func EvalMetrics(metric metrics.Metrics) EvalOption {
+ return func(e *EvalContext) {
+ e.metrics = metric
+ }
+}
+
+// EvalTransaction configures the Transaction for a Prepared Query's evaluation
+func EvalTransaction(txn storage.Transaction) EvalOption {
+ return func(e *EvalContext) {
+ e.txn = txn
+ }
+}
+
+// EvalInstrument enables or disables instrumenting for a Prepared Query's evaluation
+func EvalInstrument(instrument bool) EvalOption {
+ return func(e *EvalContext) {
+ e.instrument = instrument
+ }
+}
+
+// EvalTracer configures a tracer for a Prepared Query's evaluation
+// Deprecated: Use EvalQueryTracer instead.
+func EvalTracer(tracer topdown.Tracer) EvalOption {
+ return func(e *EvalContext) {
+ if tracer != nil {
+ e.queryTracers = append(e.queryTracers, topdown.WrapLegacyTracer(tracer))
+ }
+ }
+}
+
+// EvalQueryTracer configures a tracer for a Prepared Query's evaluation
+func EvalQueryTracer(tracer topdown.QueryTracer) EvalOption {
+ return func(e *EvalContext) {
+ if tracer != nil {
+ e.queryTracers = append(e.queryTracers, tracer)
+ }
+ }
+}
+
+// EvalPartialNamespace returns an argument that sets the namespace to use for
+// partial evaluation results. The namespace must be a valid package path
+// component.
+func EvalPartialNamespace(ns string) EvalOption {
+ return func(e *EvalContext) {
+ e.partialNamespace = ns
+ }
+}
+
+// EvalUnknowns returns an argument that sets the values to treat as
+// unknown during partial evaluation.
+func EvalUnknowns(unknowns []string) EvalOption {
+ return func(e *EvalContext) {
+ e.unknowns = unknowns
+ }
+}
+
+// EvalDisableInlining returns an argument that adds a set of paths to exclude from
+// partial evaluation inlining.
+func EvalDisableInlining(paths []ast.Ref) EvalOption {
+ return func(e *EvalContext) {
+ e.disableInlining = paths
+ }
+}
+
+// EvalParsedUnknowns returns an argument that sets the values to treat
+// as unknown during partial evaluation.
+func EvalParsedUnknowns(unknowns []*ast.Term) EvalOption {
+ return func(e *EvalContext) {
+ e.parsedUnknowns = unknowns
+ }
+}
+
+// EvalRuleIndexing will disable indexing optimizations for the
+// evaluation. This should only be used when tracing in debug mode.
+func EvalRuleIndexing(enabled bool) EvalOption {
+ return func(e *EvalContext) {
+ e.indexing = enabled
+ }
+}
+
+// EvalEarlyExit will disable 'early exit' optimizations for the
+// evaluation. This should only be used when tracing in debug mode.
+func EvalEarlyExit(enabled bool) EvalOption {
+ return func(e *EvalContext) {
+ e.earlyExit = enabled
+ }
+}
+
+// EvalTime sets the wall clock time to use during policy evaluation.
+// time.now_ns() calls will return this value.
+func EvalTime(x time.Time) EvalOption {
+ return func(e *EvalContext) {
+ e.time = x
+ }
+}
+
+// EvalSeed sets a reader that will seed randomization required by built-in functions.
+// If a seed is not provided crypto/rand.Reader is used.
+func EvalSeed(r io.Reader) EvalOption {
+ return func(e *EvalContext) {
+ e.seed = r
+ }
+}
+
+// EvalInterQueryBuiltinCache sets the inter-query cache that built-in functions can utilize
+// during evaluation.
+func EvalInterQueryBuiltinCache(c cache.InterQueryCache) EvalOption {
+ return func(e *EvalContext) {
+ e.interQueryBuiltinCache = c
+ }
+}
+
+// EvalInterQueryBuiltinValueCache sets the inter-query value cache that built-in functions can utilize
+// during evaluation.
+func EvalInterQueryBuiltinValueCache(c cache.InterQueryValueCache) EvalOption {
+ return func(e *EvalContext) {
+ e.interQueryBuiltinValueCache = c
+ }
+}
+
+// EvalNDBuiltinCache sets the non-deterministic builtin cache that built-in functions can
+// use during evaluation.
+func EvalNDBuiltinCache(c builtins.NDBCache) EvalOption {
+ return func(e *EvalContext) {
+ e.ndBuiltinCache = c
+ }
+}
+
+// EvalResolver sets a Resolver for a specified ref path for this evaluation.
+func EvalResolver(ref ast.Ref, r resolver.Resolver) EvalOption {
+ return func(e *EvalContext) {
+ e.resolvers = append(e.resolvers, refResolver{ref, r})
+ }
+}
+
+// EvalHTTPRoundTripper allows customizing the http.RoundTripper for this evaluation.
+func EvalHTTPRoundTripper(t topdown.CustomizeRoundTripper) EvalOption {
+ return func(e *EvalContext) {
+ e.httpRoundTripper = t
+ }
+}
+
+// EvalSortSets causes the evaluator to sort sets before returning them as JSON arrays.
+func EvalSortSets(yes bool) EvalOption {
+ return func(e *EvalContext) {
+ e.sortSets = yes
+ }
+}
+
+// EvalCopyMaps causes the evaluator to copy `map[string]any`s before returning them.
+func EvalCopyMaps(yes bool) EvalOption {
+ return func(e *EvalContext) {
+ e.copyMaps = yes
+ }
+}
+
+// EvalPrintHook sets the object to use for handling print statement outputs.
+func EvalPrintHook(ph print.Hook) EvalOption {
+ return func(e *EvalContext) {
+ e.printHook = ph
+ }
+}
+
+// EvalVirtualCache sets the topdown.VirtualCache to use for evaluation.
+// This is optional, and if not set, the default cache is used.
+func EvalVirtualCache(vc topdown.VirtualCache) EvalOption {
+ return func(e *EvalContext) {
+ e.virtualCache = vc
+ }
+}
+
+// EvalBaseCache sets the topdown.BaseCache to use for evaluation.
+// This is optional, and if not set, the default cache is used.
+func EvalBaseCache(bc topdown.BaseCache) EvalOption {
+ return func(e *EvalContext) {
+ e.baseCache = bc
+ }
+}
+
+// EvalNondeterministicBuiltins causes non-deterministic builtins to be evalued
+// during partial evaluation. This is needed to pull in external data, or validate
+// a JWT, during PE, so that the result informs what queries are returned.
+func EvalNondeterministicBuiltins(yes bool) EvalOption {
+ return func(e *EvalContext) {
+ e.nondeterministicBuiltins = yes
+ }
+}
+
+func (pq preparedQuery) Modules() map[string]*ast.Module {
+ mods := make(map[string]*ast.Module)
+
+ maps.Copy(mods, pq.r.parsedModules)
+
+ for _, b := range pq.r.bundles {
+ for _, mod := range b.Modules {
+ mods[mod.Path] = mod.Parsed
+ }
+ }
+
+ return mods
+}
+
+// newEvalContext creates a new EvalContext overlaying any EvalOptions over top
+// the Rego object on the preparedQuery. The returned function should be called
+// once the evaluation is complete to close any transactions that might have
+// been opened.
+func (pq preparedQuery) newEvalContext(ctx context.Context, options []EvalOption) (*EvalContext, func(context.Context), error) {
+ ectx := &EvalContext{
+ hasInput: false,
+ rawInput: nil,
+ parsedInput: nil,
+ metrics: nil,
+ txn: nil,
+ instrument: false,
+ instrumentation: nil,
+ partialNamespace: pq.r.partialNamespace,
+ queryTracers: nil,
+ unknowns: pq.r.unknowns,
+ parsedUnknowns: pq.r.parsedUnknowns,
+ nondeterministicBuiltins: pq.r.nondeterministicBuiltins,
+ compiledQuery: compiledQuery{},
+ indexing: true,
+ earlyExit: true,
+ resolvers: pq.r.resolvers,
+ printHook: pq.r.printHook,
+ capabilities: pq.r.capabilities,
+ strictBuiltinErrors: pq.r.strictBuiltinErrors,
+ }
+
+ for _, o := range options {
+ o(ectx)
+ }
+
+ if ectx.metrics == nil {
+ ectx.metrics = metrics.New()
+ }
+
+ if ectx.instrument {
+ ectx.instrumentation = topdown.NewInstrumentation(ectx.metrics)
+ }
+
+ // Default to an empty "finish" function
+ finishFunc := func(context.Context) {}
+
+ var err error
+ ectx.disableInlining, err = parseStringsToRefs(pq.r.disableInlining)
+ if err != nil {
+ return nil, finishFunc, err
+ }
+
+ if ectx.txn == nil {
+ ectx.txn, err = pq.r.store.NewTransaction(ctx)
+ if err != nil {
+ return nil, finishFunc, err
+ }
+ finishFunc = func(ctx context.Context) {
+ pq.r.store.Abort(ctx, ectx.txn)
+ }
+ }
+
+ // If we didn't get an input specified in the Eval options
+ // then fall back to the Rego object's input fields.
+ if !ectx.hasInput {
+ ectx.rawInput = pq.r.rawInput
+ ectx.parsedInput = pq.r.parsedInput
+ }
+
+ if ectx.parsedInput == nil {
+ if ectx.rawInput == nil {
+ // Fall back to the original Rego objects input if none was specified
+ // Note that it could still be nil
+ ectx.rawInput = pq.r.rawInput
+ }
+
+ if pq.r.targetPlugin(pq.r.target) == nil && // no plugin claims this target
+ pq.r.target != targetWasm {
+ ectx.parsedInput, err = pq.r.parseRawInput(ectx.rawInput, ectx.metrics)
+ if err != nil {
+ return nil, finishFunc, err
+ }
+ }
+ }
+
+ return ectx, finishFunc, nil
+}
+
+// PreparedEvalQuery holds the prepared Rego state that has been pre-processed
+// for subsequent evaluations.
+type PreparedEvalQuery struct {
+ preparedQuery
+}
+
+// Eval evaluates this PartialResult's Rego object with additional eval options
+// and returns a ResultSet.
+// If options are provided they will override the original Rego options respective value.
+// The original Rego object transaction will *not* be re-used. A new transaction will be opened
+// if one is not provided with an EvalOption.
+func (pq PreparedEvalQuery) Eval(ctx context.Context, options ...EvalOption) (ResultSet, error) {
+ ectx, finish, err := pq.newEvalContext(ctx, options)
+ if err != nil {
+ return nil, err
+ }
+ defer finish(ctx)
+
+ ectx.compiledQuery = pq.r.compiledQueries[evalQueryType]
+
+ return pq.r.eval(ctx, ectx)
+}
+
+// PreparedPartialQuery holds the prepared Rego state that has been pre-processed
+// for partial evaluations.
+type PreparedPartialQuery struct {
+ preparedQuery
+}
+
+// Partial runs partial evaluation on the prepared query and returns the result.
+// The original Rego object transaction will *not* be re-used. A new transaction will be opened
+// if one is not provided with an EvalOption.
+func (pq PreparedPartialQuery) Partial(ctx context.Context, options ...EvalOption) (*PartialQueries, error) {
+ ectx, finish, err := pq.newEvalContext(ctx, options)
+ if err != nil {
+ return nil, err
+ }
+ defer finish(ctx)
+
+ ectx.compiledQuery = pq.r.compiledQueries[partialQueryType]
+
+ return pq.r.partial(ctx, ectx)
+}
+
+// Errors represents a collection of errors returned when evaluating Rego.
+type Errors []error
+
+func (errs Errors) Error() string {
+ if len(errs) == 0 {
+ return "no error"
+ }
+ if len(errs) == 1 {
+ return fmt.Sprintf("1 error occurred: %v", errs[0].Error())
+ }
+ buf := []string{fmt.Sprintf("%v errors occurred", len(errs))}
+ for _, err := range errs {
+ buf = append(buf, err.Error())
+ }
+ return strings.Join(buf, "\n")
+}
+
+var errPartialEvaluationNotEffective = errors.New("partial evaluation not effective")
+
+// IsPartialEvaluationNotEffectiveErr returns true if err is an error returned by
+// this package to indicate that partial evaluation was ineffective.
+func IsPartialEvaluationNotEffectiveErr(err error) bool {
+ errs, ok := err.(Errors)
+ if !ok {
+ return false
+ }
+ return len(errs) == 1 && errs[0] == errPartialEvaluationNotEffective
+}
+
+type compiledQuery struct {
+ query ast.Body
+ compiler ast.QueryCompiler
+}
+
+type queryType int
+
+// Define a query type for each of the top level Rego
+// API's that compile queries differently.
+const (
+ evalQueryType queryType = iota
+ partialResultQueryType
+ partialQueryType
+ compileQueryType
+)
+
+type loadPaths struct {
+ paths []string
+ filter loader.Filter
+}
+
+// Rego constructs a query and can be evaluated to obtain results.
+type Rego struct {
+ query string
+ parsedQuery ast.Body
+ compiledQueries map[queryType]compiledQuery
+ pkg string
+ parsedPackage *ast.Package
+ imports []string
+ parsedImports []*ast.Import
+ rawInput *any
+ parsedInput ast.Value
+ unknowns []string
+ parsedUnknowns []*ast.Term
+ disableInlining []string
+ shallowInlining bool
+ nondeterministicBuiltins bool
+ skipPartialNamespace bool
+ partialNamespace string
+ modules []rawModule
+ parsedModules map[string]*ast.Module
+ compiler *ast.Compiler
+ store storage.Store
+ ownStore bool
+ ownStoreReadAst bool
+ txn storage.Transaction
+ metrics metrics.Metrics
+ queryTracers []topdown.QueryTracer
+ tracebuf *topdown.BufferTracer
+ trace bool
+ instrumentation *topdown.Instrumentation
+ instrument bool
+ capture map[*ast.Expr]ast.Var // map exprs to generated capture vars
+ termVarID int
+ dump io.Writer
+ runtime *ast.Term
+ time time.Time
+ seed io.Reader
+ capabilities *ast.Capabilities
+ builtinDecls map[string]*ast.Builtin
+ builtinFuncs map[string]*topdown.Builtin
+ unsafeBuiltins map[string]struct{}
+ loadPaths loadPaths
+ bundlePaths []string
+ bundles map[string]*bundle.Bundle
+ skipBundleVerification bool
+ interQueryBuiltinCache cache.InterQueryCache
+ interQueryBuiltinValueCache cache.InterQueryValueCache
+ ndBuiltinCache builtins.NDBCache
+ strictBuiltinErrors bool
+ builtinErrorList *[]topdown.Error
+ resolvers []refResolver
+ schemaSet *ast.SchemaSet
+ target string // target type (wasm, rego, etc.)
+ opa opa.EvalEngine
+ generateJSON func(*ast.Term, *EvalContext) (any, error)
+ printHook print.Hook
+ enablePrintStatements bool
+ distributedTacingOpts tracing.Options
+ strict bool
+ pluginMgr *plugins.Manager
+ plugins []TargetPlugin
+ targetPrepState TargetPluginEval
+ regoVersion ast.RegoVersion
+}
+
+func (r *Rego) RegoVersion() ast.RegoVersion {
+ return r.regoVersion
+}
+
+// Function represents a built-in function that is callable in Rego.
+type Function struct {
+ Name string
+ Description string
+ Decl *types.Function
+ Memoize bool
+ Nondeterministic bool
+}
+
+// BuiltinContext contains additional attributes from the evaluator that
+// built-in functions can use, e.g., the request context.Context, caches, etc.
+type BuiltinContext = topdown.BuiltinContext
+
+type (
+ // Builtin1 defines a built-in function that accepts 1 argument.
+ Builtin1 func(bctx BuiltinContext, op1 *ast.Term) (*ast.Term, error)
+
+ // Builtin2 defines a built-in function that accepts 2 arguments.
+ Builtin2 func(bctx BuiltinContext, op1, op2 *ast.Term) (*ast.Term, error)
+
+ // Builtin3 defines a built-in function that accepts 3 argument.
+ Builtin3 func(bctx BuiltinContext, op1, op2, op3 *ast.Term) (*ast.Term, error)
+
+ // Builtin4 defines a built-in function that accepts 4 argument.
+ Builtin4 func(bctx BuiltinContext, op1, op2, op3, op4 *ast.Term) (*ast.Term, error)
+
+ // BuiltinDyn defines a built-in function that accepts a list of arguments.
+ BuiltinDyn func(bctx BuiltinContext, terms []*ast.Term) (*ast.Term, error)
+)
+
+// RegisterBuiltin1 adds a built-in function globally inside the OPA runtime.
+func RegisterBuiltin1(decl *Function, impl Builtin1) {
+ ast.RegisterBuiltin(&ast.Builtin{
+ Name: decl.Name,
+ Description: decl.Description,
+ Decl: decl.Decl,
+ Nondeterministic: decl.Nondeterministic,
+ })
+ topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms[0]) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// RegisterBuiltin2 adds a built-in function globally inside the OPA runtime.
+func RegisterBuiltin2(decl *Function, impl Builtin2) {
+ ast.RegisterBuiltin(&ast.Builtin{
+ Name: decl.Name,
+ Description: decl.Description,
+ Decl: decl.Decl,
+ Nondeterministic: decl.Nondeterministic,
+ })
+ topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms[0], terms[1]) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// RegisterBuiltin3 adds a built-in function globally inside the OPA runtime.
+func RegisterBuiltin3(decl *Function, impl Builtin3) {
+ ast.RegisterBuiltin(&ast.Builtin{
+ Name: decl.Name,
+ Description: decl.Description,
+ Decl: decl.Decl,
+ Nondeterministic: decl.Nondeterministic,
+ })
+ topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms[0], terms[1], terms[2]) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// RegisterBuiltin4 adds a built-in function globally inside the OPA runtime.
+func RegisterBuiltin4(decl *Function, impl Builtin4) {
+ ast.RegisterBuiltin(&ast.Builtin{
+ Name: decl.Name,
+ Description: decl.Description,
+ Decl: decl.Decl,
+ Nondeterministic: decl.Nondeterministic,
+ })
+ topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms[0], terms[1], terms[2], terms[3]) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// RegisterBuiltinDyn adds a built-in function globally inside the OPA runtime.
+func RegisterBuiltinDyn(decl *Function, impl BuiltinDyn) {
+ ast.RegisterBuiltin(&ast.Builtin{
+ Name: decl.Name,
+ Description: decl.Description,
+ Decl: decl.Decl,
+ Nondeterministic: decl.Nondeterministic,
+ })
+ topdown.RegisterBuiltinFunc(decl.Name, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return impl(bctx, terms) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// Function1 returns an option that adds a built-in function to the Rego object.
+func Function1(decl *Function, f Builtin1) func(*Rego) {
+ return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms[0]) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// Function2 returns an option that adds a built-in function to the Rego object.
+func Function2(decl *Function, f Builtin2) func(*Rego) {
+ return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms[0], terms[1]) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// Function3 returns an option that adds a built-in function to the Rego object.
+func Function3(decl *Function, f Builtin3) func(*Rego) {
+ return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms[0], terms[1], terms[2]) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// Function4 returns an option that adds a built-in function to the Rego object.
+func Function4(decl *Function, f Builtin4) func(*Rego) {
+ return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms[0], terms[1], terms[2], terms[3]) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// FunctionDyn returns an option that adds a built-in function to the Rego object.
+func FunctionDyn(decl *Function, f BuiltinDyn) func(*Rego) {
+ return newFunction(decl, func(bctx BuiltinContext, terms []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := memoize(decl, bctx, terms, func() (*ast.Term, error) { return f(bctx, terms) })
+ return finishFunction(decl.Name, bctx, result, err, iter)
+ })
+}
+
+// FunctionDecl returns an option that adds a custom-built-in function
+// __declaration__. NO implementation is provided. This is used for
+// non-interpreter execution envs (e.g., Wasm).
+func FunctionDecl(decl *Function) func(*Rego) {
+ return newDecl(decl)
+}
+
+func newDecl(decl *Function) func(*Rego) {
+ return func(r *Rego) {
+ r.builtinDecls[decl.Name] = &ast.Builtin{
+ Name: decl.Name,
+ Decl: decl.Decl,
+ }
+ }
+}
+
+type memo struct {
+ term *ast.Term
+ err error
+}
+
+type memokey string
+
+func memoize(decl *Function, bctx BuiltinContext, terms []*ast.Term, ifEmpty func() (*ast.Term, error)) (*ast.Term, error) {
+
+ if !decl.Memoize {
+ return ifEmpty()
+ }
+
+ // NOTE(tsandall): we assume memoization is applied to infrequent built-in
+ // calls that do things like fetch data from remote locations. As such,
+ // converting the terms to strings is acceptable for now.
+ var b strings.Builder
+ if _, err := b.WriteString(decl.Name); err != nil {
+ return nil, err
+ }
+
+ // The term slice _may_ include an output term depending on how the caller
+ // referred to the built-in function. Only use the arguments as the cache
+ // key. Unification ensures we don't get false positive matches.
+ for i := range decl.Decl.Arity() {
+ if _, err := b.WriteString(terms[i].String()); err != nil {
+ return nil, err
+ }
+ }
+
+ key := memokey(b.String())
+ hit, ok := bctx.Cache.Get(key)
+ var m memo
+ if ok {
+ m = hit.(memo)
+ } else {
+ m.term, m.err = ifEmpty()
+ bctx.Cache.Put(key, m)
+ }
+
+ return m.term, m.err
+}
+
+// Dump returns an argument that sets the writer to dump debugging information to.
+func Dump(w io.Writer) func(r *Rego) {
+ return func(r *Rego) {
+ r.dump = w
+ }
+}
+
+// Query returns an argument that sets the Rego query.
+func Query(q string) func(r *Rego) {
+ return func(r *Rego) {
+ r.query = q
+ }
+}
+
+// ParsedQuery returns an argument that sets the Rego query.
+func ParsedQuery(q ast.Body) func(r *Rego) {
+ return func(r *Rego) {
+ r.parsedQuery = q
+ }
+}
+
+// Package returns an argument that sets the Rego package on the query's
+// context.
+func Package(p string) func(r *Rego) {
+ return func(r *Rego) {
+ r.pkg = p
+ }
+}
+
+// ParsedPackage returns an argument that sets the Rego package on the query's
+// context.
+func ParsedPackage(pkg *ast.Package) func(r *Rego) {
+ return func(r *Rego) {
+ r.parsedPackage = pkg
+ }
+}
+
+// Imports returns an argument that adds a Rego import to the query's context.
+func Imports(p []string) func(r *Rego) {
+ return func(r *Rego) {
+ r.imports = append(r.imports, p...)
+ }
+}
+
+// ParsedImports returns an argument that adds Rego imports to the query's
+// context.
+func ParsedImports(imp []*ast.Import) func(r *Rego) {
+ return func(r *Rego) {
+ r.parsedImports = append(r.parsedImports, imp...)
+ }
+}
+
+// Input returns an argument that sets the Rego input document. Input should be
+// a native Go value representing the input document.
+func Input(x any) func(r *Rego) {
+ return func(r *Rego) {
+ r.rawInput = &x
+ }
+}
+
+// ParsedInput returns an argument that sets the Rego input document.
+func ParsedInput(x ast.Value) func(r *Rego) {
+ return func(r *Rego) {
+ r.parsedInput = x
+ }
+}
+
+// Unknowns returns an argument that sets the values to treat as unknown during
+// partial evaluation.
+func Unknowns(unknowns []string) func(r *Rego) {
+ return func(r *Rego) {
+ r.unknowns = unknowns
+ }
+}
+
+// ParsedUnknowns returns an argument that sets the values to treat as unknown
+// during partial evaluation.
+func ParsedUnknowns(unknowns []*ast.Term) func(r *Rego) {
+ return func(r *Rego) {
+ r.parsedUnknowns = unknowns
+ }
+}
+
+// DisableInlining adds a set of paths to exclude from partial evaluation inlining.
+func DisableInlining(paths []string) func(r *Rego) {
+ return func(r *Rego) {
+ r.disableInlining = paths
+ }
+}
+
+// NondeterministicBuiltins causes non-deterministic builtins to be evalued during
+// partial evaluation. This is needed to pull in external data, or validate a JWT,
+// during PE, so that the result informs what queries are returned.
+func NondeterministicBuiltins(yes bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.nondeterministicBuiltins = yes
+ }
+}
+
+// ShallowInlining prevents rules that depend on unknown values from being inlined.
+// Rules that only depend on known values are inlined.
+func ShallowInlining(yes bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.shallowInlining = yes
+ }
+}
+
+// SkipPartialNamespace disables namespacing of partial evalution results for support
+// rules generated from policy. Synthetic support rules are still namespaced.
+func SkipPartialNamespace(yes bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.skipPartialNamespace = yes
+ }
+}
+
+// PartialNamespace returns an argument that sets the namespace to use for
+// partial evaluation results. The namespace must be a valid package path
+// component.
+func PartialNamespace(ns string) func(r *Rego) {
+ return func(r *Rego) {
+ r.partialNamespace = ns
+ }
+}
+
+// Module returns an argument that adds a Rego module.
+func Module(filename, input string) func(r *Rego) {
+ return func(r *Rego) {
+ r.modules = append(r.modules, rawModule{
+ filename: filename,
+ module: input,
+ })
+ }
+}
+
+// ParsedModule returns an argument that adds a parsed Rego module. If a string
+// module with the same filename name is added, it will override the parsed
+// module.
+func ParsedModule(module *ast.Module) func(*Rego) {
+ return func(r *Rego) {
+ var filename string
+ if module.Package.Location != nil {
+ filename = module.Package.Location.File
+ } else {
+ filename = fmt.Sprintf("module_%p.rego", module)
+ }
+ r.parsedModules[filename] = module
+ }
+}
+
+// Load returns an argument that adds a filesystem path to load data
+// and Rego modules from. Any file with a *.rego, *.yaml, or *.json
+// extension will be loaded. The path can be either a directory or file,
+// directories are loaded recursively. The optional ignore string patterns
+// can be used to filter which files are used.
+// The Load option can only be used once.
+// Note: Loading files will require a write transaction on the store.
+func Load(paths []string, filter loader.Filter) func(r *Rego) {
+ return func(r *Rego) {
+ r.loadPaths = loadPaths{paths, filter}
+ }
+}
+
+// LoadBundle returns an argument that adds a filesystem path to load
+// a bundle from. The path can be a compressed bundle file or a directory
+// to be loaded as a bundle.
+// Note: Loading bundles will require a write transaction on the store.
+func LoadBundle(path string) func(r *Rego) {
+ return func(r *Rego) {
+ r.bundlePaths = append(r.bundlePaths, path)
+ }
+}
+
+// ParsedBundle returns an argument that adds a bundle to be loaded.
+func ParsedBundle(name string, b *bundle.Bundle) func(r *Rego) {
+ return func(r *Rego) {
+ r.bundles[name] = b
+ }
+}
+
+// Compiler returns an argument that sets the Rego compiler.
+func Compiler(c *ast.Compiler) func(r *Rego) {
+ return func(r *Rego) {
+ r.compiler = c
+ }
+}
+
+// Store returns an argument that sets the policy engine's data storage layer.
+//
+// If using the Load, LoadBundle, or ParsedBundle options then a transaction
+// must also be provided via the Transaction() option. After loading files
+// or bundles the transaction should be aborted or committed.
+func Store(s storage.Store) func(r *Rego) {
+ return func(r *Rego) {
+ r.store = s
+ }
+}
+
+// StoreReadAST returns an argument that sets whether the store should eagerly convert data to AST values.
+//
+// Only applicable when no store has been set on the Rego object through the Store option.
+func StoreReadAST(enabled bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.ownStoreReadAst = enabled
+ }
+}
+
+// Transaction returns an argument that sets the transaction to use for storage
+// layer operations.
+//
+// Requires the store associated with the transaction to be provided via the
+// Store() option. If using Load(), LoadBundle(), or ParsedBundle() options
+// the transaction will likely require write params.
+func Transaction(txn storage.Transaction) func(r *Rego) {
+ return func(r *Rego) {
+ r.txn = txn
+ }
+}
+
+// Metrics returns an argument that sets the metrics collection.
+func Metrics(m metrics.Metrics) func(r *Rego) {
+ return func(r *Rego) {
+ r.metrics = m
+ }
+}
+
+// Instrument returns an argument that enables instrumentation for diagnosing
+// performance issues.
+func Instrument(yes bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.instrument = yes
+ }
+}
+
+// Trace returns an argument that enables tracing on r.
+func Trace(yes bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.trace = yes
+ }
+}
+
+// Tracer returns an argument that adds a query tracer to r.
+// Deprecated: Use QueryTracer instead.
+func Tracer(t topdown.Tracer) func(r *Rego) {
+ return func(r *Rego) {
+ if t != nil {
+ r.queryTracers = append(r.queryTracers, topdown.WrapLegacyTracer(t))
+ }
+ }
+}
+
+// QueryTracer returns an argument that adds a query tracer to r.
+func QueryTracer(t topdown.QueryTracer) func(r *Rego) {
+ return func(r *Rego) {
+ if t != nil {
+ r.queryTracers = append(r.queryTracers, t)
+ }
+ }
+}
+
+// Runtime returns an argument that sets the runtime data to provide to the
+// evaluation engine.
+func Runtime(term *ast.Term) func(r *Rego) {
+ return func(r *Rego) {
+ r.runtime = term
+ }
+}
+
+// Time sets the wall clock time to use during policy evaluation. Prepared queries
+// do not inherit this parameter. Use EvalTime to set the wall clock time when
+// executing a prepared query.
+func Time(x time.Time) func(r *Rego) {
+ return func(r *Rego) {
+ r.time = x
+ }
+}
+
+// Seed sets a reader that will seed randomization required by built-in functions.
+// If a seed is not provided crypto/rand.Reader is used.
+func Seed(r io.Reader) func(*Rego) {
+ return func(e *Rego) {
+ e.seed = r
+ }
+}
+
+// PrintTrace is a helper function to write a human-readable version of the
+// trace to the writer w.
+func PrintTrace(w io.Writer, r *Rego) {
+ if r == nil || r.tracebuf == nil {
+ return
+ }
+ topdown.PrettyTrace(w, *r.tracebuf)
+}
+
+// PrintTraceWithLocation is a helper function to write a human-readable version of the
+// trace to the writer w.
+func PrintTraceWithLocation(w io.Writer, r *Rego) {
+ if r == nil || r.tracebuf == nil {
+ return
+ }
+ topdown.PrettyTraceWithLocation(w, *r.tracebuf)
+}
+
+// UnsafeBuiltins sets the built-in functions to treat as unsafe and not allow.
+// This option is ignored for module compilation if the caller supplies the
+// compiler. This option is always honored for query compilation. Provide an
+// empty (non-nil) map to disable checks on queries.
+func UnsafeBuiltins(unsafeBuiltins map[string]struct{}) func(r *Rego) {
+ return func(r *Rego) {
+ r.unsafeBuiltins = unsafeBuiltins
+ }
+}
+
+// SkipBundleVerification skips verification of a signed bundle.
+func SkipBundleVerification(yes bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.skipBundleVerification = yes
+ }
+}
+
+// InterQueryBuiltinCache sets the inter-query cache that built-in functions can utilize
+// during evaluation.
+func InterQueryBuiltinCache(c cache.InterQueryCache) func(r *Rego) {
+ return func(r *Rego) {
+ r.interQueryBuiltinCache = c
+ }
+}
+
+// InterQueryBuiltinValueCache sets the inter-query value cache that built-in functions can utilize
+// during evaluation.
+func InterQueryBuiltinValueCache(c cache.InterQueryValueCache) func(r *Rego) {
+ return func(r *Rego) {
+ r.interQueryBuiltinValueCache = c
+ }
+}
+
+// NDBuiltinCache sets the non-deterministic builtins cache.
+func NDBuiltinCache(c builtins.NDBCache) func(r *Rego) {
+ return func(r *Rego) {
+ r.ndBuiltinCache = c
+ }
+}
+
+// StrictBuiltinErrors tells the evaluator to treat all built-in function errors as fatal errors.
+func StrictBuiltinErrors(yes bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.strictBuiltinErrors = yes
+ }
+}
+
+// BuiltinErrorList supplies an error slice to store built-in function errors.
+func BuiltinErrorList(list *[]topdown.Error) func(r *Rego) {
+ return func(r *Rego) {
+ r.builtinErrorList = list
+ }
+}
+
+// Resolver sets a Resolver for a specified ref path.
+func Resolver(ref ast.Ref, r resolver.Resolver) func(r *Rego) {
+ return func(rego *Rego) {
+ rego.resolvers = append(rego.resolvers, refResolver{ref, r})
+ }
+}
+
+// Schemas sets the schemaSet
+func Schemas(x *ast.SchemaSet) func(r *Rego) {
+ return func(r *Rego) {
+ r.schemaSet = x
+ }
+}
+
+// Capabilities configures the underlying compiler's capabilities.
+// This option is ignored for module compilation if the caller supplies the
+// compiler.
+func Capabilities(c *ast.Capabilities) func(r *Rego) {
+ return func(r *Rego) {
+ r.capabilities = c
+ }
+}
+
+// Target sets the runtime to exercise.
+func Target(t string) func(r *Rego) {
+ return func(r *Rego) {
+ r.target = t
+ }
+}
+
+// GenerateJSON sets the AST to JSON converter for the results.
+func GenerateJSON(f func(*ast.Term, *EvalContext) (any, error)) func(r *Rego) {
+ return func(r *Rego) {
+ r.generateJSON = f
+ }
+}
+
+// PrintHook sets the object to use for handling print statement outputs.
+func PrintHook(h print.Hook) func(r *Rego) {
+ return func(r *Rego) {
+ r.printHook = h
+ }
+}
+
+// DistributedTracingOpts sets the options to be used by distributed tracing.
+func DistributedTracingOpts(tr tracing.Options) func(r *Rego) {
+ return func(r *Rego) {
+ r.distributedTacingOpts = tr
+ }
+}
+
+// EnablePrintStatements enables print() calls. If this option is not provided,
+// print() calls will be erased from the policy. This option only applies to
+// queries and policies that passed as raw strings, i.e., this function will not
+// have any affect if the caller supplies the ast.Compiler instance.
+func EnablePrintStatements(yes bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.enablePrintStatements = yes
+ }
+}
+
+// Strict enables or disables strict-mode in the compiler
+func Strict(yes bool) func(r *Rego) {
+ return func(r *Rego) {
+ r.strict = yes
+ }
+}
+
+func SetRegoVersion(version ast.RegoVersion) func(r *Rego) {
+ return func(r *Rego) {
+ r.regoVersion = version
+ }
+}
+
+// New returns a new Rego object.
+func New(options ...func(r *Rego)) *Rego {
+
+ r := &Rego{
+ parsedModules: map[string]*ast.Module{},
+ capture: map[*ast.Expr]ast.Var{},
+ compiledQueries: map[queryType]compiledQuery{},
+ builtinDecls: map[string]*ast.Builtin{},
+ builtinFuncs: map[string]*topdown.Builtin{},
+ bundles: map[string]*bundle.Bundle{},
+ }
+
+ for _, option := range options {
+ option(r)
+ }
+
+ if r.compiler == nil {
+ r.compiler = ast.NewCompiler().
+ WithUnsafeBuiltins(r.unsafeBuiltins).
+ WithBuiltins(r.builtinDecls).
+ WithDebug(r.dump).
+ WithSchemas(r.schemaSet).
+ WithCapabilities(r.capabilities).
+ WithEnablePrintStatements(r.enablePrintStatements).
+ WithStrict(r.strict).
+ WithUseTypeCheckAnnotations(true)
+
+ // topdown could be target "" or "rego", but both could be overridden by
+ // a target plugin (checked below)
+ if r.target == targetWasm {
+ r.compiler = r.compiler.WithEvalMode(ast.EvalModeIR)
+ }
+
+ if r.regoVersion != ast.RegoUndefined {
+ r.compiler = r.compiler.WithDefaultRegoVersion(r.regoVersion)
+ }
+ }
+
+ if r.store == nil {
+ r.store = inmem.NewWithOpts(inmem.OptReturnASTValuesOnRead(r.ownStoreReadAst))
+ r.ownStore = true
+ } else {
+ r.ownStore = false
+ }
+
+ if r.metrics == nil {
+ r.metrics = metrics.New()
+ }
+
+ if r.instrument {
+ r.instrumentation = topdown.NewInstrumentation(r.metrics)
+ r.compiler.WithMetrics(r.metrics)
+ }
+
+ if r.trace {
+ r.tracebuf = topdown.NewBufferTracer()
+ r.queryTracers = append(r.queryTracers, r.tracebuf)
+ }
+
+ if r.partialNamespace == "" {
+ r.partialNamespace = defaultPartialNamespace
+ }
+
+ if r.generateJSON == nil {
+ r.generateJSON = generateJSON
+ }
+
+ if r.pluginMgr != nil {
+ for _, name := range r.pluginMgr.Plugins() {
+ p := r.pluginMgr.Plugin(name)
+ if p0, ok := p.(TargetPlugin); ok {
+ r.plugins = append(r.plugins, p0)
+ }
+ }
+ }
+
+ if t := r.targetPlugin(r.target); t != nil {
+ r.compiler = r.compiler.WithEvalMode(ast.EvalModeIR)
+ }
+
+ return r
+}
+
+// Eval evaluates this Rego object and returns a ResultSet.
+func (r *Rego) Eval(ctx context.Context) (ResultSet, error) {
+ var err error
+ var txnClose transactionCloser
+ r.txn, txnClose, err = r.getTxn(ctx)
+ if err != nil {
+ return nil, err
+ }
+
+ pq, err := r.PrepareForEval(ctx)
+ if err != nil {
+ _ = txnClose(ctx, err) // Ignore error
+ return nil, err
+ }
+
+ evalArgs := []EvalOption{
+ EvalTransaction(r.txn),
+ EvalMetrics(r.metrics),
+ EvalInstrument(r.instrument),
+ EvalTime(r.time),
+ EvalInterQueryBuiltinCache(r.interQueryBuiltinCache),
+ EvalInterQueryBuiltinValueCache(r.interQueryBuiltinValueCache),
+ EvalSeed(r.seed),
+ }
+
+ if r.ndBuiltinCache != nil {
+ evalArgs = append(evalArgs, EvalNDBuiltinCache(r.ndBuiltinCache))
+ }
+
+ for _, qt := range r.queryTracers {
+ evalArgs = append(evalArgs, EvalQueryTracer(qt))
+ }
+
+ for i := range r.resolvers {
+ evalArgs = append(evalArgs, EvalResolver(r.resolvers[i].ref, r.resolvers[i].r))
+ }
+
+ rs, err := pq.Eval(ctx, evalArgs...)
+ txnErr := txnClose(ctx, err) // Always call closer
+ if err == nil {
+ err = txnErr
+ }
+ return rs, err
+}
+
+// PartialEval has been deprecated and renamed to PartialResult.
+func (r *Rego) PartialEval(ctx context.Context) (PartialResult, error) {
+ return r.PartialResult(ctx)
+}
+
+// PartialResult partially evaluates this Rego object and returns a PartialResult.
+func (r *Rego) PartialResult(ctx context.Context) (PartialResult, error) {
+ var err error
+ var txnClose transactionCloser
+ r.txn, txnClose, err = r.getTxn(ctx)
+ if err != nil {
+ return PartialResult{}, err
+ }
+
+ pq, err := r.PrepareForEval(ctx, WithPartialEval())
+ txnErr := txnClose(ctx, err) // Always call closer
+ if err != nil {
+ return PartialResult{}, err
+ }
+ if txnErr != nil {
+ return PartialResult{}, txnErr
+ }
+
+ pr := PartialResult{
+ compiler: pq.r.compiler,
+ store: pq.r.store,
+ body: pq.r.parsedQuery,
+ builtinDecls: pq.r.builtinDecls,
+ builtinFuncs: pq.r.builtinFuncs,
+ }
+
+ return pr, nil
+}
+
+// Partial runs partial evaluation on r and returns the result.
+func (r *Rego) Partial(ctx context.Context) (*PartialQueries, error) {
+ var err error
+ var txnClose transactionCloser
+ r.txn, txnClose, err = r.getTxn(ctx)
+ if err != nil {
+ return nil, err
+ }
+
+ pq, err := r.PrepareForPartial(ctx)
+ if err != nil {
+ _ = txnClose(ctx, err) // Ignore error
+ return nil, err
+ }
+
+ evalArgs := []EvalOption{
+ EvalTransaction(r.txn),
+ EvalMetrics(r.metrics),
+ EvalInstrument(r.instrument),
+ EvalInterQueryBuiltinCache(r.interQueryBuiltinCache),
+ EvalInterQueryBuiltinValueCache(r.interQueryBuiltinValueCache),
+ }
+
+ if r.ndBuiltinCache != nil {
+ evalArgs = append(evalArgs, EvalNDBuiltinCache(r.ndBuiltinCache))
+ }
+
+ for _, t := range r.queryTracers {
+ evalArgs = append(evalArgs, EvalQueryTracer(t))
+ }
+
+ for i := range r.resolvers {
+ evalArgs = append(evalArgs, EvalResolver(r.resolvers[i].ref, r.resolvers[i].r))
+ }
+
+ pqs, err := pq.Partial(ctx, evalArgs...)
+ txnErr := txnClose(ctx, err) // Always call closer
+ if err == nil {
+ err = txnErr
+ }
+ return pqs, err
+}
+
+// CompileOption defines a function to set options on Compile calls.
+type CompileOption func(*CompileContext)
+
+// CompileContext contains options for Compile calls.
+type CompileContext struct {
+ partial bool
+}
+
+// CompilePartial defines an option to control whether partial evaluation is run
+// before the query is planned and compiled.
+func CompilePartial(yes bool) CompileOption {
+ return func(cfg *CompileContext) {
+ cfg.partial = yes
+ }
+}
+
+// Compile returns a compiled policy query.
+func (r *Rego) Compile(ctx context.Context, opts ...CompileOption) (*CompileResult, error) {
+
+ var cfg CompileContext
+
+ for _, opt := range opts {
+ opt(&cfg)
+ }
+
+ var queries []ast.Body
+ modules := make([]*ast.Module, 0, len(r.compiler.Modules))
+
+ if cfg.partial {
+
+ pq, err := r.Partial(ctx)
+ if err != nil {
+ return nil, err
+ }
+ if r.dump != nil {
+ if len(pq.Queries) != 0 {
+ msg := fmt.Sprintf("QUERIES (%d total):", len(pq.Queries))
+ fmt.Fprintln(r.dump, msg)
+ fmt.Fprintln(r.dump, strings.Repeat("-", len(msg)))
+ for i := range pq.Queries {
+ fmt.Println(pq.Queries[i])
+ }
+ fmt.Fprintln(r.dump)
+ }
+ if len(pq.Support) != 0 {
+ msg := fmt.Sprintf("SUPPORT (%d total):", len(pq.Support))
+ fmt.Fprintln(r.dump, msg)
+ fmt.Fprintln(r.dump, strings.Repeat("-", len(msg)))
+ for i := range pq.Support {
+ fmt.Println(pq.Support[i])
+ }
+ fmt.Fprintln(r.dump)
+ }
+ }
+
+ queries = pq.Queries
+ modules = pq.Support
+
+ for _, module := range r.compiler.Modules {
+ modules = append(modules, module)
+ }
+ } else {
+ var err error
+ // If creating a new transaction it should be closed before calling the
+ // planner to avoid holding open the transaction longer than needed.
+ //
+ // TODO(tsandall): in future, planner could make use of store, in which
+ // case this will need to change.
+ var txnClose transactionCloser
+ r.txn, txnClose, err = r.getTxn(ctx)
+ if err != nil {
+ return nil, err
+ }
+
+ err = r.prepare(ctx, compileQueryType, nil)
+ txnErr := txnClose(ctx, err) // Always call closer
+ if err != nil {
+ return nil, err
+ }
+ if txnErr != nil {
+ return nil, err
+ }
+
+ for _, module := range r.compiler.Modules {
+ modules = append(modules, module)
+ }
+
+ queries = []ast.Body{r.compiledQueries[compileQueryType].query}
+ }
+
+ if tgt := r.targetPlugin(r.target); tgt != nil {
+ return nil, errors.New("unsupported for rego target plugins")
+ }
+
+ return r.compileWasm(modules, queries, compileQueryType) // TODO(sr) control flow is funky here
+}
+
+func (r *Rego) compileWasm(_ []*ast.Module, queries []ast.Body, qType queryType) (*CompileResult, error) {
+ policy, err := r.planQuery(queries, qType)
+ if err != nil {
+ return nil, err
+ }
+
+ m, err := wasm.New().WithPolicy(policy).Compile()
+ if err != nil {
+ return nil, err
+ }
+
+ var out bytes.Buffer
+ if err := encoding.WriteModule(&out, m); err != nil {
+ return nil, err
+ }
+
+ return &CompileResult{
+ Bytes: out.Bytes(),
+ }, nil
+}
+
+// PrepareOption defines a function to set an option to control
+// the behavior of the Prepare call.
+type PrepareOption func(*PrepareConfig)
+
+// PrepareConfig holds settings to control the behavior of the
+// Prepare call.
+type PrepareConfig struct {
+ doPartialEval bool
+ disableInlining *[]string
+ builtinFuncs map[string]*topdown.Builtin
+}
+
+// WithPartialEval configures an option for PrepareForEval
+// which will have it perform partial evaluation while preparing
+// the query (similar to rego.Rego#PartialResult)
+func WithPartialEval() PrepareOption {
+ return func(p *PrepareConfig) {
+ p.doPartialEval = true
+ }
+}
+
+// WithNoInline adds a set of paths to exclude from partial evaluation inlining.
+func WithNoInline(paths []string) PrepareOption {
+ return func(p *PrepareConfig) {
+ p.disableInlining = &paths
+ }
+}
+
+// WithBuiltinFuncs carries the rego.Function{1,2,3} per-query function definitions
+// to the target plugins.
+func WithBuiltinFuncs(bis map[string]*topdown.Builtin) PrepareOption {
+ return func(p *PrepareConfig) {
+ if p.builtinFuncs == nil {
+ p.builtinFuncs = maps.Clone(bis)
+ } else {
+ maps.Copy(p.builtinFuncs, bis)
+ }
+ }
+}
+
+// BuiltinFuncs allows retrieving the builtin funcs set via PrepareOption
+// WithBuiltinFuncs.
+func (p *PrepareConfig) BuiltinFuncs() map[string]*topdown.Builtin {
+ return p.builtinFuncs
+}
+
+// PrepareForEval will parse inputs, modules, and query arguments in preparation
+// of evaluating them.
+func (r *Rego) PrepareForEval(ctx context.Context, opts ...PrepareOption) (PreparedEvalQuery, error) {
+ if !r.hasQuery() {
+ return PreparedEvalQuery{}, errors.New("cannot evaluate empty query")
+ }
+
+ pCfg := &PrepareConfig{}
+ for _, o := range opts {
+ o(pCfg)
+ }
+
+ var err error
+ var txnClose transactionCloser
+ r.txn, txnClose, err = r.getTxn(ctx)
+ if err != nil {
+ return PreparedEvalQuery{}, err
+ }
+
+ // If the caller wanted to do partial evaluation as part of preparation
+ // do it now and use the new Rego object.
+ if pCfg.doPartialEval {
+
+ pr, err := r.partialResult(ctx, pCfg)
+ if err != nil {
+ _ = txnClose(ctx, err) // Ignore error
+ return PreparedEvalQuery{}, err
+ }
+
+ // Prepare the new query using the result of partial evaluation
+ pq, err := pr.Rego(Transaction(r.txn)).PrepareForEval(ctx)
+ txnErr := txnClose(ctx, err)
+ if err != nil {
+ return pq, err
+ }
+ return pq, txnErr
+ }
+
+ err = r.prepare(ctx, evalQueryType, []extraStage{
+ {
+ after: "ResolveRefs",
+ stage: ast.QueryCompilerStageDefinition{
+ Name: "RewriteToCaptureValue",
+ MetricName: "query_compile_stage_rewrite_to_capture_value",
+ Stage: r.rewriteQueryToCaptureValue,
+ },
+ },
+ })
+ if err != nil {
+ _ = txnClose(ctx, err) // Ignore error
+ return PreparedEvalQuery{}, err
+ }
+
+ switch r.target {
+ case targetWasm: // TODO(sr): make wasm a target plugin, too
+
+ if r.hasWasmModule() {
+ _ = txnClose(ctx, err) // Ignore error
+ return PreparedEvalQuery{}, errors.New("wasm target not supported")
+ }
+
+ var modules []*ast.Module
+ for _, module := range r.compiler.Modules {
+ modules = append(modules, module)
+ }
+
+ queries := []ast.Body{r.compiledQueries[evalQueryType].query}
+
+ e, err := opa.LookupEngine(targetWasm)
+ if err != nil {
+ return PreparedEvalQuery{}, err
+ }
+
+ // nolint: staticcheck // SA4006 false positive
+ cr, err := r.compileWasm(modules, queries, evalQueryType)
+ if err != nil {
+ _ = txnClose(ctx, err) // Ignore error
+ return PreparedEvalQuery{}, err
+ }
+
+ // nolint: staticcheck // SA4006 false positive
+ data, err := r.store.Read(ctx, r.txn, storage.Path{})
+ if err != nil {
+ _ = txnClose(ctx, err) // Ignore error
+ return PreparedEvalQuery{}, err
+ }
+
+ o, err := e.New().WithPolicyBytes(cr.Bytes).WithDataJSON(data).Init()
+ if err != nil {
+ _ = txnClose(ctx, err) // Ignore error
+ return PreparedEvalQuery{}, err
+ }
+ r.opa = o
+
+ case targetRego: // do nothing, don't lookup default plugin
+ default: // either a specific plugin target, or one that is default
+ if tgt := r.targetPlugin(r.target); tgt != nil {
+ queries := []ast.Body{r.compiledQueries[evalQueryType].query}
+ pol, err := r.planQuery(queries, evalQueryType)
+ if err != nil {
+ return PreparedEvalQuery{}, err
+ }
+ // always add the builtins provided via rego.FunctionN options
+ opts = append(opts, WithBuiltinFuncs(r.builtinFuncs))
+ r.targetPrepState, err = tgt.PrepareForEval(ctx, pol, opts...)
+ if err != nil {
+ return PreparedEvalQuery{}, err
+ }
+ }
+ }
+
+ txnErr := txnClose(ctx, err) // Always call closer
+ if txnErr != nil {
+ return PreparedEvalQuery{}, txnErr
+ }
+
+ return PreparedEvalQuery{preparedQuery{r, pCfg}}, err
+}
+
+// PrepareForPartial will parse inputs, modules, and query arguments in preparation
+// of partially evaluating them.
+func (r *Rego) PrepareForPartial(ctx context.Context, opts ...PrepareOption) (PreparedPartialQuery, error) {
+ if !r.hasQuery() {
+ return PreparedPartialQuery{}, errors.New("cannot evaluate empty query")
+ }
+
+ pCfg := &PrepareConfig{}
+ for _, o := range opts {
+ o(pCfg)
+ }
+
+ var err error
+ var txnClose transactionCloser
+ r.txn, txnClose, err = r.getTxn(ctx)
+ if err != nil {
+ return PreparedPartialQuery{}, err
+ }
+
+ err = r.prepare(ctx, partialQueryType, []extraStage{
+ {
+ after: "CheckSafety",
+ stage: ast.QueryCompilerStageDefinition{
+ Name: "RewriteEquals",
+ MetricName: "query_compile_stage_rewrite_equals",
+ Stage: r.rewriteEqualsForPartialQueryCompile,
+ },
+ },
+ })
+ txnErr := txnClose(ctx, err) // Always call closer
+ if err != nil {
+ return PreparedPartialQuery{}, err
+ }
+ if txnErr != nil {
+ return PreparedPartialQuery{}, txnErr
+ }
+
+ return PreparedPartialQuery{preparedQuery{r, pCfg}}, err
+}
+
+func (r *Rego) prepare(ctx context.Context, qType queryType, extras []extraStage) error {
+ var err error
+
+ r.parsedInput, err = r.parseInput()
+ if err != nil {
+ return err
+ }
+
+ err = r.loadFiles(ctx, r.txn, r.metrics)
+ if err != nil {
+ return err
+ }
+
+ err = r.loadBundles(ctx, r.txn, r.metrics)
+ if err != nil {
+ return err
+ }
+
+ err = r.parseModules(ctx, r.txn, r.metrics)
+ if err != nil {
+ return err
+ }
+
+ // Compile the modules *before* the query, else functions
+ // defined in the module won't be found...
+ err = r.compileModules(ctx, r.txn, r.metrics)
+ if err != nil {
+ return err
+ }
+
+ imports, err := r.prepareImports()
+ if err != nil {
+ return err
+ }
+
+ queryImports := []*ast.Import{}
+ for _, imp := range imports {
+ path := imp.Path.Value.(ast.Ref)
+ if path.HasPrefix([]*ast.Term{ast.FutureRootDocument}) || path.HasPrefix([]*ast.Term{ast.RegoRootDocument}) {
+ queryImports = append(queryImports, imp)
+ }
+ }
+
+ r.parsedQuery, err = r.parseQuery(queryImports, r.metrics)
+ if err != nil {
+ return err
+ }
+
+ err = r.compileAndCacheQuery(qType, r.parsedQuery, imports, r.metrics, extras)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (r *Rego) parseModules(ctx context.Context, txn storage.Transaction, m metrics.Metrics) error {
+ if len(r.modules) == 0 {
+ return nil
+ }
+
+ ids, err := r.store.ListPolicies(ctx, txn)
+ if err != nil {
+ return err
+ }
+
+ m.Timer(metrics.RegoModuleParse).Start()
+ defer m.Timer(metrics.RegoModuleParse).Stop()
+ var errs Errors
+
+ // Parse any modules that are saved to the store, but only if
+ // another compile step is going to occur (ie. we have parsed modules
+ // that need to be compiled).
+ for _, id := range ids {
+ // if it is already on the compiler we're using
+ // then don't bother to re-parse it from source
+ if _, haveMod := r.compiler.Modules[id]; haveMod {
+ continue
+ }
+
+ bs, err := r.store.GetPolicy(ctx, txn, id)
+ if err != nil {
+ return err
+ }
+
+ parsed, err := ast.ParseModuleWithOpts(id, string(bs), ast.ParserOptions{RegoVersion: r.regoVersion})
+ if err != nil {
+ errs = append(errs, err)
+ }
+
+ r.parsedModules[id] = parsed
+ }
+
+ // Parse any passed in as arguments to the Rego object
+ for _, module := range r.modules {
+ p, err := module.ParseWithOpts(ast.ParserOptions{RegoVersion: r.regoVersion})
+ if err != nil {
+ switch errorWithType := err.(type) {
+ case ast.Errors:
+ for _, e := range errorWithType {
+ errs = append(errs, e)
+ }
+ default:
+ errs = append(errs, errorWithType)
+ }
+ }
+ r.parsedModules[module.filename] = p
+ }
+
+ if len(errs) > 0 {
+ return errs
+ }
+
+ return nil
+}
+
+func (r *Rego) loadFiles(ctx context.Context, txn storage.Transaction, m metrics.Metrics) error {
+ if len(r.loadPaths.paths) == 0 {
+ return nil
+ }
+
+ m.Timer(metrics.RegoLoadFiles).Start()
+ defer m.Timer(metrics.RegoLoadFiles).Stop()
+
+ result, err := loader.NewFileLoader().
+ WithMetrics(m).
+ WithProcessAnnotation(true).
+ WithRegoVersion(r.regoVersion).
+ WithCapabilities(r.capabilities).
+ Filtered(r.loadPaths.paths, r.loadPaths.filter)
+ if err != nil {
+ return err
+ }
+ for name, mod := range result.Modules {
+ r.parsedModules[name] = mod.Parsed
+ }
+
+ if len(result.Documents) > 0 {
+ err = r.store.Write(ctx, txn, storage.AddOp, storage.Path{}, result.Documents)
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func (r *Rego) loadBundles(_ context.Context, _ storage.Transaction, m metrics.Metrics) error {
+ if len(r.bundlePaths) == 0 {
+ return nil
+ }
+
+ m.Timer(metrics.RegoLoadBundles).Start()
+ defer m.Timer(metrics.RegoLoadBundles).Stop()
+
+ for _, path := range r.bundlePaths {
+ bndl, err := loader.NewFileLoader().
+ WithMetrics(m).
+ WithProcessAnnotation(true).
+ WithSkipBundleVerification(r.skipBundleVerification).
+ WithRegoVersion(r.regoVersion).
+ WithCapabilities(r.capabilities).
+ AsBundle(path)
+ if err != nil {
+ return fmt.Errorf("loading error: %s", err)
+ }
+ r.bundles[path] = bndl
+ }
+ return nil
+}
+
+func (r *Rego) parseInput() (ast.Value, error) {
+ if r.parsedInput != nil {
+ return r.parsedInput, nil
+ }
+ return r.parseRawInput(r.rawInput, r.metrics)
+}
+
+func (*Rego) parseRawInput(rawInput *any, m metrics.Metrics) (ast.Value, error) {
+ var input ast.Value
+
+ if rawInput == nil {
+ return input, nil
+ }
+
+ m.Timer(metrics.RegoInputParse).Start()
+ defer m.Timer(metrics.RegoInputParse).Stop()
+
+ rawPtr := util.Reference(rawInput)
+
+ // roundtrip through json: this turns slices (e.g. []string, []bool) into
+ // []any, the only array type ast.InterfaceToValue can work with
+ if err := util.RoundTrip(rawPtr); err != nil {
+ return nil, err
+ }
+
+ return ast.InterfaceToValue(*rawPtr)
+}
+
+func (r *Rego) parseQuery(queryImports []*ast.Import, m metrics.Metrics) (ast.Body, error) {
+ if r.parsedQuery != nil {
+ return r.parsedQuery, nil
+ }
+
+ m.Timer(metrics.RegoQueryParse).Start()
+ defer m.Timer(metrics.RegoQueryParse).Stop()
+
+ popts, err := future.ParserOptionsFromFutureImports(queryImports)
+ if err != nil {
+ return nil, err
+ }
+ popts.RegoVersion = r.regoVersion
+ popts, err = parserOptionsFromRegoVersionImport(queryImports, popts)
+ if err != nil {
+ return nil, err
+ }
+ popts.SkipRules = true
+ return ast.ParseBodyWithOpts(r.query, popts)
+}
+
+func parserOptionsFromRegoVersionImport(imports []*ast.Import, popts ast.ParserOptions) (ast.ParserOptions, error) {
+ for _, imp := range imports {
+ path := imp.Path.Value.(ast.Ref)
+ if ast.Compare(path, ast.RegoV1CompatibleRef) == 0 {
+ popts.RegoVersion = ast.RegoV1
+ return popts, nil
+ }
+ }
+ return popts, nil
+}
+
+func (r *Rego) compileModules(ctx context.Context, txn storage.Transaction, m metrics.Metrics) error {
+
+ // Only compile again if there are new modules.
+ if len(r.bundles) > 0 || len(r.parsedModules) > 0 {
+
+ // The bundle.Activate call will activate any bundles passed in
+ // (ie compile + handle data store changes), and include any of
+ // the additional modules passed in. If no bundles are provided
+ // it will only compile the passed in modules.
+ // Use this as the single-point of compiling everything only a
+ // single time.
+ opts := &bundle.ActivateOpts{
+ Ctx: ctx,
+ Store: r.store,
+ Txn: txn,
+ Compiler: r.compilerForTxn(ctx, r.store, txn),
+ Metrics: m,
+ Bundles: r.bundles,
+ ExtraModules: r.parsedModules,
+ ParserOptions: ast.ParserOptions{RegoVersion: r.regoVersion},
+ }
+ err := bundle.Activate(opts)
+ if err != nil {
+ return err
+ }
+ }
+
+ // Ensure all configured resolvers from the store are loaded. Skip if any were explicitly provided.
+ if len(r.resolvers) == 0 {
+ resolvers, err := bundleUtils.LoadWasmResolversFromStore(ctx, r.store, txn, r.bundles)
+ if err != nil {
+ return err
+ }
+
+ for _, rslvr := range resolvers {
+ for _, ep := range rslvr.Entrypoints() {
+ r.resolvers = append(r.resolvers, refResolver{ep, rslvr})
+ }
+ }
+ }
+ return nil
+}
+
+func (r *Rego) compileAndCacheQuery(qType queryType, query ast.Body, imports []*ast.Import, m metrics.Metrics, extras []extraStage) error {
+ m.Timer(metrics.RegoQueryCompile).Start()
+ defer m.Timer(metrics.RegoQueryCompile).Stop()
+
+ cachedQuery, ok := r.compiledQueries[qType]
+ if ok && cachedQuery.query != nil && cachedQuery.compiler != nil {
+ return nil
+ }
+
+ qc, compiled, err := r.compileQuery(query, imports, m, extras)
+ if err != nil {
+ return err
+ }
+
+ // cache the query for future use
+ r.compiledQueries[qType] = compiledQuery{
+ query: compiled,
+ compiler: qc,
+ }
+ return nil
+}
+
+func (r *Rego) prepareImports() ([]*ast.Import, error) {
+ imports := r.parsedImports
+
+ if len(r.imports) > 0 {
+ s := make([]string, len(r.imports))
+ for i := range r.imports {
+ s[i] = fmt.Sprintf("import %v", r.imports[i])
+ }
+ parsed, err := ast.ParseImports(strings.Join(s, "\n"))
+ if err != nil {
+ return nil, err
+ }
+ imports = append(imports, parsed...)
+ }
+ return imports, nil
+}
+
+func (r *Rego) compileQuery(query ast.Body, imports []*ast.Import, _ metrics.Metrics, extras []extraStage) (ast.QueryCompiler, ast.Body, error) {
+ var pkg *ast.Package
+
+ if r.pkg != "" {
+ var err error
+ pkg, err = ast.ParsePackage(fmt.Sprintf("package %v", r.pkg))
+ if err != nil {
+ return nil, nil, err
+ }
+ } else {
+ pkg = r.parsedPackage
+ }
+
+ qctx := ast.NewQueryContext().
+ WithPackage(pkg).
+ WithImports(imports)
+
+ qc := r.compiler.QueryCompiler().
+ WithContext(qctx).
+ WithUnsafeBuiltins(r.unsafeBuiltins).
+ WithEnablePrintStatements(r.enablePrintStatements).
+ WithStrict(false)
+
+ for _, extra := range extras {
+ qc = qc.WithStageAfter(extra.after, extra.stage)
+ }
+
+ compiled, err := qc.Compile(query)
+
+ return qc, compiled, err
+
+}
+
+func (r *Rego) eval(ctx context.Context, ectx *EvalContext) (ResultSet, error) {
+ switch {
+ case r.targetPrepState != nil: // target plugin flow
+ var val ast.Value
+ if r.runtime != nil {
+ val = r.runtime.Value
+ }
+ s, err := r.targetPrepState.Eval(ctx, ectx, val)
+ if err != nil {
+ return nil, err
+ }
+ return r.valueToQueryResult(s, ectx)
+ case r.target == targetWasm:
+ return r.evalWasm(ctx, ectx)
+ case r.target == targetRego: // continue
+ }
+
+ q := topdown.NewQuery(ectx.compiledQuery.query).
+ WithQueryCompiler(ectx.compiledQuery.compiler).
+ WithCompiler(r.compiler).
+ WithStore(r.store).
+ WithTransaction(ectx.txn).
+ WithBuiltins(r.builtinFuncs).
+ WithMetrics(ectx.metrics).
+ WithInstrumentation(ectx.instrumentation).
+ WithRuntime(r.runtime).
+ WithIndexing(ectx.indexing).
+ WithEarlyExit(ectx.earlyExit).
+ WithInterQueryBuiltinCache(ectx.interQueryBuiltinCache).
+ WithInterQueryBuiltinValueCache(ectx.interQueryBuiltinValueCache).
+ WithStrictBuiltinErrors(r.strictBuiltinErrors).
+ WithBuiltinErrorList(r.builtinErrorList).
+ WithSeed(ectx.seed).
+ WithPrintHook(ectx.printHook).
+ WithDistributedTracingOpts(r.distributedTacingOpts).
+ WithVirtualCache(ectx.virtualCache).
+ WithBaseCache(ectx.baseCache)
+
+ if !ectx.time.IsZero() {
+ q = q.WithTime(ectx.time)
+ }
+
+ if ectx.ndBuiltinCache != nil {
+ q = q.WithNDBuiltinCache(ectx.ndBuiltinCache)
+ }
+
+ for i := range ectx.queryTracers {
+ q = q.WithQueryTracer(ectx.queryTracers[i])
+ }
+
+ if ectx.parsedInput != nil {
+ q = q.WithInput(ast.NewTerm(ectx.parsedInput))
+ }
+
+ if ectx.httpRoundTripper != nil {
+ q = q.WithHTTPRoundTripper(ectx.httpRoundTripper)
+ }
+
+ for i := range ectx.resolvers {
+ q = q.WithResolver(ectx.resolvers[i].ref, ectx.resolvers[i].r)
+ }
+
+ // Cancel query if context is cancelled or deadline is reached.
+ c := topdown.NewCancel()
+ q = q.WithCancel(c)
+ exit := make(chan struct{})
+ defer close(exit)
+ go waitForDone(ctx, exit, func() {
+ c.Cancel()
+ })
+
+ var rs ResultSet
+ err := q.Iter(ctx, func(qr topdown.QueryResult) error {
+ result, err := r.generateResult(qr, ectx)
+ if err != nil {
+ return err
+ }
+ rs = append(rs, result)
+ return nil
+ })
+
+ if err != nil {
+ return nil, err
+ }
+
+ if len(rs) == 0 {
+ return nil, nil
+ }
+
+ return rs, nil
+}
+
+func (r *Rego) evalWasm(ctx context.Context, ectx *EvalContext) (ResultSet, error) {
+ input := ectx.rawInput
+ if ectx.parsedInput != nil {
+ i := any(ectx.parsedInput)
+ input = &i
+ }
+ result, err := r.opa.Eval(ctx, opa.EvalOpts{
+ Metrics: r.metrics,
+ Input: input,
+ Time: ectx.time,
+ Seed: ectx.seed,
+ InterQueryBuiltinCache: ectx.interQueryBuiltinCache,
+ NDBuiltinCache: ectx.ndBuiltinCache,
+ PrintHook: ectx.printHook,
+ Capabilities: ectx.capabilities,
+ })
+ if err != nil {
+ return nil, err
+ }
+
+ parsed, err := ast.ParseTerm(string(result.Result))
+ if err != nil {
+ return nil, err
+ }
+
+ return r.valueToQueryResult(parsed.Value, ectx)
+}
+
+func (r *Rego) valueToQueryResult(res ast.Value, ectx *EvalContext) (ResultSet, error) {
+ resultSet, ok := res.(ast.Set)
+ if !ok {
+ return nil, errors.New("illegal result type")
+ }
+
+ if resultSet.Len() == 0 {
+ return nil, nil
+ }
+
+ var rs ResultSet
+ err := resultSet.Iter(func(term *ast.Term) error {
+ obj, ok := term.Value.(ast.Object)
+ if !ok {
+ return errors.New("illegal result type")
+ }
+ qr := topdown.QueryResult{}
+ obj.Foreach(func(k, v *ast.Term) {
+ kvt := ast.VarTerm(string(k.Value.(ast.String)))
+ qr[kvt.Value.(ast.Var)] = v
+ })
+ result, err := r.generateResult(qr, ectx)
+ if err != nil {
+ return err
+ }
+ rs = append(rs, result)
+ return nil
+ })
+
+ return rs, err
+}
+
+func (r *Rego) generateResult(qr topdown.QueryResult, ectx *EvalContext) (Result, error) {
+
+ rewritten := ectx.compiledQuery.compiler.RewrittenVars()
+
+ result := newResult()
+ for k, term := range qr {
+ if rw, ok := rewritten[k]; ok {
+ k = rw
+ }
+ if isTermVar(k) || isTermWasmVar(k) || k.IsGenerated() || k.IsWildcard() {
+ continue
+ }
+
+ v, err := r.generateJSON(term, ectx)
+ if err != nil {
+ return result, err
+ }
+
+ result.Bindings[string(k)] = v
+ }
+
+ for _, expr := range ectx.compiledQuery.query {
+ if expr.Generated {
+ continue
+ }
+
+ if k, ok := r.capture[expr]; ok {
+ v, err := r.generateJSON(qr[k], ectx)
+ if err != nil {
+ return result, err
+ }
+ result.Expressions = append(result.Expressions, newExpressionValue(expr, v))
+ } else {
+ result.Expressions = append(result.Expressions, newExpressionValue(expr, true))
+ }
+
+ }
+ return result, nil
+}
+
+func (r *Rego) partialResult(ctx context.Context, pCfg *PrepareConfig) (PartialResult, error) {
+
+ err := r.prepare(ctx, partialResultQueryType, []extraStage{
+ {
+ after: "ResolveRefs",
+ stage: ast.QueryCompilerStageDefinition{
+ Name: "RewriteForPartialEval",
+ MetricName: "query_compile_stage_rewrite_for_partial_eval",
+ Stage: r.rewriteQueryForPartialEval,
+ },
+ },
+ })
+ if err != nil {
+ return PartialResult{}, err
+ }
+
+ ectx := &EvalContext{
+ parsedInput: r.parsedInput,
+ metrics: r.metrics,
+ txn: r.txn,
+ partialNamespace: r.partialNamespace,
+ queryTracers: r.queryTracers,
+ compiledQuery: r.compiledQueries[partialResultQueryType],
+ instrumentation: r.instrumentation,
+ indexing: true,
+ resolvers: r.resolvers,
+ capabilities: r.capabilities,
+ strictBuiltinErrors: r.strictBuiltinErrors,
+ nondeterministicBuiltins: r.nondeterministicBuiltins,
+ }
+
+ disableInlining := r.disableInlining
+
+ if pCfg.disableInlining != nil {
+ disableInlining = *pCfg.disableInlining
+ }
+
+ ectx.disableInlining, err = parseStringsToRefs(disableInlining)
+ if err != nil {
+ return PartialResult{}, err
+ }
+
+ pq, err := r.partial(ctx, ectx)
+ if err != nil {
+ return PartialResult{}, err
+ }
+
+ // Construct module for queries.
+ id := fmt.Sprintf("__partialresult__%s__", ectx.partialNamespace)
+
+ module, err := ast.ParseModuleWithOpts(id, "package "+ectx.partialNamespace,
+ ast.ParserOptions{RegoVersion: r.regoVersion})
+ if err != nil {
+ return PartialResult{}, errors.New("bad partial namespace")
+ }
+
+ module.Rules = make([]*ast.Rule, len(pq.Queries))
+ for i, body := range pq.Queries {
+ rule := &ast.Rule{
+ Head: ast.NewHead(ast.Var("__result__"), nil, ast.Wildcard),
+ Body: body,
+ Module: module,
+ }
+ module.Rules[i] = rule
+ if checkPartialResultForRecursiveRefs(body, rule.Path()) {
+ return PartialResult{}, Errors{errPartialEvaluationNotEffective}
+ }
+ }
+
+ // Update compiler with partial evaluation output.
+ r.compiler.Modules[id] = module
+ for i, module := range pq.Support {
+ r.compiler.Modules[fmt.Sprintf("__partialsupport__%s__%d__", ectx.partialNamespace, i)] = module
+ }
+
+ r.metrics.Timer(metrics.RegoModuleCompile).Start()
+ r.compilerForTxn(ctx, r.store, r.txn).Compile(r.compiler.Modules)
+ r.metrics.Timer(metrics.RegoModuleCompile).Stop()
+
+ if r.compiler.Failed() {
+ return PartialResult{}, r.compiler.Errors
+ }
+
+ result := PartialResult{
+ compiler: r.compiler,
+ store: r.store,
+ body: ast.MustParseBody(fmt.Sprintf("data.%v.__result__", ectx.partialNamespace)),
+ builtinDecls: r.builtinDecls,
+ builtinFuncs: r.builtinFuncs,
+ }
+
+ return result, nil
+}
+
+func (r *Rego) partial(ctx context.Context, ectx *EvalContext) (*PartialQueries, error) {
+
+ var unknowns []*ast.Term
+
+ switch {
+ case ectx.parsedUnknowns != nil:
+ unknowns = ectx.parsedUnknowns
+ case ectx.unknowns != nil:
+ unknowns = make([]*ast.Term, len(ectx.unknowns))
+ for i := range ectx.unknowns {
+ var err error
+ unknowns[i], err = ast.ParseTerm(ectx.unknowns[i])
+ if err != nil {
+ return nil, err
+ }
+ }
+ default:
+ // Use input document as unknown if caller has not specified any.
+ unknowns = []*ast.Term{ast.NewTerm(ast.InputRootRef)}
+ }
+
+ q := topdown.NewQuery(ectx.compiledQuery.query).
+ WithQueryCompiler(ectx.compiledQuery.compiler).
+ WithCompiler(r.compiler).
+ WithStore(r.store).
+ WithTransaction(ectx.txn).
+ WithBuiltins(r.builtinFuncs).
+ WithMetrics(ectx.metrics).
+ WithInstrumentation(ectx.instrumentation).
+ WithUnknowns(unknowns).
+ WithDisableInlining(ectx.disableInlining).
+ WithNondeterministicBuiltins(ectx.nondeterministicBuiltins).
+ WithRuntime(r.runtime).
+ WithIndexing(ectx.indexing).
+ WithEarlyExit(ectx.earlyExit).
+ WithPartialNamespace(ectx.partialNamespace).
+ WithSkipPartialNamespace(r.skipPartialNamespace).
+ WithShallowInlining(r.shallowInlining).
+ WithInterQueryBuiltinCache(ectx.interQueryBuiltinCache).
+ WithInterQueryBuiltinValueCache(ectx.interQueryBuiltinValueCache).
+ WithStrictBuiltinErrors(ectx.strictBuiltinErrors).
+ WithSeed(ectx.seed).
+ WithPrintHook(ectx.printHook)
+
+ if !ectx.time.IsZero() {
+ q = q.WithTime(ectx.time)
+ }
+
+ if ectx.ndBuiltinCache != nil {
+ q = q.WithNDBuiltinCache(ectx.ndBuiltinCache)
+ }
+
+ for i := range ectx.queryTracers {
+ q = q.WithQueryTracer(ectx.queryTracers[i])
+ }
+
+ if ectx.parsedInput != nil {
+ q = q.WithInput(ast.NewTerm(ectx.parsedInput))
+ }
+
+ for i := range ectx.resolvers {
+ q = q.WithResolver(ectx.resolvers[i].ref, ectx.resolvers[i].r)
+ }
+
+ // Cancel query if context is cancelled or deadline is reached.
+ c := topdown.NewCancel()
+ q = q.WithCancel(c)
+ exit := make(chan struct{})
+ defer close(exit)
+ go waitForDone(ctx, exit, func() {
+ c.Cancel()
+ })
+
+ queries, support, err := q.PartialRun(ctx)
+ if err != nil {
+ return nil, err
+ }
+
+ // If the target rego-version is v0, and the rego.v1 import is available, then we attempt to apply it to support modules.
+ if r.regoVersion == ast.RegoV0 &&
+ (r.capabilities == nil ||
+ r.capabilities.ContainsFeature(ast.FeatureRegoV1Import) ||
+ r.capabilities.ContainsFeature(ast.FeatureRegoV1)) {
+
+ for i, mod := range support {
+ // We can't apply the RegoV0CompatV1 version to the support module if it contains rules or vars that
+ // conflict with future keywords.
+ applyRegoVersion := true
+
+ ast.WalkRules(mod, func(r *ast.Rule) bool {
+ name := r.Head.Name
+ if name == "" && len(r.Head.Reference) > 0 {
+ name = r.Head.Reference[0].Value.(ast.Var)
+ }
+ if ast.IsFutureKeywordForRegoVersion(name.String(), ast.RegoV0) {
+ applyRegoVersion = false
+ return true
+ }
+ return false
+ })
+
+ if applyRegoVersion {
+ ast.WalkVars(mod, func(v ast.Var) bool {
+ if ast.IsFutureKeywordForRegoVersion(v.String(), ast.RegoV0) {
+ applyRegoVersion = false
+ return true
+ }
+ return false
+ })
+ }
+
+ if applyRegoVersion {
+ support[i].SetRegoVersion(ast.RegoV0CompatV1)
+ } else {
+ support[i].SetRegoVersion(r.regoVersion)
+ }
+ }
+ } else {
+ // If the target rego-version is not v0, then we apply the target rego-version to the support modules.
+ for i := range support {
+ support[i].SetRegoVersion(r.regoVersion)
+ }
+ }
+
+ pq := &PartialQueries{
+ Queries: queries,
+ Support: support,
+ }
+
+ return pq, nil
+}
+
+func (r *Rego) rewriteQueryToCaptureValue(_ ast.QueryCompiler, query ast.Body) (ast.Body, error) {
+
+ checkCapture := iteration(query) || len(query) > 1
+
+ for _, expr := range query {
+
+ if expr.Negated {
+ continue
+ }
+
+ if expr.IsAssignment() || expr.IsEquality() {
+ continue
+ }
+
+ var capture *ast.Term
+
+ // If the expression can be evaluated as a function, rewrite it to
+ // capture the return value. E.g., neq(1,2) becomes neq(1,2,x) but
+ // plus(1,2,x) does not get rewritten.
+ switch terms := expr.Terms.(type) {
+ case *ast.Term:
+ capture = r.generateTermVar()
+ expr.Terms = ast.Equality.Expr(terms, capture).Terms
+ r.capture[expr] = capture.Value.(ast.Var)
+ case []*ast.Term:
+ tpe := r.compiler.TypeEnv.Get(terms[0])
+ if !types.Void(tpe) && types.Arity(tpe) == len(terms)-1 {
+ capture = r.generateTermVar()
+ expr.Terms = append(terms, capture)
+ r.capture[expr] = capture.Value.(ast.Var)
+ }
+ }
+
+ if capture != nil && checkCapture {
+ cpy := expr.Copy()
+ cpy.Terms = capture
+ cpy.Generated = true
+ cpy.With = nil
+ query.Append(cpy)
+ }
+ }
+
+ return query, nil
+}
+
+func (*Rego) rewriteQueryForPartialEval(_ ast.QueryCompiler, query ast.Body) (ast.Body, error) {
+ if len(query) != 1 {
+ return nil, errors.New("partial evaluation requires single ref (not multiple expressions)")
+ }
+
+ term, ok := query[0].Terms.(*ast.Term)
+ if !ok {
+ return nil, errors.New("partial evaluation requires ref (not expression)")
+ }
+
+ ref, ok := term.Value.(ast.Ref)
+ if !ok {
+ return nil, fmt.Errorf("partial evaluation requires ref (not %v)", ast.ValueName(term.Value))
+ }
+
+ if !ref.IsGround() {
+ return nil, errors.New("partial evaluation requires ground ref")
+ }
+
+ return ast.NewBody(ast.Equality.Expr(ast.Wildcard, term)), nil
+}
+
+// rewriteEqualsForPartialQueryCompile will rewrite == to = in queries. Normally
+// this wouldn't be done, except for handling queries with the `Partial` API
+// where rewriting them can substantially simplify the result, and it is unlikely
+// that the caller would need expression values.
+func (*Rego) rewriteEqualsForPartialQueryCompile(_ ast.QueryCompiler, query ast.Body) (ast.Body, error) {
+ doubleEq := ast.Equal.Ref()
+ unifyOp := ast.Equality.Ref()
+ ast.WalkExprs(query, func(x *ast.Expr) bool {
+ if x.IsCall() {
+ operator := x.Operator()
+ if operator.Equal(doubleEq) && len(x.Operands()) == 2 {
+ x.SetOperator(ast.NewTerm(unifyOp))
+ }
+ }
+ return false
+ })
+ return query, nil
+}
+
+func (r *Rego) generateTermVar() *ast.Term {
+ r.termVarID++
+ prefix := ast.WildcardPrefix
+ if p := r.targetPlugin(r.target); p != nil {
+ prefix = wasmVarPrefix
+ } else if r.target == targetWasm {
+ prefix = wasmVarPrefix
+ }
+ return ast.VarTerm(fmt.Sprintf("%sterm%v", prefix, r.termVarID))
+}
+
+func (r Rego) hasQuery() bool {
+ return len(r.query) != 0 || len(r.parsedQuery) != 0
+}
+
+func (r Rego) hasWasmModule() bool {
+ for _, b := range r.bundles {
+ if len(b.WasmModules) > 0 {
+ return true
+ }
+ }
+ return false
+}
+
+type transactionCloser func(ctx context.Context, err error) error
+
+// getTxn will conditionally create a read or write transaction suitable for
+// the configured Rego object. The returned function should be used to close the txn
+// regardless of status.
+func (r *Rego) getTxn(ctx context.Context) (storage.Transaction, transactionCloser, error) {
+
+ noopCloser := func(_ context.Context, _ error) error {
+ return nil // no-op default
+ }
+
+ if r.txn != nil {
+ // Externally provided txn
+ return r.txn, noopCloser, nil
+ }
+
+ // Create a new transaction..
+ params := storage.TransactionParams{}
+
+ // Bundles and data paths may require writing data files or manifests to storage
+ if len(r.bundles) > 0 || len(r.bundlePaths) > 0 || len(r.loadPaths.paths) > 0 {
+
+ // If we were given a store we will *not* write to it, only do that on one
+ // which was created automatically on behalf of the user.
+ if !r.ownStore {
+ return nil, noopCloser, errors.New("unable to start write transaction when store was provided")
+ }
+
+ params.Write = true
+ }
+
+ txn, err := r.store.NewTransaction(ctx, params)
+ if err != nil {
+ return nil, noopCloser, err
+ }
+
+ // Setup a closer function that will abort or commit as needed.
+ closer := func(ctx context.Context, txnErr error) error {
+ var err error
+
+ if txnErr == nil && params.Write {
+ err = r.store.Commit(ctx, txn)
+ } else {
+ r.store.Abort(ctx, txn)
+ }
+
+ // Clear the auto created transaction now that it is closed.
+ r.txn = nil
+
+ return err
+ }
+
+ return txn, closer, nil
+}
+
+func (r *Rego) compilerForTxn(ctx context.Context, store storage.Store, txn storage.Transaction) *ast.Compiler {
+ // Update the compiler to have a valid path conflict check
+ // for the current context and transaction.
+ return r.compiler.WithPathConflictsCheck(storage.NonEmpty(ctx, store, txn))
+}
+
+func checkPartialResultForRecursiveRefs(body ast.Body, path ast.Ref) bool {
+ var stop bool
+ ast.WalkRefs(body, func(x ast.Ref) bool {
+ if !stop {
+ if path.HasPrefix(x) {
+ stop = true
+ }
+ }
+ return stop
+ })
+ return stop
+}
+
+func isTermVar(v ast.Var) bool {
+ return strings.HasPrefix(string(v), ast.WildcardPrefix+"term")
+}
+
+func isTermWasmVar(v ast.Var) bool {
+ return strings.HasPrefix(string(v), wasmVarPrefix+"term")
+}
+
+func waitForDone(ctx context.Context, exit chan struct{}, f func()) {
+ select {
+ case <-exit:
+ return
+ case <-ctx.Done():
+ f()
+ return
+ }
+}
+
+type rawModule struct {
+ filename string
+ module string
+}
+
+func (m rawModule) Parse() (*ast.Module, error) {
+ return ast.ParseModule(m.filename, m.module)
+}
+
+func (m rawModule) ParseWithOpts(opts ast.ParserOptions) (*ast.Module, error) {
+ return ast.ParseModuleWithOpts(m.filename, m.module, opts)
+}
+
+type extraStage struct {
+ after string
+ stage ast.QueryCompilerStageDefinition
+}
+
+type refResolver struct {
+ ref ast.Ref
+ r resolver.Resolver
+}
+
+func iteration(x any) bool {
+
+ var stopped bool
+
+ vis := ast.NewGenericVisitor(func(x any) bool {
+ switch x := x.(type) {
+ case *ast.Term:
+ if ast.IsComprehension(x.Value) {
+ return true
+ }
+ case ast.Ref:
+ if !stopped {
+ if bi := ast.BuiltinMap[x.String()]; bi != nil {
+ if bi.Relation {
+ stopped = true
+ return stopped
+ }
+ }
+ for i := 1; i < len(x); i++ {
+ if _, ok := x[i].Value.(ast.Var); ok {
+ stopped = true
+ return stopped
+ }
+ }
+ }
+ return stopped
+ }
+ return stopped
+ })
+
+ vis.Walk(x)
+
+ return stopped
+}
+
+func parseStringsToRefs(s []string) ([]ast.Ref, error) {
+ if len(s) == 0 {
+ return nil, nil
+ }
+
+ refs := make([]ast.Ref, len(s))
+ for i := range refs {
+ var err error
+ refs[i], err = ast.ParseRef(s[i])
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return refs, nil
+}
+
+// helper function to finish a built-in function call. If an error occurred,
+// wrap the error and return it. Otherwise, invoke the iterator if the result
+// was defined.
+func finishFunction(name string, bctx topdown.BuiltinContext, result *ast.Term, err error, iter func(*ast.Term) error) error {
+ if err != nil {
+ var e *HaltError
+ sb := strings.Builder{}
+ if errors.As(err, &e) {
+ sb.Grow(len(name) + len(e.Error()) + 2)
+ sb.WriteString(name)
+ sb.WriteString(": ")
+ sb.WriteString(e.Error())
+ tdErr := &topdown.Error{
+ Code: topdown.BuiltinErr,
+ Message: sb.String(),
+ Location: bctx.Location,
+ }
+ return topdown.Halt{Err: tdErr.Wrap(e)}
+ }
+ sb.Grow(len(name) + len(err.Error()) + 2)
+ sb.WriteString(name)
+ sb.WriteString(": ")
+ sb.WriteString(err.Error())
+ tdErr := &topdown.Error{
+ Code: topdown.BuiltinErr,
+ Message: sb.String(),
+ Location: bctx.Location,
+ }
+ return tdErr.Wrap(err)
+ }
+ if result == nil {
+ return nil
+ }
+ return iter(result)
+}
+
+// helper function to return an option that sets a custom built-in function.
+func newFunction(decl *Function, f topdown.BuiltinFunc) func(*Rego) {
+ return func(r *Rego) {
+ r.builtinDecls[decl.Name] = &ast.Builtin{
+ Name: decl.Name,
+ Decl: decl.Decl,
+ Nondeterministic: decl.Nondeterministic,
+ }
+ r.builtinFuncs[decl.Name] = &topdown.Builtin{
+ Decl: r.builtinDecls[decl.Name],
+ Func: f,
+ }
+ }
+}
+
+func generateJSON(term *ast.Term, ectx *EvalContext) (any, error) {
+ return ast.JSONWithOpt(term.Value,
+ ast.JSONOpt{
+ SortSets: ectx.sortSets,
+ CopyMaps: ectx.copyMaps,
+ })
+}
+
+func (r *Rego) planQuery(queries []ast.Body, evalQueryType queryType) (*ir.Policy, error) {
+ modules := make([]*ast.Module, 0, len(r.compiler.Modules))
+ for _, module := range r.compiler.Modules {
+ modules = append(modules, module)
+ }
+
+ decls := make(map[string]*ast.Builtin, len(r.builtinDecls)+len(ast.BuiltinMap))
+ maps.Copy(decls, ast.BuiltinMap)
+ maps.Copy(decls, r.builtinDecls)
+
+ const queryName = "eval" // NOTE(tsandall): the query name is arbitrary
+
+ p := planner.New().
+ WithQueries([]planner.QuerySet{
+ {
+ Name: queryName,
+ Queries: queries,
+ RewrittenVars: r.compiledQueries[evalQueryType].compiler.RewrittenVars(),
+ },
+ }).
+ WithModules(modules).
+ WithBuiltinDecls(decls).
+ WithDebug(r.dump)
+
+ policy, err := p.Plan()
+ if err != nil {
+ return nil, err
+ }
+ if r.dump != nil {
+ fmt.Fprintln(r.dump, "PLAN:")
+ fmt.Fprintln(r.dump, "-----")
+ err = ir.Pretty(r.dump, policy)
+ if err != nil {
+ return nil, err
+ }
+ fmt.Fprintln(r.dump)
+ }
+ return policy, nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/rego/resultset.go b/vendor/github.com/open-policy-agent/opa/v1/rego/resultset.go
new file mode 100644
index 0000000000..983de2223e
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/rego/resultset.go
@@ -0,0 +1,90 @@
+package rego
+
+import (
+ "fmt"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+)
+
+// ResultSet represents a collection of output from Rego evaluation. An empty
+// result set represents an undefined query.
+type ResultSet []Result
+
+// Vars represents a collection of variable bindings. The keys are the variable
+// names and the values are the binding values.
+type Vars map[string]any
+
+// WithoutWildcards returns a copy of v with wildcard variables removed.
+func (v Vars) WithoutWildcards() Vars {
+ n := Vars{}
+ for k, v := range v {
+ if ast.Var(k).IsWildcard() || ast.Var(k).IsGenerated() {
+ continue
+ }
+ n[k] = v
+ }
+ return n
+}
+
+// Result defines the output of Rego evaluation.
+type Result struct {
+ Expressions []*ExpressionValue `json:"expressions"`
+ Bindings Vars `json:"bindings,omitempty"`
+}
+
+func newResult() Result {
+ return Result{
+ Bindings: Vars{},
+ }
+}
+
+// Location defines a position in a Rego query or module.
+type Location struct {
+ Row int `json:"row"`
+ Col int `json:"col"`
+}
+
+// ExpressionValue defines the value of an expression in a Rego query.
+type ExpressionValue struct {
+ Value any `json:"value"`
+ Text string `json:"text"`
+ Location *Location `json:"location"`
+}
+
+func newExpressionValue(expr *ast.Expr, value any) *ExpressionValue {
+ result := &ExpressionValue{
+ Value: value,
+ }
+ if expr.Location != nil {
+ result.Text = string(expr.Location.Text)
+ result.Location = &Location{
+ Row: expr.Location.Row,
+ Col: expr.Location.Col,
+ }
+ }
+ return result
+}
+
+func (ev *ExpressionValue) String() string {
+ return fmt.Sprint(ev.Value)
+}
+
+// Allowed is a helper method that'll return true if all of these conditions hold:
+// - the result set only has one element
+// - there is only one expression in the result set's only element
+// - that expression has the value `true`
+// - there are no bindings.
+//
+// If bindings are present, this will yield `false`: it would be a pitfall to
+// return `true` for a query like `data.authz.allow = x`, which always has result
+// set element with value true, but could also have a binding `x: false`.
+func (rs ResultSet) Allowed() bool {
+ if len(rs) == 1 && len(rs[0].Bindings) == 0 {
+ if exprs := rs[0].Expressions; len(exprs) == 1 {
+ if b, ok := exprs[0].Value.(bool); ok {
+ return b
+ }
+ }
+ }
+ return false
+}
diff --git a/vendor/github.com/open-policy-agent/opa/resolver/interface.go b/vendor/github.com/open-policy-agent/opa/v1/resolver/interface.go
similarity index 86%
rename from vendor/github.com/open-policy-agent/opa/resolver/interface.go
rename to vendor/github.com/open-policy-agent/opa/v1/resolver/interface.go
index fc02329f57..1f04d21c01 100644
--- a/vendor/github.com/open-policy-agent/opa/resolver/interface.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/resolver/interface.go
@@ -7,8 +7,8 @@ package resolver
import (
"context"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/metrics"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/metrics"
)
// Resolver defines an external value resolver for OPA evaluations.
diff --git a/vendor/github.com/open-policy-agent/opa/resolver/wasm/wasm.go b/vendor/github.com/open-policy-agent/opa/v1/resolver/wasm/wasm.go
similarity index 87%
rename from vendor/github.com/open-policy-agent/opa/resolver/wasm/wasm.go
rename to vendor/github.com/open-policy-agent/opa/v1/resolver/wasm/wasm.go
index 9c13879dc3..f23282b405 100644
--- a/vendor/github.com/open-policy-agent/opa/resolver/wasm/wasm.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/resolver/wasm/wasm.go
@@ -6,17 +6,18 @@ package wasm
import (
"context"
+ "errors"
"fmt"
"strconv"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/rego/opa"
- "github.com/open-policy-agent/opa/resolver"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/resolver"
)
// New creates a new Resolver instance which is using the Wasm module
// policy for the given entrypoint ref.
-func New(entrypoints []ast.Ref, policy []byte, data interface{}) (*Resolver, error) {
+func New(entrypoints []ast.Ref, policy []byte, data any) (*Resolver, error) {
e, err := opa.LookupEngine("wasm")
if err != nil {
return nil, err
@@ -96,9 +97,9 @@ func (r *Resolver) Eval(ctx context.Context, input resolver.Input) (resolver.Res
return resolver.Result{}, fmt.Errorf("internal error: invalid entrypoint id %s", numValue)
}
- var in *interface{}
+ var in *any
if input.Input != nil {
- var str interface{} = []byte(input.Input.String())
+ var str any = []byte(input.Input.String())
in = &str
}
@@ -121,12 +122,12 @@ func (r *Resolver) Eval(ctx context.Context, input resolver.Input) (resolver.Res
}
// SetData will update the external data for the Wasm instance.
-func (r *Resolver) SetData(ctx context.Context, data interface{}) error {
+func (r *Resolver) SetData(ctx context.Context, data any) error {
return r.o.SetData(ctx, data)
}
// SetDataPath will set the provided data on the wasm instance at the specified path.
-func (r *Resolver) SetDataPath(ctx context.Context, path []string, data interface{}) error {
+func (r *Resolver) SetDataPath(ctx context.Context, path []string, data any) error {
return r.o.SetDataPath(ctx, path, data)
}
@@ -144,7 +145,7 @@ func getResult(evalResult *opa.Result) (ast.Value, error) {
resultSet, ok := parsed.Value.(ast.Set)
if !ok {
- return nil, fmt.Errorf("illegal result type")
+ return nil, errors.New("illegal result type")
}
if resultSet.Len() == 0 {
@@ -152,14 +153,14 @@ func getResult(evalResult *opa.Result) (ast.Value, error) {
}
if resultSet.Len() > 1 {
- return nil, fmt.Errorf("illegal result type")
+ return nil, errors.New("illegal result type")
}
var obj ast.Object
err = resultSet.Iter(func(term *ast.Term) error {
obj, ok = term.Value.(ast.Object)
if !ok || obj.Len() != 1 {
- return fmt.Errorf("illegal result type")
+ return errors.New("illegal result type")
}
return nil
})
@@ -167,7 +168,7 @@ func getResult(evalResult *opa.Result) (ast.Value, error) {
return nil, err
}
- result := obj.Get(ast.StringTerm("result"))
+ result := obj.Get(ast.InternedStringTerm("result"))
return result.Value, nil
}
diff --git a/vendor/github.com/open-policy-agent/opa/schemas/authorizationPolicy.json b/vendor/github.com/open-policy-agent/opa/v1/schemas/authorizationPolicy.json
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/schemas/authorizationPolicy.json
rename to vendor/github.com/open-policy-agent/opa/v1/schemas/authorizationPolicy.json
diff --git a/vendor/github.com/open-policy-agent/opa/schemas/schemas.go b/vendor/github.com/open-policy-agent/opa/v1/schemas/schemas.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/schemas/schemas.go
rename to vendor/github.com/open-policy-agent/opa/v1/schemas/schemas.go
diff --git a/vendor/github.com/open-policy-agent/opa/v1/storage/doc.go b/vendor/github.com/open-policy-agent/opa/v1/storage/doc.go
new file mode 100644
index 0000000000..6fa2f86d98
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/doc.go
@@ -0,0 +1,6 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package storage exposes the policy engine's storage layer.
+package storage
diff --git a/vendor/github.com/open-policy-agent/opa/v1/storage/errors.go b/vendor/github.com/open-policy-agent/opa/v1/storage/errors.go
new file mode 100644
index 0000000000..a3d1c00737
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/errors.go
@@ -0,0 +1,121 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package storage
+
+import (
+ "fmt"
+)
+
+const (
+ // InternalErr indicates an unknown, internal error has occurred.
+ InternalErr = "storage_internal_error"
+
+ // NotFoundErr indicates the path used in the storage operation does not
+ // locate a document.
+ NotFoundErr = "storage_not_found_error"
+
+ // WriteConflictErr indicates a write on the path enocuntered a conflicting
+ // value inside the transaction.
+ WriteConflictErr = "storage_write_conflict_error"
+
+ // InvalidPatchErr indicates an invalid patch/write was issued. The patch
+ // was rejected.
+ InvalidPatchErr = "storage_invalid_patch_error"
+
+ // InvalidTransactionErr indicates an invalid operation was performed
+ // inside of the transaction.
+ InvalidTransactionErr = "storage_invalid_txn_error"
+
+ // TriggersNotSupportedErr indicates the caller attempted to register a
+ // trigger against a store that does not support them.
+ TriggersNotSupportedErr = "storage_triggers_not_supported_error"
+
+ // WritesNotSupportedErr indicate the caller attempted to perform a write
+ // against a store that does not support them.
+ WritesNotSupportedErr = "storage_writes_not_supported_error"
+
+ // PolicyNotSupportedErr indicate the caller attempted to perform a policy
+ // management operation against a store that does not support them.
+ PolicyNotSupportedErr = "storage_policy_not_supported_error"
+)
+
+// Error is the error type returned by the storage layer.
+type Error struct {
+ Code string `json:"code"`
+ Message string `json:"message"`
+}
+
+func (err *Error) Error() string {
+ if err.Message != "" {
+ return fmt.Sprintf("%v: %v", err.Code, err.Message)
+ }
+ return err.Code
+}
+
+// IsNotFound returns true if this error is a NotFoundErr.
+func IsNotFound(err error) bool {
+ if err, ok := err.(*Error); ok {
+ return err.Code == NotFoundErr
+ }
+ return false
+}
+
+// IsWriteConflictError returns true if this error a WriteConflictErr.
+func IsWriteConflictError(err error) bool {
+ switch err := err.(type) {
+ case *Error:
+ return err.Code == WriteConflictErr
+ }
+ return false
+}
+
+// IsInvalidPatch returns true if this error is a InvalidPatchErr.
+func IsInvalidPatch(err error) bool {
+ switch err := err.(type) {
+ case *Error:
+ return err.Code == InvalidPatchErr
+ }
+ return false
+}
+
+// IsInvalidTransaction returns true if this error is a InvalidTransactionErr.
+func IsInvalidTransaction(err error) bool {
+ switch err := err.(type) {
+ case *Error:
+ return err.Code == InvalidTransactionErr
+ }
+ return false
+}
+
+// IsIndexingNotSupported is a stub for backwards-compatibility.
+//
+// Deprecated: We no longer return IndexingNotSupported errors, so it is
+// unnecessary to check for them.
+func IsIndexingNotSupported(error) bool { return false }
+
+func writeConflictError(path Path) *Error {
+ return &Error{
+ Code: WriteConflictErr,
+ Message: path.String(),
+ }
+}
+
+func triggersNotSupportedError() *Error {
+ return &Error{
+ Code: TriggersNotSupportedErr,
+ }
+}
+
+func writesNotSupportedError() *Error {
+ return &Error{
+ Code: WritesNotSupportedErr,
+ }
+}
+
+func policyNotSupportedError() *Error {
+ return &Error{
+ Code: PolicyNotSupportedErr,
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/storage/inmem/ast.go b/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/ast.go
similarity index 89%
rename from vendor/github.com/open-policy-agent/opa/storage/inmem/ast.go
rename to vendor/github.com/open-policy-agent/opa/v1/storage/inmem/ast.go
index 5a8a6743fa..27b8a7483f 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/inmem/ast.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/ast.go
@@ -8,10 +8,10 @@ import (
"fmt"
"strconv"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/storage/internal/errors"
- "github.com/open-policy-agent/opa/storage/internal/ptr"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/storage/internal/errors"
+ "github.com/open-policy-agent/opa/v1/storage/internal/ptr"
)
type updateAST struct {
@@ -28,7 +28,7 @@ func (u *updateAST) Remove() bool {
return u.remove
}
-func (u *updateAST) Set(v interface{}) {
+func (u *updateAST) Set(v any) {
if v, ok := v.(ast.Value); ok {
u.value = v
} else {
@@ -36,7 +36,7 @@ func (u *updateAST) Set(v interface{}) {
}
}
-func (u *updateAST) Value() interface{} {
+func (u *updateAST) Value() any {
return u.value
}
@@ -46,7 +46,7 @@ func (u *updateAST) Relative(path storage.Path) dataUpdate {
return &cpy
}
-func (u *updateAST) Apply(v interface{}) interface{} {
+func (u *updateAST) Apply(v any) any {
if len(u.path) == 0 {
return u.value
}
@@ -72,7 +72,7 @@ func (u *updateAST) Apply(v interface{}) interface{} {
return newV
}
-func newUpdateAST(data interface{}, op storage.PatchOp, path storage.Path, idx int, value ast.Value) (*updateAST, error) {
+func newUpdateAST(data any, op storage.PatchOp, path storage.Path, idx int, value ast.Value) (*updateAST, error) {
switch data.(type) {
case ast.Null, ast.Boolean, ast.Number, ast.String:
@@ -101,8 +101,7 @@ func newUpdateArrayAST(data *ast.Array, op storage.PatchOp, path storage.Path, i
return nil, invalidPatchError("%v: invalid patch path", path)
}
- cpy := data.Copy()
- cpy = cpy.Append(ast.NewTerm(value))
+ cpy := data.Append(ast.NewTerm(value))
return &updateAST{path[:len(path)-1], false, cpy}, nil
}
@@ -114,7 +113,7 @@ func newUpdateArrayAST(data *ast.Array, op storage.PatchOp, path storage.Path, i
switch op {
case storage.AddOp:
var results []*ast.Term
- for i := 0; i < data.Len(); i++ {
+ for i := range data.Len() {
if i == pos {
results = append(results, ast.NewTerm(value))
}
@@ -125,7 +124,7 @@ func newUpdateArrayAST(data *ast.Array, op storage.PatchOp, path storage.Path, i
case storage.RemoveOp:
var results []*ast.Term
- for i := 0; i < data.Len(); i++ {
+ for i := range data.Len() {
if i != pos {
results = append(results, data.Elem(i))
}
@@ -134,7 +133,7 @@ func newUpdateArrayAST(data *ast.Array, op storage.PatchOp, path storage.Path, i
default:
var results []*ast.Term
- for i := 0; i < data.Len(); i++ {
+ for i := range data.Len() {
if i == pos {
results = append(results, ast.NewTerm(value))
} else {
@@ -155,7 +154,7 @@ func newUpdateArrayAST(data *ast.Array, op storage.PatchOp, path storage.Path, i
}
func newUpdateObjectAST(data ast.Object, op storage.PatchOp, path storage.Path, idx int, value ast.Value) (*updateAST, error) {
- key := ast.StringTerm(path[idx])
+ key := ast.InternedStringTerm(path[idx])
val := data.Get(key)
if idx == len(path)-1 {
@@ -175,7 +174,7 @@ func newUpdateObjectAST(data ast.Object, op storage.PatchOp, path storage.Path,
return nil, errors.NewNotFoundError(path)
}
-func interfaceToValue(v interface{}) (ast.Value, error) {
+func interfaceToValue(v any) (ast.Value, error) {
if v, ok := v.(ast.Value); ok {
return v, nil
}
@@ -201,7 +200,7 @@ func setInAst(data ast.Value, path storage.Path, value ast.Value) (ast.Value, er
}
func setInAstObject(obj ast.Object, path storage.Path, value ast.Value) (ast.Value, error) {
- key := ast.StringTerm(path[0])
+ key := ast.InternedStringTerm(path[0])
if len(path) == 1 {
obj.Insert(key, ast.NewTerm(value))
@@ -257,7 +256,7 @@ func removeInAst(value ast.Value, path storage.Path) (ast.Value, error) {
}
func removeInAstObject(obj ast.Object, path storage.Path) (ast.Value, error) {
- key := ast.StringTerm(path[0])
+ key := ast.InternedStringTerm(path[0])
if len(path) == 1 {
var items [][2]*ast.Term
@@ -296,7 +295,7 @@ func removeInAstArray(arr *ast.Array, path storage.Path) (ast.Value, error) {
if len(path) == 1 {
var elems []*ast.Term
// Note: possibly expensive operation for large data.
- for i := 0; i < arr.Len(); i++ {
+ for i := range arr.Len() {
if i == idx {
continue
}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/inmem.go b/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/inmem.go
new file mode 100644
index 0000000000..742d6c167f
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/inmem.go
@@ -0,0 +1,460 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package inmem implements an in-memory version of the policy engine's storage
+// layer.
+//
+// The in-memory store is used as the default storage layer implementation. The
+// in-memory store supports multi-reader/single-writer concurrency with
+// rollback.
+//
+// Callers should assume the in-memory store does not make copies of written
+// data. Once data is written to the in-memory store, it should not be modified
+// (outside of calling Store.Write). Furthermore, data read from the in-memory
+// store should be treated as read-only.
+package inmem
+
+import (
+ "context"
+ "fmt"
+ "io"
+ "path/filepath"
+ "strings"
+ "sync"
+ "sync/atomic"
+
+ "github.com/open-policy-agent/opa/internal/merge"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// New returns an empty in-memory store.
+func New() storage.Store {
+ return NewWithOpts()
+}
+
+// NewWithOpts returns an empty in-memory store, with extra options passed.
+func NewWithOpts(opts ...Opt) storage.Store {
+ s := &store{
+ triggers: map[*handle]storage.TriggerConfig{},
+ policies: map[string][]byte{},
+ roundTripOnWrite: true,
+ returnASTValuesOnRead: false,
+ }
+
+ for _, opt := range opts {
+ opt(s)
+ }
+
+ if s.returnASTValuesOnRead {
+ s.data = ast.NewObject()
+ } else {
+ s.data = map[string]any{}
+ }
+
+ return s
+}
+
+// NewFromObject returns a new in-memory store from the supplied data object.
+func NewFromObject(data map[string]any) storage.Store {
+ return NewFromObjectWithOpts(data)
+}
+
+// NewFromObjectWithOpts returns a new in-memory store from the supplied data object, with the
+// options passed.
+func NewFromObjectWithOpts(data map[string]any, opts ...Opt) storage.Store {
+ db := NewWithOpts(opts...)
+ ctx := context.Background()
+ txn, err := db.NewTransaction(ctx, storage.WriteParams)
+ if err != nil {
+ panic(err)
+ }
+ if err := db.Write(ctx, txn, storage.AddOp, storage.Path{}, data); err != nil {
+ panic(err)
+ }
+ if err := db.Commit(ctx, txn); err != nil {
+ panic(err)
+ }
+ return db
+}
+
+// NewFromReader returns a new in-memory store from a reader that produces a
+// JSON serialized object. This function is for test purposes.
+func NewFromReader(r io.Reader) storage.Store {
+ return NewFromReaderWithOpts(r)
+}
+
+// NewFromReader returns a new in-memory store from a reader that produces a
+// JSON serialized object, with extra options. This function is for test purposes.
+func NewFromReaderWithOpts(r io.Reader, opts ...Opt) storage.Store {
+ d := util.NewJSONDecoder(r)
+ var data map[string]any
+ if err := d.Decode(&data); err != nil {
+ panic(err)
+ }
+ return NewFromObjectWithOpts(data, opts...)
+}
+
+type store struct {
+ rmu sync.RWMutex // reader-writer lock
+ wmu sync.Mutex // writer lock
+ xid uint64 // last generated transaction id
+ data any // raw or AST data
+ policies map[string][]byte // raw policies
+ triggers map[*handle]storage.TriggerConfig // registered triggers
+
+ // roundTripOnWrite, if true, means that every call to Write round trips the
+ // data through JSON before adding the data to the store. Defaults to true.
+ roundTripOnWrite bool
+
+ // returnASTValuesOnRead, if true, means that the store will eagerly convert data to AST values,
+ // and return them on Read.
+ // FIXME: naming(?)
+ returnASTValuesOnRead bool
+}
+
+type handle struct {
+ db *store
+}
+
+func (db *store) NewTransaction(_ context.Context, params ...storage.TransactionParams) (storage.Transaction, error) {
+ var write bool
+ var ctx *storage.Context
+ if len(params) > 0 {
+ write = params[0].Write
+ ctx = params[0].Context
+ }
+ xid := atomic.AddUint64(&db.xid, uint64(1))
+ if write {
+ db.wmu.Lock()
+ } else {
+ db.rmu.RLock()
+ }
+ return newTransaction(xid, write, ctx, db), nil
+}
+
+// Truncate implements the storage.Store interface. This method must be called within a transaction.
+func (db *store) Truncate(ctx context.Context, txn storage.Transaction, params storage.TransactionParams, it storage.Iterator) error {
+ var update *storage.Update
+ var err error
+ mergedData := map[string]any{}
+
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ return err
+ }
+
+ for {
+ update, err = it.Next()
+ if err != nil {
+ break
+ }
+
+ if update.IsPolicy {
+ err = underlying.UpsertPolicy(strings.TrimLeft(update.Path.String(), "/"), update.Value)
+ if err != nil {
+ return err
+ }
+ } else {
+ var value any
+ err = util.Unmarshal(update.Value, &value)
+ if err != nil {
+ return err
+ }
+
+ var key []string
+ dirpath := strings.TrimLeft(update.Path.String(), "/")
+ if len(dirpath) > 0 {
+ key = strings.Split(dirpath, "/")
+ }
+
+ if value != nil {
+ obj, err := mktree(key, value)
+ if err != nil {
+ return err
+ }
+
+ merged, ok := merge.InterfaceMaps(mergedData, obj)
+ if !ok {
+ return fmt.Errorf("failed to insert data file from path %s", filepath.Join(key...))
+ }
+ mergedData = merged
+ }
+ }
+ }
+
+ // err is known not to be nil at this point, as it getting assigned
+ // a non-nil value is the only way the loop above can exit.
+ if err != io.EOF {
+ return err
+ }
+
+ // For backwards compatibility, check if `RootOverwrite` was configured.
+ if params.RootOverwrite {
+ newPath, ok := storage.ParsePathEscaped("/")
+ if !ok {
+ return fmt.Errorf("storage path invalid: %v", newPath)
+ }
+ return underlying.Write(storage.AddOp, newPath, mergedData)
+ }
+
+ for _, root := range params.BasePaths {
+ newPath, ok := storage.ParsePathEscaped("/" + root)
+ if !ok {
+ return fmt.Errorf("storage path invalid: %v", newPath)
+ }
+
+ if value, ok := lookup(newPath, mergedData); ok {
+ if len(newPath) > 0 {
+ if err := storage.MakeDir(ctx, db, txn, newPath[:len(newPath)-1]); err != nil {
+ return err
+ }
+ }
+ if err := underlying.Write(storage.AddOp, newPath, value); err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
+
+func (db *store) Commit(ctx context.Context, txn storage.Transaction) error {
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ return err
+ }
+ if underlying.write {
+ db.rmu.Lock()
+ event := underlying.Commit()
+ db.runOnCommitTriggers(ctx, txn, event)
+ // Mark the transaction stale after executing triggers, so they can
+ // perform store operations if needed.
+ underlying.stale = true
+ db.rmu.Unlock()
+ db.wmu.Unlock()
+ } else {
+ db.rmu.RUnlock()
+ }
+ return nil
+}
+
+func (db *store) Abort(_ context.Context, txn storage.Transaction) {
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ panic(err)
+ }
+ underlying.stale = true
+ if underlying.write {
+ db.wmu.Unlock()
+ } else {
+ db.rmu.RUnlock()
+ }
+}
+
+func (db *store) ListPolicies(_ context.Context, txn storage.Transaction) ([]string, error) {
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ return nil, err
+ }
+ return underlying.ListPolicies(), nil
+}
+
+func (db *store) GetPolicy(_ context.Context, txn storage.Transaction, id string) ([]byte, error) {
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ return nil, err
+ }
+ return underlying.GetPolicy(id)
+}
+
+func (db *store) UpsertPolicy(_ context.Context, txn storage.Transaction, id string, bs []byte) error {
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ return err
+ }
+ return underlying.UpsertPolicy(id, bs)
+}
+
+func (db *store) DeletePolicy(_ context.Context, txn storage.Transaction, id string) error {
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ return err
+ }
+ if _, err := underlying.GetPolicy(id); err != nil {
+ return err
+ }
+ return underlying.DeletePolicy(id)
+}
+
+func (db *store) Register(_ context.Context, txn storage.Transaction, config storage.TriggerConfig) (storage.TriggerHandle, error) {
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ return nil, err
+ }
+ if !underlying.write {
+ return nil, &storage.Error{
+ Code: storage.InvalidTransactionErr,
+ Message: "triggers must be registered with a write transaction",
+ }
+ }
+ h := &handle{db}
+ db.triggers[h] = config
+ return h, nil
+}
+
+func (db *store) Read(_ context.Context, txn storage.Transaction, path storage.Path) (any, error) {
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ return nil, err
+ }
+
+ v, err := underlying.Read(path)
+ if err != nil {
+ return nil, err
+ }
+
+ return v, nil
+}
+
+func (db *store) Write(_ context.Context, txn storage.Transaction, op storage.PatchOp, path storage.Path, value any) error {
+ underlying, err := db.underlying(txn)
+ if err != nil {
+ return err
+ }
+ val := util.Reference(value)
+ if db.roundTripOnWrite {
+ if err := util.RoundTrip(val); err != nil {
+ return err
+ }
+ }
+ return underlying.Write(op, path, *val)
+}
+
+func (h *handle) Unregister(_ context.Context, txn storage.Transaction) {
+ underlying, err := h.db.underlying(txn)
+ if err != nil {
+ panic(err)
+ }
+ if !underlying.write {
+ panic(&storage.Error{
+ Code: storage.InvalidTransactionErr,
+ Message: "triggers must be unregistered with a write transaction",
+ })
+ }
+ delete(h.db.triggers, h)
+}
+
+func (db *store) runOnCommitTriggers(ctx context.Context, txn storage.Transaction, event storage.TriggerEvent) {
+ if db.returnASTValuesOnRead && len(db.triggers) > 0 {
+ // FIXME: Not very performant for large data.
+
+ dataEvents := make([]storage.DataEvent, 0, len(event.Data))
+
+ for _, dataEvent := range event.Data {
+ if astData, ok := dataEvent.Data.(ast.Value); ok {
+ jsn, err := ast.ValueToInterface(astData, illegalResolver{})
+ if err != nil {
+ panic(err)
+ }
+ dataEvents = append(dataEvents, storage.DataEvent{
+ Path: dataEvent.Path,
+ Data: jsn,
+ Removed: dataEvent.Removed,
+ })
+ } else {
+ dataEvents = append(dataEvents, dataEvent)
+ }
+ }
+
+ event = storage.TriggerEvent{
+ Policy: event.Policy,
+ Data: dataEvents,
+ Context: event.Context,
+ }
+ }
+
+ for _, t := range db.triggers {
+ t.OnCommit(ctx, txn, event)
+ }
+}
+
+type illegalResolver struct{}
+
+func (illegalResolver) Resolve(ref ast.Ref) (any, error) {
+ return nil, fmt.Errorf("illegal value: %v", ref)
+}
+
+func (db *store) underlying(txn storage.Transaction) (*transaction, error) {
+ underlying, ok := txn.(*transaction)
+ if !ok {
+ return nil, &storage.Error{
+ Code: storage.InvalidTransactionErr,
+ Message: fmt.Sprintf("unexpected transaction type %T", txn),
+ }
+ }
+ if underlying.db != db {
+ return nil, &storage.Error{
+ Code: storage.InvalidTransactionErr,
+ Message: "unknown transaction",
+ }
+ }
+ if underlying.stale {
+ return nil, &storage.Error{
+ Code: storage.InvalidTransactionErr,
+ Message: "stale transaction",
+ }
+ }
+ return underlying, nil
+}
+
+const rootMustBeObjectMsg = "root must be object"
+const rootCannotBeRemovedMsg = "root cannot be removed"
+
+func invalidPatchError(f string, a ...any) *storage.Error {
+ return &storage.Error{
+ Code: storage.InvalidPatchErr,
+ Message: fmt.Sprintf(f, a...),
+ }
+}
+
+func mktree(path []string, value any) (map[string]any, error) {
+ if len(path) == 0 {
+ // For 0 length path the value is the full tree.
+ obj, ok := value.(map[string]any)
+ if !ok {
+ return nil, invalidPatchError(rootMustBeObjectMsg)
+ }
+ return obj, nil
+ }
+
+ dir := map[string]any{}
+ for i := len(path) - 1; i > 0; i-- {
+ dir[path[i]] = value
+ value = dir
+ dir = map[string]any{}
+ }
+ dir[path[0]] = value
+
+ return dir, nil
+}
+
+func lookup(path storage.Path, data map[string]any) (any, bool) {
+ if len(path) == 0 {
+ return data, true
+ }
+ for i := range len(path) - 1 {
+ value, ok := data[path[i]]
+ if !ok {
+ return nil, false
+ }
+ obj, ok := value.(map[string]any)
+ if !ok {
+ return nil, false
+ }
+ data = obj
+ }
+ value, ok := data[path[len(path)-1]]
+ return value, ok
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/opts.go b/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/opts.go
new file mode 100644
index 0000000000..2239fc73a3
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/opts.go
@@ -0,0 +1,37 @@
+package inmem
+
+// An Opt modifies store at instantiation.
+type Opt func(*store)
+
+// OptRoundTripOnWrite sets whether incoming objects written to store are
+// round-tripped through JSON to ensure they are serializable to JSON.
+//
+// Callers should disable this if they can guarantee all objects passed to
+// Write() are serializable to JSON. Failing to do so may result in undefined
+// behavior, including panics.
+//
+// Usually, when only storing objects in the inmem store that have been read
+// via encoding/json, this is safe to disable, and comes with an improvement
+// in performance and memory use.
+//
+// If setting to false, callers should deep-copy any objects passed to Write()
+// unless they can guarantee the objects will not be mutated after being written,
+// and that mutations happening to the objects after they have been passed into
+// Write() don't affect their logic.
+func OptRoundTripOnWrite(enabled bool) Opt {
+ return func(s *store) {
+ s.roundTripOnWrite = enabled
+ }
+}
+
+// OptReturnASTValuesOnRead sets whether data values added to the store should be
+// eagerly converted to AST values, which are then returned on read.
+//
+// When enabled, this feature does not sanity check data before converting it to AST values,
+// which may result in panics if the data is not valid. Callers should ensure that passed data
+// can be serialized to AST values; otherwise, it's recommended to also enable OptRoundTripOnWrite.
+func OptReturnASTValuesOnRead(enabled bool) Opt {
+ return func(s *store) {
+ s.returnASTValuesOnRead = enabled
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/storage/inmem/txn.go b/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/txn.go
similarity index 85%
rename from vendor/github.com/open-policy-agent/opa/storage/inmem/txn.go
rename to vendor/github.com/open-policy-agent/opa/v1/storage/inmem/txn.go
index d3252e8822..28e68c20f2 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/inmem/txn.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/inmem/txn.go
@@ -9,11 +9,11 @@ import (
"encoding/json"
"strconv"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/deepcopy"
- "github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/storage/internal/errors"
- "github.com/open-policy-agent/opa/storage/internal/ptr"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/storage/internal/errors"
+ "github.com/open-policy-agent/opa/v1/storage/internal/ptr"
)
// transaction implements the low-level read/write operations on the in-memory
@@ -63,7 +63,7 @@ func (txn *transaction) ID() uint64 {
return txn.xid
}
-func (txn *transaction) Write(op storage.PatchOp, path storage.Path, value interface{}) error {
+func (txn *transaction) Write(op storage.PatchOp, path storage.Path, value any) error {
if !txn.write {
return &storage.Error{
@@ -129,7 +129,7 @@ func (txn *transaction) Write(op storage.PatchOp, path storage.Path, value inter
return nil
}
-func (txn *transaction) updateRoot(op storage.PatchOp, value interface{}) error {
+func (txn *transaction) updateRoot(op storage.PatchOp, value any) error {
if op == storage.RemoveOp {
return invalidPatchError(rootCannotBeRemovedMsg)
}
@@ -150,7 +150,7 @@ func (txn *transaction) updateRoot(op storage.PatchOp, value interface{}) error
value: valueAST,
}
} else {
- if _, ok := value.(map[string]interface{}); !ok {
+ if _, ok := value.(map[string]any); !ok {
return invalidPatchError(rootMustBeObjectMsg)
}
@@ -194,14 +194,14 @@ func (txn *transaction) Commit() (result storage.TriggerEvent) {
return result
}
-func pointer(v interface{}, path storage.Path) (interface{}, error) {
+func pointer(v any, path storage.Path) (any, error) {
if v, ok := v.(ast.Value); ok {
return ptr.ValuePtr(v, path)
}
return ptr.Ptr(v, path)
}
-func deepcpy(v interface{}) interface{} {
+func deepcpy(v any) any {
if v, ok := v.(ast.Value); ok {
var cpy ast.Value
@@ -217,7 +217,7 @@ func deepcpy(v interface{}) interface{} {
return deepcopy.DeepCopy(v)
}
-func (txn *transaction) Read(path storage.Path) (interface{}, error) {
+func (txn *transaction) Read(path storage.Path) (any, error) {
if !txn.write {
return pointer(txn.db.data, path)
@@ -313,10 +313,10 @@ func (txn *transaction) DeletePolicy(id string) error {
type dataUpdate interface {
Path() storage.Path
Remove() bool
- Apply(interface{}) interface{}
+ Apply(any) any
Relative(path storage.Path) dataUpdate
- Set(interface{})
- Value() interface{}
+ Set(any)
+ Value() any
}
// update contains state associated with an update to be applied to the
@@ -324,10 +324,10 @@ type dataUpdate interface {
type updateRaw struct {
path storage.Path // data path modified by update
remove bool // indicates whether update removes the value at path
- value interface{} // value to add/replace at path (ignored if remove is true)
+ value any // value to add/replace at path (ignored if remove is true)
}
-func (db *store) newUpdate(data interface{}, op storage.PatchOp, path storage.Path, idx int, value interface{}) (dataUpdate, error) {
+func (db *store) newUpdate(data any, op storage.PatchOp, path storage.Path, idx int, value any) (dataUpdate, error) {
if db.returnASTValuesOnRead {
astData, err := interfaceToValue(data)
if err != nil {
@@ -342,7 +342,7 @@ func (db *store) newUpdate(data interface{}, op storage.PatchOp, path storage.Pa
return newUpdateRaw(data, op, path, idx, value)
}
-func newUpdateRaw(data interface{}, op storage.PatchOp, path storage.Path, idx int, value interface{}) (dataUpdate, error) {
+func newUpdateRaw(data any, op storage.PatchOp, path storage.Path, idx int, value any) (dataUpdate, error) {
switch data.(type) {
case nil, bool, json.Number, string:
@@ -350,10 +350,10 @@ func newUpdateRaw(data interface{}, op storage.PatchOp, path storage.Path, idx i
}
switch data := data.(type) {
- case map[string]interface{}:
+ case map[string]any:
return newUpdateObject(data, op, path, idx, value)
- case []interface{}:
+ case []any:
return newUpdateArray(data, op, path, idx, value)
}
@@ -363,14 +363,14 @@ func newUpdateRaw(data interface{}, op storage.PatchOp, path storage.Path, idx i
}
}
-func newUpdateArray(data []interface{}, op storage.PatchOp, path storage.Path, idx int, value interface{}) (dataUpdate, error) {
+func newUpdateArray(data []any, op storage.PatchOp, path storage.Path, idx int, value any) (dataUpdate, error) {
if idx == len(path)-1 {
if path[idx] == "-" || path[idx] == strconv.Itoa(len(data)) {
if op != storage.AddOp {
return nil, invalidPatchError("%v: invalid patch path", path)
}
- cpy := make([]interface{}, len(data)+1)
+ cpy := make([]any, len(data)+1)
copy(cpy, data)
cpy[len(data)] = value
return &updateRaw{path[:len(path)-1], false, cpy}, nil
@@ -383,20 +383,20 @@ func newUpdateArray(data []interface{}, op storage.PatchOp, path storage.Path, i
switch op {
case storage.AddOp:
- cpy := make([]interface{}, len(data)+1)
+ cpy := make([]any, len(data)+1)
copy(cpy[:pos], data[:pos])
copy(cpy[pos+1:], data[pos:])
cpy[pos] = value
return &updateRaw{path[:len(path)-1], false, cpy}, nil
case storage.RemoveOp:
- cpy := make([]interface{}, len(data)-1)
+ cpy := make([]any, len(data)-1)
copy(cpy[:pos], data[:pos])
copy(cpy[pos:], data[pos+1:])
return &updateRaw{path[:len(path)-1], false, cpy}, nil
default:
- cpy := make([]interface{}, len(data))
+ cpy := make([]any, len(data))
copy(cpy, data)
cpy[pos] = value
return &updateRaw{path[:len(path)-1], false, cpy}, nil
@@ -411,7 +411,7 @@ func newUpdateArray(data []interface{}, op storage.PatchOp, path storage.Path, i
return newUpdateRaw(data[pos], op, path, idx+1, value)
}
-func newUpdateObject(data map[string]interface{}, op storage.PatchOp, path storage.Path, idx int, value interface{}) (dataUpdate, error) {
+func newUpdateObject(data map[string]any, op storage.PatchOp, path storage.Path, idx int, value any) (dataUpdate, error) {
if idx == len(path)-1 {
switch op {
@@ -438,7 +438,7 @@ func (u *updateRaw) Path() storage.Path {
return u.path
}
-func (u *updateRaw) Apply(data interface{}) interface{} {
+func (u *updateRaw) Apply(data any) any {
if len(u.path) == 0 {
return u.value
}
@@ -448,17 +448,17 @@ func (u *updateRaw) Apply(data interface{}) interface{} {
}
key := u.path[len(u.path)-1]
if u.remove {
- obj := parent.(map[string]interface{})
+ obj := parent.(map[string]any)
delete(obj, key)
return data
}
switch parent := parent.(type) {
- case map[string]interface{}:
+ case map[string]any:
if parent == nil {
- parent = make(map[string]interface{}, 1)
+ parent = make(map[string]any, 1)
}
parent[key] = u.value
- case []interface{}:
+ case []any:
idx, err := strconv.Atoi(key)
if err != nil {
panic(err)
@@ -468,11 +468,11 @@ func (u *updateRaw) Apply(data interface{}) interface{} {
return data
}
-func (u *updateRaw) Set(v interface{}) {
+func (u *updateRaw) Set(v any) {
u.value = v
}
-func (u *updateRaw) Value() interface{} {
+func (u *updateRaw) Value() any {
return u.value
}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/storage/interface.go b/vendor/github.com/open-policy-agent/opa/v1/storage/interface.go
new file mode 100644
index 0000000000..1d03567066
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/interface.go
@@ -0,0 +1,247 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package storage
+
+import (
+ "context"
+
+ "github.com/open-policy-agent/opa/v1/metrics"
+)
+
+// Transaction defines the interface that identifies a consistent snapshot over
+// the policy engine's storage layer.
+type Transaction interface {
+ ID() uint64
+}
+
+// Store defines the interface for the storage layer's backend.
+type Store interface {
+ Trigger
+ Policy
+
+ // NewTransaction is called create a new transaction in the store.
+ NewTransaction(context.Context, ...TransactionParams) (Transaction, error)
+
+ // Read is called to fetch a document referred to by path.
+ Read(context.Context, Transaction, Path) (any, error)
+
+ // Write is called to modify a document referred to by path.
+ Write(context.Context, Transaction, PatchOp, Path, any) error
+
+ // Commit is called to finish the transaction. If Commit returns an error, the
+ // transaction must be automatically aborted by the Store implementation.
+ Commit(context.Context, Transaction) error
+
+ // Truncate is called to make a copy of the underlying store, write documents in the new store
+ // by creating multiple transactions in the new store as needed and finally swapping
+ // over to the new storage instance. This method must be called within a transaction on the original store.
+ Truncate(context.Context, Transaction, TransactionParams, Iterator) error
+
+ // Abort is called to cancel the transaction.
+ Abort(context.Context, Transaction)
+}
+
+// MakeDirer defines the interface a Store could realize to override the
+// generic MakeDir functionality in storage.MakeDir
+type MakeDirer interface {
+ MakeDir(context.Context, Transaction, Path) error
+}
+
+// TransactionParams describes a new transaction.
+type TransactionParams struct {
+
+ // BasePaths indicates the top-level paths where write operations will be performed in this transaction.
+ BasePaths []string
+
+ // RootOverwrite is deprecated. Use BasePaths instead.
+ RootOverwrite bool
+
+ // Write indicates if this transaction will perform any write operations.
+ Write bool
+
+ // Context contains key/value pairs passed to triggers.
+ Context *Context
+}
+
+// Context is a simple container for key/value pairs.
+type Context struct {
+ values map[any]any
+}
+
+// NewContext returns a new context object.
+func NewContext() *Context {
+ return &Context{
+ values: map[any]any{},
+ }
+}
+
+// Get returns the key value in the context.
+func (ctx *Context) Get(key any) any {
+ if ctx == nil {
+ return nil
+ }
+ return ctx.values[key]
+}
+
+// Put adds a key/value pair to the context.
+func (ctx *Context) Put(key, value any) {
+ ctx.values[key] = value
+}
+
+var metricsKey = struct{}{}
+
+// WithMetrics allows passing metrics via the Context.
+// It puts the metrics object in the ctx, and returns the same
+// ctx (not a copy) for convenience.
+func (ctx *Context) WithMetrics(m metrics.Metrics) *Context {
+ ctx.values[metricsKey] = m
+ return ctx
+}
+
+// Metrics() allows using a Context's metrics. Returns nil if metrics
+// were not attached to the Context.
+func (ctx *Context) Metrics() metrics.Metrics {
+ if m, ok := ctx.values[metricsKey]; ok {
+ if met, ok := m.(metrics.Metrics); ok {
+ return met
+ }
+ }
+ return nil
+}
+
+// WriteParams specifies the TransactionParams for a write transaction.
+var WriteParams = TransactionParams{
+ Write: true,
+}
+
+// PatchOp is the enumeration of supposed modifications.
+type PatchOp int
+
+// Patch supports add, remove, and replace operations.
+const (
+ AddOp PatchOp = iota
+ RemoveOp = iota
+ ReplaceOp = iota
+)
+
+// WritesNotSupported provides a default implementation of the write
+// interface which may be used if the backend does not support writes.
+type WritesNotSupported struct{}
+
+func (WritesNotSupported) Write(context.Context, Transaction, PatchOp, Path, any) error {
+ return writesNotSupportedError()
+}
+
+// Policy defines the interface for policy module storage.
+type Policy interface {
+ ListPolicies(context.Context, Transaction) ([]string, error)
+ GetPolicy(context.Context, Transaction, string) ([]byte, error)
+ UpsertPolicy(context.Context, Transaction, string, []byte) error
+ DeletePolicy(context.Context, Transaction, string) error
+}
+
+// PolicyNotSupported provides a default implementation of the policy interface
+// which may be used if the backend does not support policy storage.
+type PolicyNotSupported struct{}
+
+// ListPolicies always returns a PolicyNotSupportedErr.
+func (PolicyNotSupported) ListPolicies(context.Context, Transaction) ([]string, error) {
+ return nil, policyNotSupportedError()
+}
+
+// GetPolicy always returns a PolicyNotSupportedErr.
+func (PolicyNotSupported) GetPolicy(context.Context, Transaction, string) ([]byte, error) {
+ return nil, policyNotSupportedError()
+}
+
+// UpsertPolicy always returns a PolicyNotSupportedErr.
+func (PolicyNotSupported) UpsertPolicy(context.Context, Transaction, string, []byte) error {
+ return policyNotSupportedError()
+}
+
+// DeletePolicy always returns a PolicyNotSupportedErr.
+func (PolicyNotSupported) DeletePolicy(context.Context, Transaction, string) error {
+ return policyNotSupportedError()
+}
+
+// PolicyEvent describes a change to a policy.
+type PolicyEvent struct {
+ ID string
+ Data []byte
+ Removed bool
+}
+
+// DataEvent describes a change to a base data document.
+type DataEvent struct {
+ Path Path
+ Data any
+ Removed bool
+}
+
+// TriggerEvent describes the changes that caused the trigger to be invoked.
+type TriggerEvent struct {
+ Policy []PolicyEvent
+ Data []DataEvent
+ Context *Context
+}
+
+// IsZero returns true if the TriggerEvent indicates no changes occurred. This
+// function is primarily for test purposes.
+func (e TriggerEvent) IsZero() bool {
+ return !e.PolicyChanged() && !e.DataChanged()
+}
+
+// PolicyChanged returns true if the trigger was caused by a policy change.
+func (e TriggerEvent) PolicyChanged() bool {
+ return len(e.Policy) > 0
+}
+
+// DataChanged returns true if the trigger was caused by a data change.
+func (e TriggerEvent) DataChanged() bool {
+ return len(e.Data) > 0
+}
+
+// TriggerConfig contains the trigger registration configuration.
+type TriggerConfig struct {
+
+ // OnCommit is invoked when a transaction is successfully committed. The
+ // callback is invoked with a handle to the write transaction that
+ // successfully committed before other clients see the changes.
+ OnCommit func(context.Context, Transaction, TriggerEvent)
+}
+
+// Trigger defines the interface that stores implement to register for change
+// notifications when the store is changed.
+type Trigger interface {
+ Register(context.Context, Transaction, TriggerConfig) (TriggerHandle, error)
+}
+
+// TriggersNotSupported provides default implementations of the Trigger
+// interface which may be used if the backend does not support triggers.
+type TriggersNotSupported struct{}
+
+// Register always returns an error indicating triggers are not supported.
+func (TriggersNotSupported) Register(context.Context, Transaction, TriggerConfig) (TriggerHandle, error) {
+ return nil, triggersNotSupportedError()
+}
+
+// TriggerHandle defines the interface that can be used to unregister triggers that have
+// been registered on a Store.
+type TriggerHandle interface {
+ Unregister(context.Context, Transaction)
+}
+
+// Iterator defines the interface that can be used to read files from a directory starting with
+// files at the base of the directory, then sub-directories etc.
+type Iterator interface {
+ Next() (*Update, error)
+}
+
+// Update contains information about a file
+type Update struct {
+ Path Path
+ Value []byte
+ IsPolicy bool
+}
diff --git a/vendor/github.com/open-policy-agent/opa/storage/internal/errors/errors.go b/vendor/github.com/open-policy-agent/opa/v1/storage/internal/errors/errors.go
similarity index 79%
rename from vendor/github.com/open-policy-agent/opa/storage/internal/errors/errors.go
rename to vendor/github.com/open-policy-agent/opa/v1/storage/internal/errors/errors.go
index 0bba74b907..d13fff50fc 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/internal/errors/errors.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/internal/errors/errors.go
@@ -8,7 +8,7 @@ package errors
import (
"fmt"
- "github.com/open-policy-agent/opa/storage"
+ "github.com/open-policy-agent/opa/v1/storage"
)
const ArrayIndexTypeMsg = "array index must be integer"
@@ -20,10 +20,14 @@ func NewNotFoundError(path storage.Path) *storage.Error {
}
func NewNotFoundErrorWithHint(path storage.Path, hint string) *storage.Error {
- return NewNotFoundErrorf("%v: %v", path.String(), hint)
+ message := path.String() + ": " + hint
+ return &storage.Error{
+ Code: storage.NotFoundErr,
+ Message: message,
+ }
}
-func NewNotFoundErrorf(f string, a ...interface{}) *storage.Error {
+func NewNotFoundErrorf(f string, a ...any) *storage.Error {
msg := fmt.Sprintf(f, a...)
return &storage.Error{
Code: storage.NotFoundErr,
diff --git a/vendor/github.com/open-policy-agent/opa/storage/internal/ptr/ptr.go b/vendor/github.com/open-policy-agent/opa/v1/storage/internal/ptr/ptr.go
similarity index 71%
rename from vendor/github.com/open-policy-agent/opa/storage/internal/ptr/ptr.go
rename to vendor/github.com/open-policy-agent/opa/v1/storage/internal/ptr/ptr.go
index 14adbd682e..c5e380af04 100644
--- a/vendor/github.com/open-policy-agent/opa/storage/internal/ptr/ptr.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/internal/ptr/ptr.go
@@ -8,22 +8,22 @@ package ptr
import (
"strconv"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/storage/internal/errors"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/storage/internal/errors"
)
-func Ptr(data interface{}, path storage.Path) (interface{}, error) {
+func Ptr(data any, path storage.Path) (any, error) {
node := data
for i := range path {
key := path[i]
switch curr := node.(type) {
- case map[string]interface{}:
+ case map[string]any:
var ok bool
if node, ok = curr[key]; !ok {
return nil, errors.NewNotFoundError(path)
}
- case []interface{}:
+ case []any:
pos, err := ValidateArrayIndex(curr, key, path)
if err != nil {
return nil, err
@@ -43,8 +43,15 @@ func ValuePtr(data ast.Value, path storage.Path) (ast.Value, error) {
key := path[i]
switch curr := node.(type) {
case ast.Object:
- keyTerm := ast.StringTerm(key)
+ // This term is only created for the lookup, which is not.. ideal.
+ // By using the pool, we can at least avoid allocating the term itself,
+ // while still having to pay 1 allocation for the value. A better solution
+ // would be dynamically interned string terms.
+ keyTerm := ast.TermPtrPool.Get()
+ keyTerm.Value = ast.String(key)
+
val := curr.Get(keyTerm)
+ ast.TermPtrPool.Put(keyTerm)
if val == nil {
return nil, errors.NewNotFoundError(path)
}
@@ -63,7 +70,7 @@ func ValuePtr(data ast.Value, path storage.Path) (ast.Value, error) {
return node, nil
}
-func ValidateArrayIndex(arr []interface{}, s string, path storage.Path) (int, error) {
+func ValidateArrayIndex(arr []any, s string, path storage.Path) (int, error) {
idx, ok := isInt(s)
if !ok {
return 0, errors.NewNotFoundErrorWithHint(path, errors.ArrayIndexTypeMsg)
@@ -82,7 +89,7 @@ func ValidateASTArrayIndex(arr *ast.Array, s string, path storage.Path) (int, er
// ValidateArrayIndexForWrite also checks that `s` is a valid way to address an
// array element like `ValidateArrayIndex`, but returns a `resource_conflict` error
// if it is not.
-func ValidateArrayIndexForWrite(arr []interface{}, s string, i int, path storage.Path) (int, error) {
+func ValidateArrayIndexForWrite(arr []any, s string, i int, path storage.Path) (int, error) {
idx, ok := isInt(s)
if !ok {
return 0, errors.NewWriteConflictError(path[:i-1])
@@ -95,12 +102,12 @@ func isInt(s string) (int, bool) {
return idx, err == nil
}
-func inRange(i int, arr interface{}, path storage.Path) (int, error) {
+func inRange(i int, arr any, path storage.Path) (int, error) {
var arrLen int
switch v := arr.(type) {
- case []interface{}:
+ case []any:
arrLen = len(v)
case *ast.Array:
arrLen = v.Len()
diff --git a/vendor/github.com/open-policy-agent/opa/v1/storage/path.go b/vendor/github.com/open-policy-agent/opa/v1/storage/path.go
new file mode 100644
index 0000000000..f774d2eeda
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/path.go
@@ -0,0 +1,162 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package storage
+
+import (
+ "errors"
+ "fmt"
+ "net/url"
+ "strconv"
+ "strings"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+)
+
+// Path refers to a document in storage.
+type Path []string
+
+// ParsePath returns a new path for the given str.
+func ParsePath(str string) (path Path, ok bool) {
+ if len(str) == 0 {
+ return nil, false
+ }
+ if str[0] != '/' {
+ return nil, false
+ }
+ if len(str) == 1 {
+ return Path{}, true
+ }
+ parts := strings.Split(str[1:], "/")
+ return parts, true
+}
+
+// ParsePathEscaped returns a new path for the given escaped str.
+func ParsePathEscaped(str string) (path Path, ok bool) {
+ path, ok = ParsePath(str)
+ if !ok {
+ return
+ }
+ for i := range path {
+ segment, err := url.PathUnescape(path[i])
+ if err == nil {
+ path[i] = segment
+ }
+ }
+ return
+}
+
+// NewPathForRef returns a new path for the given ref.
+func NewPathForRef(ref ast.Ref) (path Path, err error) {
+
+ if len(ref) == 0 {
+ return nil, errors.New("empty reference (indicates error in caller)")
+ }
+
+ if len(ref) == 1 {
+ return Path{}, nil
+ }
+
+ path = make(Path, 0, len(ref)-1)
+
+ for _, term := range ref[1:] {
+ switch v := term.Value.(type) {
+ case ast.String:
+ path = append(path, string(v))
+ case ast.Number:
+ path = append(path, v.String())
+ case ast.Boolean, ast.Null:
+ return nil, &Error{
+ Code: NotFoundErr,
+ Message: fmt.Sprintf("%v: does not exist", ref),
+ }
+ case *ast.Array, ast.Object, ast.Set:
+ return nil, fmt.Errorf("composites cannot be base document keys: %v", ref)
+ default:
+ return nil, fmt.Errorf("unresolved reference (indicates error in caller): %v", ref)
+ }
+ }
+
+ return path, nil
+}
+
+// Compare performs lexigraphical comparison on p and other and returns -1 if p
+// is less than other, 0 if p is equal to other, or 1 if p is greater than
+// other.
+func (p Path) Compare(other Path) (cmp int) {
+ for i := range min(len(p), len(other)) {
+ if cmp := strings.Compare(p[i], other[i]); cmp != 0 {
+ return cmp
+ }
+ }
+ if len(p) < len(other) {
+ return -1
+ }
+ if len(p) == len(other) {
+ return 0
+ }
+ return 1
+}
+
+// Equal returns true if p is the same as other.
+func (p Path) Equal(other Path) bool {
+ return p.Compare(other) == 0
+}
+
+// HasPrefix returns true if p starts with other.
+func (p Path) HasPrefix(other Path) bool {
+ if len(other) > len(p) {
+ return false
+ }
+ for i := range other {
+ if p[i] != other[i] {
+ return false
+ }
+ }
+ return true
+}
+
+// Ref returns a ref that represents p rooted at head.
+func (p Path) Ref(head *ast.Term) (ref ast.Ref) {
+ ref = make(ast.Ref, len(p)+1)
+ ref[0] = head
+ for i := range p {
+ idx, err := strconv.ParseInt(p[i], 10, 64)
+ if err == nil {
+ ref[i+1] = ast.UIntNumberTerm(uint64(idx))
+ } else {
+ ref[i+1] = ast.StringTerm(p[i])
+ }
+ }
+ return ref
+}
+
+func (p Path) String() string {
+ if len(p) == 0 {
+ return "/"
+ }
+
+ l := 0
+ for i := range p {
+ l += len(p[i]) + 1
+ }
+
+ sb := strings.Builder{}
+ sb.Grow(l)
+ for i := range p {
+ sb.WriteByte('/')
+ sb.WriteString(url.PathEscape(p[i]))
+ }
+ return sb.String()
+}
+
+// MustParsePath returns a new Path for s. If s cannot be parsed, this function
+// will panic. This is mostly for test purposes.
+func MustParsePath(s string) Path {
+ path, ok := ParsePath(s)
+ if !ok {
+ panic(s)
+ }
+ return path
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/storage/storage.go b/vendor/github.com/open-policy-agent/opa/v1/storage/storage.go
new file mode 100644
index 0000000000..ecc3829940
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/storage/storage.go
@@ -0,0 +1,136 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package storage
+
+import (
+ "context"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+)
+
+// NewTransactionOrDie is a helper function to create a new transaction. If the
+// storage layer cannot create a new transaction, this function will panic. This
+// function should only be used for tests.
+func NewTransactionOrDie(ctx context.Context, store Store, params ...TransactionParams) Transaction {
+ txn, err := store.NewTransaction(ctx, params...)
+ if err != nil {
+ panic(err)
+ }
+ return txn
+}
+
+// ReadOne is a convenience function to read a single value from the provided Store. It
+// will create a new Transaction to perform the read with, and clean up after itself
+// should an error occur.
+func ReadOne(ctx context.Context, store Store, path Path) (any, error) {
+ txn, err := store.NewTransaction(ctx)
+ if err != nil {
+ return nil, err
+ }
+ defer store.Abort(ctx, txn)
+
+ return store.Read(ctx, txn, path)
+}
+
+// WriteOne is a convenience function to write a single value to the provided Store. It
+// will create a new Transaction to perform the write with, and clean up after itself
+// should an error occur.
+func WriteOne(ctx context.Context, store Store, op PatchOp, path Path, value any) error {
+ txn, err := store.NewTransaction(ctx, WriteParams)
+ if err != nil {
+ return err
+ }
+
+ if err := store.Write(ctx, txn, op, path, value); err != nil {
+ store.Abort(ctx, txn)
+ return err
+ }
+
+ return store.Commit(ctx, txn)
+}
+
+// MakeDir inserts an empty object at path. If the parent path does not exist,
+// MakeDir will create it recursively.
+func MakeDir(ctx context.Context, store Store, txn Transaction, path Path) error {
+
+ // Allow the Store implementation to deal with this in its own way.
+ if md, ok := store.(MakeDirer); ok {
+ return md.MakeDir(ctx, txn, path)
+ }
+
+ if len(path) == 0 {
+ return nil
+ }
+
+ node, err := store.Read(ctx, txn, path)
+ if err != nil {
+ if !IsNotFound(err) {
+ return err
+ }
+
+ if err := MakeDir(ctx, store, txn, path[:len(path)-1]); err != nil {
+ return err
+ }
+
+ return store.Write(ctx, txn, AddOp, path, map[string]any{})
+ }
+
+ if _, ok := node.(map[string]any); ok {
+ return nil
+ }
+
+ if _, ok := node.(ast.Object); ok {
+ return nil
+ }
+
+ return writeConflictError(path)
+}
+
+// Txn is a convenience function that executes f inside a new transaction
+// opened on the store. If the function returns an error, the transaction is
+// aborted and the error is returned. Otherwise, the transaction is committed
+// and the result of the commit is returned.
+func Txn(ctx context.Context, store Store, params TransactionParams, f func(Transaction) error) error {
+
+ txn, err := store.NewTransaction(ctx, params)
+ if err != nil {
+ return err
+ }
+
+ if err := f(txn); err != nil {
+ store.Abort(ctx, txn)
+ return err
+ }
+
+ return store.Commit(ctx, txn)
+}
+
+// NonEmpty returns a function that tests if a path is non-empty. A
+// path is non-empty if a Read on the path returns a value or a Read
+// on any of the path prefixes returns a non-object value.
+func NonEmpty(ctx context.Context, store Store, txn Transaction) func([]string) (bool, error) {
+ return func(path []string) (bool, error) {
+ if _, err := store.Read(ctx, txn, Path(path)); err == nil {
+ return true, nil
+ } else if !IsNotFound(err) {
+ return false, err
+ }
+ for i := len(path) - 1; i > 0; i-- {
+ val, err := store.Read(ctx, txn, Path(path[:i]))
+ if err != nil && !IsNotFound(err) {
+ return false, err
+ } else if err == nil {
+ if _, ok := val.(map[string]any); ok {
+ return false, nil
+ }
+ if _, ok := val.(ast.Object); ok {
+ return false, nil
+ }
+ return true, nil
+ }
+ }
+ return false, nil
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/aggregates.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/aggregates.go
similarity index 74%
rename from vendor/github.com/open-policy-agent/opa/topdown/aggregates.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/aggregates.go
index a0f67a7c95..05a2fdca9b 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/aggregates.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/aggregates.go
@@ -7,20 +7,20 @@ package topdown
import (
"math/big"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func builtinCount(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch a := operands[0].Value.(type) {
case *ast.Array:
- return iter(ast.IntNumberTerm(a.Len()))
+ return iter(ast.InternedIntNumberTerm(a.Len()))
case ast.Object:
- return iter(ast.IntNumberTerm(a.Len()))
+ return iter(ast.InternedIntNumberTerm(a.Len()))
case ast.Set:
- return iter(ast.IntNumberTerm(a.Len()))
+ return iter(ast.InternedIntNumberTerm(a.Len()))
case ast.String:
- return iter(ast.IntNumberTerm(len([]rune(a))))
+ return iter(ast.InternedIntNumberTerm(len([]rune(a))))
}
return builtins.NewOperandTypeErr(1, operands[0].Value, "array", "object", "set", "string")
}
@@ -28,6 +28,22 @@ func builtinCount(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) e
func builtinSum(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch a := operands[0].Value.(type) {
case *ast.Array:
+ // Fast path for arrays of integers
+ is := 0
+ nonInts := a.Until(func(x *ast.Term) bool {
+ if n, ok := x.Value.(ast.Number); ok {
+ if i, ok := n.Int(); ok {
+ is += i
+ return false
+ }
+ }
+ return true
+ })
+ if !nonInts {
+ return iter(ast.InternedIntNumberTerm(is))
+ }
+
+ // Non-integer values found, so we need to sum as floats.
sum := big.NewFloat(0)
err := a.Iter(func(x *ast.Term) error {
n, ok := x.Value.(ast.Number)
@@ -42,6 +58,21 @@ func builtinSum(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
}
return iter(ast.NewTerm(builtins.FloatToNumber(sum)))
case ast.Set:
+ // Fast path for sets of integers
+ is := 0
+ nonInts := a.Until(func(x *ast.Term) bool {
+ if n, ok := x.Value.(ast.Number); ok {
+ if i, ok := n.Int(); ok {
+ is += i
+ return false
+ }
+ }
+ return true
+ })
+ if !nonInts {
+ return iter(ast.InternedIntNumberTerm(is))
+ }
+
sum := big.NewFloat(0)
err := a.Iter(func(x *ast.Term) error {
n, ok := x.Value.(ast.Number)
@@ -99,7 +130,7 @@ func builtinMax(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
if a.Len() == 0 {
return nil
}
- var max = ast.Value(ast.Null{})
+ max := ast.InternedNullTerm.Value
a.Foreach(func(x *ast.Term) {
if ast.Compare(max, x.Value) <= 0 {
max = x.Value
@@ -110,7 +141,7 @@ func builtinMax(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
if a.Len() == 0 {
return nil
}
- max, err := a.Reduce(ast.NullTerm(), func(max *ast.Term, elem *ast.Term) (*ast.Term, error) {
+ max, err := a.Reduce(ast.InternedNullTerm, func(max *ast.Term, elem *ast.Term) (*ast.Term, error) {
if ast.Compare(max, elem) <= 0 {
return elem, nil
}
@@ -142,11 +173,11 @@ func builtinMin(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
if a.Len() == 0 {
return nil
}
- min, err := a.Reduce(ast.NullTerm(), func(min *ast.Term, elem *ast.Term) (*ast.Term, error) {
+ min, err := a.Reduce(ast.InternedNullTerm, func(min *ast.Term, elem *ast.Term) (*ast.Term, error) {
// The null term is considered to be less than any other term,
// so in order for min of a set to make sense, we need to check
// for it.
- if min.Value.Compare(ast.Null{}) == 0 {
+ if min.Value.Compare(ast.InternedNullTerm.Value) == 0 {
return elem, nil
}
@@ -178,7 +209,7 @@ func builtinAll(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
switch val := operands[0].Value.(type) {
case ast.Set:
res := true
- match := ast.BooleanTerm(true)
+ match := ast.InternedBooleanTerm(true)
val.Until(func(term *ast.Term) bool {
if !match.Equal(term) {
res = false
@@ -186,10 +217,10 @@ func builtinAll(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
}
return false
})
- return iter(ast.BooleanTerm(res))
+ return iter(ast.InternedBooleanTerm(res))
case *ast.Array:
res := true
- match := ast.BooleanTerm(true)
+ match := ast.InternedBooleanTerm(true)
val.Until(func(term *ast.Term) bool {
if !match.Equal(term) {
res = false
@@ -197,7 +228,7 @@ func builtinAll(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
}
return false
})
- return iter(ast.BooleanTerm(res))
+ return iter(ast.InternedBooleanTerm(res))
default:
return builtins.NewOperandTypeErr(1, operands[0].Value, "array", "set")
}
@@ -206,11 +237,11 @@ func builtinAll(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
func builtinAny(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch val := operands[0].Value.(type) {
case ast.Set:
- res := val.Len() > 0 && val.Contains(ast.BooleanTerm(true))
- return iter(ast.BooleanTerm(res))
+ res := val.Len() > 0 && val.Contains(ast.InternedBooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(res))
case *ast.Array:
res := false
- match := ast.BooleanTerm(true)
+ match := ast.InternedBooleanTerm(true)
val.Until(func(term *ast.Term) bool {
if match.Equal(term) {
res = true
@@ -218,7 +249,7 @@ func builtinAny(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
}
return false
})
- return iter(ast.BooleanTerm(res))
+ return iter(ast.InternedBooleanTerm(res))
default:
return builtins.NewOperandTypeErr(1, operands[0].Value, "array", "set")
}
@@ -228,27 +259,20 @@ func builtinMember(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
containee := operands[0]
switch c := operands[1].Value.(type) {
case ast.Set:
- return iter(ast.BooleanTerm(c.Contains(containee)))
+ return iter(ast.InternedBooleanTerm(c.Contains(containee)))
case *ast.Array:
- ret := false
- c.Until(func(v *ast.Term) bool {
- if v.Value.Compare(containee.Value) == 0 {
- ret = true
+ for i := range c.Len() {
+ if c.Elem(i).Value.Compare(containee.Value) == 0 {
+ return iter(ast.InternedBooleanTerm(true))
}
- return ret
- })
- return iter(ast.BooleanTerm(ret))
+ }
+ return iter(ast.InternedBooleanTerm(false))
case ast.Object:
- ret := false
- c.Until(func(_, v *ast.Term) bool {
- if v.Value.Compare(containee.Value) == 0 {
- ret = true
- }
- return ret
- })
- return iter(ast.BooleanTerm(ret))
+ return iter(ast.InternedBooleanTerm(c.Until(func(_, v *ast.Term) bool {
+ return v.Value.Compare(containee.Value) == 0
+ })))
}
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
func builtinMemberWithKey(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -259,9 +283,9 @@ func builtinMemberWithKey(_ BuiltinContext, operands []*ast.Term, iter func(*ast
if act := c.Get(key); act != nil {
ret = act.Value.Compare(val.Value) == 0
}
- return iter(ast.BooleanTerm(ret))
+ return iter(ast.InternedBooleanTerm(ret))
}
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
func init() {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/arithmetic.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/arithmetic.go
similarity index 82%
rename from vendor/github.com/open-policy-agent/opa/topdown/arithmetic.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/arithmetic.go
index 3ac703efa3..6502340197 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/arithmetic.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/arithmetic.go
@@ -5,11 +5,11 @@
package topdown
import (
- "fmt"
+ "errors"
"math/big"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
type arithArity1 func(a *big.Float) (*big.Float, error)
@@ -67,13 +67,11 @@ func builtinPlus(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) er
y, ok2 := n2.Int()
if ok1 && ok2 && inSmallIntRange(x) && inSmallIntRange(y) {
- return iter(ast.IntNumberTerm(x + y))
+ return iter(ast.InternedIntNumberTerm(x + y))
}
- f, err := arithPlus(builtins.NumberToFloat(n1), builtins.NumberToFloat(n2))
- if err != nil {
- return err
- }
+ f := new(big.Float).Add(builtins.NumberToFloat(n1), builtins.NumberToFloat(n2))
+
return iter(ast.NewTerm(builtins.FloatToNumber(f)))
}
@@ -91,39 +89,25 @@ func builtinMultiply(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
y, ok2 := n2.Int()
if ok1 && ok2 && inSmallIntRange(x) && inSmallIntRange(y) {
- return iter(ast.IntNumberTerm(x * y))
+ return iter(ast.InternedIntNumberTerm(x * y))
}
- f, err := arithMultiply(builtins.NumberToFloat(n1), builtins.NumberToFloat(n2))
- if err != nil {
- return err
- }
- return iter(ast.NewTerm(builtins.FloatToNumber(f)))
-}
+ f := new(big.Float).Mul(builtins.NumberToFloat(n1), builtins.NumberToFloat(n2))
-func arithPlus(a, b *big.Float) (*big.Float, error) {
- return new(big.Float).Add(a, b), nil
-}
-
-func arithMinus(a, b *big.Float) (*big.Float, error) {
- return new(big.Float).Sub(a, b), nil
-}
-
-func arithMultiply(a, b *big.Float) (*big.Float, error) {
- return new(big.Float).Mul(a, b), nil
+ return iter(ast.NewTerm(builtins.FloatToNumber(f)))
}
func arithDivide(a, b *big.Float) (*big.Float, error) {
i, acc := b.Int64()
if acc == big.Exact && i == 0 {
- return nil, fmt.Errorf("divide by zero")
+ return nil, errors.New("divide by zero")
}
return new(big.Float).Quo(a, b), nil
}
func arithRem(a, b *big.Int) (*big.Int, error) {
if b.Int64() == 0 {
- return nil, fmt.Errorf("modulo by zero")
+ return nil, errors.New("modulo by zero")
}
return new(big.Int).Rem(a, b), nil
}
@@ -171,13 +155,11 @@ func builtinMinus(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) e
y, oky := n2.Int()
if okx && oky && inSmallIntRange(x) && inSmallIntRange(y) {
- return iter(ast.IntNumberTerm(x - y))
+ return iter(ast.InternedIntNumberTerm(x - y))
}
- f, err := arithMinus(builtins.NumberToFloat(n1), builtins.NumberToFloat(n2))
- if err != nil {
- return err
- }
+ f := new(big.Float).Sub(builtins.NumberToFloat(n1), builtins.NumberToFloat(n2))
+
return iter(ast.NewTerm(builtins.FloatToNumber(f)))
}
@@ -185,7 +167,11 @@ func builtinMinus(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) e
s2, ok4 := operands[1].Value.(ast.Set)
if ok3 && ok4 {
- return iter(ast.NewTerm(s1.Diff(s2)))
+ diff := s1.Diff(s2)
+ if diff.Len() == 0 {
+ return iter(ast.InternedEmptySet)
+ }
+ return iter(ast.NewTerm(diff))
}
if !ok1 && !ok3 {
@@ -210,17 +196,17 @@ func builtinRem(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) err
if okx && oky && inSmallIntRange(x) && inSmallIntRange(y) {
if y == 0 {
- return fmt.Errorf("modulo by zero")
+ return errors.New("modulo by zero")
}
- return iter(ast.IntNumberTerm(x % y))
+ return iter(ast.InternedIntNumberTerm(x % y))
}
op1, err1 := builtins.NumberToInt(n1)
op2, err2 := builtins.NumberToInt(n2)
if err1 != nil || err2 != nil {
- return fmt.Errorf("modulo on floating-point number")
+ return errors.New("modulo on floating-point number")
}
i, err := arithRem(op1, op2)
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/array.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/array.go
similarity index 86%
rename from vendor/github.com/open-policy-agent/opa/topdown/array.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/array.go
index e7fe5be643..526e3ed26d 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/array.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/array.go
@@ -5,8 +5,8 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func builtinArrayConcat(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -20,6 +20,13 @@ func builtinArrayConcat(_ BuiltinContext, operands []*ast.Term, iter func(*ast.T
return err
}
+ if arrA.Len() == 0 {
+ return iter(operands[1])
+ }
+ if arrB.Len() == 0 {
+ return iter(operands[0])
+ }
+
arrC := make([]*ast.Term, arrA.Len()+arrB.Len())
i := 0
@@ -33,7 +40,7 @@ func builtinArrayConcat(_ BuiltinContext, operands []*ast.Term, iter func(*ast.T
i++
})
- return iter(ast.NewTerm(ast.NewArray(arrC...)))
+ return iter(ast.ArrayTerm(arrC...))
}
func builtinArraySlice(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -68,6 +75,10 @@ func builtinArraySlice(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Te
startIndex = stopIndex
}
+ if startIndex == 0 && stopIndex >= arr.Len() {
+ return iter(operands[0])
+ }
+
return iter(ast.NewTerm(arr.Slice(startIndex, stopIndex)))
}
@@ -80,7 +91,7 @@ func builtinArrayReverse(_ BuiltinContext, operands []*ast.Term, iter func(*ast.
length := arr.Len()
reversedArr := make([]*ast.Term, length)
- for index := 0; index < length; index++ {
+ for index := range length {
reversedArr[index] = arr.Elem(length - index - 1)
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/binary.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/binary.go
similarity index 81%
rename from vendor/github.com/open-policy-agent/opa/topdown/binary.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/binary.go
index b4f9dbd392..05050dbf7d 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/binary.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/binary.go
@@ -5,8 +5,8 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func builtinBinaryAnd(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -21,7 +21,12 @@ func builtinBinaryAnd(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
return err
}
- return iter(ast.NewTerm(s1.Intersect(s2)))
+ i := s1.Intersect(s2)
+ if i.Len() == 0 {
+ return iter(ast.InternedEmptySet)
+ }
+
+ return iter(ast.NewTerm(i))
}
func builtinBinaryOr(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/bindings.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/bindings.go
similarity index 92%
rename from vendor/github.com/open-policy-agent/opa/topdown/bindings.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/bindings.go
index 30a8ac5ec4..9dd55f1ba7 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/bindings.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/bindings.go
@@ -6,9 +6,10 @@ package topdown
import (
"fmt"
+ "strconv"
"strings"
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
)
type undo struct {
@@ -68,7 +69,7 @@ func (u *bindings) Plug(a *ast.Term) *ast.Term {
}
func (u *bindings) PlugNamespaced(a *ast.Term, caller *bindings) *ast.Term {
- if u != nil {
+ if u != nil && u.instr != nil {
u.instr.startTimer(evalOpPlug)
t := u.plugNamespaced(a, caller)
u.instr.stopTimer(evalOpPlug)
@@ -92,7 +93,7 @@ func (u *bindings) plugNamespaced(a *ast.Term, caller *bindings) *ast.Term {
}
cpy := *a
arr := make([]*ast.Term, v.Len())
- for i := 0; i < len(arr); i++ {
+ for i := range arr {
arr[i] = u.plugNamespaced(v.Elem(i), caller)
}
cpy.Value = ast.NewArray(arr...)
@@ -118,7 +119,7 @@ func (u *bindings) plugNamespaced(a *ast.Term, caller *bindings) *ast.Term {
case ast.Ref:
cpy := *a
ref := make(ast.Ref, len(v))
- for i := 0; i < len(ref); i++ {
+ for i := range ref {
ref[i] = u.plugNamespaced(v[i], caller)
}
cpy.Value = ref
@@ -184,7 +185,7 @@ func (u *bindings) namespaceVar(v *ast.Term, caller *bindings) *ast.Term {
// Root documents (i.e., data, input) should never be namespaced because they
// are globally unique.
if !ast.RootDocumentNames.Contains(v) {
- return ast.NewTerm(ast.Var(string(name) + fmt.Sprint(u.id)))
+ return ast.VarTerm(string(name) + strconv.FormatUint(u.id, 10))
}
}
return v
@@ -211,7 +212,7 @@ type namespacingVisitor struct {
caller *bindings
}
-func (vis namespacingVisitor) Visit(x interface{}) bool {
+func (vis namespacingVisitor) Visit(x any) bool {
switch x := x.(type) {
case *ast.ArrayComprehension:
x.Term = vis.namespaceTerm(x.Term)
@@ -253,7 +254,7 @@ func (vis namespacingVisitor) namespaceTerm(a *ast.Term) *ast.Term {
}
cpy := *a
arr := make([]*ast.Term, v.Len())
- for i := 0; i < len(arr); i++ {
+ for i := range arr {
arr[i] = vis.namespaceTerm(v.Elem(i))
}
cpy.Value = ast.NewArray(arr...)
@@ -279,7 +280,7 @@ func (vis namespacingVisitor) namespaceTerm(a *ast.Term) *ast.Term {
case ast.Ref:
cpy := *a
ref := make(ast.Ref, len(v))
- for i := 0; i < len(ref); i++ {
+ for i := range ref {
ref[i] = vis.namespaceTerm(v[i])
}
cpy.Value = ref
@@ -313,12 +314,12 @@ func (b *bindingsArrayHashmap) Put(key *ast.Term, value value) {
if b.a == nil {
b.a = new([maxLinearScan]bindingArrayKeyValue)
} else if i := b.find(key); i >= 0 {
- (*b.a)[i].value = value
+ b.a[i].value = value
return
}
if b.n < maxLinearScan {
- (*b.a)[b.n] = bindingArrayKeyValue{key, value}
+ b.a[b.n] = bindingArrayKeyValue{key, value}
b.n++
return
}
@@ -341,7 +342,7 @@ func (b *bindingsArrayHashmap) Put(key *ast.Term, value value) {
func (b *bindingsArrayHashmap) Get(key *ast.Term) (value, bool) {
if b.m == nil {
if i := b.find(key); i >= 0 {
- return (*b.a)[i].value, true
+ return b.a[i].value, true
}
return value{}, false
@@ -360,7 +361,7 @@ func (b *bindingsArrayHashmap) Delete(key *ast.Term) {
if i := b.find(key); i >= 0 {
n := b.n - 1
if i < n {
- (*b.a)[i] = (*b.a)[n]
+ b.a[i] = b.a[n]
}
b.n = n
@@ -373,8 +374,8 @@ func (b *bindingsArrayHashmap) Delete(key *ast.Term) {
func (b *bindingsArrayHashmap) Iter(f func(k *ast.Term, v value) bool) {
if b.m == nil {
- for i := 0; i < b.n; i++ {
- if f((*b.a)[i].key, (*b.a)[i].value) {
+ for i := range b.n {
+ if f(b.a[i].key, b.a[i].value) {
return
}
}
@@ -390,8 +391,8 @@ func (b *bindingsArrayHashmap) Iter(f func(k *ast.Term, v value) bool) {
func (b *bindingsArrayHashmap) find(key *ast.Term) int {
v := key.Value.(ast.Var)
- for i := 0; i < b.n; i++ {
- if (*b.a)[i].key.Value.(ast.Var) == v {
+ for i := range b.n {
+ if b.a[i].key.Value.(ast.Var) == v {
return i
}
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/bits.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/bits.go
similarity index 96%
rename from vendor/github.com/open-policy-agent/opa/topdown/bits.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/bits.go
index 7a63c0df1e..e420ffe611 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/bits.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/bits.go
@@ -7,8 +7,8 @@ package topdown
import (
"math/big"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
type bitsArity1 func(a *big.Int) (*big.Int, error)
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/builtins.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/builtins.go
new file mode 100644
index 0000000000..e0b893d477
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/builtins.go
@@ -0,0 +1,224 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import (
+ "context"
+ "encoding/binary"
+ "fmt"
+ "io"
+ "math/rand"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
+ "github.com/open-policy-agent/opa/v1/topdown/print"
+ "github.com/open-policy-agent/opa/v1/tracing"
+)
+
+type (
+ // Deprecated: Functional-style builtins are deprecated. Use BuiltinFunc instead.
+ FunctionalBuiltin1 func(op1 ast.Value) (output ast.Value, err error)
+
+ // Deprecated: Functional-style builtins are deprecated. Use BuiltinFunc instead.
+ FunctionalBuiltin2 func(op1, op2 ast.Value) (output ast.Value, err error)
+
+ // Deprecated: Functional-style builtins are deprecated. Use BuiltinFunc instead.
+ FunctionalBuiltin3 func(op1, op2, op3 ast.Value) (output ast.Value, err error)
+
+ // Deprecated: Functional-style builtins are deprecated. Use BuiltinFunc instead.
+ FunctionalBuiltin4 func(op1, op2, op3, op4 ast.Value) (output ast.Value, err error)
+
+ // BuiltinContext contains context from the evaluator that may be used by
+ // built-in functions.
+ BuiltinContext struct {
+ Context context.Context // request context that was passed when query started
+ Metrics metrics.Metrics // metrics registry for recording built-in specific metrics
+ Seed io.Reader // randomization source
+ Time *ast.Term // wall clock time
+ Cancel Cancel // atomic value that signals evaluation to halt
+ Runtime *ast.Term // runtime information on the OPA instance
+ Cache builtins.Cache // built-in function state cache
+ InterQueryBuiltinCache cache.InterQueryCache // cross-query built-in function state cache
+ InterQueryBuiltinValueCache cache.InterQueryValueCache // cross-query built-in function state value cache. this cache is useful for scenarios where the entry size cannot be calculated
+ NDBuiltinCache builtins.NDBCache // cache for non-deterministic built-in state
+ Location *ast.Location // location of built-in call
+ Tracers []Tracer // Deprecated: Use QueryTracers instead
+ QueryTracers []QueryTracer // tracer objects for trace() built-in function
+ TraceEnabled bool // indicates whether tracing is enabled for the evaluation
+ QueryID uint64 // identifies query being evaluated
+ ParentID uint64 // identifies parent of query being evaluated
+ PrintHook print.Hook // provides callback function to use for printing
+ RoundTripper CustomizeRoundTripper // customize transport to use for HTTP requests
+ DistributedTracingOpts tracing.Options // options to be used by distributed tracing.
+ rand *rand.Rand // randomization source for non-security-sensitive operations
+ Capabilities *ast.Capabilities
+ }
+
+ // BuiltinFunc defines an interface for implementing built-in functions.
+ // The built-in function is called with the plugged operands from the call
+ // (including the output operands.) The implementation should evaluate the
+ // operands and invoke the iterator for each successful/defined output
+ // value.
+ BuiltinFunc func(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error
+)
+
+// Rand returns a random number generator based on the Seed for this built-in
+// context. The random number will be re-used across multiple calls to this
+// function. If a random number generator cannot be created, an error is
+// returned.
+func (bctx *BuiltinContext) Rand() (*rand.Rand, error) {
+
+ if bctx.rand != nil {
+ return bctx.rand, nil
+ }
+
+ seed, err := readInt64(bctx.Seed)
+ if err != nil {
+ return nil, err
+ }
+
+ bctx.rand = rand.New(rand.NewSource(seed))
+ return bctx.rand, nil
+}
+
+// RegisterBuiltinFunc adds a new built-in function to the evaluation engine.
+func RegisterBuiltinFunc(name string, f BuiltinFunc) {
+ builtinFunctions[name] = builtinErrorWrapper(name, f)
+}
+
+// Deprecated: Functional-style builtins are deprecated. Use RegisterBuiltinFunc instead.
+func RegisterFunctionalBuiltin1(name string, fun FunctionalBuiltin1) {
+ builtinFunctions[name] = functionalWrapper1(name, fun)
+}
+
+// Deprecated: Functional-style builtins are deprecated. Use RegisterBuiltinFunc instead.
+func RegisterFunctionalBuiltin2(name string, fun FunctionalBuiltin2) {
+ builtinFunctions[name] = functionalWrapper2(name, fun)
+}
+
+// Deprecated: Functional-style builtins are deprecated. Use RegisterBuiltinFunc instead.
+func RegisterFunctionalBuiltin3(name string, fun FunctionalBuiltin3) {
+ builtinFunctions[name] = functionalWrapper3(name, fun)
+}
+
+// Deprecated: Functional-style builtins are deprecated. Use RegisterBuiltinFunc instead.
+func RegisterFunctionalBuiltin4(name string, fun FunctionalBuiltin4) {
+ builtinFunctions[name] = functionalWrapper4(name, fun)
+}
+
+// GetBuiltin returns a built-in function implementation, nil if no built-in found.
+func GetBuiltin(name string) BuiltinFunc {
+ return builtinFunctions[name]
+}
+
+// Deprecated: The BuiltinEmpty type is no longer needed. Use nil return values instead.
+type BuiltinEmpty struct{}
+
+func (BuiltinEmpty) Error() string {
+ return ""
+}
+
+var builtinFunctions = map[string]BuiltinFunc{}
+
+func builtinErrorWrapper(name string, fn BuiltinFunc) BuiltinFunc {
+ return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
+ err := fn(bctx, args, iter)
+ if err == nil {
+ return nil
+ }
+ return handleBuiltinErr(name, bctx.Location, err)
+ }
+}
+
+func functionalWrapper1(name string, fn FunctionalBuiltin1) BuiltinFunc {
+ return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := fn(args[0].Value)
+ if err == nil {
+ return iter(ast.NewTerm(result))
+ }
+ return handleBuiltinErr(name, bctx.Location, err)
+ }
+}
+
+func functionalWrapper2(name string, fn FunctionalBuiltin2) BuiltinFunc {
+ return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := fn(args[0].Value, args[1].Value)
+ if err == nil {
+ return iter(ast.NewTerm(result))
+ }
+ return handleBuiltinErr(name, bctx.Location, err)
+ }
+}
+
+func functionalWrapper3(name string, fn FunctionalBuiltin3) BuiltinFunc {
+ return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := fn(args[0].Value, args[1].Value, args[2].Value)
+ if err == nil {
+ return iter(ast.NewTerm(result))
+ }
+ return handleBuiltinErr(name, bctx.Location, err)
+ }
+}
+
+func functionalWrapper4(name string, fn FunctionalBuiltin4) BuiltinFunc {
+ return func(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := fn(args[0].Value, args[1].Value, args[2].Value, args[3].Value)
+ if err == nil {
+ return iter(ast.NewTerm(result))
+ }
+ if _, empty := err.(BuiltinEmpty); empty {
+ return nil
+ }
+ return handleBuiltinErr(name, bctx.Location, err)
+ }
+}
+
+func handleBuiltinErr(name string, loc *ast.Location, err error) error {
+ switch err := err.(type) {
+ case BuiltinEmpty:
+ return nil
+ case *Error, Halt:
+ return err
+ case builtins.ErrOperand:
+ e := &Error{
+ Code: TypeErr,
+ Message: fmt.Sprintf("%v: %v", name, err.Error()),
+ Location: loc,
+ }
+ return e.Wrap(err)
+ default:
+ e := &Error{
+ Code: BuiltinErr,
+ Message: fmt.Sprintf("%v: %v", name, err.Error()),
+ Location: loc,
+ }
+ return e.Wrap(err)
+ }
+}
+
+func readInt64(r io.Reader) (int64, error) {
+ bs := make([]byte, 8)
+ n, err := io.ReadFull(r, bs)
+ if n != len(bs) || err != nil {
+ return 0, err
+ }
+ return int64(binary.BigEndian.Uint64(bs)), nil
+}
+
+// Used to get older-style (ast.Term, error) tuples out of newer functions.
+func getResult(fn BuiltinFunc, operands ...*ast.Term) (*ast.Term, error) {
+ var result *ast.Term
+ extractionFn := func(r *ast.Term) error {
+ result = r
+ return nil
+ }
+ err := fn(BuiltinContext{}, operands, extractionFn)
+ if err != nil {
+ return nil, err
+ }
+ return result, nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/builtins/builtins.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/builtins/builtins.go
similarity index 90%
rename from vendor/github.com/open-policy-agent/opa/topdown/builtins/builtins.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/builtins/builtins.go
index 353f956840..f56cd78269 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/builtins/builtins.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/builtins/builtins.go
@@ -7,25 +7,26 @@ package builtins
import (
"encoding/json"
+ "errors"
"fmt"
"math/big"
"strings"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/util"
)
// Cache defines the built-in cache used by the top-down evaluation. The keys
// must be comparable and should not be of type string.
-type Cache map[interface{}]interface{}
+type Cache map[any]any
// Put updates the cache for the named built-in.
-func (c Cache) Put(k, v interface{}) {
+func (c Cache) Put(k, v any) {
c[k] = v
}
// Get returns the cached value for k.
-func (c Cache) Get(k interface{}) (interface{}, bool) {
+func (c Cache) Get(k any) (any, bool) {
v, ok := c[k]
return v, ok
}
@@ -38,7 +39,7 @@ type NDBCache map[string]ast.Object
func (c NDBCache) AsValue() ast.Value {
out := ast.NewObject()
for bname, obj := range c {
- out.Insert(ast.StringTerm(bname), ast.NewTerm(obj))
+ out.Insert(ast.InternedStringTerm(bname), ast.NewTerm(obj))
}
return out
}
@@ -75,7 +76,7 @@ func (c NDBCache) MarshalJSON() ([]byte, error) {
func (c *NDBCache) UnmarshalJSON(data []byte) error {
out := map[string]ast.Object{}
- var incoming interface{}
+ var incoming any
// Note: We use util.Unmarshal instead of json.Unmarshal to get
// correct deserialization of number types.
@@ -97,7 +98,7 @@ func (c *NDBCache) UnmarshalJSON(data []byte) error {
out[string(k.Value.(ast.String))] = obj
return nil
}
- return fmt.Errorf("expected Object, got other Value type in conversion")
+ return errors.New("expected Object, got other Value type in conversion")
})
if err != nil {
return err
@@ -119,7 +120,7 @@ func (err ErrOperand) Error() string {
}
// NewOperandErr returns a generic operand error.
-func NewOperandErr(pos int, f string, a ...interface{}) error {
+func NewOperandErr(pos int, f string, a ...any) error {
f = fmt.Sprintf("operand %v ", pos) + f
return ErrOperand(fmt.Sprintf(f, a...))
}
@@ -128,23 +129,23 @@ func NewOperandErr(pos int, f string, a ...interface{}) error {
func NewOperandTypeErr(pos int, got ast.Value, expected ...string) error {
if len(expected) == 1 {
- return NewOperandErr(pos, "must be %v but got %v", expected[0], ast.TypeName(got))
+ return NewOperandErr(pos, "must be %v but got %v", expected[0], ast.ValueName(got))
}
- return NewOperandErr(pos, "must be one of {%v} but got %v", strings.Join(expected, ", "), ast.TypeName(got))
+ return NewOperandErr(pos, "must be one of {%v} but got %v", strings.Join(expected, ", "), ast.ValueName(got))
}
// NewOperandElementErr returns an operand error indicating an element in the
// composite operand was wrong.
func NewOperandElementErr(pos int, composite ast.Value, got ast.Value, expected ...string) error {
- tpe := ast.TypeName(composite)
+ tpe := ast.ValueName(composite)
if len(expected) == 1 {
- return NewOperandErr(pos, "must be %v of %vs but got %v containing %v", tpe, expected[0], tpe, ast.TypeName(got))
+ return NewOperandErr(pos, "must be %v of %vs but got %v containing %v", tpe, expected[0], tpe, ast.ValueName(got))
}
- return NewOperandErr(pos, "must be %v of (any of) {%v} but got %v containing %v", tpe, strings.Join(expected, ", "), tpe, ast.TypeName(got))
+ return NewOperandErr(pos, "must be %v of (any of) {%v} but got %v containing %v", tpe, strings.Join(expected, ", "), tpe, ast.ValueName(got))
}
// NewOperandEnumErr returns an operand error indicating a value was wrong.
@@ -233,7 +234,7 @@ func ObjectOperand(x ast.Value, pos int) (ast.Object, error) {
func ArrayOperand(x ast.Value, pos int) (*ast.Array, error) {
a, ok := x.(*ast.Array)
if !ok {
- return ast.NewArray(), NewOperandTypeErr(pos, x, "array")
+ return nil, NewOperandTypeErr(pos, x, "array")
}
return a, nil
}
@@ -262,7 +263,7 @@ func NumberToInt(n ast.Number) (*big.Int, error) {
f := NumberToFloat(n)
r, accuracy := f.Int(nil)
if accuracy != big.Exact {
- return nil, fmt.Errorf("illegal value")
+ return nil, errors.New("illegal value")
}
return r, nil
}
@@ -309,7 +310,7 @@ func RuneSliceOperand(x ast.Value, pos int) ([]rune, error) {
}
var f = make([]rune, a.Len())
- for k := 0; k < a.Len(); k++ {
+ for k := range a.Len() {
b := a.Elem(k)
c, ok := b.Value.(ast.String)
if !ok {
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/cache.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/cache.go
new file mode 100644
index 0000000000..a6c89b4537
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/cache.go
@@ -0,0 +1,363 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import (
+ "slices"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+// VirtualCache defines the interface for a cache that stores the results of
+// evaluated virtual documents (rules).
+// The cache is a stack of frames, where each frame is a mapping from references
+// to values.
+type VirtualCache interface {
+ // Push pushes a new, empty frame of value mappings onto the stack.
+ Push()
+
+ // Pop pops the top frame of value mappings from the stack, removing all associated entries.
+ Pop()
+
+ // Get returns the value associated with the given reference. The second return value
+ // indicates whether the reference has a recorded 'undefined' result.
+ Get(ref ast.Ref) (*ast.Term, bool)
+
+ // Put associates the given reference with the given value. If the value is nil, the reference
+ // is marked as having an 'undefined' result.
+ Put(ref ast.Ref, value *ast.Term)
+
+ // Keys returns the set of keys that have been cached for the active frame.
+ Keys() []ast.Ref
+}
+
+// BaseCache defines the interface for a cache that stores cached base documents, i.e. data.
+type BaseCache interface {
+ Get(ast.Ref) ast.Value
+ Put(ast.Ref, ast.Value)
+}
+
+type virtualCache struct {
+ stack []*virtualCacheElem
+}
+
+type virtualCacheElem struct {
+ value *ast.Term
+ children *util.HasherMap[*ast.Term, *virtualCacheElem]
+ undefined bool
+}
+
+func NewVirtualCache() VirtualCache {
+ cache := &virtualCache{}
+ cache.Push()
+ return cache
+}
+
+func (c *virtualCache) Push() {
+ c.stack = append(c.stack, newVirtualCacheElem())
+}
+
+func (c *virtualCache) Pop() {
+ c.stack = c.stack[:len(c.stack)-1]
+}
+
+// Returns the resolved value of the AST term and a flag indicating if the value
+// should be interpretted as undefined:
+//
+// nil, true indicates the ref is undefined
+// ast.Term, false indicates the ref is defined
+// nil, false indicates the ref has not been cached
+// ast.Term, true is impossible
+func (c *virtualCache) Get(ref ast.Ref) (*ast.Term, bool) {
+ node := c.stack[len(c.stack)-1]
+ for i := range ref {
+ x, ok := node.children.Get(ref[i])
+ if !ok {
+ return nil, false
+ }
+ node = x
+ }
+ if node.undefined {
+ return nil, true
+ }
+
+ return node.value, false
+}
+
+// If value is a nil pointer, set the 'undefined' flag on the cache element to
+// indicate that the Ref has resolved to undefined.
+func (c *virtualCache) Put(ref ast.Ref, value *ast.Term) {
+ node := c.stack[len(c.stack)-1]
+ for i := range ref {
+ x, ok := node.children.Get(ref[i])
+ if ok {
+ node = x
+ } else {
+ next := newVirtualCacheElem()
+ node.children.Put(ref[i], next)
+ node = next
+ }
+ }
+ if value != nil {
+ node.value = value
+ } else {
+ node.undefined = true
+ }
+}
+
+func (c *virtualCache) Keys() []ast.Ref {
+ node := c.stack[len(c.stack)-1]
+ return keysRecursive(nil, node)
+}
+
+func keysRecursive(root ast.Ref, node *virtualCacheElem) []ast.Ref {
+ var keys []ast.Ref
+ node.children.Iter(func(k *ast.Term, v *virtualCacheElem) bool {
+ ref := root.Append(k)
+ if v.value != nil {
+ keys = append(keys, ref)
+ }
+ if v.children.Len() > 0 {
+ keys = append(keys, keysRecursive(ref, v)...)
+ }
+ return false
+ })
+ return keys
+}
+
+func newVirtualCacheElem() *virtualCacheElem {
+ return &virtualCacheElem{children: newVirtualCacheHashMap()}
+}
+
+func newVirtualCacheHashMap() *util.HasherMap[*ast.Term, *virtualCacheElem] {
+ return util.NewHasherMap[*ast.Term, *virtualCacheElem](ast.TermValueEqual)
+}
+
+// baseCache implements a trie structure to cache base documents read out of
+// storage. Values inserted into the cache may contain other values that were
+// previously inserted. In this case, the previous values are erased from the
+// structure.
+type baseCache struct {
+ root *baseCacheElem
+}
+
+func newBaseCache() *baseCache {
+ return &baseCache{
+ root: newBaseCacheElem(),
+ }
+}
+
+func (c *baseCache) Get(ref ast.Ref) ast.Value {
+ node := c.root
+ for i := range ref {
+ node = node.children[ref[i].Value]
+ if node == nil {
+ return nil
+ } else if node.value != nil {
+ if len(ref) == 1 && ast.IsScalar(node.value) {
+ // If the node is a scalar, return the value directly
+ // and avoid an allocation when calling Find.
+ return node.value
+ }
+
+ result, err := node.value.Find(ref[i+1:])
+ if err != nil {
+ return nil
+ }
+ return result
+ }
+ }
+ return nil
+}
+
+func (c *baseCache) Put(ref ast.Ref, value ast.Value) {
+ node := c.root
+ for i := range ref {
+ if child, ok := node.children[ref[i].Value]; ok {
+ node = child
+ } else {
+ child := newBaseCacheElem()
+ node.children[ref[i].Value] = child
+ node = child
+ }
+ }
+ node.set(value)
+}
+
+type baseCacheElem struct {
+ value ast.Value
+ children map[ast.Value]*baseCacheElem
+}
+
+func newBaseCacheElem() *baseCacheElem {
+ return &baseCacheElem{
+ children: map[ast.Value]*baseCacheElem{},
+ }
+}
+
+func (e *baseCacheElem) set(value ast.Value) {
+ e.value = value
+ e.children = map[ast.Value]*baseCacheElem{}
+}
+
+type refStack struct {
+ sl []refStackElem
+}
+
+type refStackElem struct {
+ refs []ast.Ref
+}
+
+func newRefStack() *refStack {
+ return &refStack{}
+}
+
+func (s *refStack) Push(refs []ast.Ref) {
+ s.sl = append(s.sl, refStackElem{refs: refs})
+}
+
+func (s *refStack) Pop() {
+ if s == nil {
+ return
+ }
+ s.sl = s.sl[:len(s.sl)-1]
+}
+
+func (s *refStack) Prefixed(ref ast.Ref) bool {
+ if s != nil {
+ for i := len(s.sl) - 1; i >= 0; i-- {
+ if slices.ContainsFunc(s.sl[i].refs, ref.HasPrefix) {
+ return true
+ }
+ }
+ }
+ return false
+}
+
+type comprehensionCache struct {
+ stack []map[*ast.Term]*comprehensionCacheElem
+}
+
+type comprehensionCacheElem struct {
+ value *ast.Term
+ children *util.HasherMap[*ast.Term, *comprehensionCacheElem]
+}
+
+func newComprehensionCache() *comprehensionCache {
+ cache := &comprehensionCache{}
+ cache.Push()
+ return cache
+}
+
+func (c *comprehensionCache) Push() {
+ c.stack = append(c.stack, map[*ast.Term]*comprehensionCacheElem{})
+}
+
+func (c *comprehensionCache) Pop() {
+ c.stack = c.stack[:len(c.stack)-1]
+}
+
+func (c *comprehensionCache) Elem(t *ast.Term) (*comprehensionCacheElem, bool) {
+ elem, ok := c.stack[len(c.stack)-1][t]
+ return elem, ok
+}
+
+func (c *comprehensionCache) Set(t *ast.Term, elem *comprehensionCacheElem) {
+ c.stack[len(c.stack)-1][t] = elem
+}
+
+func newComprehensionCacheElem() *comprehensionCacheElem {
+ return &comprehensionCacheElem{children: newComprehensionCacheHashMap()}
+}
+
+func (c *comprehensionCacheElem) Get(key []*ast.Term) *ast.Term {
+ node := c
+ for i := range key {
+ x, ok := node.children.Get(key[i])
+ if !ok {
+ return nil
+ }
+ node = x
+ }
+ return node.value
+}
+
+func (c *comprehensionCacheElem) Put(key []*ast.Term, value *ast.Term) {
+ node := c
+ for i := range key {
+ x, ok := node.children.Get(key[i])
+ if ok {
+ node = x
+ } else {
+ next := newComprehensionCacheElem()
+ node.children.Put(key[i], next)
+ node = next
+ }
+ }
+ node.value = value
+}
+
+func newComprehensionCacheHashMap() *util.HasherMap[*ast.Term, *comprehensionCacheElem] {
+ return util.NewHasherMap[*ast.Term, *comprehensionCacheElem](ast.TermValueEqual)
+}
+
+type functionMocksStack struct {
+ stack []*functionMocksElem
+}
+
+type functionMocksElem []frame
+
+type frame map[string]*ast.Term
+
+func newFunctionMocksStack() *functionMocksStack {
+ stack := &functionMocksStack{}
+ stack.Push()
+ return stack
+}
+
+func newFunctionMocksElem() *functionMocksElem {
+ return &functionMocksElem{}
+}
+
+func (s *functionMocksStack) Push() {
+ s.stack = append(s.stack, newFunctionMocksElem())
+}
+
+func (s *functionMocksStack) Pop() {
+ s.stack = s.stack[:len(s.stack)-1]
+}
+
+func (s *functionMocksStack) PopPairs() {
+ current := s.stack[len(s.stack)-1]
+ *current = (*current)[:len(*current)-1]
+}
+
+func (s *functionMocksStack) PutPairs(mocks [][2]*ast.Term) {
+ el := frame{}
+ for i := range mocks {
+ el[mocks[i][0].Value.String()] = mocks[i][1]
+ }
+ s.Put(el)
+}
+
+func (s *functionMocksStack) Put(el frame) {
+ current := s.stack[len(s.stack)-1]
+ *current = append(*current, el)
+}
+
+func (s *functionMocksStack) Get(f ast.Ref) (*ast.Term, bool) {
+ if s == nil {
+ return nil, false
+ }
+
+ current := *s.stack[len(s.stack)-1]
+ for i := len(current) - 1; i >= 0; i-- {
+ if r, ok := current[i][f.String()]; ok {
+ return r, true
+ }
+ }
+ return nil, false
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/cache/cache.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/cache/cache.go
similarity index 63%
rename from vendor/github.com/open-policy-agent/opa/topdown/cache/cache.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/cache/cache.go
index 55ed340619..60f38aaba2 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/cache/cache.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/cache/cache.go
@@ -13,8 +13,8 @@ import (
"sync"
"time"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/util"
)
const (
@@ -24,16 +24,36 @@ const (
defaultStaleEntryEvictionPeriodSeconds = int64(0) // never
)
+var interQueryBuiltinValueCacheDefaultConfigs = map[string]*NamedValueCacheConfig{}
+
+func getDefaultInterQueryBuiltinValueCacheConfig(name string) *NamedValueCacheConfig {
+ return interQueryBuiltinValueCacheDefaultConfigs[name]
+}
+
+// RegisterDefaultInterQueryBuiltinValueCacheConfig registers a default configuration for the inter-query value cache;
+// used when none has been explicitly configured.
+// To disable a named cache when not configured, pass a nil config.
+func RegisterDefaultInterQueryBuiltinValueCacheConfig(name string, config *NamedValueCacheConfig) {
+ interQueryBuiltinValueCacheDefaultConfigs[name] = config
+}
+
// Config represents the configuration for the inter-query builtin cache.
type Config struct {
InterQueryBuiltinCache InterQueryBuiltinCacheConfig `json:"inter_query_builtin_cache"`
InterQueryBuiltinValueCache InterQueryBuiltinValueCacheConfig `json:"inter_query_builtin_value_cache"`
}
+// NamedValueCacheConfig represents the configuration of a named cache that built-in functions can utilize.
+// A default configuration to be used if not explicitly configured can be registered using RegisterDefaultInterQueryBuiltinValueCacheConfig.
+type NamedValueCacheConfig struct {
+ MaxNumEntries *int `json:"max_num_entries,omitempty"`
+}
+
// InterQueryBuiltinValueCacheConfig represents the configuration of the inter-query value cache that built-in functions can utilize.
// MaxNumEntries - max number of cache entries
type InterQueryBuiltinValueCacheConfig struct {
- MaxNumEntries *int `json:"max_num_entries,omitempty"`
+ MaxNumEntries *int `json:"max_num_entries,omitempty"`
+ NamedCacheConfigs map[string]*NamedValueCacheConfig `json:"named,omitempty"`
}
// InterQueryBuiltinCacheConfig represents the configuration of the inter-query cache that built-in functions can utilize.
@@ -59,8 +79,16 @@ func ParseCachingConfig(raw []byte) (*Config, error) {
maxInterQueryBuiltinValueCacheSize := new(int)
*maxInterQueryBuiltinValueCacheSize = defaultInterQueryBuiltinValueCacheSize
- return &Config{InterQueryBuiltinCache: InterQueryBuiltinCacheConfig{MaxSizeBytes: maxSize, ForcedEvictionThresholdPercentage: threshold, StaleEntryEvictionPeriodSeconds: period},
- InterQueryBuiltinValueCache: InterQueryBuiltinValueCacheConfig{MaxNumEntries: maxInterQueryBuiltinValueCacheSize}}, nil
+ return &Config{
+ InterQueryBuiltinCache: InterQueryBuiltinCacheConfig{
+ MaxSizeBytes: maxSize,
+ ForcedEvictionThresholdPercentage: threshold,
+ StaleEntryEvictionPeriodSeconds: period,
+ },
+ InterQueryBuiltinValueCache: InterQueryBuiltinValueCacheConfig{
+ MaxNumEntries: maxInterQueryBuiltinValueCacheSize,
+ },
+ }, nil
}
var config Config
@@ -114,6 +142,13 @@ func (c *Config) validateAndInjectDefaults() error {
}
}
+ for name, namedConfig := range c.InterQueryBuiltinValueCache.NamedCacheConfigs {
+ numEntries := *namedConfig.MaxNumEntries
+ if numEntries < 0 {
+ return fmt.Errorf("invalid max_num_entries %v for named cache %v", numEntries, name)
+ }
+ }
+
return nil
}
@@ -154,11 +189,14 @@ func NewInterQueryCache(config *Config) InterQueryCache {
func NewInterQueryCacheWithContext(ctx context.Context, config *Config) InterQueryCache {
iqCache := newCache(config)
if iqCache.staleEntryEvictionTimePeriodSeconds() > 0 {
- cleanupTicker := time.NewTicker(time.Duration(iqCache.staleEntryEvictionTimePeriodSeconds()) * time.Second)
go func() {
+ cleanupTicker := time.NewTicker(time.Duration(iqCache.staleEntryEvictionTimePeriodSeconds()) * time.Second)
for {
select {
case <-cleanupTicker.C:
+ // NOTE: We stop the ticker and create a new one here to ensure that applications
+ // get _at least_ staleEntryEvictionTimePeriodSeconds with the cache unlocked;
+ // see https://github.com/open-policy-agent/opa/pull/7188/files#r1855342998
cleanupTicker.Stop()
iqCache.cleanStaleValues()
cleanupTicker = time.NewTicker(time.Duration(iqCache.staleEntryEvictionTimePeriodSeconds()) * time.Second)
@@ -287,7 +325,7 @@ func (c *cache) unsafeDelete(k ast.Value) {
c.l.Remove(cacheItem.keyElement)
}
-func (c *cache) unsafeClone(value InterQueryCacheValue) (InterQueryCacheValue, error) {
+func (*cache) unsafeClone(value InterQueryCacheValue) (InterQueryCacheValue, error) {
return value.Clone()
}
@@ -327,62 +365,59 @@ func (c *cache) cleanStaleValues() (dropped int) {
return dropped
}
-type InterQueryValueCache interface {
+type InterQueryValueCacheBucket interface {
Get(key ast.Value) (value any, found bool)
Insert(key ast.Value, value any) int
Delete(key ast.Value)
- UpdateConfig(config *Config)
}
-type interQueryValueCache struct {
- items map[string]any
- config *Config
+type interQueryValueCacheBucket struct {
+ items util.HasherMap[ast.Value, any]
+ config *NamedValueCacheConfig
mtx sync.RWMutex
}
-// Get returns the value in the cache for k.
-func (c *interQueryValueCache) Get(k ast.Value) (any, bool) {
+func newItemsMap() *util.HasherMap[ast.Value, any] {
+ return util.NewHasherMap[ast.Value, any](ast.ValueEqual)
+}
+
+func (c *interQueryValueCacheBucket) Get(k ast.Value) (any, bool) {
c.mtx.RLock()
defer c.mtx.RUnlock()
- value, ok := c.items[k.String()]
- return value, ok
+ return c.items.Get(k)
}
-// Insert inserts a key k into the cache with value v.
-func (c *interQueryValueCache) Insert(k ast.Value, v any) (dropped int) {
+func (c *interQueryValueCacheBucket) Insert(k ast.Value, v any) (dropped int) {
c.mtx.Lock()
defer c.mtx.Unlock()
maxEntries := c.maxNumEntries()
if maxEntries > 0 {
- if len(c.items) >= maxEntries {
- itemsToRemove := len(c.items) - maxEntries + 1
+ l := c.items.Len()
+ if l >= maxEntries {
+ itemsToRemove := l - maxEntries + 1
// Delete a (semi-)random key to make room for the new one.
- for k := range c.items {
- delete(c.items, k)
+ c.items.Iter(func(k ast.Value, _ any) bool {
+ c.items.Delete(k)
dropped++
- if itemsToRemove == dropped {
- break
- }
- }
+ return itemsToRemove == dropped
+ })
}
}
- c.items[k.String()] = v
+ c.items.Put(k, v)
return dropped
}
-// Delete deletes the value in the cache for k.
-func (c *interQueryValueCache) Delete(k ast.Value) {
+func (c *interQueryValueCacheBucket) Delete(k ast.Value) {
c.mtx.Lock()
defer c.mtx.Unlock()
- delete(c.items, k.String())
+ c.items.Delete(k)
}
-// UpdateConfig updates the cache config.
-func (c *interQueryValueCache) UpdateConfig(config *Config) {
+func (c *interQueryValueCacheBucket) updateConfig(config *NamedValueCacheConfig) {
if config == nil {
return
}
@@ -391,16 +426,149 @@ func (c *interQueryValueCache) UpdateConfig(config *Config) {
c.config = config
}
-func (c *interQueryValueCache) maxNumEntries() int {
+func (c *interQueryValueCacheBucket) maxNumEntries() int {
if c.config == nil {
return defaultInterQueryBuiltinValueCacheSize
}
- return *c.config.InterQueryBuiltinValueCache.MaxNumEntries
+ return *c.config.MaxNumEntries
+}
+
+type InterQueryValueCache interface {
+ InterQueryValueCacheBucket
+ GetCache(name string) InterQueryValueCacheBucket
+ UpdateConfig(config *Config)
}
func NewInterQueryValueCache(_ context.Context, config *Config) InterQueryValueCache {
- return &interQueryValueCache{
- items: map[string]any{},
- config: config,
+ var c *InterQueryBuiltinValueCacheConfig
+ var nc *NamedValueCacheConfig
+ if config != nil {
+ c = &config.InterQueryBuiltinValueCache
+ // NOTE: This is a side-effect of reusing the interQueryValueCacheBucket as the global cache.
+ // It's a hidden implementation detail that we can clean up in the future when revisiting the named caches
+ // to automatically apply them to any built-in instead of the global cache.
+ nc = &NamedValueCacheConfig{
+ MaxNumEntries: c.MaxNumEntries,
+ }
+ }
+
+ return &interQueryBuiltinValueCache{
+ globalCache: interQueryValueCacheBucket{
+ items: *newItemsMap(),
+ config: nc,
+ },
+ namedCaches: map[string]*interQueryValueCacheBucket{},
+ config: c,
+ }
+}
+
+type interQueryBuiltinValueCache struct {
+ globalCache interQueryValueCacheBucket
+ namedCachesLock sync.RWMutex
+ namedCaches map[string]*interQueryValueCacheBucket
+ config *InterQueryBuiltinValueCacheConfig
+}
+
+func (c *interQueryBuiltinValueCache) Get(k ast.Value) (any, bool) {
+ if c == nil {
+ return nil, false
+ }
+
+ return c.globalCache.Get(k)
+}
+
+func (c *interQueryBuiltinValueCache) Insert(k ast.Value, v any) int {
+ if c == nil {
+ return 0
+ }
+
+ return c.globalCache.Insert(k, v)
+}
+
+func (c *interQueryBuiltinValueCache) Delete(k ast.Value) {
+ if c == nil {
+ return
+ }
+
+ c.globalCache.Delete(k)
+}
+
+func (c *interQueryBuiltinValueCache) GetCache(name string) InterQueryValueCacheBucket {
+ if c == nil {
+ return nil
+ }
+
+ if c.namedCaches == nil {
+ return nil
+ }
+
+ c.namedCachesLock.RLock()
+ nc, ok := c.namedCaches[name]
+ c.namedCachesLock.RUnlock()
+
+ if !ok {
+ c.namedCachesLock.Lock()
+ defer c.namedCachesLock.Unlock()
+
+ if nc, ok := c.namedCaches[name]; ok {
+ // Some other goroutine has created the cache while we were waiting for the lock.
+ return nc
+ }
+
+ var config *NamedValueCacheConfig
+ if c.config != nil {
+ config = c.config.NamedCacheConfigs[name]
+ if config == nil {
+ config = getDefaultInterQueryBuiltinValueCacheConfig(name)
+ }
+ }
+
+ if config == nil {
+ // No config, cache disabled.
+ return nil
+ }
+
+ nc = &interQueryValueCacheBucket{
+ items: *newItemsMap(),
+ config: config,
+ }
+
+ c.namedCaches[name] = nc
+ }
+
+ return nc
+}
+
+func (c *interQueryBuiltinValueCache) UpdateConfig(config *Config) {
+ if c == nil {
+ return
+ }
+
+ if config == nil {
+ c.globalCache.updateConfig(nil)
+ } else {
+
+ c.globalCache.updateConfig(&NamedValueCacheConfig{
+ MaxNumEntries: config.InterQueryBuiltinValueCache.MaxNumEntries,
+ })
+ }
+
+ c.namedCachesLock.Lock()
+ defer c.namedCachesLock.Unlock()
+
+ c.config = &config.InterQueryBuiltinValueCache
+
+ for name, nc := range c.namedCaches {
+ // For each named cache: if it has a config, update it; if no config, remove it.
+ namedConfig := c.config.NamedCacheConfigs[name]
+ if namedConfig == nil {
+ namedConfig = getDefaultInterQueryBuiltinValueCacheConfig(name)
+ }
+
+ if namedConfig == nil {
+ delete(c.namedCaches, name)
+ } else {
+ nc.updateConfig(namedConfig)
+ }
}
}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/cancel.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/cancel.go
new file mode 100644
index 0000000000..534e0799a1
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/cancel.go
@@ -0,0 +1,33 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import (
+ "sync/atomic"
+)
+
+// Cancel defines the interface for cancelling topdown queries. Cancel
+// operations are thread-safe and idempotent.
+type Cancel interface {
+ Cancel()
+ Cancelled() bool
+}
+
+type cancel struct {
+ flag int32
+}
+
+// NewCancel returns a new Cancel object.
+func NewCancel() Cancel {
+ return &cancel{}
+}
+
+func (c *cancel) Cancel() {
+ atomic.StoreInt32(&c.flag, 1)
+}
+
+func (c *cancel) Cancelled() bool {
+ return atomic.LoadInt32(&c.flag) != 0
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/casts.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/casts.go
similarity index 76%
rename from vendor/github.com/open-policy-agent/opa/topdown/casts.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/casts.go
index 2eb8f97fc9..f395324841 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/casts.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/casts.go
@@ -6,24 +6,38 @@ package topdown
import (
"strconv"
+ "strings"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func builtinToNumber(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch a := operands[0].Value.(type) {
case ast.Null:
- return iter(ast.NumberTerm("0"))
+ return iter(ast.InternedIntNumberTerm(0))
case ast.Boolean:
if a {
- return iter(ast.NumberTerm("1"))
+ return iter(ast.InternedIntNumberTerm(1))
}
- return iter(ast.NumberTerm("0"))
+ return iter(ast.InternedIntNumberTerm(0))
case ast.Number:
- return iter(ast.NewTerm(a))
+ return iter(operands[0])
case ast.String:
- _, err := strconv.ParseFloat(string(a), 64)
+ strValue := string(a)
+
+ if it := ast.InternedIntNumberTermFromString(strValue); it != nil {
+ return iter(it)
+ }
+
+ trimmedVal := strings.TrimLeft(strValue, "+-")
+ lowerCaseVal := strings.ToLower(trimmedVal)
+
+ if lowerCaseVal == "inf" || lowerCaseVal == "infinity" || lowerCaseVal == "nan" {
+ return builtins.NewOperandTypeErr(1, operands[0].Value, "valid number string")
+ }
+
+ _, err := strconv.ParseFloat(strValue, 64)
if err != nil {
return err
}
@@ -32,7 +46,7 @@ func builtinToNumber(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
return builtins.NewOperandTypeErr(1, operands[0].Value, "null", "boolean", "number", "string")
}
-// Deprecated in v0.13.0.
+// Deprecated: deprecated in v0.13.0.
func builtinToArray(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch val := operands[0].Value.(type) {
case *ast.Array:
@@ -50,7 +64,7 @@ func builtinToArray(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
}
}
-// Deprecated in v0.13.0.
+// Deprecated: deprecated in v0.13.0.
func builtinToSet(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch val := operands[0].Value.(type) {
case *ast.Array:
@@ -66,7 +80,7 @@ func builtinToSet(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) e
}
}
-// Deprecated in v0.13.0.
+// Deprecated: deprecated in v0.13.0.
func builtinToString(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch val := operands[0].Value.(type) {
case ast.String:
@@ -76,7 +90,7 @@ func builtinToString(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
}
}
-// Deprecated in v0.13.0.
+// Deprecated: deprecated in v0.13.0.
func builtinToBoolean(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch val := operands[0].Value.(type) {
case ast.Boolean:
@@ -86,7 +100,7 @@ func builtinToBoolean(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
}
}
-// Deprecated in v0.13.0.
+// Deprecated: deprecated in v0.13.0.
func builtinToNull(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch val := operands[0].Value.(type) {
case ast.Null:
@@ -96,7 +110,7 @@ func builtinToNull(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
}
}
-// Deprecated in v0.13.0.
+// Deprecated: deprecated in v0.13.0.
func builtinToObject(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch val := operands[0].Value.(type) {
case ast.Object:
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/cidr.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/cidr.go
similarity index 93%
rename from vendor/github.com/open-policy-agent/opa/topdown/cidr.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/cidr.go
index 5b011bd161..c404d51006 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/cidr.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/cidr.go
@@ -6,11 +6,12 @@ import (
"fmt"
"math/big"
"net"
+ "slices"
"sort"
- "github.com/open-policy-agent/opa/ast"
cidrMerge "github.com/open-policy-agent/opa/internal/cidr/merge"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func getNetFromOperand(v ast.Value) (*net.IPNet, error) {
@@ -31,7 +32,7 @@ func getLastIP(cidr *net.IPNet) (net.IP, error) {
prefixLen, bits := cidr.Mask.Size()
if prefixLen == 0 && bits == 0 {
// non-standard mask, see https://golang.org/pkg/net/#IPMask.Size
- return nil, fmt.Errorf("CIDR mask is in non-standard format")
+ return nil, errors.New("CIDR mask is in non-standard format")
}
var lastIP []byte
if prefixLen == bits {
@@ -75,7 +76,7 @@ func builtinNetCIDRIntersects(_ BuiltinContext, operands []*ast.Term, iter func(
// If either net contains the others starting IP they are overlapping
cidrsOverlap := cidrnetA.Contains(cidrnetB.IP) || cidrnetB.Contains(cidrnetA.IP)
- return iter(ast.BooleanTerm(cidrsOverlap))
+ return iter(ast.InternedBooleanTerm(cidrsOverlap))
}
func builtinNetCIDRContains(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -92,7 +93,7 @@ func builtinNetCIDRContains(_ BuiltinContext, operands []*ast.Term, iter func(*a
ip := net.ParseIP(string(bStr))
if ip != nil {
- return iter(ast.BooleanTerm(cidrnetA.Contains(ip)))
+ return iter(ast.InternedBooleanTerm(cidrnetA.Contains(ip)))
}
// It wasn't an IP, try and parse it as a CIDR
@@ -113,7 +114,7 @@ func builtinNetCIDRContains(_ BuiltinContext, operands []*ast.Term, iter func(*a
cidrContained = cidrnetA.Contains(lastIP)
}
- return iter(ast.BooleanTerm(cidrContained))
+ return iter(ast.InternedBooleanTerm(cidrContained))
}
var errNetCIDRContainsMatchElementType = errors.New("element must be string or non-empty array")
@@ -137,12 +138,12 @@ func evalNetCIDRContainsMatchesOperand(operand int, a *ast.Term, iter func(cidr,
case ast.String:
return iter(a, a)
case *ast.Array:
- for i := 0; i < v.Len(); i++ {
+ for i := range v.Len() {
cidr, err := getCIDRMatchTerm(v.Elem(i))
if err != nil {
return fmt.Errorf("operand %v: %v", operand, err)
}
- if err := iter(cidr, ast.IntNumberTerm(i)); err != nil {
+ if err := iter(cidr, ast.InternedIntNumberTerm(i)); err != nil {
return err
}
}
@@ -219,13 +220,13 @@ func builtinNetCIDRExpand(bctx BuiltinContext, operands []*ast.Term, iter func(*
func builtinNetCIDRIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
cidr, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
if _, _, err := net.ParseCIDR(string(cidr)); err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
}
type cidrBlockRange struct {
@@ -255,7 +256,7 @@ func (c cidrBlockRanges) Less(i, j int) bool {
}
// Then compare first IP.
- cmp = bytes.Compare(*c[i].First, *c[i].First)
+ cmp = bytes.Compare(*c[i].First, *c[j].First)
if cmp < 0 {
return true
} else if cmp > 0 {
@@ -274,7 +275,7 @@ func builtinNetCIDRMerge(_ BuiltinContext, operands []*ast.Term, iter func(*ast.
switch v := operands[0].Value.(type) {
case *ast.Array:
- for i := 0; i < v.Len(); i++ {
+ for i := range v.Len() {
network, err := generateIPNet(v.Elem(i))
if err != nil {
return err
@@ -392,7 +393,7 @@ func mergeCIDRs(ranges cidrBlockRanges) cidrBlockRanges {
ranges[i-1] = &cidrBlockRange{First: &firstIPRange, Last: &lastIPRange, Network: nil}
// Delete ranges[i] since merged with the previous.
- ranges = append(ranges[:i], ranges[i+1:]...)
+ ranges = slices.Delete(ranges, i, i+1)
}
}
return ranges
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/comparison.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/comparison.go
similarity index 90%
rename from vendor/github.com/open-policy-agent/opa/topdown/comparison.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/comparison.go
index 0d033d2c32..9e1585a28a 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/comparison.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/comparison.go
@@ -4,7 +4,7 @@
package topdown
-import "github.com/open-policy-agent/opa/ast"
+import "github.com/open-policy-agent/opa/v1/ast"
type compareFunc func(a, b ast.Value) bool
@@ -34,7 +34,7 @@ func compareEq(a, b ast.Value) bool {
func builtinCompare(cmp compareFunc) BuiltinFunc {
return func(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- return iter(ast.BooleanTerm(cmp(operands[0].Value, operands[1].Value)))
+ return iter(ast.InternedBooleanTerm(cmp(operands[0].Value, operands[1].Value)))
}
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/copypropagation/copypropagation.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/copypropagation/copypropagation.go
similarity index 96%
rename from vendor/github.com/open-policy-agent/opa/topdown/copypropagation/copypropagation.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/copypropagation/copypropagation.go
index 8824d19bd2..e582205f44 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/copypropagation/copypropagation.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/copypropagation/copypropagation.go
@@ -8,7 +8,7 @@ import (
"fmt"
"sort"
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
)
// CopyPropagator implements a simple copy propagation optimization to remove
@@ -209,7 +209,7 @@ func (p *CopyPropagator) Apply(query ast.Body) ast.Body {
// plugBindings applies the binding list and union-find to x. This process
// removes as many variables as possible.
-func (p *CopyPropagator) plugBindings(pctx *plugContext, expr *ast.Expr) *ast.Expr {
+func (*CopyPropagator) plugBindings(pctx *plugContext, expr *ast.Expr) *ast.Expr {
xform := bindingPlugTransform{
pctx: pctx,
@@ -233,7 +233,7 @@ type bindingPlugTransform struct {
pctx *plugContext
}
-func (t bindingPlugTransform) Transform(x interface{}) (interface{}, error) {
+func (t bindingPlugTransform) Transform(x any) (any, error) {
switch x := x.(type) {
case ast.Var:
return t.plugBindingsVar(t.pctx, x), nil
@@ -244,7 +244,7 @@ func (t bindingPlugTransform) Transform(x interface{}) (interface{}, error) {
}
}
-func (t bindingPlugTransform) plugBindingsVar(pctx *plugContext, v ast.Var) ast.Value {
+func (bindingPlugTransform) plugBindingsVar(pctx *plugContext, v ast.Var) ast.Value {
var result ast.Value = v
@@ -274,7 +274,7 @@ func (t bindingPlugTransform) plugBindingsVar(pctx *plugContext, v ast.Var) ast.
return b
}
-func (t bindingPlugTransform) plugBindingsRef(pctx *plugContext, v ast.Ref) ast.Ref {
+func (bindingPlugTransform) plugBindingsRef(pctx *plugContext, v ast.Ref) ast.Ref {
// Apply union-find to remove redundant variables from input.
if root, ok := pctx.uf.Find(v[0].Value); ok {
@@ -385,11 +385,11 @@ type binding struct {
k, v ast.Value
}
-func containedIn(value ast.Value, x interface{}) bool {
+func containedIn(value ast.Value, x any) bool {
var stop bool
var vis *ast.GenericVisitor
- vis = ast.NewGenericVisitor(func(x interface{}) bool {
+ vis = ast.NewGenericVisitor(func(x any) bool {
switch x := x.(type) {
case *ast.Every: // skip body
vis.Walk(x.Key)
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/copypropagation/unionfind.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/copypropagation/unionfind.go
similarity index 81%
rename from vendor/github.com/open-policy-agent/opa/topdown/copypropagation/unionfind.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/copypropagation/unionfind.go
index 38ec56f315..cac2a3009f 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/copypropagation/unionfind.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/copypropagation/unionfind.go
@@ -7,25 +7,21 @@ package copypropagation
import (
"fmt"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/util"
)
type rankFunc func(*unionFindRoot, *unionFindRoot) (*unionFindRoot, *unionFindRoot)
type unionFind struct {
- roots *util.HashMap
+ roots *util.HasherMap[ast.Value, *unionFindRoot]
parents *ast.ValueMap
rank rankFunc
}
func newUnionFind(rank rankFunc) *unionFind {
return &unionFind{
- roots: util.NewHashMap(func(a util.T, b util.T) bool {
- return a.(ast.Value).Compare(b.(ast.Value)) == 0
- }, func(v util.T) int {
- return v.(ast.Value).Hash()
- }),
+ roots: util.NewHasherMap[ast.Value, *unionFindRoot](ast.ValueEqual),
parents: ast.NewValueMap(),
rank: rank,
}
@@ -53,7 +49,7 @@ func (uf *unionFind) Find(v ast.Value) (*unionFindRoot, bool) {
if parent.Compare(v) == 0 {
r, ok := uf.roots.Get(v)
- return r.(*unionFindRoot), ok
+ return r, ok
}
return uf.Find(parent)
@@ -86,20 +82,20 @@ func (uf *unionFind) Merge(a, b ast.Value) (*unionFindRoot, bool) {
func (uf *unionFind) String() string {
o := struct {
- Roots map[string]interface{}
+ Roots map[string]any
Parents map[string]ast.Value
}{
- map[string]interface{}{},
+ map[string]any{},
map[string]ast.Value{},
}
- uf.roots.Iter(func(k util.T, v util.T) bool {
- o.Roots[k.(ast.Value).String()] = struct {
+ uf.roots.Iter(func(k ast.Value, v *unionFindRoot) bool {
+ o.Roots[k.String()] = struct {
Constant *ast.Term
Key ast.Value
}{
- v.(*unionFindRoot).constant,
- v.(*unionFindRoot).key,
+ v.constant,
+ v.key,
}
return true
})
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/crypto.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/crypto.go
similarity index 88%
rename from vendor/github.com/open-policy-agent/opa/topdown/crypto.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/crypto.go
index f24432a264..0fe6183c78 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/crypto.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/crypto.go
@@ -15,8 +15,10 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/base64"
+ "encoding/hex"
"encoding/json"
"encoding/pem"
+ "errors"
"fmt"
"hash"
"os"
@@ -25,9 +27,9 @@ import (
"github.com/open-policy-agent/opa/internal/jwx/jwk"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/util"
)
const (
@@ -95,19 +97,14 @@ func builtinCryptoX509ParseAndVerifyCertificates(_ BuiltinContext, operands []*a
return err
}
- invalid := ast.ArrayTerm(
- ast.BooleanTerm(false),
- ast.NewTerm(ast.NewArray()),
- )
-
certs, err := getX509CertsFromString(string(input))
if err != nil {
- return iter(invalid)
+ return iter(ast.ArrayTerm(ast.InternedBooleanTerm(false), ast.InternedEmptyArray))
}
verified, err := verifyX509CertificateChain(certs, x509.VerifyOptions{})
if err != nil {
- return iter(invalid)
+ return iter(ast.ArrayTerm(ast.InternedBooleanTerm(false), ast.InternedEmptyArray))
}
value, err := ast.InterfaceToValue(extendCertificates(verified))
@@ -115,10 +112,7 @@ func builtinCryptoX509ParseAndVerifyCertificates(_ BuiltinContext, operands []*a
return err
}
- valid := ast.ArrayTerm(
- ast.BooleanTerm(true),
- ast.NewTerm(value),
- )
+ valid := ast.ArrayTerm(ast.InternedBooleanTerm(true), ast.NewTerm(value))
return iter(valid)
}
@@ -152,14 +146,9 @@ func builtinCryptoX509ParseAndVerifyCertificatesWithOptions(_ BuiltinContext, op
return err
}
- invalid := ast.ArrayTerm(
- ast.BooleanTerm(false),
- ast.NewTerm(ast.NewArray()),
- )
-
certs, err := getX509CertsFromString(string(input))
if err != nil {
- return iter(invalid)
+ return iter(ast.ArrayTerm(ast.InternedBooleanTerm(false), ast.InternedEmptyArray))
}
// Collect the cert verification options
@@ -170,7 +159,7 @@ func builtinCryptoX509ParseAndVerifyCertificatesWithOptions(_ BuiltinContext, op
verified, err := verifyX509CertificateChain(certs, verifyOpt)
if err != nil {
- return iter(invalid)
+ return iter(ast.ArrayTerm(ast.InternedBooleanTerm(false), ast.InternedEmptyArray))
}
value, err := ast.InterfaceToValue(verified)
@@ -178,12 +167,7 @@ func builtinCryptoX509ParseAndVerifyCertificatesWithOptions(_ BuiltinContext, op
return err
}
- valid := ast.ArrayTerm(
- ast.BooleanTerm(true),
- ast.NewTerm(value),
- )
-
- return iter(valid)
+ return iter(ast.ArrayTerm(ast.InternedBooleanTerm(true), ast.NewTerm(value)))
}
func extractVerifyOpts(options ast.Object) (verifyOpt x509.VerifyOptions, err error) {
@@ -204,7 +188,7 @@ func extractVerifyOpts(options ast.Object) (verifyOpt x509.VerifyOptions, err er
if ok {
verifyOpt.DNSName = strings.Trim(string(dns), "\"")
} else {
- return verifyOpt, fmt.Errorf("'DNSName' should be a string")
+ return verifyOpt, errors.New("'DNSName' should be a string")
}
case "CurrentTime":
c, ok := options.Get(key).Value.(ast.Number)
@@ -213,10 +197,10 @@ func extractVerifyOpts(options ast.Object) (verifyOpt x509.VerifyOptions, err er
if ok {
verifyOpt.CurrentTime = time.Unix(0, nanosecs)
} else {
- return verifyOpt, fmt.Errorf("'CurrentTime' should be a valid int64 number")
+ return verifyOpt, errors.New("'CurrentTime' should be a valid int64 number")
}
} else {
- return verifyOpt, fmt.Errorf("'CurrentTime' should be a number")
+ return verifyOpt, errors.New("'CurrentTime' should be a number")
}
case "MaxConstraintComparisons":
c, ok := options.Get(key).Value.(ast.Number)
@@ -225,23 +209,23 @@ func extractVerifyOpts(options ast.Object) (verifyOpt x509.VerifyOptions, err er
if ok {
verifyOpt.MaxConstraintComparisions = maxComparisons
} else {
- return verifyOpt, fmt.Errorf("'MaxConstraintComparisons' should be a valid number")
+ return verifyOpt, errors.New("'MaxConstraintComparisons' should be a valid number")
}
} else {
- return verifyOpt, fmt.Errorf("'MaxConstraintComparisons' should be a number")
+ return verifyOpt, errors.New("'MaxConstraintComparisons' should be a number")
}
case "KeyUsages":
type forEach interface {
Foreach(func(*ast.Term))
}
var ks forEach
- switch options.Get(key).Value.(type) {
+ switch v := options.Get(key).Value.(type) {
case *ast.Array:
- ks = options.Get(key).Value.(*ast.Array)
+ ks = v
case ast.Set:
- ks = options.Get(key).Value.(ast.Set)
+ ks = v
default:
- return verifyOpt, fmt.Errorf("'KeyUsages' should be an Array or Set")
+ return verifyOpt, errors.New("'KeyUsages' should be an Array or Set")
}
// Collect the x509.ExtKeyUsage values by looking up the
@@ -262,7 +246,7 @@ func extractVerifyOpts(options ast.Object) (verifyOpt x509.VerifyOptions, err er
return x509.VerifyOptions{}, fmt.Errorf("invalid entries for 'KeyUsages' found: %s", invalidKUsgs)
}
default:
- return verifyOpt, fmt.Errorf("invalid key option")
+ return verifyOpt, errors.New("invalid key option")
}
}
@@ -312,7 +296,7 @@ func builtinCryptoX509ParseCertificateRequest(_ BuiltinContext, operands []*ast.
p, _ := pem.Decode(bytes)
if p != nil && p.Type != blockTypeCertificateRequest {
- return fmt.Errorf("invalid PEM-encoded certificate signing request")
+ return errors.New("invalid PEM-encoded certificate signing request")
}
if p != nil {
bytes = p.Bytes
@@ -328,7 +312,7 @@ func builtinCryptoX509ParseCertificateRequest(_ BuiltinContext, operands []*ast.
return err
}
- var x interface{}
+ var x any
if err := util.UnmarshalJSON(bs, &x); err != nil {
return err
}
@@ -342,7 +326,7 @@ func builtinCryptoX509ParseCertificateRequest(_ BuiltinContext, operands []*ast.
}
func builtinCryptoJWKFromPrivateKey(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- var x interface{}
+ var x any
a := operands[0].Value
input, err := builtins.StringOperand(a, 1)
@@ -354,7 +338,7 @@ func builtinCryptoJWKFromPrivateKey(_ BuiltinContext, operands []*ast.Term, iter
pemDataString := string(input)
if pemDataString == "" {
- return fmt.Errorf("input PEM data was empty")
+ return errors.New("input PEM data was empty")
}
// This built in must be supplied a valid PEM or base64 encoded string.
@@ -374,7 +358,7 @@ func builtinCryptoJWKFromPrivateKey(_ BuiltinContext, operands []*ast.Term, iter
}
if len(rawKeys) == 0 {
- return iter(ast.NullTerm())
+ return iter(ast.InternedNullTerm)
}
key, err := jwk.New(rawKeys[0])
@@ -408,7 +392,7 @@ func builtinCryptoParsePrivateKeys(_ BuiltinContext, operands []*ast.Term, iter
}
if string(input) == "" {
- return iter(ast.NullTerm())
+ return iter(ast.InternedNullTerm)
}
// get the raw private key
@@ -418,7 +402,7 @@ func builtinCryptoParsePrivateKeys(_ BuiltinContext, operands []*ast.Term, iter
}
if len(rawKeys) == 0 {
- return iter(ast.NewTerm(ast.NewArray()))
+ return iter(ast.InternedEmptyArray)
}
bs, err := json.Marshal(rawKeys)
@@ -426,7 +410,7 @@ func builtinCryptoParsePrivateKeys(_ BuiltinContext, operands []*ast.Term, iter
return err
}
- var x interface{}
+ var x any
if err := util.UnmarshalJSON(bs, &x); err != nil {
return err
}
@@ -439,36 +423,43 @@ func builtinCryptoParsePrivateKeys(_ BuiltinContext, operands []*ast.Term, iter
return iter(ast.NewTerm(value))
}
-func hashHelper(a ast.Value, h func(ast.String) string) (ast.Value, error) {
- s, err := builtins.StringOperand(a, 1)
- if err != nil {
- return nil, err
- }
- return ast.String(h(s)), nil
+func toHexEncodedString(src []byte) string {
+ dst := make([]byte, hex.EncodedLen(len(src)))
+ hex.Encode(dst, src)
+ return util.ByteSliceToString(dst)
}
func builtinCryptoMd5(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- res, err := hashHelper(operands[0].Value, func(s ast.String) string { return fmt.Sprintf("%x", md5.Sum([]byte(s))) })
+ s, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
return err
}
- return iter(ast.NewTerm(res))
+
+ md5sum := md5.Sum([]byte(s))
+
+ return iter(ast.StringTerm(toHexEncodedString(md5sum[:])))
}
func builtinCryptoSha1(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- res, err := hashHelper(operands[0].Value, func(s ast.String) string { return fmt.Sprintf("%x", sha1.Sum([]byte(s))) })
+ s, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
return err
}
- return iter(ast.NewTerm(res))
+
+ sha1sum := sha1.Sum([]byte(s))
+
+ return iter(ast.StringTerm(toHexEncodedString(sha1sum[:])))
}
func builtinCryptoSha256(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- res, err := hashHelper(operands[0].Value, func(s ast.String) string { return fmt.Sprintf("%x", sha256.Sum256([]byte(s))) })
+ s, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
return err
}
- return iter(ast.NewTerm(res))
+
+ sha256sum := sha256.Sum256([]byte(s))
+
+ return iter(ast.StringTerm(toHexEncodedString(sha256sum[:])))
}
func hmacHelper(operands []*ast.Term, iter func(*ast.Term) error, h func() hash.Hash) error {
@@ -488,7 +479,7 @@ func hmacHelper(operands []*ast.Term, iter func(*ast.Term) error, h func() hash.
mac.Write([]byte(message))
messageDigest := mac.Sum(nil)
- return iter(ast.StringTerm(fmt.Sprintf("%x", messageDigest)))
+ return iter(ast.StringTerm(hex.EncodeToString(messageDigest)))
}
func builtinCryptoHmacMd5(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -522,7 +513,7 @@ func builtinCryptoHmacEqual(_ BuiltinContext, operands []*ast.Term, iter func(*a
res := hmac.Equal([]byte(mac1), []byte(mac2))
- return iter(ast.BooleanTerm(res))
+ return iter(ast.InternedBooleanTerm(res))
}
func init() {
@@ -697,7 +688,7 @@ func addCACertsFromBytes(pool *x509.CertPool, pemBytes []byte) (*x509.CertPool,
}
if ok := pool.AppendCertsFromPEM(pemBytes); !ok {
- return nil, fmt.Errorf("could not append certificates")
+ return nil, errors.New("could not append certificates")
}
return pool, nil
@@ -725,9 +716,11 @@ func readCertFromFile(localCertFile string) ([]byte, error) {
return certPEM, nil
}
+var beginPrefix = []byte("-----BEGIN ")
+
func getTLSx509KeyPairFromString(certPemBlock []byte, keyPemBlock []byte) (*tls.Certificate, error) {
- if !strings.HasPrefix(string(certPemBlock), "-----BEGIN") {
+ if !bytes.HasPrefix(certPemBlock, beginPrefix) {
s, err := base64.StdEncoding.DecodeString(string(certPemBlock))
if err != nil {
return nil, err
@@ -735,7 +728,7 @@ func getTLSx509KeyPairFromString(certPemBlock []byte, keyPemBlock []byte) (*tls.
certPemBlock = s
}
- if !strings.HasPrefix(string(keyPemBlock), "-----BEGIN") {
+ if !bytes.HasPrefix(keyPemBlock, beginPrefix) {
s, err := base64.StdEncoding.DecodeString(string(keyPemBlock))
if err != nil {
return nil, err
@@ -744,7 +737,7 @@ func getTLSx509KeyPairFromString(certPemBlock []byte, keyPemBlock []byte) (*tls.
}
// we assume it a DER certificate and try to convert it to a PEM.
- if !bytes.HasPrefix(certPemBlock, []byte("-----BEGIN")) {
+ if !bytes.HasPrefix(certPemBlock, beginPrefix) {
pemBlock := &pem.Block{
Type: "CERTIFICATE",
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/doc.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/doc.go
new file mode 100644
index 0000000000..9aa7aa45c5
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/doc.go
@@ -0,0 +1,10 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+// Package topdown provides low-level query evaluation support.
+//
+// The topdown implementation is a modified version of the standard top-down
+// evaluation algorithm used in Datalog. References and comprehensions are
+// evaluated eagerly while all other terms are evaluated lazily.
+package topdown
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/encoding.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/encoding.go
similarity index 93%
rename from vendor/github.com/open-policy-agent/opa/topdown/encoding.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/encoding.go
index f3475a60d0..6e1e0e8bde 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/encoding.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/encoding.go
@@ -15,9 +15,9 @@ import (
"sigs.k8s.io/yaml"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/util"
)
func builtinJSONMarshal(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -128,7 +128,7 @@ func builtinJSONUnmarshal(_ BuiltinContext, operands []*ast.Term, iter func(*ast
return err
}
- var x interface{}
+ var x any
if err := util.UnmarshalJSON([]byte(str), &x); err != nil {
return err
@@ -144,10 +144,10 @@ func builtinJSONIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*ast.T
str, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
- return iter(ast.BooleanTerm(json.Valid([]byte(str))))
+ return iter(ast.InternedBooleanTerm(json.Valid([]byte(str))))
}
func builtinBase64Encode(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -169,17 +169,17 @@ func builtinBase64Decode(_ BuiltinContext, operands []*ast.Term, iter func(*ast.
if err != nil {
return err
}
- return iter(ast.NewTerm(ast.String(result)))
+ return iter(ast.StringTerm(string(result)))
}
func builtinBase64IsValid(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
str, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
_, err = base64.StdEncoding.DecodeString(string(str))
- return iter(ast.BooleanTerm(err == nil))
+ return iter(ast.InternedBooleanTerm(err == nil))
}
func builtinBase64UrlEncode(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -224,7 +224,7 @@ func builtinBase64UrlDecode(_ BuiltinContext, operands []*ast.Term, iter func(*a
if err != nil {
return err
}
- return iter(ast.NewTerm(ast.String(result)))
+ return iter(ast.StringTerm(string(result)))
}
func builtinURLQueryEncode(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -255,7 +255,7 @@ func builtinURLQueryEncodeObject(_ BuiltinContext, operands []*ast.Term, iter fu
return err
}
- inputs, ok := asJSON.(map[string]interface{})
+ inputs, ok := asJSON.(map[string]any)
if !ok {
return builtins.NewOperandTypeErr(1, operands[0].Value, "object")
}
@@ -266,7 +266,7 @@ func builtinURLQueryEncodeObject(_ BuiltinContext, operands []*ast.Term, iter fu
switch vv := v.(type) {
case string:
query.Set(k, vv)
- case []interface{}:
+ case []any:
for _, val := range vv {
strVal, ok := val.(string)
if !ok {
@@ -340,7 +340,7 @@ func builtinYAMLUnmarshal(_ BuiltinContext, operands []*ast.Term, iter func(*ast
buf := bytes.NewBuffer(bs)
decoder := util.NewJSONDecoder(buf)
- var val interface{}
+ var val any
err = decoder.Decode(&val)
if err != nil {
return err
@@ -355,12 +355,12 @@ func builtinYAMLUnmarshal(_ BuiltinContext, operands []*ast.Term, iter func(*ast
func builtinYAMLIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
str, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
- var x interface{}
+ var x any
err = yaml.Unmarshal([]byte(str), &x)
- return iter(ast.BooleanTerm(err == nil))
+ return iter(ast.InternedBooleanTerm(err == nil))
}
func builtinHexEncode(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -380,7 +380,7 @@ func builtinHexDecode(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
if err != nil {
return err
}
- return iter(ast.NewTerm(ast.String(val)))
+ return iter(ast.StringTerm(string(val)))
}
func init() {
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/errors.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/errors.go
new file mode 100644
index 0000000000..cadd163198
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/errors.go
@@ -0,0 +1,149 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import (
+ "errors"
+ "fmt"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+)
+
+// Halt is a special error type that built-in function implementations return to indicate
+// that policy evaluation should stop immediately.
+type Halt struct {
+ Err error
+}
+
+func (h Halt) Error() string {
+ return h.Err.Error()
+}
+
+func (h Halt) Unwrap() error { return h.Err }
+
+// Error is the error type returned by the Eval and Query functions when
+// an evaluation error occurs.
+type Error struct {
+ Code string `json:"code"`
+ Message string `json:"message"`
+ Location *ast.Location `json:"location,omitempty"`
+ err error `json:"-"`
+}
+
+const (
+
+ // InternalErr represents an unknown evaluation error.
+ InternalErr string = "eval_internal_error"
+
+ // CancelErr indicates the evaluation process was cancelled.
+ CancelErr string = "eval_cancel_error"
+
+ // ConflictErr indicates a conflict was encountered during evaluation. For
+ // instance, a conflict occurs if a rule produces multiple, differing values
+ // for the same key in an object. Conflict errors indicate the policy does
+ // not account for the data loaded into the policy engine.
+ ConflictErr string = "eval_conflict_error"
+
+ // TypeErr indicates evaluation stopped because an expression was applied to
+ // a value of an inappropriate type.
+ TypeErr string = "eval_type_error"
+
+ // BuiltinErr indicates a built-in function received a semantically invalid
+ // input or encountered some kind of runtime error, e.g., connection
+ // timeout, connection refused, etc.
+ BuiltinErr string = "eval_builtin_error"
+
+ // WithMergeErr indicates that the real and replacement data could not be merged.
+ WithMergeErr string = "eval_with_merge_error"
+)
+
+// IsError returns true if the err is an Error.
+func IsError(err error) bool {
+ var e *Error
+ return errors.As(err, &e)
+}
+
+// IsCancel returns true if err was caused by cancellation.
+func IsCancel(err error) bool {
+ return errors.Is(err, &Error{Code: CancelErr})
+}
+
+// Is allows matching topdown errors using errors.Is (see IsCancel).
+func (e *Error) Is(target error) bool {
+ var t *Error
+ if errors.As(target, &t) {
+ return (t.Code == "" || e.Code == t.Code) &&
+ (t.Message == "" || e.Message == t.Message) &&
+ (t.Location == nil || t.Location.Compare(e.Location) == 0)
+ }
+ return false
+}
+
+func (e *Error) Error() string {
+ msg := fmt.Sprintf("%v: %v", e.Code, e.Message)
+
+ if e.Location != nil {
+ msg = e.Location.String() + ": " + msg
+ }
+
+ return msg
+}
+
+func (e *Error) Wrap(err error) *Error {
+ e.err = err
+ return e
+}
+
+func (e *Error) Unwrap() error {
+ return e.err
+}
+
+func functionConflictErr(loc *ast.Location) error {
+ return &Error{
+ Code: ConflictErr,
+ Location: loc,
+ Message: "functions must not produce multiple outputs for same inputs",
+ }
+}
+
+func completeDocConflictErr(loc *ast.Location) error {
+ return &Error{
+ Code: ConflictErr,
+ Location: loc,
+ Message: "complete rules must not produce multiple outputs",
+ }
+}
+
+func objectDocKeyConflictErr(loc *ast.Location) error {
+ return &Error{
+ Code: ConflictErr,
+ Location: loc,
+ Message: "object keys must be unique",
+ }
+}
+
+func unsupportedBuiltinErr(loc *ast.Location) error {
+ return &Error{
+ Code: InternalErr,
+ Location: loc,
+ Message: "unsupported built-in",
+ }
+}
+
+func mergeConflictErr(loc *ast.Location) error {
+ return &Error{
+ Code: WithMergeErr,
+ Location: loc,
+ Message: "real and replacement data could not be merged",
+ }
+}
+
+func internalErr(loc *ast.Location, msg string) error {
+ return &Error{
+ Code: InternalErr,
+ Location: loc,
+ Message: msg,
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/eval.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/eval.go
similarity index 83%
rename from vendor/github.com/open-policy-agent/opa/topdown/eval.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/eval.go
index 7884ac01e0..e801777106 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/eval.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/eval.go
@@ -5,19 +5,21 @@ import (
"errors"
"fmt"
"io"
- "sort"
+ "slices"
"strconv"
"strings"
-
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/storage"
- "github.com/open-policy-agent/opa/topdown/builtins"
- "github.com/open-policy-agent/opa/topdown/cache"
- "github.com/open-policy-agent/opa/topdown/copypropagation"
- "github.com/open-policy-agent/opa/topdown/print"
- "github.com/open-policy-agent/opa/tracing"
- "github.com/open-policy-agent/opa/types"
+ "sync"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
+ "github.com/open-policy-agent/opa/v1/topdown/copypropagation"
+ "github.com/open-policy-agent/opa/v1/topdown/print"
+ "github.com/open-policy-agent/opa/v1/tracing"
+ "github.com/open-policy-agent/opa/v1/types"
+ "github.com/open-policy-agent/opa/v1/util"
)
type evalIterator func(*eval) error
@@ -57,60 +59,91 @@ func (ee deferredEarlyExitError) Error() string {
return fmt.Sprintf("%v: deferred early exit", ee.e.query)
}
+// Note(æ): this struct is formatted for optimal alignment as it is big, internal and instantiated
+// *very* frequently during evaluation. If you need to add fields here, please consider the alignment
+// of the struct, and use something like betteralign (https://github.com/dkorunic/betteralign) if you
+// need help with that.
type eval struct {
ctx context.Context
metrics metrics.Metrics
seed io.Reader
+ cancel Cancel
+ queryCompiler ast.QueryCompiler
+ store storage.Store
+ txn storage.Transaction
+ virtualCache VirtualCache
+ baseCache BaseCache
+ interQueryBuiltinCache cache.InterQueryCache
+ interQueryBuiltinValueCache cache.InterQueryValueCache
+ printHook print.Hook
time *ast.Term
- queryID uint64
queryIDFact *queryIDFactory
parent *eval
caller *eval
- cancel Cancel
- query ast.Body
- queryCompiler ast.QueryCompiler
- index int
- indexing bool
- earlyExit bool
bindings *bindings
- store storage.Store
- baseCache *baseCache
- txn storage.Transaction
compiler *ast.Compiler
input *ast.Term
data *ast.Term
external *resolverTrie
targetStack *refStack
- tracers []QueryTracer
- traceEnabled bool
traceLastLocation *ast.Location // Last location of a trace event.
- plugTraceVars bool
instr *Instrumentation
builtins map[string]*Builtin
builtinCache builtins.Cache
ndBuiltinCache builtins.NDBCache
functionMocks *functionMocksStack
- virtualCache VirtualCache
comprehensionCache *comprehensionCache
- interQueryBuiltinCache cache.InterQueryCache
- interQueryBuiltinValueCache cache.InterQueryValueCache
saveSet *saveSet
saveStack *saveStack
saveSupport *saveSupport
saveNamespace *ast.Term
- skipSaveNamespace bool
inliningControl *inliningControl
- genvarprefix string
- genvarid int
runtime *ast.Term
builtinErrors *builtinErrors
- printHook print.Hook
+ roundTripper CustomizeRoundTripper
+ genvarprefix string
+ query ast.Body
+ tracers []QueryTracer
tracingOpts tracing.Options
+ queryID uint64
+ index int
+ genvarid int
+ indexing bool
+ earlyExit bool
+ traceEnabled bool
+ plugTraceVars bool
+ skipSaveNamespace bool
findOne bool
strictObjects bool
+ defined bool
+}
+
+type evp struct {
+ pool sync.Pool
+}
+
+func (ep *evp) Put(e *eval) {
+ ep.pool.Put(e)
+}
+
+func (ep *evp) Get() *eval {
+ return ep.pool.Get().(*eval)
+}
+
+var evalPool = evp{
+ pool: sync.Pool{
+ New: func() any {
+ return &eval{}
+ },
+ },
}
func (e *eval) Run(iter evalIterator) error {
+ if !e.traceEnabled {
+ // avoid function literal escaping to heap if we don't need the trace
+ return e.eval(iter)
+ }
+
e.traceEnter(e.query)
return e.eval(func(e *eval) error {
e.traceExit(e.query)
@@ -129,10 +162,10 @@ func (e *eval) String() string {
func (e *eval) string(s *strings.Builder) {
fmt.Fprintf(s, "')
+ s.WriteByte('>')
}
func (e *eval) builtinFunc(name string) (*ast.Builtin, BuiltinFunc, bool) {
@@ -151,25 +184,23 @@ func (e *eval) builtinFunc(name string) (*ast.Builtin, BuiltinFunc, bool) {
return nil, nil, false
}
-func (e *eval) closure(query ast.Body) *eval {
- cpy := *e
+func (e *eval) closure(query ast.Body, cpy *eval) {
+ *cpy = *e
cpy.index = 0
cpy.query = query
cpy.queryID = cpy.queryIDFact.Next()
cpy.parent = e
cpy.findOne = false
- return &cpy
}
-func (e *eval) child(query ast.Body) *eval {
- cpy := *e
+func (e *eval) child(query ast.Body, cpy *eval) {
+ *cpy = *e
cpy.index = 0
cpy.query = query
cpy.queryID = cpy.queryIDFact.Next()
cpy.bindings = newBindings(cpy.queryID, e.instr)
cpy.parent = e
cpy.findOne = false
- return &cpy
}
func (e *eval) next(iter evalIterator) error {
@@ -183,7 +214,7 @@ func (e *eval) partial() bool {
return e.saveSet != nil
}
-func (e *eval) unknown(x interface{}, b *bindings) bool {
+func (e *eval) unknown(x any, b *bindings) bool {
if !e.partial() {
return false
}
@@ -335,6 +366,13 @@ func (e *eval) evalExpr(iter evalIterator) error {
}
if e.cancel != nil && e.cancel.Cancelled() {
+ if e.ctx != nil && e.ctx.Err() != nil {
+ return &Error{
+ Code: CancelErr,
+ Message: e.ctx.Err().Error(),
+ err: e.ctx.Err(),
+ }
+ }
return &Error{
Code: CancelErr,
Message: "caller cancelled query execution",
@@ -342,13 +380,9 @@ func (e *eval) evalExpr(iter evalIterator) error {
}
if e.index >= len(e.query) {
- err := iter(e)
-
- if err != nil {
+ if err := iter(e); err != nil {
switch err := err.(type) {
- case *deferredEarlyExitError:
- return wrapErr(err)
- case *earlyExitError:
+ case *deferredEarlyExitError, *earlyExitError:
return wrapErr(err)
default:
return err
@@ -374,46 +408,119 @@ func (e *eval) evalExpr(iter evalIterator) error {
}
func (e *eval) evalStep(iter evalIterator) error {
-
expr := e.query[e.index]
if expr.Negated {
return e.evalNot(iter)
}
- var defined bool
var err error
+
+ // NOTE(æ): the reason why there's one branch for the tracing case and one almost
+ // identical branch below for when tracing is disabled is that the tracing case
+ // allocates wildly. These allocations are cause by the "defined" boolean variable
+ // escaping to the heap as its value is set from inside of closures. There may very
+ // well be more elegant solutions to this problem, but this is one that works, and
+ // saves several *million* allocations for some workloads. So feel free to refactor
+ // this, but do make sure that the common non-tracing case doesn't pay in allocations
+ // for something that is only needed when tracing is enabled.
+ if e.traceEnabled {
+ var defined bool
+ switch terms := expr.Terms.(type) {
+ case []*ast.Term:
+ switch {
+ case expr.IsEquality():
+ err = e.unify(terms[1], terms[2], func() error {
+ defined = true
+ err := iter(e)
+ e.traceRedo(expr)
+ return err
+ })
+ default:
+ err = e.evalCall(terms, func() error {
+ defined = true
+ err := iter(e)
+ e.traceRedo(expr)
+ return err
+ })
+ }
+ case *ast.Term:
+ // generateVar inlined here to avoid extra allocations in hot path
+ rterm := ast.VarTerm(e.fmtVarTerm())
+
+ if e.partial() {
+ e.inliningControl.PushDisable(rterm.Value, true)
+ }
+
+ err = e.unify(terms, rterm, func() error {
+ if e.saveSet.Contains(rterm, e.bindings) {
+ return e.saveExpr(ast.NewExpr(rterm), e.bindings, func() error {
+ return iter(e)
+ })
+ }
+ if !e.bindings.Plug(rterm).Equal(ast.InternedBooleanTerm(false)) {
+ defined = true
+ err := iter(e)
+ e.traceRedo(expr)
+ return err
+ }
+ return nil
+ })
+
+ if e.partial() {
+ e.inliningControl.PopDisable()
+ }
+ case *ast.Every:
+ eval := evalEvery{
+ Every: terms,
+ e: e,
+ expr: expr,
+ }
+ err = eval.eval(func() error {
+ defined = true
+ err := iter(e)
+ e.traceRedo(expr)
+ return err
+ })
+
+ default: // guard-rail for adding extra (Expr).Terms types
+ return fmt.Errorf("got %T terms: %[1]v", terms)
+ }
+
+ if err != nil {
+ return err
+ }
+
+ if !defined {
+ e.traceFail(expr)
+ }
+
+ return nil
+ }
+
switch terms := expr.Terms.(type) {
case []*ast.Term:
switch {
case expr.IsEquality():
err = e.unify(terms[1], terms[2], func() error {
- defined = true
- err := iter(e)
- e.traceRedo(expr)
- return err
+ return iter(e)
})
default:
err = e.evalCall(terms, func() error {
- defined = true
- err := iter(e)
- e.traceRedo(expr)
- return err
+ return iter(e)
})
}
case *ast.Term:
- rterm := e.generateVar(fmt.Sprintf("term_%d_%d", e.queryID, e.index))
+ // generateVar inlined here to avoid extra allocations in hot path
+ rterm := ast.VarTerm(e.fmtVarTerm())
err = e.unify(terms, rterm, func() error {
if e.saveSet.Contains(rterm, e.bindings) {
return e.saveExpr(ast.NewExpr(rterm), e.bindings, func() error {
return iter(e)
})
}
- if !e.bindings.Plug(rterm).Equal(ast.BooleanTerm(false)) {
- defined = true
- err := iter(e)
- e.traceRedo(expr)
- return err
+ if !e.bindings.Plug(rterm).Equal(ast.InternedBooleanTerm(false)) {
+ return iter(e)
}
return nil
})
@@ -424,25 +531,28 @@ func (e *eval) evalStep(iter evalIterator) error {
expr: expr,
}
err = eval.eval(func() error {
- defined = true
- err := iter(e)
- e.traceRedo(expr)
- return err
+ return iter(e)
})
default: // guard-rail for adding extra (Expr).Terms types
return fmt.Errorf("got %T terms: %[1]v", terms)
}
- if err != nil {
- return err
- }
+ return err
+}
- if !defined {
- e.traceFail(expr)
- }
+// Single-purpose fmt.Sprintf replacement for generating variable names with only
+// one allocation performed instead of 4, and in 1/3 the time.
+func (e *eval) fmtVarTerm() string {
+ buf := make([]byte, 0, len(e.genvarprefix)+util.NumDigitsUint(e.queryID)+util.NumDigitsInt(e.index)+7)
- return nil
+ buf = append(buf, e.genvarprefix...)
+ buf = append(buf, "_term_"...)
+ buf = strconv.AppendUint(buf, e.queryID, 10)
+ buf = append(buf, '_')
+ buf = strconv.AppendInt(buf, int64(e.index), 10)
+
+ return util.ByteSliceToString(buf)
}
func (e *eval) evalNot(iter evalIterator) error {
@@ -453,27 +563,34 @@ func (e *eval) evalNot(iter evalIterator) error {
return e.evalNotPartial(iter)
}
- negation := ast.NewBody(expr.Complement().NoWith())
- child := e.closure(negation)
+ negation := ast.NewBody(expr.ComplementNoWith())
+ child := evalPool.Get()
+ defer evalPool.Put(child)
- var defined bool
- child.traceEnter(negation)
+ e.closure(negation, child)
- err := child.eval(func(*eval) error {
- child.traceExit(negation)
- defined = true
- child.traceRedo(negation)
- return nil
- })
+ if e.traceEnabled {
+ child.traceEnter(negation)
+ }
- if err != nil {
+ if err := child.eval(func(*eval) error {
+ if e.traceEnabled {
+ child.traceExit(negation)
+ child.traceRedo(negation)
+ }
+ child.defined = true
+
+ return nil
+ }); err != nil {
return err
}
- if !defined {
+ if !child.defined {
return iter(e)
}
+ child.defined = false
+
e.traceFail(expr)
return nil
}
@@ -482,16 +599,18 @@ func (e *eval) evalWith(iter evalIterator) error {
expr := e.query[e.index]
- // Disable inlining on all references in the expression so the result of
- // partial evaluation has the same semantics w/ the with statements
- // preserved.
var disable []ast.Ref
- disableRef := func(x ast.Ref) bool {
- disable = append(disable, x.GroundPrefix())
- return false
- }
if e.partial() {
+ // Avoid the `disable` var to escape to heap unless partial evaluation is enabled.
+ var disablePartial []ast.Ref
+ // Disable inlining on all references in the expression so the result of
+ // partial evaluation has the same semantics w/ the with statements
+ // preserved.
+ disableRef := func(x ast.Ref) bool {
+ disablePartial = append(disablePartial, x.GroundPrefix())
+ return false
+ }
// If the value is unknown the with statement cannot be evaluated and so
// the entire expression should be saved to be safe. In the future this
@@ -516,12 +635,15 @@ func (e *eval) evalWith(iter evalIterator) error {
}
ast.WalkRefs(expr.NoWith(), disableRef)
+
+ disable = disablePartial
}
pairsInput := [][2]*ast.Term{}
pairsData := [][2]*ast.Term{}
- functionMocks := [][2]*ast.Term{}
- targets := []ast.Ref{}
+ targets := make([]ast.Ref, 0, len(expr.With))
+
+ var functionMocks [][2]*ast.Term
for i := range expr.With {
target := expr.With[i].Target
@@ -593,16 +715,31 @@ func (e *eval) evalWithPush(input, data *ast.Term, functionMocks [][2]*ast.Term,
e.data = data
}
+ if e.comprehensionCache == nil {
+ e.comprehensionCache = newComprehensionCache()
+ }
+
e.comprehensionCache.Push()
e.virtualCache.Push()
+
+ if e.targetStack == nil {
+ e.targetStack = newRefStack()
+ }
+
e.targetStack.Push(targets)
e.inliningControl.PushDisable(disable, true)
+
+ if e.functionMocks == nil {
+ e.functionMocks = newFunctionMocksStack()
+ }
+
e.functionMocks.PutPairs(functionMocks)
return oldInput, oldData
}
func (e *eval) evalWithPop(input, data *ast.Term) {
+ // NOTE(ae) no nil checks here as we assume evalWithPush always called first
e.inliningControl.PopDisable()
e.targetStack.Pop()
e.virtualCache.Pop()
@@ -613,11 +750,14 @@ func (e *eval) evalWithPop(input, data *ast.Term) {
}
func (e *eval) evalNotPartial(iter evalIterator) error {
-
// Prepare query normally.
expr := e.query[e.index]
- negation := expr.Complement().NoWith()
- child := e.closure(ast.NewBody(negation))
+ negation := expr.ComplementNoWith()
+
+ child := evalPool.Get()
+ defer evalPool.Put(child)
+
+ e.closure(ast.NewBody(negation), child)
// Unknowns is the set of variables that are marked as unknown. The variables
// are namespaced with the query ID that they originate in. This ensures that
@@ -710,9 +850,7 @@ func (e *eval) evalNotPartialSupport(negationID uint64, expr *ast.Expr, unknowns
args = append(args, ast.NewTerm(v))
}
- sort.Slice(args, func(i, j int) bool {
- return args[i].Value.Compare(args[j].Value) < 0
- })
+ slices.SortFunc(args, ast.TermValueCompare)
if len(args) > 0 {
head.Args = args
@@ -747,7 +885,6 @@ func (e *eval) evalCall(terms []*ast.Term, iter unifyIterator) error {
ref := terms[0].Value.(ast.Ref)
- var mocked bool
mock, mocked := e.functionMocks.Get(ref)
if mocked {
if m, ok := mock.Value.(ast.Ref); ok && isFunction(e.compiler.TypeEnv, m) { // builtin or data function
@@ -770,7 +907,7 @@ func (e *eval) evalCall(terms []*ast.Term, iter unifyIterator) error {
if ref[0].Equal(ast.DefaultRootDocument) {
if mocked {
f := e.compiler.TypeEnv.Get(ref).(*types.Function)
- return e.evalCallValue(len(f.FuncArgs().Args), terms, mock, iter)
+ return e.evalCallValue(f.Arity(), terms, mock, iter)
}
var ir *ast.IndexResult
@@ -786,7 +923,6 @@ func (e *eval) evalCall(terms []*ast.Term, iter unifyIterator) error {
eval := evalFunc{
e: e,
- ref: ref,
terms: terms,
ir: ir,
}
@@ -800,11 +936,11 @@ func (e *eval) evalCall(terms []*ast.Term, iter unifyIterator) error {
}
if mocked { // value replacement of built-in call
- return e.evalCallValue(len(bi.Decl.Args()), terms, mock, iter)
+ return e.evalCallValue(bi.Decl.Arity(), terms, mock, iter)
}
if e.unknown(e.query[e.index], e.bindings) {
- return e.saveCall(len(bi.Decl.Args()), terms, iter)
+ return e.saveCall(bi.Decl.Arity(), terms, iter)
}
var parentID uint64
@@ -836,6 +972,7 @@ func (e *eval) evalCall(terms []*ast.Term, iter unifyIterator) error {
PrintHook: e.printHook,
DistributedTracingOpts: e.tracingOpts,
Capabilities: capabilities,
+ RoundTripper: e.roundTripper,
}
eval := evalBuiltin{
@@ -855,7 +992,7 @@ func (e *eval) evalCallValue(arity int, terms []*ast.Term, mock *ast.Term, iter
return e.unify(terms[len(terms)-1], mock, iter)
case len(terms) == arity+1:
- if mock.Value.Compare(ast.Boolean(false)) != 0 {
+ if !ast.Boolean(false).Equal(mock.Value) {
return iter()
}
return nil
@@ -932,6 +1069,22 @@ func (e *eval) biunifyArraysRec(a, b *ast.Array, b1, b2 *bindings, iter unifyIte
})
}
+func (e *eval) biunifyTerms(a, b []*ast.Term, b1, b2 *bindings, iter unifyIterator) error {
+ if len(a) != len(b) {
+ return nil
+ }
+ return e.biunifyTermsRec(a, b, b1, b2, iter, 0)
+}
+
+func (e *eval) biunifyTermsRec(a, b []*ast.Term, b1, b2 *bindings, iter unifyIterator, idx int) error {
+ if idx == len(a) {
+ return iter()
+ }
+ return e.biunify(a[idx], b[idx], b1, b2, func() error {
+ return e.biunifyTermsRec(a, b, b1, b2, iter, idx+1)
+ })
+}
+
func (e *eval) biunifyObjects(a, b ast.Object, b1, b2 *bindings, iter unifyIterator) error {
if a.Len() != b.Len() {
return nil
@@ -1057,7 +1210,7 @@ func (e *eval) biunifyRef(a, b *ast.Term, b1, b2 *bindings, iter unifyIterator)
e: e,
ref: ref,
pos: 1,
- plugged: ref.Copy(),
+ plugged: ref.CopyNonGround(),
bindings: b1,
rterm: b,
rbindings: b2,
@@ -1133,6 +1286,10 @@ func (e *eval) buildComprehensionCache(a *ast.Term) (*ast.Term, error) {
return nil, nil
}
+ if e.comprehensionCache == nil {
+ e.comprehensionCache = newComprehensionCache()
+ }
+
cache, ok := e.comprehensionCache.Elem(a)
if !ok {
var err error
@@ -1165,7 +1322,10 @@ func (e *eval) buildComprehensionCache(a *ast.Term) (*ast.Term, error) {
}
func (e *eval) buildComprehensionCacheArray(x *ast.ArrayComprehension, keys []*ast.Term) (*comprehensionCacheElem, error) {
- child := e.child(x.Body)
+ child := evalPool.Get()
+ defer evalPool.Put(child)
+
+ e.child(x.Body, child)
node := newComprehensionCacheElem()
return node, child.Run(func(child *eval) error {
values := make([]*ast.Term, len(keys))
@@ -1184,7 +1344,10 @@ func (e *eval) buildComprehensionCacheArray(x *ast.ArrayComprehension, keys []*a
}
func (e *eval) buildComprehensionCacheSet(x *ast.SetComprehension, keys []*ast.Term) (*comprehensionCacheElem, error) {
- child := e.child(x.Body)
+ child := evalPool.Get()
+ defer evalPool.Put(child)
+
+ e.child(x.Body, child)
node := newComprehensionCacheElem()
return node, child.Run(func(child *eval) error {
values := make([]*ast.Term, len(keys))
@@ -1204,7 +1367,10 @@ func (e *eval) buildComprehensionCacheSet(x *ast.SetComprehension, keys []*ast.T
}
func (e *eval) buildComprehensionCacheObject(x *ast.ObjectComprehension, keys []*ast.Term) (*comprehensionCacheElem, error) {
- child := e.child(x.Body)
+ child := evalPool.Get()
+ defer evalPool.Put(child)
+
+ e.child(x.Body, child)
node := newComprehensionCacheElem()
return node, child.Run(func(child *eval) error {
values := make([]*ast.Term, len(keys))
@@ -1285,7 +1451,11 @@ func (e *eval) amendComprehension(a *ast.Term, b1 *bindings) (*ast.Term, error)
func (e *eval) biunifyComprehensionArray(x *ast.ArrayComprehension, b *ast.Term, b1, b2 *bindings, iter unifyIterator) error {
result := ast.NewArray()
- child := e.closure(x.Body)
+ child := evalPool.Get()
+
+ e.closure(x.Body, child)
+ defer evalPool.Put(child)
+
err := child.Run(func(child *eval) error {
result = result.Append(child.bindings.Plug(x.Term))
return nil
@@ -1298,7 +1468,11 @@ func (e *eval) biunifyComprehensionArray(x *ast.ArrayComprehension, b *ast.Term,
func (e *eval) biunifyComprehensionSet(x *ast.SetComprehension, b *ast.Term, b1, b2 *bindings, iter unifyIterator) error {
result := ast.NewSet()
- child := e.closure(x.Body)
+ child := evalPool.Get()
+
+ e.closure(x.Body, child)
+ defer evalPool.Put(child)
+
err := child.Run(func(child *eval) error {
result.Add(child.bindings.Plug(x.Term))
return nil
@@ -1310,8 +1484,13 @@ func (e *eval) biunifyComprehensionSet(x *ast.SetComprehension, b *ast.Term, b1,
}
func (e *eval) biunifyComprehensionObject(x *ast.ObjectComprehension, b *ast.Term, b1, b2 *bindings, iter unifyIterator) error {
+ child := evalPool.Get()
+ defer evalPool.Put(child)
+
+ e.closure(x.Body, child)
+
result := ast.NewObject()
- child := e.closure(x.Body)
+
err := child.Run(func(child *eval) error {
key := child.bindings.Plug(x.Key)
value := child.bindings.Plug(x.Value)
@@ -1354,7 +1533,7 @@ func (e *eval) saveExprMarkUnknowns(expr *ast.Expr, b *bindings, iter unifyItera
e.traceSave(expr)
err = iter()
e.saveStack.Pop()
- for i := 0; i < pops; i++ {
+ for range pops {
e.saveSet.Pop()
}
return err
@@ -1384,7 +1563,7 @@ func (e *eval) saveUnify(a, b *ast.Term, b1, b2 *bindings, iter unifyIterator) e
err := iter()
e.saveStack.Pop()
- for i := 0; i < pops; i++ {
+ for range pops {
e.saveSet.Pop()
}
@@ -1411,7 +1590,7 @@ func (e *eval) saveCall(declArgsLen int, terms []*ast.Term, iter unifyIterator)
err := iter()
e.saveStack.Pop()
- for i := 0; i < pops; i++ {
+ for range pops {
e.saveSet.Pop()
}
return err
@@ -1433,7 +1612,7 @@ func (e *eval) saveInlinedNegatedExprs(exprs []*ast.Expr, iter unifyIterator) er
e.traceSave(expr)
}
err := iter()
- for i := 0; i < len(exprs); i++ {
+ for range exprs {
e.saveStack.Pop()
}
return err
@@ -1448,12 +1627,22 @@ func (e *eval) getRules(ref ast.Ref, args []*ast.Term) (*ast.IndexResult, error)
return nil, nil
}
+ resolver := resolverPool.Get().(*evalResolver)
+ defer func() {
+ resolver.e = nil
+ resolver.args = nil
+ resolverPool.Put(resolver)
+ }()
+
var result *ast.IndexResult
var err error
if e.indexing {
- result, err = index.Lookup(&evalResolver{e: e, args: args})
+ resolver.e = e
+ resolver.args = args
+ result, err = index.Lookup(resolver)
} else {
- result, err = index.AllRules(&evalResolver{e: e})
+ resolver.e = e
+ result, err = index.AllRules(resolver)
}
if err != nil {
return nil, err
@@ -1461,20 +1650,27 @@ func (e *eval) getRules(ref ast.Ref, args []*ast.Term) (*ast.IndexResult, error)
result.EarlyExit = result.EarlyExit && e.earlyExit
- var msg strings.Builder
- if len(result.Rules) == 1 {
- msg.WriteString("(matched 1 rule")
- } else {
- msg.Grow(len("(matched NNNN rules)"))
- msg.WriteString("(matched ")
- msg.WriteString(strconv.Itoa(len(result.Rules)))
- msg.WriteString(" rules")
- }
- if result.EarlyExit {
- msg.WriteString(", early exit")
+ if e.traceEnabled {
+ var msg strings.Builder
+ if len(result.Rules) == 1 {
+ msg.WriteString("(matched 1 rule")
+ } else {
+ msg.Grow(len("(matched NNNN rules)"))
+ msg.WriteString("(matched ")
+ msg.WriteString(strconv.Itoa(len(result.Rules)))
+ msg.WriteString(" rules")
+ }
+ if result.EarlyExit {
+ msg.WriteString(", early exit")
+ }
+ msg.WriteRune(')')
+
+ // Copy ref here as ref otherwise always escapes to the heap,
+ // whether tracing is enabled or not.
+ r := ref.Copy()
+ e.traceIndex(e.query[e.index], msg.String(), &r)
}
- msg.WriteRune(')')
- e.traceIndex(e.query[e.index], msg.String(), &ref)
+
return result, err
}
@@ -1487,10 +1683,20 @@ type evalResolver struct {
args []*ast.Term
}
+var (
+ resolverPool = sync.Pool{
+ New: func() any {
+ return &evalResolver{}
+ },
+ }
+)
+
func (e *evalResolver) Resolve(ref ast.Ref) (ast.Value, error) {
e.e.instr.startTimer(evalOpResolve)
- if e.e.inliningControl.Disabled(ref, true) || e.e.saveSet.Contains(ast.NewTerm(ref), nil) {
+ // NOTE(ae): nil check on saveSet to avoid ast.NewTerm allocation when not needed
+ if e.e.inliningControl.Disabled(ref, true) || (e.e.saveSet != nil &&
+ e.e.saveSet.Contains(ast.NewTerm(ref), nil)) {
e.e.instr.stopTimer(evalOpResolve)
return nil, ast.UnknownValueErr{}
}
@@ -1568,7 +1774,7 @@ func (e *evalResolver) Resolve(ref ast.Ref) (ast.Value, error) {
return merged, err
}
e.e.instr.stopTimer(evalOpResolve)
- return nil, fmt.Errorf("illegal ref")
+ return nil, errors.New("illegal ref")
}
func (e *eval) resolveReadFromStorage(ref ast.Ref, a ast.Value) (ast.Value, error) {
@@ -1599,9 +1805,9 @@ func (e *eval) resolveReadFromStorage(ref ast.Ref, a ast.Value) (ast.Value, erro
if len(path) == 0 {
switch obj := blob.(type) {
- case map[string]interface{}:
+ case map[string]any:
if len(obj) > 0 {
- cpy := make(map[string]interface{}, len(obj)-1)
+ cpy := make(map[string]any, len(obj)-1)
for k, v := range obj {
if string(ast.SystemDocumentKey) != k {
cpy[k] = v
@@ -1611,16 +1817,7 @@ func (e *eval) resolveReadFromStorage(ref ast.Ref, a ast.Value) (ast.Value, erro
}
case ast.Object:
if obj.Len() > 0 {
- cpy := ast.NewObject()
- if err := obj.Iter(func(k *ast.Term, v *ast.Term) error {
- if !ast.SystemDocumentKey.Equal(k.Value) {
- cpy.Insert(k, v)
- }
- return nil
- }); err != nil {
- return nil, err
- }
- blob = cpy
+ blob, _ = obj.Map(systemDocumentKeyRemoveMapper)
}
}
}
@@ -1629,7 +1826,7 @@ func (e *eval) resolveReadFromStorage(ref ast.Ref, a ast.Value) (ast.Value, erro
case ast.Value:
v = blob
default:
- if blob, ok := blob.(map[string]interface{}); ok && !e.strictObjects {
+ if blob, ok := blob.(map[string]any); ok && !e.strictObjects {
v = ast.LazyObject(blob)
break
}
@@ -1653,8 +1850,21 @@ func (e *eval) resolveReadFromStorage(ref ast.Ref, a ast.Value) (ast.Value, erro
return merged, nil
}
+func systemDocumentKeyRemoveMapper(k, v *ast.Term) (*ast.Term, *ast.Term, error) {
+ if ast.SystemDocumentKey.Equal(k.Value) {
+ return nil, nil, nil
+ }
+ return k, v, nil
+}
+
func (e *eval) generateVar(suffix string) *ast.Term {
- return ast.VarTerm(fmt.Sprintf("%v_%v", e.genvarprefix, suffix))
+ buf := make([]byte, 0, len(e.genvarprefix)+len(suffix)+1)
+
+ buf = append(buf, e.genvarprefix...)
+ buf = append(buf, '_')
+ buf = append(buf, suffix...)
+
+ return ast.VarTerm(util.ByteSliceToString(buf))
}
func (e *eval) rewrittenVar(v ast.Var) (ast.Var, bool) {
@@ -1681,7 +1891,7 @@ func (e *eval) getDeclArgsLen(x *ast.Expr) (int, error) {
bi, _, ok := e.builtinFunc(operator.String())
if ok {
- return len(bi.Decl.Args()), nil
+ return bi.Decl.Arity(), nil
}
ir, err := e.getRules(operator, nil)
@@ -1716,7 +1926,7 @@ func (e *evalBuiltin) canUseNDBCache(bi *ast.Builtin) bool {
return bi.Nondeterministic && e.bctx.NDBuiltinCache != nil
}
-func (e evalBuiltin) eval(iter unifyIterator) error {
+func (e *evalBuiltin) eval(iter unifyIterator) error {
operands := make([]*ast.Term, len(e.terms))
@@ -1724,10 +1934,9 @@ func (e evalBuiltin) eval(iter unifyIterator) error {
operands[i] = e.e.bindings.Plug(e.terms[i])
}
- numDeclArgs := len(e.bi.Decl.FuncArgs().Args)
+ numDeclArgs := e.bi.Decl.Arity()
e.e.instr.startTimer(evalOpBuiltinCall)
- var err error
// NOTE(philipc): We sometimes have to drop the very last term off
// the args list for cases where a builtin's result is used/assigned,
@@ -1749,7 +1958,7 @@ func (e evalBuiltin) eval(iter unifyIterator) error {
case e.bi.Decl.Result() == nil:
return iter()
case len(operands) == numDeclArgs:
- if v.Compare(ast.Boolean(false)) == 0 {
+ if ast.Boolean(false).Equal(v) {
return nil // nothing to do
}
return iter()
@@ -1763,7 +1972,7 @@ func (e evalBuiltin) eval(iter unifyIterator) error {
}
// Normal unification flow for builtins:
- err = e.f(e.bctx, operands, func(output *ast.Term) error {
+ err := e.f(e.bctx, operands, func(output *ast.Term) error {
e.e.instr.stopTimer(evalOpBuiltinCall)
@@ -1773,7 +1982,7 @@ func (e evalBuiltin) eval(iter unifyIterator) error {
case e.bi.Decl.Result() == nil:
err = iter()
case len(operands) == numDeclArgs:
- if output.Value.Compare(ast.Boolean(false)) != 0 {
+ if !ast.Boolean(false).Equal(output.Value) {
err = iter()
} // else: nothing to do, don't iter()
default:
@@ -1813,9 +2022,8 @@ func (e evalBuiltin) eval(iter unifyIterator) error {
type evalFunc struct {
e *eval
- ref ast.Ref
- terms []*ast.Term
ir *ast.IndexResult
+ terms []*ast.Term
}
func (e evalFunc) eval(iter unifyIterator) error {
@@ -1837,15 +2045,38 @@ func (e evalFunc) eval(iter unifyIterator) error {
return e.e.saveCall(argCount, e.terms, iter)
}
- if e.e.partial() && (e.e.inliningControl.shallow || e.e.inliningControl.Disabled(e.ref, false)) {
- // check if the function definitions, or any of the arguments
- // contain something unknown
- unknown := e.e.unknown(e.ref, e.e.bindings)
- for i := 1; !unknown && i <= argCount; i++ {
- unknown = e.e.unknown(e.terms[i], e.e.bindings)
+ if e.e.partial() {
+ var mustGenerateSupport bool
+
+ if defRule := e.ir.Default; defRule != nil {
+ // The presence of a default func might force us to generate support
+ if len(defRule.Head.Args) == len(e.terms)-1 {
+ // The function is called without collecting the result in an output term,
+ // therefore any successful evaluation of the function is of interest, including the default value ...
+ if ret := defRule.Head.Value; ret == nil || !ret.Equal(ast.InternedBooleanTerm(false)) {
+ // ... unless the default value is false,
+ mustGenerateSupport = true
+ }
+ } else {
+ // The function is called with an output term, therefore any successful evaluation of the function is of interest.
+ // NOTE: Because of how the compiler rewrites function calls, we can't know if the result value is compared
+ // to a constant value, so we can't be as clever as we are for rules.
+ mustGenerateSupport = true
+ }
}
- if unknown {
- return e.partialEvalSupport(argCount, iter)
+
+ ref := e.terms[0].Value.(ast.Ref)
+
+ if mustGenerateSupport || e.e.inliningControl.shallow || e.e.inliningControl.Disabled(ref, false) {
+ // check if the function definitions, or any of the arguments
+ // contain something unknown
+ unknown := e.e.unknown(ref, e.e.bindings)
+ for i := 1; !unknown && i <= argCount; i++ {
+ unknown = e.e.unknown(e.terms[i], e.e.bindings)
+ }
+ if unknown {
+ return e.partialEvalSupport(argCount, iter)
+ }
}
}
@@ -1854,9 +2085,9 @@ func (e evalFunc) eval(iter unifyIterator) error {
func (e evalFunc) evalValue(iter unifyIterator, argCount int, findOne bool) error {
var cacheKey ast.Ref
- var hit bool
- var err error
if !e.e.partial() {
+ var hit bool
+ var err error
cacheKey, hit, err = e.evalCache(argCount, iter)
if err != nil {
return err
@@ -1865,12 +2096,23 @@ func (e evalFunc) evalValue(iter unifyIterator, argCount int, findOne bool) erro
}
}
+ // NOTE(anders): While it makes the code a bit more complex, reusing the
+ // args slice across each function increment saves a lot of resources
+ // compared to creating a new one inside each call to evalOneRule... so
+ // think twice before simplifying this :)
+ args := make([]*ast.Term, len(e.terms)-1)
+
var prev *ast.Term
return withSuppressEarlyExit(func() error {
var outerEe *deferredEarlyExitError
for _, rule := range e.ir.Rules {
- next, err := e.evalOneRule(iter, rule, cacheKey, prev, findOne)
+ copy(args, rule.Head.Args)
+ if len(args) == len(rule.Head.Args)+1 {
+ args[len(args)-1] = rule.Head.Value
+ }
+
+ next, err := e.evalOneRule(iter, rule, args, cacheKey, prev, findOne)
if err != nil {
if oee, ok := err.(*deferredEarlyExitError); ok {
if outerEe == nil {
@@ -1882,7 +2124,12 @@ func (e evalFunc) evalValue(iter unifyIterator, argCount int, findOne bool) erro
}
if next == nil {
for _, erule := range e.ir.Else[rule] {
- next, err = e.evalOneRule(iter, erule, cacheKey, prev, findOne)
+ copy(args, erule.Head.Args)
+ if len(args) == len(erule.Head.Args)+1 {
+ args[len(args)-1] = erule.Head.Value
+ }
+
+ next, err = e.evalOneRule(iter, erule, args, cacheKey, prev, findOne)
if err != nil {
if oee, ok := err.(*deferredEarlyExitError); ok {
if outerEe == nil {
@@ -1903,7 +2150,13 @@ func (e evalFunc) evalValue(iter unifyIterator, argCount int, findOne bool) erro
}
if e.ir.Default != nil && prev == nil {
- _, err := e.evalOneRule(iter, e.ir.Default, cacheKey, prev, findOne)
+ copy(args, e.ir.Default.Head.Args)
+ if len(args) == len(e.ir.Default.Head.Args)+1 {
+ args[len(args)-1] = e.ir.Default.Head.Value
+ }
+
+ _, err := e.evalOneRule(iter, e.ir.Default, args, cacheKey, prev, findOne)
+
return err
}
@@ -1916,15 +2169,19 @@ func (e evalFunc) evalValue(iter unifyIterator, argCount int, findOne bool) erro
}
func (e evalFunc) evalCache(argCount int, iter unifyIterator) (ast.Ref, bool, error) {
- var plen int
- if len(e.terms) == argCount+2 { // func name + output = 2
- plen = len(e.terms) - 1
- } else {
- plen = len(e.terms)
+ plen := len(e.terms)
+ if plen == argCount+2 { // func name + output = 2
+ plen -= 1
}
+
cacheKey := make([]*ast.Term, plen)
- for i := 0; i < plen; i++ {
- cacheKey[i] = e.e.bindings.Plug(e.terms[i])
+ for i := range plen {
+ if e.terms[i].IsGround() {
+ // Avoid expensive copying of ref if it is ground.
+ cacheKey[i] = e.terms[i]
+ } else {
+ cacheKey[i] = e.e.bindings.Plug(e.terms[i])
+ }
}
cached, _ := e.e.virtualCache.Get(cacheKey)
@@ -1943,23 +2200,18 @@ func (e evalFunc) evalCache(argCount int, iter unifyIterator) (ast.Ref, bool, er
return cacheKey, false, nil
}
-func (e evalFunc) evalOneRule(iter unifyIterator, rule *ast.Rule, cacheKey ast.Ref, prev *ast.Term, findOne bool) (*ast.Term, error) {
+func (e evalFunc) evalOneRule(iter unifyIterator, rule *ast.Rule, args []*ast.Term, cacheKey ast.Ref, prev *ast.Term, findOne bool) (*ast.Term, error) {
+ child := evalPool.Get()
+ defer evalPool.Put(child)
- child := e.e.child(rule.Body)
+ e.e.child(rule.Body, child)
child.findOne = findOne
- args := make([]*ast.Term, len(e.terms)-1)
- copy(args, rule.Head.Args)
-
- if len(args) == len(rule.Head.Args)+1 {
- args[len(args)-1] = rule.Head.Value
- }
-
var result *ast.Term
child.traceEnter(rule)
- err := child.biunifyArrays(ast.NewArray(e.terms[1:]...), ast.NewArray(args...), e.e.bindings, child.bindings, func() error {
+ err := child.biunifyTerms(e.terms[1:], args, e.e.bindings, child.bindings, func() error {
return child.eval(func(child *eval) error {
child.traceExit(rule)
@@ -1976,28 +2228,24 @@ func (e evalFunc) evalOneRule(iter unifyIterator, rule *ast.Rule, cacheKey ast.R
e.e.virtualCache.Put(cacheKey, result) // the redos confirm this, or the evaluation is aborted
}
- if len(rule.Head.Args) == len(e.terms)-1 {
- if result.Value.Compare(ast.Boolean(false)) == 0 {
- if prev != nil && ast.Compare(prev, result) != 0 {
- return functionConflictErr(rule.Location)
- }
- prev = result
- return nil
+ if len(rule.Head.Args) == len(e.terms)-1 && ast.Boolean(false).Equal(result.Value) {
+ if prev != nil && !prev.Equal(result) {
+ return functionConflictErr(rule.Location)
}
+ prev = result
+ return nil
}
// Partial evaluation should explore all rules and may not produce
// a ground result so we do not perform conflict detection or
// deduplication. See "ignore conflicts: functions" test case for
// an example.
- if !e.e.partial() {
- if prev != nil {
- if ast.Compare(prev, result) != 0 {
- return functionConflictErr(rule.Location)
- }
- child.traceRedo(rule)
- return nil
+ if !e.e.partial() && prev != nil {
+ if !prev.Equal(result) {
+ return functionConflictErr(rule.Location)
}
+ child.traceRedo(rule)
+ return nil
}
prev = result
@@ -2015,9 +2263,7 @@ func (e evalFunc) evalOneRule(iter unifyIterator, rule *ast.Rule, cacheKey ast.R
}
func (e evalFunc) partialEvalSupport(declArgsLen int, iter unifyIterator) error {
-
- path := e.e.namespaceRef(e.ref)
- term := ast.NewTerm(path)
+ path := e.e.namespaceRef(e.terms[0].Value.(ast.Ref))
if !e.e.saveSupport.Exists(path) {
for _, rule := range e.ir.Rules {
@@ -2026,18 +2272,29 @@ func (e evalFunc) partialEvalSupport(declArgsLen int, iter unifyIterator) error
return err
}
}
+
+ if e.ir.Default != nil {
+ err := e.partialEvalSupportRule(e.ir.Default, path)
+ if err != nil {
+ return err
+ }
+ }
}
if !e.e.saveSupport.Exists(path) { // we haven't saved anything, nothing to call
return nil
}
+ term := ast.NewTerm(path)
+
return e.e.saveCall(declArgsLen, append([]*ast.Term{term}, e.terms[1:]...), iter)
}
func (e evalFunc) partialEvalSupportRule(rule *ast.Rule, path ast.Ref) error {
+ child := evalPool.Get()
+ defer evalPool.Put(child)
- child := e.e.child(rule.Body)
+ e.e.child(rule.Body, child)
child.traceEnter(rule)
e.e.saveStack.PushQuery(nil)
@@ -2070,8 +2327,9 @@ func (e evalFunc) partialEvalSupportRule(rule *ast.Rule, path ast.Ref) error {
}
e.e.saveSupport.Insert(path, &ast.Rule{
- Head: head,
- Body: plugged,
+ Head: head,
+ Body: plugged,
+ Default: rule.Default,
})
}
child.traceRedo(rule)
@@ -2084,15 +2342,48 @@ func (e evalFunc) partialEvalSupportRule(rule *ast.Rule, path ast.Ref) error {
return err
}
+type deferredEarlyExitContainer struct {
+ deferred *deferredEarlyExitError
+}
+
+func (dc *deferredEarlyExitContainer) handleErr(err error) error {
+ if err == nil {
+ return nil
+ }
+
+ if dc.deferred == nil && errors.As(err, &dc.deferred) && dc.deferred != nil {
+ return nil
+ }
+
+ return err
+}
+
+// copyError returns a copy of the deferred early exit error if one is present.
+// This exists only to allow the container to be reused.
+func (dc *deferredEarlyExitContainer) copyError() *deferredEarlyExitError {
+ if dc.deferred == nil {
+ return nil
+ }
+
+ cpy := *dc.deferred
+ return &cpy
+}
+
+var deecPool = sync.Pool{
+ New: func() any {
+ return &deferredEarlyExitContainer{}
+ },
+}
+
type evalTree struct {
e *eval
- ref ast.Ref
- plugged ast.Ref
- pos int
bindings *bindings
rterm *ast.Term
rbindings *bindings
node *ast.TreeNode
+ ref ast.Ref
+ plugged ast.Ref
+ pos int
}
func (e evalTree) eval(iter unifyIterator) error {
@@ -2115,9 +2406,7 @@ func (e evalTree) finish(iter unifyIterator) error {
// In some cases, it may not be possible to PE the ref. If the path refers
// to virtual docs that PE does not support or base documents where inlining
// has been disabled, then we have to save.
- save := e.e.unknown(e.plugged, e.e.bindings)
-
- if save {
+ if e.e.partial() && e.e.unknown(e.plugged, e.e.bindings) {
return e.e.saveUnify(ast.NewTerm(e.plugged), e.rterm, e.bindings, e.rbindings, iter)
}
@@ -2171,28 +2460,20 @@ func (e evalTree) enumerate(iter unifyIterator) error {
return err
}
- var deferredEe *deferredEarlyExitError
- handleErr := func(err error) error {
- var dee *deferredEarlyExitError
- if errors.As(err, &dee) {
- if deferredEe == nil {
- deferredEe = dee
- }
- return nil
- }
- return err
- }
+ dc := deecPool.Get().(*deferredEarlyExitContainer)
+ dc.deferred = nil
+ defer deecPool.Put(dc)
if doc != nil {
switch doc := doc.(type) {
case *ast.Array:
- for i := 0; i < doc.Len(); i++ {
- k := ast.IntNumberTerm(i)
+ for i := range doc.Len() {
+ k := ast.InternedIntNumberTerm(i)
err := e.e.biunify(k, e.ref[e.pos], e.bindings, e.bindings, func() error {
return e.next(iter, k)
})
- if err := handleErr(err); err != nil {
+ if err := dc.handleErr(err); err != nil {
return err
}
}
@@ -2202,7 +2483,7 @@ func (e evalTree) enumerate(iter unifyIterator) error {
err := e.e.biunify(k, e.ref[e.pos], e.bindings, e.bindings, func() error {
return e.next(iter, k)
})
- if err := handleErr(err); err != nil {
+ if err := dc.handleErr(err); err != nil {
return err
}
}
@@ -2211,15 +2492,15 @@ func (e evalTree) enumerate(iter unifyIterator) error {
err := e.e.biunify(elem, e.ref[e.pos], e.bindings, e.bindings, func() error {
return e.next(iter, elem)
})
- return handleErr(err)
+ return dc.handleErr(err)
}); err != nil {
return err
}
}
}
- if deferredEe != nil {
- return deferredEe
+ if dc.deferred != nil {
+ return dc.copyError()
}
if e.node == nil {
@@ -2317,12 +2598,12 @@ func (e evalTree) leaves(plugged ast.Ref, node *ast.TreeNode) (ast.Object, error
type evalVirtual struct {
e *eval
- ref ast.Ref
- plugged ast.Ref
- pos int
bindings *bindings
rterm *ast.Term
rbindings *bindings
+ ref ast.Ref
+ plugged ast.Ref
+ pos int
}
func (e evalVirtual) eval(iter unifyIterator) error {
@@ -2393,14 +2674,14 @@ func (e evalVirtual) eval(iter unifyIterator) error {
type evalVirtualPartial struct {
e *eval
- ref ast.Ref
- plugged ast.Ref
- pos int
ir *ast.IndexResult
bindings *bindings
rterm *ast.Term
rbindings *bindings
empty *ast.Term
+ ref ast.Ref
+ plugged ast.Ref
+ pos int
}
type evalVirtualPartialCacheHint struct {
@@ -2442,7 +2723,7 @@ func maxRefLength(rules []*ast.Rule, ceil int) int {
for _, r := range rules {
rl := len(r.Ref())
if r.Head.RuleKind() == ast.MultiValue {
- rl = rl + 1
+ rl++
}
if rl >= ceil {
return ceil
@@ -2459,14 +2740,16 @@ func (e evalVirtualPartial) evalEachRule(iter unifyIterator, unknown bool) error
return nil
}
- m := maxRefLength(e.ir.Rules, len(e.ref))
- if e.e.unknown(e.ref[e.pos+1:m], e.bindings) {
- for _, rule := range e.ir.Rules {
- if err := e.evalOneRulePostUnify(iter, rule); err != nil {
- return err
+ if e.e.partial() {
+ m := maxRefLength(e.ir.Rules, len(e.ref))
+ if e.e.unknown(e.ref[e.pos+1:m], e.bindings) {
+ for _, rule := range e.ir.Rules {
+ if err := e.evalOneRulePostUnify(iter, rule); err != nil {
+ return err
+ }
}
+ return nil
}
- return nil
}
hint, err := e.evalCache(iter)
@@ -2536,8 +2819,11 @@ func (e evalVirtualPartial) evalAllRulesNoCache(rules []*ast.Rule) (*ast.Term, e
var visitedRefs []ast.Ref
+ child := evalPool.Get()
+ defer evalPool.Put(child)
+
for _, rule := range rules {
- child := e.e.child(rule.Body)
+ e.e.child(rule.Body, child)
child.traceEnter(rule)
err := child.eval(func(*eval) error {
child.traceExit(rule)
@@ -2570,8 +2856,10 @@ func wrapInObjects(leaf *ast.Term, ref ast.Ref) *ast.Term {
}
func (e evalVirtualPartial) evalOneRulePreUnify(iter unifyIterator, rule *ast.Rule, result *ast.Term, unknown bool, visitedRefs *[]ast.Ref) (*ast.Term, error) {
+ child := evalPool.Get()
+ defer evalPool.Put(child)
- child := e.e.child(rule.Body)
+ e.e.child(rule.Body, child)
child.traceEnter(rule)
var defined bool
@@ -2663,7 +2951,10 @@ func (e *eval) biunifyDynamicRef(pos int, a, b ast.Ref, b1, b2 *bindings, iter u
}
func (e evalVirtualPartial) evalOneRulePostUnify(iter unifyIterator, rule *ast.Rule) error {
- child := e.e.child(rule.Body)
+ child := evalPool.Get()
+ defer evalPool.Put(child)
+
+ e.e.child(rule.Body, child)
child.traceEnter(rule)
var defined bool
@@ -2747,8 +3038,10 @@ func (e evalVirtualPartial) partialEvalSupport(iter unifyIterator) error {
}
func (e evalVirtualPartial) partialEvalSupportRule(rule *ast.Rule, _ ast.Ref) (bool, error) {
+ child := evalPool.Get()
+ defer evalPool.Put(child)
- child := e.e.child(rule.Body)
+ e.e.child(rule.Body, child)
child.traceEnter(rule)
e.e.saveStack.PushQuery(nil)
@@ -2977,7 +3270,7 @@ func (q vcKeyScope) Hash() int {
return hash
}
-func (q vcKeyScope) IsGround() bool {
+func (vcKeyScope) IsGround() bool {
return false
}
@@ -3111,13 +3404,13 @@ func (e evalVirtualPartial) reduce(rule *ast.Rule, b *bindings, result *ast.Term
type evalVirtualComplete struct {
e *eval
- ref ast.Ref
- plugged ast.Ref
- pos int
ir *ast.IndexResult
bindings *bindings
rterm *ast.Term
rbindings *bindings
+ ref ast.Ref
+ plugged ast.Ref
+ pos int
}
func (e evalVirtualComplete) eval(iter unifyIterator) error {
@@ -3139,13 +3432,17 @@ func (e evalVirtualComplete) eval(iter unifyIterator) error {
var generateSupport bool
if e.ir.Default != nil {
- // If the other term is not constant OR it's equal to the default value, then
- // a support rule must be produced as the default value _may_ be required. On
- // the other hand, if the other term is constant (i.e., it does not require
- // evaluation) and it differs from the default value then the default value is
- // _not_ required, so partially evaluate the rule normally.
- rterm := e.rbindings.Plug(e.rterm)
- generateSupport = !ast.IsConstant(rterm.Value) || e.ir.Default.Head.Value.Equal(rterm)
+ // If inlining has been disabled for the rterm, and the default rule has a 'false' result value,
+ // the default value is inconsequential, and support does not need to be generated.
+ if !(e.ir.Default.Head.Value.Equal(ast.InternedBooleanTerm(false)) && e.e.inliningControl.Disabled(e.rterm.Value, false)) {
+ // If the other term is not constant OR it's equal to the default value, then
+ // a support rule must be produced as the default value _may_ be required. On
+ // the other hand, if the other term is constant (i.e., it does not require
+ // evaluation) and it differs from the default value then the default value is
+ // _not_ required, so partially evaluate the rule normally.
+ rterm := e.rbindings.Plug(e.rterm)
+ generateSupport = !ast.IsConstant(rterm.Value) || e.ir.Default.Head.Value.Equal(rterm)
+ }
}
if generateSupport || e.e.inliningControl.shallow || e.e.inliningControl.Disabled(e.plugged[:e.pos+1], false) {
@@ -3226,8 +3523,10 @@ func (e evalVirtualComplete) evalValue(iter unifyIterator, findOne bool) error {
}
func (e evalVirtualComplete) evalValueRule(iter unifyIterator, rule *ast.Rule, prev *ast.Term, findOne bool) (*ast.Term, error) {
+ child := evalPool.Get()
+ defer evalPool.Put(child)
- child := e.e.child(rule.Body)
+ e.e.child(rule.Body, child)
child.findOne = findOne
child.traceEnter(rule)
var result *ast.Term
@@ -3262,9 +3561,11 @@ func (e evalVirtualComplete) evalValueRule(iter unifyIterator, rule *ast.Rule, p
}
func (e evalVirtualComplete) partialEval(iter unifyIterator) error {
+ child := evalPool.Get()
+ defer evalPool.Put(child)
for _, rule := range e.ir.Rules {
- child := e.e.child(rule.Body)
+ e.e.child(rule.Body, child)
child.traceEnter(rule)
err := child.eval(func(child *eval) error {
@@ -3327,8 +3628,10 @@ func (e evalVirtualComplete) partialEvalSupport(iter unifyIterator) error {
}
func (e evalVirtualComplete) partialEvalSupportRule(rule *ast.Rule, path ast.Ref) (bool, error) {
+ child := evalPool.Get()
+ defer evalPool.Put(child)
- child := e.e.child(rule.Body)
+ e.e.child(rule.Body, child)
child.traceEnter(rule)
e.e.saveStack.PushQuery(nil)
@@ -3383,13 +3686,13 @@ func (e evalVirtualComplete) evalTerm(iter unifyIterator, term *ast.Term, termbi
type evalTerm struct {
e *eval
- ref ast.Ref
- pos int
bindings *bindings
term *ast.Term
termbindings *bindings
rterm *ast.Term
rbindings *bindings
+ ref ast.Ref
+ pos int
}
func (e evalTerm) eval(iter unifyIterator) error {
@@ -3440,33 +3743,56 @@ func (e evalTerm) enumerate(iter unifyIterator) error {
switch v := e.term.Value.(type) {
case *ast.Array:
- for i := 0; i < v.Len(); i++ {
- k := ast.IntNumberTerm(i)
- err := e.e.biunify(k, e.ref[e.pos], e.bindings, e.bindings, func() error {
- return e.next(iter, k)
- })
+ // Note(anders):
+ // For this case (e.g. input.foo[_]), we can avoid the (quite expensive) overhead of a callback
+ // function literal escaping to the heap in each iteration by inlining the biunification logic,
+ // meaning a 10x reduction in both the number of allocations made as well as the memory consumed.
+ // It is possible that such inlining could be done for the set/object cases as well, and that's
+ // worth looking into later, as I imagine set iteration in particular would be an even greater
+ // win across most policies. Those cases are however much more complex, as we need to deal with
+ // any type on either side, not just int/var as is the case here.
+ for i := range v.Len() {
+ a := ast.InternedIntNumberTerm(i)
+ b := e.ref[e.pos]
+
+ if _, ok := b.Value.(ast.Var); ok {
+ if e.e.traceEnabled {
+ e.e.traceUnify(a, b)
+ }
+ var undo undo
+ b, e.bindings = e.bindings.apply(b)
+ e.bindings.bind(b, a, e.bindings, &undo)
- if err := handleErr(err); err != nil {
- return err
+ err := e.next(iter, a)
+ undo.Undo()
+ if err != nil {
+ if err := handleErr(err); err != nil {
+ return err
+ }
+ }
}
}
case ast.Object:
- if err := v.Iter(func(k, _ *ast.Term) error {
+ for _, k := range v.Keys() {
err := e.e.biunify(k, e.ref[e.pos], e.termbindings, e.bindings, func() error {
return e.next(iter, e.termbindings.Plug(k))
})
- return handleErr(err)
- }); err != nil {
- return err
+ if err != nil {
+ if err := handleErr(err); err != nil {
+ return err
+ }
+ }
}
case ast.Set:
- if err := v.Iter(func(elem *ast.Term) error {
+ for _, elem := range v.Slice() {
err := e.e.biunify(elem, e.ref[e.pos], e.termbindings, e.bindings, func() error {
return e.next(iter, e.termbindings.Plug(elem))
})
- return handleErr(err)
- }); err != nil {
- return err
+ if err != nil {
+ if err := handleErr(err); err != nil {
+ return err
+ }
+ }
}
}
@@ -3569,7 +3895,11 @@ func (e evalEvery) eval(iter unifyIterator) error {
).SetLocation(e.Domain.Location),
)
- domain := e.e.closure(generator)
+ domain := evalPool.Get()
+ defer evalPool.Put(domain)
+
+ e.e.closure(generator, domain)
+
all := true // all generator evaluations yield one successful body evaluation
domain.traceEnter(e.expr)
@@ -3580,7 +3910,11 @@ func (e evalEvery) eval(iter unifyIterator) error {
// This would do extra work, like iterating needlessly if domain was a large array.
return nil
}
- body := child.closure(e.Body)
+
+ body := evalPool.Get()
+ defer evalPool.Put(body)
+
+ child.closure(e.Body, body)
body.findOne = true
body.traceEnter(e.Body)
done := false
@@ -3707,10 +4041,12 @@ func applyCopyPropagation(p *copypropagation.CopyPropagator, instr *Instrumentat
return result
}
+func nonGroundKey(k, _ *ast.Term) bool {
+ return !k.IsGround()
+}
+
func nonGroundKeys(a ast.Object) bool {
- return a.Until(func(k, _ *ast.Term) bool {
- return !k.IsGround()
- })
+ return a.Until(nonGroundKey)
}
func plugKeys(a ast.Object, b *bindings) ast.Object {
@@ -3772,7 +4108,7 @@ func newNestedCheckVisitor() *nestedCheckVisitor {
return v
}
-func (v *nestedCheckVisitor) visit(x interface{}) bool {
+func (v *nestedCheckVisitor) visit(x any) bool {
switch x.(type) {
case ast.Ref, ast.Call:
v.found = true
@@ -3863,7 +4199,7 @@ func isOtherRef(term *ast.Term) bool {
return !ref.HasPrefix(ast.DefaultRootRef) && !ref.HasPrefix(ast.InputRootRef)
}
-func isFunction(env *ast.TypeEnv, ref interface{}) bool {
+func isFunction(env *ast.TypeEnv, ref any) bool {
var r ast.Ref
switch v := ref.(type) {
case ast.Ref:
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/glob.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/glob.go
similarity index 85%
rename from vendor/github.com/open-policy-agent/opa/topdown/glob.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/glob.go
index baf092ab6d..efaf1d1248 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/glob.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/glob.go
@@ -6,15 +6,17 @@ import (
"github.com/gobwas/glob"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
const globCacheMaxSize = 100
const globInterQueryValueCacheHits = "rego_builtin_glob_interquery_value_cache_hits"
-var globCacheLock = sync.Mutex{}
-var globCache map[string]glob.Glob
+var noDelimiters = []rune{}
+var dotDelimiters = []rune{'.'}
+var globCacheLock = sync.RWMutex{}
+var globCache = map[string]glob.Glob{}
func builtinGlobMatch(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
pattern, err := builtins.StringOperand(operands[0].Value, 1)
@@ -25,14 +27,14 @@ func builtinGlobMatch(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.
var delimiters []rune
switch operands[1].Value.(type) {
case ast.Null:
- delimiters = []rune{}
+ delimiters = noDelimiters
case *ast.Array:
delimiters, err = builtins.RuneSliceOperand(operands[1].Value, 2)
if err != nil {
return err
}
if len(delimiters) == 0 {
- delimiters = []rune{'.'}
+ delimiters = dotDelimiters
}
default:
return builtins.NewOperandTypeErr(2, operands[1].Value, "array", "null")
@@ -55,12 +57,13 @@ func builtinGlobMatch(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.
if err != nil {
return err
}
- return iter(ast.BooleanTerm(m))
+ return iter(ast.InternedBooleanTerm(m))
}
func globCompileAndMatch(bctx BuiltinContext, id, pattern, match string, delimiters []rune) (bool, error) {
if bctx.InterQueryBuiltinValueCache != nil {
+ // TODO: Use named cache
val, ok := bctx.InterQueryBuiltinValueCache.Get(ast.String(id))
if ok {
pat, valid := val.(glob.Glob)
@@ -86,14 +89,15 @@ func globCompileAndMatch(bctx BuiltinContext, id, pattern, match string, delimit
return res.Match(match), nil
}
- globCacheLock.Lock()
- defer globCacheLock.Unlock()
+ globCacheLock.RLock()
p, ok := globCache[id]
+ globCacheLock.RUnlock()
if !ok {
var err error
if p, err = glob.Compile(pattern, delimiters...); err != nil {
return false, err
}
+ globCacheLock.Lock()
if len(globCache) >= globCacheMaxSize {
// Delete a (semi-)random key to make room for the new one.
for k := range globCache {
@@ -102,9 +106,10 @@ func globCompileAndMatch(bctx BuiltinContext, id, pattern, match string, delimit
}
}
globCache[id] = p
+ globCacheLock.Unlock()
}
- out := p.Match(match)
- return out, nil
+
+ return p.Match(match), nil
}
func builtinGlobQuoteMeta(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -117,7 +122,6 @@ func builtinGlobQuoteMeta(_ BuiltinContext, operands []*ast.Term, iter func(*ast
}
func init() {
- globCache = map[string]glob.Glob{}
RegisterBuiltinFunc(ast.GlobMatch.Name, builtinGlobMatch)
RegisterBuiltinFunc(ast.GlobQuoteMeta.Name, builtinGlobQuoteMeta)
}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/graphql.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/graphql.go
new file mode 100644
index 0000000000..871eb4f4ca
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/graphql.go
@@ -0,0 +1,690 @@
+// Copyright 2022 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import (
+ "encoding/json"
+ "fmt"
+ "strconv"
+ "strings"
+
+ gqlast "github.com/vektah/gqlparser/v2/ast"
+ gqlparser "github.com/vektah/gqlparser/v2/parser"
+ gqlvalidator "github.com/vektah/gqlparser/v2/validator"
+
+ // Side-effecting import. Triggers GraphQL library's validation rule init() functions.
+ _ "github.com/vektah/gqlparser/v2/validator/rules"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
+)
+
+// Parses a GraphQL schema, and returns the GraphQL AST for the schema.
+func parseSchema(schema string) (*gqlast.SchemaDocument, error) {
+ // NOTE(philipc): We don't include the "built-in schema defs" from the
+ // underlying graphql parsing library here, because those definitions
+ // generate enormous AST blobs. In the future, if there is demand for
+ // a "full-spec" version of schema ASTs, we may need to provide a
+ // version of this function that includes the built-in schema
+ // definitions.
+ schemaAST, err := gqlparser.ParseSchema(&gqlast.Source{Input: schema})
+ if err != nil {
+ return nil, formatGqlParserError(err)
+ }
+ return schemaAST, nil
+}
+
+// Parses a GraphQL query, and returns the GraphQL AST for the query.
+func parseQuery(query string) (*gqlast.QueryDocument, error) {
+ queryAST, err := gqlparser.ParseQuery(&gqlast.Source{Input: query})
+ if err != nil {
+ return nil, formatGqlParserError(err)
+ }
+ return queryAST, nil
+}
+
+// Validates a GraphQL query against a schema, and returns an error.
+// In this case, we get a wrappered error list type, and pluck out
+// just the first error message in the list.
+func validateQuery(schema *gqlast.Schema, query *gqlast.QueryDocument) error {
+ // Validate the query against the schema, erroring if there's an issue.
+ err := gqlvalidator.Validate(schema, query)
+ if err != nil {
+ return formatGqlParserError(err)
+ }
+ return nil
+}
+
+func getBuiltinSchema() *gqlast.SchemaDocument {
+ schema, err := gqlparser.ParseSchema(gqlvalidator.Prelude)
+ if err != nil {
+ panic(fmt.Errorf("Error in gqlparser Prelude (should be impossible): %w", err))
+ }
+ return schema
+}
+
+// NOTE(philipc): This function expects *validated* schema documents, and will break
+// if it is fed arbitrary structures.
+func mergeSchemaDocuments(docA *gqlast.SchemaDocument, docB *gqlast.SchemaDocument) *gqlast.SchemaDocument {
+ ast := &gqlast.SchemaDocument{}
+ ast.Merge(docA)
+ ast.Merge(docB)
+ return ast
+}
+
+// Converts a SchemaDocument into a gqlast.Schema object that can be used for validation.
+// It merges in the builtin schema typedefs exactly as gqltop.LoadSchema did internally.
+func convertSchema(schemaDoc *gqlast.SchemaDocument) (*gqlast.Schema, error) {
+ // Merge builtin schema + schema we were provided.
+ builtinsSchemaDoc := getBuiltinSchema()
+ mergedSchemaDoc := mergeSchemaDocuments(builtinsSchemaDoc, schemaDoc)
+ schema, err := gqlvalidator.ValidateSchemaDocument(mergedSchemaDoc)
+ if err != nil {
+ return nil, fmt.Errorf("Error in gqlparser SchemaDocument to Schema conversion: %w", err)
+ }
+ return schema, nil
+}
+
+// Converts an ast.Object into a gqlast.QueryDocument object.
+func objectToQueryDocument(value ast.Object) (*gqlast.QueryDocument, error) {
+ // Convert ast.Term to any for JSON encoding below.
+ asJSON, err := ast.JSON(value)
+ if err != nil {
+ return nil, err
+ }
+ // Marshal to JSON.
+ bs, err := json.Marshal(asJSON)
+ if err != nil {
+ return nil, err
+ }
+ // Unmarshal from JSON -> gqlast.QueryDocument.
+ var result gqlast.QueryDocument
+ err = json.Unmarshal(bs, &result)
+ if err != nil {
+ return nil, err
+ }
+ return &result, nil
+}
+
+// Converts an ast.Object into a gqlast.SchemaDocument object.
+func objectToSchemaDocument(value ast.Object) (*gqlast.SchemaDocument, error) {
+ // Convert ast.Term to any for JSON encoding below.
+ asJSON, err := ast.JSON(value)
+ if err != nil {
+ return nil, err
+ }
+ // Marshal to JSON.
+ bs, err := json.Marshal(asJSON)
+ if err != nil {
+ return nil, err
+ }
+ // Unmarshal from JSON -> gqlast.SchemaDocument.
+ var result gqlast.SchemaDocument
+ err = json.Unmarshal(bs, &result)
+ if err != nil {
+ return nil, err
+ }
+ return &result, nil
+}
+
+// Recursively traverses an AST that has been run through InterfaceToValue,
+// and prunes away the fields with null or empty values, and all `Position`
+// structs.
+// NOTE(philipc): We currently prune away null values to reduce the level
+// of clutter in the returned AST objects. In the future, if there is demand
+// for ASTs that have a more regular/fixed structure, we may need to provide
+// a "raw" version of the AST, where we still prune away the `Position`
+// structs, but leave in the null fields.
+func pruneIrrelevantGraphQLASTNodes(value ast.Value) ast.Value {
+ // We iterate over the Value we've been provided, and recurse down
+ // in the case of complex types, such as Arrays/Objects.
+ // We are guaranteed to only have to deal with standard JSON types,
+ // so this is much less ugly than what we'd need for supporting every
+ // extant ast type!
+ switch x := value.(type) {
+ case *ast.Array:
+ result := ast.NewArray()
+ // Iterate over the array's elements, and do the following:
+ // - Drop any Nulls
+ // - Drop any any empty object/array value (after running the pruner)
+ for i := range x.Len() {
+ vTerm := x.Elem(i)
+ switch v := vTerm.Value.(type) {
+ case ast.Null:
+ continue
+ case *ast.Array:
+ // Safe, because we knew the type before going to prune it.
+ va := pruneIrrelevantGraphQLASTNodes(v).(*ast.Array)
+ if va.Len() > 0 {
+ result = result.Append(ast.NewTerm(va))
+ }
+ case ast.Object:
+ // Safe, because we knew the type before going to prune it.
+ vo := pruneIrrelevantGraphQLASTNodes(v).(ast.Object)
+ if vo.Len() > 0 {
+ result = result.Append(ast.NewTerm(vo))
+ }
+ default:
+ result = result.Append(vTerm)
+ }
+ }
+ return result
+ case ast.Object:
+ result := ast.NewObject()
+ // Iterate over our object's keys, and do the following:
+ // - Drop "Position".
+ // - Drop any key with a Null value.
+ // - Drop any key with an empty object/array value (after running the pruner)
+ keys := x.Keys()
+ for _, k := range keys {
+ // We drop the "Position" objects because we don't need the
+ // source-backref/location info they provide for policy rules.
+ // Note that keys are ast.Strings.
+ if ast.String("Position").Equal(k.Value) {
+ continue
+ }
+ vTerm := x.Get(k)
+ switch v := vTerm.Value.(type) {
+ case ast.Null:
+ continue
+ case *ast.Array:
+ // Safe, because we knew the type before going to prune it.
+ va := pruneIrrelevantGraphQLASTNodes(v).(*ast.Array)
+ if va.Len() > 0 {
+ result.Insert(k, ast.NewTerm(va))
+ }
+ case ast.Object:
+ // Safe, because we knew the type before going to prune it.
+ vo := pruneIrrelevantGraphQLASTNodes(v).(ast.Object)
+ if vo.Len() > 0 {
+ result.Insert(k, ast.NewTerm(vo))
+ }
+ default:
+ result.Insert(k, vTerm)
+ }
+ }
+ return result
+ default:
+ return x
+ }
+}
+
+func formatGqlParserError(err error) error {
+ // We use strings.TrimSuffix to remove the '.' characters that the library
+ // authors include on most of their validation errors. This should be safe,
+ // since variable names in their error messages are usually quoted, and
+ // this affects only the last character(s) in the string.
+ // NOTE(philipc): We know the error location will be in the query string,
+ // because schema validation always happens before this function is called.
+ // NOTE(rm): gqlparser does not _always_ return the error location
+ // so only populate location if it is available
+ if err == nil {
+ return nil
+ }
+ // If the error contains location information, format it nicely
+ errorParts := strings.SplitN(err.Error(), ":", 4)
+ if len(errorParts) >= 4 {
+ row, err := strconv.ParseUint(errorParts[1], 10, 64)
+ if err == nil {
+ col, err := strconv.ParseUint(errorParts[2], 10, 64)
+ if err == nil {
+ msg := strings.TrimSuffix(strings.TrimLeft(errorParts[len(errorParts)-1], " "), ".\n")
+ return fmt.Errorf("%s in GraphQL string at location %d:%d", msg, row, col)
+ }
+ }
+ }
+ // Wrap and return the full error if location information is not available
+ return fmt.Errorf("GraphQL parse error: %w", err)
+}
+
+// Reports errors from parsing/validation.
+func builtinGraphQLParse(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ var queryDoc *gqlast.QueryDocument
+ var schemaDoc *gqlast.SchemaDocument
+ var schemaASTValue ast.Value
+ var querySchema ast.Value
+ var err error
+
+ // Parse/translate query if it's a string/object.
+ switch x := operands[0].Value.(type) {
+ case ast.String:
+ queryDoc, err = parseQuery(string(x))
+ case ast.Object:
+ queryDoc, err = objectToQueryDocument(x)
+ default:
+ // Error if wrong type.
+ return builtins.NewOperandTypeErr(0, x, "string", "object")
+ }
+ if err != nil {
+ return err
+ }
+
+ schemaCacheKey, schema := cacheGetSchema(bctx, operands[1])
+ schemaASTCacheKey, querySchema := cacheGetSchemaAST(bctx, operands[1])
+ if schema == nil || querySchema == nil {
+ // Parse/translate schema if it's a string/object.
+ switch x := operands[1].Value.(type) {
+ case ast.String:
+ schemaDoc, err = parseSchema(string(x))
+ case ast.Object:
+ schemaDoc, err = objectToSchemaDocument(x)
+ default:
+ // Error if wrong type.
+ return builtins.NewOperandTypeErr(1, x, "string", "object")
+ }
+ if err != nil {
+ return err
+ }
+
+ // Convert SchemaDoc to Object before validating and converting it to a Schema
+ // This precludes inclusion of extra definitions from the default GraphQL schema
+ if querySchema == nil {
+ schemaASTValue, err = ast.InterfaceToValue(schemaDoc)
+ if err != nil {
+ return err
+ }
+ querySchema = pruneIrrelevantGraphQLASTNodes(schemaASTValue.(ast.Object))
+ cacheInsertSchemaAST(bctx, schemaASTCacheKey, querySchema)
+ }
+
+ // Validate the query against the schema, erroring if there's an issue.
+ if schema == nil {
+ schema, err = convertSchema(schemaDoc)
+ if err != nil {
+ return err
+ }
+ cacheInsertSchema(bctx, schemaCacheKey, schema)
+ }
+
+ }
+ // Transform the ASTs into Objects.
+ queryASTValue, err := ast.InterfaceToValue(queryDoc)
+ if err != nil {
+ return err
+ }
+
+ if err := validateQuery(schema, queryDoc); err != nil {
+ return err
+ }
+
+ // Recursively remove irrelevant AST structures.
+ queryResult := pruneIrrelevantGraphQLASTNodes(queryASTValue.(ast.Object))
+
+ // Construct return value.
+ verified := ast.ArrayTerm(
+ ast.NewTerm(queryResult),
+ ast.NewTerm(querySchema),
+ )
+
+ return iter(verified)
+}
+
+// Returns default value when errors occur.
+func builtinGraphQLParseAndVerify(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ var queryDoc *gqlast.QueryDocument
+ var schemaDoc *gqlast.SchemaDocument
+ var schemaASTValue ast.Value
+ var querySchema ast.Value
+ var err error
+
+ unverified := ast.ArrayTerm(
+ ast.InternedBooleanTerm(false),
+ ast.NewTerm(ast.NewObject()),
+ ast.NewTerm(ast.NewObject()),
+ )
+
+ // Parse/translate query if it's a string/object.
+ switch x := operands[0].Value.(type) {
+ case ast.String:
+ queryDoc, err = parseQuery(string(x))
+ case ast.Object:
+ queryDoc, err = objectToQueryDocument(x)
+ default:
+ // Error if wrong type.
+ return iter(unverified)
+ }
+ if err != nil {
+ return iter(unverified)
+ }
+
+ // Transform the ASTs into Objects.
+ queryASTValue, err := ast.InterfaceToValue(queryDoc)
+ if err != nil {
+ return iter(unverified)
+ }
+
+ schemaCacheKey, schema := cacheGetSchema(bctx, operands[1])
+ schemaASTCacheKey, querySchema := cacheGetSchemaAST(bctx, operands[1])
+ if schema == nil || querySchema == nil {
+ // Parse/translate schema if it's a string/object.
+ switch x := operands[1].Value.(type) {
+ case ast.String:
+ schemaDoc, err = parseSchema(string(x))
+ case ast.Object:
+ schemaDoc, err = objectToSchemaDocument(x)
+ default:
+ // Error if wrong type.
+ return iter(unverified)
+ }
+ if err != nil {
+ return iter(unverified)
+ }
+
+ // Convert SchemaDoc to Object before validating and converting it to a Schema
+ // This precludes inclusion of extra definitions from the default GraphQL schema
+ if querySchema == nil {
+ schemaASTValue, err = ast.InterfaceToValue(schemaDoc)
+ if err != nil {
+ return iter(unverified)
+ }
+ querySchema = pruneIrrelevantGraphQLASTNodes(schemaASTValue.(ast.Object))
+ cacheInsertSchemaAST(bctx, schemaASTCacheKey, querySchema)
+ }
+
+ if schema == nil {
+ schema, err = convertSchema(schemaDoc)
+ if err != nil {
+ return iter(unverified)
+ }
+ cacheInsertSchema(bctx, schemaCacheKey, schema)
+ }
+
+ }
+
+ // Validate the query against the schema, erroring if there's an issue.
+ if err := validateQuery(schema, queryDoc); err != nil {
+ return iter(unverified)
+ }
+
+ // Recursively remove irrelevant AST structures.
+ queryResult := pruneIrrelevantGraphQLASTNodes(queryASTValue.(ast.Object))
+
+ // Construct return value.
+ verified := ast.ArrayTerm(
+ ast.InternedBooleanTerm(true),
+ ast.NewTerm(queryResult),
+ ast.NewTerm(querySchema),
+ )
+
+ return iter(verified)
+}
+
+func builtinGraphQLParseQuery(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ raw, err := builtins.StringOperand(operands[0].Value, 1)
+ if err != nil {
+ return err
+ }
+
+ // Get the highly-nested AST struct, along with any errors generated.
+ query, err := parseQuery(string(raw))
+ if err != nil {
+ return err
+ }
+
+ // Transform the AST into an Object.
+ value, err := ast.InterfaceToValue(query)
+ if err != nil {
+ return err
+ }
+
+ // Recursively remove irrelevant AST structures.
+ result := pruneIrrelevantGraphQLASTNodes(value.(ast.Object))
+
+ return iter(ast.NewTerm(result))
+}
+
+func builtinGraphQLParseSchema(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ schemaDocCacheKey, schemaDoc := cacheGetSchemaDoc(bctx, operands[0])
+ if schemaDoc == nil {
+ raw, err := builtins.StringOperand(operands[0].Value, 1)
+ if err != nil {
+ return err
+ }
+
+ // Get the highly-nested AST struct, along with any errors generated.
+ schemaDoc, err = parseSchema(string(raw))
+ if err != nil {
+ return err
+ }
+ // Note SchemaDoc is not validated
+ cacheInsertSchemaDoc(bctx, schemaDocCacheKey, schemaDoc)
+ }
+
+ schemaASTCacheKey, schemaAST := cacheGetSchemaAST(bctx, operands[0])
+ if schemaAST == nil {
+
+ // Transform the AST into an Object.
+ value, err := ast.InterfaceToValue(schemaDoc)
+ if err != nil {
+ return err
+ }
+
+ // Recursively remove irrelevant AST structures.
+ schemaAST = pruneIrrelevantGraphQLASTNodes(value.(ast.Object))
+ cacheInsertSchemaAST(bctx, schemaASTCacheKey, schemaAST)
+ }
+ return iter(ast.NewTerm(schemaAST))
+}
+
+func builtinGraphQLIsValid(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ var queryDoc *gqlast.QueryDocument
+ var schemaDoc *gqlast.SchemaDocument
+ var schema *gqlast.Schema
+ var err error
+
+ switch x := operands[0].Value.(type) {
+ case ast.String:
+ queryDoc, err = parseQuery(string(x))
+ case ast.Object:
+ queryDoc, err = objectToQueryDocument(x)
+ default:
+ // Error if wrong type.
+ return iter(ast.InternedBooleanTerm(false))
+ }
+ if err != nil {
+ return iter(ast.InternedBooleanTerm(false))
+ }
+
+ schemaCacheKey, schema := cacheGetSchema(bctx, operands[1])
+ if schema == nil {
+ switch x := operands[1].Value.(type) {
+ case ast.String:
+ schemaDoc, err = parseSchema(string(x))
+ case ast.Object:
+ schemaDoc, err = objectToSchemaDocument(x)
+ default:
+ // Error if wrong type.
+ return iter(ast.InternedBooleanTerm(false))
+ }
+ if err != nil {
+ return iter(ast.InternedBooleanTerm(false))
+ }
+
+ // Validate the query against the schema, erroring if there's an issue.
+ schema, err = convertSchema(schemaDoc)
+ if err != nil {
+ return iter(ast.InternedBooleanTerm(false))
+ }
+ cacheInsertSchema(bctx, schemaCacheKey, schema)
+ }
+
+ if err := validateQuery(schema, queryDoc); err != nil {
+ return iter(ast.InternedBooleanTerm(false))
+ }
+
+ // If we got this far, the GraphQL query passed validation.
+ return iter(ast.InternedBooleanTerm(true))
+}
+
+func builtinGraphQLSchemaIsValid(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ var err error
+
+ // Schemas are only cached if they are valid
+ schemaCacheKey, schema := cacheGetSchema(bctx, operands[0])
+ if schema == nil {
+ var schemaDoc *gqlast.SchemaDocument
+ var validatedSchema *gqlast.Schema
+
+ switch x := operands[0].Value.(type) {
+ case ast.String:
+ schemaDoc, err = parseSchema(string(x))
+ case ast.Object:
+ schemaDoc, err = objectToSchemaDocument(x)
+ default:
+ // Error if wrong type.
+ return iter(ast.InternedBooleanTerm(false))
+ }
+ if err != nil {
+ return iter(ast.InternedBooleanTerm(false))
+ }
+ // Validate the schema, this determines the result
+ // and whether there is a schema to cache
+ validatedSchema, err = convertSchema(schemaDoc)
+ if err == nil {
+ cacheInsertSchema(bctx, schemaCacheKey, validatedSchema)
+ }
+ }
+
+ return iter(ast.InternedBooleanTerm(err == nil))
+}
+
+// Insert Schema into cache
+func cacheInsertSchema(bctx BuiltinContext, key string, schema *gqlast.Schema) {
+ if bctx.InterQueryBuiltinValueCache == nil || key == "" {
+ return
+ }
+ cacheKey := ast.String(key)
+ c := bctx.InterQueryBuiltinValueCache.GetCache(gqlCacheName)
+ if c == nil {
+ return
+ }
+ c.Insert(cacheKey, schema)
+}
+
+// Insert SchemaAST into cache
+func cacheInsertSchemaAST(bctx BuiltinContext, key string, schemaAST ast.Value) {
+ if bctx.InterQueryBuiltinValueCache == nil || key == "" {
+ return
+ }
+ cacheKeyAST := ast.String(key)
+ c := bctx.InterQueryBuiltinValueCache.GetCache(gqlCacheName)
+ if c == nil {
+ return
+ }
+ c.Insert(cacheKeyAST, schemaAST)
+}
+
+// Insert SchemaDocument into cache
+func cacheInsertSchemaDoc(bctx BuiltinContext, key string, schemaDoc *gqlast.SchemaDocument) {
+ if bctx.InterQueryBuiltinValueCache == nil || key == "" {
+ return
+ }
+ cacheKey := ast.String(key)
+ c := bctx.InterQueryBuiltinValueCache.GetCache(gqlCacheName)
+ if c == nil {
+ return
+ }
+ c.Insert(cacheKey, schemaDoc)
+}
+
+// Returns the cache key and a Schema if this key already exists in the cache
+func cacheGetSchema(bctx BuiltinContext, t *ast.Term) (string, *gqlast.Schema) {
+ if bctx.InterQueryBuiltinValueCache != nil {
+ if c := bctx.InterQueryBuiltinValueCache.GetCache(gqlCacheName); c != nil {
+ if key, keyOk := cacheKeyWithPrefix(bctx, t, "gql_schema-"); keyOk {
+ if val, ok := c.Get(ast.String(key)); ok {
+ if schema, isSchema := val.(*gqlast.Schema); isSchema {
+ return key, schema
+ }
+ }
+ return key, nil
+ }
+ }
+ }
+ return "", nil
+}
+
+// Returns the cache key and a SchemaDocument if this key already exists in the cache
+// Note: the SchemaDocument is not a validated Schema
+func cacheGetSchemaDoc(bctx BuiltinContext, t *ast.Term) (string, *gqlast.SchemaDocument) {
+ if bctx.InterQueryBuiltinValueCache != nil {
+ if c := bctx.InterQueryBuiltinValueCache.GetCache(gqlCacheName); c != nil {
+ if key, keyOk := cacheKeyWithPrefix(bctx, t, "gql_schema_doc-"); keyOk {
+ if val, ok := c.Get(ast.String(key)); ok {
+ if schemaDoc, isSchemaDoc := val.(*gqlast.SchemaDocument); isSchemaDoc {
+ return key, schemaDoc
+ }
+ }
+ return key, nil
+ }
+ }
+ }
+ return "", nil
+}
+
+// Returns the cache key and a SchemaDocument if this key already exists in the cache
+// Note: the AST should be pruned
+func cacheGetSchemaAST(bctx BuiltinContext, t *ast.Term) (string, ast.Value) {
+ if bctx.InterQueryBuiltinValueCache != nil {
+ if c := bctx.InterQueryBuiltinValueCache.GetCache(gqlCacheName); c != nil {
+ if key, keyOk := cacheKeyWithPrefix(bctx, t, "gql_schema_ast-"); keyOk {
+ if val, ok := c.Get(ast.String(key)); ok {
+ if schemaAST, isSchemaAST := val.(ast.Value); isSchemaAST {
+ return key, schemaAST
+ }
+ }
+ return key, nil
+ }
+ }
+ }
+ return "", nil
+}
+
+// Compute a constant size key for use with the cache
+func cacheKeyWithPrefix(bctx BuiltinContext, t *ast.Term, prefix string) (string, bool) {
+ var cacheKey ast.String
+ var ok = false
+
+ if bctx.InterQueryBuiltinValueCache != nil {
+ switch t.Value.(type) {
+ case ast.String:
+ err := builtinCryptoSha256(bctx, []*ast.Term{t}, func(term *ast.Term) error {
+ cacheKey = term.Value.(ast.String)
+ return nil
+ })
+ ok = (len(cacheKey) > 0) && (err == nil)
+ case ast.Object:
+ objTerm := ast.StringTerm(t.String())
+ err := builtinCryptoSha256(bctx, []*ast.Term{objTerm}, func(term *ast.Term) error {
+ cacheKey = term.Value.(ast.String)
+ return nil
+ })
+ ok = (len(cacheKey) > 0) && (err == nil)
+ default:
+ ok = false
+ }
+ }
+
+ return prefix + string(cacheKey), ok
+}
+
+const gqlCacheName = "graphql"
+
+func init() {
+
+ var defaultCacheEntries int = 10
+ var graphqlCacheConfig = cache.NamedValueCacheConfig{
+ MaxNumEntries: &defaultCacheEntries,
+ }
+ cache.RegisterDefaultInterQueryBuiltinValueCacheConfig(gqlCacheName, &graphqlCacheConfig)
+
+ RegisterBuiltinFunc(ast.GraphQLParse.Name, builtinGraphQLParse)
+ RegisterBuiltinFunc(ast.GraphQLParseAndVerify.Name, builtinGraphQLParseAndVerify)
+ RegisterBuiltinFunc(ast.GraphQLParseQuery.Name, builtinGraphQLParseQuery)
+ RegisterBuiltinFunc(ast.GraphQLParseSchema.Name, builtinGraphQLParseSchema)
+ RegisterBuiltinFunc(ast.GraphQLIsValid.Name, builtinGraphQLIsValid)
+ RegisterBuiltinFunc(ast.GraphQLSchemaIsValid.Name, builtinGraphQLSchemaIsValid)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/http.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/http.go
new file mode 100644
index 0000000000..1bad104cad
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/http.go
@@ -0,0 +1,1619 @@
+// Copyright 2018 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import (
+ "bytes"
+ "context"
+ "crypto/tls"
+ "crypto/x509"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "math"
+ "net"
+ "net/http"
+ "net/url"
+ "os"
+ "runtime"
+ "slices"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/open-policy-agent/opa/internal/version"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
+ "github.com/open-policy-agent/opa/v1/tracing"
+ "github.com/open-policy-agent/opa/v1/util"
+)
+
+type cachingMode string
+
+const (
+ defaultHTTPRequestTimeoutEnv = "HTTP_SEND_TIMEOUT"
+ defaultCachingMode cachingMode = "serialized"
+ cachingModeDeserialized cachingMode = "deserialized"
+)
+
+var defaultHTTPRequestTimeout = time.Second * 5
+
+var allowedKeyNames = [...]string{
+ "method",
+ "url",
+ "body",
+ "enable_redirect",
+ "force_json_decode",
+ "force_yaml_decode",
+ "headers",
+ "raw_body",
+ "tls_use_system_certs",
+ "tls_ca_cert",
+ "tls_ca_cert_file",
+ "tls_ca_cert_env_variable",
+ "tls_client_cert",
+ "tls_client_cert_file",
+ "tls_client_cert_env_variable",
+ "tls_client_key",
+ "tls_client_key_file",
+ "tls_client_key_env_variable",
+ "tls_insecure_skip_verify",
+ "tls_server_name",
+ "timeout",
+ "cache",
+ "force_cache",
+ "force_cache_duration_seconds",
+ "raise_error",
+ "caching_mode",
+ "max_retry_attempts",
+ "cache_ignored_headers",
+}
+
+// ref: https://www.rfc-editor.org/rfc/rfc7231#section-6.1
+var cacheableHTTPStatusCodes = [...]int{
+ http.StatusOK,
+ http.StatusNonAuthoritativeInfo,
+ http.StatusNoContent,
+ http.StatusPartialContent,
+ http.StatusMultipleChoices,
+ http.StatusMovedPermanently,
+ http.StatusNotFound,
+ http.StatusMethodNotAllowed,
+ http.StatusGone,
+ http.StatusRequestURITooLong,
+ http.StatusNotImplemented,
+}
+
+var (
+ httpSendNetworkErrTerm = ast.StringTerm(HTTPSendNetworkErr)
+ httpSendInternalErrTerm = ast.StringTerm(HTTPSendInternalErr)
+
+ allowedKeys = ast.NewSet()
+ keyCache = make(map[string]*ast.Term, len(allowedKeyNames))
+ cacheableCodes = ast.NewSet()
+ requiredKeys = ast.NewSet(ast.InternedStringTerm("method"), ast.InternedStringTerm("url"))
+ httpSendLatencyMetricKey = "rego_builtin_http_send"
+ httpSendInterQueryCacheHits = httpSendLatencyMetricKey + "_interquery_cache_hits"
+)
+
+type httpSendKey string
+
+// CustomizeRoundTripper allows customizing an existing http.Transport,
+// to the returned value, which could be the same Transport or a new one.
+type CustomizeRoundTripper func(*http.Transport) http.RoundTripper
+
+const (
+ // httpSendBuiltinCacheKey is the key in the builtin context cache that
+ // points to the http.send() specific cache resides at.
+ httpSendBuiltinCacheKey httpSendKey = "HTTP_SEND_CACHE_KEY"
+
+ // HTTPSendInternalErr represents a runtime evaluation error.
+ HTTPSendInternalErr string = "eval_http_send_internal_error"
+
+ // HTTPSendNetworkErr represents a network error.
+ HTTPSendNetworkErr string = "eval_http_send_network_error"
+
+ // minRetryDelay is amount of time to backoff after the first failure.
+ minRetryDelay = time.Millisecond * 100
+
+ // maxRetryDelay is the upper bound of backoff delay.
+ maxRetryDelay = time.Second * 60
+)
+
+func builtinHTTPSend(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+
+ obj, err := builtins.ObjectOperand(operands[0].Value, 1)
+ if err != nil {
+ return handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)
+ }
+
+ raiseError, err := getRaiseErrorValue(obj)
+ if err != nil {
+ return handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)
+ }
+
+ req, err := validateHTTPRequestOperand(operands[0], 1)
+ if err != nil {
+ if raiseError {
+ return handleHTTPSendErr(bctx, err)
+ }
+
+ return iter(generateRaiseErrorResult(handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)))
+ }
+
+ result, err := getHTTPResponse(bctx, req)
+ if err != nil {
+ if raiseError {
+ return handleHTTPSendErr(bctx, err)
+ }
+
+ result = generateRaiseErrorResult(err)
+ }
+ return iter(result)
+}
+
+func generateRaiseErrorResult(err error) *ast.Term {
+ var errObj ast.Object
+ switch err.(type) {
+ case *url.Error:
+ errObj = ast.NewObject(
+ ast.Item(ast.InternedStringTerm("code"), httpSendNetworkErrTerm),
+ ast.Item(ast.InternedStringTerm("message"), ast.StringTerm(err.Error())),
+ )
+ default:
+ errObj = ast.NewObject(
+ ast.Item(ast.InternedStringTerm("code"), httpSendInternalErrTerm),
+ ast.Item(ast.InternedStringTerm("message"), ast.StringTerm(err.Error())),
+ )
+ }
+
+ return ast.ObjectTerm(
+ ast.Item(ast.InternedStringTerm("status_code"), ast.InternedIntNumberTerm(0)),
+ ast.Item(ast.InternedStringTerm("error"), ast.NewTerm(errObj)),
+ )
+}
+
+func getHTTPResponse(bctx BuiltinContext, req ast.Object) (*ast.Term, error) {
+
+ bctx.Metrics.Timer(httpSendLatencyMetricKey).Start()
+ defer bctx.Metrics.Timer(httpSendLatencyMetricKey).Stop()
+
+ key, err := getKeyFromRequest(req)
+ if err != nil {
+ return nil, err
+ }
+
+ reqExecutor, err := newHTTPRequestExecutor(bctx, req, key)
+ if err != nil {
+ return nil, err
+ }
+ // Check if cache already has a response for this query
+ // set headers to exclude cache_ignored_headers
+ resp, err := reqExecutor.CheckCache()
+ if err != nil {
+ return nil, err
+ }
+
+ if resp == nil {
+ httpResp, err := reqExecutor.ExecuteHTTPRequest()
+ if err != nil {
+ reqExecutor.InsertErrorIntoCache(err)
+ return nil, err
+ }
+ defer util.Close(httpResp)
+ // Add result to intra/inter-query cache.
+ resp, err = reqExecutor.InsertIntoCache(httpResp)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return ast.NewTerm(resp), nil
+}
+
+// getKeyFromRequest returns a key to be used for caching HTTP responses
+// deletes headers from request object mentioned in cache_ignored_headers
+func getKeyFromRequest(req ast.Object) (ast.Object, error) {
+ // deep copy so changes to key do not reflect in the request object
+ key := req.Copy()
+ cacheIgnoredHeadersTerm := req.Get(keyCache["cache_ignored_headers"])
+ allHeadersTerm := req.Get(ast.StringTerm("headers"))
+ // skip because no headers to delete
+ if cacheIgnoredHeadersTerm == nil || allHeadersTerm == nil {
+ // need to explicitly set cache_ignored_headers to null
+ // equivalent requests might have different sets of exclusion lists
+ key.Insert(ast.StringTerm("cache_ignored_headers"), ast.InternedNullTerm)
+ return key, nil
+ }
+ var cacheIgnoredHeaders []string
+ err := ast.As(cacheIgnoredHeadersTerm.Value, &cacheIgnoredHeaders)
+ if err != nil {
+ return nil, err
+ }
+ var allHeaders map[string]any
+ err = ast.As(allHeadersTerm.Value, &allHeaders)
+ if err != nil {
+ return nil, err
+ }
+ for _, header := range cacheIgnoredHeaders {
+ delete(allHeaders, header)
+ }
+ val, err := ast.InterfaceToValue(allHeaders)
+ if err != nil {
+ return nil, err
+ }
+ key.Insert(keyCache["headers"], ast.NewTerm(val))
+ // remove cache_ignored_headers key
+ key.Insert(keyCache["cache_ignored_headers"], ast.InternedNullTerm)
+ return key, nil
+}
+
+func init() {
+ createKeys()
+ createCacheableHTTPStatusCodes()
+ initDefaults()
+ RegisterBuiltinFunc(ast.HTTPSend.Name, builtinHTTPSend)
+}
+
+func handleHTTPSendErr(bctx BuiltinContext, err error) error {
+ // Return HTTP client timeout errors in a generic error message to avoid confusion about what happened.
+ // Do not do this if the builtin context was cancelled and is what caused the request to stop.
+ if urlErr, ok := err.(*url.Error); ok && urlErr.Timeout() && bctx.Context.Err() == nil {
+ err = fmt.Errorf("%s %s: request timed out", urlErr.Op, urlErr.URL)
+ }
+ if err := bctx.Context.Err(); err != nil {
+ return Halt{
+ Err: &Error{
+ Code: CancelErr,
+ Message: fmt.Sprintf("http.send: timed out (%s)", err.Error()),
+ },
+ }
+ }
+ return handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)
+}
+
+func initDefaults() {
+ timeoutDuration := os.Getenv(defaultHTTPRequestTimeoutEnv)
+ if timeoutDuration != "" {
+ var err error
+ defaultHTTPRequestTimeout, err = time.ParseDuration(timeoutDuration)
+ if err != nil {
+ // If it is set to something not valid don't let the process continue in a state
+ // that will almost definitely give unexpected results by having it set at 0
+ // which means no timeout..
+ // This environment variable isn't considered part of the public API.
+ // TODO(patrick-east): Remove the environment variable
+ panic(fmt.Sprintf("invalid value for HTTP_SEND_TIMEOUT: %s", err))
+ }
+ }
+}
+
+func validateHTTPRequestOperand(term *ast.Term, pos int) (ast.Object, error) {
+
+ obj, err := builtins.ObjectOperand(term.Value, pos)
+ if err != nil {
+ return nil, err
+ }
+
+ requestKeys := ast.NewSet(obj.Keys()...)
+
+ invalidKeys := requestKeys.Diff(allowedKeys)
+ if invalidKeys.Len() != 0 {
+ return nil, builtins.NewOperandErr(pos, "invalid request parameters(s): %v", invalidKeys)
+ }
+
+ missingKeys := requiredKeys.Diff(requestKeys)
+ if missingKeys.Len() != 0 {
+ return nil, builtins.NewOperandErr(pos, "missing required request parameters(s): %v", missingKeys)
+ }
+
+ return obj, nil
+
+}
+
+// canonicalizeHeaders returns a copy of the headers where the keys are in
+// canonical HTTP form.
+func canonicalizeHeaders(headers map[string]any) map[string]any {
+ canonicalized := map[string]any{}
+
+ for k, v := range headers {
+ canonicalized[http.CanonicalHeaderKey(k)] = v
+ }
+
+ return canonicalized
+}
+
+// useSocket examines the url for "unix://" and returns a *http.Transport with
+// a DialContext that opens a socket (specified in the http call).
+// The url is expected to contain socket=/path/to/socket (url encoded)
+// Ex. "unix://localhost/end/point?socket=%2Ftmp%2Fhttp.sock"
+func useSocket(rawURL string, tlsConfig *tls.Config) (bool, string, *http.Transport) {
+ u, err := url.Parse(rawURL)
+ if err != nil {
+ return false, "", nil
+ }
+
+ if u.Scheme != "unix" || u.RawQuery == "" {
+ return false, rawURL, nil
+ }
+
+ v, err := url.ParseQuery(u.RawQuery)
+ if err != nil {
+ return false, rawURL, nil
+ }
+
+ // Rewrite URL targeting the UNIX domain socket.
+ u.Scheme = "http"
+
+ // Extract the path to the socket.
+ // Only retrieve the first value. Subsequent values are ignored and removed
+ // to prevent HTTP parameter pollution.
+ socket := v.Get("socket")
+ v.Del("socket")
+ u.RawQuery = v.Encode()
+
+ tr := http.DefaultTransport.(*http.Transport).Clone()
+ tr.DialContext = func(ctx context.Context, _, _ string) (net.Conn, error) {
+ return http.DefaultTransport.(*http.Transport).DialContext(ctx, "unix", socket)
+ }
+ tr.TLSClientConfig = tlsConfig
+ tr.DisableKeepAlives = true
+
+ return true, u.String(), tr
+}
+
+func verifyHost(bctx BuiltinContext, host string) error {
+ if bctx.Capabilities == nil || bctx.Capabilities.AllowNet == nil {
+ return nil
+ }
+
+ if slices.Contains(bctx.Capabilities.AllowNet, host) {
+ return nil
+ }
+
+ return fmt.Errorf("unallowed host: %s", host)
+}
+
+func verifyURLHost(bctx BuiltinContext, unverifiedURL string) error {
+ // Eager return to avoid unnecessary URL parsing
+ if bctx.Capabilities == nil || bctx.Capabilities.AllowNet == nil {
+ return nil
+ }
+
+ parsedURL, err := url.Parse(unverifiedURL)
+ if err != nil {
+ return err
+ }
+
+ host := strings.Split(parsedURL.Host, ":")[0]
+
+ return verifyHost(bctx, host)
+}
+
+func createHTTPRequest(bctx BuiltinContext, obj ast.Object) (*http.Request, *http.Client, error) {
+ var (
+ url, method string
+ // Additional CA certificates loading options.
+ tlsCaCert []byte
+ tlsCaCertEnvVar, tlsCaCertFile string
+ // Client TLS certificate and key options. Each input source
+ // comes in a matched pair.
+ tlsClientCert, tlsClientKey []byte
+ tlsClientCertEnvVar, tlsClientKeyEnvVar string
+ tlsClientCertFile, tlsClientKeyFile, tlsServerName string
+
+ body, rawBody *bytes.Buffer
+ enableRedirect, tlsInsecureSkipVerify bool
+ tlsUseSystemCerts *bool
+ tlsConfig tls.Config
+ customHeaders map[string]any
+ )
+
+ timeout := defaultHTTPRequestTimeout
+
+ for _, val := range obj.Keys() {
+ key, err := ast.JSON(val.Value)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ key = key.(string)
+
+ var strVal string
+
+ if s, ok := obj.Get(val).Value.(ast.String); ok {
+ strVal = strings.Trim(string(s), "\"")
+ } else {
+ // Most parameters are strings, so consolidate the type checking.
+ switch key {
+ case "method",
+ "url",
+ "raw_body",
+ "tls_ca_cert",
+ "tls_ca_cert_file",
+ "tls_ca_cert_env_variable",
+ "tls_client_cert",
+ "tls_client_cert_file",
+ "tls_client_cert_env_variable",
+ "tls_client_key",
+ "tls_client_key_file",
+ "tls_client_key_env_variable",
+ "tls_server_name":
+ return nil, nil, fmt.Errorf("%q must be a string", key)
+ }
+ }
+
+ switch key {
+ case "method":
+ method = strings.ToUpper(strVal)
+ case "url":
+ err := verifyURLHost(bctx, strVal)
+ if err != nil {
+ return nil, nil, err
+ }
+ url = strVal
+ case "enable_redirect":
+ enableRedirect, err = strconv.ParseBool(obj.Get(val).String())
+ if err != nil {
+ return nil, nil, err
+ }
+ case "body":
+ bodyVal := obj.Get(val).Value
+ bodyValInterface, err := ast.JSON(bodyVal)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ bodyValBytes, err := json.Marshal(bodyValInterface)
+ if err != nil {
+ return nil, nil, err
+ }
+ body = bytes.NewBuffer(bodyValBytes)
+ case "raw_body":
+ rawBody = bytes.NewBufferString(strVal)
+ case "tls_use_system_certs":
+ tempTLSUseSystemCerts, err := strconv.ParseBool(obj.Get(val).String())
+ if err != nil {
+ return nil, nil, err
+ }
+ tlsUseSystemCerts = &tempTLSUseSystemCerts
+ case "tls_ca_cert":
+ tlsCaCert = []byte(strVal)
+ case "tls_ca_cert_file":
+ tlsCaCertFile = strVal
+ case "tls_ca_cert_env_variable":
+ tlsCaCertEnvVar = strVal
+ case "tls_client_cert":
+ tlsClientCert = []byte(strVal)
+ case "tls_client_cert_file":
+ tlsClientCertFile = strVal
+ case "tls_client_cert_env_variable":
+ tlsClientCertEnvVar = strVal
+ case "tls_client_key":
+ tlsClientKey = []byte(strVal)
+ case "tls_client_key_file":
+ tlsClientKeyFile = strVal
+ case "tls_client_key_env_variable":
+ tlsClientKeyEnvVar = strVal
+ case "tls_server_name":
+ tlsServerName = strVal
+ case "headers":
+ headersVal := obj.Get(val).Value
+ headersValInterface, err := ast.JSON(headersVal)
+ if err != nil {
+ return nil, nil, err
+ }
+ var ok bool
+ customHeaders, ok = headersValInterface.(map[string]any)
+ if !ok {
+ return nil, nil, errors.New("invalid type for headers key")
+ }
+ case "tls_insecure_skip_verify":
+ tlsInsecureSkipVerify, err = strconv.ParseBool(obj.Get(val).String())
+ if err != nil {
+ return nil, nil, err
+ }
+ case "timeout":
+ timeout, err = parseTimeout(obj.Get(val).Value)
+ if err != nil {
+ return nil, nil, err
+ }
+ case "cache", "caching_mode",
+ "force_cache", "force_cache_duration_seconds",
+ "force_json_decode", "force_yaml_decode",
+ "raise_error", "max_retry_attempts", "cache_ignored_headers": // no-op
+ default:
+ return nil, nil, fmt.Errorf("invalid parameter %q", key)
+ }
+ }
+
+ isTLS := false
+ client := &http.Client{
+ Timeout: timeout,
+ CheckRedirect: func(*http.Request, []*http.Request) error {
+ return http.ErrUseLastResponse
+ },
+ }
+
+ if tlsInsecureSkipVerify {
+ isTLS = true
+ tlsConfig.InsecureSkipVerify = tlsInsecureSkipVerify
+ }
+
+ if len(tlsClientCert) > 0 && len(tlsClientKey) > 0 {
+ cert, err := tls.X509KeyPair(tlsClientCert, tlsClientKey)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ isTLS = true
+ tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
+ }
+
+ if tlsClientCertFile != "" && tlsClientKeyFile != "" {
+ cert, err := tls.LoadX509KeyPair(tlsClientCertFile, tlsClientKeyFile)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ isTLS = true
+ tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
+ }
+
+ if tlsClientCertEnvVar != "" && tlsClientKeyEnvVar != "" {
+ cert, err := tls.X509KeyPair(
+ []byte(os.Getenv(tlsClientCertEnvVar)),
+ []byte(os.Getenv(tlsClientKeyEnvVar)))
+ if err != nil {
+ return nil, nil, fmt.Errorf("cannot extract public/private key pair from envvars %q, %q: %w",
+ tlsClientCertEnvVar, tlsClientKeyEnvVar, err)
+ }
+
+ isTLS = true
+ tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
+ }
+
+ // Use system certs if no CA cert is provided
+ // or system certs flag is not set
+ if len(tlsCaCert) == 0 && tlsCaCertFile == "" && tlsCaCertEnvVar == "" && tlsUseSystemCerts == nil {
+ trueValue := true
+ tlsUseSystemCerts = &trueValue
+ }
+
+ // Check the system certificates config first so that we
+ // load additional certificated into the correct pool.
+ if tlsUseSystemCerts != nil && *tlsUseSystemCerts && runtime.GOOS != "windows" {
+ pool, err := x509.SystemCertPool()
+ if err != nil {
+ return nil, nil, err
+ }
+
+ isTLS = true
+ tlsConfig.RootCAs = pool
+ }
+
+ if len(tlsCaCert) != 0 {
+ tlsCaCert = bytes.ReplaceAll(tlsCaCert, []byte("\\n"), []byte("\n"))
+ pool, err := addCACertsFromBytes(tlsConfig.RootCAs, tlsCaCert)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ isTLS = true
+ tlsConfig.RootCAs = pool
+ }
+
+ if tlsCaCertFile != "" {
+ pool, err := addCACertsFromFile(tlsConfig.RootCAs, tlsCaCertFile)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ isTLS = true
+ tlsConfig.RootCAs = pool
+ }
+
+ if tlsCaCertEnvVar != "" {
+ pool, err := addCACertsFromEnv(tlsConfig.RootCAs, tlsCaCertEnvVar)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ isTLS = true
+ tlsConfig.RootCAs = pool
+ }
+
+ var transport *http.Transport
+ if isTLS {
+ if ok, parsedURL, tr := useSocket(url, &tlsConfig); ok {
+ transport = tr
+ url = parsedURL
+ } else {
+ transport = http.DefaultTransport.(*http.Transport).Clone()
+ transport.TLSClientConfig = &tlsConfig
+ transport.DisableKeepAlives = true
+ }
+ } else {
+ if ok, parsedURL, tr := useSocket(url, nil); ok {
+ transport = tr
+ url = parsedURL
+ }
+ }
+
+ if bctx.RoundTripper != nil {
+ client.Transport = bctx.RoundTripper(transport)
+ } else if transport != nil {
+ client.Transport = transport
+ }
+
+ // check if redirects are enabled
+ if enableRedirect {
+ client.CheckRedirect = func(req *http.Request, _ []*http.Request) error {
+ return verifyURLHost(bctx, req.URL.String())
+ }
+ }
+
+ if rawBody != nil {
+ body = rawBody
+ } else if body == nil {
+ body = bytes.NewBufferString("")
+ }
+
+ // create the http request, use the builtin context's context to ensure
+ // the request is cancelled if evaluation is cancelled.
+ req, err := http.NewRequest(method, url, body)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ req = req.WithContext(bctx.Context)
+
+ // Add custom headers
+ if len(customHeaders) != 0 {
+ customHeaders = canonicalizeHeaders(customHeaders)
+
+ for k, v := range customHeaders {
+ header, ok := v.(string)
+ if !ok {
+ return nil, nil, fmt.Errorf("invalid type for headers value %q", v)
+ }
+
+ req.Header.Add(k, header)
+ }
+
+ // Don't overwrite or append to one that was set in the custom headers
+ if _, hasUA := customHeaders["User-Agent"]; !hasUA {
+ req.Header.Add("User-Agent", version.UserAgent)
+ }
+
+ // If the caller specifies the Host header, use it for the HTTP
+ // request host and the TLS server name.
+ if host, hasHost := customHeaders["Host"]; hasHost {
+ host := host.(string) // We already checked that it's a string.
+ req.Host = host
+
+ // Only default the ServerName if the caller has
+ // specified the host. If we don't specify anything,
+ // Go will default to the target hostname. This name
+ // is not the same as the default that Go populates
+ // `req.Host` with, which is why we don't just set
+ // this unconditionally.
+ tlsConfig.ServerName = host
+ }
+ }
+
+ if tlsServerName != "" {
+ tlsConfig.ServerName = tlsServerName
+ }
+
+ if len(bctx.DistributedTracingOpts) > 0 {
+ client.Transport = tracing.NewTransport(client.Transport, bctx.DistributedTracingOpts)
+ }
+
+ return req, client, nil
+}
+
+func executeHTTPRequest(req *http.Request, client *http.Client, inputReqObj ast.Object) (*http.Response, error) {
+ var err error
+ var retry int
+
+ retry, err = getNumberValFromReqObj(inputReqObj, keyCache["max_retry_attempts"])
+ if err != nil {
+ return nil, err
+ }
+
+ for i := 0; true; i++ {
+
+ var resp *http.Response
+ resp, err = client.Do(req)
+ if err == nil {
+ return resp, nil
+ }
+
+ // final attempt
+ if i == retry {
+ break
+ }
+
+ if err == context.Canceled {
+ return nil, err
+ }
+
+ delay := util.DefaultBackoff(float64(minRetryDelay), float64(maxRetryDelay), i)
+ timer, timerCancel := util.TimerWithCancel(delay)
+ select {
+ case <-timer.C:
+ case <-req.Context().Done():
+ timerCancel() // explicitly cancel the timer.
+ return nil, context.Canceled
+ }
+ }
+ return nil, err
+}
+
+func isContentType(header http.Header, typ ...string) bool {
+ for _, t := range typ {
+ if strings.Contains(header.Get("Content-Type"), t) {
+ return true
+ }
+ }
+ return false
+}
+
+type httpSendCacheEntry struct {
+ response *ast.Value
+ error error
+}
+
+// The httpSendCache is used for intra-query caching of http.send results.
+type httpSendCache struct {
+ entries *util.HasherMap[ast.Value, httpSendCacheEntry]
+}
+
+func newHTTPSendCache() *httpSendCache {
+ return &httpSendCache{
+ entries: util.NewHasherMap[ast.Value, httpSendCacheEntry](ast.ValueEqual),
+ }
+}
+
+func (cache *httpSendCache) get(k ast.Value) *httpSendCacheEntry {
+ if v, ok := cache.entries.Get(k); ok {
+ return &v
+ }
+ return nil
+}
+
+func (cache *httpSendCache) putResponse(k ast.Value, v *ast.Value) {
+ cache.entries.Put(k, httpSendCacheEntry{response: v})
+}
+
+func (cache *httpSendCache) putError(k ast.Value, v error) {
+ cache.entries.Put(k, httpSendCacheEntry{error: v})
+}
+
+// In the BuiltinContext cache we only store a single entry that points to
+// our ValueMap which is the "real" http.send() cache.
+func getHTTPSendCache(bctx BuiltinContext) *httpSendCache {
+ raw, ok := bctx.Cache.Get(httpSendBuiltinCacheKey)
+ if !ok {
+ // Initialize if it isn't there
+ c := newHTTPSendCache()
+ bctx.Cache.Put(httpSendBuiltinCacheKey, c)
+ return c
+ }
+
+ c, ok := raw.(*httpSendCache)
+ if !ok {
+ return nil
+ }
+ return c
+}
+
+// checkHTTPSendCache checks for the given key's value in the cache
+func checkHTTPSendCache(bctx BuiltinContext, key ast.Object) (ast.Value, error) {
+ requestCache := getHTTPSendCache(bctx)
+ if requestCache == nil {
+ return nil, nil
+ }
+
+ v := requestCache.get(key)
+ if v != nil {
+ if v.error != nil {
+ return nil, v.error
+ }
+ if v.response != nil {
+ return *v.response, nil
+ }
+ // This should never happen
+ }
+
+ return nil, nil
+}
+
+func insertIntoHTTPSendCache(bctx BuiltinContext, key ast.Object, value ast.Value) {
+ requestCache := getHTTPSendCache(bctx)
+ if requestCache == nil {
+ // Should never happen.. if it does just skip caching the value
+ // FIXME: return error instead, to prevent inconsistencies?
+ return
+ }
+ requestCache.putResponse(key, &value)
+}
+
+func insertErrorIntoHTTPSendCache(bctx BuiltinContext, key ast.Object, err error) {
+ requestCache := getHTTPSendCache(bctx)
+ if requestCache == nil {
+ // Should never happen.. if it does just skip caching the value
+ // FIXME: return error instead, to prevent inconsistencies?
+ return
+ }
+ requestCache.putError(key, err)
+}
+
+// checkHTTPSendInterQueryCache checks for the given key's value in the inter-query cache
+func (c *interQueryCache) checkHTTPSendInterQueryCache() (ast.Value, error) {
+ requestCache := c.bctx.InterQueryBuiltinCache
+
+ cachedValue, found := requestCache.Get(c.key)
+ if !found {
+ return nil, nil
+ }
+
+ value, cerr := requestCache.Clone(cachedValue)
+ if cerr != nil {
+ return nil, handleHTTPSendErr(c.bctx, cerr)
+ }
+
+ c.bctx.Metrics.Counter(httpSendInterQueryCacheHits).Incr()
+ var cachedRespData *interQueryCacheData
+
+ switch v := value.(type) {
+ case *interQueryCacheValue:
+ var err error
+ cachedRespData, err = v.copyCacheData()
+ if err != nil {
+ return nil, err
+ }
+ case *interQueryCacheData:
+ cachedRespData = v
+ default:
+ return nil, nil
+ }
+
+ if getCurrentTime(c.bctx).Before(cachedRespData.ExpiresAt) {
+ return cachedRespData.formatToAST(c.forceJSONDecode, c.forceYAMLDecode)
+ }
+
+ var err error
+ c.httpReq, c.httpClient, err = createHTTPRequest(c.bctx, c.key)
+ if err != nil {
+ return nil, handleHTTPSendErr(c.bctx, err)
+ }
+
+ headers := parseResponseHeaders(cachedRespData.Headers)
+
+ // check with the server if the stale response is still up-to-date.
+ // If server returns a new response (ie. status_code=200), update the cache with the new response
+ // If server returns an unmodified response (ie. status_code=304), update the headers for the existing response
+ result, modified, err := revalidateCachedResponse(c.httpReq, c.httpClient, c.key, headers)
+ requestCache.Delete(c.key)
+ if err != nil || result == nil {
+ return nil, err
+ }
+
+ defer result.Body.Close()
+
+ if !modified {
+ // update the headers in the cached response with their corresponding values from the 304 (Not Modified) response
+ for headerName, values := range result.Header {
+ cachedRespData.Headers.Del(headerName)
+ for _, v := range values {
+ cachedRespData.Headers.Add(headerName, v)
+ }
+ }
+
+ if forceCaching(c.forceCacheParams) {
+ createdAt := getCurrentTime(c.bctx)
+ cachedRespData.ExpiresAt = createdAt.Add(time.Second * time.Duration(c.forceCacheParams.forceCacheDurationSeconds))
+ } else {
+ expiresAt, err := expiryFromHeaders(result.Header)
+ if err != nil {
+ return nil, err
+ }
+ cachedRespData.ExpiresAt = expiresAt
+ }
+
+ cachingMode, err := getCachingMode(c.key)
+ if err != nil {
+ return nil, err
+ }
+
+ var pcv cache.InterQueryCacheValue
+
+ if cachingMode == defaultCachingMode {
+ pcv, err = cachedRespData.toCacheValue()
+ if err != nil {
+ return nil, err
+ }
+ } else {
+ pcv = cachedRespData
+ }
+
+ c.bctx.InterQueryBuiltinCache.InsertWithExpiry(c.key, pcv, cachedRespData.ExpiresAt)
+
+ return cachedRespData.formatToAST(c.forceJSONDecode, c.forceYAMLDecode)
+ }
+
+ newValue, respBody, err := formatHTTPResponseToAST(result, c.forceJSONDecode, c.forceYAMLDecode)
+ if err != nil {
+ return nil, err
+ }
+
+ if err := insertIntoHTTPSendInterQueryCache(c.bctx, c.key, result, respBody, c.forceCacheParams); err != nil {
+ return nil, err
+ }
+
+ return newValue, nil
+}
+
+// insertIntoHTTPSendInterQueryCache inserts given key and value in the inter-query cache
+func insertIntoHTTPSendInterQueryCache(bctx BuiltinContext, key ast.Value, resp *http.Response, respBody []byte, cacheParams *forceCacheParams) error {
+ if resp == nil || (!forceCaching(cacheParams) && !canStore(resp.Header)) || !cacheableCodes.Contains(ast.InternedIntNumberTerm(resp.StatusCode)) {
+ return nil
+ }
+
+ requestCache := bctx.InterQueryBuiltinCache
+
+ obj, ok := key.(ast.Object)
+ if !ok {
+ return errors.New("interface conversion error")
+ }
+
+ cachingMode, err := getCachingMode(obj)
+ if err != nil {
+ return err
+ }
+
+ var pcv cache.InterQueryCacheValue
+ var pcvData *interQueryCacheData
+ if cachingMode == defaultCachingMode {
+ pcv, pcvData, err = newInterQueryCacheValue(bctx, resp, respBody, cacheParams)
+ } else {
+ pcvData, err = newInterQueryCacheData(bctx, resp, respBody, cacheParams)
+ pcv = pcvData
+ }
+
+ if err != nil {
+ return err
+ }
+
+ requestCache.InsertWithExpiry(key, pcv, pcvData.ExpiresAt)
+ return nil
+}
+
+func createKeys() {
+ for _, element := range allowedKeyNames {
+ term := ast.StringTerm(element)
+
+ allowedKeys.Add(term)
+ keyCache[element] = term
+ }
+}
+
+func createCacheableHTTPStatusCodes() {
+ for _, element := range cacheableHTTPStatusCodes {
+ cacheableCodes.Add(ast.InternedIntNumberTerm(element))
+ }
+}
+
+func parseTimeout(timeoutVal ast.Value) (time.Duration, error) {
+ var timeout time.Duration
+ switch t := timeoutVal.(type) {
+ case ast.Number:
+ timeoutInt, ok := t.Int64()
+ if !ok {
+ return timeout, fmt.Errorf("invalid timeout number value %v, must be int64", timeoutVal)
+ }
+ return time.Duration(timeoutInt), nil
+ case ast.String:
+ // Support strings without a unit, treat them the same as just a number value (ns)
+ var err error
+ timeoutInt, err := strconv.ParseInt(string(t), 10, 64)
+ if err == nil {
+ return time.Duration(timeoutInt), nil
+ }
+
+ // Try parsing it as a duration (requires a supported units suffix)
+ timeout, err = time.ParseDuration(string(t))
+ if err != nil {
+ return timeout, fmt.Errorf("invalid timeout value %v: %s", timeoutVal, err)
+ }
+ return timeout, nil
+ default:
+ return timeout, builtins.NewOperandErr(1, "'timeout' must be one of {string, number} but got %s", ast.ValueName(t))
+ }
+}
+
+func getBoolValFromReqObj(req ast.Object, key *ast.Term) (bool, error) {
+ var b ast.Boolean
+ var ok bool
+ if v := req.Get(key); v != nil {
+ if b, ok = v.Value.(ast.Boolean); !ok {
+ return false, fmt.Errorf("invalid value for %v field", key.String())
+ }
+ }
+ return bool(b), nil
+}
+
+func getNumberValFromReqObj(req ast.Object, key *ast.Term) (int, error) {
+ term := req.Get(key)
+ if term == nil {
+ return 0, nil
+ }
+
+ if t, ok := term.Value.(ast.Number); ok {
+ num, ok := t.Int()
+ if !ok || num < 0 {
+ return 0, fmt.Errorf("invalid value %v for field %v", t.String(), key.String())
+ }
+ return num, nil
+ }
+
+ return 0, fmt.Errorf("invalid value %v for field %v", term.String(), key.String())
+}
+
+func getCachingMode(req ast.Object) (cachingMode, error) {
+ key := keyCache["caching_mode"]
+ var s ast.String
+ var ok bool
+ if v := req.Get(key); v != nil {
+ if s, ok = v.Value.(ast.String); !ok {
+ return "", fmt.Errorf("invalid value for %v field", key.String())
+ }
+
+ switch cachingMode(s) {
+ case defaultCachingMode, cachingModeDeserialized:
+ return cachingMode(s), nil
+ default:
+ return "", fmt.Errorf("invalid value specified for %v field: %v", key.String(), string(s))
+ }
+ }
+ return defaultCachingMode, nil
+}
+
+type interQueryCacheValue struct {
+ Data []byte
+}
+
+func newInterQueryCacheValue(bctx BuiltinContext, resp *http.Response, respBody []byte, cacheParams *forceCacheParams) (*interQueryCacheValue, *interQueryCacheData, error) {
+ data, err := newInterQueryCacheData(bctx, resp, respBody, cacheParams)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ b, err := json.Marshal(data)
+ if err != nil {
+ return nil, nil, err
+ }
+ return &interQueryCacheValue{Data: b}, data, nil
+}
+
+func (cb interQueryCacheValue) Clone() (cache.InterQueryCacheValue, error) {
+ dup := make([]byte, len(cb.Data))
+ copy(dup, cb.Data)
+ return &interQueryCacheValue{Data: dup}, nil
+}
+
+func (cb interQueryCacheValue) SizeInBytes() int64 {
+ return int64(len(cb.Data))
+}
+
+func (cb *interQueryCacheValue) copyCacheData() (*interQueryCacheData, error) {
+ var res interQueryCacheData
+ err := util.UnmarshalJSON(cb.Data, &res)
+ if err != nil {
+ return nil, err
+ }
+ return &res, nil
+}
+
+type interQueryCacheData struct {
+ RespBody []byte
+ Status string
+ StatusCode int
+ Headers http.Header
+ ExpiresAt time.Time
+}
+
+func forceCaching(cacheParams *forceCacheParams) bool {
+ return cacheParams != nil && cacheParams.forceCacheDurationSeconds > 0
+}
+
+func expiryFromHeaders(headers http.Header) (time.Time, error) {
+ var expiresAt time.Time
+ maxAge, err := parseMaxAgeCacheDirective(parseCacheControlHeader(headers))
+ if err != nil {
+ return time.Time{}, err
+ }
+ if maxAge != -1 {
+ createdAt, err := getResponseHeaderDate(headers)
+ if err != nil {
+ return time.Time{}, err
+ }
+ expiresAt = createdAt.Add(time.Second * time.Duration(maxAge))
+ } else {
+ expiresAt = getResponseHeaderExpires(headers)
+ }
+ return expiresAt, nil
+}
+
+func newInterQueryCacheData(bctx BuiltinContext, resp *http.Response, respBody []byte, cacheParams *forceCacheParams) (*interQueryCacheData, error) {
+ var expiresAt time.Time
+
+ if forceCaching(cacheParams) {
+ createdAt := getCurrentTime(bctx)
+ expiresAt = createdAt.Add(time.Second * time.Duration(cacheParams.forceCacheDurationSeconds))
+ } else {
+ var err error
+ expiresAt, err = expiryFromHeaders(resp.Header)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ cv := interQueryCacheData{
+ ExpiresAt: expiresAt,
+ RespBody: respBody,
+ Status: resp.Status,
+ StatusCode: resp.StatusCode,
+ Headers: resp.Header}
+
+ return &cv, nil
+}
+
+func (c *interQueryCacheData) formatToAST(forceJSONDecode, forceYAMLDecode bool) (ast.Value, error) {
+ return prepareASTResult(c.Headers, forceJSONDecode, forceYAMLDecode, c.RespBody, c.Status, c.StatusCode)
+}
+
+func (c *interQueryCacheData) toCacheValue() (*interQueryCacheValue, error) {
+ b, err := json.Marshal(c)
+ if err != nil {
+ return nil, err
+ }
+ return &interQueryCacheValue{Data: b}, nil
+}
+
+func (*interQueryCacheData) SizeInBytes() int64 {
+ return 0
+}
+
+func (c *interQueryCacheData) Clone() (cache.InterQueryCacheValue, error) {
+ dup := make([]byte, len(c.RespBody))
+ copy(dup, c.RespBody)
+
+ return &interQueryCacheData{
+ ExpiresAt: c.ExpiresAt,
+ RespBody: dup,
+ Status: c.Status,
+ StatusCode: c.StatusCode,
+ Headers: c.Headers.Clone()}, nil
+}
+
+type responseHeaders struct {
+ etag string // identifier for a specific version of the response
+ lastModified string // date and time response was last modified as per origin server
+}
+
+// deltaSeconds specifies a non-negative integer, representing
+// time in seconds: http://tools.ietf.org/html/rfc7234#section-1.2.1
+type deltaSeconds int32
+
+func parseResponseHeaders(headers http.Header) *responseHeaders {
+ result := responseHeaders{}
+
+ result.etag = headers.Get("etag")
+
+ result.lastModified = headers.Get("last-modified")
+
+ return &result
+}
+
+func revalidateCachedResponse(req *http.Request, client *http.Client, inputReqObj ast.Object, headers *responseHeaders) (*http.Response, bool, error) {
+ etag := headers.etag
+ lastModified := headers.lastModified
+
+ if etag == "" && lastModified == "" {
+ return nil, false, nil
+ }
+
+ cloneReq := req.Clone(req.Context())
+
+ if etag != "" {
+ cloneReq.Header.Set("if-none-match", etag)
+ }
+
+ if lastModified != "" {
+ cloneReq.Header.Set("if-modified-since", lastModified)
+ }
+
+ response, err := executeHTTPRequest(cloneReq, client, inputReqObj)
+ if err != nil {
+ return nil, false, err
+ }
+
+ switch response.StatusCode {
+ case http.StatusOK:
+ return response, true, nil
+
+ case http.StatusNotModified:
+ return response, false, nil
+ }
+ util.Close(response)
+ return nil, false, nil
+}
+
+func canStore(headers http.Header) bool {
+ ccHeaders := parseCacheControlHeader(headers)
+
+ // Check "no-store" cache directive
+ // The "no-store" response directive indicates that a cache MUST NOT
+ // store any part of either the immediate request or response.
+ if _, ok := ccHeaders["no-store"]; ok {
+ return false
+ }
+ return true
+}
+
+func getCurrentTime(bctx BuiltinContext) time.Time {
+ var current time.Time
+
+ value, err := ast.JSON(bctx.Time.Value)
+ if err != nil {
+ return current
+ }
+
+ valueNum, ok := value.(json.Number)
+ if !ok {
+ return current
+ }
+
+ valueNumInt, err := valueNum.Int64()
+ if err != nil {
+ return current
+ }
+
+ current = time.Unix(0, valueNumInt).UTC()
+ return current
+}
+
+func parseCacheControlHeader(headers http.Header) map[string]string {
+ ccDirectives := map[string]string{}
+ ccHeader := headers.Get("cache-control")
+
+ for _, part := range strings.Split(ccHeader, ",") {
+ part = strings.Trim(part, " ")
+ if part == "" {
+ continue
+ }
+ if strings.ContainsRune(part, '=') {
+ items := strings.Split(part, "=")
+ if len(items) != 2 {
+ continue
+ }
+ ccDirectives[strings.Trim(items[0], " ")] = strings.Trim(items[1], ",")
+ } else {
+ ccDirectives[part] = ""
+ }
+ }
+
+ return ccDirectives
+}
+
+func getResponseHeaderDate(headers http.Header) (date time.Time, err error) {
+ dateHeader := headers.Get("date")
+ if dateHeader == "" {
+ err = errors.New("no date header")
+ return
+ }
+ return http.ParseTime(dateHeader)
+}
+
+func getResponseHeaderExpires(headers http.Header) time.Time {
+ expiresHeader := headers.Get("expires")
+ if expiresHeader == "" {
+ return time.Time{}
+ }
+
+ date, err := http.ParseTime(expiresHeader)
+ if err != nil {
+ // servers can set `Expires: 0` which is an invalid date to indicate expired content
+ return time.Time{}
+ }
+
+ return date
+}
+
+// parseMaxAgeCacheDirective parses the max-age directive expressed in delta-seconds as per
+// https://tools.ietf.org/html/rfc7234#section-1.2.1
+func parseMaxAgeCacheDirective(cc map[string]string) (deltaSeconds, error) {
+ maxAge, ok := cc["max-age"]
+ if !ok {
+ return deltaSeconds(-1), nil
+ }
+
+ val, err := strconv.ParseUint(maxAge, 10, 32)
+ if err != nil {
+ if numError, ok := err.(*strconv.NumError); ok {
+ if numError.Err == strconv.ErrRange {
+ return deltaSeconds(math.MaxInt32), nil
+ }
+ }
+ return deltaSeconds(-1), err
+ }
+
+ if val > math.MaxInt32 {
+ return deltaSeconds(math.MaxInt32), nil
+ }
+ return deltaSeconds(val), nil
+}
+
+func formatHTTPResponseToAST(resp *http.Response, forceJSONDecode, forceYAMLDecode bool) (ast.Value, []byte, error) {
+
+ resultRawBody, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ resultObj, err := prepareASTResult(resp.Header, forceJSONDecode, forceYAMLDecode, resultRawBody, resp.Status, resp.StatusCode)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ return resultObj, resultRawBody, nil
+}
+
+func prepareASTResult(headers http.Header, forceJSONDecode, forceYAMLDecode bool, body []byte, status string, statusCode int) (ast.Value, error) {
+ var resultBody any
+
+ // If the response body cannot be JSON/YAML decoded,
+ // an error will not be returned. Instead, the "body" field
+ // in the result will be null.
+ switch {
+ case forceJSONDecode || isContentType(headers, "application/json"):
+ _ = util.UnmarshalJSON(body, &resultBody)
+ case forceYAMLDecode || isContentType(headers, "application/yaml", "application/x-yaml"):
+ _ = util.Unmarshal(body, &resultBody)
+ }
+
+ result := make(map[string]any)
+ result["status"] = status
+ result["status_code"] = statusCode
+ result["body"] = resultBody
+ result["raw_body"] = string(body)
+ result["headers"] = getResponseHeaders(headers)
+
+ resultObj, err := ast.InterfaceToValue(result)
+ if err != nil {
+ return nil, err
+ }
+
+ return resultObj, nil
+}
+
+func getResponseHeaders(headers http.Header) map[string]any {
+ respHeaders := map[string]any{}
+ for headerName, values := range headers {
+ var respValues []any
+ for _, v := range values {
+ respValues = append(respValues, v)
+ }
+ respHeaders[strings.ToLower(headerName)] = respValues
+ }
+ return respHeaders
+}
+
+// httpRequestExecutor defines an interface for the http send cache
+type httpRequestExecutor interface {
+ CheckCache() (ast.Value, error)
+ InsertIntoCache(value *http.Response) (ast.Value, error)
+ InsertErrorIntoCache(err error)
+ ExecuteHTTPRequest() (*http.Response, error)
+}
+
+// newHTTPRequestExecutor returns a new HTTP request executor that wraps either an inter-query or
+// intra-query cache implementation
+func newHTTPRequestExecutor(bctx BuiltinContext, req ast.Object, key ast.Object) (httpRequestExecutor, error) {
+ useInterQueryCache, forceCacheParams, err := useInterQueryCache(req)
+ if err != nil {
+ return nil, handleHTTPSendErr(bctx, err)
+ }
+
+ if useInterQueryCache && bctx.InterQueryBuiltinCache != nil {
+ return newInterQueryCache(bctx, req, key, forceCacheParams)
+ }
+ return newIntraQueryCache(bctx, req, key)
+}
+
+type interQueryCache struct {
+ bctx BuiltinContext
+ req ast.Object
+ key ast.Object
+ httpReq *http.Request
+ httpClient *http.Client
+ forceJSONDecode bool
+ forceYAMLDecode bool
+ forceCacheParams *forceCacheParams
+}
+
+func newInterQueryCache(bctx BuiltinContext, req ast.Object, key ast.Object, forceCacheParams *forceCacheParams) (*interQueryCache, error) {
+ return &interQueryCache{bctx: bctx, req: req, key: key, forceCacheParams: forceCacheParams}, nil
+}
+
+// CheckCache checks the cache for the value of the key set on this object
+func (c *interQueryCache) CheckCache() (ast.Value, error) {
+ var err error
+
+ // Checking the intra-query cache first ensures consistency of errors and HTTP responses within a query.
+ resp, err := checkHTTPSendCache(c.bctx, c.key)
+ if err != nil {
+ return nil, err
+ }
+ if resp != nil {
+ return resp, nil
+ }
+
+ c.forceJSONDecode, err = getBoolValFromReqObj(c.key, keyCache["force_json_decode"])
+ if err != nil {
+ return nil, handleHTTPSendErr(c.bctx, err)
+ }
+ c.forceYAMLDecode, err = getBoolValFromReqObj(c.key, keyCache["force_yaml_decode"])
+ if err != nil {
+ return nil, handleHTTPSendErr(c.bctx, err)
+ }
+
+ resp, err = c.checkHTTPSendInterQueryCache()
+ // Always insert the result of the inter-query cache into the intra-query cache, to maintain consistency within the same query.
+ if err != nil {
+ insertErrorIntoHTTPSendCache(c.bctx, c.key, err)
+ }
+ if resp != nil {
+ insertIntoHTTPSendCache(c.bctx, c.key, resp)
+ }
+ return resp, err
+}
+
+// InsertIntoCache inserts the key set on this object into the cache with the given value
+func (c *interQueryCache) InsertIntoCache(value *http.Response) (ast.Value, error) {
+ result, respBody, err := formatHTTPResponseToAST(value, c.forceJSONDecode, c.forceYAMLDecode)
+ if err != nil {
+ return nil, handleHTTPSendErr(c.bctx, err)
+ }
+
+ // Always insert into the intra-query cache, to maintain consistency within the same query.
+ insertIntoHTTPSendCache(c.bctx, c.key, result)
+
+ // We ignore errors when populating the inter-query cache, because we've already populated the intra-cache,
+ // and query consistency is our primary concern.
+ _ = insertIntoHTTPSendInterQueryCache(c.bctx, c.key, value, respBody, c.forceCacheParams)
+ return result, nil
+}
+
+func (c *interQueryCache) InsertErrorIntoCache(err error) {
+ insertErrorIntoHTTPSendCache(c.bctx, c.key, err)
+}
+
+// ExecuteHTTPRequest executes a HTTP request
+func (c *interQueryCache) ExecuteHTTPRequest() (*http.Response, error) {
+ var err error
+ c.httpReq, c.httpClient, err = createHTTPRequest(c.bctx, c.req)
+ if err != nil {
+ return nil, handleHTTPSendErr(c.bctx, err)
+ }
+
+ return executeHTTPRequest(c.httpReq, c.httpClient, c.req)
+}
+
+type intraQueryCache struct {
+ bctx BuiltinContext
+ req ast.Object
+ key ast.Object
+}
+
+func newIntraQueryCache(bctx BuiltinContext, req ast.Object, key ast.Object) (*intraQueryCache, error) {
+ return &intraQueryCache{bctx: bctx, req: req, key: key}, nil
+}
+
+// CheckCache checks the cache for the value of the key set on this object
+func (c *intraQueryCache) CheckCache() (ast.Value, error) {
+ return checkHTTPSendCache(c.bctx, c.key)
+}
+
+// InsertIntoCache inserts the key set on this object into the cache with the given value
+func (c *intraQueryCache) InsertIntoCache(value *http.Response) (ast.Value, error) {
+ forceJSONDecode, err := getBoolValFromReqObj(c.key, keyCache["force_json_decode"])
+ if err != nil {
+ return nil, handleHTTPSendErr(c.bctx, err)
+ }
+ forceYAMLDecode, err := getBoolValFromReqObj(c.key, keyCache["force_yaml_decode"])
+ if err != nil {
+ return nil, handleHTTPSendErr(c.bctx, err)
+ }
+
+ result, _, err := formatHTTPResponseToAST(value, forceJSONDecode, forceYAMLDecode)
+ if err != nil {
+ return nil, handleHTTPSendErr(c.bctx, err)
+ }
+
+ if cacheableCodes.Contains(ast.InternedIntNumberTerm(value.StatusCode)) {
+ insertIntoHTTPSendCache(c.bctx, c.key, result)
+ }
+
+ return result, nil
+}
+
+func (c *intraQueryCache) InsertErrorIntoCache(err error) {
+ insertErrorIntoHTTPSendCache(c.bctx, c.key, err)
+}
+
+// ExecuteHTTPRequest executes a HTTP request
+func (c *intraQueryCache) ExecuteHTTPRequest() (*http.Response, error) {
+ httpReq, httpClient, err := createHTTPRequest(c.bctx, c.req)
+ if err != nil {
+ return nil, handleHTTPSendErr(c.bctx, err)
+ }
+ return executeHTTPRequest(httpReq, httpClient, c.req)
+}
+
+func useInterQueryCache(req ast.Object) (bool, *forceCacheParams, error) {
+ value, err := getBoolValFromReqObj(req, keyCache["cache"])
+ if err != nil {
+ return false, nil, err
+ }
+
+ valueForceCache, err := getBoolValFromReqObj(req, keyCache["force_cache"])
+ if err != nil {
+ return false, nil, err
+ }
+
+ if valueForceCache {
+ forceCacheParams, err := newForceCacheParams(req)
+ return true, forceCacheParams, err
+ }
+
+ return value, nil, nil
+}
+
+type forceCacheParams struct {
+ forceCacheDurationSeconds int32
+}
+
+func newForceCacheParams(req ast.Object) (*forceCacheParams, error) {
+ term := req.Get(keyCache["force_cache_duration_seconds"])
+ if term == nil {
+ return nil, errors.New("'force_cache' set but 'force_cache_duration_seconds' parameter is missing")
+ }
+
+ forceCacheDurationSeconds := term.String()
+
+ value, err := strconv.ParseInt(forceCacheDurationSeconds, 10, 32)
+ if err != nil {
+ return nil, err
+ }
+
+ return &forceCacheParams{forceCacheDurationSeconds: int32(value)}, nil
+}
+
+func getRaiseErrorValue(req ast.Object) (bool, error) {
+ result := ast.Boolean(true)
+ var ok bool
+ if v := req.Get(keyCache["raise_error"]); v != nil {
+ if result, ok = v.Value.(ast.Boolean); !ok {
+ return false, errors.New("invalid value for raise_error field")
+ }
+ }
+ return bool(result), nil
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/http_fixup.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/http_fixup.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/topdown/http_fixup.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/http_fixup.go
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/http_fixup_darwin.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/http_fixup_darwin.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/topdown/http_fixup_darwin.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/http_fixup_darwin.go
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/input.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/input.go
similarity index 95%
rename from vendor/github.com/open-policy-agent/opa/topdown/input.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/input.go
index cb70aeb71e..ec37b36451 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/input.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/input.go
@@ -5,12 +5,12 @@
package topdown
import (
- "fmt"
+ "errors"
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
)
-var errBadPath = fmt.Errorf("bad document path")
+var errBadPath = errors.New("bad document path")
func mergeTermWithValues(exist *ast.Term, pairs [][2]*ast.Term) (*ast.Term, error) {
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/instrumentation.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/instrumentation.go
new file mode 100644
index 0000000000..93da1d0022
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/instrumentation.go
@@ -0,0 +1,63 @@
+// Copyright 2018 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import "github.com/open-policy-agent/opa/v1/metrics"
+
+const (
+ evalOpPlug = "eval_op_plug"
+ evalOpResolve = "eval_op_resolve"
+ evalOpRuleIndex = "eval_op_rule_index"
+ evalOpBuiltinCall = "eval_op_builtin_call"
+ evalOpVirtualCacheHit = "eval_op_virtual_cache_hit"
+ evalOpVirtualCacheMiss = "eval_op_virtual_cache_miss"
+ evalOpBaseCacheHit = "eval_op_base_cache_hit"
+ evalOpBaseCacheMiss = "eval_op_base_cache_miss"
+ evalOpComprehensionCacheSkip = "eval_op_comprehension_cache_skip"
+ evalOpComprehensionCacheBuild = "eval_op_comprehension_cache_build"
+ evalOpComprehensionCacheHit = "eval_op_comprehension_cache_hit"
+ evalOpComprehensionCacheMiss = "eval_op_comprehension_cache_miss"
+ partialOpSaveUnify = "partial_op_save_unify"
+ partialOpSaveSetContains = "partial_op_save_set_contains"
+ partialOpSaveSetContainsRec = "partial_op_save_set_contains_rec"
+ partialOpCopyPropagation = "partial_op_copy_propagation"
+)
+
+// Instrumentation implements helper functions to instrument query evaluation
+// to diagnose performance issues. Instrumentation may be expensive in some
+// cases, so it is disabled by default.
+type Instrumentation struct {
+ m metrics.Metrics
+}
+
+// NewInstrumentation returns a new Instrumentation object. Performance
+// diagnostics recorded on this Instrumentation object will stored in m.
+func NewInstrumentation(m metrics.Metrics) *Instrumentation {
+ return &Instrumentation{
+ m: m,
+ }
+}
+
+func (instr *Instrumentation) startTimer(name string) {
+ if instr == nil {
+ return
+ }
+ instr.m.Timer(name).Start()
+}
+
+func (instr *Instrumentation) stopTimer(name string) {
+ if instr == nil {
+ return
+ }
+ delta := instr.m.Timer(name).Stop()
+ instr.m.Histogram(name).Update(delta)
+}
+
+func (instr *Instrumentation) counterIncr(name string) {
+ if instr == nil {
+ return
+ }
+ instr.m.Counter(name).Incr()
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/json.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/json.go
similarity index 94%
rename from vendor/github.com/open-policy-agent/opa/topdown/json.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/json.go
index 8a5d232836..2c7d642883 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/json.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/json.go
@@ -5,12 +5,12 @@
package topdown
import (
+ "errors"
"fmt"
- "strconv"
"strings"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
"github.com/open-policy-agent/opa/internal/edittree"
)
@@ -98,11 +98,11 @@ func jsonRemove(a *ast.Term, b *ast.Term) (*ast.Term, error) {
// When indexes are removed we shift left to close empty spots in the array
// as per the JSON patch spec.
newArray := ast.NewArray()
- for i := 0; i < aValue.Len(); i++ {
+ for i := range aValue.Len() {
v := aValue.Elem(i)
// recurse and add the diff of sub objects as needed
// Note: Keys in b will be strings for the index, eg path /a/1/b => {"a": {"1": {"b": null}}}
- diffValue, err := jsonRemove(v, bObj.Get(ast.StringTerm(strconv.Itoa(i))))
+ diffValue, err := jsonRemove(v, bObj.Get(ast.InternedIntegerString(i)))
if err != nil {
return nil, err
}
@@ -144,7 +144,7 @@ func getJSONPaths(operand ast.Value) ([]ast.Ref, error) {
switch v := operand.(type) {
case *ast.Array:
- for i := 0; i < v.Len(); i++ {
+ for i := range v.Len() {
filter, err := parsePath(v.Elem(i))
if err != nil {
return nil, err
@@ -189,7 +189,7 @@ func parsePath(path *ast.Term) (ast.Ref, error) {
pathSegments = append(pathSegments, term)
})
default:
- return nil, builtins.NewOperandErr(2, "must be one of {set, array} containing string paths or array of path segments but got %v", ast.TypeName(p))
+ return nil, builtins.NewOperandErr(2, "must be one of {set, array} containing string paths or array of path segments but got %v", ast.ValueName(p))
}
return pathSegments, nil
@@ -231,7 +231,7 @@ func pathsToObject(paths []ast.Ref) ast.Object {
}
if !done {
- node.Insert(path[len(path)-1], ast.NullTerm())
+ node.Insert(path[len(path)-1], ast.InternedNullTerm)
}
}
@@ -263,7 +263,7 @@ func getPatch(o ast.Object) (jsonPatch, error) {
}
op, ok := opTerm.Value.(ast.String)
if !ok {
- return out, fmt.Errorf("attribute 'op' must be a string")
+ return out, errors.New("attribute 'op' must be a string")
}
out.op = string(op)
if _, found := validOps[out.op]; !found {
@@ -302,10 +302,10 @@ func getPatch(o ast.Object) (jsonPatch, error) {
func applyPatches(source *ast.Term, operations *ast.Array) (*ast.Term, error) {
et := edittree.NewEditTree(source)
- for i := 0; i < operations.Len(); i++ {
+ for i := range operations.Len() {
object, ok := operations.Elem(i).Value.(ast.Object)
if !ok {
- return nil, fmt.Errorf("must be an array of JSON-Patch objects, but at least one element is not an object")
+ return nil, errors.New("must be an array of JSON-Patch objects, but at least one element is not an object")
}
patch, err := getPatch(object)
if err != nil {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/jsonschema.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/jsonschema.go
similarity index 96%
rename from vendor/github.com/open-policy-agent/opa/topdown/jsonschema.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/jsonschema.go
index d319bc0b0d..88057c7746 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/jsonschema.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/jsonschema.go
@@ -8,8 +8,8 @@ import (
"encoding/json"
"errors"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/gojsonschema"
+ "github.com/open-policy-agent/opa/v1/ast"
)
// astValueToJSONSchemaLoader converts a value to JSON Loader.
@@ -29,7 +29,7 @@ func astValueToJSONSchemaLoader(value ast.Value) (gojsonschema.JSONLoader, error
loader = gojsonschema.NewStringLoader(string(x))
case ast.Object:
// In case of object serialize it to JSON representation.
- var data interface{}
+ var data any
data, err = ast.JSON(value)
if err != nil {
return nil, err
@@ -44,7 +44,7 @@ func astValueToJSONSchemaLoader(value ast.Value) (gojsonschema.JSONLoader, error
}
func newResultTerm(valid bool, data *ast.Term) *ast.Term {
- return ast.ArrayTerm(ast.BooleanTerm(valid), data)
+ return ast.ArrayTerm(ast.InternedBooleanTerm(valid), data)
}
// builtinJSONSchemaVerify accepts 1 argument which can be string or object and checks if it is valid JSON schema.
@@ -61,7 +61,7 @@ func builtinJSONSchemaVerify(_ BuiltinContext, operands []*ast.Term, iter func(*
return iter(newResultTerm(false, ast.StringTerm("jsonschema: "+err.Error())))
}
- return iter(newResultTerm(true, ast.NullTerm()))
+ return iter(newResultTerm(true, ast.InternedNullTerm))
}
// builtinJSONMatchSchema accepts 2 arguments both can be string or object and verifies if the document matches the JSON schema.
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/net.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/net.go
similarity index 93%
rename from vendor/github.com/open-policy-agent/opa/topdown/net.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/net.go
index 534520529a..17ed779844 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/net.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/net.go
@@ -8,8 +8,8 @@ import (
"net"
"strings"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
type lookupIPAddrCacheKey string
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/numbers.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/numbers.go
similarity index 63%
rename from vendor/github.com/open-policy-agent/opa/topdown/numbers.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/numbers.go
index 27f3156b8a..398040d7ae 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/numbers.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/numbers.go
@@ -5,18 +5,23 @@
package topdown
import (
+ "errors"
"fmt"
"math/big"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
type randIntCachingKey string
+var zero = big.NewInt(0)
var one = big.NewInt(1)
func builtinNumbersRange(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ if canGenerateCheapRange(operands) {
+ return generateCheapRange(operands, iter)
+ }
x, err := builtins.BigIntOperand(operands[0].Value, 1)
if err != nil {
@@ -53,8 +58,8 @@ func builtinNumbersRangeStep(bctx BuiltinContext, operands []*ast.Term, iter fun
return err
}
- if step.Cmp(big.NewInt(0)) <= 0 {
- return fmt.Errorf("numbers.range_step: step must be a positive number above zero")
+ if step.Cmp(zero) <= 0 {
+ return errors.New("numbers.range_step: step must be a positive number above zero")
}
ast, err := generateRange(bctx, x, y, step, "numbers.range_step")
@@ -65,6 +70,59 @@ func builtinNumbersRangeStep(bctx BuiltinContext, operands []*ast.Term, iter fun
return iter(ast)
}
+func canGenerateCheapRange(operands []*ast.Term) bool {
+ x, err := builtins.IntOperand(operands[0].Value, 1)
+ if err != nil || !ast.HasInternedIntNumberTerm(x) {
+ return false
+ }
+
+ y, err := builtins.IntOperand(operands[1].Value, 2)
+ if err != nil || !ast.HasInternedIntNumberTerm(y) {
+ return false
+ }
+
+ return true
+}
+
+func generateCheapRange(operands []*ast.Term, iter func(*ast.Term) error) error {
+ x, err := builtins.IntOperand(operands[0].Value, 1)
+ if err != nil {
+ return err
+ }
+
+ y, err := builtins.IntOperand(operands[1].Value, 2)
+ if err != nil {
+ return err
+ }
+
+ step := 1
+
+ if len(operands) > 2 {
+ stepOp, err := builtins.IntOperand(operands[2].Value, 3)
+ if err == nil {
+ step = stepOp
+ }
+ }
+
+ if step <= 0 {
+ return errors.New("numbers.range_step: step must be a positive number above zero")
+ }
+
+ terms := make([]*ast.Term, 0, y+1)
+
+ if x <= y {
+ for i := x; i <= y; i += step {
+ terms = append(terms, ast.InternedIntNumberTerm(i))
+ }
+ } else {
+ for i := x; i >= y; i -= step {
+ terms = append(terms, ast.InternedIntNumberTerm(i))
+ }
+ }
+
+ return iter(ast.ArrayTerm(terms...))
+}
+
func generateRange(bctx BuiltinContext, x *big.Int, y *big.Int, step *big.Int, funcName string) (*ast.Term, error) {
cmp := x.Cmp(y)
@@ -81,7 +139,7 @@ func generateRange(bctx BuiltinContext, x *big.Int, y *big.Int, step *big.Int, f
haltErr := Halt{
Err: &Error{
Code: CancelErr,
- Message: fmt.Sprintf("%s: timed out before generating all numbers in range", funcName),
+ Message: funcName + ": timed out before generating all numbers in range",
},
}
@@ -109,7 +167,7 @@ func builtinRandIntn(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.T
}
if n == 0 {
- return iter(ast.IntNumberTerm(0))
+ return iter(ast.InternedIntNumberTerm(0))
}
if n < 0 {
@@ -126,7 +184,7 @@ func builtinRandIntn(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.T
if err != nil {
return err
}
- result := ast.IntNumberTerm(r.Intn(n))
+ result := ast.InternedIntNumberTerm(r.Intn(n))
bctx.Cache.Put(key, result)
return iter(result)
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/object.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/object.go
similarity index 89%
rename from vendor/github.com/open-policy-agent/opa/topdown/object.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/object.go
index ba5d77ff37..c6fbe7022f 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/object.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/object.go
@@ -5,9 +5,9 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/ref"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func builtinObjectUnion(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -21,6 +21,16 @@ func builtinObjectUnion(_ BuiltinContext, operands []*ast.Term, iter func(*ast.T
return err
}
+ if objA.Len() == 0 {
+ return iter(operands[1])
+ }
+ if objB.Len() == 0 {
+ return iter(operands[0])
+ }
+ if objA.Compare(objB) == 0 {
+ return iter(operands[0])
+ }
+
r := mergeWithOverwrite(objA, objB)
return iter(ast.NewTerm(r))
@@ -50,9 +60,6 @@ func builtinObjectUnionN(_ BuiltinContext, operands []*ast.Term, iter func(*ast.
return builtins.NewOperandElementErr(1, arr, arr.Elem(i).Value, "object")
}
mergewithOverwriteInPlace(result, o, frozenKeys)
- if err != nil {
- return err
- }
}
return iter(ast.NewTerm(result))
@@ -95,7 +102,7 @@ func builtinObjectFilter(_ BuiltinContext, operands []*ast.Term, iter func(*ast.
filterObj := ast.NewObject()
keys.Foreach(func(key *ast.Term) {
- filterObj.Insert(key, ast.NullTerm())
+ filterObj.Insert(key, ast.InternedNullTerm)
})
// Actually do the filtering
@@ -114,8 +121,8 @@ func builtinObjectGet(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
}
// if the get key is not an array, attempt to get the top level key for the operand value in the object
- path, err := builtins.ArrayOperand(operands[1].Value, 2)
- if err != nil {
+ path, ok := operands[1].Value.(*ast.Array)
+ if !ok {
if ret := object.Get(operands[1]); ret != nil {
return iter(ret)
}
@@ -143,38 +150,28 @@ func builtinObjectKeys(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Te
if err != nil {
return err
}
+ if object.Len() == 0 {
+ return iter(ast.InternedEmptySet)
+ }
- keys := ast.SetTerm(object.Keys()...)
-
- return iter(keys)
+ return iter(ast.SetTerm(object.Keys()...))
}
// getObjectKeysParam returns a set of key values
// from a supplied ast array, object, set value
func getObjectKeysParam(arrayOrSet ast.Value) (ast.Set, error) {
- keys := ast.NewSet()
-
switch v := arrayOrSet.(type) {
case *ast.Array:
- _ = v.Iter(func(f *ast.Term) error {
- keys.Add(f)
- return nil
- })
+ keys := ast.NewSet()
+ v.Foreach(keys.Add)
+ return keys, nil
case ast.Set:
- _ = v.Iter(func(f *ast.Term) error {
- keys.Add(f)
- return nil
- })
+ return ast.NewSet(v.Slice()...), nil
case ast.Object:
- _ = v.Iter(func(k *ast.Term, _ *ast.Term) error {
- keys.Add(k)
- return nil
- })
- default:
- return nil, builtins.NewOperandTypeErr(2, arrayOrSet, "object", "set", "array")
+ return ast.NewSet(v.Keys()...), nil
}
- return keys, nil
+ return nil, builtins.NewOperandTypeErr(2, arrayOrSet, "object", "set", "array")
}
func mergeWithOverwrite(objA, objB ast.Object) ast.Object {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/parse.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/parse.go
similarity index 91%
rename from vendor/github.com/open-policy-agent/opa/topdown/parse.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/parse.go
index c46222b413..464e0141a2 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/parse.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/parse.go
@@ -9,8 +9,8 @@ import (
"encoding/json"
"fmt"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func builtinRegoParseModule(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -25,6 +25,7 @@ func builtinRegoParseModule(_ BuiltinContext, operands []*ast.Term, iter func(*a
return err
}
+ // FIXME: Use configured rego-version?
module, err := ast.ParseModule(string(filename), string(input))
if err != nil {
return err
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/parse_bytes.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/parse_bytes.go
similarity index 74%
rename from vendor/github.com/open-policy-agent/opa/topdown/parse_bytes.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/parse_bytes.go
index 0cd4bc193a..cd36b87b17 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/parse_bytes.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/parse_bytes.go
@@ -10,8 +10,8 @@ import (
"strings"
"unicode"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
const (
@@ -109,7 +109,7 @@ func builtinNumBytes(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
func formatString(s ast.String) string {
str := string(s)
lower := strings.ToLower(str)
- return strings.Replace(lower, "\"", "", -1)
+ return strings.ReplaceAll(lower, "\"", "")
}
// Splits the string into a number string à la "10" or "10.2" and a unit
@@ -121,21 +121,35 @@ func extractNumAndUnit(s string) (string, string) {
}
firstNonNumIdx := -1
- for idx, r := range s {
- if !isNum(r) {
+ for idx := 0; idx < len(s); idx++ {
+ r := rune(s[idx])
+ // Identify the first non-numeric character, marking the boundary between the number and the unit.
+ if !isNum(r) && r != 'e' && r != 'E' && r != '+' && r != '-' {
firstNonNumIdx = idx
break
}
+ if r == 'e' || r == 'E' {
+ // Check if the next character is a valid digit or +/- for scientific notation
+ if idx == len(s)-1 || (!unicode.IsDigit(rune(s[idx+1])) && rune(s[idx+1]) != '+' && rune(s[idx+1]) != '-') {
+ firstNonNumIdx = idx
+ break
+ }
+ // Skip the next character if it is '+' or '-'
+ if idx+1 < len(s) && (s[idx+1] == '+' || s[idx+1] == '-') {
+ idx++
+ }
+ }
}
- if firstNonNumIdx == -1 { // only digits and '.'
+ if firstNonNumIdx == -1 { // only digits, '.', or valid scientific notation
return s, ""
}
if firstNonNumIdx == 0 { // only units (starts with non-digit)
return "", s
}
- return s[0:firstNonNumIdx], s[firstNonNumIdx:]
+ // Return the number and the rest as the unit
+ return s[:firstNonNumIdx], s[firstNonNumIdx:]
}
func init() {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/parse_units.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/parse_units.go
similarity index 95%
rename from vendor/github.com/open-policy-agent/opa/topdown/parse_units.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/parse_units.go
index daf240214c..44aec86299 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/parse_units.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/parse_units.go
@@ -10,8 +10,8 @@ import (
"math/big"
"strings"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
// Binary Si unit constants are borrowed from topdown/parse_bytes
@@ -50,7 +50,7 @@ func builtinUnits(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) e
// We remove escaped quotes from strings here to retain parity with units.parse_bytes.
s := string(raw)
- s = strings.Replace(s, "\"", "", -1)
+ s = strings.ReplaceAll(s, "\"", "")
if strings.Contains(s, " ") {
return errIncludesSpaces
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/print.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/print.go
new file mode 100644
index 0000000000..f852f3e320
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/print.go
@@ -0,0 +1,86 @@
+// Copyright 2021 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import (
+ "fmt"
+ "io"
+ "strings"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/print"
+)
+
+func NewPrintHook(w io.Writer) print.Hook {
+ return printHook{w: w}
+}
+
+type printHook struct {
+ w io.Writer
+}
+
+func (h printHook) Print(_ print.Context, msg string) error {
+ _, err := fmt.Fprintln(h.w, msg)
+ return err
+}
+
+func builtinPrint(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+
+ if bctx.PrintHook == nil {
+ return iter(nil)
+ }
+
+ arr, err := builtins.ArrayOperand(operands[0].Value, 1)
+ if err != nil {
+ return err
+ }
+
+ buf := make([]string, arr.Len())
+
+ err = builtinPrintCrossProductOperands(bctx, buf, arr, 0, func(buf []string) error {
+ pctx := print.Context{
+ Context: bctx.Context,
+ Location: bctx.Location,
+ }
+ return bctx.PrintHook.Print(pctx, strings.Join(buf, " "))
+ })
+ if err != nil {
+ return err
+ }
+
+ return iter(nil)
+}
+
+func builtinPrintCrossProductOperands(bctx BuiltinContext, buf []string, operands *ast.Array, i int, f func([]string) error) error {
+
+ if i >= operands.Len() {
+ return f(buf)
+ }
+
+ xs, ok := operands.Elem(i).Value.(ast.Set)
+ if !ok {
+ return Halt{Err: internalErr(bctx.Location, fmt.Sprintf("illegal argument type: %v", ast.ValueName(operands.Elem(i).Value)))}
+ }
+
+ if xs.Len() == 0 {
+ buf[i] = ""
+ return builtinPrintCrossProductOperands(bctx, buf, operands, i+1, f)
+ }
+
+ return xs.Iter(func(x *ast.Term) error {
+ switch v := x.Value.(type) {
+ case ast.String:
+ buf[i] = string(v)
+ default:
+ buf[i] = v.String()
+ }
+ return builtinPrintCrossProductOperands(bctx, buf, operands, i+1, f)
+ })
+}
+
+func init() {
+ RegisterBuiltinFunc(ast.InternalPrint.Name, builtinPrint)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/print/print.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/print/print.go
new file mode 100644
index 0000000000..ce684ae945
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/print/print.go
@@ -0,0 +1,21 @@
+package print
+
+import (
+ "context"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+)
+
+// Context provides the Hook implementation context about the print() call.
+type Context struct {
+ Context context.Context // request context passed when query executed
+ Location *ast.Location // location of print call
+}
+
+// Hook defines the interface that callers can implement to receive print
+// statement outputs. If the hook returns an error, it will be surfaced if
+// strict builtin error checking is enabled (otherwise, it will not halt
+// execution.)
+type Hook interface {
+ Print(Context, string) error
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/providers.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/providers.go
similarity index 97%
rename from vendor/github.com/open-policy-agent/opa/topdown/providers.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/providers.go
index 77db917982..dd84026e4b 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/providers.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/providers.go
@@ -9,9 +9,9 @@ import (
"net/url"
"time"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/providers/aws"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
var awsRequiredConfigKeyNames = ast.NewSet(
@@ -119,9 +119,6 @@ func builtinAWSSigV4SignReq(_ BuiltinContext, operands []*ast.Term, iter func(*a
}
signingTimestamp = time.Unix(0, ts)
- if err != nil {
- return err
- }
// Make sure our required keys exist!
// This check is stricter than required, but better to break here than downstream.
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/query.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/query.go
new file mode 100644
index 0000000000..4c6300f8d1
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/query.go
@@ -0,0 +1,639 @@
+package topdown
+
+import (
+ "context"
+ "crypto/rand"
+ "io"
+ "sort"
+ "time"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/resolver"
+ "github.com/open-policy-agent/opa/v1/storage"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
+ "github.com/open-policy-agent/opa/v1/topdown/copypropagation"
+ "github.com/open-policy-agent/opa/v1/topdown/print"
+ "github.com/open-policy-agent/opa/v1/tracing"
+)
+
+// QueryResultSet represents a collection of results returned by a query.
+type QueryResultSet []QueryResult
+
+// QueryResult represents a single result returned by a query. The result
+// contains bindings for all variables that appear in the query.
+type QueryResult map[ast.Var]*ast.Term
+
+// Query provides a configurable interface for performing query evaluation.
+type Query struct {
+ seed io.Reader
+ time time.Time
+ cancel Cancel
+ query ast.Body
+ queryCompiler ast.QueryCompiler
+ compiler *ast.Compiler
+ store storage.Store
+ txn storage.Transaction
+ input *ast.Term
+ external *resolverTrie
+ tracers []QueryTracer
+ plugTraceVars bool
+ unknowns []*ast.Term
+ partialNamespace string
+ skipSaveNamespace bool
+ metrics metrics.Metrics
+ instr *Instrumentation
+ disableInlining []ast.Ref
+ shallowInlining bool
+ nondeterministicBuiltins bool
+ genvarprefix string
+ runtime *ast.Term
+ builtins map[string]*Builtin
+ indexing bool
+ earlyExit bool
+ interQueryBuiltinCache cache.InterQueryCache
+ interQueryBuiltinValueCache cache.InterQueryValueCache
+ ndBuiltinCache builtins.NDBCache
+ strictBuiltinErrors bool
+ builtinErrorList *[]Error
+ strictObjects bool
+ roundTripper CustomizeRoundTripper
+ printHook print.Hook
+ tracingOpts tracing.Options
+ virtualCache VirtualCache
+ baseCache BaseCache
+}
+
+// Builtin represents a built-in function that queries can call.
+type Builtin struct {
+ Decl *ast.Builtin
+ Func BuiltinFunc
+}
+
+// NewQuery returns a new Query object that can be run.
+func NewQuery(query ast.Body) *Query {
+ return &Query{
+ query: query,
+ genvarprefix: ast.WildcardPrefix,
+ indexing: true,
+ earlyExit: true,
+ }
+}
+
+// WithQueryCompiler sets the queryCompiler used for the query.
+func (q *Query) WithQueryCompiler(queryCompiler ast.QueryCompiler) *Query {
+ q.queryCompiler = queryCompiler
+ return q
+}
+
+// WithCompiler sets the compiler to use for the query.
+func (q *Query) WithCompiler(compiler *ast.Compiler) *Query {
+ q.compiler = compiler
+ return q
+}
+
+// WithStore sets the store to use for the query.
+func (q *Query) WithStore(store storage.Store) *Query {
+ q.store = store
+ return q
+}
+
+// WithTransaction sets the transaction to use for the query. All queries
+// should be performed over a consistent snapshot of the storage layer.
+func (q *Query) WithTransaction(txn storage.Transaction) *Query {
+ q.txn = txn
+ return q
+}
+
+// WithCancel sets the cancellation object to use for the query. Set this if
+// you need to abort queries based on a deadline. This is optional.
+func (q *Query) WithCancel(cancel Cancel) *Query {
+ q.cancel = cancel
+ return q
+}
+
+// WithInput sets the input object to use for the query. References rooted at
+// input will be evaluated against this value. This is optional.
+func (q *Query) WithInput(input *ast.Term) *Query {
+ q.input = input
+ return q
+}
+
+// WithTracer adds a query tracer to use during evaluation. This is optional.
+// Deprecated: Use WithQueryTracer instead.
+func (q *Query) WithTracer(tracer Tracer) *Query {
+ qt, ok := tracer.(QueryTracer)
+ if !ok {
+ qt = WrapLegacyTracer(tracer)
+ }
+ return q.WithQueryTracer(qt)
+}
+
+// WithQueryTracer adds a query tracer to use during evaluation. This is optional.
+// Disabled QueryTracers will be ignored.
+func (q *Query) WithQueryTracer(tracer QueryTracer) *Query {
+ if !tracer.Enabled() {
+ return q
+ }
+
+ q.tracers = append(q.tracers, tracer)
+
+ // If *any* of the tracers require local variable metadata we need to
+ // enabled plugging local trace variables.
+ conf := tracer.Config()
+ if conf.PlugLocalVars {
+ q.plugTraceVars = true
+ }
+
+ return q
+}
+
+// WithMetrics sets the metrics collection to add evaluation metrics to. This
+// is optional.
+func (q *Query) WithMetrics(m metrics.Metrics) *Query {
+ q.metrics = m
+ return q
+}
+
+// WithInstrumentation sets the instrumentation configuration to enable on the
+// evaluation process. By default, instrumentation is turned off.
+func (q *Query) WithInstrumentation(instr *Instrumentation) *Query {
+ q.instr = instr
+ return q
+}
+
+// WithUnknowns sets the initial set of variables or references to treat as
+// unknown during query evaluation. This is required for partial evaluation.
+func (q *Query) WithUnknowns(terms []*ast.Term) *Query {
+ q.unknowns = terms
+ return q
+}
+
+// WithPartialNamespace sets the namespace to use for supporting rules
+// generated as part of the partial evaluation process. The ns value must be a
+// valid package path component.
+func (q *Query) WithPartialNamespace(ns string) *Query {
+ q.partialNamespace = ns
+ return q
+}
+
+// WithSkipPartialNamespace disables namespacing of saved support rules that are generated
+// from the original policy (rules which are completely synthetic are still namespaced.)
+func (q *Query) WithSkipPartialNamespace(yes bool) *Query {
+ q.skipSaveNamespace = yes
+ return q
+}
+
+// WithDisableInlining adds a set of paths to the query that should be excluded from
+// inlining. Inlining during partial evaluation can be expensive in some cases
+// (e.g., when a cross-product is computed.) Disabling inlining avoids expensive
+// computation at the cost of generating support rules.
+func (q *Query) WithDisableInlining(paths []ast.Ref) *Query {
+ q.disableInlining = paths
+ return q
+}
+
+// WithShallowInlining disables aggressive inlining performed during partial evaluation.
+// When shallow inlining is enabled rules that depend (transitively) on unknowns are not inlined.
+// Only rules/values that are completely known will be inlined.
+func (q *Query) WithShallowInlining(yes bool) *Query {
+ q.shallowInlining = yes
+ return q
+}
+
+// WithRuntime sets the runtime data to execute the query with. The runtime data
+// can be returned by the `opa.runtime` built-in function.
+func (q *Query) WithRuntime(runtime *ast.Term) *Query {
+ q.runtime = runtime
+ return q
+}
+
+// WithBuiltins adds a set of built-in functions that can be called by the
+// query.
+func (q *Query) WithBuiltins(builtins map[string]*Builtin) *Query {
+ q.builtins = builtins
+ return q
+}
+
+// WithIndexing will enable or disable using rule indexing for the evaluation
+// of the query. The default is enabled.
+func (q *Query) WithIndexing(enabled bool) *Query {
+ q.indexing = enabled
+ return q
+}
+
+// WithEarlyExit will enable or disable using 'early exit' for the evaluation
+// of the query. The default is enabled.
+func (q *Query) WithEarlyExit(enabled bool) *Query {
+ q.earlyExit = enabled
+ return q
+}
+
+// WithSeed sets a reader that will seed randomization required by built-in functions.
+// If a seed is not provided crypto/rand.Reader is used.
+func (q *Query) WithSeed(r io.Reader) *Query {
+ q.seed = r
+ return q
+}
+
+// WithTime sets the time that will be returned by the time.now_ns() built-in function.
+func (q *Query) WithTime(x time.Time) *Query {
+ q.time = x
+ return q
+}
+
+// WithInterQueryBuiltinCache sets the inter-query cache that built-in functions can utilize.
+func (q *Query) WithInterQueryBuiltinCache(c cache.InterQueryCache) *Query {
+ q.interQueryBuiltinCache = c
+ return q
+}
+
+// WithInterQueryBuiltinValueCache sets the inter-query value cache that built-in functions can utilize.
+func (q *Query) WithInterQueryBuiltinValueCache(c cache.InterQueryValueCache) *Query {
+ q.interQueryBuiltinValueCache = c
+ return q
+}
+
+// WithNDBuiltinCache sets the non-deterministic builtin cache.
+func (q *Query) WithNDBuiltinCache(c builtins.NDBCache) *Query {
+ q.ndBuiltinCache = c
+ return q
+}
+
+// WithStrictBuiltinErrors tells the evaluator to treat all built-in function errors as fatal errors.
+func (q *Query) WithStrictBuiltinErrors(yes bool) *Query {
+ q.strictBuiltinErrors = yes
+ return q
+}
+
+// WithBuiltinErrorList supplies a pointer to an Error slice to store built-in function errors
+// encountered during evaluation. This error slice can be inspected after evaluation to determine
+// which built-in function errors occurred.
+func (q *Query) WithBuiltinErrorList(list *[]Error) *Query {
+ q.builtinErrorList = list
+ return q
+}
+
+// WithResolver configures an external resolver to use for the given ref.
+func (q *Query) WithResolver(ref ast.Ref, r resolver.Resolver) *Query {
+ if q.external == nil {
+ q.external = newResolverTrie()
+ }
+ q.external.Put(ref, r)
+ return q
+}
+
+// WithHTTPRoundTripper configures a custom HTTP transport for built-in functions that make HTTP requests.
+func (q *Query) WithHTTPRoundTripper(t CustomizeRoundTripper) *Query {
+ q.roundTripper = t
+ return q
+}
+
+func (q *Query) WithPrintHook(h print.Hook) *Query {
+ q.printHook = h
+ return q
+}
+
+// WithDistributedTracingOpts sets the options to be used by distributed tracing.
+func (q *Query) WithDistributedTracingOpts(tr tracing.Options) *Query {
+ q.tracingOpts = tr
+ return q
+}
+
+// WithStrictObjects tells the evaluator to avoid the "lazy object" optimization
+// applied when reading objects from the store. It will result in higher memory
+// usage and should only be used temporarily while adjusting code that breaks
+// because of the optimization.
+func (q *Query) WithStrictObjects(yes bool) *Query {
+ q.strictObjects = yes
+ return q
+}
+
+// WithVirtualCache sets the VirtualCache to use during evaluation. This is
+// optional, and if not set, the default cache is used.
+func (q *Query) WithVirtualCache(vc VirtualCache) *Query {
+ q.virtualCache = vc
+ return q
+}
+
+// WithBaseCache sets the BaseCache to use during evaluation. This is
+// optional, and if not set, the default cache is used.
+func (q *Query) WithBaseCache(bc BaseCache) *Query {
+ q.baseCache = bc
+ return q
+}
+
+// WithNondeterministicBuiltins causes non-deterministic builtins to be evalued
+// during partial evaluation. This is needed to pull in external data, or validate
+// a JWT, during PE, so that the result informs what queries are returned.
+func (q *Query) WithNondeterministicBuiltins(yes bool) *Query {
+ q.nondeterministicBuiltins = yes
+ return q
+}
+
+// PartialRun executes partial evaluation on the query with respect to unknown
+// values. Partial evaluation attempts to evaluate as much of the query as
+// possible without requiring values for the unknowns set on the query. The
+// result of partial evaluation is a new set of queries that can be evaluated
+// once the unknown value is known. In addition to new queries, partial
+// evaluation may produce additional support modules that should be used in
+// conjunction with the partially evaluated queries.
+func (q *Query) PartialRun(ctx context.Context) (partials []ast.Body, support []*ast.Module, err error) {
+ if q.partialNamespace == "" {
+ q.partialNamespace = "partial" // lazily initialize partial namespace
+ }
+ if q.seed == nil {
+ q.seed = rand.Reader
+ }
+ if q.time.IsZero() {
+ q.time = time.Now()
+ }
+ if q.metrics == nil {
+ q.metrics = metrics.New()
+ }
+
+ f := &queryIDFactory{}
+ b := newBindings(0, q.instr)
+
+ var vc VirtualCache
+ if q.virtualCache != nil {
+ vc = q.virtualCache
+ } else {
+ vc = NewVirtualCache()
+ }
+
+ var bc BaseCache
+ if q.baseCache != nil {
+ bc = q.baseCache
+ } else {
+ bc = newBaseCache()
+ }
+
+ e := &eval{
+ ctx: ctx,
+ metrics: q.metrics,
+ seed: q.seed,
+ time: ast.NumberTerm(int64ToJSONNumber(q.time.UnixNano())),
+ cancel: q.cancel,
+ query: q.query,
+ queryCompiler: q.queryCompiler,
+ queryIDFact: f,
+ queryID: f.Next(),
+ bindings: b,
+ compiler: q.compiler,
+ store: q.store,
+ baseCache: bc,
+ txn: q.txn,
+ input: q.input,
+ external: q.external,
+ tracers: q.tracers,
+ traceEnabled: len(q.tracers) > 0,
+ plugTraceVars: q.plugTraceVars,
+ instr: q.instr,
+ builtins: q.builtins,
+ builtinCache: builtins.Cache{},
+ interQueryBuiltinCache: q.interQueryBuiltinCache,
+ interQueryBuiltinValueCache: q.interQueryBuiltinValueCache,
+ ndBuiltinCache: q.ndBuiltinCache,
+ virtualCache: vc,
+ saveSet: newSaveSet(q.unknowns, b, q.instr),
+ saveStack: newSaveStack(),
+ saveSupport: newSaveSupport(),
+ saveNamespace: ast.InternedStringTerm(q.partialNamespace),
+ skipSaveNamespace: q.skipSaveNamespace,
+ inliningControl: &inliningControl{
+ shallow: q.shallowInlining,
+ nondeterministicBuiltins: q.nondeterministicBuiltins,
+ },
+ genvarprefix: q.genvarprefix,
+ runtime: q.runtime,
+ indexing: q.indexing,
+ earlyExit: q.earlyExit,
+ builtinErrors: &builtinErrors{},
+ printHook: q.printHook,
+ strictObjects: q.strictObjects,
+ }
+
+ if len(q.disableInlining) > 0 {
+ e.inliningControl.PushDisable(q.disableInlining, false)
+ }
+
+ e.caller = e
+ q.metrics.Timer(metrics.RegoPartialEval).Start()
+ defer q.metrics.Timer(metrics.RegoPartialEval).Stop()
+
+ livevars := ast.NewVarSet()
+ for _, t := range q.unknowns {
+ switch v := t.Value.(type) {
+ case ast.Var:
+ livevars.Add(v)
+ case ast.Ref:
+ livevars.Add(v[0].Value.(ast.Var))
+ }
+ }
+
+ ast.WalkVars(q.query, func(x ast.Var) bool {
+ if !x.IsGenerated() {
+ livevars.Add(x)
+ }
+ return false
+ })
+
+ p := copypropagation.New(livevars).WithCompiler(q.compiler)
+
+ err = e.Run(func(e *eval) error {
+
+ // Build output from saved expressions.
+ body := ast.NewBody()
+
+ for _, elem := range e.saveStack.Stack[len(e.saveStack.Stack)-1] {
+ body.Append(elem.Plug(e.bindings))
+ }
+
+ // Include bindings as exprs so that when caller evals the result, they
+ // can obtain values for the vars in their query.
+ bindingExprs := []*ast.Expr{}
+ _ = e.bindings.Iter(e.bindings, func(a, b *ast.Term) error {
+ bindingExprs = append(bindingExprs, ast.Equality.Expr(a, b))
+ return nil
+ }) // cannot return error
+
+ // Sort binding expressions so that results are deterministic.
+ sort.Slice(bindingExprs, func(i, j int) bool {
+ return bindingExprs[i].Compare(bindingExprs[j]) < 0
+ })
+
+ for i := range bindingExprs {
+ body.Append(bindingExprs[i])
+ }
+
+ // Skip this rule body if it fails to type-check.
+ // Type-checking failure means the rule body will never succeed.
+ if !e.compiler.PassesTypeCheck(body) {
+ return nil
+ }
+
+ if !q.shallowInlining {
+ body = applyCopyPropagation(p, e.instr, body)
+ }
+
+ partials = append(partials, body)
+ return nil
+ })
+
+ support = e.saveSupport.List()
+
+ if len(e.builtinErrors.errs) > 0 {
+ if q.strictBuiltinErrors {
+ err = e.builtinErrors.errs[0]
+ } else if q.builtinErrorList != nil {
+ // If a builtinErrorList has been supplied, we must use pointer indirection
+ // to append to it. builtinErrorList is a slice pointer so that errors can be
+ // appended to it without returning a new slice and changing the interface
+ // of PartialRun.
+ for _, err := range e.builtinErrors.errs {
+ if tdError, ok := err.(*Error); ok {
+ *(q.builtinErrorList) = append(*(q.builtinErrorList), *tdError)
+ } else {
+ *(q.builtinErrorList) = append(*(q.builtinErrorList), Error{
+ Code: BuiltinErr,
+ Message: err.Error(),
+ })
+ }
+ }
+ }
+ }
+
+ for i, m := range support {
+ if regoVersion := q.compiler.DefaultRegoVersion(); regoVersion != ast.RegoUndefined {
+ ast.SetModuleRegoVersion(m, q.compiler.DefaultRegoVersion())
+ }
+
+ sort.Slice(support[i].Rules, func(j, k int) bool {
+ return support[i].Rules[j].Compare(support[i].Rules[k]) < 0
+ })
+ }
+
+ return partials, support, err
+}
+
+// Run is a wrapper around Iter that accumulates query results and returns them
+// in one shot.
+func (q *Query) Run(ctx context.Context) (QueryResultSet, error) {
+ qrs := QueryResultSet{}
+ return qrs, q.Iter(ctx, func(qr QueryResult) error {
+ qrs = append(qrs, qr)
+ return nil
+ })
+}
+
+// Iter executes the query and invokes the iter function with query results
+// produced by evaluating the query.
+func (q *Query) Iter(ctx context.Context, iter func(QueryResult) error) error {
+ // Query evaluation must not be allowed if the compiler has errors and is in an undefined, possibly inconsistent state
+ if q.compiler != nil && len(q.compiler.Errors) > 0 {
+ return &Error{
+ Code: InternalErr,
+ Message: "compiler has errors",
+ }
+ }
+
+ if q.seed == nil {
+ q.seed = rand.Reader
+ }
+ if q.time.IsZero() {
+ q.time = time.Now()
+ }
+ if q.metrics == nil {
+ q.metrics = metrics.New()
+ }
+
+ f := &queryIDFactory{}
+
+ var vc VirtualCache
+ if q.virtualCache != nil {
+ vc = q.virtualCache
+ } else {
+ vc = NewVirtualCache()
+ }
+
+ var bc BaseCache
+ if q.baseCache != nil {
+ bc = q.baseCache
+ } else {
+ bc = newBaseCache()
+ }
+
+ e := &eval{
+ ctx: ctx,
+ metrics: q.metrics,
+ seed: q.seed,
+ time: ast.NumberTerm(int64ToJSONNumber(q.time.UnixNano())),
+ cancel: q.cancel,
+ query: q.query,
+ queryCompiler: q.queryCompiler,
+ queryIDFact: f,
+ queryID: f.Next(),
+ bindings: newBindings(0, q.instr),
+ compiler: q.compiler,
+ store: q.store,
+ baseCache: bc,
+ txn: q.txn,
+ input: q.input,
+ external: q.external,
+ tracers: q.tracers,
+ traceEnabled: len(q.tracers) > 0,
+ plugTraceVars: q.plugTraceVars,
+ instr: q.instr,
+ builtins: q.builtins,
+ builtinCache: builtins.Cache{},
+ interQueryBuiltinCache: q.interQueryBuiltinCache,
+ interQueryBuiltinValueCache: q.interQueryBuiltinValueCache,
+ ndBuiltinCache: q.ndBuiltinCache,
+ virtualCache: vc,
+ genvarprefix: q.genvarprefix,
+ runtime: q.runtime,
+ indexing: q.indexing,
+ earlyExit: q.earlyExit,
+ builtinErrors: &builtinErrors{},
+ printHook: q.printHook,
+ tracingOpts: q.tracingOpts,
+ strictObjects: q.strictObjects,
+ roundTripper: q.roundTripper,
+ }
+ e.caller = e
+ q.metrics.Timer(metrics.RegoQueryEval).Start()
+ err := e.Run(func(e *eval) error {
+ qr := QueryResult{}
+ _ = e.bindings.Iter(nil, func(k, v *ast.Term) error {
+ qr[k.Value.(ast.Var)] = v
+ return nil
+ }) // cannot return error
+ return iter(qr)
+ })
+
+ if len(e.builtinErrors.errs) > 0 {
+ if q.strictBuiltinErrors {
+ err = e.builtinErrors.errs[0]
+ } else if q.builtinErrorList != nil {
+ // If a builtinErrorList has been supplied, we must use pointer indirection
+ // to append to it. builtinErrorList is a slice pointer so that errors can be
+ // appended to it without returning a new slice and changing the interface
+ // of Iter.
+ for _, err := range e.builtinErrors.errs {
+ if tdError, ok := err.(*Error); ok {
+ *(q.builtinErrorList) = append(*(q.builtinErrorList), *tdError)
+ } else {
+ *(q.builtinErrorList) = append(*(q.builtinErrorList), Error{
+ Code: BuiltinErr,
+ Message: err.Error(),
+ })
+ }
+ }
+ }
+ }
+
+ q.metrics.Timer(metrics.RegoQueryEval).Stop()
+ return err
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/reachable.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/reachable.go
similarity index 97%
rename from vendor/github.com/open-policy-agent/opa/topdown/reachable.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/reachable.go
index 8d61018e76..1c31019db9 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/reachable.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/reachable.go
@@ -5,8 +5,8 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
// Helper: sets of vertices can be represented as Arrays or Sets.
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/regex.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/regex.go
similarity index 90%
rename from vendor/github.com/open-policy-agent/opa/topdown/regex.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/regex.go
index 452e7d58bf..1a5bb62346 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/regex.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/regex.go
@@ -11,8 +11,8 @@ import (
gintersect "github.com/yashtewari/glob-intersection"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
const regexCacheMaxSize = 100
@@ -25,15 +25,15 @@ func builtinRegexIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*ast.
s, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
_, err = regexp.Compile(string(s))
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
}
func builtinRegexMatch(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -49,7 +49,7 @@ func builtinRegexMatch(bctx BuiltinContext, operands []*ast.Term, iter func(*ast
if err != nil {
return err
}
- return iter(ast.BooleanTerm(re.MatchString(string(s2))))
+ return iter(ast.InternedBooleanTerm(re.MatchString(string(s2))))
}
func builtinRegexMatchTemplate(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -79,7 +79,7 @@ func builtinRegexMatchTemplate(_ BuiltinContext, operands []*ast.Term, iter func
if err != nil {
return err
}
- return iter(ast.BooleanTerm(re.MatchString(string(match))))
+ return iter(ast.InternedBooleanTerm(re.MatchString(string(match))))
}
func builtinRegexSplit(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -101,11 +101,12 @@ func builtinRegexSplit(bctx BuiltinContext, operands []*ast.Term, iter func(*ast
for i := range elems {
arr[i] = ast.StringTerm(elems[i])
}
- return iter(ast.NewTerm(ast.NewArray(arr...)))
+ return iter(ast.ArrayTerm(arr...))
}
func getRegexp(bctx BuiltinContext, pat string) (*regexp.Regexp, error) {
if bctx.InterQueryBuiltinValueCache != nil {
+ // TODO: Use named cache
val, ok := bctx.InterQueryBuiltinValueCache.Get(ast.String(pat))
if ok {
res, valid := val.(*regexp.Regexp)
@@ -176,7 +177,7 @@ func builtinGlobsMatch(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Te
if err != nil {
return err
}
- return iter(ast.BooleanTerm(ne))
+ return iter(ast.InternedBooleanTerm(ne))
}
func builtinRegexFind(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -202,7 +203,7 @@ func builtinRegexFind(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.
for i := range elems {
arr[i] = ast.StringTerm(elems[i])
}
- return iter(ast.NewTerm(ast.NewArray(arr...)))
+ return iter(ast.ArrayTerm(arr...))
}
func builtinRegexFindAllStringSubmatch(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -231,10 +232,10 @@ func builtinRegexFindAllStringSubmatch(bctx BuiltinContext, operands []*ast.Term
for j := range matches[i] {
inner[j] = ast.StringTerm(matches[i][j])
}
- outer[i] = ast.NewTerm(ast.NewArray(inner...))
+ outer[i] = ast.ArrayTerm(inner...)
}
- return iter(ast.NewTerm(ast.NewArray(outer...)))
+ return iter(ast.ArrayTerm(outer...))
}
func builtinRegexReplace(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -259,8 +260,11 @@ func builtinRegexReplace(bctx BuiltinContext, operands []*ast.Term, iter func(*a
}
res := re.ReplaceAllString(string(base), string(value))
+ if res == string(base) {
+ return iter(operands[0])
+ }
- return iter(ast.StringTerm(res))
+ return iter(ast.InternedStringTerm(res))
}
func init() {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/regex_template.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/regex_template.go
similarity index 99%
rename from vendor/github.com/open-policy-agent/opa/topdown/regex_template.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/regex_template.go
index 4bcddc060b..a1d946fd59 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/regex_template.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/regex_template.go
@@ -45,7 +45,7 @@ import (
func delimiterIndices(s string, delimiterStart, delimiterEnd byte) ([]int, error) {
var level, idx int
idxs := make([]int, 0)
- for i := 0; i < len(s); i++ {
+ for i := range len(s) {
switch s[i] {
case delimiterStart:
if level++; level == 1 {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/resolver.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/resolver.go
similarity index 85%
rename from vendor/github.com/open-policy-agent/opa/topdown/resolver.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/resolver.go
index 5ed6c1e443..8fff22b1d3 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/resolver.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/resolver.go
@@ -5,9 +5,9 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/metrics"
- "github.com/open-policy-agent/opa/resolver"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/metrics"
+ "github.com/open-policy-agent/opa/v1/resolver"
)
type resolverTrie struct {
@@ -35,6 +35,10 @@ func (t *resolverTrie) Put(ref ast.Ref, r resolver.Resolver) {
func (t *resolverTrie) Resolve(e *eval, ref ast.Ref) (ast.Value, error) {
e.metrics.Timer(metrics.RegoExternalResolve).Start()
defer e.metrics.Timer(metrics.RegoExternalResolve).Stop()
+
+ if t == nil {
+ return nil, nil
+ }
node := t
for i, t := range ref {
child, ok := node.children[t.Value]
@@ -48,7 +52,11 @@ func (t *resolverTrie) Resolve(e *eval, ref ast.Ref) (ast.Value, error) {
Input: e.input,
Metrics: e.metrics,
}
- e.traceWasm(e.query[e.index], &in.Ref)
+ if e.traceEnabled {
+ // avoid leaking pointer if trace is disabled
+ cpy := in.Ref
+ e.traceWasm(e.query[e.index], &cpy)
+ }
if e.data != nil {
return nil, errInScopeWithStmt
}
@@ -75,7 +83,10 @@ func (t *resolverTrie) Resolve(e *eval, ref ast.Ref) (ast.Value, error) {
func (t *resolverTrie) mktree(e *eval, in resolver.Input) (ast.Value, error) {
if t.r != nil {
- e.traceWasm(e.query[e.index], &in.Ref)
+ if e.traceEnabled {
+ cpy := in.Ref
+ e.traceWasm(e.query[e.index], &cpy)
+ }
if e.data != nil {
return nil, errInScopeWithStmt
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/runtime.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/runtime.go
similarity index 69%
rename from vendor/github.com/open-policy-agent/opa/topdown/runtime.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/runtime.go
index 7d512f7c00..8517edb8fb 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/runtime.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/runtime.go
@@ -5,25 +5,28 @@
package topdown
import (
+ "errors"
"fmt"
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
)
+var nothingResolver ast.Resolver = illegalResolver{}
+
func builtinOPARuntime(bctx BuiltinContext, _ []*ast.Term, iter func(*ast.Term) error) error {
if bctx.Runtime == nil {
- return iter(ast.ObjectTerm())
+ return iter(ast.InternedEmptyObject)
}
- if bctx.Runtime.Get(ast.StringTerm("config")) != nil {
- iface, err := ast.ValueToInterface(bctx.Runtime.Value, illegalResolver{})
+ if bctx.Runtime.Get(ast.InternedStringTerm("config")) != nil {
+ iface, err := ast.ValueToInterface(bctx.Runtime.Value, nothingResolver)
if err != nil {
return err
}
- if object, ok := iface.(map[string]interface{}); ok {
+ if object, ok := iface.(map[string]any); ok {
if cfgRaw, ok := object["config"]; ok {
- if config, ok := cfgRaw.(map[string]interface{}); ok {
+ if config, ok := cfgRaw.(map[string]any); ok {
configPurged, err := activeConfig(config)
if err != nil {
return err
@@ -46,7 +49,7 @@ func init() {
RegisterBuiltinFunc(ast.OPARuntime.Name, builtinOPARuntime)
}
-func activeConfig(config map[string]interface{}) (interface{}, error) {
+func activeConfig(config map[string]any) (any, error) {
if config["services"] != nil {
err := removeServiceCredentials(config["services"])
@@ -65,10 +68,10 @@ func activeConfig(config map[string]interface{}) (interface{}, error) {
return config, nil
}
-func removeServiceCredentials(x interface{}) error {
+func removeServiceCredentials(x any) error {
switch x := x.(type) {
- case []interface{}:
+ case []any:
for _, v := range x {
err := removeKey(v, "credentials")
if err != nil {
@@ -76,7 +79,7 @@ func removeServiceCredentials(x interface{}) error {
}
}
- case map[string]interface{}:
+ case map[string]any:
for _, v := range x {
err := removeKey(v, "credentials")
if err != nil {
@@ -90,10 +93,10 @@ func removeServiceCredentials(x interface{}) error {
return nil
}
-func removeCryptoKeys(x interface{}) error {
+func removeCryptoKeys(x any) error {
switch x := x.(type) {
- case map[string]interface{}:
+ case map[string]any:
for _, v := range x {
err := removeKey(v, "key", "private_key")
if err != nil {
@@ -107,10 +110,10 @@ func removeCryptoKeys(x interface{}) error {
return nil
}
-func removeKey(x interface{}, keys ...string) error {
- val, ok := x.(map[string]interface{})
+func removeKey(x any, keys ...string) error {
+ val, ok := x.(map[string]any)
if !ok {
- return fmt.Errorf("type assertion error")
+ return errors.New("type assertion error")
}
for _, key := range keys {
@@ -122,6 +125,6 @@ func removeKey(x interface{}, keys ...string) error {
type illegalResolver struct{}
-func (illegalResolver) Resolve(ref ast.Ref) (interface{}, error) {
+func (illegalResolver) Resolve(ref ast.Ref) (any, error) {
return nil, fmt.Errorf("illegal value: %v", ref)
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/save.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/save.go
similarity index 86%
rename from vendor/github.com/open-policy-agent/opa/topdown/save.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/save.go
index 0468692cc6..47bf7521b4 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/save.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/save.go
@@ -1,11 +1,13 @@
package topdown
import (
+ "cmp"
"container/list"
"fmt"
+ "slices"
"strings"
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
)
// saveSet contains a stack of terms that are considered 'unknown' during
@@ -355,17 +357,23 @@ func splitPackageAndRule(path ast.Ref) (ast.Ref, ast.Ref) {
// being saved. This check allows the evaluator to evaluate statements
// completely during partial evaluation as long as they do not depend on any
// kind of unknown value or statements that would generate saves.
-func saveRequired(c *ast.Compiler, ic *inliningControl, icIgnoreInternal bool, ss *saveSet, b *bindings, x interface{}, rec bool) bool {
+func saveRequired(c *ast.Compiler, ic *inliningControl, icIgnoreInternal bool, ss *saveSet, b *bindings, x any, rec bool) bool {
var found bool
- vis := ast.NewGenericVisitor(func(node interface{}) bool {
+ vis := ast.NewGenericVisitor(func(node any) bool {
if found {
return found
}
switch node := node.(type) {
case *ast.Expr:
- found = len(node.With) > 0 || ignoreExprDuringPartial(node)
+ found = len(node.With) > 0
+ if found {
+ return found
+ }
+ if !ic.nondeterministicBuiltins { // skip evaluating non-det builtins for PE
+ found = ignoreExprDuringPartial(node)
+ }
case *ast.Term:
switch v := node.Value.(type) {
case ast.Var:
@@ -412,35 +420,56 @@ func ignoreDuringPartial(bi *ast.Builtin) bool {
// Note(philipc): We keep this legacy check around to avoid breaking
// existing library users.
//nolint:staticcheck // We specifically ignore our own linter warning here.
- for _, ignore := range ast.IgnoreDuringPartialEval {
- if bi == ignore {
- return true
- }
- }
- // Otherwise, ensure all non-deterministic builtins are thrown out.
- return bi.Nondeterministic
+ return cmp.Or(slices.Contains(ast.IgnoreDuringPartialEval, bi), bi.Nondeterministic)
}
type inliningControl struct {
- shallow bool
- disable []disableInliningFrame
+ shallow bool
+ disable []disableInliningFrame
+ nondeterministicBuiltins bool // evaluate non-det builtins during PE (if args are known)
}
type disableInliningFrame struct {
internal bool
refs []ast.Ref
+ v ast.Var
}
-func (i *inliningControl) PushDisable(refs []ast.Ref, internal bool) {
+func (i *inliningControl) PushDisable(x any, internal bool) {
if i == nil {
return
}
+
+ switch x := x.(type) {
+ case []ast.Ref:
+ i.PushDisableRefs(x, internal)
+ case ast.Var:
+ i.PushDisableVar(x, internal)
+ }
+}
+
+func (i *inliningControl) PushDisableRefs(refs []ast.Ref, internal bool) {
+ if i == nil {
+ return
+ }
+
i.disable = append(i.disable, disableInliningFrame{
internal: internal,
refs: refs,
})
}
+func (i *inliningControl) PushDisableVar(v ast.Var, internal bool) {
+ if i == nil {
+ return
+ }
+
+ i.disable = append(i.disable, disableInliningFrame{
+ internal: internal,
+ v: v,
+ })
+}
+
func (i *inliningControl) PopDisable() {
if i == nil {
return
@@ -448,10 +477,26 @@ func (i *inliningControl) PopDisable() {
i.disable = i.disable[:len(i.disable)-1]
}
-func (i *inliningControl) Disabled(ref ast.Ref, ignoreInternal bool) bool {
+func (i *inliningControl) Disabled(x any, ignoreInternal bool) bool {
if i == nil {
return false
}
+
+ switch x := x.(type) {
+ case ast.Ref:
+ return i.DisabledRef(x, ignoreInternal)
+ case ast.Var:
+ return i.DisabledVar(x, ignoreInternal)
+ }
+
+ return false
+}
+
+func (i *inliningControl) DisabledRef(ref ast.Ref, ignoreInternal bool) bool {
+ if i == nil {
+ return false
+ }
+
for _, frame := range i.disable {
if !frame.internal || !ignoreInternal {
for _, other := range frame.refs {
@@ -463,3 +508,16 @@ func (i *inliningControl) Disabled(ref ast.Ref, ignoreInternal bool) bool {
}
return false
}
+
+func (i *inliningControl) DisabledVar(v ast.Var, ignoreInternal bool) bool {
+ if i == nil {
+ return false
+ }
+
+ for _, frame := range i.disable {
+ if (!frame.internal || !ignoreInternal) && frame.v.Equal(v) {
+ return true
+ }
+ }
+ return false
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/semver.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/semver.go
similarity index 85%
rename from vendor/github.com/open-policy-agent/opa/topdown/semver.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/semver.go
index 7bb7b9c183..0e7daaeae6 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/semver.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/semver.go
@@ -7,9 +7,9 @@ package topdown
import (
"fmt"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/semver"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func builtinSemVerCompare(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -34,13 +34,13 @@ func builtinSemVerCompare(_ BuiltinContext, operands []*ast.Term, iter func(*ast
result := versionA.Compare(*versionB)
- return iter(ast.IntNumberTerm(result))
+ return iter(ast.InternedIntNumberTerm(result))
}
func builtinSemVerIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
versionString, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
result := true
@@ -50,7 +50,7 @@ func builtinSemVerIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*ast
result = false
}
- return iter(ast.BooleanTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
func init() {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/sets.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/sets.go
similarity index 90%
rename from vendor/github.com/open-policy-agent/opa/topdown/sets.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/sets.go
index a973404f3f..c50efe4a80 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/sets.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/sets.go
@@ -5,11 +5,11 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
-// Deprecated in v0.4.2 in favour of minus/infix "-" operation.
+// Deprecated: deprecated in v0.4.2 in favour of minus/infix "-" operation.
func builtinSetDiff(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
s1, err := builtins.SetOperand(operands[0].Value, 1)
@@ -35,7 +35,7 @@ func builtinSetIntersection(_ BuiltinContext, operands []*ast.Term, iter func(*a
// empty input set
if inputSet.Len() == 0 {
- return iter(ast.NewTerm(ast.NewSet()))
+ return iter(ast.InternedEmptySet)
}
var result ast.Set
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/strings.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/strings.go
similarity index 68%
rename from vendor/github.com/open-policy-agent/opa/topdown/strings.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/strings.go
index d9e4a55e58..376dfa9a68 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/strings.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/strings.go
@@ -5,15 +5,19 @@
package topdown
import (
+ "errors"
"fmt"
"math/big"
"sort"
+ "strconv"
"strings"
+ "unicode"
+ "unicode/utf8"
"github.com/tchap/go-patricia/v2/patricia"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func builtinAnyPrefixMatch(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -47,7 +51,7 @@ func builtinAnyPrefixMatch(_ BuiltinContext, operands []*ast.Term, iter func(*as
return builtins.NewOperandTypeErr(2, b, "string", "set", "array")
}
- return iter(ast.BooleanTerm(anyStartsWithAny(strs, prefixes)))
+ return iter(ast.InternedBooleanTerm(anyStartsWithAny(strs, prefixes)))
}
func builtinAnySuffixMatch(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -87,7 +91,7 @@ func builtinAnySuffixMatch(_ BuiltinContext, operands []*ast.Term, iter func(*as
return builtins.NewOperandTypeErr(2, b, "string", "set", "array")
}
- return iter(ast.BooleanTerm(anyStartsWithAny(strsReversed, suffixesReversed)))
+ return iter(ast.InternedBooleanTerm(anyStartsWithAny(strsReversed, suffixesReversed)))
}
func anyStartsWithAny(strs []string, prefixes []string) bool {
@@ -99,11 +103,11 @@ func anyStartsWithAny(strs []string, prefixes []string) bool {
}
trie := patricia.NewTrie()
- for i := 0; i < len(strs); i++ {
+ for i := range strs {
trie.Insert([]byte(strs[i]), true)
}
- for i := 0; i < len(prefixes); i++ {
+ for i := range prefixes {
if trie.MatchSubtree([]byte(prefixes[i])) {
return true
}
@@ -131,6 +135,9 @@ func builtinFormatInt(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
case ast.Number("8"):
format = "%o"
case ast.Number("10"):
+ if i, ok := input.Int(); ok {
+ return iter(ast.InternedIntegerString(i))
+ }
format = "%d"
case ast.Number("16"):
format = "%x"
@@ -141,48 +148,63 @@ func builtinFormatInt(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
f := builtins.NumberToFloat(input)
i, _ := f.Int(nil)
- return iter(ast.StringTerm(fmt.Sprintf(format, i)))
+ return iter(ast.InternedStringTerm(fmt.Sprintf(format, i)))
}
-func builtinConcat(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+func builtinConcat(b BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
join, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
return err
}
- strs := []string{}
+ var strs []string
switch b := operands[1].Value.(type) {
case *ast.Array:
- err := b.Iter(func(x *ast.Term) error {
- s, ok := x.Value.(ast.String)
+ var l int
+ for i := range b.Len() {
+ s, ok := b.Elem(i).Value.(ast.String)
if !ok {
- return builtins.NewOperandElementErr(2, operands[1].Value, x.Value, "string")
+ return builtins.NewOperandElementErr(2, operands[1].Value, b.Elem(i).Value, "string")
}
- strs = append(strs, string(s))
- return nil
- })
- if err != nil {
- return err
+ l += len(string(s))
+ }
+
+ if b.Len() == 1 {
+ return iter(b.Elem(0))
}
+
+ strs = make([]string, 0, l)
+ for i := range b.Len() {
+ strs = append(strs, string(b.Elem(i).Value.(ast.String)))
+ }
+
case ast.Set:
- err := b.Iter(func(x *ast.Term) error {
- s, ok := x.Value.(ast.String)
+ var l int
+ terms := b.Slice()
+ for i := range terms {
+ s, ok := terms[i].Value.(ast.String)
if !ok {
- return builtins.NewOperandElementErr(2, operands[1].Value, x.Value, "string")
+ return builtins.NewOperandElementErr(2, operands[1].Value, terms[i].Value, "string")
}
- strs = append(strs, string(s))
- return nil
- })
- if err != nil {
- return err
+ l += len(string(s))
}
+
+ if b.Len() == 1 {
+ return iter(b.Slice()[0])
+ }
+
+ strs = make([]string, 0, l)
+ for i := range b.Len() {
+ strs = append(strs, string(terms[i].Value.(ast.String)))
+ }
+
default:
return builtins.NewOperandTypeErr(2, operands[1].Value, "set", "array")
}
- return iter(ast.StringTerm(strings.Join(strs, string(join))))
+ return iter(ast.InternedStringTerm(strings.Join(strs, string(join))))
}
func runesEqual(a, b []rune) bool {
@@ -208,7 +230,14 @@ func builtinIndexOf(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
return err
}
if len(string(search)) == 0 {
- return fmt.Errorf("empty search character")
+ return errors.New("empty search character")
+ }
+
+ if isASCII(string(base)) && isASCII(string(search)) {
+ // this is a false positive in the indexAlloc rule that thinks
+ // we're converting byte arrays to strings
+ //nolint:gocritic
+ return iter(ast.InternedIntNumberTerm(strings.Index(string(base), string(search))))
}
baseRunes := []rune(string(base))
@@ -218,14 +247,14 @@ func builtinIndexOf(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
for i, r := range baseRunes {
if len(baseRunes) >= i+searchLen {
if r == searchRunes[0] && runesEqual(baseRunes[i:i+searchLen], searchRunes) {
- return iter(ast.IntNumberTerm(i))
+ return iter(ast.InternedIntNumberTerm(i))
}
} else {
break
}
}
- return iter(ast.IntNumberTerm(-1))
+ return iter(ast.InternedIntNumberTerm(-1))
}
func builtinIndexOfN(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -239,7 +268,7 @@ func builtinIndexOfN(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
return err
}
if len(string(search)) == 0 {
- return fmt.Errorf("empty search character")
+ return errors.New("empty search character")
}
baseRunes := []rune(string(base))
@@ -250,7 +279,7 @@ func builtinIndexOfN(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
for i, r := range baseRunes {
if len(baseRunes) >= i+searchLen {
if r == searchRunes[0] && runesEqual(baseRunes[i:i+searchLen], searchRunes) {
- arr = append(arr, ast.IntNumberTerm(i))
+ arr = append(arr, ast.InternedIntNumberTerm(i))
}
} else {
break
@@ -266,15 +295,10 @@ func builtinSubstring(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
if err != nil {
return err
}
- runes := []rune(base)
startIndex, err := builtins.IntOperand(operands[1].Value, 2)
if err != nil {
return err
- } else if startIndex >= len(runes) {
- return iter(ast.StringTerm(""))
- } else if startIndex < 0 {
- return fmt.Errorf("negative offset")
}
length, err := builtins.IntOperand(operands[2].Value, 3)
@@ -282,18 +306,62 @@ func builtinSubstring(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
return err
}
- var s ast.String
+ if startIndex < 0 {
+ return errors.New("negative offset")
+ }
+
+ sbase := string(base)
+ if sbase == "" {
+ return iter(ast.InternedEmptyString)
+ }
+
+ // Optimized path for the likely common case of ASCII strings.
+ // This allocates less memory and runs in about 1/3 the time.
+ if isASCII(sbase) {
+ if startIndex >= len(sbase) {
+ return iter(ast.InternedEmptyString)
+ }
+
+ if length < 0 {
+ return iter(ast.InternedStringTerm(sbase[startIndex:]))
+ }
+
+ if startIndex == 0 && length >= len(sbase) {
+ return iter(operands[0])
+ }
+
+ upto := min(len(sbase), startIndex+length)
+ return iter(ast.InternedStringTerm(sbase[startIndex:upto]))
+ }
+
+ if startIndex == 0 && length >= utf8.RuneCountInString(sbase) {
+ return iter(operands[0])
+ }
+
+ runes := []rune(base)
+
+ if startIndex >= len(runes) {
+ return iter(ast.InternedEmptyString)
+ }
+
+ var s string
if length < 0 {
- s = ast.String(runes[startIndex:])
+ s = string(runes[startIndex:])
} else {
- upto := startIndex + length
- if len(runes) < upto {
- upto = len(runes)
- }
- s = ast.String(runes[startIndex:upto])
+ upto := min(len(runes), startIndex+length)
+ s = string(runes[startIndex:upto])
}
- return iter(ast.NewTerm(s))
+ return iter(ast.InternedStringTerm(s))
+}
+
+func isASCII(s string) bool {
+ for i := range len(s) {
+ if s[i] > unicode.MaxASCII {
+ return false
+ }
+ }
+ return true
}
func builtinContains(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -307,7 +375,7 @@ func builtinContains(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
return err
}
- return iter(ast.BooleanTerm(strings.Contains(string(s), string(substr))))
+ return iter(ast.InternedBooleanTerm(strings.Contains(string(s), string(substr))))
}
func builtinStringCount(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -323,10 +391,9 @@ func builtinStringCount(_ BuiltinContext, operands []*ast.Term, iter func(*ast.T
baseTerm := string(s)
searchTerm := string(substr)
-
count := strings.Count(baseTerm, searchTerm)
- return iter(ast.IntNumberTerm(count))
+ return iter(ast.InternedIntNumberTerm(count))
}
func builtinStartsWith(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -340,7 +407,7 @@ func builtinStartsWith(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Te
return err
}
- return iter(ast.BooleanTerm(strings.HasPrefix(string(s), string(prefix))))
+ return iter(ast.InternedBooleanTerm(strings.HasPrefix(string(s), string(prefix))))
}
func builtinEndsWith(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -354,7 +421,7 @@ func builtinEndsWith(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
return err
}
- return iter(ast.BooleanTerm(strings.HasSuffix(string(s), string(suffix))))
+ return iter(ast.InternedBooleanTerm(strings.HasSuffix(string(s), string(suffix))))
}
func builtinLower(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -363,7 +430,14 @@ func builtinLower(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) e
return err
}
- return iter(ast.StringTerm(strings.ToLower(string(s))))
+ arg := string(s)
+ low := strings.ToLower(arg)
+
+ if arg == low {
+ return iter(operands[0])
+ }
+
+ return iter(ast.InternedStringTerm(low))
}
func builtinUpper(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -372,7 +446,14 @@ func builtinUpper(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) e
return err
}
- return iter(ast.StringTerm(strings.ToUpper(string(s))))
+ arg := string(s)
+ upp := strings.ToUpper(arg)
+
+ if arg == upp {
+ return iter(operands[0])
+ }
+
+ return iter(ast.InternedStringTerm(upp))
}
func builtinSplit(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -380,15 +461,23 @@ func builtinSplit(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) e
if err != nil {
return err
}
+
d, err := builtins.StringOperand(operands[1].Value, 2)
if err != nil {
return err
}
+
+ if !strings.Contains(string(s), string(d)) {
+ return iter(ast.ArrayTerm(operands[0]))
+ }
+
elems := strings.Split(string(s), string(d))
arr := make([]*ast.Term, len(elems))
+
for i := range elems {
- arr[i] = ast.StringTerm(elems[i])
+ arr[i] = ast.InternedStringTerm(elems[i])
}
+
return iter(ast.ArrayTerm(arr...))
}
@@ -408,7 +497,12 @@ func builtinReplace(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
return err
}
- return iter(ast.StringTerm(strings.Replace(string(s), string(old), string(n), -1)))
+ replaced := strings.ReplaceAll(string(s), string(old), string(n))
+ if replaced == string(s) {
+ return iter(operands[0])
+ }
+
+ return iter(ast.InternedStringTerm(replaced))
}
func builtinReplaceN(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -437,14 +531,8 @@ func builtinReplaceN(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
}
oldnewArr = append(oldnewArr, string(keyVal), string(strVal))
}
- if err != nil {
- return err
- }
- r := strings.NewReplacer(oldnewArr...)
- replaced := r.Replace(string(s))
-
- return iter(ast.StringTerm(replaced))
+ return iter(ast.InternedStringTerm(strings.NewReplacer(oldnewArr...).Replace(string(s))))
}
func builtinTrim(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -458,7 +546,12 @@ func builtinTrim(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) er
return err
}
- return iter(ast.StringTerm(strings.Trim(string(s), string(c))))
+ trimmed := strings.Trim(string(s), string(c))
+ if trimmed == string(s) {
+ return iter(operands[0])
+ }
+
+ return iter(ast.InternedStringTerm(strings.Trim(string(s), string(c))))
}
func builtinTrimLeft(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -472,7 +565,12 @@ func builtinTrimLeft(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
return err
}
- return iter(ast.StringTerm(strings.TrimLeft(string(s), string(c))))
+ trimmed := strings.TrimLeft(string(s), string(c))
+ if trimmed == string(s) {
+ return iter(operands[0])
+ }
+
+ return iter(ast.InternedStringTerm(trimmed))
}
func builtinTrimPrefix(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -486,7 +584,12 @@ func builtinTrimPrefix(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Te
return err
}
- return iter(ast.StringTerm(strings.TrimPrefix(string(s), string(pre))))
+ trimmed := strings.TrimPrefix(string(s), string(pre))
+ if trimmed == string(s) {
+ return iter(operands[0])
+ }
+
+ return iter(ast.InternedStringTerm(trimmed))
}
func builtinTrimRight(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -500,7 +603,12 @@ func builtinTrimRight(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
return err
}
- return iter(ast.StringTerm(strings.TrimRight(string(s), string(c))))
+ trimmed := strings.TrimRight(string(s), string(c))
+ if trimmed == string(s) {
+ return iter(operands[0])
+ }
+
+ return iter(ast.InternedStringTerm(trimmed))
}
func builtinTrimSuffix(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -514,7 +622,12 @@ func builtinTrimSuffix(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Te
return err
}
- return iter(ast.StringTerm(strings.TrimSuffix(string(s), string(suf))))
+ trimmed := strings.TrimSuffix(string(s), string(suf))
+ if trimmed == string(s) {
+ return iter(operands[0])
+ }
+
+ return iter(ast.InternedStringTerm(trimmed))
}
func builtinTrimSpace(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -523,7 +636,12 @@ func builtinTrimSpace(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
return err
}
- return iter(ast.StringTerm(strings.TrimSpace(string(s))))
+ trimmed := strings.TrimSpace(string(s))
+ if trimmed == string(s) {
+ return iter(operands[0])
+ }
+
+ return iter(ast.InternedStringTerm(trimmed))
}
func builtinSprintf(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -537,7 +655,20 @@ func builtinSprintf(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
return builtins.NewOperandTypeErr(2, operands[1].Value, "array")
}
- args := make([]interface{}, astArr.Len())
+ // Optimized path for where sprintf is used as a "to_string" function for
+ // a single integer, i.e. sprintf("%d", [x]) where x is an integer.
+ if s == "%d" && astArr.Len() == 1 {
+ if n, ok := astArr.Elem(0).Value.(ast.Number); ok {
+ if i, ok := n.Int(); ok {
+ if interned := ast.InternedIntegerString(i); interned != nil {
+ return iter(interned)
+ }
+ return iter(ast.StringTerm(strconv.Itoa(i)))
+ }
+ }
+ }
+
+ args := make([]any, astArr.Len())
for i := range args {
switch v := astArr.Elem(i).Value.(type) {
@@ -558,7 +689,7 @@ func builtinSprintf(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
}
}
- return iter(ast.StringTerm(fmt.Sprintf(string(s), args...)))
+ return iter(ast.InternedStringTerm(fmt.Sprintf(string(s), args...)))
}
func builtinReverse(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -567,19 +698,27 @@ func builtinReverse(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
return err
}
- return iter(ast.StringTerm(reverseString(string(s))))
+ return iter(ast.InternedStringTerm(reverseString(string(s))))
}
func reverseString(str string) string {
- sRunes := []rune(str)
- length := len(sRunes)
- reversedRunes := make([]rune, length)
+ var buf []byte
+ var arr [255]byte
+ size := len(str)
+
+ if size < 255 {
+ buf = arr[:size:size]
+ } else {
+ buf = make([]byte, size)
+ }
- for index, r := range sRunes {
- reversedRunes[length-index-1] = r
+ for start := 0; start < size; {
+ r, n := utf8.DecodeRuneInString(str[start:])
+ start += n
+ utf8.EncodeRune(buf[size-start:], r)
}
- return string(reversedRunes)
+ return string(buf)
}
func init() {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/subset.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/subset.go
similarity index 82%
rename from vendor/github.com/open-policy-agent/opa/topdown/subset.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/subset.go
index 7b152a5ef9..29354d9730 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/subset.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/subset.go
@@ -5,8 +5,8 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func bothObjects(t1, t2 *ast.Term) (bool, ast.Object, ast.Object) {
@@ -88,9 +88,8 @@ func arraySet(t1, t2 *ast.Term) (bool, *ast.Array, ast.Set) {
// associated with a key.
func objectSubset(super ast.Object, sub ast.Object) bool {
var superTerm *ast.Term
- isSubset := true
- sub.Until(func(key, subTerm *ast.Term) bool {
+ notSubset := sub.Until(func(key, subTerm *ast.Term) bool {
// This really wants to be a for loop, hence the somewhat
// weird internal structure. However, using Until() in this
// was is a performance optimization, as it avoids performing
@@ -98,10 +97,9 @@ func objectSubset(super ast.Object, sub ast.Object) bool {
superTerm = super.Get(key)
- // subTerm is can't be nil because we got it from Until(), so
+ // subTerm can't be nil because we got it from Until(), so
// we only need to verify that super is non-nil.
if superTerm == nil {
- isSubset = false
return true // break, not a subset
}
@@ -114,58 +112,39 @@ func objectSubset(super ast.Object, sub ast.Object) bool {
// them normally. If only one term is an object, then we
// do a normal comparison which will come up false.
if ok, superObj, subObj := bothObjects(superTerm, subTerm); ok {
- if !objectSubset(superObj, subObj) {
- isSubset = false
- return true // break, not a subset
- }
-
- return false // continue
+ return !objectSubset(superObj, subObj)
}
if ok, superSet, subSet := bothSets(superTerm, subTerm); ok {
- if !setSubset(superSet, subSet) {
- isSubset = false
- return true // break, not a subset
- }
-
- return false // continue
+ return !setSubset(superSet, subSet)
}
if ok, superArray, subArray := bothArrays(superTerm, subTerm); ok {
- if !arraySubset(superArray, subArray) {
- isSubset = false
- return true // break, not a subset
- }
-
- return false // continue
+ return !arraySubset(superArray, subArray)
}
// We have already checked for exact equality, as well as for
// all of the types of nested subsets we care about, so if we
// get here it means this isn't a subset.
- isSubset = false
return true // break, not a subset
})
- return isSubset
+ return !notSubset
}
// setSubset implements the subset operation on sets.
//
// Unlike in the object case, this is not recursive, we just compare values
-// using ast.Set.Contains() because we have no well defined way to "match up"
+// using ast.Set.Contains() because we have no well-defined way to "match up"
// objects that are in different sets.
func setSubset(super ast.Set, sub ast.Set) bool {
- isSubset := true
- sub.Until(func(t *ast.Term) bool {
- if !super.Contains(t) {
- isSubset = false
- return true
+ for _, elem := range sub.Slice() {
+ if !super.Contains(elem) {
+ return false
}
- return false
- })
+ }
- return isSubset
+ return true
}
// arraySubset implements the subset operation on arrays.
@@ -197,12 +176,12 @@ func arraySubset(super, sub *ast.Array) bool {
return false
}
- subElem := sub.Elem(subCursor)
superElem := super.Elem(superCursor + subCursor)
if superElem == nil {
return false
}
+ subElem := sub.Elem(subCursor)
if superElem.Value.Compare(subElem.Value) == 0 {
subCursor++
} else {
@@ -237,22 +216,22 @@ func builtinObjectSubset(_ BuiltinContext, operands []*ast.Term, iter func(*ast.
if ok, superObj, subObj := bothObjects(superTerm, subTerm); ok {
// Both operands are objects.
- return iter(ast.BooleanTerm(objectSubset(superObj, subObj)))
+ return iter(ast.InternedBooleanTerm(objectSubset(superObj, subObj)))
}
if ok, superSet, subSet := bothSets(superTerm, subTerm); ok {
// Both operands are sets.
- return iter(ast.BooleanTerm(setSubset(superSet, subSet)))
+ return iter(ast.InternedBooleanTerm(setSubset(superSet, subSet)))
}
if ok, superArray, subArray := bothArrays(superTerm, subTerm); ok {
// Both operands are sets.
- return iter(ast.BooleanTerm(arraySubset(superArray, subArray)))
+ return iter(ast.InternedBooleanTerm(arraySubset(superArray, subArray)))
}
if ok, superArray, subSet := arraySet(superTerm, subTerm); ok {
// Super operand is array and sub operand is set
- return iter(ast.BooleanTerm(arraySetSubset(superArray, subSet)))
+ return iter(ast.InternedBooleanTerm(arraySetSubset(superArray, subSet)))
}
return builtins.ErrOperand("both arguments object.subset must be of the same type or array and set")
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/template.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/template.go
similarity index 86%
rename from vendor/github.com/open-policy-agent/opa/topdown/template.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/template.go
index cf42477ee8..29038a6579 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/template.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/template.go
@@ -4,8 +4,8 @@ import (
"bytes"
"text/template"
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
func renderTemplate(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -19,7 +19,7 @@ func renderTemplate(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term)
return err
}
- var templateVariables map[string]interface{}
+ var templateVariables map[string]any
if err := ast.As(templateVariablesTerm, &templateVariables); err != nil {
return err
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/test.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/test.go
new file mode 100644
index 0000000000..02958d2264
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/test.go
@@ -0,0 +1,30 @@
+// Copyright 2025 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import "github.com/open-policy-agent/opa/v1/ast"
+
+const TestCaseOp Op = "TestCase"
+
+func builtinTestCase(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ e := &Event{
+ Op: TestCaseOp,
+ QueryID: bctx.QueryID,
+ Node: ast.NewExpr([]*ast.Term{
+ ast.NewTerm(ast.InternalTestCase.Ref()),
+ ast.NewTerm(operands[0].Value),
+ }),
+ }
+
+ for _, tracer := range bctx.QueryTracers {
+ tracer.TraceEvent(*e)
+ }
+
+ return iter(ast.BooleanTerm(true))
+}
+
+func init() {
+ RegisterBuiltinFunc(ast.InternalTestCase.Name, builtinTestCase)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/time.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/time.go
similarity index 91%
rename from vendor/github.com/open-policy-agent/opa/topdown/time.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/time.go
index ba3efc75dc..cfb4c14753 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/time.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/time.go
@@ -6,7 +6,7 @@ package topdown
import (
"encoding/json"
- "fmt"
+ "errors"
"math"
"math/big"
"strconv"
@@ -14,8 +14,8 @@ import (
"time"
_ "time/tzdata" // this is needed to have LoadLocation when no filesystem tzdata is available
- "github.com/open-policy-agent/opa/ast"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
var tzCache map[string]*time.Location
@@ -29,7 +29,7 @@ var maxDateAllowedForNsConversion = time.Unix(0, math.MaxInt64)
func toSafeUnixNano(t time.Time, iter func(*ast.Term) error) error {
if t.Before(minDateAllowedForNsConversion) || t.After(maxDateAllowedForNsConversion) {
- return fmt.Errorf("time outside of valid range")
+ return errors.New("time outside of valid range")
}
return iter(ast.NewTerm(ast.Number(int64ToJSONNumber(t.UnixNano()))))
@@ -127,8 +127,8 @@ func builtinDate(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) er
return err
}
year, month, day := t.Date()
- result := ast.NewArray(ast.IntNumberTerm(year), ast.IntNumberTerm(int(month)), ast.IntNumberTerm(day))
- return iter(ast.NewTerm(result))
+
+ return iter(ast.ArrayTerm(ast.InternedIntNumberTerm(year), ast.InternedIntNumberTerm(int(month)), ast.InternedIntNumberTerm(day)))
}
func builtinClock(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
@@ -137,7 +137,7 @@ func builtinClock(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) e
return err
}
hour, minute, second := t.Clock()
- result := ast.NewArray(ast.IntNumberTerm(hour), ast.IntNumberTerm(minute), ast.IntNumberTerm(second))
+ result := ast.NewArray(ast.InternedIntNumberTerm(hour), ast.InternedIntNumberTerm(minute), ast.InternedIntNumberTerm(second))
return iter(ast.NewTerm(result))
}
@@ -238,8 +238,8 @@ func builtinDiff(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) er
}
// END REDISTRIBUTION FROM APACHE 2.0 LICENSED PROJECT
- return iter(ast.ArrayTerm(ast.IntNumberTerm(year), ast.IntNumberTerm(month), ast.IntNumberTerm(day),
- ast.IntNumberTerm(hour), ast.IntNumberTerm(min), ast.IntNumberTerm(sec)))
+ return iter(ast.ArrayTerm(ast.InternedIntNumberTerm(year), ast.InternedIntNumberTerm(month), ast.InternedIntNumberTerm(day),
+ ast.InternedIntNumberTerm(hour), ast.InternedIntNumberTerm(min), ast.InternedIntNumberTerm(sec)))
}
func tzTime(a ast.Value) (t time.Time, lay string, err error) {
@@ -313,7 +313,7 @@ func tzTime(a ast.Value) (t time.Time, lay string, err error) {
f := builtins.NumberToFloat(value)
i64, acc := f.Int64()
if acc != big.Exact {
- return time.Time{}, layout, fmt.Errorf("timestamp too big")
+ return time.Time{}, layout, errors.New("timestamp too big")
}
t = time.Unix(0, i64).In(loc)
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/tokens.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/tokens.go
similarity index 69%
rename from vendor/github.com/open-policy-agent/opa/topdown/tokens.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/tokens.go
index 7457f1f15d..bebffe5df6 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/tokens.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/tokens.go
@@ -21,25 +21,15 @@ import (
"math/big"
"strings"
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/jwx/jwa"
"github.com/open-policy-agent/opa/internal/jwx/jwk"
"github.com/open-policy-agent/opa/internal/jwx/jws"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/topdown/cache"
)
-var (
- jwtEncKey = ast.StringTerm("enc")
- jwtCtyKey = ast.StringTerm("cty")
- jwtIssKey = ast.StringTerm("iss")
- jwtExpKey = ast.StringTerm("exp")
- jwtNbfKey = ast.StringTerm("nbf")
- jwtAudKey = ast.StringTerm("aud")
-)
-
-const (
- headerJwt = "JWT"
-)
+const headerJwt = "JWT"
// JSONWebToken represent the 3 parts (header, payload & signature) of
//
@@ -85,7 +75,7 @@ func builtinJWTDecode(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
return fmt.Errorf("JWT payload had invalid encoding: %v", err)
}
- if cty := token.decodedHeader.Get(jwtCtyKey); cty != nil {
+ if cty := token.decodedHeader.Get(ast.InternedStringTerm("cty")); cty != nil {
ctyVal := string(cty.Value.(ast.String))
// It is possible for the contents of a token to be another
// token as a result of nested signing or encryption. To handle
@@ -129,8 +119,8 @@ func builtinJWTDecode(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Ter
}
// Implements RS256 JWT signature verification
-func builtinJWTVerifyRS256(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- result, err := builtinJWTVerifyRSA(operands[0].Value, operands[1].Value, sha256.New, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
+func builtinJWTVerifyRS256(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := builtinJWTVerifyRSA(bctx, operands[0].Value, operands[1].Value, sha256.New, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
return rsa.VerifyPKCS1v15(
publicKey,
crypto.SHA256,
@@ -138,14 +128,14 @@ func builtinJWTVerifyRS256(_ BuiltinContext, operands []*ast.Term, iter func(*as
signature)
})
if err == nil {
- return iter(ast.NewTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
return err
}
// Implements RS384 JWT signature verification
-func builtinJWTVerifyRS384(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- result, err := builtinJWTVerifyRSA(operands[0].Value, operands[1].Value, sha512.New384, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
+func builtinJWTVerifyRS384(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := builtinJWTVerifyRSA(bctx, operands[0].Value, operands[1].Value, sha512.New384, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
return rsa.VerifyPKCS1v15(
publicKey,
crypto.SHA384,
@@ -153,14 +143,14 @@ func builtinJWTVerifyRS384(_ BuiltinContext, operands []*ast.Term, iter func(*as
signature)
})
if err == nil {
- return iter(ast.NewTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
return err
}
// Implements RS512 JWT signature verification
-func builtinJWTVerifyRS512(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- result, err := builtinJWTVerifyRSA(operands[0].Value, operands[1].Value, sha512.New, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
+func builtinJWTVerifyRS512(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := builtinJWTVerifyRSA(bctx, operands[0].Value, operands[1].Value, sha512.New, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
return rsa.VerifyPKCS1v15(
publicKey,
crypto.SHA512,
@@ -168,14 +158,14 @@ func builtinJWTVerifyRS512(_ BuiltinContext, operands []*ast.Term, iter func(*as
signature)
})
if err == nil {
- return iter(ast.NewTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
return err
}
// Implements PS256 JWT signature verification
-func builtinJWTVerifyPS256(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- result, err := builtinJWTVerifyRSA(operands[0].Value, operands[1].Value, sha256.New, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
+func builtinJWTVerifyPS256(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := builtinJWTVerifyRSA(bctx, operands[0].Value, operands[1].Value, sha256.New, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
return rsa.VerifyPSS(
publicKey,
crypto.SHA256,
@@ -184,14 +174,14 @@ func builtinJWTVerifyPS256(_ BuiltinContext, operands []*ast.Term, iter func(*as
nil)
})
if err == nil {
- return iter(ast.NewTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
return err
}
// Implements PS384 JWT signature verification
-func builtinJWTVerifyPS384(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- result, err := builtinJWTVerifyRSA(operands[0].Value, operands[1].Value, sha512.New384, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
+func builtinJWTVerifyPS384(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := builtinJWTVerifyRSA(bctx, operands[0].Value, operands[1].Value, sha512.New384, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
return rsa.VerifyPSS(
publicKey,
crypto.SHA384,
@@ -200,14 +190,14 @@ func builtinJWTVerifyPS384(_ BuiltinContext, operands []*ast.Term, iter func(*as
nil)
})
if err == nil {
- return iter(ast.NewTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
return err
}
// Implements PS512 JWT signature verification
-func builtinJWTVerifyPS512(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- result, err := builtinJWTVerifyRSA(operands[0].Value, operands[1].Value, sha512.New, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
+func builtinJWTVerifyPS512(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := builtinJWTVerifyRSA(bctx, operands[0].Value, operands[1].Value, sha512.New, func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error {
return rsa.VerifyPSS(
publicKey,
crypto.SHA512,
@@ -216,50 +206,50 @@ func builtinJWTVerifyPS512(_ BuiltinContext, operands []*ast.Term, iter func(*as
nil)
})
if err == nil {
- return iter(ast.NewTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
return err
}
// Implements RSA JWT signature verification.
-func builtinJWTVerifyRSA(a ast.Value, b ast.Value, hasher func() hash.Hash, verify func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error) (ast.Value, error) {
- return builtinJWTVerify(a, b, hasher, func(publicKey interface{}, digest []byte, signature []byte) error {
+func builtinJWTVerifyRSA(bctx BuiltinContext, jwt ast.Value, keyStr ast.Value, hasher func() hash.Hash, verify func(publicKey *rsa.PublicKey, digest []byte, signature []byte) error) (bool, error) {
+ return builtinJWTVerify(bctx, jwt, keyStr, hasher, func(publicKey any, digest []byte, signature []byte) error {
publicKeyRsa, ok := publicKey.(*rsa.PublicKey)
if !ok {
- return fmt.Errorf("incorrect public key type")
+ return errors.New("incorrect public key type")
}
return verify(publicKeyRsa, digest, signature)
})
}
// Implements ES256 JWT signature verification.
-func builtinJWTVerifyES256(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- result, err := builtinJWTVerify(operands[0].Value, operands[1].Value, sha256.New, verifyES)
+func builtinJWTVerifyES256(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := builtinJWTVerify(bctx, operands[0].Value, operands[1].Value, sha256.New, verifyES)
if err == nil {
- return iter(ast.NewTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
return err
}
// Implements ES384 JWT signature verification
-func builtinJWTVerifyES384(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- result, err := builtinJWTVerify(operands[0].Value, operands[1].Value, sha512.New384, verifyES)
+func builtinJWTVerifyES384(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := builtinJWTVerify(bctx, operands[0].Value, operands[1].Value, sha512.New384, verifyES)
if err == nil {
- return iter(ast.NewTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
return err
}
// Implements ES512 JWT signature verification
-func builtinJWTVerifyES512(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- result, err := builtinJWTVerify(operands[0].Value, operands[1].Value, sha512.New, verifyES)
+func builtinJWTVerifyES512(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ result, err := builtinJWTVerify(bctx, operands[0].Value, operands[1].Value, sha512.New, verifyES)
if err == nil {
- return iter(ast.NewTerm(result))
+ return iter(ast.InternedBooleanTerm(result))
}
return err
}
-func verifyES(publicKey interface{}, digest []byte, signature []byte) (err error) {
+func verifyES(publicKey any, digest []byte, signature []byte) (err error) {
defer func() {
if r := recover(); r != nil {
err = fmt.Errorf("ECDSA signature verification error: %v", r)
@@ -267,7 +257,7 @@ func verifyES(publicKey interface{}, digest []byte, signature []byte) (err error
}()
publicKeyEcdsa, ok := publicKey.(*ecdsa.PublicKey)
if !ok {
- return fmt.Errorf("incorrect public key type")
+ return errors.New("incorrect public key type")
}
r, s := &big.Int{}, &big.Int{}
n := len(signature) / 2
@@ -276,13 +266,13 @@ func verifyES(publicKey interface{}, digest []byte, signature []byte) (err error
if ecdsa.Verify(publicKeyEcdsa, digest, r, s) {
return nil
}
- return fmt.Errorf("ECDSA signature verification error")
+ return errors.New("ECDSA signature verification error")
}
type verificationKey struct {
alg string
kid string
- key interface{}
+ key any
}
// getKeysFromCertOrJWK returns the public key found in a X.509 certificate or JWK key(s).
@@ -291,7 +281,7 @@ type verificationKey struct {
func getKeysFromCertOrJWK(certificate string) ([]verificationKey, error) {
if block, rest := pem.Decode([]byte(certificate)); block != nil {
if len(rest) > 0 {
- return nil, fmt.Errorf("extra data after a PEM certificate block")
+ return nil, errors.New("extra data after a PEM certificate block")
}
if block.Type == blockTypeCertificate {
@@ -311,7 +301,7 @@ func getKeysFromCertOrJWK(certificate string) ([]verificationKey, error) {
return []verificationKey{{key: key}}, nil
}
- return nil, fmt.Errorf("failed to extract a Key from the PEM certificate")
+ return nil, errors.New("failed to extract a Key from the PEM certificate")
}
jwks, err := jwk.ParseString(certificate)
@@ -345,34 +335,43 @@ func getKeyByKid(kid string, keys []verificationKey) *verificationKey {
}
// Implements JWT signature verification.
-func builtinJWTVerify(a ast.Value, b ast.Value, hasher func() hash.Hash, verify func(publicKey interface{}, digest []byte, signature []byte) error) (ast.Value, error) {
- token, err := decodeJWT(a)
+func builtinJWTVerify(bctx BuiltinContext, jwt ast.Value, keyStr ast.Value, hasher func() hash.Hash, verify func(publicKey any, digest []byte, signature []byte) error) (bool, error) {
+ if found, _, _, valid := getTokenFromCache(bctx, jwt, keyStr); found {
+ return valid, nil
+ }
+
+ token, err := decodeJWT(jwt)
if err != nil {
- return nil, err
+ return false, err
}
- s, err := builtins.StringOperand(b, 2)
+ s, err := builtins.StringOperand(keyStr, 2)
if err != nil {
- return nil, err
+ return false, err
}
keys, err := getKeysFromCertOrJWK(string(s))
if err != nil {
- return nil, err
+ return false, err
}
signature, err := token.decodeSignature()
if err != nil {
- return nil, err
+ return false, err
}
err = token.decodeHeader()
if err != nil {
- return nil, err
+ return false, err
}
header, err := parseTokenHeader(token)
if err != nil {
- return nil, err
+ return false, err
+ }
+
+ done := func(valid bool) (bool, error) {
+ putTokenInCache(bctx, jwt, keyStr, nil, nil, valid)
+ return valid, nil
}
// Validate the JWT signature
@@ -383,7 +382,7 @@ func builtinJWTVerify(a ast.Value, b ast.Value, hasher func() hash.Hash, verify
if key := getKeyByKid(header.kid, keys); key != nil {
err = verify(key.key, getInputSHA([]byte(token.header+"."+token.payload), hasher), []byte(signature))
- return ast.Boolean(err == nil), nil
+ return done(err == nil)
}
}
@@ -395,7 +394,7 @@ func builtinJWTVerify(a ast.Value, b ast.Value, hasher func() hash.Hash, verify
// we'll need to verify to find out
err = verify(key.key, getInputSHA([]byte(token.header+"."+token.payload), hasher), []byte(signature))
if err == nil {
- return ast.Boolean(true), nil
+ return done(true)
}
} else {
if header.alg != key.alg {
@@ -403,48 +402,32 @@ func builtinJWTVerify(a ast.Value, b ast.Value, hasher func() hash.Hash, verify
}
err = verify(key.key, getInputSHA([]byte(token.header+"."+token.payload), hasher), []byte(signature))
if err == nil {
- return ast.Boolean(true), nil
+ return done(true)
}
}
}
// None of the keys worked, return false
- return ast.Boolean(false), nil
+ return done(false)
}
// Implements HS256 (secret) JWT signature verification
-func builtinJWTVerifyHS256(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- // Decode the JSON Web Token
- token, err := decodeJWT(operands[0].Value)
- if err != nil {
- return err
- }
-
- // Process Secret input
- astSecret, err := builtins.StringOperand(operands[1].Value, 2)
- if err != nil {
- return err
- }
- secret := string(astSecret)
-
- mac := hmac.New(sha256.New, []byte(secret))
- _, err = mac.Write([]byte(token.header + "." + token.payload))
- if err != nil {
- return err
- }
+func builtinJWTVerifyHS256(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ return builtinJWTVerifyHS(bctx, operands, sha256.New, iter)
+}
- signature, err := token.decodeSignature()
- if err != nil {
- return err
- }
+// Implements HS384 JWT signature verification
+func builtinJWTVerifyHS384(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ return builtinJWTVerifyHS(bctx, operands, sha512.New384, iter)
+}
- return iter(ast.NewTerm(ast.Boolean(hmac.Equal([]byte(signature), mac.Sum(nil)))))
+// Implements HS512 JWT signature verification
+func builtinJWTVerifyHS512(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ return builtinJWTVerifyHS(bctx, operands, sha512.New, iter)
}
-// Implements HS384 JWT signature verification
-func builtinJWTVerifyHS384(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
- // Decode the JSON Web Token
- token, err := decodeJWT(operands[0].Value)
+func builtinJWTVerifyHS(bctx BuiltinContext, operands []*ast.Term, hashF func() hash.Hash, iter func(*ast.Term) error) error {
+ jwt, err := builtins.StringOperand(operands[0].Value, 1)
if err != nil {
return err
}
@@ -454,38 +437,20 @@ func builtinJWTVerifyHS384(_ BuiltinContext, operands []*ast.Term, iter func(*as
if err != nil {
return err
}
- secret := string(astSecret)
- mac := hmac.New(sha512.New384, []byte(secret))
- _, err = mac.Write([]byte(token.header + "." + token.payload))
- if err != nil {
- return err
+ if found, _, _, valid := getTokenFromCache(bctx, jwt, astSecret); found {
+ return iter(ast.InternedBooleanTerm(valid))
}
- signature, err := token.decodeSignature()
- if err != nil {
- return err
- }
-
- return iter(ast.NewTerm(ast.Boolean(hmac.Equal([]byte(signature), mac.Sum(nil)))))
-}
-
-// Implements HS512 JWT signature verification
-func builtinJWTVerifyHS512(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
// Decode the JSON Web Token
- token, err := decodeJWT(operands[0].Value)
+ token, err := decodeJWT(jwt)
if err != nil {
return err
}
- // Process Secret input
- astSecret, err := builtins.StringOperand(operands[1].Value, 2)
- if err != nil {
- return err
- }
secret := string(astSecret)
- mac := hmac.New(sha512.New, []byte(secret))
+ mac := hmac.New(hashF, []byte(secret))
_, err = mac.Write([]byte(token.header + "." + token.payload))
if err != nil {
return err
@@ -496,7 +461,11 @@ func builtinJWTVerifyHS512(_ BuiltinContext, operands []*ast.Term, iter func(*as
return err
}
- return iter(ast.NewTerm(ast.Boolean(hmac.Equal([]byte(signature), mac.Sum(nil)))))
+ valid := hmac.Equal([]byte(signature), mac.Sum(nil))
+
+ putTokenInCache(bctx, jwt, astSecret, nil, nil, valid)
+
+ return iter(ast.InternedBooleanTerm(valid))
}
// -- Full JWT verification and decoding --
@@ -553,7 +522,7 @@ var tokenConstraintTypes = map[string]tokenConstraintHandler{
func tokenConstraintCert(value ast.Value, constraints *tokenConstraints) error {
s, ok := value.(ast.String)
if !ok {
- return fmt.Errorf("cert constraint: must be a string")
+ return errors.New("cert constraint: must be a string")
}
keys, err := getKeysFromCertOrJWK(string(s))
@@ -578,14 +547,14 @@ func tokenConstraintTime(value ast.Value, constraints *tokenConstraints) error {
func timeFromValue(value ast.Value) (float64, error) {
time, ok := value.(ast.Number)
if !ok {
- return 0, fmt.Errorf("token time constraint: must be a number")
+ return 0, errors.New("token time constraint: must be a number")
}
timeFloat, ok := time.Float64()
if !ok {
- return 0, fmt.Errorf("token time constraint: unvalid float64")
+ return 0, errors.New("token time constraint: unvalid float64")
}
if timeFloat < 0 {
- return 0, fmt.Errorf("token time constraint: must not be negative")
+ return 0, errors.New("token time constraint: must not be negative")
}
return timeFloat, nil
}
@@ -636,10 +605,10 @@ func (constraints *tokenConstraints) validate() error {
keys++
}
if keys > 1 {
- return fmt.Errorf("duplicate key constraints")
+ return errors.New("duplicate key constraints")
}
if keys < 1 {
- return fmt.Errorf("no key constraint")
+ return errors.New("no key constraint")
}
return nil
}
@@ -721,8 +690,8 @@ func (constraints *tokenConstraints) validAudience(aud ast.Value) bool {
// JWT algorithms
type (
- tokenVerifyFunction func(key interface{}, hash crypto.Hash, payload []byte, signature []byte) error
- tokenVerifyAsymmetricFunction func(key interface{}, hash crypto.Hash, digest []byte, signature []byte) error
+ tokenVerifyFunction func(key any, hash crypto.Hash, payload []byte, signature []byte) error
+ tokenVerifyAsymmetricFunction func(key any, hash crypto.Hash, digest []byte, signature []byte) error
)
// jwtAlgorithm describes a JWS 'alg' value
@@ -750,10 +719,10 @@ var tokenAlgorithms = map[string]tokenAlgorithm{
// errSignatureNotVerified is returned when a signature cannot be verified.
var errSignatureNotVerified = errors.New("signature not verified")
-func verifyHMAC(key interface{}, hash crypto.Hash, payload []byte, signature []byte) error {
+func verifyHMAC(key any, hash crypto.Hash, payload []byte, signature []byte) error {
macKey, ok := key.([]byte)
if !ok {
- return fmt.Errorf("incorrect symmetric key type")
+ return errors.New("incorrect symmetric key type")
}
mac := hmac.New(hash.New, macKey)
if _, err := mac.Write(payload); err != nil {
@@ -766,17 +735,17 @@ func verifyHMAC(key interface{}, hash crypto.Hash, payload []byte, signature []b
}
func verifyAsymmetric(verify tokenVerifyAsymmetricFunction) tokenVerifyFunction {
- return func(key interface{}, hash crypto.Hash, payload []byte, signature []byte) error {
+ return func(key any, hash crypto.Hash, payload []byte, signature []byte) error {
h := hash.New()
h.Write(payload)
return verify(key, hash, h.Sum([]byte{}), signature)
}
}
-func verifyRSAPKCS(key interface{}, hash crypto.Hash, digest []byte, signature []byte) error {
+func verifyRSAPKCS(key any, hash crypto.Hash, digest []byte, signature []byte) error {
publicKeyRsa, ok := key.(*rsa.PublicKey)
if !ok {
- return fmt.Errorf("incorrect public key type")
+ return errors.New("incorrect public key type")
}
if err := rsa.VerifyPKCS1v15(publicKeyRsa, hash, digest, signature); err != nil {
return errSignatureNotVerified
@@ -784,10 +753,10 @@ func verifyRSAPKCS(key interface{}, hash crypto.Hash, digest []byte, signature [
return nil
}
-func verifyRSAPSS(key interface{}, hash crypto.Hash, digest []byte, signature []byte) error {
+func verifyRSAPSS(key any, hash crypto.Hash, digest []byte, signature []byte) error {
publicKeyRsa, ok := key.(*rsa.PublicKey)
if !ok {
- return fmt.Errorf("incorrect public key type")
+ return errors.New("incorrect public key type")
}
if err := rsa.VerifyPSS(publicKeyRsa, hash, digest, signature, nil); err != nil {
return errSignatureNotVerified
@@ -795,7 +764,7 @@ func verifyRSAPSS(key interface{}, hash crypto.Hash, digest []byte, signature []
return nil
}
-func verifyECDSA(key interface{}, _ crypto.Hash, digest []byte, signature []byte) (err error) {
+func verifyECDSA(key any, _ crypto.Hash, digest []byte, signature []byte) (err error) {
defer func() {
if r := recover(); r != nil {
err = fmt.Errorf("ECDSA signature verification error: %v", r)
@@ -803,7 +772,7 @@ func verifyECDSA(key interface{}, _ crypto.Hash, digest []byte, signature []byte
}()
publicKeyEcdsa, ok := key.(*ecdsa.PublicKey)
if !ok {
- return fmt.Errorf("incorrect public key type")
+ return errors.New("incorrect public key type")
}
r, s := &big.Int{}, &big.Int{}
n := len(signature) / 2
@@ -852,19 +821,19 @@ var tokenHeaderTypes = map[string]tokenHeaderHandler{
func tokenHeaderCrit(header *tokenHeader, value ast.Value) error {
v, ok := value.(*ast.Array)
if !ok {
- return fmt.Errorf("crit: must be a list")
+ return errors.New("crit: must be a list")
}
header.crit = map[string]bool{}
_ = v.Iter(func(elem *ast.Term) error {
tv, ok := elem.Value.(ast.String)
if !ok {
- return fmt.Errorf("crit: must be a list of strings")
+ return errors.New("crit: must be a list of strings")
}
header.crit[string(tv)] = true
return nil
})
if len(header.crit) == 0 {
- return fmt.Errorf("crit: must be a nonempty list") // 'MUST NOT' use the empty list
+ return errors.New("crit: must be a nonempty list") // 'MUST NOT' use the empty list
}
return nil
}
@@ -923,7 +892,7 @@ func commonBuiltinJWTEncodeSign(bctx BuiltinContext, inputHeaders, jwsPayload, j
return err
}
if jwk.GetKeyTypeFromKey(key) != keys.Keys[0].GetKeyType() {
- return fmt.Errorf("JWK derived key type and keyType parameter do not match")
+ return errors.New("JWK derived key type and keyType parameter do not match")
}
standardHeaders := &jws.StandardHeaders{}
@@ -934,11 +903,11 @@ func commonBuiltinJWTEncodeSign(bctx BuiltinContext, inputHeaders, jwsPayload, j
}
alg := standardHeaders.GetAlgorithm()
if alg == jwa.Unsupported {
- return fmt.Errorf("unknown signature algorithm")
+ return errors.New("unknown signature algorithm")
}
if (standardHeaders.Type == "" || standardHeaders.Type == headerJwt) && !json.Valid([]byte(jwsPayload)) {
- return fmt.Errorf("type is JWT but payload is not JSON")
+ return errors.New("type is JWT but payload is not JSON")
}
// process payload and sign
@@ -1024,9 +993,9 @@ func builtinJWTDecodeVerify(bctx BuiltinContext, operands []*ast.Term, iter func
}
unverified := ast.ArrayTerm(
- ast.BooleanTerm(false),
- ast.NewTerm(ast.NewObject()),
- ast.NewTerm(ast.NewObject()),
+ ast.InternedBooleanTerm(false),
+ ast.InternedEmptyObject,
+ ast.InternedEmptyObject,
)
constraints, err := parseTokenConstraints(b, bctx.Time)
if err != nil {
@@ -1036,61 +1005,119 @@ func builtinJWTDecodeVerify(bctx BuiltinContext, operands []*ast.Term, iter func
return err
}
var token *JSONWebToken
- var p *ast.Term
- for {
- // RFC7519 7.2 #1-2 split into parts
- if token, err = decodeJWT(a); err != nil {
- return err
- }
- // RFC7519 7.2 #3, #4, #6
- if err := token.decodeHeader(); err != nil {
- return err
- }
- // RFC7159 7.2 #5 (and RFC7159 5.2 #5) validate header fields
- header, err := parseTokenHeader(token)
- if err != nil {
- return err
- }
- if !header.valid() {
+ var payload ast.Object
+ var header ast.Object
+
+ // FIXME: optimize
+ k, _ := b.Filter(ast.NewObject(
+ ast.Item(ast.InternedStringTerm("secret"), ast.InternedEmptyObject),
+ ast.Item(ast.InternedStringTerm("cert"), ast.InternedEmptyObject),
+ ))
+
+ if found, th, tp, validSignature := getTokenFromCache(bctx, a, k); found {
+ if !validSignature {
+ // For the given token and key(s), the signature is invalid
return iter(unverified)
}
- // Check constraints that impact signature verification.
- if constraints.alg != "" && constraints.alg != header.alg {
- return iter(unverified)
- }
- // RFC7159 7.2 #7 verify the signature
- signature, err := token.decodeSignature()
- if err != nil {
- return err
+
+ if th != nil && tp != nil {
+ header = th
+ payload = tp
+ } else {
+ // Cache entry was created by one of the other built-ins that doesn't decode header/payload
+
+ if token, err = decodeJWT(a); err != nil {
+ return err
+ }
+
+ header = token.decodedHeader
+
+ p, err := getResult(builtinBase64UrlDecode, ast.StringTerm(token.payload))
+ if err != nil {
+ return fmt.Errorf("JWT payload had invalid encoding: %v", err)
+ }
+
+ payload, err = extractJSONObject(string(p.Value.(ast.String)))
+ if err != nil {
+ return err
+ }
+
+ putTokenInCache(bctx, a, k, header, payload, true)
}
- if err := constraints.verify(header.kid, header.alg, token.header, token.payload, signature); err != nil {
- if err == errSignatureNotVerified {
+ } else {
+ var p *ast.Term
+
+ for {
+ // RFC7519 7.2 #1-2 split into parts
+ if token, err = decodeJWT(a); err != nil {
+ return err
+ }
+
+ // RFC7519 7.2 #3, #4, #6
+ if err := token.decodeHeader(); err != nil {
+ return err
+ }
+
+ // RFC7159 7.2 #5 (and RFC7159 5.2 #5) validate header fields
+ header, err := parseTokenHeader(token)
+ if err != nil {
+ return err
+ }
+
+ if !header.valid() {
return iter(unverified)
}
- return err
+
+ // Check constraints that impact signature verification.
+ if constraints.alg != "" && constraints.alg != header.alg {
+ return iter(unverified)
+ }
+
+ // RFC7159 7.2 #7 verify the signature
+ signature, err := token.decodeSignature()
+ if err != nil {
+ return err
+ }
+
+ if err := constraints.verify(header.kid, header.alg, token.header, token.payload, signature); err != nil {
+ if err == errSignatureNotVerified {
+ putTokenInCache(bctx, a, k, nil, nil, false)
+ return iter(unverified)
+ }
+ return err
+ }
+
+ // RFC7159 7.2 #9-10 decode the payload
+ p, err = getResult(builtinBase64UrlDecode, ast.StringTerm(token.payload))
+ if err != nil {
+ return fmt.Errorf("JWT payload had invalid encoding: %v", err)
+ }
+
+ // RFC7159 7.2 #8 and 5.2 cty
+ if strings.EqualFold(header.cty, headerJwt) {
+ // Nested JWT, go round again with payload as first argument
+ a = p.Value
+ continue
+ }
+
+ // Non-nested JWT (or we've reached the bottom of the nesting).
+ break
}
- // RFC7159 7.2 #9-10 decode the payload
- p, err = getResult(builtinBase64UrlDecode, ast.StringTerm(token.payload))
+
+ payload, err = extractJSONObject(string(p.Value.(ast.String)))
if err != nil {
- return fmt.Errorf("JWT payload had invalid encoding: %v", err)
- }
- // RFC7159 7.2 #8 and 5.2 cty
- if strings.ToUpper(header.cty) == headerJwt {
- // Nested JWT, go round again with payload as first argument
- a = p.Value
- continue
+ return err
}
- // Non-nested JWT (or we've reached the bottom of the nesting).
- break
- }
- payload, err := extractJSONObject(string(p.Value.(ast.String)))
- if err != nil {
- return err
+
+ header = token.decodedHeader
+
+ putTokenInCache(bctx, a, k, header, payload, true)
}
+
// Check registered claim names against constraints or environment
// RFC7159 4.1.1 iss
if constraints.iss != "" {
- if iss := payload.Get(jwtIssKey); iss != nil {
+ if iss := payload.Get(ast.InternedStringTerm("iss")); iss != nil {
issVal := string(iss.Value.(ast.String))
if constraints.iss != issVal {
return iter(unverified)
@@ -1100,7 +1127,7 @@ func builtinJWTDecodeVerify(bctx BuiltinContext, operands []*ast.Term, iter func
}
}
// RFC7159 4.1.3 aud
- if aud := payload.Get(jwtAudKey); aud != nil {
+ if aud := payload.Get(ast.InternedStringTerm("aud")); aud != nil {
if !constraints.validAudience(aud.Value) {
return iter(unverified)
}
@@ -1110,35 +1137,35 @@ func builtinJWTDecodeVerify(bctx BuiltinContext, operands []*ast.Term, iter func
}
}
// RFC7159 4.1.4 exp
- if exp := payload.Get(jwtExpKey); exp != nil {
- switch exp.Value.(type) {
+ if exp := payload.Get(ast.InternedStringTerm("exp")); exp != nil {
+ switch v := exp.Value.(type) {
case ast.Number:
// constraints.time is in nanoseconds but exp Value is in seconds
compareTime := ast.FloatNumberTerm(constraints.time / 1000000000)
- if ast.Compare(compareTime, exp.Value.(ast.Number)) != -1 {
+ if ast.Compare(compareTime, v) != -1 {
return iter(unverified)
}
default:
- return fmt.Errorf("exp value must be a number")
+ return errors.New("exp value must be a number")
}
}
// RFC7159 4.1.5 nbf
- if nbf := payload.Get(jwtNbfKey); nbf != nil {
- switch nbf.Value.(type) {
+ if nbf := payload.Get(ast.InternedStringTerm("nbf")); nbf != nil {
+ switch v := nbf.Value.(type) {
case ast.Number:
// constraints.time is in nanoseconds but nbf Value is in seconds
compareTime := ast.FloatNumberTerm(constraints.time / 1000000000)
- if ast.Compare(compareTime, nbf.Value.(ast.Number)) == -1 {
+ if ast.Compare(compareTime, v) == -1 {
return iter(unverified)
}
default:
- return fmt.Errorf("nbf value must be a number")
+ return errors.New("nbf value must be a number")
}
}
verified := ast.ArrayTerm(
- ast.BooleanTerm(true),
- ast.NewTerm(token.decodedHeader),
+ ast.InternedBooleanTerm(true),
+ ast.NewTerm(header),
ast.NewTerm(payload),
)
return iter(verified)
@@ -1191,7 +1218,7 @@ func validateJWTHeader(h string) (ast.Object, error) {
// won't support it for now.
// This code checks which kind of JWT we are dealing with according to
// RFC 7516 Section 9: https://tools.ietf.org/html/rfc7516#section-9
- if header.Get(jwtEncKey) != nil {
+ if header.Get(ast.InternedStringTerm("enc")) != nil {
return nil, errors.New("JWT is a JWE object, which is not supported")
}
@@ -1226,7 +1253,63 @@ func getInputSHA(input []byte, h func() hash.Hash) []byte {
return hasher.Sum(nil)
}
+type jwtCacheEntry struct {
+ payload ast.Object
+ header ast.Object
+ validSignature bool
+}
+
+const tokenCacheName = "io_jwt"
+
+func getTokenFromCache(bctx BuiltinContext, serializedJwt ast.Value, publicKey ast.Value) (bool, ast.Object, ast.Object, bool) {
+ if bctx.InterQueryBuiltinValueCache == nil {
+ return false, nil, nil, false
+ }
+
+ c := bctx.InterQueryBuiltinValueCache.GetCache(tokenCacheName)
+ if c == nil {
+ return false, nil, nil, false
+ }
+
+ key := createTokenCacheKey(serializedJwt, publicKey)
+
+ entry, ok := c.Get(key)
+ if !ok {
+ return false, nil, nil, false
+ }
+
+ if jwtEntry, ok := entry.(jwtCacheEntry); ok {
+ return true, jwtEntry.header, jwtEntry.payload, jwtEntry.validSignature
+ }
+
+ return false, nil, nil, false
+}
+
+func putTokenInCache(bctx BuiltinContext, serializedJwt ast.Value, publicKey ast.Value, header ast.Object, payload ast.Object, validSignature bool) {
+ if bctx.InterQueryBuiltinValueCache == nil {
+ return
+ }
+
+ c := bctx.InterQueryBuiltinValueCache.GetCache(tokenCacheName)
+ if c == nil {
+ return
+ }
+
+ key := createTokenCacheKey(serializedJwt, publicKey)
+
+ c.Insert(key, jwtCacheEntry{header: header, payload: payload, validSignature: validSignature})
+}
+
+func createTokenCacheKey(serializedJwt ast.Value, publicKey ast.Value) ast.Value {
+ // We need to create a key that is unique to the serialized JWT (for lookup) and the public key used to verify it,
+ // so that we don't get a misleading cached validation result for a different, invalid key.
+ return ast.NewArray(ast.NewTerm(serializedJwt), ast.NewTerm(publicKey))
+}
+
func init() {
+ // By default, the JWT cache is disabled.
+ cache.RegisterDefaultInterQueryBuiltinValueCacheConfig(tokenCacheName, nil)
+
RegisterBuiltinFunc(ast.JWTDecode.Name, builtinJWTDecode)
RegisterBuiltinFunc(ast.JWTVerifyRS256.Name, builtinJWTVerifyRS256)
RegisterBuiltinFunc(ast.JWTVerifyRS384.Name, builtinJWTVerifyRS384)
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/trace.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/trace.go
new file mode 100644
index 0000000000..4133935fb9
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/trace.go
@@ -0,0 +1,895 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import (
+ "bytes"
+ "fmt"
+ "io"
+ "slices"
+ "strings"
+
+ iStrs "github.com/open-policy-agent/opa/internal/strings"
+
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
+)
+
+const (
+ minLocationWidth = 5 // len("query")
+ maxIdealLocationWidth = 64
+ columnPadding = 4
+ maxExprVarWidth = 32
+ maxPrettyExprVarWidth = 64
+)
+
+// Op defines the types of tracing events.
+type Op string
+
+const (
+ // EnterOp is emitted when a new query is about to be evaluated.
+ EnterOp Op = "Enter"
+
+ // ExitOp is emitted when a query has evaluated to true.
+ ExitOp Op = "Exit"
+
+ // EvalOp is emitted when an expression is about to be evaluated.
+ EvalOp Op = "Eval"
+
+ // RedoOp is emitted when an expression, rule, or query is being re-evaluated.
+ RedoOp Op = "Redo"
+
+ // SaveOp is emitted when an expression is saved instead of evaluated
+ // during partial evaluation.
+ SaveOp Op = "Save"
+
+ // FailOp is emitted when an expression evaluates to false.
+ FailOp Op = "Fail"
+
+ // DuplicateOp is emitted when a query has produced a duplicate value. The search
+ // will stop at the point where the duplicate was emitted and backtrack.
+ DuplicateOp Op = "Duplicate"
+
+ // NoteOp is emitted when an expression invokes a tracing built-in function.
+ NoteOp Op = "Note"
+
+ // IndexOp is emitted during an expression evaluation to represent lookup
+ // matches.
+ IndexOp Op = "Index"
+
+ // WasmOp is emitted when resolving a ref using an external
+ // Resolver.
+ WasmOp Op = "Wasm"
+
+ // UnifyOp is emitted when two terms are unified. Node will be set to an
+ // equality expression with the two terms. This Node will not have location
+ // info.
+ UnifyOp Op = "Unify"
+ FailedAssertionOp Op = "FailedAssertion"
+)
+
+// VarMetadata provides some user facing information about
+// a variable in some policy.
+type VarMetadata struct {
+ Name ast.Var `json:"name"`
+ Location *ast.Location `json:"location"`
+}
+
+// Event contains state associated with a tracing event.
+type Event struct {
+ Op Op // Identifies type of event.
+ Node ast.Node // Contains AST node relevant to the event.
+ Location *ast.Location // The location of the Node this event relates to.
+ QueryID uint64 // Identifies the query this event belongs to.
+ ParentID uint64 // Identifies the parent query this event belongs to.
+ Locals *ast.ValueMap // Contains local variable bindings from the query context. Nil if variables were not included in the trace event.
+ LocalMetadata map[ast.Var]VarMetadata // Contains metadata for the local variable bindings. Nil if variables were not included in the trace event.
+ Message string // Contains message for Note events.
+ Ref *ast.Ref // Identifies the subject ref for the event. Only applies to Index and Wasm operations.
+
+ input *ast.Term
+ bindings *bindings
+ localVirtualCacheSnapshot *ast.ValueMap
+}
+
+func (evt *Event) WithInput(input *ast.Term) *Event {
+ evt.input = input
+ return evt
+}
+
+// HasRule returns true if the Event contains an ast.Rule.
+func (evt *Event) HasRule() bool {
+ _, ok := evt.Node.(*ast.Rule)
+ return ok
+}
+
+// HasBody returns true if the Event contains an ast.Body.
+func (evt *Event) HasBody() bool {
+ _, ok := evt.Node.(ast.Body)
+ return ok
+}
+
+// HasExpr returns true if the Event contains an ast.Expr.
+func (evt *Event) HasExpr() bool {
+ _, ok := evt.Node.(*ast.Expr)
+ return ok
+}
+
+// Equal returns true if this event is equal to the other event.
+func (evt *Event) Equal(other *Event) bool {
+ if evt.Op != other.Op {
+ return false
+ }
+ if evt.QueryID != other.QueryID {
+ return false
+ }
+ if evt.ParentID != other.ParentID {
+ return false
+ }
+ if !evt.equalNodes(other) {
+ return false
+ }
+ return evt.Locals.Equal(other.Locals)
+}
+
+func (evt *Event) String() string {
+ return fmt.Sprintf("%v %v %v (qid=%v, pqid=%v)", evt.Op, evt.Node, evt.Locals, evt.QueryID, evt.ParentID)
+}
+
+// Input returns the input object as it was at the event.
+func (evt *Event) Input() *ast.Term {
+ return evt.input
+}
+
+// Plug plugs event bindings into the provided ast.Term. Because bindings are mutable, this only makes sense to do when
+// the event is emitted rather than on recorded trace events as the bindings are going to be different by then.
+func (evt *Event) Plug(term *ast.Term) *ast.Term {
+ return evt.bindings.Plug(term)
+}
+
+func (evt *Event) equalNodes(other *Event) bool {
+ switch a := evt.Node.(type) {
+ case ast.Body:
+ if b, ok := other.Node.(ast.Body); ok {
+ return a.Equal(b)
+ }
+ case *ast.Rule:
+ if b, ok := other.Node.(*ast.Rule); ok {
+ return a.Equal(b)
+ }
+ case *ast.Expr:
+ if b, ok := other.Node.(*ast.Expr); ok {
+ return a.Equal(b)
+ }
+ case nil:
+ return other.Node == nil
+ }
+ return false
+}
+
+// Tracer defines the interface for tracing in the top-down evaluation engine.
+// Deprecated: Use QueryTracer instead.
+type Tracer interface {
+ Enabled() bool
+ Trace(*Event)
+}
+
+// QueryTracer defines the interface for tracing in the top-down evaluation engine.
+// The implementation can provide additional configuration to modify the tracing
+// behavior for query evaluations.
+type QueryTracer interface {
+ Enabled() bool
+ TraceEvent(Event)
+ Config() TraceConfig
+}
+
+// TraceConfig defines some common configuration for Tracer implementations
+type TraceConfig struct {
+ PlugLocalVars bool // Indicate whether to plug local variable bindings before calling into the tracer.
+}
+
+// legacyTracer Implements the QueryTracer interface by wrapping an older Tracer instance.
+type legacyTracer struct {
+ t Tracer
+}
+
+func (l *legacyTracer) Enabled() bool {
+ return l.t.Enabled()
+}
+
+func (*legacyTracer) Config() TraceConfig {
+ return TraceConfig{
+ PlugLocalVars: true, // For backwards compatibility old tracers will plug local variables
+ }
+}
+
+func (l *legacyTracer) TraceEvent(evt Event) {
+ l.t.Trace(&evt)
+}
+
+// WrapLegacyTracer will create a new QueryTracer which wraps an
+// older Tracer instance.
+func WrapLegacyTracer(tracer Tracer) QueryTracer {
+ return &legacyTracer{t: tracer}
+}
+
+// BufferTracer implements the Tracer and QueryTracer interface by
+// simply buffering all events received.
+type BufferTracer []*Event
+
+// NewBufferTracer returns a new BufferTracer.
+func NewBufferTracer() *BufferTracer {
+ return &BufferTracer{}
+}
+
+// Enabled always returns true if the BufferTracer is instantiated.
+func (b *BufferTracer) Enabled() bool {
+ return b != nil
+}
+
+// Trace adds the event to the buffer.
+// Deprecated: Use TraceEvent instead.
+func (b *BufferTracer) Trace(evt *Event) {
+ *b = append(*b, evt)
+}
+
+// TraceEvent adds the event to the buffer.
+func (b *BufferTracer) TraceEvent(evt Event) {
+ *b = append(*b, &evt)
+}
+
+// Config returns the Tracers standard configuration
+func (*BufferTracer) Config() TraceConfig {
+ return TraceConfig{PlugLocalVars: true}
+}
+
+// PrettyTrace pretty prints the trace to the writer.
+func PrettyTrace(w io.Writer, trace []*Event) {
+ PrettyTraceWithOpts(w, trace, PrettyTraceOptions{})
+}
+
+// PrettyTraceWithLocation prints the trace to the writer and includes location information
+func PrettyTraceWithLocation(w io.Writer, trace []*Event) {
+ PrettyTraceWithOpts(w, trace, PrettyTraceOptions{Locations: true})
+}
+
+type PrettyTraceOptions struct {
+ Locations bool // Include location information
+ ExprVariables bool // Include variables found in the expression
+ LocalVariables bool // Include all local variables
+}
+
+type traceRow []string
+
+func (r *traceRow) add(s string) {
+ *r = append(*r, s)
+}
+
+type traceTable struct {
+ rows []traceRow
+ maxWidths []int
+}
+
+func (t *traceTable) add(row traceRow) {
+ t.rows = append(t.rows, row)
+ for i := range row {
+ if i >= len(t.maxWidths) {
+ t.maxWidths = append(t.maxWidths, len(row[i]))
+ } else if len(row[i]) > t.maxWidths[i] {
+ t.maxWidths[i] = len(row[i])
+ }
+ }
+}
+
+func (t *traceTable) write(w io.Writer, padding int) {
+ for _, row := range t.rows {
+ for i, cell := range row {
+ width := t.maxWidths[i] + padding
+ if i < len(row)-1 {
+ _, _ = fmt.Fprintf(w, "%-*s ", width, cell)
+ } else {
+ _, _ = fmt.Fprintf(w, "%s", cell)
+ }
+ }
+ _, _ = fmt.Fprintln(w)
+ }
+}
+
+func PrettyTraceWithOpts(w io.Writer, trace []*Event, opts PrettyTraceOptions) {
+ depths := depths{}
+
+ // FIXME: Can we shorten each location as we process each trace event instead of beforehand?
+ filePathAliases, _ := getShortenedFileNames(trace)
+
+ table := traceTable{}
+
+ for _, event := range trace {
+ depth := depths.GetOrSet(event.QueryID, event.ParentID)
+ row := traceRow{}
+
+ if opts.Locations {
+ location := formatLocation(event, filePathAliases)
+ row.add(location)
+ }
+
+ row.add(formatEvent(event, depth))
+
+ if opts.ExprVariables {
+ vars := exprLocalVars(event)
+ keys := sortedKeys(vars)
+
+ buf := new(bytes.Buffer)
+ buf.WriteString("{")
+ for i, k := range keys {
+ if i > 0 {
+ buf.WriteString(", ")
+ }
+ _, _ = fmt.Fprintf(buf, "%v: %s", k, iStrs.Truncate(vars.Get(k).String(), maxExprVarWidth))
+ }
+ buf.WriteString("}")
+ row.add(buf.String())
+ }
+
+ if opts.LocalVariables {
+ if locals := event.Locals; locals != nil {
+ keys := sortedKeys(locals)
+
+ buf := new(bytes.Buffer)
+ buf.WriteString("{")
+ for i, k := range keys {
+ if i > 0 {
+ buf.WriteString(", ")
+ }
+ _, _ = fmt.Fprintf(buf, "%v: %s", k, iStrs.Truncate(locals.Get(k).String(), maxExprVarWidth))
+ }
+ buf.WriteString("}")
+ row.add(buf.String())
+ } else {
+ row.add("{}")
+ }
+ }
+
+ table.add(row)
+ }
+
+ table.write(w, columnPadding)
+}
+
+func sortedKeys(vm *ast.ValueMap) []ast.Value {
+ keys := make([]ast.Value, 0, vm.Len())
+ vm.Iter(func(k, _ ast.Value) bool {
+ keys = append(keys, k)
+ return false
+ })
+ slices.SortFunc(keys, func(a, b ast.Value) int {
+ return strings.Compare(a.String(), b.String())
+ })
+ return keys
+}
+
+func exprLocalVars(e *Event) *ast.ValueMap {
+ vars := ast.NewValueMap()
+
+ findVars := func(term *ast.Term) bool {
+ if name, ok := term.Value.(ast.Var); ok {
+ if meta, ok := e.LocalMetadata[name]; ok {
+ if val := e.Locals.Get(name); val != nil {
+ vars.Put(meta.Name, val)
+ }
+ }
+ }
+ return false
+ }
+
+ if r, ok := e.Node.(*ast.Rule); ok {
+ // We're only interested in vars in the head, not the body
+ ast.WalkTerms(r.Head, findVars)
+ return vars
+ }
+
+ // The local cache snapshot only contains a snapshot for those refs present in the event node,
+ // so they can all be added to the vars map.
+ e.localVirtualCacheSnapshot.Iter(func(k, v ast.Value) bool {
+ vars.Put(k, v)
+ return false
+ })
+
+ ast.WalkTerms(e.Node, findVars)
+
+ return vars
+}
+
+func formatEvent(event *Event, depth int) string {
+ padding := formatEventPadding(event, depth)
+ if event.Op == NoteOp {
+ return fmt.Sprintf("%v%v %q", padding, event.Op, event.Message)
+ }
+
+ var details any
+ if node, ok := event.Node.(*ast.Rule); ok {
+ details = node.Path()
+ } else if event.Ref != nil {
+ details = event.Ref
+ } else {
+ details = rewrite(event).Node
+ }
+
+ template := "%v%v %v"
+ opts := []any{padding, event.Op, details}
+
+ if event.Message != "" {
+ template += " %v"
+ opts = append(opts, event.Message)
+ }
+
+ return fmt.Sprintf(template, opts...)
+}
+
+func formatEventPadding(event *Event, depth int) string {
+ spaces := formatEventSpaces(event, depth)
+ if spaces > 1 {
+ return strings.Repeat("| ", spaces-1)
+ }
+ return ""
+}
+
+func formatEventSpaces(event *Event, depth int) int {
+ switch event.Op {
+ case EnterOp:
+ return depth
+ case RedoOp:
+ if _, ok := event.Node.(*ast.Expr); !ok {
+ return depth
+ }
+ }
+ return depth + 1
+}
+
+// getShortenedFileNames will return a map of file paths to shortened aliases
+// that were found in the trace. It also returns the longest location expected
+func getShortenedFileNames(trace []*Event) (map[string]string, int) {
+ // Get a deduplicated list of all file paths
+ // and the longest file path size
+ fpAliases := map[string]string{}
+ var canShorten []string
+ longestLocation := 0
+ for _, event := range trace {
+ if event.Location != nil {
+ if event.Location.File != "" {
+ // length of ":"
+ curLen := len(event.Location.File) + numDigits10(event.Location.Row) + 1
+ if curLen > longestLocation {
+ longestLocation = curLen
+ }
+
+ if _, ok := fpAliases[event.Location.File]; ok {
+ continue
+ }
+
+ canShorten = append(canShorten, event.Location.File)
+
+ // Default to just alias their full path
+ fpAliases[event.Location.File] = event.Location.File
+ } else {
+ // length of ":"
+ curLen := minLocationWidth + numDigits10(event.Location.Row) + 1
+ if curLen > longestLocation {
+ longestLocation = curLen
+ }
+ }
+ }
+ }
+
+ if len(canShorten) > 0 && longestLocation > maxIdealLocationWidth {
+ fpAliases, longestLocation = iStrs.TruncateFilePaths(maxIdealLocationWidth, longestLocation, canShorten...)
+ }
+
+ return fpAliases, longestLocation
+}
+
+func numDigits10(n int) int {
+ if n < 10 {
+ return 1
+ }
+ return numDigits10(n/10) + 1
+}
+
+func formatLocation(event *Event, fileAliases map[string]string) string {
+
+ location := event.Location
+ if location == nil {
+ return ""
+ }
+
+ if location.File == "" {
+ return fmt.Sprintf("query:%v", location.Row)
+ }
+
+ return fmt.Sprintf("%v:%v", fileAliases[location.File], location.Row)
+}
+
+// depths is a helper for computing the depth of an event. Events within the
+// same query all have the same depth. The depth of query is
+// depth(parent(query))+1.
+type depths map[uint64]int
+
+func (ds depths) GetOrSet(qid uint64, pqid uint64) int {
+ depth := ds[qid]
+ if depth == 0 {
+ depth = ds[pqid]
+ depth++
+ ds[qid] = depth
+ }
+ return depth
+}
+
+func builtinTrace(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+
+ str, err := builtins.StringOperand(operands[0].Value, 1)
+ if err != nil {
+ return handleBuiltinErr(ast.Trace.Name, bctx.Location, err)
+ }
+
+ if !bctx.TraceEnabled {
+ return iter(ast.InternedBooleanTerm(true))
+ }
+
+ evt := Event{
+ Op: NoteOp,
+ Location: bctx.Location,
+ QueryID: bctx.QueryID,
+ ParentID: bctx.ParentID,
+ Message: string(str),
+ }
+
+ for i := range bctx.QueryTracers {
+ bctx.QueryTracers[i].TraceEvent(evt)
+ }
+
+ return iter(ast.InternedBooleanTerm(true))
+}
+
+func rewrite(event *Event) *Event {
+
+ cpy := *event
+
+ var node ast.Node
+
+ switch v := event.Node.(type) {
+ case *ast.Expr:
+ expr := v.Copy()
+
+ // Hide generated local vars in 'key' position that have not been
+ // rewritten.
+ if ev, ok := v.Terms.(*ast.Every); ok {
+ if kv, ok := ev.Key.Value.(ast.Var); ok {
+ if rw, ok := cpy.LocalMetadata[kv]; !ok || rw.Name.IsGenerated() {
+ expr.Terms.(*ast.Every).Key = nil
+ }
+ }
+ }
+ node = expr
+ case ast.Body:
+ node = v.Copy()
+ case *ast.Rule:
+ node = v.Copy()
+ }
+
+ _, _ = ast.TransformVars(node, func(v ast.Var) (ast.Value, error) {
+ if meta, ok := cpy.LocalMetadata[v]; ok {
+ return meta.Name, nil
+ }
+ return v, nil
+ })
+
+ cpy.Node = node
+
+ return &cpy
+}
+
+type varInfo struct {
+ VarMetadata
+ val ast.Value
+ exprLoc *ast.Location
+ col int // 0-indexed column
+}
+
+func (v varInfo) Value() string {
+ if v.val != nil {
+ return v.val.String()
+ }
+ return "undefined"
+}
+
+func (v varInfo) Title() string {
+ if v.exprLoc != nil && v.exprLoc.Text != nil {
+ return string(v.exprLoc.Text)
+ }
+ return string(v.Name)
+}
+
+func padLocationText(loc *ast.Location) string {
+ if loc == nil {
+ return ""
+ }
+
+ text := string(loc.Text)
+
+ if loc.Col == 0 {
+ return text
+ }
+
+ buf := new(bytes.Buffer)
+ j := 0
+ for i := 1; i < loc.Col; i++ {
+ if len(loc.Tabs) > 0 && j < len(loc.Tabs) && loc.Tabs[j] == i {
+ buf.WriteString("\t")
+ j++
+ } else {
+ buf.WriteString(" ")
+ }
+ }
+
+ buf.WriteString(text)
+ return buf.String()
+}
+
+type PrettyEventOpts struct {
+ PrettyVars bool
+}
+
+func walkTestTerms(x any, f func(*ast.Term) bool) {
+ var vis *ast.GenericVisitor
+ vis = ast.NewGenericVisitor(func(x any) bool {
+ switch x := x.(type) {
+ case ast.Call:
+ for _, t := range x[1:] {
+ vis.Walk(t)
+ }
+ return true
+ case *ast.Expr:
+ if x.IsCall() {
+ for _, o := range x.Operands() {
+ vis.Walk(o)
+ }
+ for i := range x.With {
+ vis.Walk(x.With[i])
+ }
+ return true
+ }
+ case *ast.Term:
+ return f(x)
+ case *ast.With:
+ vis.Walk(x.Value)
+ return true
+ }
+ return false
+ })
+ vis.Walk(x)
+}
+
+func PrettyEvent(w io.Writer, e *Event, opts PrettyEventOpts) error {
+ if !opts.PrettyVars {
+ _, _ = fmt.Fprintln(w, padLocationText(e.Location))
+ return nil
+ }
+
+ buf := new(bytes.Buffer)
+ exprVars := map[string]varInfo{}
+
+ findVars := func(unknownAreUndefined bool) func(term *ast.Term) bool {
+ return func(term *ast.Term) bool {
+ if term.Location == nil {
+ return false
+ }
+
+ switch v := term.Value.(type) {
+ case *ast.ArrayComprehension, *ast.SetComprehension, *ast.ObjectComprehension:
+ // we don't report on the internals of a comprehension, as it's already evaluated, and we won't have the local vars.
+ return true
+ case ast.Var:
+ var info *varInfo
+ if meta, ok := e.LocalMetadata[v]; ok {
+ info = &varInfo{
+ VarMetadata: meta,
+ val: e.Locals.Get(v),
+ exprLoc: term.Location,
+ }
+ } else if unknownAreUndefined {
+ info = &varInfo{
+ VarMetadata: VarMetadata{Name: v},
+ exprLoc: term.Location,
+ col: term.Location.Col,
+ }
+ }
+
+ if info != nil {
+ if v, exists := exprVars[info.Title()]; !exists || v.val == nil {
+ if term.Location != nil {
+ info.col = term.Location.Col
+ }
+ exprVars[info.Title()] = *info
+ }
+ }
+ }
+ return false
+ }
+ }
+
+ expr, ok := e.Node.(*ast.Expr)
+ if !ok || expr == nil {
+ return nil
+ }
+
+ base := expr.BaseCogeneratedExpr()
+ exprText := padLocationText(base.Location)
+ buf.WriteString(exprText)
+
+ e.localVirtualCacheSnapshot.Iter(func(k, v ast.Value) bool {
+ var info *varInfo
+ switch k := k.(type) {
+ case ast.Ref:
+ info = &varInfo{
+ VarMetadata: VarMetadata{Name: ast.Var(k.String())},
+ val: v,
+ exprLoc: k[0].Location,
+ col: k[0].Location.Col,
+ }
+ case *ast.ArrayComprehension:
+ info = &varInfo{
+ VarMetadata: VarMetadata{Name: ast.Var(k.String())},
+ val: v,
+ exprLoc: k.Term.Location,
+ col: k.Term.Location.Col,
+ }
+ case *ast.SetComprehension:
+ info = &varInfo{
+ VarMetadata: VarMetadata{Name: ast.Var(k.String())},
+ val: v,
+ exprLoc: k.Term.Location,
+ col: k.Term.Location.Col,
+ }
+ case *ast.ObjectComprehension:
+ info = &varInfo{
+ VarMetadata: VarMetadata{Name: ast.Var(k.String())},
+ val: v,
+ exprLoc: k.Key.Location,
+ col: k.Key.Location.Col,
+ }
+ }
+
+ if info != nil {
+ exprVars[info.Title()] = *info
+ }
+
+ return false
+ })
+
+ // If the expression is negated, we can't confidently assert that vars with unknown values are 'undefined',
+ // since the compiler might have opted out of the necessary rewrite.
+ walkTestTerms(expr, findVars(!expr.Negated))
+ coExprs := expr.CogeneratedExprs()
+ for _, coExpr := range coExprs {
+ // Only the current "co-expr" can have undefined vars, if we don't know the value for a var in any other co-expr,
+ // it's unknown, not undefined. A var can be unknown if it hasn't been assigned a value yet, because the co-expr
+ // hasn't been evaluated yet (the fail happened before it).
+ walkTestTerms(coExpr, findVars(false))
+ }
+
+ printPrettyVars(buf, exprVars)
+ _, _ = fmt.Fprint(w, buf.String())
+ return nil
+}
+
+func printPrettyVars(w *bytes.Buffer, exprVars map[string]varInfo) {
+ containsTabs := false
+ varRows := make(map[int]any)
+ for _, info := range exprVars {
+ if len(info.exprLoc.Tabs) > 0 {
+ containsTabs = true
+ }
+ varRows[info.exprLoc.Row] = nil
+ }
+
+ if containsTabs && len(varRows) > 1 {
+ // We can't (currently) reliably point to var locations when they are on different rows that contain tabs.
+ // So we'll just print them in alphabetical order instead.
+ byName := make([]varInfo, 0, len(exprVars))
+ for _, info := range exprVars {
+ byName = append(byName, info)
+ }
+ slices.SortStableFunc(byName, func(a, b varInfo) int {
+ return strings.Compare(a.Title(), b.Title())
+ })
+
+ w.WriteString("\n\nWhere:\n")
+ for _, info := range byName {
+ w.WriteString(fmt.Sprintf("\n%s: %s", info.Title(), iStrs.Truncate(info.Value(), maxPrettyExprVarWidth)))
+ }
+
+ return
+ }
+
+ byCol := make([]varInfo, 0, len(exprVars))
+ for _, info := range exprVars {
+ byCol = append(byCol, info)
+ }
+ slices.SortFunc(byCol, func(a, b varInfo) int {
+ // sort first by column, then by reverse row (to present vars in the same order they appear in the expr)
+ if a.col == b.col {
+ if a.exprLoc.Row == b.exprLoc.Row {
+ return strings.Compare(a.Title(), b.Title())
+ }
+ return b.exprLoc.Row - a.exprLoc.Row
+ }
+ return a.col - b.col
+ })
+
+ if len(byCol) == 0 {
+ return
+ }
+
+ w.WriteString("\n")
+ printArrows(w, byCol, -1)
+ for i := len(byCol) - 1; i >= 0; i-- {
+ w.WriteString("\n")
+ printArrows(w, byCol, i)
+ }
+}
+
+func printArrows(w *bytes.Buffer, l []varInfo, printValueAt int) {
+ prevCol := 0
+ var slice []varInfo
+ if printValueAt >= 0 {
+ slice = l[:printValueAt+1]
+ } else {
+ slice = l
+ }
+ isFirst := true
+ for i, info := range slice {
+
+ isLast := i >= len(slice)-1
+ col := info.col
+
+ if !isLast && col == l[i+1].col {
+ // We're sharing the same column with another, subsequent var
+ continue
+ }
+
+ spaces := col - 1
+ if i > 0 && !isFirst {
+ spaces = (col - prevCol) - 1
+ }
+
+ for j := range spaces {
+ tab := false
+ if slices.Contains(info.exprLoc.Tabs, j+prevCol+1) {
+ w.WriteString("\t")
+ tab = true
+ }
+ if !tab {
+ w.WriteString(" ")
+ }
+ }
+
+ if isLast && printValueAt >= 0 {
+ valueStr := iStrs.Truncate(info.Value(), maxPrettyExprVarWidth)
+ if (i > 0 && col == l[i-1].col) || (i < len(l)-1 && col == l[i+1].col) {
+ // There is another var on this column, so we need to include the name to differentiate them.
+ w.WriteString(fmt.Sprintf("%s: %s", info.Title(), valueStr))
+ } else {
+ w.WriteString(valueStr)
+ }
+ } else {
+ w.WriteString("|")
+ }
+ prevCol = col
+ isFirst = false
+ }
+}
+
+func init() {
+ RegisterBuiltinFunc(ast.Trace.Name, builtinTrace)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/type.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/type.go
similarity index 71%
rename from vendor/github.com/open-policy-agent/opa/topdown/type.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/type.go
index dab5c853cd..6103fbe484 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/type.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/type.go
@@ -5,69 +5,69 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
)
func builtinIsNumber(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch operands[0].Value.(type) {
case ast.Number:
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
default:
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
}
func builtinIsString(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch operands[0].Value.(type) {
case ast.String:
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
default:
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
}
func builtinIsBoolean(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch operands[0].Value.(type) {
case ast.Boolean:
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
default:
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
}
func builtinIsArray(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch operands[0].Value.(type) {
case *ast.Array:
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
default:
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
}
func builtinIsSet(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch operands[0].Value.(type) {
case ast.Set:
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
default:
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
}
func builtinIsObject(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch operands[0].Value.(type) {
case ast.Object:
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
default:
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
}
func builtinIsNull(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch operands[0].Value.(type) {
case ast.Null:
- return iter(ast.BooleanTerm(true))
+ return iter(ast.InternedBooleanTerm(true))
default:
- return iter(ast.BooleanTerm(false))
+ return iter(ast.InternedBooleanTerm(false))
}
}
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/type_name.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/type_name.go
similarity index 55%
rename from vendor/github.com/open-policy-agent/opa/topdown/type_name.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/type_name.go
index 0a8b44aed3..37e82ff77b 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/type_name.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/type_name.go
@@ -5,30 +5,30 @@
package topdown
import (
- "fmt"
+ "errors"
- "github.com/open-policy-agent/opa/ast"
+ "github.com/open-policy-agent/opa/v1/ast"
)
func builtinTypeName(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
switch operands[0].Value.(type) {
case ast.Null:
- return iter(ast.StringTerm("null"))
+ return iter(ast.InternedStringTerm("null"))
case ast.Boolean:
- return iter(ast.StringTerm("boolean"))
+ return iter(ast.InternedStringTerm("boolean"))
case ast.Number:
- return iter(ast.StringTerm("number"))
+ return iter(ast.InternedStringTerm("number"))
case ast.String:
- return iter(ast.StringTerm("string"))
+ return iter(ast.InternedStringTerm("string"))
case *ast.Array:
- return iter(ast.StringTerm("array"))
+ return iter(ast.InternedStringTerm("array"))
case ast.Object:
- return iter(ast.StringTerm("object"))
+ return iter(ast.InternedStringTerm("object"))
case ast.Set:
- return iter(ast.StringTerm("set"))
+ return iter(ast.InternedStringTerm("set"))
}
- return fmt.Errorf("illegal value")
+ return errors.New("illegal value")
}
func init() {
diff --git a/vendor/github.com/open-policy-agent/opa/topdown/uuid.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/uuid.go
similarity index 89%
rename from vendor/github.com/open-policy-agent/opa/topdown/uuid.go
rename to vendor/github.com/open-policy-agent/opa/v1/topdown/uuid.go
index d3a7a5f900..141fb908bd 100644
--- a/vendor/github.com/open-policy-agent/opa/topdown/uuid.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/uuid.go
@@ -5,9 +5,9 @@
package topdown
import (
- "github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/internal/uuid"
- "github.com/open-policy-agent/opa/topdown/builtins"
+ "github.com/open-policy-agent/opa/v1/ast"
+ "github.com/open-policy-agent/opa/v1/topdown/builtins"
)
type uuidCachingKey string
@@ -26,7 +26,7 @@ func builtinUUIDRFC4122(bctx BuiltinContext, operands []*ast.Term, iter func(*as
return err
}
- result := ast.NewTerm(ast.String(s))
+ result := ast.StringTerm(s)
bctx.Cache.Put(key, result)
return iter(result)
diff --git a/vendor/github.com/open-policy-agent/opa/v1/topdown/walk.go b/vendor/github.com/open-policy-agent/opa/v1/topdown/walk.go
new file mode 100644
index 0000000000..b85076ac92
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/topdown/walk.go
@@ -0,0 +1,154 @@
+// Copyright 2017 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package topdown
+
+import (
+ "github.com/open-policy-agent/opa/v1/ast"
+)
+
+func evalWalk(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+ input := operands[0]
+
+ if pathIsWildcard(operands) {
+ // When the path assignment is a wildcard: walk(input, [_, value])
+ // we may skip the path construction entirely, and simply return
+ // same pointer in each iteration. This is a *much* more efficient
+ // path when only the values are needed.
+ return walkNoPath(ast.ArrayTerm(ast.InternedEmptyArray, input), iter)
+ }
+
+ filter := getOutputPath(operands)
+ return walk(filter, nil, input, iter)
+}
+
+func walk(filter, path *ast.Array, input *ast.Term, iter func(*ast.Term) error) error {
+ if filter == nil || filter.Len() == 0 {
+ var pathCopy *ast.Array
+ if path == nil {
+ pathCopy = ast.InternedEmptyArrayValue
+ } else {
+ // Shallow copy, as while the array is modified, the elements are not
+ pathCopy = path.Slice(0, path.Len())
+ }
+
+ // TODO(ae): I'd *really* like these terms to be retrieved from a sync.Pool, and
+ // returned after iter is called. However, all my atttempts to do this have failed
+ // as there seems to be something holding on to these references after the call,
+ // leading to modifications that entirely alter the results. Perhaps this is not
+ // possible to do, but if it is,it would be a huge performance win.
+ if err := iter(ast.ArrayTerm(ast.NewTerm(pathCopy), input)); err != nil {
+ return err
+ }
+ }
+
+ if filter != nil && filter.Len() > 0 {
+ key := filter.Elem(0)
+ filter = filter.Slice(1, -1)
+ if key.IsGround() {
+ if term := input.Get(key); term != nil {
+ path = pathAppend(path, key)
+ return walk(filter, path, term, iter)
+ }
+ return nil
+ }
+ }
+
+ switch v := input.Value.(type) {
+ case *ast.Array:
+ for i := range v.Len() {
+ if err := walk(filter, pathAppend(path, ast.InternedIntNumberTerm(i)), v.Elem(i), iter); err != nil {
+ return err
+ }
+ }
+ case ast.Object:
+ for _, k := range v.Keys() {
+ if err := walk(filter, pathAppend(path, k), v.Get(k), iter); err != nil {
+ return err
+ }
+ }
+ case ast.Set:
+ for _, elem := range v.Slice() {
+ if err := walk(filter, pathAppend(path, elem), elem, iter); err != nil {
+ return err
+ }
+ }
+ }
+
+ return nil
+}
+
+func walkNoPath(input *ast.Term, iter func(*ast.Term) error) error {
+ // Note: the path array is embedded in the input from the start here
+ // in order to avoid an extra allocation per iteration. This leads to
+ // a little convoluted code below in order to extract and set the value,
+ // but since walk is commonly used to traverse large data structures,
+ // the performance gain is worth it.
+ if err := iter(input); err != nil {
+ return err
+ }
+
+ inputArray := input.Value.(*ast.Array)
+ value := inputArray.Get(ast.InternedIntNumberTerm(1)).Value
+
+ switch v := value.(type) {
+ case ast.Object:
+ for _, k := range v.Keys() {
+ inputArray.Set(1, v.Get(k))
+ if err := walkNoPath(input, iter); err != nil {
+ return err
+ }
+ }
+ case *ast.Array:
+ for i := range v.Len() {
+ inputArray.Set(1, v.Elem(i))
+ if err := walkNoPath(input, iter); err != nil {
+ return err
+ }
+ }
+ case ast.Set:
+ for _, elem := range v.Slice() {
+ inputArray.Set(1, elem)
+ if err := walkNoPath(input, iter); err != nil {
+ return err
+ }
+ }
+ }
+
+ return nil
+}
+
+func pathAppend(path *ast.Array, key *ast.Term) *ast.Array {
+ if path == nil {
+ return ast.NewArray(key)
+ }
+
+ return path.Append(key)
+}
+
+func getOutputPath(operands []*ast.Term) *ast.Array {
+ if len(operands) == 2 {
+ if arr, ok := operands[1].Value.(*ast.Array); ok && arr.Len() == 2 {
+ if path, ok := arr.Elem(0).Value.(*ast.Array); ok {
+ return path
+ }
+ }
+ }
+ return nil
+}
+
+func pathIsWildcard(operands []*ast.Term) bool {
+ if len(operands) == 2 {
+ if arr, ok := operands[1].Value.(*ast.Array); ok && arr.Len() == 2 {
+ if v, ok := arr.Elem(0).Value.(ast.Var); ok {
+ return v.IsWildcard()
+ }
+ }
+ }
+ return false
+}
+
+func init() {
+ RegisterBuiltinFunc(ast.WalkBuiltin.Name, evalWalk)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/tracing/tracing.go b/vendor/github.com/open-policy-agent/opa/v1/tracing/tracing.go
similarity index 96%
rename from vendor/github.com/open-policy-agent/opa/tracing/tracing.go
rename to vendor/github.com/open-policy-agent/opa/v1/tracing/tracing.go
index 2708b78e29..df2fb434a6 100644
--- a/vendor/github.com/open-policy-agent/opa/tracing/tracing.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/tracing/tracing.go
@@ -11,10 +11,10 @@ package tracing
import "net/http"
// Options are options for the HTTPTracingService, passed along as-is.
-type Options []interface{}
+type Options []any
// NewOptions is a helper method for constructing `tracing.Options`
-func NewOptions(opts ...interface{}) Options {
+func NewOptions(opts ...any) Options {
return opts
}
diff --git a/vendor/github.com/open-policy-agent/opa/types/decode.go b/vendor/github.com/open-policy-agent/opa/v1/types/decode.go
similarity index 96%
rename from vendor/github.com/open-policy-agent/opa/types/decode.go
rename to vendor/github.com/open-policy-agent/opa/v1/types/decode.go
index a6bd9ea030..367b64bffb 100644
--- a/vendor/github.com/open-policy-agent/opa/types/decode.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/types/decode.go
@@ -8,7 +8,7 @@ import (
"encoding/json"
"fmt"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/util"
)
const (
@@ -31,13 +31,13 @@ func Unmarshal(bs []byte) (result Type, err error) {
if err = util.UnmarshalJSON(bs, &hint); err == nil {
switch hint.Type {
case typeNull:
- result = NewNull()
+ result = Nl
case typeBoolean:
- result = NewBoolean()
+ result = B
case typeNumber:
- result = NewNumber()
+ result = N
case typeString:
- result = NewString()
+ result = S
case typeArray:
var arr rawarray
if err = util.UnmarshalJSON(bs, &arr); err == nil {
@@ -131,7 +131,7 @@ type rawobject struct {
}
type rawstaticproperty struct {
- Key interface{} `json:"key"`
+ Key any `json:"key"`
Value json.RawMessage `json:"value"`
}
diff --git a/vendor/github.com/open-policy-agent/opa/types/types.go b/vendor/github.com/open-policy-agent/opa/v1/types/types.go
similarity index 91%
rename from vendor/github.com/open-policy-agent/opa/types/types.go
rename to vendor/github.com/open-policy-agent/opa/v1/types/types.go
index 2a050927dd..f8d7db1ef0 100644
--- a/vendor/github.com/open-policy-agent/opa/types/types.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/types/types.go
@@ -8,11 +8,13 @@ package types
import (
"encoding/json"
+ "errors"
"fmt"
+ "slices"
"sort"
"strings"
- "github.com/open-policy-agent/opa/util"
+ "github.com/open-policy-agent/opa/v1/util"
)
// Sprint returns the string representation of the type.
@@ -48,6 +50,8 @@ func NewNull() Null {
return Null{}
}
+var Nl Type = NewNull()
+
// NamedType represents a type alias with an arbitrary name and description.
// This is useful for generating documentation for built-in functions.
type NamedType struct {
@@ -58,12 +62,12 @@ type NamedType struct {
func (n *NamedType) typeMarker() string { return n.Type.typeMarker() }
func (n *NamedType) String() string { return n.Name + ": " + n.Type.String() }
func (n *NamedType) MarshalJSON() ([]byte, error) {
- var obj map[string]interface{}
+ var obj map[string]any
switch x := n.Type.(type) {
- case interface{ toMap() map[string]interface{} }:
+ case interface{ toMap() map[string]any }:
obj = x.toMap()
default:
- obj = map[string]interface{}{
+ obj = map[string]any{
"type": n.Type.typeMarker(),
}
}
@@ -91,7 +95,7 @@ func Named(name string, t Type) *NamedType {
// MarshalJSON returns the JSON encoding of t.
func (t Null) MarshalJSON() ([]byte, error) {
- return json.Marshal(map[string]interface{}{
+ return json.Marshal(map[string]any{
"type": t.typeMarker(),
})
}
@@ -105,7 +109,7 @@ func unwrap(t Type) Type {
}
}
-func (t Null) String() string {
+func (Null) String() string {
return typeNull
}
@@ -113,7 +117,7 @@ func (t Null) String() string {
type Boolean struct{}
// B represents an instance of the boolean type.
-var B = NewBoolean()
+var B Type = NewBoolean()
// NewBoolean returns a new Boolean type.
func NewBoolean() Boolean {
@@ -122,7 +126,7 @@ func NewBoolean() Boolean {
// MarshalJSON returns the JSON encoding of t.
func (t Boolean) MarshalJSON() ([]byte, error) {
- repr := map[string]interface{}{
+ repr := map[string]any{
"type": t.typeMarker(),
}
return json.Marshal(repr)
@@ -136,7 +140,7 @@ func (t Boolean) String() string {
type String struct{}
// S represents an instance of the string type.
-var S = NewString()
+var S Type = NewString()
// NewString returns a new String type.
func NewString() String {
@@ -145,7 +149,7 @@ func NewString() String {
// MarshalJSON returns the JSON encoding of t.
func (t String) MarshalJSON() ([]byte, error) {
- return json.Marshal(map[string]interface{}{
+ return json.Marshal(map[string]any{
"type": t.typeMarker(),
})
}
@@ -158,7 +162,7 @@ func (String) String() string {
type Number struct{}
// N represents an instance of the number type.
-var N = NewNumber()
+var N Type = NewNumber()
// NewNumber returns a new Number type.
func NewNumber() Number {
@@ -167,7 +171,7 @@ func NewNumber() Number {
// MarshalJSON returns the JSON encoding of t.
func (t Number) MarshalJSON() ([]byte, error) {
- return json.Marshal(map[string]interface{}{
+ return json.Marshal(map[string]any{
"type": t.typeMarker(),
})
}
@@ -195,8 +199,8 @@ func (t *Array) MarshalJSON() ([]byte, error) {
return json.Marshal(t.toMap())
}
-func (t *Array) toMap() map[string]interface{} {
- repr := map[string]interface{}{
+func (t *Array) toMap() map[string]any {
+ repr := map[string]any{
"type": t.typeMarker(),
}
if len(t.static) != 0 {
@@ -252,6 +256,13 @@ type Set struct {
of Type
}
+// Boxed set types.
+var (
+ SetOfAny Type = NewSet(A)
+ SetOfStr Type = NewSet(S)
+ SetOfNum Type = NewSet(N)
+)
+
// NewSet returns a new Set type.
func NewSet(of Type) *Set {
return &Set{
@@ -268,8 +279,8 @@ func (t *Set) MarshalJSON() ([]byte, error) {
return json.Marshal(t.toMap())
}
-func (t *Set) toMap() map[string]interface{} {
- repr := map[string]interface{}{
+func (t *Set) toMap() map[string]any {
+ repr := map[string]any{
"type": t.typeMarker(),
}
if t.of != nil {
@@ -285,12 +296,12 @@ func (t *Set) String() string {
// StaticProperty represents a static object property.
type StaticProperty struct {
- Key interface{}
+ Key any
Value Type
}
// NewStaticProperty returns a new StaticProperty object.
-func NewStaticProperty(key interface{}, value Type) *StaticProperty {
+func NewStaticProperty(key any, value Type) *StaticProperty {
return &StaticProperty{
Key: key,
Value: value,
@@ -299,7 +310,7 @@ func NewStaticProperty(key interface{}, value Type) *StaticProperty {
// MarshalJSON returns the JSON encoding of p.
func (p *StaticProperty) MarshalJSON() ([]byte, error) {
- return json.Marshal(map[string]interface{}{
+ return json.Marshal(map[string]any{
"key": p.Key,
"value": p.Value,
})
@@ -321,7 +332,7 @@ func NewDynamicProperty(key, value Type) *DynamicProperty {
// MarshalJSON returns the JSON encoding of p.
func (p *DynamicProperty) MarshalJSON() ([]byte, error) {
- return json.Marshal(map[string]interface{}{
+ return json.Marshal(map[string]any{
"key": p.Key,
"value": p.Value,
})
@@ -339,9 +350,8 @@ type Object struct {
// NewObject returns a new Object type.
func NewObject(static []*StaticProperty, dynamic *DynamicProperty) *Object {
- sort.Slice(static, func(i, j int) bool {
- cmp := util.Compare(static[i].Key, static[j].Key)
- return cmp == -1
+ slices.SortFunc(static, func(a, b *StaticProperty) int {
+ return util.Compare(a.Key, b.Key)
})
return &Object{
static: static,
@@ -384,8 +394,8 @@ func (t *Object) StaticProperties() []*StaticProperty {
}
// Keys returns the keys of the object's static elements.
-func (t *Object) Keys() []interface{} {
- sl := make([]interface{}, 0, len(t.static))
+func (t *Object) Keys() []any {
+ sl := make([]any, 0, len(t.static))
for _, p := range t.static {
sl = append(sl, p.Key)
}
@@ -397,8 +407,8 @@ func (t *Object) MarshalJSON() ([]byte, error) {
return json.Marshal(t.toMap())
}
-func (t *Object) toMap() map[string]interface{} {
- repr := map[string]interface{}{
+func (t *Object) toMap() map[string]any {
+ repr := map[string]any{
"type": t.typeMarker(),
}
if len(t.static) != 0 {
@@ -411,7 +421,7 @@ func (t *Object) toMap() map[string]interface{} {
}
// Select returns the type of the named property.
-func (t *Object) Select(name interface{}) Type {
+func (t *Object) Select(name any) Type {
pos := sort.Search(len(t.static), func(x int) bool {
return util.Compare(t.static[x].Key, name) >= 0
})
@@ -471,7 +481,7 @@ func mergeObjects(a, b *Object) *Object {
dynamicProps = b.dynamic
}
- staticPropsMap := make(map[interface{}]Type)
+ staticPropsMap := make(map[any]Type)
for _, sp := range a.static {
staticPropsMap[sp.Key] = sp.Value
@@ -504,7 +514,7 @@ func mergeObjects(a, b *Object) *Object {
type Any []Type
// A represents the superset of all types.
-var A = NewAny()
+var A Type = NewAny()
// NewAny returns a new Any type.
func NewAny(of ...Type) Any {
@@ -536,8 +546,8 @@ func (t Any) MarshalJSON() ([]byte, error) {
return json.Marshal(t.toMap())
}
-func (t Any) toMap() map[string]interface{} {
- repr := map[string]interface{}{
+func (t Any) toMap() map[string]any {
+ repr := map[string]any{
"type": t.typeMarker(),
}
if len(t) != 0 {
@@ -578,10 +588,7 @@ func (t Any) Union(other Any) Any {
return other
}
// Prealloc the output list.
- maxLen := lenT
- if lenT < lenOther {
- maxLen = lenOther
- }
+ maxLen := max(lenT, lenOther)
merged := make(Any, 0, maxLen)
// Note(philipc): Create a merged slice, doing the minimum number of
// comparisons along the way. We treat this as a problem of merging two
@@ -675,7 +682,7 @@ func Arity(x Type) int {
if !ok {
return 0
}
- return len(f.FuncArgs().Args)
+ return f.Arity()
}
// NewFunction returns a new Function object of the given argument and result types.
@@ -723,6 +730,11 @@ func (t *Function) Args() []Type {
return cpy
}
+// Arity returns the number of arguments in the function signature.
+func (t *Function) Arity() int {
+ return len(t.args)
+}
+
// Result returns the function's result type.
func (t *Function) Result() Type {
return unwrap(t.result)
@@ -739,7 +751,7 @@ func (t *Function) String() string {
// MarshalJSON returns the JSON encoding of t.
func (t *Function) MarshalJSON() ([]byte, error) {
- repr := map[string]interface{}{
+ repr := map[string]any{
"type": t.typeMarker(),
}
if len(t.args) > 0 {
@@ -763,7 +775,7 @@ func (t *Function) UnmarshalJSON(bs []byte) error {
f, ok := tpe.(*Function)
if !ok {
- return fmt.Errorf("invalid type")
+ return errors.New("invalid type")
}
*t = *f
@@ -780,14 +792,15 @@ func (t *Function) Union(other *Function) *Function {
return other
}
- a := t.Args()
- b := other.Args()
- if len(a) != len(b) {
+ if t.Arity() != other.Arity() {
return nil
}
- aIsVariadic := t.FuncArgs().Variadic != nil
- bIsVariadic := other.FuncArgs().Variadic != nil
+ tfa := t.FuncArgs()
+ ofa := other.FuncArgs()
+
+ aIsVariadic := tfa.Variadic != nil
+ bIsVariadic := ofa.Variadic != nil
if aIsVariadic && !bIsVariadic {
return nil
@@ -795,13 +808,16 @@ func (t *Function) Union(other *Function) *Function {
return nil
}
+ a := t.Args()
+ b := other.Args()
+
args := make([]Type, len(a))
for i := range a {
args[i] = Or(a[i], b[i])
}
result := NewFunction(args, Or(t.Result(), other.Result()))
- result.variadic = Or(t.FuncArgs().Variadic, other.FuncArgs().Variadic)
+ result.variadic = Or(tfa.Variadic, ofa.Variadic)
return result
}
@@ -841,7 +857,7 @@ func Compare(a, b Type) int {
} else if x < y {
return -1
}
- switch a.(type) {
+ switch a.(type) { //nolint:gocritic
case nil, Null, Boolean, Number, String:
return 0
case *Array:
@@ -878,12 +894,9 @@ func Compare(a, b Type) int {
lenStaticA := len(objA.static)
lenStaticB := len(objB.static)
- minLen := lenStaticA
- if lenStaticB < minLen {
- minLen = lenStaticB
- }
+ minLen := min(lenStaticB, lenStaticA)
- for i := 0; i < minLen; i++ {
+ for i := range minLen {
if cmp := util.Compare(objA.static[i].Key, objB.static[i].Key); cmp != 0 {
return cmp
}
@@ -922,7 +935,7 @@ func Compare(a, b Type) int {
} else if len(fA.args) > len(fB.args) {
return 1
}
- for i := 0; i < len(fA.args); i++ {
+ for i := range len(fA.args) {
if cmp := Compare(fA.args[i], fB.args[i]); cmp != 0 {
return cmp
}
@@ -975,7 +988,7 @@ func Or(a, b Type) Type {
}
// Select returns a property or item of a.
-func Select(a Type, x interface{}) Type {
+func Select(a Type, x any) Type {
switch a := unwrap(a).(type) {
case *Array:
n, ok := x.(json.Number)
@@ -1086,17 +1099,13 @@ func Nil(a Type) bool {
case nil:
return true
case *Function:
- for i := range a.args {
- if Nil(a.args[i]) {
- return true
- }
+ if slices.ContainsFunc(a.args, Nil) {
+ return true
}
return Nil(a.result)
case *Array:
- for i := range a.static {
- if Nil(a.static[i]) {
- return true
- }
+ if slices.ContainsFunc(a.static, Nil) {
+ return true
}
if a.dynamic != nil {
return Nil(a.dynamic)
@@ -1117,32 +1126,32 @@ func Nil(a Type) bool {
}
// TypeOf returns the type of the Golang native value.
-func TypeOf(x interface{}) Type {
+func TypeOf(x any) Type {
switch x := x.(type) {
case nil:
- return NewNull()
+ return Nl
case bool:
return B
case string:
return S
case json.Number:
return N
- case map[string]interface{}:
- // The ast.ValueToInterface() function returns ast.Object values as map[string]interface{}
- // so map[string]interface{} must be handled here because the type checker uses the value
+ case map[string]any:
+ // The ast.ValueToInterface() function returns ast.Object values as map[string]any
+ // so map[string]any must be handled here because the type checker uses the value
// to interface conversion when inferring object types.
static := make([]*StaticProperty, 0, len(x))
for k, v := range x {
static = append(static, NewStaticProperty(k, TypeOf(v)))
}
return NewObject(static, nil)
- case map[interface{}]interface{}:
+ case map[any]any:
static := make([]*StaticProperty, 0, len(x))
for k, v := range x {
static = append(static, NewStaticProperty(k, TypeOf(v)))
}
return NewObject(static, nil)
- case []interface{}:
+ case []any:
static := make([]Type, len(x))
for i := range x {
static[i] = TypeOf(x[i])
@@ -1155,15 +1164,12 @@ func TypeOf(x interface{}) Type {
type typeSlice []Type
func (s typeSlice) Less(i, j int) bool { return Compare(s[i], s[j]) < 0 }
-func (s typeSlice) Swap(i, j int) { x := s[i]; s[i] = s[j]; s[j] = x }
+func (s typeSlice) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
func (s typeSlice) Len() int { return len(s) }
func typeSliceCompare(a, b []Type) int {
- minLen := len(a)
- if len(b) < minLen {
- minLen = len(b)
- }
- for i := 0; i < minLen; i++ {
+ minLen := min(len(b), len(a))
+ for i := range minLen {
if cmp := Compare(a[i], b[i]); cmp != 0 {
return cmp
}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/util/backoff.go b/vendor/github.com/open-policy-agent/opa/v1/util/backoff.go
new file mode 100644
index 0000000000..1558f0cff8
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/util/backoff.go
@@ -0,0 +1,42 @@
+// Copyright 2018 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package util
+
+import (
+ "math/rand"
+ "time"
+)
+
+// DefaultBackoff returns a delay with an exponential backoff based on the
+// number of retries.
+func DefaultBackoff(base, maxNS float64, retries int) time.Duration {
+ return Backoff(base, maxNS, .2, 1.6, retries)
+}
+
+// Backoff returns a delay with an exponential backoff based on the number of
+// retries. Same algorithm used in gRPC.
+func Backoff(base, maxNS, jitter, factor float64, retries int) time.Duration {
+ if retries == 0 {
+ return 0
+ }
+
+ backoff, maxNS := base, maxNS
+ for backoff < maxNS && retries > 0 {
+ backoff *= factor
+ retries--
+ }
+ if backoff > maxNS {
+ backoff = maxNS
+ }
+
+ // Randomize backoff delays so that if a cluster of requests start at
+ // the same time, they won't operate in lockstep.
+ backoff *= 1 + jitter*(rand.Float64()*2-1)
+ if backoff < 0 {
+ return 0
+ }
+
+ return time.Duration(backoff)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/util/channel.go b/vendor/github.com/open-policy-agent/opa/v1/util/channel.go
new file mode 100644
index 0000000000..e2653ac7fd
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/util/channel.go
@@ -0,0 +1,32 @@
+package util
+
+import (
+ "github.com/open-policy-agent/opa/v1/metrics"
+)
+
+// This prevents getting blocked forever writing to a full buffer, in case another routine fills the last space.
+// Retrying maxEventRetry times to drop the oldest event. Dropping the incoming event if there still isn't room.
+const maxEventRetry = 1000
+
+// PushFIFO pushes data into a buffered channel without blocking when full, making room by dropping the oldest data.
+// An optional metric can be recorded when data is dropped.
+func PushFIFO[T any](buffer chan T, data T, metrics metrics.Metrics, metricName string) {
+
+ for range maxEventRetry {
+ // non-blocking send to the buffer, to prevent blocking if buffer is full so room can be made.
+ select {
+ case buffer <- data:
+ return
+ default:
+ }
+
+ // non-blocking drop from the buffer to make room for incoming event
+ select {
+ case <-buffer:
+ if metrics != nil && metricName != "" {
+ metrics.Counter(metricName).Incr()
+ }
+ default:
+ }
+ }
+}
diff --git a/vendor/github.com/open-policy-agent/opa/util/close.go b/vendor/github.com/open-policy-agent/opa/v1/util/close.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/util/close.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/close.go
diff --git a/vendor/github.com/open-policy-agent/opa/util/compare.go b/vendor/github.com/open-policy-agent/opa/v1/util/compare.go
similarity index 79%
rename from vendor/github.com/open-policy-agent/opa/util/compare.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/compare.go
index 8ae7753690..df78f64755 100644
--- a/vendor/github.com/open-policy-agent/opa/util/compare.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/util/compare.go
@@ -8,16 +8,15 @@ import (
"encoding/json"
"fmt"
"math/big"
- "sort"
)
// Compare returns 0 if a equals b, -1 if a is less than b, and 1 if b is than a.
//
// For comparison between values of different types, the following ordering is used:
-// nil < bool < int, float64 < string < []interface{} < map[string]interface{}. Slices and maps
+// nil < bool < int, float64 < string < []any < map[string]any. Slices and maps
// are compared recursively. If one slice or map is a subset of the other slice or map
// it is considered "less than". Nil is always equal to nil.
-func Compare(a, b interface{}) int {
+func Compare(a, b any) int {
aSortOrder := sortOrder(a)
bSortOrder := sortOrder(b)
if aSortOrder < bSortOrder {
@@ -74,16 +73,13 @@ func Compare(a, b interface{}) int {
}
return 1
}
- case []interface{}:
+ case []any:
switch b := b.(type) {
- case []interface{}:
+ case []any:
bLen := len(b)
aLen := len(a)
- minLen := aLen
- if bLen < minLen {
- minLen = bLen
- }
- for i := 0; i < minLen; i++ {
+ minLen := min(bLen, aLen)
+ for i := range minLen {
cmp := Compare(a[i], b[i])
if cmp != 0 {
return cmp
@@ -96,26 +92,15 @@ func Compare(a, b interface{}) int {
}
return 1
}
- case map[string]interface{}:
+ case map[string]any:
switch b := b.(type) {
- case map[string]interface{}:
- var aKeys []string
- for k := range a {
- aKeys = append(aKeys, k)
- }
- var bKeys []string
- for k := range b {
- bKeys = append(bKeys, k)
- }
- sort.Strings(aKeys)
- sort.Strings(bKeys)
+ case map[string]any:
+ aKeys := KeysSorted(a)
+ bKeys := KeysSorted(b)
aLen := len(aKeys)
bLen := len(bKeys)
- minLen := aLen
- if bLen < minLen {
- minLen = bLen
- }
- for i := 0; i < minLen; i++ {
+ minLen := min(bLen, aLen)
+ for i := range minLen {
if aKeys[i] < bKeys[i] {
return -1
} else if bKeys[i] < aKeys[i] {
@@ -161,7 +146,7 @@ func compareJSONNumber(a, b json.Number) int {
return bigA.Cmp(bigB)
}
-func sortOrder(v interface{}) int {
+func sortOrder(v any) int {
switch v.(type) {
case nil:
return nilSort
@@ -175,9 +160,9 @@ func sortOrder(v interface{}) int {
return numberSort
case string:
return stringSort
- case []interface{}:
+ case []any:
return arraySort
- case map[string]interface{}:
+ case map[string]any:
return objectSort
}
panic(fmt.Sprintf("illegal argument of type %T", v))
diff --git a/vendor/github.com/open-policy-agent/opa/util/decoding/context.go b/vendor/github.com/open-policy-agent/opa/v1/util/decoding/context.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/util/decoding/context.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/decoding/context.go
diff --git a/vendor/github.com/open-policy-agent/opa/util/doc.go b/vendor/github.com/open-policy-agent/opa/v1/util/doc.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/util/doc.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/doc.go
diff --git a/vendor/github.com/open-policy-agent/opa/util/enumflag.go b/vendor/github.com/open-policy-agent/opa/v1/util/enumflag.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/util/enumflag.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/enumflag.go
diff --git a/vendor/github.com/open-policy-agent/opa/util/graph.go b/vendor/github.com/open-policy-agent/opa/v1/util/graph.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/util/graph.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/graph.go
diff --git a/vendor/github.com/open-policy-agent/opa/v1/util/hashmap.go b/vendor/github.com/open-policy-agent/opa/v1/util/hashmap.go
new file mode 100644
index 0000000000..69a90cbb53
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/util/hashmap.go
@@ -0,0 +1,271 @@
+// Copyright 2016 The OPA Authors. All rights reserved.
+// Use of this source code is governed by an Apache2
+// license that can be found in the LICENSE file.
+
+package util
+
+import (
+ "fmt"
+ "strings"
+)
+
+// T is a concise way to refer to T.
+type T any
+
+type Hasher interface {
+ Hash() int
+}
+
+type hashEntry[K any, V any] struct {
+ k K
+ v V
+ next *hashEntry[K, V]
+}
+
+// TypedHashMap represents a key/value map.
+type TypedHashMap[K any, V any] struct {
+ keq func(K, K) bool
+ veq func(V, V) bool
+ khash func(K) int
+ vhash func(V) int
+ def V
+ table map[int]*hashEntry[K, V]
+ size int
+}
+
+// NewTypedHashMap returns a new empty TypedHashMap.
+func NewTypedHashMap[K any, V any](keq func(K, K) bool, veq func(V, V) bool, khash func(K) int, vhash func(V) int, def V) *TypedHashMap[K, V] {
+ return &TypedHashMap[K, V]{
+ keq: keq,
+ veq: veq,
+ khash: khash,
+ vhash: vhash,
+ def: def,
+ table: make(map[int]*hashEntry[K, V]),
+ size: 0,
+ }
+}
+
+// HashMap represents a key/value map.
+type HashMap = TypedHashMap[T, T]
+
+// NewHashMap returns a new empty HashMap.
+func NewHashMap(eq func(T, T) bool, hash func(T) int) *HashMap {
+ return &HashMap{
+ keq: eq,
+ veq: eq,
+ khash: hash,
+ vhash: hash,
+ def: nil,
+ table: make(map[int]*hashEntry[T, T]),
+ size: 0,
+ }
+}
+
+// Copy returns a shallow copy of this HashMap.
+func (h *TypedHashMap[K, V]) Copy() *TypedHashMap[K, V] {
+ cpy := NewTypedHashMap(h.keq, h.veq, h.khash, h.vhash, h.def)
+ h.Iter(func(k K, v V) bool {
+ cpy.Put(k, v)
+ return false
+ })
+ return cpy
+}
+
+// Equal returns true if this HashMap equals the other HashMap.
+// Two hash maps are equal if they contain the same key/value pairs.
+func (h *TypedHashMap[K, V]) Equal(other *TypedHashMap[K, V]) bool {
+ if h.Len() != other.Len() {
+ return false
+ }
+ return !h.Iter(func(k K, v V) bool {
+ ov, ok := other.Get(k)
+ if !ok {
+ return true
+ }
+ return !h.veq(v, ov)
+ })
+}
+
+// Get returns the value for k.
+func (h *TypedHashMap[K, V]) Get(k K) (V, bool) {
+ hash := h.khash(k)
+ for entry := h.table[hash]; entry != nil; entry = entry.next {
+ if h.keq(entry.k, k) {
+ return entry.v, true
+ }
+ }
+ return h.def, false
+}
+
+// Delete removes the key k.
+func (h *TypedHashMap[K, V]) Delete(k K) {
+ hash := h.khash(k)
+ var prev *hashEntry[K, V]
+ for entry := h.table[hash]; entry != nil; entry = entry.next {
+ if h.keq(entry.k, k) {
+ if prev != nil {
+ prev.next = entry.next
+ } else {
+ h.table[hash] = entry.next
+ }
+ h.size--
+ return
+ }
+ prev = entry
+ }
+}
+
+// Hash returns the hash code for this hash map.
+func (h *TypedHashMap[K, V]) Hash() int {
+ var hash int
+ h.Iter(func(k K, v V) bool {
+ hash += h.khash(k) + h.vhash(v)
+ return false
+ })
+ return hash
+}
+
+// Iter invokes the iter function for each element in the HashMap.
+// If the iter function returns true, iteration stops and the return value is true.
+// If the iter function never returns true, iteration proceeds through all elements
+// and the return value is false.
+func (h *TypedHashMap[K, V]) Iter(iter func(K, V) bool) bool {
+ for _, entry := range h.table {
+ for ; entry != nil; entry = entry.next {
+ if iter(entry.k, entry.v) {
+ return true
+ }
+ }
+ }
+ return false
+}
+
+// Len returns the current size of this HashMap.
+func (h *TypedHashMap[K, V]) Len() int {
+ return h.size
+}
+
+// Put inserts a key/value pair into this HashMap. If the key is already present, the existing
+// value is overwritten.
+func (h *TypedHashMap[K, V]) Put(k K, v V) {
+ hash := h.khash(k)
+ head := h.table[hash]
+ for entry := head; entry != nil; entry = entry.next {
+ if h.keq(entry.k, k) {
+ entry.v = v
+ return
+ }
+ }
+ h.table[hash] = &hashEntry[K, V]{k: k, v: v, next: head}
+ h.size++
+}
+
+func (h *TypedHashMap[K, V]) String() string {
+ var buf []string
+ h.Iter(func(k K, v V) bool {
+ buf = append(buf, fmt.Sprintf("%v: %v", k, v))
+ return false
+ })
+ return "{" + strings.Join(buf, ", ") + "}"
+}
+
+// Update returns a new HashMap with elements from the other HashMap put into this HashMap.
+// If the other HashMap contains elements with the same key as this HashMap, the value
+// from the other HashMap overwrites the value from this HashMap.
+func (h *TypedHashMap[K, V]) Update(other *TypedHashMap[K, V]) *TypedHashMap[K, V] {
+ updated := h.Copy()
+ other.Iter(func(k K, v V) bool {
+ updated.Put(k, v)
+ return false
+ })
+ return updated
+}
+
+type hasherEntry[K Hasher, V any] struct {
+ k K
+ v V
+ next *hasherEntry[K, V]
+}
+
+// HasherMap represents a simpler version of TypedHashMap that uses Hasher's
+// for keys, and requires only an equality function for keys. Ideally we'd have
+// and Equal method for all key types too, and we could get rid of that requirement.
+type HasherMap[K Hasher, V any] struct {
+ keq func(K, K) bool
+ table map[int]*hasherEntry[K, V]
+ size int
+}
+
+// NewHasherMap returns a new empty HasherMap.
+func NewHasherMap[K Hasher, V any](keq func(K, K) bool) *HasherMap[K, V] {
+ return &HasherMap[K, V]{
+ keq: keq,
+ table: make(map[int]*hasherEntry[K, V]),
+ size: 0,
+ }
+}
+
+// Get returns the value for k.
+func (h *HasherMap[K, V]) Get(k K) (V, bool) {
+ for entry := h.table[k.Hash()]; entry != nil; entry = entry.next {
+ if h.keq(entry.k, k) {
+ return entry.v, true
+ }
+ }
+ var zero V
+ return zero, false
+}
+
+// Put inserts a key/value pair into this HashMap. If the key is already present, the existing
+// value is overwritten.
+func (h *HasherMap[K, V]) Put(k K, v V) {
+ hash := k.Hash()
+ head := h.table[hash]
+ for entry := head; entry != nil; entry = entry.next {
+ if h.keq(entry.k, k) {
+ entry.v = v
+ return
+ }
+ }
+ h.table[hash] = &hasherEntry[K, V]{k: k, v: v, next: head}
+ h.size++
+}
+
+// Delete removes the key k.
+func (h *HasherMap[K, V]) Delete(k K) {
+ hash := k.Hash()
+ var prev *hasherEntry[K, V]
+ for entry := h.table[hash]; entry != nil; entry = entry.next {
+ if h.keq(entry.k, k) {
+ if prev != nil {
+ prev.next = entry.next
+ } else {
+ h.table[hash] = entry.next
+ }
+ h.size--
+ return
+ }
+ prev = entry
+ }
+}
+
+// Iter invokes the iter function for each element in the HasherMap.
+// If the iter function returns true, iteration stops and the return value is true.
+// If the iter function never returns true, iteration proceeds through all elements
+// and the return value is false.
+func (h *HasherMap[K, V]) Iter(iter func(K, V) bool) bool {
+ for _, entry := range h.table {
+ for ; entry != nil; entry = entry.next {
+ if iter(entry.k, entry.v) {
+ return true
+ }
+ }
+ }
+ return false
+}
+
+// Len returns the current size of this HashMap.
+func (h *HasherMap[K, V]) Len() int {
+ return h.size
+}
diff --git a/vendor/github.com/open-policy-agent/opa/util/json.go b/vendor/github.com/open-policy-agent/opa/v1/util/json.go
similarity index 88%
rename from vendor/github.com/open-policy-agent/opa/util/json.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/json.go
index 0b7fd2ed64..fdb2626c78 100644
--- a/vendor/github.com/open-policy-agent/opa/util/json.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/util/json.go
@@ -13,7 +13,7 @@ import (
"sigs.k8s.io/yaml"
- "github.com/open-policy-agent/opa/loader/extension"
+ "github.com/open-policy-agent/opa/v1/loader/extension"
)
// UnmarshalJSON parses the JSON encoded data and stores the result in the value
@@ -21,11 +21,11 @@ import (
//
// This function is intended to be used in place of the standard json.Marshal
// function when json.Number is required.
-func UnmarshalJSON(bs []byte, x interface{}) error {
+func UnmarshalJSON(bs []byte, x any) error {
return unmarshalJSON(bs, x, true)
}
-func unmarshalJSON(bs []byte, x interface{}, ext bool) error {
+func unmarshalJSON(bs []byte, x any, ext bool) error {
buf := bytes.NewBuffer(bs)
decoder := NewJSONDecoder(buf)
if err := decoder.Decode(x); err != nil {
@@ -61,8 +61,8 @@ func NewJSONDecoder(r io.Reader) *json.Decoder {
//
// If the data cannot be decoded, this function will panic. This function is for
// test purposes.
-func MustUnmarshalJSON(bs []byte) interface{} {
- var x interface{}
+func MustUnmarshalJSON(bs []byte) any {
+ var x any
if err := UnmarshalJSON(bs, &x); err != nil {
panic(err)
}
@@ -73,7 +73,7 @@ func MustUnmarshalJSON(bs []byte) interface{} {
//
// If the data cannot be encoded, this function will panic. This function is for
// test purposes.
-func MustMarshalJSON(x interface{}) []byte {
+func MustMarshalJSON(x any) []byte {
bs, err := json.Marshal(x)
if err != nil {
panic(err)
@@ -86,7 +86,7 @@ func MustMarshalJSON(x interface{}) []byte {
// Thereby, it is converting its argument to the representation expected by
// rego.Input and inmem's Write operations. Works with both references and
// values.
-func RoundTrip(x *interface{}) error {
+func RoundTrip(x *any) error {
bs, err := json.Marshal(x)
if err != nil {
return err
@@ -99,8 +99,8 @@ func RoundTrip(x *interface{}) error {
//
// Used for preparing Go types (including pointers to structs) into values to be
// put through util.RoundTrip().
-func Reference(x interface{}) *interface{} {
- var y interface{}
+func Reference(x any) *any {
+ var y any
rv := reflect.ValueOf(x)
if rv.Kind() == reflect.Ptr {
return Reference(rv.Elem().Interface())
@@ -113,7 +113,7 @@ func Reference(x interface{}) *interface{} {
}
// Unmarshal decodes a YAML, JSON or JSON extension value into the specified type.
-func Unmarshal(bs []byte, v interface{}) error {
+func Unmarshal(bs []byte, v any) error {
if len(bs) > 2 && bs[0] == 0xef && bs[1] == 0xbb && bs[2] == 0xbf {
bs = bs[3:] // Strip UTF-8 BOM, see https://www.rfc-editor.org/rfc/rfc8259#section-8.1
}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/util/maps.go b/vendor/github.com/open-policy-agent/opa/v1/util/maps.go
new file mode 100644
index 0000000000..c56fbe98ac
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/util/maps.go
@@ -0,0 +1,34 @@
+package util
+
+import (
+ "cmp"
+ "slices"
+)
+
+// Keys returns a slice of keys from any map.
+func Keys[M ~map[K]V, K comparable, V any](m M) []K {
+ r := make([]K, 0, len(m))
+ for k := range m {
+ r = append(r, k)
+ }
+ return r
+}
+
+// KeysSorted returns a slice of keys from any map, sorted in ascending order.
+func KeysSorted[M ~map[K]V, K cmp.Ordered, V any](m M) []K {
+ r := make([]K, 0, len(m))
+ for k := range m {
+ r = append(r, k)
+ }
+ slices.Sort(r)
+ return r
+}
+
+// Values returns a slice of values from any map. Copied from golang.org/x/exp/maps.
+func Values[M ~map[K]V, K comparable, V any](m M) []V {
+ r := make([]V, 0, len(m))
+ for _, v := range m {
+ r = append(r, v)
+ }
+ return r
+}
diff --git a/vendor/github.com/open-policy-agent/opa/v1/util/performance.go b/vendor/github.com/open-policy-agent/opa/v1/util/performance.go
new file mode 100644
index 0000000000..467fe766bb
--- /dev/null
+++ b/vendor/github.com/open-policy-agent/opa/v1/util/performance.go
@@ -0,0 +1,64 @@
+package util
+
+import (
+ "math"
+ "slices"
+ "unsafe"
+)
+
+// NewPtrSlice returns a slice of pointers to T with length n,
+// with only 2 allocations performed no matter the size of n.
+// See:
+// https://gist.github.com/CAFxX/e96e8a5c3841d152f16d266a1fe7f8bd#slices-of-pointers
+func NewPtrSlice[T any](n int) []*T {
+ return GrowPtrSlice[T](nil, n)
+}
+
+// GrowPtrSlice appends n elements to the slice, each pointing to
+// a newly-allocated T. The resulting slice has length equal to len(s)+n.
+//
+// It performs at most 2 allocations, regardless of n.
+func GrowPtrSlice[T any](s []*T, n int) []*T {
+ s = slices.Grow(s, n)
+ p := make([]T, n)
+ for i := range n {
+ s = append(s, &p[i])
+ }
+ return s
+}
+
+// Allocation free conversion from []byte to string (unsafe)
+// Note that the byte slice must not be modified after conversion
+func ByteSliceToString(bs []byte) string {
+ return unsafe.String(unsafe.SliceData(bs), len(bs))
+}
+
+// Allocation free conversion from ~string to []byte (unsafe)
+// Note that the byte slice must not be modified after conversion
+func StringToByteSlice[T ~string](s T) []byte {
+ return unsafe.Slice(unsafe.StringData(string(s)), len(s))
+}
+
+// NumDigitsInt returns the number of digits in n.
+// This is useful for pre-allocating buffers for string conversion.
+func NumDigitsInt(n int) int {
+ if n == 0 {
+ return 1
+ }
+
+ if n < 0 {
+ n = -n
+ }
+
+ return int(math.Log10(float64(n))) + 1
+}
+
+// NumDigitsUint returns the number of digits in n.
+// This is useful for pre-allocating buffers for string conversion.
+func NumDigitsUint(n uint64) int {
+ if n == 0 {
+ return 1
+ }
+
+ return int(math.Log10(float64(n))) + 1
+}
diff --git a/vendor/github.com/open-policy-agent/opa/util/queue.go b/vendor/github.com/open-policy-agent/opa/v1/util/queue.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/util/queue.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/queue.go
diff --git a/vendor/github.com/open-policy-agent/opa/util/read_gzip_body.go b/vendor/github.com/open-policy-agent/opa/v1/util/read_gzip_body.go
similarity index 95%
rename from vendor/github.com/open-policy-agent/opa/util/read_gzip_body.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/read_gzip_body.go
index 217638b363..ddffe2a4de 100644
--- a/vendor/github.com/open-policy-agent/opa/util/read_gzip_body.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/util/read_gzip_body.go
@@ -4,17 +4,17 @@ import (
"bytes"
"compress/gzip"
"encoding/binary"
- "fmt"
+ "errors"
"io"
"net/http"
"strings"
"sync"
- "github.com/open-policy-agent/opa/util/decoding"
+ "github.com/open-policy-agent/opa/v1/util/decoding"
)
var gzipReaderPool = sync.Pool{
- New: func() interface{} {
+ New: func() any {
reader := new(gzip.Reader)
return reader
},
@@ -58,7 +58,7 @@ func ReadMaybeCompressedBody(r *http.Request) ([]byte, error) {
// earlier in DecodingLimitHandler.
sizeTrailerField := binary.LittleEndian.Uint32(content.Bytes()[content.Len()-4:])
if sizeTrailerField > uint32(gzipMaxLength) {
- return content.Bytes(), fmt.Errorf("gzip payload too large")
+ return content.Bytes(), errors.New("gzip payload too large")
}
// Pull a gzip decompressor from the pool, and assign it to the current
// buffer, using Reset(). Later, return it back to the pool for another
diff --git a/vendor/github.com/open-policy-agent/opa/util/time.go b/vendor/github.com/open-policy-agent/opa/v1/util/time.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/util/time.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/time.go
diff --git a/vendor/github.com/open-policy-agent/opa/util/wait.go b/vendor/github.com/open-policy-agent/opa/v1/util/wait.go
similarity index 94%
rename from vendor/github.com/open-policy-agent/opa/util/wait.go
rename to vendor/github.com/open-policy-agent/opa/v1/util/wait.go
index b70ab6fcf9..b1ea84fd53 100644
--- a/vendor/github.com/open-policy-agent/opa/util/wait.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/util/wait.go
@@ -5,7 +5,7 @@
package util
import (
- "fmt"
+ "errors"
"time"
)
@@ -24,7 +24,7 @@ func WaitFunc(fun func() bool, interval, timeout time.Duration) error {
for {
select {
case <-timer.C:
- return fmt.Errorf("timeout")
+ return errors.New("timeout")
case <-ticker.C:
if fun() {
return nil
diff --git a/vendor/github.com/open-policy-agent/opa/version/version.go b/vendor/github.com/open-policy-agent/opa/v1/version/version.go
similarity index 79%
rename from vendor/github.com/open-policy-agent/opa/version/version.go
rename to vendor/github.com/open-policy-agent/opa/v1/version/version.go
index 862556bce0..c50ecfcb1b 100644
--- a/vendor/github.com/open-policy-agent/opa/version/version.go
+++ b/vendor/github.com/open-policy-agent/opa/v1/version/version.go
@@ -10,8 +10,7 @@ import (
"runtime/debug"
)
-// Version is the canonical version of OPA.
-var Version = "0.70.0"
+var Version = "1.5.0"
// GoVersion is the version of Go this was built with
var GoVersion = runtime.Version()
@@ -32,18 +31,28 @@ func init() {
if !ok {
return
}
- dirty := false
+ var dirty bool
+ var binTimestamp, binVcs string
+
for _, s := range bi.Settings {
switch s.Key {
case "vcs.time":
- Timestamp = s.Value
+ binTimestamp = s.Value
case "vcs.revision":
- Vcs = s.Value
+ binVcs = s.Value
case "vcs.modified":
dirty = s.Value == "true"
}
}
- if dirty {
- Vcs = Vcs + "-dirty"
+
+ if Timestamp == "" {
+ Timestamp = binTimestamp
+ }
+
+ if Vcs == "" {
+ Vcs = binVcs
+ if dirty {
+ Vcs += "-dirty"
+ }
}
}
diff --git a/vendor/github.com/open-policy-agent/opa/version/wasm.go b/vendor/github.com/open-policy-agent/opa/v1/version/wasm.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/version/wasm.go
rename to vendor/github.com/open-policy-agent/opa/v1/version/wasm.go
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/version.go b/vendor/github.com/opencontainers/image-spec/specs-go/version.go
index 7069ae44d7..c3897c7ca0 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/version.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/version.go
@@ -22,7 +22,7 @@ const (
// VersionMinor is for functionality in a backwards-compatible manner
VersionMinor = 1
// VersionPatch is for backwards-compatible bug fixes
- VersionPatch = 0
+ VersionPatch = 1
// VersionDev indicates development branch. Releases will be empty string.
VersionDev = ""
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
index d1236ba721..1aa0693b57 100644
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
@@ -83,7 +83,7 @@ type Process struct {
// Rlimits specifies rlimit options to apply to the process.
Rlimits []POSIXRlimit `json:"rlimits,omitempty" platform:"linux,solaris,zos"`
// NoNewPrivileges controls whether additional privileges could be gained by processes in the container.
- NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
+ NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux,zos"`
// ApparmorProfile specifies the apparmor profile for the container.
ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
// Specify an oom_score_adj for the container.
@@ -94,10 +94,12 @@ type Process struct {
SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
// IOPriority contains the I/O priority settings for the cgroup.
IOPriority *LinuxIOPriority `json:"ioPriority,omitempty" platform:"linux"`
+ // ExecCPUAffinity specifies CPU affinity for exec processes.
+ ExecCPUAffinity *CPUAffinity `json:"execCPUAffinity,omitempty" platform:"linux"`
}
// LinuxCapabilities specifies the list of allowed capabilities that are kept for a process.
-// http://man7.org/linux/man-pages/man7/capabilities.7.html
+// https://man7.org/linux/man-pages/man7/capabilities.7.html
type LinuxCapabilities struct {
// Bounding is the set of capabilities checked by the kernel.
Bounding []string `json:"bounding,omitempty" platform:"linux"`
@@ -127,6 +129,12 @@ const (
IOPRIO_CLASS_IDLE IOPriorityClass = "IOPRIO_CLASS_IDLE"
)
+// CPUAffinity specifies process' CPU affinity.
+type CPUAffinity struct {
+ Initial string `json:"initial,omitempty"`
+ Final string `json:"final,omitempty"`
+}
+
// Box specifies dimensions of a rectangle. Used for specifying the size of a console.
type Box struct {
// Height is the vertical dimension of a box.
@@ -627,6 +635,17 @@ type WindowsCPUResources struct {
// cycles per 10,000 cycles. Set processor `maximum` to a percentage times
// 100.
Maximum *uint16 `json:"maximum,omitempty"`
+ // Set of CPUs to affinitize for this container.
+ Affinity []WindowsCPUGroupAffinity `json:"affinity,omitempty"`
+}
+
+// Similar to _GROUP_AFFINITY struct defined in
+// https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/miniport/ns-miniport-_group_affinity
+type WindowsCPUGroupAffinity struct {
+ // CPU mask relative to this CPU group.
+ Mask uint64 `json:"mask,omitempty"`
+ // Processor group the mask refers to, as returned by GetLogicalProcessorInformationEx.
+ Group uint32 `json:"group,omitempty"`
}
// WindowsStorageResources contains storage resource management settings.
@@ -751,6 +770,10 @@ const (
ArchPARISC Arch = "SCMP_ARCH_PARISC"
ArchPARISC64 Arch = "SCMP_ARCH_PARISC64"
ArchRISCV64 Arch = "SCMP_ARCH_RISCV64"
+ ArchLOONGARCH64 Arch = "SCMP_ARCH_LOONGARCH64"
+ ArchM68K Arch = "SCMP_ARCH_M68K"
+ ArchSH Arch = "SCMP_ARCH_SH"
+ ArchSHEB Arch = "SCMP_ARCH_SHEB"
)
// LinuxSeccompAction taken upon Seccomp rule match
@@ -826,28 +849,33 @@ type LinuxIntelRdt struct {
// ZOS contains platform-specific configuration for z/OS based containers.
type ZOS struct {
- // Devices are a list of device nodes that are created for the container
- Devices []ZOSDevice `json:"devices,omitempty"`
+ // Namespaces contains the namespaces that are created and/or joined by the container
+ Namespaces []ZOSNamespace `json:"namespaces,omitempty"`
}
-// ZOSDevice represents the mknod information for a z/OS special device file
-type ZOSDevice struct {
- // Path to the device.
- Path string `json:"path"`
- // Device type, block, char, etc.
- Type string `json:"type"`
- // Major is the device's major number.
- Major int64 `json:"major"`
- // Minor is the device's minor number.
- Minor int64 `json:"minor"`
- // FileMode permission bits for the device.
- FileMode *os.FileMode `json:"fileMode,omitempty"`
- // UID of the device.
- UID *uint32 `json:"uid,omitempty"`
- // Gid of the device.
- GID *uint32 `json:"gid,omitempty"`
+// ZOSNamespace is the configuration for a z/OS namespace
+type ZOSNamespace struct {
+ // Type is the type of namespace
+ Type ZOSNamespaceType `json:"type"`
+ // Path is a path to an existing namespace persisted on disk that can be joined
+ // and is of the same type
+ Path string `json:"path,omitempty"`
}
+// ZOSNamespaceType is one of the z/OS namespaces
+type ZOSNamespaceType string
+
+const (
+ // PIDNamespace for isolating process IDs
+ ZOSPIDNamespace ZOSNamespaceType = "pid"
+ // MountNamespace for isolating mount points
+ ZOSMountNamespace ZOSNamespaceType = "mount"
+ // IPCNamespace for isolating System V IPC, POSIX message queues
+ ZOSIPCNamespace ZOSNamespaceType = "ipc"
+ // UTSNamespace for isolating hostname and NIS domain name
+ ZOSUTSNamespace ZOSNamespaceType = "uts"
+)
+
// LinuxSchedulerPolicy represents different scheduling policies used with the Linux Scheduler
type LinuxSchedulerPolicy string
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go
new file mode 100644
index 0000000000..949f532b65
--- /dev/null
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go
@@ -0,0 +1,145 @@
+// Package features provides the Features struct.
+package features
+
+// Features represents the supported features of the runtime.
+type Features struct {
+ // OCIVersionMin is the minimum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.0".
+ OCIVersionMin string `json:"ociVersionMin,omitempty"`
+
+ // OCIVersionMax is the maximum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.2-dev".
+ OCIVersionMax string `json:"ociVersionMax,omitempty"`
+
+ // Hooks is the list of the recognized hook names, e.g., "createRuntime".
+ // Nil value means "unknown", not "no support for any hook".
+ Hooks []string `json:"hooks,omitempty"`
+
+ // MountOptions is the list of the recognized mount options, e.g., "ro".
+ // Nil value means "unknown", not "no support for any mount option".
+ // This list does not contain filesystem-specific options passed to mount(2) syscall as (const void *).
+ MountOptions []string `json:"mountOptions,omitempty"`
+
+ // Linux is specific to Linux.
+ Linux *Linux `json:"linux,omitempty"`
+
+ // Annotations contains implementation-specific annotation strings,
+ // such as the implementation version, and third-party extensions.
+ Annotations map[string]string `json:"annotations,omitempty"`
+
+ // PotentiallyUnsafeConfigAnnotations the list of the potential unsafe annotations
+ // that may appear in `config.json`.
+ //
+ // A value that ends with "." is interpreted as a prefix of annotations.
+ PotentiallyUnsafeConfigAnnotations []string `json:"potentiallyUnsafeConfigAnnotations,omitempty"`
+}
+
+// Linux is specific to Linux.
+type Linux struct {
+ // Namespaces is the list of the recognized namespaces, e.g., "mount".
+ // Nil value means "unknown", not "no support for any namespace".
+ Namespaces []string `json:"namespaces,omitempty"`
+
+ // Capabilities is the list of the recognized capabilities , e.g., "CAP_SYS_ADMIN".
+ // Nil value means "unknown", not "no support for any capability".
+ Capabilities []string `json:"capabilities,omitempty"`
+
+ Cgroup *Cgroup `json:"cgroup,omitempty"`
+ Seccomp *Seccomp `json:"seccomp,omitempty"`
+ Apparmor *Apparmor `json:"apparmor,omitempty"`
+ Selinux *Selinux `json:"selinux,omitempty"`
+ IntelRdt *IntelRdt `json:"intelRdt,omitempty"`
+ MountExtensions *MountExtensions `json:"mountExtensions,omitempty"`
+}
+
+// Cgroup represents the "cgroup" field.
+type Cgroup struct {
+ // V1 represents whether Cgroup v1 support is compiled in.
+ // Unrelated to whether the host uses cgroup v1 or not.
+ // Nil value means "unknown", not "false".
+ V1 *bool `json:"v1,omitempty"`
+
+ // V2 represents whether Cgroup v2 support is compiled in.
+ // Unrelated to whether the host uses cgroup v2 or not.
+ // Nil value means "unknown", not "false".
+ V2 *bool `json:"v2,omitempty"`
+
+ // Systemd represents whether systemd-cgroup support is compiled in.
+ // Unrelated to whether the host uses systemd or not.
+ // Nil value means "unknown", not "false".
+ Systemd *bool `json:"systemd,omitempty"`
+
+ // SystemdUser represents whether user-scoped systemd-cgroup support is compiled in.
+ // Unrelated to whether the host uses systemd or not.
+ // Nil value means "unknown", not "false".
+ SystemdUser *bool `json:"systemdUser,omitempty"`
+
+ // Rdma represents whether RDMA cgroup support is compiled in.
+ // Unrelated to whether the host supports RDMA or not.
+ // Nil value means "unknown", not "false".
+ Rdma *bool `json:"rdma,omitempty"`
+}
+
+// Seccomp represents the "seccomp" field.
+type Seccomp struct {
+ // Enabled is true if seccomp support is compiled in.
+ // Nil value means "unknown", not "false".
+ Enabled *bool `json:"enabled,omitempty"`
+
+ // Actions is the list of the recognized actions, e.g., "SCMP_ACT_NOTIFY".
+ // Nil value means "unknown", not "no support for any action".
+ Actions []string `json:"actions,omitempty"`
+
+ // Operators is the list of the recognized operators, e.g., "SCMP_CMP_NE".
+ // Nil value means "unknown", not "no support for any operator".
+ Operators []string `json:"operators,omitempty"`
+
+ // Archs is the list of the recognized archs, e.g., "SCMP_ARCH_X86_64".
+ // Nil value means "unknown", not "no support for any arch".
+ Archs []string `json:"archs,omitempty"`
+
+ // KnownFlags is the list of the recognized filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG".
+ // Nil value means "unknown", not "no flags are recognized".
+ KnownFlags []string `json:"knownFlags,omitempty"`
+
+ // SupportedFlags is the list of the supported filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG".
+ // This list may be a subset of KnownFlags due to some flags
+ // not supported by the current kernel and/or libseccomp.
+ // Nil value means "unknown", not "no flags are supported".
+ SupportedFlags []string `json:"supportedFlags,omitempty"`
+}
+
+// Apparmor represents the "apparmor" field.
+type Apparmor struct {
+ // Enabled is true if AppArmor support is compiled in.
+ // Unrelated to whether the host supports AppArmor or not.
+ // Nil value means "unknown", not "false".
+ Enabled *bool `json:"enabled,omitempty"`
+}
+
+// Selinux represents the "selinux" field.
+type Selinux struct {
+ // Enabled is true if SELinux support is compiled in.
+ // Unrelated to whether the host supports SELinux or not.
+ // Nil value means "unknown", not "false".
+ Enabled *bool `json:"enabled,omitempty"`
+}
+
+// IntelRdt represents the "intelRdt" field.
+type IntelRdt struct {
+ // Enabled is true if Intel RDT support is compiled in.
+ // Unrelated to whether the host supports Intel RDT or not.
+ // Nil value means "unknown", not "false".
+ Enabled *bool `json:"enabled,omitempty"`
+}
+
+// MountExtensions represents the "mountExtensions" field.
+type MountExtensions struct {
+ // IDMap represents the status of idmap mounts support.
+ IDMap *IDMap `json:"idmap,omitempty"`
+}
+
+type IDMap struct {
+ // Enabled represents whether idmap mounts supports is compiled in.
+ // Unrelated to whether the host supports it or not.
+ // Nil value means "unknown", not "false".
+ Enabled *bool `json:"enabled,omitempty"`
+}
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go
index 503971e058..23234a9c58 100644
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go
@@ -8,7 +8,7 @@ const (
// VersionMinor is for functionality in a backwards-compatible manner
VersionMinor = 2
// VersionPatch is for backwards-compatible bug fixes
- VersionPatch = 0
+ VersionPatch = 1
// VersionDev indicates development branch. Releases will be empty string.
VersionDev = ""
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/collectorfunc.go b/vendor/github.com/prometheus/client_golang/prometheus/collectorfunc.go
new file mode 100644
index 0000000000..9a71a15db1
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/collectorfunc.go
@@ -0,0 +1,30 @@
+// Copyright 2025 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package prometheus
+
+// CollectorFunc is a convenient way to implement a Prometheus Collector
+// without interface boilerplate.
+// This implementation is based on DescribeByCollect method.
+// familiarize yourself to it before using.
+type CollectorFunc func(chan<- Metric)
+
+// Collect calls the defined CollectorFunc function with the provided Metrics channel
+func (f CollectorFunc) Collect(ch chan<- Metric) {
+ f(ch)
+}
+
+// Describe sends the descriptor information using DescribeByCollect
+func (f CollectorFunc) Describe(ch chan<- *Desc) {
+ DescribeByCollect(f, ch)
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/desc.go b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
index 68ffe3c248..ad347113c0 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/desc.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
@@ -189,12 +189,15 @@ func (d *Desc) String() string {
fmt.Sprintf("%s=%q", lp.GetName(), lp.GetValue()),
)
}
- vlStrings := make([]string, 0, len(d.variableLabels.names))
- for _, vl := range d.variableLabels.names {
- if fn, ok := d.variableLabels.labelConstraints[vl]; ok && fn != nil {
- vlStrings = append(vlStrings, fmt.Sprintf("c(%s)", vl))
- } else {
- vlStrings = append(vlStrings, vl)
+ vlStrings := []string{}
+ if d.variableLabels != nil {
+ vlStrings = make([]string, 0, len(d.variableLabels.names))
+ for _, vl := range d.variableLabels.names {
+ if fn, ok := d.variableLabels.labelConstraints[vl]; ok && fn != nil {
+ vlStrings = append(vlStrings, fmt.Sprintf("c(%s)", vl))
+ } else {
+ vlStrings = append(vlStrings, vl)
+ }
}
}
return fmt.Sprintf(
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/go_collector_latest.go b/vendor/github.com/prometheus/client_golang/prometheus/go_collector_latest.go
index 5117464172..6b8684731c 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/go_collector_latest.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/go_collector_latest.go
@@ -288,7 +288,7 @@ func NewGoCollector(opts ...func(o *internal.GoCollectorOptions)) Collector {
}
func attachOriginalName(desc, origName string) string {
- return fmt.Sprintf("%s Sourced from %s", desc, origName)
+ return fmt.Sprintf("%s Sourced from %s.", desc, origName)
}
// Describe returns all descriptions of the collector.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
index 519db348a7..c453b754a7 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
@@ -14,6 +14,7 @@
package prometheus
import (
+ "errors"
"fmt"
"math"
"runtime"
@@ -28,6 +29,11 @@ import (
"google.golang.org/protobuf/types/known/timestamppb"
)
+const (
+ nativeHistogramSchemaMaximum = 8
+ nativeHistogramSchemaMinimum = -4
+)
+
// nativeHistogramBounds for the frac of observed values. Only relevant for
// schema > 0. The position in the slice is the schema. (0 is never used, just
// here for convenience of using the schema directly as the index.)
@@ -330,11 +336,11 @@ func ExponentialBuckets(start, factor float64, count int) []float64 {
// used for the Buckets field of HistogramOpts.
//
// The function panics if 'count' is 0 or negative, if 'min' is 0 or negative.
-func ExponentialBucketsRange(min, max float64, count int) []float64 {
+func ExponentialBucketsRange(minBucket, maxBucket float64, count int) []float64 {
if count < 1 {
panic("ExponentialBucketsRange count needs a positive count")
}
- if min <= 0 {
+ if minBucket <= 0 {
panic("ExponentialBucketsRange min needs to be greater than 0")
}
@@ -342,12 +348,12 @@ func ExponentialBucketsRange(min, max float64, count int) []float64 {
// max = min*growthFactor^(bucketCount-1)
// We know max/min and highest bucket. Solve for growthFactor.
- growthFactor := math.Pow(max/min, 1.0/float64(count-1))
+ growthFactor := math.Pow(maxBucket/minBucket, 1.0/float64(count-1))
// Now that we know growthFactor, solve for each bucket.
buckets := make([]float64, count)
for i := 1; i <= count; i++ {
- buckets[i-1] = min * math.Pow(growthFactor, float64(i-1))
+ buckets[i-1] = minBucket * math.Pow(growthFactor, float64(i-1))
}
return buckets
}
@@ -858,15 +864,35 @@ func (h *histogram) Write(out *dto.Metric) error {
// findBucket returns the index of the bucket for the provided value, or
// len(h.upperBounds) for the +Inf bucket.
func (h *histogram) findBucket(v float64) int {
- // TODO(beorn7): For small numbers of buckets (<30), a linear search is
- // slightly faster than the binary search. If we really care, we could
- // switch from one search strategy to the other depending on the number
- // of buckets.
- //
- // Microbenchmarks (BenchmarkHistogramNoLabels):
- // 11 buckets: 38.3 ns/op linear - binary 48.7 ns/op
- // 100 buckets: 78.1 ns/op linear - binary 54.9 ns/op
- // 300 buckets: 154 ns/op linear - binary 61.6 ns/op
+ n := len(h.upperBounds)
+ if n == 0 {
+ return 0
+ }
+
+ // Early exit: if v is less than or equal to the first upper bound, return 0
+ if v <= h.upperBounds[0] {
+ return 0
+ }
+
+ // Early exit: if v is greater than the last upper bound, return len(h.upperBounds)
+ if v > h.upperBounds[n-1] {
+ return n
+ }
+
+ // For small arrays, use simple linear search
+ // "magic number" 35 is result of tests on couple different (AWS and baremetal) servers
+ // see more details here: https://github.com/prometheus/client_golang/pull/1662
+ if n < 35 {
+ for i, bound := range h.upperBounds {
+ if v <= bound {
+ return i
+ }
+ }
+ // If v is greater than all upper bounds, return len(h.upperBounds)
+ return n
+ }
+
+ // For larger arrays, use stdlib's binary search
return sort.SearchFloat64s(h.upperBounds, v)
}
@@ -1440,9 +1466,9 @@ func pickSchema(bucketFactor float64) int32 {
floor := math.Floor(math.Log2(math.Log2(bucketFactor)))
switch {
case floor <= -8:
- return 8
+ return nativeHistogramSchemaMaximum
case floor >= 4:
- return -4
+ return nativeHistogramSchemaMinimum
default:
return -int32(floor)
}
@@ -1835,3 +1861,196 @@ func (n *nativeExemplars) addExemplar(e *dto.Exemplar) {
n.exemplars = append(n.exemplars[:nIdx], append([]*dto.Exemplar{e}, append(n.exemplars[nIdx:rIdx], n.exemplars[rIdx+1:]...)...)...)
}
}
+
+type constNativeHistogram struct {
+ desc *Desc
+ dto.Histogram
+ labelPairs []*dto.LabelPair
+}
+
+func validateCount(sum float64, count uint64, negativeBuckets, positiveBuckets map[int]int64, zeroBucket uint64) error {
+ var bucketPopulationSum int64
+ for _, v := range positiveBuckets {
+ bucketPopulationSum += v
+ }
+ for _, v := range negativeBuckets {
+ bucketPopulationSum += v
+ }
+ bucketPopulationSum += int64(zeroBucket)
+
+ // If the sum of observations is NaN, the number of observations must be greater or equal to the sum of all bucket counts.
+ // Otherwise, the number of observations must be equal to the sum of all bucket counts .
+
+ if math.IsNaN(sum) && bucketPopulationSum > int64(count) ||
+ !math.IsNaN(sum) && bucketPopulationSum != int64(count) {
+ return errors.New("the sum of all bucket populations exceeds the count of observations")
+ }
+ return nil
+}
+
+// NewConstNativeHistogram returns a metric representing a Prometheus native histogram with
+// fixed values for the count, sum, and positive/negative/zero bucket counts. As those parameters
+// cannot be changed, the returned value does not implement the Histogram
+// interface (but only the Metric interface). Users of this package will not
+// have much use for it in regular operations. However, when implementing custom
+// OpenTelemetry Collectors, it is useful as a throw-away metric that is generated on the fly
+// to send it to Prometheus in the Collect method.
+//
+// zeroBucket counts all (positive and negative)
+// observations in the zero bucket (with an absolute value less or equal
+// the current threshold).
+// positiveBuckets and negativeBuckets are separate maps for negative and positive
+// observations. The map's value is an int64, counting observations in
+// that bucket. The map's key is the
+// index of the bucket according to the used
+// Schema. Index 0 is for an upper bound of 1 in positive buckets and for a lower bound of -1 in negative buckets.
+// NewConstNativeHistogram returns an error if
+// - the length of labelValues is not consistent with the variable labels in Desc or if Desc is invalid.
+// - the schema passed is not between 8 and -4
+// - the sum of counts in all buckets including the zero bucket does not equal the count if sum is not NaN (or exceeds the count if sum is NaN)
+//
+// See https://opentelemetry.io/docs/specs/otel/compatibility/prometheus_and_openmetrics/#exponential-histograms for more details about the conversion from OTel to Prometheus.
+func NewConstNativeHistogram(
+ desc *Desc,
+ count uint64,
+ sum float64,
+ positiveBuckets, negativeBuckets map[int]int64,
+ zeroBucket uint64,
+ schema int32,
+ zeroThreshold float64,
+ createdTimestamp time.Time,
+ labelValues ...string,
+) (Metric, error) {
+ if desc.err != nil {
+ return nil, desc.err
+ }
+ if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
+ return nil, err
+ }
+ if schema > nativeHistogramSchemaMaximum || schema < nativeHistogramSchemaMinimum {
+ return nil, errors.New("invalid native histogram schema")
+ }
+ if err := validateCount(sum, count, negativeBuckets, positiveBuckets, zeroBucket); err != nil {
+ return nil, err
+ }
+
+ NegativeSpan, NegativeDelta := makeBucketsFromMap(negativeBuckets)
+ PositiveSpan, PositiveDelta := makeBucketsFromMap(positiveBuckets)
+ ret := &constNativeHistogram{
+ desc: desc,
+ Histogram: dto.Histogram{
+ CreatedTimestamp: timestamppb.New(createdTimestamp),
+ Schema: &schema,
+ ZeroThreshold: &zeroThreshold,
+ SampleCount: &count,
+ SampleSum: &sum,
+
+ NegativeSpan: NegativeSpan,
+ NegativeDelta: NegativeDelta,
+
+ PositiveSpan: PositiveSpan,
+ PositiveDelta: PositiveDelta,
+
+ ZeroCount: proto.Uint64(zeroBucket),
+ },
+ labelPairs: MakeLabelPairs(desc, labelValues),
+ }
+ if *ret.ZeroThreshold == 0 && *ret.ZeroCount == 0 && len(ret.PositiveSpan) == 0 && len(ret.NegativeSpan) == 0 {
+ ret.PositiveSpan = []*dto.BucketSpan{{
+ Offset: proto.Int32(0),
+ Length: proto.Uint32(0),
+ }}
+ }
+ return ret, nil
+}
+
+// MustNewConstNativeHistogram is a version of NewConstNativeHistogram that panics where
+// NewConstNativeHistogram would have returned an error.
+func MustNewConstNativeHistogram(
+ desc *Desc,
+ count uint64,
+ sum float64,
+ positiveBuckets, negativeBuckets map[int]int64,
+ zeroBucket uint64,
+ nativeHistogramSchema int32,
+ nativeHistogramZeroThreshold float64,
+ createdTimestamp time.Time,
+ labelValues ...string,
+) Metric {
+ nativehistogram, err := NewConstNativeHistogram(desc,
+ count,
+ sum,
+ positiveBuckets,
+ negativeBuckets,
+ zeroBucket,
+ nativeHistogramSchema,
+ nativeHistogramZeroThreshold,
+ createdTimestamp,
+ labelValues...)
+ if err != nil {
+ panic(err)
+ }
+ return nativehistogram
+}
+
+func (h *constNativeHistogram) Desc() *Desc {
+ return h.desc
+}
+
+func (h *constNativeHistogram) Write(out *dto.Metric) error {
+ out.Histogram = &h.Histogram
+ out.Label = h.labelPairs
+ return nil
+}
+
+func makeBucketsFromMap(buckets map[int]int64) ([]*dto.BucketSpan, []int64) {
+ if len(buckets) == 0 {
+ return nil, nil
+ }
+ var ii []int
+ for k := range buckets {
+ ii = append(ii, k)
+ }
+ sort.Ints(ii)
+
+ var (
+ spans []*dto.BucketSpan
+ deltas []int64
+ prevCount int64
+ nextI int
+ )
+
+ appendDelta := func(count int64) {
+ *spans[len(spans)-1].Length++
+ deltas = append(deltas, count-prevCount)
+ prevCount = count
+ }
+
+ for n, i := range ii {
+ count := buckets[i]
+ // Multiple spans with only small gaps in between are probably
+ // encoded more efficiently as one larger span with a few empty
+ // buckets. Needs some research to find the sweet spot. For now,
+ // we assume that gaps of one or two buckets should not create
+ // a new span.
+ iDelta := int32(i - nextI)
+ if n == 0 || iDelta > 2 {
+ // We have to create a new span, either because we are
+ // at the very beginning, or because we have found a gap
+ // of more than two buckets.
+ spans = append(spans, &dto.BucketSpan{
+ Offset: proto.Int32(iDelta),
+ Length: proto.Uint32(0),
+ })
+ } else {
+ // We have found a small gap (or no gap at all).
+ // Insert empty buckets as needed.
+ for j := int32(0); j < iDelta; j++ {
+ appendDelta(0)
+ }
+ }
+ appendDelta(count)
+ nextI = i + 1
+ }
+ return spans, deltas
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
index a595a20362..8b016355ad 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
@@ -22,17 +22,18 @@ import (
"bytes"
"fmt"
"io"
+ "strconv"
"strings"
)
-func min(a, b int) int {
+func minInt(a, b int) int {
if a < b {
return a
}
return b
}
-func max(a, b int) int {
+func maxInt(a, b int) int {
if a > b {
return a
}
@@ -427,12 +428,12 @@ func (m *SequenceMatcher) GetGroupedOpCodes(n int) [][]OpCode {
if codes[0].Tag == 'e' {
c := codes[0]
i1, i2, j1, j2 := c.I1, c.I2, c.J1, c.J2
- codes[0] = OpCode{c.Tag, max(i1, i2-n), i2, max(j1, j2-n), j2}
+ codes[0] = OpCode{c.Tag, maxInt(i1, i2-n), i2, maxInt(j1, j2-n), j2}
}
if codes[len(codes)-1].Tag == 'e' {
c := codes[len(codes)-1]
i1, i2, j1, j2 := c.I1, c.I2, c.J1, c.J2
- codes[len(codes)-1] = OpCode{c.Tag, i1, min(i2, i1+n), j1, min(j2, j1+n)}
+ codes[len(codes)-1] = OpCode{c.Tag, i1, minInt(i2, i1+n), j1, minInt(j2, j1+n)}
}
nn := n + n
groups := [][]OpCode{}
@@ -443,12 +444,12 @@ func (m *SequenceMatcher) GetGroupedOpCodes(n int) [][]OpCode {
// there is a large range with no changes.
if c.Tag == 'e' && i2-i1 > nn {
group = append(group, OpCode{
- c.Tag, i1, min(i2, i1+n),
- j1, min(j2, j1+n),
+ c.Tag, i1, minInt(i2, i1+n),
+ j1, minInt(j2, j1+n),
})
groups = append(groups, group)
group = []OpCode{}
- i1, j1 = max(i1, i2-n), max(j1, j2-n)
+ i1, j1 = maxInt(i1, i2-n), maxInt(j1, j2-n)
}
group = append(group, OpCode{c.Tag, i1, i2, j1, j2})
}
@@ -515,7 +516,7 @@ func (m *SequenceMatcher) QuickRatio() float64 {
// is faster to compute than either .Ratio() or .QuickRatio().
func (m *SequenceMatcher) RealQuickRatio() float64 {
la, lb := len(m.a), len(m.b)
- return calculateRatio(min(la, lb), la+lb)
+ return calculateRatio(minInt(la, lb), la+lb)
}
// Convert range to the "ed" format
@@ -524,7 +525,7 @@ func formatRangeUnified(start, stop int) string {
beginning := start + 1 // lines start numbering with one
length := stop - start
if length == 1 {
- return fmt.Sprintf("%d", beginning)
+ return strconv.Itoa(beginning)
}
if length == 0 {
beginning-- // empty ranges begin at line just before the range
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go b/vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go
index 97d17d6cb6..f7f97ef926 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go
@@ -66,7 +66,8 @@ func RuntimeMetricsToProm(d *metrics.Description) (string, string, string, bool)
name += "_total"
}
- valid := model.IsValidMetricName(model.LabelValue(namespace + "_" + subsystem + "_" + name))
+ // Our current conversion moves to legacy naming, so use legacy validation.
+ valid := model.IsValidLegacyMetricName(namespace + "_" + subsystem + "_" + name)
switch d.Kind {
case metrics.KindUint64:
case metrics.KindFloat64:
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
index 9d9b81ab44..592eec3e24 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/metric.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
@@ -108,15 +108,23 @@ func BuildFQName(namespace, subsystem, name string) string {
if name == "" {
return ""
}
- switch {
- case namespace != "" && subsystem != "":
- return strings.Join([]string{namespace, subsystem, name}, "_")
- case namespace != "":
- return strings.Join([]string{namespace, name}, "_")
- case subsystem != "":
- return strings.Join([]string{subsystem, name}, "_")
+
+ sb := strings.Builder{}
+ sb.Grow(len(namespace) + len(subsystem) + len(name) + 2)
+
+ if namespace != "" {
+ sb.WriteString(namespace)
+ sb.WriteString("_")
}
- return name
+
+ if subsystem != "" {
+ sb.WriteString(subsystem)
+ sb.WriteString("_")
+ }
+
+ sb.WriteString(name)
+
+ return sb.String()
}
type invalidMetric struct {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go
index 62a4e7ad9a..e7bce8b58e 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go
@@ -23,6 +23,7 @@ import (
type processCollector struct {
collectFn func(chan<- Metric)
+ describeFn func(chan<- *Desc)
pidFn func() (int, error)
reportErrors bool
cpuTotal *Desc
@@ -122,26 +123,23 @@ func NewProcessCollector(opts ProcessCollectorOpts) Collector {
// Set up process metric collection if supported by the runtime.
if canCollectProcess() {
c.collectFn = c.processCollect
+ c.describeFn = c.describe
} else {
- c.collectFn = func(ch chan<- Metric) {
- c.reportError(ch, nil, errors.New("process metrics not supported on this platform"))
- }
+ c.collectFn = c.errorCollectFn
+ c.describeFn = c.errorDescribeFn
}
return c
}
-// Describe returns all descriptions of the collector.
-func (c *processCollector) Describe(ch chan<- *Desc) {
- ch <- c.cpuTotal
- ch <- c.openFDs
- ch <- c.maxFDs
- ch <- c.vsize
- ch <- c.maxVsize
- ch <- c.rss
- ch <- c.startTime
- ch <- c.inBytes
- ch <- c.outBytes
+func (c *processCollector) errorCollectFn(ch chan<- Metric) {
+ c.reportError(ch, nil, errors.New("process metrics not supported on this platform"))
+}
+
+func (c *processCollector) errorDescribeFn(ch chan<- *Desc) {
+ if c.reportErrors {
+ ch <- NewInvalidDesc(errors.New("process metrics not supported on this platform"))
+ }
}
// Collect returns the current state of all metrics of the collector.
@@ -149,6 +147,11 @@ func (c *processCollector) Collect(ch chan<- Metric) {
c.collectFn(ch)
}
+// Describe returns all descriptions of the collector.
+func (c *processCollector) Describe(ch chan<- *Desc) {
+ c.describeFn(ch)
+}
+
func (c *processCollector) reportError(ch chan<- Metric, desc *Desc, err error) {
if !c.reportErrors {
return
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_darwin.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_darwin.go
new file mode 100644
index 0000000000..0a61b98461
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_darwin.go
@@ -0,0 +1,130 @@
+// Copyright 2024 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build darwin && !ios
+
+package prometheus
+
+import (
+ "errors"
+ "fmt"
+ "os"
+ "syscall"
+ "time"
+
+ "golang.org/x/sys/unix"
+)
+
+// notImplementedErr is returned by stub functions that replace cgo functions, when cgo
+// isn't available.
+var notImplementedErr = errors.New("not implemented")
+
+type memoryInfo struct {
+ vsize uint64 // Virtual memory size in bytes
+ rss uint64 // Resident memory size in bytes
+}
+
+func canCollectProcess() bool {
+ return true
+}
+
+func getSoftLimit(which int) (uint64, error) {
+ rlimit := syscall.Rlimit{}
+
+ if err := syscall.Getrlimit(which, &rlimit); err != nil {
+ return 0, err
+ }
+
+ return rlimit.Cur, nil
+}
+
+func getOpenFileCount() (float64, error) {
+ // Alternately, the undocumented proc_pidinfo(PROC_PIDLISTFDS) can be used to
+ // return a list of open fds, but that requires a way to call C APIs. The
+ // benefits, however, include fewer system calls and not failing when at the
+ // open file soft limit.
+
+ if dir, err := os.Open("/dev/fd"); err != nil {
+ return 0.0, err
+ } else {
+ defer dir.Close()
+
+ // Avoid ReadDir(), as it calls stat(2) on each descriptor. Not only is
+ // that info not used, but KQUEUE descriptors fail stat(2), which causes
+ // the whole method to fail.
+ if names, err := dir.Readdirnames(0); err != nil {
+ return 0.0, err
+ } else {
+ // Subtract 1 to ignore the open /dev/fd descriptor above.
+ return float64(len(names) - 1), nil
+ }
+ }
+}
+
+func (c *processCollector) processCollect(ch chan<- Metric) {
+ if procs, err := unix.SysctlKinfoProcSlice("kern.proc.pid", os.Getpid()); err == nil {
+ if len(procs) == 1 {
+ startTime := float64(procs[0].Proc.P_starttime.Nano() / 1e9)
+ ch <- MustNewConstMetric(c.startTime, GaugeValue, startTime)
+ } else {
+ err = fmt.Errorf("sysctl() returned %d proc structs (expected 1)", len(procs))
+ c.reportError(ch, c.startTime, err)
+ }
+ } else {
+ c.reportError(ch, c.startTime, err)
+ }
+
+ // The proc structure returned by kern.proc.pid above has an Rusage member,
+ // but it is not filled in, so it needs to be fetched by getrusage(2). For
+ // that call, the UTime, STime, and Maxrss members are filled out, but not
+ // Ixrss, Idrss, or Isrss for the memory usage. Memory stats will require
+ // access to the C API to call task_info(TASK_BASIC_INFO).
+ rusage := unix.Rusage{}
+
+ if err := unix.Getrusage(syscall.RUSAGE_SELF, &rusage); err == nil {
+ cpuTime := time.Duration(rusage.Stime.Nano() + rusage.Utime.Nano()).Seconds()
+ ch <- MustNewConstMetric(c.cpuTotal, CounterValue, cpuTime)
+ } else {
+ c.reportError(ch, c.cpuTotal, err)
+ }
+
+ if memInfo, err := getMemory(); err == nil {
+ ch <- MustNewConstMetric(c.rss, GaugeValue, float64(memInfo.rss))
+ ch <- MustNewConstMetric(c.vsize, GaugeValue, float64(memInfo.vsize))
+ } else if !errors.Is(err, notImplementedErr) {
+ // Don't report an error when support is not compiled in.
+ c.reportError(ch, c.rss, err)
+ c.reportError(ch, c.vsize, err)
+ }
+
+ if fds, err := getOpenFileCount(); err == nil {
+ ch <- MustNewConstMetric(c.openFDs, GaugeValue, fds)
+ } else {
+ c.reportError(ch, c.openFDs, err)
+ }
+
+ if openFiles, err := getSoftLimit(syscall.RLIMIT_NOFILE); err == nil {
+ ch <- MustNewConstMetric(c.maxFDs, GaugeValue, float64(openFiles))
+ } else {
+ c.reportError(ch, c.maxFDs, err)
+ }
+
+ if addressSpace, err := getSoftLimit(syscall.RLIMIT_AS); err == nil {
+ ch <- MustNewConstMetric(c.maxVsize, GaugeValue, float64(addressSpace))
+ } else {
+ c.reportError(ch, c.maxVsize, err)
+ }
+
+ // TODO: socket(PF_SYSTEM) to fetch "com.apple.network.statistics" might
+ // be able to get the per-process network send/receive counts.
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_cgo_darwin.c b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_cgo_darwin.c
new file mode 100644
index 0000000000..d00a24315d
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_cgo_darwin.c
@@ -0,0 +1,84 @@
+// Copyright 2024 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build darwin && !ios && cgo
+
+#include
+#include
+#include
+
+// The compiler warns that mach/shared_memory_server.h is deprecated, and to use
+// mach/shared_region.h instead. But that doesn't define
+// SHARED_DATA_REGION_SIZE or SHARED_TEXT_REGION_SIZE, so redefine them here and
+// avoid a warning message when running tests.
+#define GLOBAL_SHARED_TEXT_SEGMENT 0x90000000U
+#define SHARED_DATA_REGION_SIZE 0x10000000
+#define SHARED_TEXT_REGION_SIZE 0x10000000
+
+
+int get_memory_info(unsigned long long *rss, unsigned long long *vsize)
+{
+ // This is lightly adapted from how ps(1) obtains its memory info.
+ // https://github.com/apple-oss-distributions/adv_cmds/blob/8744084ea0ff41ca4bb96b0f9c22407d0e48e9b7/ps/tasks.c#L109
+
+ kern_return_t error;
+ task_t task = MACH_PORT_NULL;
+ mach_task_basic_info_data_t info;
+ mach_msg_type_number_t info_count = MACH_TASK_BASIC_INFO_COUNT;
+
+ error = task_info(
+ mach_task_self(),
+ MACH_TASK_BASIC_INFO,
+ (task_info_t) &info,
+ &info_count );
+
+ if( error != KERN_SUCCESS )
+ {
+ return error;
+ }
+
+ *rss = info.resident_size;
+ *vsize = info.virtual_size;
+
+ {
+ vm_region_basic_info_data_64_t b_info;
+ mach_vm_address_t address = GLOBAL_SHARED_TEXT_SEGMENT;
+ mach_vm_size_t size;
+ mach_port_t object_name;
+
+ /*
+ * try to determine if this task has the split libraries
+ * mapped in... if so, adjust its virtual size down by
+ * the 2 segments that are used for split libraries
+ */
+ info_count = VM_REGION_BASIC_INFO_COUNT_64;
+
+ error = mach_vm_region(
+ mach_task_self(),
+ &address,
+ &size,
+ VM_REGION_BASIC_INFO_64,
+ (vm_region_info_t) &b_info,
+ &info_count,
+ &object_name);
+
+ if (error == KERN_SUCCESS) {
+ if (b_info.reserved && size == (SHARED_TEXT_REGION_SIZE) &&
+ *vsize > (SHARED_TEXT_REGION_SIZE + SHARED_DATA_REGION_SIZE)) {
+ *vsize -= (SHARED_TEXT_REGION_SIZE + SHARED_DATA_REGION_SIZE);
+ }
+ }
+ }
+
+ return 0;
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_cgo_darwin.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_cgo_darwin.go
new file mode 100644
index 0000000000..9ac53f9992
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_cgo_darwin.go
@@ -0,0 +1,51 @@
+// Copyright 2024 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build darwin && !ios && cgo
+
+package prometheus
+
+/*
+int get_memory_info(unsigned long long *rss, unsigned long long *vs);
+*/
+import "C"
+import "fmt"
+
+func getMemory() (*memoryInfo, error) {
+ var rss, vsize C.ulonglong
+
+ if err := C.get_memory_info(&rss, &vsize); err != 0 {
+ return nil, fmt.Errorf("task_info() failed with 0x%x", int(err))
+ }
+
+ return &memoryInfo{vsize: uint64(vsize), rss: uint64(rss)}, nil
+}
+
+// describe returns all descriptions of the collector for Darwin.
+// Ensure that this list of descriptors is kept in sync with the metrics collected
+// in the processCollect method. Any changes to the metrics in processCollect
+// (such as adding or removing metrics) should be reflected in this list of descriptors.
+func (c *processCollector) describe(ch chan<- *Desc) {
+ ch <- c.cpuTotal
+ ch <- c.openFDs
+ ch <- c.maxFDs
+ ch <- c.maxVsize
+ ch <- c.startTime
+ ch <- c.rss
+ ch <- c.vsize
+
+ /* the process could be collected but not implemented yet
+ ch <- c.inBytes
+ ch <- c.outBytes
+ */
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_nocgo_darwin.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_nocgo_darwin.go
new file mode 100644
index 0000000000..8ddb0995d6
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_nocgo_darwin.go
@@ -0,0 +1,39 @@
+// Copyright 2024 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build darwin && !ios && !cgo
+
+package prometheus
+
+func getMemory() (*memoryInfo, error) {
+ return nil, notImplementedErr
+}
+
+// describe returns all descriptions of the collector for Darwin.
+// Ensure that this list of descriptors is kept in sync with the metrics collected
+// in the processCollect method. Any changes to the metrics in processCollect
+// (such as adding or removing metrics) should be reflected in this list of descriptors.
+func (c *processCollector) describe(ch chan<- *Desc) {
+ ch <- c.cpuTotal
+ ch <- c.openFDs
+ ch <- c.maxFDs
+ ch <- c.maxVsize
+ ch <- c.startTime
+
+ /* the process could be collected but not implemented yet
+ ch <- c.rss
+ ch <- c.vsize
+ ch <- c.inBytes
+ ch <- c.outBytes
+ */
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_js.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_not_supported.go
similarity index 56%
rename from vendor/github.com/prometheus/client_golang/prometheus/process_collector_js.go
rename to vendor/github.com/prometheus/client_golang/prometheus/process_collector_not_supported.go
index b1e363d6cf..7732b7f376 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_js.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_not_supported.go
@@ -1,4 +1,4 @@
-// Copyright 2019 The Prometheus Authors
+// Copyright 2023 The Prometheus Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
@@ -11,8 +11,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-//go:build js
-// +build js
+//go:build wasip1 || js || ios
+// +build wasip1 js ios
package prometheus
@@ -21,6 +21,13 @@ func canCollectProcess() bool {
}
func (c *processCollector) processCollect(ch chan<- Metric) {
- // noop on this platform
- return
+ c.errorCollectFn(ch)
+}
+
+// describe returns all descriptions of the collector for wasip1 and js.
+// Ensure that this list of descriptors is kept in sync with the metrics collected
+// in the processCollect method. Any changes to the metrics in processCollect
+// (such as adding or removing metrics) should be reflected in this list of descriptors.
+func (c *processCollector) describe(ch chan<- *Desc) {
+ c.errorDescribeFn(ch)
}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_procfsenabled.go
similarity index 77%
rename from vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
rename to vendor/github.com/prometheus/client_golang/prometheus/process_collector_procfsenabled.go
index 14d56d2d06..9f4b130bef 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_procfsenabled.go
@@ -11,8 +11,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-//go:build !windows && !js && !wasip1
-// +build !windows,!js,!wasip1
+//go:build !windows && !js && !wasip1 && !darwin
+// +build !windows,!js,!wasip1,!darwin
package prometheus
@@ -78,3 +78,19 @@ func (c *processCollector) processCollect(ch chan<- Metric) {
c.reportError(ch, nil, err)
}
}
+
+// describe returns all descriptions of the collector for others than windows, js, wasip1 and darwin.
+// Ensure that this list of descriptors is kept in sync with the metrics collected
+// in the processCollect method. Any changes to the metrics in processCollect
+// (such as adding or removing metrics) should be reflected in this list of descriptors.
+func (c *processCollector) describe(ch chan<- *Desc) {
+ ch <- c.cpuTotal
+ ch <- c.openFDs
+ ch <- c.maxFDs
+ ch <- c.vsize
+ ch <- c.maxVsize
+ ch <- c.rss
+ ch <- c.startTime
+ ch <- c.inBytes
+ ch <- c.outBytes
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_wasip1.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_wasip1.go
deleted file mode 100644
index d8d9a6d7a2..0000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_wasip1.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2023 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build wasip1
-// +build wasip1
-
-package prometheus
-
-func canCollectProcess() bool {
- return false
-}
-
-func (*processCollector) processCollect(chan<- Metric) {
- // noop on this platform
- return
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go
index f973398df2..fa474289ef 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go
@@ -79,14 +79,10 @@ func getProcessHandleCount(handle windows.Handle) (uint32, error) {
}
func (c *processCollector) processCollect(ch chan<- Metric) {
- h, err := windows.GetCurrentProcess()
- if err != nil {
- c.reportError(ch, nil, err)
- return
- }
+ h := windows.CurrentProcess()
var startTime, exitTime, kernelTime, userTime windows.Filetime
- err = windows.GetProcessTimes(h, &startTime, &exitTime, &kernelTime, &userTime)
+ err := windows.GetProcessTimes(h, &startTime, &exitTime, &kernelTime, &userTime)
if err != nil {
c.reportError(ch, nil, err)
return
@@ -111,6 +107,19 @@ func (c *processCollector) processCollect(ch chan<- Metric) {
ch <- MustNewConstMetric(c.maxFDs, GaugeValue, float64(16*1024*1024)) // Windows has a hard-coded max limit, not per-process.
}
+// describe returns all descriptions of the collector for windows.
+// Ensure that this list of descriptors is kept in sync with the metrics collected
+// in the processCollect method. Any changes to the metrics in processCollect
+// (such as adding or removing metrics) should be reflected in this list of descriptors.
+func (c *processCollector) describe(ch chan<- *Desc) {
+ ch <- c.cpuTotal
+ ch <- c.openFDs
+ ch <- c.maxFDs
+ ch <- c.vsize
+ ch <- c.rss
+ ch <- c.startTime
+}
+
func fileTimeToSeconds(ft windows.Filetime) float64 {
return float64(uint64(ft.HighDateTime)<<32+uint64(ft.LowDateTime)) / 1e7
}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/summary.go b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
index 1ab0e47965..ac5203c6fa 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/summary.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
@@ -243,6 +243,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
s := &summary{
desc: desc,
+ now: opts.now,
objectives: opts.Objectives,
sortedObjectives: make([]float64, 0, len(opts.Objectives)),
@@ -280,6 +281,8 @@ type summary struct {
desc *Desc
+ now func() time.Time
+
objectives map[float64]float64
sortedObjectives []float64
@@ -307,7 +310,7 @@ func (s *summary) Observe(v float64) {
s.bufMtx.Lock()
defer s.bufMtx.Unlock()
- now := time.Now()
+ now := s.now()
if now.After(s.hotBufExpTime) {
s.asyncFlush(now)
}
@@ -326,7 +329,7 @@ func (s *summary) Write(out *dto.Metric) error {
s.bufMtx.Lock()
s.mtx.Lock()
// Swap bufs even if hotBuf is empty to set new hotBufExpTime.
- s.swapBufs(time.Now())
+ s.swapBufs(s.now())
s.bufMtx.Unlock()
s.flushColdBuf()
diff --git a/vendor/github.com/prometheus/common/expfmt/decode.go b/vendor/github.com/prometheus/common/expfmt/decode.go
index 25cfaa2164..1448439b7f 100644
--- a/vendor/github.com/prometheus/common/expfmt/decode.go
+++ b/vendor/github.com/prometheus/common/expfmt/decode.go
@@ -45,7 +45,7 @@ func ResponseFormat(h http.Header) Format {
mediatype, params, err := mime.ParseMediaType(ct)
if err != nil {
- return fmtUnknown
+ return FmtUnknown
}
const textType = "text/plain"
@@ -53,21 +53,21 @@ func ResponseFormat(h http.Header) Format {
switch mediatype {
case ProtoType:
if p, ok := params["proto"]; ok && p != ProtoProtocol {
- return fmtUnknown
+ return FmtUnknown
}
if e, ok := params["encoding"]; ok && e != "delimited" {
- return fmtUnknown
+ return FmtUnknown
}
- return fmtProtoDelim
+ return FmtProtoDelim
case textType:
if v, ok := params["version"]; ok && v != TextVersion {
- return fmtUnknown
+ return FmtUnknown
}
- return fmtText
+ return FmtText
}
- return fmtUnknown
+ return FmtUnknown
}
// NewDecoder returns a new decoder based on the given input format.
diff --git a/vendor/github.com/prometheus/common/expfmt/encode.go b/vendor/github.com/prometheus/common/expfmt/encode.go
index ff5ef7a9d9..d7f3d76f55 100644
--- a/vendor/github.com/prometheus/common/expfmt/encode.go
+++ b/vendor/github.com/prometheus/common/expfmt/encode.go
@@ -68,7 +68,7 @@ func Negotiate(h http.Header) Format {
if escapeParam := ac.Params[model.EscapingKey]; escapeParam != "" {
switch Format(escapeParam) {
case model.AllowUTF8, model.EscapeUnderscores, model.EscapeDots, model.EscapeValues:
- escapingScheme = Format(fmt.Sprintf("; escaping=%s", escapeParam))
+ escapingScheme = Format("; escaping=" + escapeParam)
default:
// If the escaping parameter is unknown, ignore it.
}
@@ -77,18 +77,18 @@ func Negotiate(h http.Header) Format {
if ac.Type+"/"+ac.SubType == ProtoType && ac.Params["proto"] == ProtoProtocol {
switch ac.Params["encoding"] {
case "delimited":
- return fmtProtoDelim + escapingScheme
+ return FmtProtoDelim + escapingScheme
case "text":
- return fmtProtoText + escapingScheme
+ return FmtProtoText + escapingScheme
case "compact-text":
- return fmtProtoCompact + escapingScheme
+ return FmtProtoCompact + escapingScheme
}
}
if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
- return fmtText + escapingScheme
+ return FmtText + escapingScheme
}
}
- return fmtText + escapingScheme
+ return FmtText + escapingScheme
}
// NegotiateIncludingOpenMetrics works like Negotiate but includes
@@ -101,7 +101,7 @@ func NegotiateIncludingOpenMetrics(h http.Header) Format {
if escapeParam := ac.Params[model.EscapingKey]; escapeParam != "" {
switch Format(escapeParam) {
case model.AllowUTF8, model.EscapeUnderscores, model.EscapeDots, model.EscapeValues:
- escapingScheme = Format(fmt.Sprintf("; escaping=%s", escapeParam))
+ escapingScheme = Format("; escaping=" + escapeParam)
default:
// If the escaping parameter is unknown, ignore it.
}
@@ -110,26 +110,26 @@ func NegotiateIncludingOpenMetrics(h http.Header) Format {
if ac.Type+"/"+ac.SubType == ProtoType && ac.Params["proto"] == ProtoProtocol {
switch ac.Params["encoding"] {
case "delimited":
- return fmtProtoDelim + escapingScheme
+ return FmtProtoDelim + escapingScheme
case "text":
- return fmtProtoText + escapingScheme
+ return FmtProtoText + escapingScheme
case "compact-text":
- return fmtProtoCompact + escapingScheme
+ return FmtProtoCompact + escapingScheme
}
}
if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
- return fmtText + escapingScheme
+ return FmtText + escapingScheme
}
if ac.Type+"/"+ac.SubType == OpenMetricsType && (ver == OpenMetricsVersion_0_0_1 || ver == OpenMetricsVersion_1_0_0 || ver == "") {
switch ver {
case OpenMetricsVersion_1_0_0:
- return fmtOpenMetrics_1_0_0 + escapingScheme
+ return FmtOpenMetrics_1_0_0 + escapingScheme
default:
- return fmtOpenMetrics_0_0_1 + escapingScheme
+ return FmtOpenMetrics_0_0_1 + escapingScheme
}
}
}
- return fmtText + escapingScheme
+ return FmtText + escapingScheme
}
// NewEncoder returns a new encoder based on content type negotiation. All
diff --git a/vendor/github.com/prometheus/common/expfmt/expfmt.go b/vendor/github.com/prometheus/common/expfmt/expfmt.go
index 051b38cd17..b26886560d 100644
--- a/vendor/github.com/prometheus/common/expfmt/expfmt.go
+++ b/vendor/github.com/prometheus/common/expfmt/expfmt.go
@@ -15,7 +15,7 @@
package expfmt
import (
- "fmt"
+ "errors"
"strings"
"github.com/prometheus/common/model"
@@ -32,24 +32,31 @@ type Format string
// it on the wire, new content-type strings will have to be agreed upon and
// added here.
const (
- TextVersion = "0.0.4"
- ProtoType = `application/vnd.google.protobuf`
- ProtoProtocol = `io.prometheus.client.MetricFamily`
- protoFmt = ProtoType + "; proto=" + ProtoProtocol + ";"
+ TextVersion = "0.0.4"
+ ProtoType = `application/vnd.google.protobuf`
+ ProtoProtocol = `io.prometheus.client.MetricFamily`
+ // Deprecated: Use expfmt.NewFormat(expfmt.TypeProtoCompact) instead.
+ ProtoFmt = ProtoType + "; proto=" + ProtoProtocol + ";"
OpenMetricsType = `application/openmetrics-text`
OpenMetricsVersion_0_0_1 = "0.0.1"
OpenMetricsVersion_1_0_0 = "1.0.0"
- // The Content-Type values for the different wire protocols. Note that these
- // values are now unexported. If code was relying on comparisons to these
- // constants, instead use FormatType().
- fmtUnknown Format = ``
- fmtText Format = `text/plain; version=` + TextVersion + `; charset=utf-8`
- fmtProtoDelim Format = protoFmt + ` encoding=delimited`
- fmtProtoText Format = protoFmt + ` encoding=text`
- fmtProtoCompact Format = protoFmt + ` encoding=compact-text`
- fmtOpenMetrics_1_0_0 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_1_0_0 + `; charset=utf-8`
- fmtOpenMetrics_0_0_1 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_0_0_1 + `; charset=utf-8`
+ // The Content-Type values for the different wire protocols. Do not do direct
+ // comparisons to these constants, instead use the comparison functions.
+ // Deprecated: Use expfmt.NewFormat(expfmt.TypeUnknown) instead.
+ FmtUnknown Format = ``
+ // Deprecated: Use expfmt.NewFormat(expfmt.TypeTextPlain) instead.
+ FmtText Format = `text/plain; version=` + TextVersion + `; charset=utf-8`
+ // Deprecated: Use expfmt.NewFormat(expfmt.TypeProtoDelim) instead.
+ FmtProtoDelim Format = ProtoFmt + ` encoding=delimited`
+ // Deprecated: Use expfmt.NewFormat(expfmt.TypeProtoText) instead.
+ FmtProtoText Format = ProtoFmt + ` encoding=text`
+ // Deprecated: Use expfmt.NewFormat(expfmt.TypeProtoCompact) instead.
+ FmtProtoCompact Format = ProtoFmt + ` encoding=compact-text`
+ // Deprecated: Use expfmt.NewFormat(expfmt.TypeOpenMetrics) instead.
+ FmtOpenMetrics_1_0_0 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_1_0_0 + `; charset=utf-8`
+ // Deprecated: Use expfmt.NewFormat(expfmt.TypeOpenMetrics) instead.
+ FmtOpenMetrics_0_0_1 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_0_0_1 + `; charset=utf-8`
)
const (
@@ -79,17 +86,17 @@ const (
func NewFormat(t FormatType) Format {
switch t {
case TypeProtoCompact:
- return fmtProtoCompact
+ return FmtProtoCompact
case TypeProtoDelim:
- return fmtProtoDelim
+ return FmtProtoDelim
case TypeProtoText:
- return fmtProtoText
+ return FmtProtoText
case TypeTextPlain:
- return fmtText
+ return FmtText
case TypeOpenMetrics:
- return fmtOpenMetrics_1_0_0
+ return FmtOpenMetrics_1_0_0
default:
- return fmtUnknown
+ return FmtUnknown
}
}
@@ -97,12 +104,35 @@ func NewFormat(t FormatType) Format {
// specified version number.
func NewOpenMetricsFormat(version string) (Format, error) {
if version == OpenMetricsVersion_0_0_1 {
- return fmtOpenMetrics_0_0_1, nil
+ return FmtOpenMetrics_0_0_1, nil
}
if version == OpenMetricsVersion_1_0_0 {
- return fmtOpenMetrics_1_0_0, nil
+ return FmtOpenMetrics_1_0_0, nil
}
- return fmtUnknown, fmt.Errorf("unknown open metrics version string")
+ return FmtUnknown, errors.New("unknown open metrics version string")
+}
+
+// WithEscapingScheme returns a copy of Format with the specified escaping
+// scheme appended to the end. If an escaping scheme already exists it is
+// removed.
+func (f Format) WithEscapingScheme(s model.EscapingScheme) Format {
+ var terms []string
+ for _, p := range strings.Split(string(f), ";") {
+ toks := strings.Split(p, "=")
+ if len(toks) != 2 {
+ trimmed := strings.TrimSpace(p)
+ if len(trimmed) > 0 {
+ terms = append(terms, trimmed)
+ }
+ continue
+ }
+ key := strings.TrimSpace(toks[0])
+ if key != model.EscapingKey {
+ terms = append(terms, strings.TrimSpace(p))
+ }
+ }
+ terms = append(terms, model.EscapingKey+"="+s.String())
+ return Format(strings.Join(terms, "; "))
}
// FormatType deduces an overall FormatType for the given format.
diff --git a/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go b/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
index 353c5e93f9..a21ed4ec1f 100644
--- a/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
+++ b/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
@@ -38,7 +38,7 @@ type EncoderOption func(*encoderOption)
// WithCreatedLines is an EncoderOption that configures the OpenMetrics encoder
// to include _created lines (See
-// https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md#counter-1).
+// https://github.com/prometheus/OpenMetrics/blob/v1.0.0/specification/OpenMetrics.md#counter-1).
// Created timestamps can improve the accuracy of series reset detection, but
// come with a bandwidth cost.
//
@@ -102,7 +102,7 @@ func WithUnit() EncoderOption {
//
// - According to the OM specs, the `# UNIT` line is optional, but if populated,
// the unit has to be present in the metric name as its suffix:
-// (see https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md#unit).
+// (see https://github.com/prometheus/OpenMetrics/blob/v1.0.0/specification/OpenMetrics.md#unit).
// However, in order to accommodate any potential scenario where such a change in the
// metric name is not desirable, the users are here given the choice of either explicitly
// opt in, in case they wish for the unit to be included in the output AND in the metric name
@@ -152,8 +152,8 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily, options ...E
if metricType == dto.MetricType_COUNTER && strings.HasSuffix(compliantName, "_total") {
compliantName = name[:len(name)-6]
}
- if toOM.withUnit && in.Unit != nil && !strings.HasSuffix(compliantName, fmt.Sprintf("_%s", *in.Unit)) {
- compliantName = compliantName + fmt.Sprintf("_%s", *in.Unit)
+ if toOM.withUnit && in.Unit != nil && !strings.HasSuffix(compliantName, "_"+*in.Unit) {
+ compliantName = compliantName + "_" + *in.Unit
}
// Comments, first HELP, then TYPE.
@@ -477,7 +477,7 @@ func writeOpenMetricsNameAndLabelPairs(
if name != "" {
// If the name does not pass the legacy validity check, we must put the
// metric name inside the braces, quoted.
- if !model.IsValidLegacyMetricName(model.LabelValue(name)) {
+ if !model.IsValidLegacyMetricName(name) {
metricInsideBraces = true
err := w.WriteByte(separator)
written++
diff --git a/vendor/github.com/prometheus/common/expfmt/text_create.go b/vendor/github.com/prometheus/common/expfmt/text_create.go
index f9b8265a9e..4b86434b33 100644
--- a/vendor/github.com/prometheus/common/expfmt/text_create.go
+++ b/vendor/github.com/prometheus/common/expfmt/text_create.go
@@ -354,7 +354,7 @@ func writeNameAndLabelPairs(
if name != "" {
// If the name does not pass the legacy validity check, we must put the
// metric name inside the braces.
- if !model.IsValidLegacyMetricName(model.LabelValue(name)) {
+ if !model.IsValidLegacyMetricName(name) {
metricInsideBraces = true
err := w.WriteByte(separator)
written++
@@ -498,7 +498,7 @@ func writeInt(w enhancedWriter, i int64) (int, error) {
// writeName writes a string as-is if it complies with the legacy naming
// scheme, or escapes it in double quotes if not.
func writeName(w enhancedWriter, name string) (int, error) {
- if model.IsValidLegacyMetricName(model.LabelValue(name)) {
+ if model.IsValidLegacyMetricName(name) {
return w.WriteString(name)
}
var written int
diff --git a/vendor/github.com/prometheus/common/expfmt/text_parse.go b/vendor/github.com/prometheus/common/expfmt/text_parse.go
index 26490211af..b4607fe4d2 100644
--- a/vendor/github.com/prometheus/common/expfmt/text_parse.go
+++ b/vendor/github.com/prometheus/common/expfmt/text_parse.go
@@ -22,9 +22,9 @@ import (
"math"
"strconv"
"strings"
+ "unicode/utf8"
dto "github.com/prometheus/client_model/go"
-
"google.golang.org/protobuf/proto"
"github.com/prometheus/common/model"
@@ -60,6 +60,7 @@ type TextParser struct {
currentMF *dto.MetricFamily
currentMetric *dto.Metric
currentLabelPair *dto.LabelPair
+ currentLabelPairs []*dto.LabelPair // Temporarily stores label pairs while parsing a metric line.
// The remaining member variables are only used for summaries/histograms.
currentLabels map[string]string // All labels including '__name__' but excluding 'quantile'/'le'
@@ -74,6 +75,9 @@ type TextParser struct {
// count and sum of that summary/histogram.
currentIsSummaryCount, currentIsSummarySum bool
currentIsHistogramCount, currentIsHistogramSum bool
+ // These indicate if the metric name from the current line being parsed is inside
+ // braces and if that metric name was found respectively.
+ currentMetricIsInsideBraces, currentMetricInsideBracesIsPresent bool
}
// TextToMetricFamilies reads 'in' as the simple and flat text-based exchange
@@ -137,12 +141,15 @@ func (p *TextParser) reset(in io.Reader) {
}
p.currentQuantile = math.NaN()
p.currentBucket = math.NaN()
+ p.currentMF = nil
}
// startOfLine represents the state where the next byte read from p.buf is the
// start of a line (or whitespace leading up to it).
func (p *TextParser) startOfLine() stateFn {
p.lineCount++
+ p.currentMetricIsInsideBraces = false
+ p.currentMetricInsideBracesIsPresent = false
if p.skipBlankTab(); p.err != nil {
// This is the only place that we expect to see io.EOF,
// which is not an error but the signal that we are done.
@@ -158,6 +165,9 @@ func (p *TextParser) startOfLine() stateFn {
return p.startComment
case '\n':
return p.startOfLine // Empty line, start the next one.
+ case '{':
+ p.currentMetricIsInsideBraces = true
+ return p.readingLabels
}
return p.readingMetricName
}
@@ -275,6 +285,8 @@ func (p *TextParser) startLabelName() stateFn {
return nil // Unexpected end of input.
}
if p.currentByte == '}' {
+ p.currentMetric.Label = append(p.currentMetric.Label, p.currentLabelPairs...)
+ p.currentLabelPairs = nil
if p.skipBlankTab(); p.err != nil {
return nil // Unexpected end of input.
}
@@ -287,6 +299,45 @@ func (p *TextParser) startLabelName() stateFn {
p.parseError(fmt.Sprintf("invalid label name for metric %q", p.currentMF.GetName()))
return nil
}
+ if p.skipBlankTabIfCurrentBlankTab(); p.err != nil {
+ return nil // Unexpected end of input.
+ }
+ if p.currentByte != '=' {
+ if p.currentMetricIsInsideBraces {
+ if p.currentMetricInsideBracesIsPresent {
+ p.parseError(fmt.Sprintf("multiple metric names for metric %q", p.currentMF.GetName()))
+ return nil
+ }
+ switch p.currentByte {
+ case ',':
+ p.setOrCreateCurrentMF()
+ if p.currentMF.Type == nil {
+ p.currentMF.Type = dto.MetricType_UNTYPED.Enum()
+ }
+ p.currentMetric = &dto.Metric{}
+ p.currentMetricInsideBracesIsPresent = true
+ return p.startLabelName
+ case '}':
+ p.setOrCreateCurrentMF()
+ if p.currentMF.Type == nil {
+ p.currentMF.Type = dto.MetricType_UNTYPED.Enum()
+ }
+ p.currentMetric = &dto.Metric{}
+ p.currentMetric.Label = append(p.currentMetric.Label, p.currentLabelPairs...)
+ p.currentLabelPairs = nil
+ if p.skipBlankTab(); p.err != nil {
+ return nil // Unexpected end of input.
+ }
+ return p.readingValue
+ default:
+ p.parseError(fmt.Sprintf("unexpected end of metric name %q", p.currentByte))
+ return nil
+ }
+ }
+ p.parseError(fmt.Sprintf("expected '=' after label name, found %q", p.currentByte))
+ p.currentLabelPairs = nil
+ return nil
+ }
p.currentLabelPair = &dto.LabelPair{Name: proto.String(p.currentToken.String())}
if p.currentLabelPair.GetName() == string(model.MetricNameLabel) {
p.parseError(fmt.Sprintf("label name %q is reserved", model.MetricNameLabel))
@@ -296,23 +347,17 @@ func (p *TextParser) startLabelName() stateFn {
// labels to 'real' labels.
if !(p.currentMF.GetType() == dto.MetricType_SUMMARY && p.currentLabelPair.GetName() == model.QuantileLabel) &&
!(p.currentMF.GetType() == dto.MetricType_HISTOGRAM && p.currentLabelPair.GetName() == model.BucketLabel) {
- p.currentMetric.Label = append(p.currentMetric.Label, p.currentLabelPair)
- }
- if p.skipBlankTabIfCurrentBlankTab(); p.err != nil {
- return nil // Unexpected end of input.
- }
- if p.currentByte != '=' {
- p.parseError(fmt.Sprintf("expected '=' after label name, found %q", p.currentByte))
- return nil
+ p.currentLabelPairs = append(p.currentLabelPairs, p.currentLabelPair)
}
// Check for duplicate label names.
labels := make(map[string]struct{})
- for _, l := range p.currentMetric.Label {
+ for _, l := range p.currentLabelPairs {
lName := l.GetName()
if _, exists := labels[lName]; !exists {
labels[lName] = struct{}{}
} else {
p.parseError(fmt.Sprintf("duplicate label names for metric %q", p.currentMF.GetName()))
+ p.currentLabelPairs = nil
return nil
}
}
@@ -345,6 +390,7 @@ func (p *TextParser) startLabelValue() stateFn {
if p.currentQuantile, p.err = parseFloat(p.currentLabelPair.GetValue()); p.err != nil {
// Create a more helpful error message.
p.parseError(fmt.Sprintf("expected float as value for 'quantile' label, got %q", p.currentLabelPair.GetValue()))
+ p.currentLabelPairs = nil
return nil
}
} else {
@@ -371,12 +417,19 @@ func (p *TextParser) startLabelValue() stateFn {
return p.startLabelName
case '}':
+ if p.currentMF == nil {
+ p.parseError("invalid metric name")
+ return nil
+ }
+ p.currentMetric.Label = append(p.currentMetric.Label, p.currentLabelPairs...)
+ p.currentLabelPairs = nil
if p.skipBlankTab(); p.err != nil {
return nil // Unexpected end of input.
}
return p.readingValue
default:
p.parseError(fmt.Sprintf("unexpected end of label value %q", p.currentLabelPair.GetValue()))
+ p.currentLabelPairs = nil
return nil
}
}
@@ -585,6 +638,8 @@ func (p *TextParser) readTokenUntilNewline(recognizeEscapeSequence bool) {
p.currentToken.WriteByte(p.currentByte)
case 'n':
p.currentToken.WriteByte('\n')
+ case '"':
+ p.currentToken.WriteByte('"')
default:
p.parseError(fmt.Sprintf("invalid escape sequence '\\%c'", p.currentByte))
return
@@ -610,13 +665,45 @@ func (p *TextParser) readTokenUntilNewline(recognizeEscapeSequence bool) {
// but not into p.currentToken.
func (p *TextParser) readTokenAsMetricName() {
p.currentToken.Reset()
+ // A UTF-8 metric name must be quoted and may have escaped characters.
+ quoted := false
+ escaped := false
if !isValidMetricNameStart(p.currentByte) {
return
}
- for {
- p.currentToken.WriteByte(p.currentByte)
+ for p.err == nil {
+ if escaped {
+ switch p.currentByte {
+ case '\\':
+ p.currentToken.WriteByte(p.currentByte)
+ case 'n':
+ p.currentToken.WriteByte('\n')
+ case '"':
+ p.currentToken.WriteByte('"')
+ default:
+ p.parseError(fmt.Sprintf("invalid escape sequence '\\%c'", p.currentByte))
+ return
+ }
+ escaped = false
+ } else {
+ switch p.currentByte {
+ case '"':
+ quoted = !quoted
+ if !quoted {
+ p.currentByte, p.err = p.buf.ReadByte()
+ return
+ }
+ case '\n':
+ p.parseError(fmt.Sprintf("metric name %q contains unescaped new-line", p.currentToken.String()))
+ return
+ case '\\':
+ escaped = true
+ default:
+ p.currentToken.WriteByte(p.currentByte)
+ }
+ }
p.currentByte, p.err = p.buf.ReadByte()
- if p.err != nil || !isValidMetricNameContinuation(p.currentByte) {
+ if !isValidMetricNameContinuation(p.currentByte, quoted) || (!quoted && p.currentByte == ' ') {
return
}
}
@@ -628,13 +715,45 @@ func (p *TextParser) readTokenAsMetricName() {
// but not into p.currentToken.
func (p *TextParser) readTokenAsLabelName() {
p.currentToken.Reset()
+ // A UTF-8 label name must be quoted and may have escaped characters.
+ quoted := false
+ escaped := false
if !isValidLabelNameStart(p.currentByte) {
return
}
- for {
- p.currentToken.WriteByte(p.currentByte)
+ for p.err == nil {
+ if escaped {
+ switch p.currentByte {
+ case '\\':
+ p.currentToken.WriteByte(p.currentByte)
+ case 'n':
+ p.currentToken.WriteByte('\n')
+ case '"':
+ p.currentToken.WriteByte('"')
+ default:
+ p.parseError(fmt.Sprintf("invalid escape sequence '\\%c'", p.currentByte))
+ return
+ }
+ escaped = false
+ } else {
+ switch p.currentByte {
+ case '"':
+ quoted = !quoted
+ if !quoted {
+ p.currentByte, p.err = p.buf.ReadByte()
+ return
+ }
+ case '\n':
+ p.parseError(fmt.Sprintf("label name %q contains unescaped new-line", p.currentToken.String()))
+ return
+ case '\\':
+ escaped = true
+ default:
+ p.currentToken.WriteByte(p.currentByte)
+ }
+ }
p.currentByte, p.err = p.buf.ReadByte()
- if p.err != nil || !isValidLabelNameContinuation(p.currentByte) {
+ if !isValidLabelNameContinuation(p.currentByte, quoted) || (!quoted && p.currentByte == '=') {
return
}
}
@@ -660,6 +779,7 @@ func (p *TextParser) readTokenAsLabelValue() {
p.currentToken.WriteByte('\n')
default:
p.parseError(fmt.Sprintf("invalid escape sequence '\\%c'", p.currentByte))
+ p.currentLabelPairs = nil
return
}
escaped = false
@@ -718,19 +838,19 @@ func (p *TextParser) setOrCreateCurrentMF() {
}
func isValidLabelNameStart(b byte) bool {
- return (b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_'
+ return (b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || b == '"'
}
-func isValidLabelNameContinuation(b byte) bool {
- return isValidLabelNameStart(b) || (b >= '0' && b <= '9')
+func isValidLabelNameContinuation(b byte, quoted bool) bool {
+ return isValidLabelNameStart(b) || (b >= '0' && b <= '9') || (quoted && utf8.ValidString(string(b)))
}
func isValidMetricNameStart(b byte) bool {
return isValidLabelNameStart(b) || b == ':'
}
-func isValidMetricNameContinuation(b byte) bool {
- return isValidLabelNameContinuation(b) || b == ':'
+func isValidMetricNameContinuation(b byte, quoted bool) bool {
+ return isValidLabelNameContinuation(b, quoted) || b == ':'
}
func isBlankOrTab(b byte) bool {
@@ -775,7 +895,7 @@ func histogramMetricName(name string) string {
func parseFloat(s string) (float64, error) {
if strings.ContainsAny(s, "pP_") {
- return 0, fmt.Errorf("unsupported character in float")
+ return 0, errors.New("unsupported character in float")
}
return strconv.ParseFloat(s, 64)
}
diff --git a/vendor/github.com/prometheus/common/model/alert.go b/vendor/github.com/prometheus/common/model/alert.go
index 80d1fe944e..bd3a39e3e1 100644
--- a/vendor/github.com/prometheus/common/model/alert.go
+++ b/vendor/github.com/prometheus/common/model/alert.go
@@ -14,6 +14,7 @@
package model
import (
+ "errors"
"fmt"
"time"
)
@@ -89,16 +90,16 @@ func (a *Alert) StatusAt(ts time.Time) AlertStatus {
// Validate checks whether the alert data is inconsistent.
func (a *Alert) Validate() error {
if a.StartsAt.IsZero() {
- return fmt.Errorf("start time missing")
+ return errors.New("start time missing")
}
if !a.EndsAt.IsZero() && a.EndsAt.Before(a.StartsAt) {
- return fmt.Errorf("start time must be before end time")
+ return errors.New("start time must be before end time")
}
if err := a.Labels.Validate(); err != nil {
return fmt.Errorf("invalid label set: %w", err)
}
if len(a.Labels) == 0 {
- return fmt.Errorf("at least one label pair required")
+ return errors.New("at least one label pair required")
}
if err := a.Annotations.Validate(); err != nil {
return fmt.Errorf("invalid annotations: %w", err)
diff --git a/vendor/github.com/prometheus/common/model/labels.go b/vendor/github.com/prometheus/common/model/labels.go
index 3317ce22ff..73b7aa3e60 100644
--- a/vendor/github.com/prometheus/common/model/labels.go
+++ b/vendor/github.com/prometheus/common/model/labels.go
@@ -97,26 +97,35 @@ var LabelNameRE = regexp.MustCompile("^[a-zA-Z_][a-zA-Z0-9_]*$")
// therewith.
type LabelName string
-// IsValid returns true iff name matches the pattern of LabelNameRE for legacy
-// names, and iff it's valid UTF-8 if NameValidationScheme is set to
-// UTF8Validation. For the legacy matching, it does not use LabelNameRE for the
-// check but a much faster hardcoded implementation.
+// IsValid returns true iff the name matches the pattern of LabelNameRE when
+// NameValidationScheme is set to LegacyValidation, or valid UTF-8 if
+// NameValidationScheme is set to UTF8Validation.
func (ln LabelName) IsValid() bool {
if len(ln) == 0 {
return false
}
switch NameValidationScheme {
case LegacyValidation:
- for i, b := range ln {
- if !((b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || (b >= '0' && b <= '9' && i > 0)) {
- return false
- }
- }
+ return ln.IsValidLegacy()
case UTF8Validation:
return utf8.ValidString(string(ln))
default:
panic(fmt.Sprintf("Invalid name validation scheme requested: %d", NameValidationScheme))
}
+}
+
+// IsValidLegacy returns true iff name matches the pattern of LabelNameRE for
+// legacy names. It does not use LabelNameRE for the check but a much faster
+// hardcoded implementation.
+func (ln LabelName) IsValidLegacy() bool {
+ if len(ln) == 0 {
+ return false
+ }
+ for i, b := range ln {
+ if !((b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || (b >= '0' && b <= '9' && i > 0)) {
+ return false
+ }
+ }
return true
}
diff --git a/vendor/github.com/prometheus/common/model/labelset_string.go b/vendor/github.com/prometheus/common/model/labelset_string.go
index 481c47b46e..abb2c90018 100644
--- a/vendor/github.com/prometheus/common/model/labelset_string.go
+++ b/vendor/github.com/prometheus/common/model/labelset_string.go
@@ -11,8 +11,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-//go:build go1.21
-
package model
import (
diff --git a/vendor/github.com/prometheus/common/model/labelset_string_go120.go b/vendor/github.com/prometheus/common/model/labelset_string_go120.go
deleted file mode 100644
index c4212685e7..0000000000
--- a/vendor/github.com/prometheus/common/model/labelset_string_go120.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2024 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build !go1.21
-
-package model
-
-import (
- "fmt"
- "sort"
- "strings"
-)
-
-// String was optimized using functions not available for go 1.20
-// or lower. We keep the old implementation for compatibility with client_golang.
-// Once client golang drops support for go 1.20 (scheduled for August 2024), this
-// file can be removed.
-func (l LabelSet) String() string {
- labelNames := make([]string, 0, len(l))
- for name := range l {
- labelNames = append(labelNames, string(name))
- }
- sort.Strings(labelNames)
- lstrs := make([]string, 0, len(l))
- for _, name := range labelNames {
- lstrs = append(lstrs, fmt.Sprintf("%s=%q", name, l[LabelName(name)]))
- }
- return fmt.Sprintf("{%s}", strings.Join(lstrs, ", "))
-}
diff --git a/vendor/github.com/prometheus/common/model/metric.go b/vendor/github.com/prometheus/common/model/metric.go
index eb865e5a59..5766107cf9 100644
--- a/vendor/github.com/prometheus/common/model/metric.go
+++ b/vendor/github.com/prometheus/common/model/metric.go
@@ -14,9 +14,11 @@
package model
import (
+ "errors"
"fmt"
"regexp"
"sort"
+ "strconv"
"strings"
"unicode/utf8"
@@ -26,18 +28,21 @@ import (
var (
// NameValidationScheme determines the method of name validation to be used by
- // all calls to IsValidMetricName() and LabelName IsValid(). Setting UTF-8 mode
- // in isolation from other components that don't support UTF-8 may result in
- // bugs or other undefined behavior. This value is intended to be set by
- // UTF-8-aware binaries as part of their startup. To avoid need for locking,
- // this value should be set once, ideally in an init(), before multiple
- // goroutines are started.
- NameValidationScheme = LegacyValidation
-
- // NameEscapingScheme defines the default way that names will be
- // escaped when presented to systems that do not support UTF-8 names. If the
- // Content-Type "escaping" term is specified, that will override this value.
- NameEscapingScheme = ValueEncodingEscaping
+ // all calls to IsValidMetricName() and LabelName IsValid(). Setting UTF-8
+ // mode in isolation from other components that don't support UTF-8 may result
+ // in bugs or other undefined behavior. This value can be set to
+ // LegacyValidation during startup if a binary is not UTF-8-aware binaries. To
+ // avoid need for locking, this value should be set once, ideally in an
+ // init(), before multiple goroutines are started.
+ NameValidationScheme = UTF8Validation
+
+ // NameEscapingScheme defines the default way that names will be escaped when
+ // presented to systems that do not support UTF-8 names. If the Content-Type
+ // "escaping" term is specified, that will override this value.
+ // NameEscapingScheme should not be set to the NoEscaping value. That string
+ // is used in content negotiation to indicate that a system supports UTF-8 and
+ // has that feature enabled.
+ NameEscapingScheme = UnderscoreEscaping
)
// ValidationScheme is a Go enum for determining how metric and label names will
@@ -161,7 +166,7 @@ func (m Metric) FastFingerprint() Fingerprint {
func IsValidMetricName(n LabelValue) bool {
switch NameValidationScheme {
case LegacyValidation:
- return IsValidLegacyMetricName(n)
+ return IsValidLegacyMetricName(string(n))
case UTF8Validation:
if len(n) == 0 {
return false
@@ -176,7 +181,7 @@ func IsValidMetricName(n LabelValue) bool {
// legacy validation scheme regardless of the value of NameValidationScheme.
// This function, however, does not use MetricNameRE for the check but a much
// faster hardcoded implementation.
-func IsValidLegacyMetricName(n LabelValue) bool {
+func IsValidLegacyMetricName(n string) bool {
if len(n) == 0 {
return false
}
@@ -208,7 +213,7 @@ func EscapeMetricFamily(v *dto.MetricFamily, scheme EscapingScheme) *dto.MetricF
}
// If the name is nil, copy as-is, don't try to escape.
- if v.Name == nil || IsValidLegacyMetricName(LabelValue(v.GetName())) {
+ if v.Name == nil || IsValidLegacyMetricName(v.GetName()) {
out.Name = v.Name
} else {
out.Name = proto.String(EscapeName(v.GetName(), scheme))
@@ -230,7 +235,7 @@ func EscapeMetricFamily(v *dto.MetricFamily, scheme EscapingScheme) *dto.MetricF
for _, l := range m.Label {
if l.GetName() == MetricNameLabel {
- if l.Value == nil || IsValidLegacyMetricName(LabelValue(l.GetValue())) {
+ if l.Value == nil || IsValidLegacyMetricName(l.GetValue()) {
escaped.Label = append(escaped.Label, l)
continue
}
@@ -240,7 +245,7 @@ func EscapeMetricFamily(v *dto.MetricFamily, scheme EscapingScheme) *dto.MetricF
})
continue
}
- if l.Name == nil || IsValidLegacyMetricName(LabelValue(l.GetName())) {
+ if l.Name == nil || IsValidLegacyMetricName(l.GetName()) {
escaped.Label = append(escaped.Label, l)
continue
}
@@ -256,20 +261,16 @@ func EscapeMetricFamily(v *dto.MetricFamily, scheme EscapingScheme) *dto.MetricF
func metricNeedsEscaping(m *dto.Metric) bool {
for _, l := range m.Label {
- if l.GetName() == MetricNameLabel && !IsValidLegacyMetricName(LabelValue(l.GetValue())) {
+ if l.GetName() == MetricNameLabel && !IsValidLegacyMetricName(l.GetValue()) {
return true
}
- if !IsValidLegacyMetricName(LabelValue(l.GetName())) {
+ if !IsValidLegacyMetricName(l.GetName()) {
return true
}
}
return false
}
-const (
- lowerhex = "0123456789abcdef"
-)
-
// EscapeName escapes the incoming name according to the provided escaping
// scheme. Depending on the rules of escaping, this may cause no change in the
// string that is returned. (Especially NoEscaping, which by definition is a
@@ -283,7 +284,7 @@ func EscapeName(name string, scheme EscapingScheme) string {
case NoEscaping:
return name
case UnderscoreEscaping:
- if IsValidLegacyMetricName(LabelValue(name)) {
+ if IsValidLegacyMetricName(name) {
return name
}
for i, b := range name {
@@ -304,31 +305,25 @@ func EscapeName(name string, scheme EscapingScheme) string {
} else if isValidLegacyRune(b, i) {
escaped.WriteRune(b)
} else {
- escaped.WriteRune('_')
+ escaped.WriteString("__")
}
}
return escaped.String()
case ValueEncodingEscaping:
- if IsValidLegacyMetricName(LabelValue(name)) {
+ if IsValidLegacyMetricName(name) {
return name
}
escaped.WriteString("U__")
for i, b := range name {
- if isValidLegacyRune(b, i) {
+ if b == '_' {
+ escaped.WriteString("__")
+ } else if isValidLegacyRune(b, i) {
escaped.WriteRune(b)
} else if !utf8.ValidRune(b) {
escaped.WriteString("_FFFD_")
- } else if b < 0x100 {
- escaped.WriteRune('_')
- for s := 4; s >= 0; s -= 4 {
- escaped.WriteByte(lowerhex[b>>uint(s)&0xF])
- }
- escaped.WriteRune('_')
- } else if b < 0x10000 {
+ } else {
escaped.WriteRune('_')
- for s := 12; s >= 0; s -= 4 {
- escaped.WriteByte(lowerhex[b>>uint(s)&0xF])
- }
+ escaped.WriteString(strconv.FormatInt(int64(b), 16))
escaped.WriteRune('_')
}
}
@@ -386,8 +381,9 @@ func UnescapeName(name string, scheme EscapingScheme) string {
// We think we are in a UTF-8 code, process it.
var utf8Val uint
for j := 0; i < len(escapedName); j++ {
- // This is too many characters for a utf8 value.
- if j > 4 {
+ // This is too many characters for a utf8 value based on the MaxRune
+ // value of '\U0010FFFF'.
+ if j >= 6 {
return name
}
// Found a closing underscore, convert to a rune, check validity, and append.
@@ -440,7 +436,7 @@ func (e EscapingScheme) String() string {
func ToEscapingScheme(s string) (EscapingScheme, error) {
if s == "" {
- return NoEscaping, fmt.Errorf("got empty string instead of escaping scheme")
+ return NoEscaping, errors.New("got empty string instead of escaping scheme")
}
switch s {
case AllowUTF8:
@@ -452,6 +448,6 @@ func ToEscapingScheme(s string) (EscapingScheme, error) {
case EscapeValues:
return ValueEncodingEscaping, nil
default:
- return NoEscaping, fmt.Errorf("unknown format scheme " + s)
+ return NoEscaping, fmt.Errorf("unknown format scheme %s", s)
}
}
diff --git a/vendor/github.com/prometheus/common/model/silence.go b/vendor/github.com/prometheus/common/model/silence.go
index 910b0b71fc..8f91a9702e 100644
--- a/vendor/github.com/prometheus/common/model/silence.go
+++ b/vendor/github.com/prometheus/common/model/silence.go
@@ -15,6 +15,7 @@ package model
import (
"encoding/json"
+ "errors"
"fmt"
"regexp"
"time"
@@ -34,7 +35,7 @@ func (m *Matcher) UnmarshalJSON(b []byte) error {
}
if len(m.Name) == 0 {
- return fmt.Errorf("label name in matcher must not be empty")
+ return errors.New("label name in matcher must not be empty")
}
if m.IsRegex {
if _, err := regexp.Compile(m.Value); err != nil {
@@ -77,7 +78,7 @@ type Silence struct {
// Validate returns true iff all fields of the silence have valid values.
func (s *Silence) Validate() error {
if len(s.Matchers) == 0 {
- return fmt.Errorf("at least one matcher required")
+ return errors.New("at least one matcher required")
}
for _, m := range s.Matchers {
if err := m.Validate(); err != nil {
@@ -85,22 +86,22 @@ func (s *Silence) Validate() error {
}
}
if s.StartsAt.IsZero() {
- return fmt.Errorf("start time missing")
+ return errors.New("start time missing")
}
if s.EndsAt.IsZero() {
- return fmt.Errorf("end time missing")
+ return errors.New("end time missing")
}
if s.EndsAt.Before(s.StartsAt) {
- return fmt.Errorf("start time must be before end time")
+ return errors.New("start time must be before end time")
}
if s.CreatedBy == "" {
- return fmt.Errorf("creator information missing")
+ return errors.New("creator information missing")
}
if s.Comment == "" {
- return fmt.Errorf("comment missing")
+ return errors.New("comment missing")
}
if s.CreatedAt.IsZero() {
- return fmt.Errorf("creation timestamp missing")
+ return errors.New("creation timestamp missing")
}
return nil
}
diff --git a/vendor/github.com/prometheus/common/model/value_float.go b/vendor/github.com/prometheus/common/model/value_float.go
index ae35cc2ab4..6bfc757d18 100644
--- a/vendor/github.com/prometheus/common/model/value_float.go
+++ b/vendor/github.com/prometheus/common/model/value_float.go
@@ -15,6 +15,7 @@ package model
import (
"encoding/json"
+ "errors"
"fmt"
"math"
"strconv"
@@ -39,7 +40,7 @@ func (v SampleValue) MarshalJSON() ([]byte, error) {
// UnmarshalJSON implements json.Unmarshaler.
func (v *SampleValue) UnmarshalJSON(b []byte) error {
if len(b) < 2 || b[0] != '"' || b[len(b)-1] != '"' {
- return fmt.Errorf("sample value must be a quoted string")
+ return errors.New("sample value must be a quoted string")
}
f, err := strconv.ParseFloat(string(b[1:len(b)-1]), 64)
if err != nil {
diff --git a/vendor/github.com/prometheus/common/model/value_histogram.go b/vendor/github.com/prometheus/common/model/value_histogram.go
index 54bb038cff..895e6a3e83 100644
--- a/vendor/github.com/prometheus/common/model/value_histogram.go
+++ b/vendor/github.com/prometheus/common/model/value_histogram.go
@@ -15,6 +15,7 @@ package model
import (
"encoding/json"
+ "errors"
"fmt"
"strconv"
"strings"
@@ -32,7 +33,7 @@ func (v FloatString) MarshalJSON() ([]byte, error) {
func (v *FloatString) UnmarshalJSON(b []byte) error {
if len(b) < 2 || b[0] != '"' || b[len(b)-1] != '"' {
- return fmt.Errorf("float value must be a quoted string")
+ return errors.New("float value must be a quoted string")
}
f, err := strconv.ParseFloat(string(b[1:len(b)-1]), 64)
if err != nil {
@@ -141,7 +142,7 @@ type SampleHistogramPair struct {
func (s SampleHistogramPair) MarshalJSON() ([]byte, error) {
if s.Histogram == nil {
- return nil, fmt.Errorf("histogram is nil")
+ return nil, errors.New("histogram is nil")
}
t, err := json.Marshal(s.Timestamp)
if err != nil {
@@ -164,7 +165,7 @@ func (s *SampleHistogramPair) UnmarshalJSON(buf []byte) error {
return fmt.Errorf("wrong number of fields: %d != %d", gotLen, wantLen)
}
if s.Histogram == nil {
- return fmt.Errorf("histogram is null")
+ return errors.New("histogram is null")
}
return nil
}
diff --git a/vendor/github.com/urfave/cli/v2/flag_string_slice.go b/vendor/github.com/urfave/cli/v2/flag_string_slice.go
index 28f4798f55..66bdf1afcd 100644
--- a/vendor/github.com/urfave/cli/v2/flag_string_slice.go
+++ b/vendor/github.com/urfave/cli/v2/flag_string_slice.go
@@ -150,8 +150,8 @@ func (f *StringSliceFlag) Apply(set *flag.FlagSet) error {
setValue = f.Value.clone()
default:
setValue = new(StringSlice)
- setValue.WithSeparatorSpec(f.separator)
}
+ setValue.WithSeparatorSpec(f.separator)
setValue.keepSpace = f.KeepSpace
diff --git a/vendor/github.com/urfave/cli/v2/godoc-current.txt b/vendor/github.com/urfave/cli/v2/godoc-current.txt
index 3e29faabac..2f3d76e319 100644
--- a/vendor/github.com/urfave/cli/v2/godoc-current.txt
+++ b/vendor/github.com/urfave/cli/v2/godoc-current.txt
@@ -136,7 +136,10 @@ var SubcommandHelpTemplate = `NAME:
{{template "helpNameTemplate" .}}
USAGE:
- {{if .UsageText}}{{wrap .UsageText 3}}{{else}}{{.HelpName}} {{if .VisibleFlags}}command [command options]{{end}}{{if .ArgsUsage}} {{.ArgsUsage}}{{else}}{{if .Args}} [arguments...]{{end}}{{end}}{{end}}{{if .Description}}
+ {{template "usageTemplate" .}}{{if .Category}}
+
+CATEGORY:
+ {{.Category}}{{end}}{{if .Description}}
DESCRIPTION:
{{template "descriptionTemplate" .}}{{end}}{{if .VisibleCommands}}
diff --git a/vendor/github.com/urfave/cli/v2/help.go b/vendor/github.com/urfave/cli/v2/help.go
index f1b9e7f18f..d27e8ce385 100644
--- a/vendor/github.com/urfave/cli/v2/help.go
+++ b/vendor/github.com/urfave/cli/v2/help.go
@@ -54,7 +54,7 @@ var helpCommand = &Command{
cCtx = cCtx.parentContext
}
- // Case 4. $ app hello foo
+ // Case 4. $ app help foo
// foo is the command for which help needs to be shown
if argsPresent {
return ShowCommandHelp(cCtx, firstArg)
diff --git a/vendor/github.com/urfave/cli/v2/template.go b/vendor/github.com/urfave/cli/v2/template.go
index 8abc5ba421..ccb22f1d53 100644
--- a/vendor/github.com/urfave/cli/v2/template.go
+++ b/vendor/github.com/urfave/cli/v2/template.go
@@ -83,7 +83,10 @@ var SubcommandHelpTemplate = `NAME:
{{template "helpNameTemplate" .}}
USAGE:
- {{if .UsageText}}{{wrap .UsageText 3}}{{else}}{{.HelpName}} {{if .VisibleFlags}}command [command options]{{end}}{{if .ArgsUsage}} {{.ArgsUsage}}{{else}}{{if .Args}} [arguments...]{{end}}{{end}}{{end}}{{if .Description}}
+ {{template "usageTemplate" .}}{{if .Category}}
+
+CATEGORY:
+ {{.Category}}{{end}}{{if .Description}}
DESCRIPTION:
{{template "descriptionTemplate" .}}{{end}}{{if .VisibleCommands}}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/LICENSE b/vendor/github.com/vektah/gqlparser/v2/LICENSE
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/LICENSE
rename to vendor/github.com/vektah/gqlparser/v2/LICENSE
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/argmap.go b/vendor/github.com/vektah/gqlparser/v2/ast/argmap.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/argmap.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/argmap.go
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/collections.go b/vendor/github.com/vektah/gqlparser/v2/ast/collections.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/collections.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/collections.go
diff --git a/vendor/github.com/vektah/gqlparser/v2/ast/comment.go b/vendor/github.com/vektah/gqlparser/v2/ast/comment.go
new file mode 100644
index 0000000000..8fcfda5813
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/comment.go
@@ -0,0 +1,31 @@
+package ast
+
+import (
+ "strconv"
+ "strings"
+)
+
+type Comment struct {
+ Value string
+ Position *Position
+}
+
+func (c *Comment) Text() string {
+ return strings.TrimPrefix(c.Value, "#")
+}
+
+type CommentGroup struct {
+ List []*Comment
+}
+
+func (c *CommentGroup) Dump() string {
+ if len(c.List) == 0 {
+ return ""
+ }
+ var builder strings.Builder
+ for _, comment := range c.List {
+ builder.WriteString(comment.Value)
+ builder.WriteString("\n")
+ }
+ return strconv.Quote(builder.String())
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/decode.go b/vendor/github.com/vektah/gqlparser/v2/ast/decode.go
similarity index 99%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/decode.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/decode.go
index d00920554c..c9966b2440 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/decode.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/decode.go
@@ -11,7 +11,7 @@ func UnmarshalSelectionSet(b []byte) (SelectionSet, error) {
return nil, err
}
- var result = make([]Selection, 0)
+ result := make([]Selection, 0)
for _, item := range tmp {
var field Field
if err := json.Unmarshal(item, &field); err == nil {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/definition.go b/vendor/github.com/vektah/gqlparser/v2/ast/definition.go
similarity index 77%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/definition.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/definition.go
index d203908168..9ceebf1bee 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/definition.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/definition.go
@@ -29,8 +29,12 @@ type Definition struct {
Types []string // union
EnumValues EnumValueList // enum
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
BuiltIn bool `dump:"-"`
+
+ BeforeDescriptionComment *CommentGroup
+ AfterDescriptionComment *CommentGroup
+ EndOfDefinitionComment *CommentGroup
}
func (d *Definition) IsLeafType() bool {
@@ -65,7 +69,10 @@ type FieldDefinition struct {
DefaultValue *Value // only for input objects
Type *Type
Directives DirectiveList
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+
+ BeforeDescriptionComment *CommentGroup
+ AfterDescriptionComment *CommentGroup
}
type ArgumentDefinition struct {
@@ -74,14 +81,20 @@ type ArgumentDefinition struct {
DefaultValue *Value
Type *Type
Directives DirectiveList
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+
+ BeforeDescriptionComment *CommentGroup
+ AfterDescriptionComment *CommentGroup
}
type EnumValueDefinition struct {
Description string
Name string
Directives DirectiveList
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+
+ BeforeDescriptionComment *CommentGroup
+ AfterDescriptionComment *CommentGroup
}
type DirectiveDefinition struct {
@@ -90,5 +103,8 @@ type DirectiveDefinition struct {
Arguments ArgumentDefinitionList
Locations []DirectiveLocation
IsRepeatable bool
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+
+ BeforeDescriptionComment *CommentGroup
+ AfterDescriptionComment *CommentGroup
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/directive.go b/vendor/github.com/vektah/gqlparser/v2/ast/directive.go
similarity index 97%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/directive.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/directive.go
index 5f6e8531f5..b11867c2e4 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/directive.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/directive.go
@@ -30,7 +30,7 @@ const (
type Directive struct {
Name string
Arguments ArgumentList
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
// Requires validation
ParentDefinition *Definition
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/document.go b/vendor/github.com/vektah/gqlparser/v2/ast/document.go
similarity index 78%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/document.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/document.go
index 43bfb54ff5..e2520ffb7c 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/document.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/document.go
@@ -3,7 +3,8 @@ package ast
type QueryDocument struct {
Operations OperationList
Fragments FragmentDefinitionList
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
}
type SchemaDocument struct {
@@ -12,7 +13,8 @@ type SchemaDocument struct {
Directives DirectiveDefinitionList
Definitions DefinitionList
Extensions DefinitionList
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
}
func (d *SchemaDocument) Merge(other *SchemaDocument) {
@@ -24,9 +26,10 @@ func (d *SchemaDocument) Merge(other *SchemaDocument) {
}
type Schema struct {
- Query *Definition
- Mutation *Definition
- Subscription *Definition
+ Query *Definition
+ Mutation *Definition
+ Subscription *Definition
+ SchemaDirectives DirectiveList
Types map[string]*Definition
Directives map[string]*DirectiveDefinition
@@ -35,6 +38,8 @@ type Schema struct {
Implements map[string][]*Definition
Description string
+
+ Comment *CommentGroup
}
// AddTypes is the helper to add types definition to the schema
@@ -69,11 +74,16 @@ type SchemaDefinition struct {
Description string
Directives DirectiveList
OperationTypes OperationTypeDefinitionList
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+
+ BeforeDescriptionComment *CommentGroup
+ AfterDescriptionComment *CommentGroup
+ EndOfDefinitionComment *CommentGroup
}
type OperationTypeDefinition struct {
Operation Operation
Type string
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/dumper.go b/vendor/github.com/vektah/gqlparser/v2/ast/dumper.go
similarity index 92%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/dumper.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/dumper.go
index dbb7a7efaf..e9ea88a12a 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/dumper.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/dumper.go
@@ -40,13 +40,13 @@ func (d *dumper) dump(v reflect.Value) {
d.WriteString("false")
}
case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
- d.WriteString(fmt.Sprintf("%d", v.Int()))
+ fmt.Fprintf(d, "%d", v.Int())
case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
- d.WriteString(fmt.Sprintf("%d", v.Uint()))
+ fmt.Fprintf(d, "%d", v.Uint())
case reflect.Float32, reflect.Float64:
- d.WriteString(fmt.Sprintf("%.2f", v.Float()))
+ fmt.Fprintf(d, "%.2f", v.Float())
case reflect.String:
if v.Type().Name() != "string" {
@@ -70,11 +70,11 @@ func (d *dumper) dump(v reflect.Value) {
}
func (d *dumper) writeIndent() {
- d.Buffer.WriteString(strings.Repeat(" ", d.indent))
+ d.WriteString(strings.Repeat(" ", d.indent))
}
func (d *dumper) nl() {
- d.Buffer.WriteByte('\n')
+ d.WriteByte('\n')
d.writeIndent()
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/fragment.go b/vendor/github.com/vektah/gqlparser/v2/ast/fragment.go
similarity index 78%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/fragment.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/fragment.go
index 57ab56c7c6..05805e1085 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/fragment.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/fragment.go
@@ -8,7 +8,8 @@ type FragmentSpread struct {
ObjectDefinition *Definition
Definition *FragmentDefinition
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
}
type InlineFragment struct {
@@ -19,7 +20,8 @@ type InlineFragment struct {
// Require validation
ObjectDefinition *Definition
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
}
type FragmentDefinition struct {
@@ -34,5 +36,6 @@ type FragmentDefinition struct {
// Require validation
Definition *Definition
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/operation.go b/vendor/github.com/vektah/gqlparser/v2/ast/operation.go
similarity index 78%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/operation.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/operation.go
index 3b37f81bf3..2efed025ba 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/operation.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/operation.go
@@ -14,7 +14,8 @@ type OperationDefinition struct {
VariableDefinitions VariableDefinitionList
Directives DirectiveList
SelectionSet SelectionSet
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
}
type VariableDefinition struct {
@@ -22,7 +23,8 @@ type VariableDefinition struct {
Type *Type
DefaultValue *Value
Directives DirectiveList
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
// Requires validation
Definition *Definition
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/path.go b/vendor/github.com/vektah/gqlparser/v2/ast/path.go
similarity index 91%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/path.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/path.go
index be1a9e4edb..f40aa953dd 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/path.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/path.go
@@ -14,10 +14,15 @@ type PathElement interface {
isPathElement()
}
-var _ PathElement = PathIndex(0)
-var _ PathElement = PathName("")
+var (
+ _ PathElement = PathIndex(0)
+ _ PathElement = PathName("")
+)
func (path Path) String() string {
+ if path == nil {
+ return ""
+ }
var str bytes.Buffer
for i, v := range path {
switch v := v.(type) {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/selection.go b/vendor/github.com/vektah/gqlparser/v2/ast/selection.go
similarity index 62%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/selection.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/selection.go
index 5ef26c6ab3..1858dc2136 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/selection.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/selection.go
@@ -11,9 +11,9 @@ func (*Field) isSelection() {}
func (*FragmentSpread) isSelection() {}
func (*InlineFragment) isSelection() {}
-func (s *Field) GetPosition() *Position { return s.Position }
+func (f *Field) GetPosition() *Position { return f.Position }
func (s *FragmentSpread) GetPosition() *Position { return s.Position }
-func (s *InlineFragment) GetPosition() *Position { return s.Position }
+func (f *InlineFragment) GetPosition() *Position { return f.Position }
type Field struct {
Alias string
@@ -21,7 +21,8 @@ type Field struct {
Arguments ArgumentList
Directives DirectiveList
SelectionSet SelectionSet
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
// Require validation
Definition *FieldDefinition
@@ -31,9 +32,10 @@ type Field struct {
type Argument struct {
Name string
Value *Value
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
}
-func (s *Field) ArgumentMap(vars map[string]interface{}) map[string]interface{} {
- return arg2map(s.Definition.Arguments, s.Arguments, vars)
+func (f *Field) ArgumentMap(vars map[string]interface{}) map[string]interface{} {
+ return arg2map(f.Definition.Arguments, f.Arguments, vars)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/source.go b/vendor/github.com/vektah/gqlparser/v2/ast/source.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/source.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/source.go
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/type.go b/vendor/github.com/vektah/gqlparser/v2/ast/type.go
similarity index 96%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/type.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/type.go
index 5f77bc7ce4..669f1da57e 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/type.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/type.go
@@ -20,7 +20,7 @@ type Type struct {
NamedType string
Elem *Type
NonNull bool
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
}
func (t *Type) Name() string {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/value.go b/vendor/github.com/vektah/gqlparser/v2/ast/value.go
similarity index 94%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/value.go
rename to vendor/github.com/vektah/gqlparser/v2/ast/value.go
index c25ef15059..45fa8016b5 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/ast/value.go
+++ b/vendor/github.com/vektah/gqlparser/v2/ast/value.go
@@ -25,7 +25,8 @@ type Value struct {
Raw string
Children ChildValueList
Kind ValueKind
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
// Require validation
Definition *Definition
@@ -36,7 +37,8 @@ type Value struct {
type ChildValue struct {
Name string
Value *Value
- Position *Position `dump:"-"`
+ Position *Position `dump:"-" json:"-"`
+ Comment *CommentGroup
}
func (v *Value) Value(vars map[string]interface{}) (interface{}, error) {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/gqlerror/error.go b/vendor/github.com/vektah/gqlparser/v2/gqlerror/error.go
similarity index 75%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/gqlerror/error.go
rename to vendor/github.com/vektah/gqlparser/v2/gqlerror/error.go
index 58d1c1bd6c..ca9036ca7e 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/gqlerror/error.go
+++ b/vendor/github.com/vektah/gqlparser/v2/gqlerror/error.go
@@ -1,17 +1,17 @@
package gqlerror
import (
- "bytes"
"errors"
"fmt"
"strconv"
+ "strings"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
)
-// Error is the standard graphql error type described in https://facebook.github.io/graphql/draft/#sec-Errors
+// Error is the standard graphql error type described in https://spec.graphql.org/draft/#sec-Errors
type Error struct {
- err error `json:"-"`
+ Err error `json:"-"`
Message string `json:"message"`
Path ast.Path `json:"path,omitempty"`
Locations []Location `json:"locations,omitempty"`
@@ -38,7 +38,7 @@ type Location struct {
type List []*Error
func (err *Error) Error() string {
- var res bytes.Buffer
+ var res strings.Builder
if err == nil {
return ""
}
@@ -66,16 +66,23 @@ func (err *Error) Error() string {
return res.String()
}
-func (err Error) pathString() string {
+func (err *Error) pathString() string {
return err.Path.String()
}
-func (err Error) Unwrap() error {
- return err.err
+func (err *Error) Unwrap() error {
+ return err.Err
+}
+
+func (err *Error) AsError() error {
+ if err == nil {
+ return nil
+ }
+ return err
}
func (errs List) Error() string {
- var buf bytes.Buffer
+ var buf strings.Builder
for _, err := range errs {
buf.WriteString(err.Error())
buf.WriteByte('\n')
@@ -101,14 +108,48 @@ func (errs List) As(target interface{}) bool {
return false
}
+func (errs List) Unwrap() []error {
+ l := make([]error, len(errs))
+ for i, err := range errs {
+ l[i] = err
+ }
+ return l
+}
+
func WrapPath(path ast.Path, err error) *Error {
+ if err == nil {
+ return nil
+ }
return &Error{
- err: err,
+ Err: err,
Message: err.Error(),
Path: path,
}
}
+func Wrap(err error) *Error {
+ if err == nil {
+ return nil
+ }
+ return &Error{
+ Err: err,
+ Message: err.Error(),
+ }
+}
+
+func WrapIfUnwrapped(err error) *Error {
+ if err == nil {
+ return nil
+ }
+ if gqlErr, ok := err.(*Error); ok {
+ return gqlErr
+ }
+ return &Error{
+ Err: err,
+ Message: err.Error(),
+ }
+}
+
func Errorf(message string, args ...interface{}) *Error {
return &Error{
Message: fmt.Sprintf(message, args...),
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/blockstring.go b/vendor/github.com/vektah/gqlparser/v2/lexer/blockstring.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/blockstring.go
rename to vendor/github.com/vektah/gqlparser/v2/lexer/blockstring.go
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/lexer.go b/vendor/github.com/vektah/gqlparser/v2/lexer/lexer.go
similarity index 91%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/lexer.go
rename to vendor/github.com/vektah/gqlparser/v2/lexer/lexer.go
index f25555e650..1cbb4a0308 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/lexer.go
+++ b/vendor/github.com/vektah/gqlparser/v2/lexer/lexer.go
@@ -4,8 +4,8 @@ import (
"bytes"
"unicode/utf8"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
- "github.com/open-policy-agent/opa/internal/gqlparser/gqlerror"
+ "github.com/vektah/gqlparser/v2/ast"
+ "github.com/vektah/gqlparser/v2/gqlerror"
)
// Lexer turns graphql request and schema strings into tokens
@@ -55,7 +55,7 @@ func (s *Lexer) makeValueToken(kind Type, value string) (Token, error) {
}, nil
}
-func (s *Lexer) makeError(format string, args ...interface{}) (Token, error) {
+func (s *Lexer) makeError(format string, args ...interface{}) (Token, *gqlerror.Error) {
column := s.endRunes - s.lineStartRunes + 1
return Token{
Kind: Invalid,
@@ -66,7 +66,7 @@ func (s *Lexer) makeError(format string, args ...interface{}) (Token, error) {
Column: column,
Src: s.Source,
},
- }, gqlerror.ErrorLocf(s.Source.Name, s.line, column, format, args...)
+ }, gqlerror.ErrorLocf(s.Name, s.line, column, format, args...)
}
// ReadToken gets the next token from the source starting at the given position.
@@ -74,8 +74,7 @@ func (s *Lexer) makeError(format string, args ...interface{}) (Token, error) {
// This skips over whitespace and comments until it finds the next lexable
// token, then lexes punctuators immediately or calls the appropriate helper
// function for more complicated tokens.
-func (s *Lexer) ReadToken() (token Token, err error) {
-
+func (s *Lexer) ReadToken() (Token, error) {
s.ws()
s.start = s.end
s.startRunes = s.endRunes
@@ -121,10 +120,7 @@ func (s *Lexer) ReadToken() (token Token, err error) {
case '|':
return s.makeValueToken(Pipe, "")
case '#':
- if comment, err := s.readComment(); err != nil {
- return comment, err
- }
- return s.ReadToken()
+ return s.readComment()
case '_', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z':
return s.readName()
@@ -258,7 +254,6 @@ func (s *Lexer) readNumber() (Token, error) {
return s.makeToken(Float)
}
return s.makeToken(Int)
-
}
// acceptByte if it matches any of given bytes, returning true if it found anything
@@ -321,8 +316,8 @@ func (s *Lexer) readString() (Token, error) {
}
switch r {
default:
- var char = rune(r)
- var w = 1
+ char := rune(r)
+ w := 1
// skip unicode overhead if we are in the ascii range
if r >= 127 {
@@ -426,17 +421,29 @@ func (s *Lexer) readBlockString() (Token, error) {
r := s.Input[s.end]
// Closing triple quote (""")
- if r == '"' && s.end+3 <= inputLen && s.Input[s.end:s.end+3] == `"""` {
- t, err := s.makeValueToken(BlockString, blockStringValue(buf.String()))
+ if r == '"' {
+ // Count consecutive quotes
+ quoteCount := 1
+ i := s.end + 1
+ for i < inputLen && s.Input[i] == '"' {
+ quoteCount++
+ i++
+ }
- // the token should not include the quotes in its value, but should cover them in its position
- t.Pos.Start -= 3
- t.Pos.End += 3
+ // If we have at least 3 quotes, use the last 3 as the closing quote
+ if quoteCount >= 3 {
+ // Add any extra quotes to the buffer (except the last 3)
+ for j := 0; j < quoteCount-3; j++ {
+ buf.WriteByte('"')
+ }
- // skip the close quote
- s.end += 3
- s.endRunes += 3
- return t, err
+ t, err := s.makeValueToken(BlockString, blockStringValue(buf.String()))
+ t.Pos.Start -= 3
+ t.Pos.End += 3
+ s.end += quoteCount
+ s.endRunes += quoteCount
+ return t, err
+ }
}
// SourceCharacter
@@ -444,11 +451,12 @@ func (s *Lexer) readBlockString() (Token, error) {
return s.makeError(`Invalid character within String: "\u%04d".`, r)
}
- if r == '\\' && s.end+4 <= inputLen && s.Input[s.end:s.end+4] == `\"""` {
+ switch {
+ case r == '\\' && s.end+4 <= inputLen && s.Input[s.end:s.end+4] == `\"""`:
buf.WriteString(`"""`)
s.end += 4
s.endRunes += 4
- } else if r == '\r' {
+ case r == '\r':
if s.end+1 < inputLen && s.Input[s.end+1] == '\n' {
s.end++
s.endRunes++
@@ -459,9 +467,9 @@ func (s *Lexer) readBlockString() (Token, error) {
s.endRunes++
s.line++
s.lineStartRunes = s.endRunes
- } else {
- var char = rune(r)
- var w = 1
+ default:
+ char := rune(r)
+ w := 1
// skip unicode overhead if we are in the ascii range
if r >= 127 {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/lexer_test.yml b/vendor/github.com/vektah/gqlparser/v2/lexer/lexer_test.yml
similarity index 91%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/lexer_test.yml
rename to vendor/github.com/vektah/gqlparser/v2/lexer/lexer_test.yml
index 5c4d5f0ff5..0899f4ca9b 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/lexer_test.yml
+++ b/vendor/github.com/vektah/gqlparser/v2/lexer/lexer_test.yml
@@ -26,22 +26,38 @@ simple tokens:
column: 3
value: 'foo'
- - name: skips whitespace
- input: "\n\n foo\n\n\n"
+ - name: records line and column with comments
+ input: "\n\n\n#foo\n #bar\n foo\n"
tokens:
+ -
+ kind: COMMENT
+ start: 3
+ end: 7
+ line: 4
+ column: 0
+ value: '#foo'
+ -
+ kind: COMMENT
+ start: 10
+ end: 14
+ line: 5
+ column: 3
+ value: '#bar'
-
kind: NAME
- start: 6
- end: 9
+ start: 17
+ end: 20
+ line: 6
+ column: 3
value: 'foo'
- - name: skips comments
- input: "\n #comment\n foo#comment\n"
+ - name: skips whitespace
+ input: "\n\n foo\n\n\n"
tokens:
-
kind: NAME
- start: 18
- end: 21
+ start: 6
+ end: 9
value: 'foo'
- name: skips commas
@@ -78,6 +94,57 @@ simple tokens:
end: 1
value: a
+lexes comments:
+ - name: basic
+ input: '#simple'
+ tokens:
+ -
+ kind: COMMENT
+ start: 0
+ end: 7
+ value: '#simple'
+
+ - name: two lines
+ input: "#first\n#second"
+ tokens:
+ -
+ kind: COMMENT
+ start: 0
+ end: 6
+ value: "#first"
+ -
+ kind: COMMENT
+ start: 7
+ end: 14
+ value: "#second"
+
+ - name: whitespace
+ input: '# white space '
+ tokens:
+ -
+ kind: COMMENT
+ start: 0
+ end: 14
+ value: '# white space '
+
+ - name: not escaped
+ input: '#not escaped \n\r\b\t\f'
+ tokens:
+ -
+ kind: COMMENT
+ start: 0
+ end: 23
+ value: '#not escaped \n\r\b\t\f'
+
+ - name: slashes
+ input: '#slashes \\ \/'
+ tokens:
+ -
+ kind: COMMENT
+ start: 0
+ end: 14
+ value: '#slashes \\ \/'
+
lexes strings:
- name: basic
input: '"simple"'
@@ -674,7 +741,6 @@ lex reports useful unknown character error:
- name: question mark
input: "?"
error:
- message: 'Cannot parse the unexpected character "?".'
message: 'Cannot parse the unexpected character "?".'
locations: [{ line: 1, column: 1 }]
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/token.go b/vendor/github.com/vektah/gqlparser/v2/lexer/token.go
similarity index 97%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/token.go
rename to vendor/github.com/vektah/gqlparser/v2/lexer/token.go
index 79eefd0f4e..8985a7efb7 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/lexer/token.go
+++ b/vendor/github.com/vektah/gqlparser/v2/lexer/token.go
@@ -3,7 +3,7 @@ package lexer
import (
"strconv"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
)
const (
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/parser.go b/vendor/github.com/vektah/gqlparser/v2/parser/parser.go
similarity index 54%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/parser.go
rename to vendor/github.com/vektah/gqlparser/v2/parser/parser.go
index c0d2b4a3b7..bfcf7ea498 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/parser.go
+++ b/vendor/github.com/vektah/gqlparser/v2/parser/parser.go
@@ -1,11 +1,12 @@
package parser
import (
+ "fmt"
"strconv"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
- "github.com/open-policy-agent/opa/internal/gqlparser/gqlerror"
- "github.com/open-policy-agent/opa/internal/gqlparser/lexer"
+ "github.com/vektah/gqlparser/v2/ast"
+ "github.com/vektah/gqlparser/v2/gqlerror"
+ "github.com/vektah/gqlparser/v2/lexer"
)
type parser struct {
@@ -17,6 +18,53 @@ type parser struct {
peekError error
prev lexer.Token
+
+ comment *ast.CommentGroup
+ commentConsuming bool
+
+ tokenCount int
+ maxTokenLimit int
+}
+
+func (p *parser) SetMaxTokenLimit(maxToken int) {
+ p.maxTokenLimit = maxToken
+}
+
+func (p *parser) consumeComment() (*ast.Comment, bool) {
+ if p.err != nil {
+ return nil, false
+ }
+ tok := p.peek()
+ if tok.Kind != lexer.Comment {
+ return nil, false
+ }
+ p.next()
+ return &ast.Comment{
+ Value: tok.Value,
+ Position: &tok.Pos,
+ }, true
+}
+
+func (p *parser) consumeCommentGroup() {
+ if p.err != nil {
+ return
+ }
+ if p.commentConsuming {
+ return
+ }
+ p.commentConsuming = true
+
+ var comments []*ast.Comment
+ for {
+ comment, ok := p.consumeComment()
+ if !ok {
+ break
+ }
+ comments = append(comments, comment)
+ }
+
+ p.comment = &ast.CommentGroup{List: comments}
+ p.commentConsuming = false
}
func (p *parser) peekPos() *ast.Position {
@@ -36,6 +84,9 @@ func (p *parser) peek() lexer.Token {
if !p.peeked {
p.peekToken, p.peekError = p.lexer.ReadToken()
p.peeked = true
+ if p.peekToken.Kind == lexer.Comment {
+ p.consumeCommentGroup()
+ }
}
return p.peekToken
@@ -52,33 +103,45 @@ func (p *parser) next() lexer.Token {
if p.err != nil {
return p.prev
}
+ // Increment the token count before reading the next token
+ p.tokenCount++
+ if p.maxTokenLimit != 0 && p.tokenCount > p.maxTokenLimit {
+ p.err = fmt.Errorf("exceeded token limit of %d", p.maxTokenLimit)
+ return p.prev
+ }
if p.peeked {
p.peeked = false
+ p.comment = nil
p.prev, p.err = p.peekToken, p.peekError
} else {
p.prev, p.err = p.lexer.ReadToken()
+ if p.prev.Kind == lexer.Comment {
+ p.consumeCommentGroup()
+ }
}
return p.prev
}
-func (p *parser) expectKeyword(value string) lexer.Token {
+func (p *parser) expectKeyword(value string) (lexer.Token, *ast.CommentGroup) {
tok := p.peek()
+ comment := p.comment
if tok.Kind == lexer.Name && tok.Value == value {
- return p.next()
+ return p.next(), comment
}
p.error(tok, "Expected %s, found %s", strconv.Quote(value), tok.String())
- return tok
+ return tok, comment
}
-func (p *parser) expect(kind lexer.Type) lexer.Token {
+func (p *parser) expect(kind lexer.Type) (lexer.Token, *ast.CommentGroup) {
tok := p.peek()
+ comment := p.comment
if tok.Kind == kind {
- return p.next()
+ return p.next(), comment
}
p.error(tok, "Expected %s, found %s", kind, tok.Kind.String())
- return tok
+ return tok, comment
}
func (p *parser) skip(kind lexer.Type) bool {
@@ -115,10 +178,10 @@ func (p *parser) many(start lexer.Type, end lexer.Type, cb func()) {
p.next()
}
-func (p *parser) some(start lexer.Type, end lexer.Type, cb func()) {
+func (p *parser) some(start lexer.Type, end lexer.Type, cb func()) *ast.CommentGroup {
hasDef := p.skip(start)
if !hasDef {
- return
+ return nil
}
called := false
@@ -129,8 +192,10 @@ func (p *parser) some(start lexer.Type, end lexer.Type, cb func()) {
if !called {
p.error(p.peek(), "expected at least one definition, found %s", p.peek().Kind.String())
- return
+ return nil
}
+ comment := p.comment
p.next()
+ return comment
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/query.go b/vendor/github.com/vektah/gqlparser/v2/parser/query.go
similarity index 85%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/query.go
rename to vendor/github.com/vektah/gqlparser/v2/parser/query.go
index 319425f587..47ac214a91 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/query.go
+++ b/vendor/github.com/vektah/gqlparser/v2/parser/query.go
@@ -1,15 +1,23 @@
package parser
import (
- "github.com/open-policy-agent/opa/internal/gqlparser/lexer"
+ "github.com/vektah/gqlparser/v2/lexer"
- //nolint:revive
- . "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ . "github.com/vektah/gqlparser/v2/ast" //nolint:staticcheck // bad, yeah
)
func ParseQuery(source *Source) (*QueryDocument, error) {
p := parser{
- lexer: lexer.New(source),
+ lexer: lexer.New(source),
+ maxTokenLimit: 0, // 0 means unlimited
+ }
+ return p.parseQueryDocument(), p.err
+}
+
+func ParseQueryWithTokenLimit(source *Source, maxTokenLimit int) (*QueryDocument, error) {
+ p := parser{
+ lexer: lexer.New(source),
+ maxTokenLimit: maxTokenLimit,
}
return p.parseQueryDocument(), p.err
}
@@ -45,6 +53,7 @@ func (p *parser) parseOperationDefinition() *OperationDefinition {
if p.peek().Kind == lexer.BraceL {
return &OperationDefinition{
Position: p.peekPos(),
+ Comment: p.comment,
Operation: Query,
SelectionSet: p.parseRequiredSelectionSet(),
}
@@ -52,6 +61,7 @@ func (p *parser) parseOperationDefinition() *OperationDefinition {
var od OperationDefinition
od.Position = p.peekPos()
+ od.Comment = p.comment
od.Operation = p.parseOperationType()
if p.peek().Kind == lexer.Name {
@@ -81,7 +91,7 @@ func (p *parser) parseOperationType() Operation {
func (p *parser) parseVariableDefinitions() VariableDefinitionList {
var defs []*VariableDefinition
- p.many(lexer.ParenL, lexer.ParenR, func() {
+ p.some(lexer.ParenL, lexer.ParenR, func() {
defs = append(defs, p.parseVariableDefinition())
})
@@ -91,6 +101,7 @@ func (p *parser) parseVariableDefinitions() VariableDefinitionList {
func (p *parser) parseVariableDefinition() *VariableDefinition {
var def VariableDefinition
def.Position = p.peekPos()
+ def.Comment = p.comment
def.Variable = p.parseVariable()
p.expect(lexer.Colon)
@@ -117,7 +128,7 @@ func (p *parser) parseOptionalSelectionSet() SelectionSet {
selections = append(selections, p.parseSelection())
})
- return SelectionSet(selections)
+ return selections
}
func (p *parser) parseRequiredSelectionSet() SelectionSet {
@@ -131,7 +142,7 @@ func (p *parser) parseRequiredSelectionSet() SelectionSet {
selections = append(selections, p.parseSelection())
})
- return SelectionSet(selections)
+ return selections
}
func (p *parser) parseSelection() Selection {
@@ -144,6 +155,7 @@ func (p *parser) parseSelection() Selection {
func (p *parser) parseField() *Field {
var field Field
field.Position = p.peekPos()
+ field.Comment = p.comment
field.Alias = p.parseName()
if p.skip(lexer.Colon) {
@@ -163,7 +175,7 @@ func (p *parser) parseField() *Field {
func (p *parser) parseArguments(isConst bool) ArgumentList {
var arguments ArgumentList
- p.many(lexer.ParenL, lexer.ParenR, func() {
+ p.some(lexer.ParenL, lexer.ParenR, func() {
arguments = append(arguments, p.parseArgument(isConst))
})
@@ -173,6 +185,7 @@ func (p *parser) parseArguments(isConst bool) ArgumentList {
func (p *parser) parseArgument(isConst bool) *Argument {
arg := Argument{}
arg.Position = p.peekPos()
+ arg.Comment = p.comment
arg.Name = p.parseName()
p.expect(lexer.Colon)
@@ -181,11 +194,12 @@ func (p *parser) parseArgument(isConst bool) *Argument {
}
func (p *parser) parseFragment() Selection {
- p.expect(lexer.Spread)
+ _, comment := p.expect(lexer.Spread)
if peek := p.peek(); peek.Kind == lexer.Name && peek.Value != "on" {
return &FragmentSpread{
Position: p.peekPos(),
+ Comment: comment,
Name: p.parseFragmentName(),
Directives: p.parseDirectives(false),
}
@@ -193,6 +207,7 @@ func (p *parser) parseFragment() Selection {
var def InlineFragment
def.Position = p.peekPos()
+ def.Comment = comment
if p.peek().Value == "on" {
p.next() // "on"
@@ -207,6 +222,7 @@ func (p *parser) parseFragment() Selection {
func (p *parser) parseFragmentDefinition() *FragmentDefinition {
var def FragmentDefinition
def.Position = p.peekPos()
+ def.Comment = p.comment
p.expectKeyword("fragment")
def.Name = p.parseFragmentName()
@@ -243,7 +259,7 @@ func (p *parser) parseValueLiteral(isConst bool) *Value {
p.unexpectedError()
return nil
}
- return &Value{Position: &token.Pos, Raw: p.parseVariable(), Kind: Variable}
+ return &Value{Position: &token.Pos, Comment: p.comment, Raw: p.parseVariable(), Kind: Variable}
case lexer.Int:
kind = IntValue
case lexer.Float:
@@ -268,32 +284,35 @@ func (p *parser) parseValueLiteral(isConst bool) *Value {
p.next()
- return &Value{Position: &token.Pos, Raw: token.Value, Kind: kind}
+ return &Value{Position: &token.Pos, Comment: p.comment, Raw: token.Value, Kind: kind}
}
func (p *parser) parseList(isConst bool) *Value {
var values ChildValueList
pos := p.peekPos()
+ comment := p.comment
p.many(lexer.BracketL, lexer.BracketR, func() {
values = append(values, &ChildValue{Value: p.parseValueLiteral(isConst)})
})
- return &Value{Children: values, Kind: ListValue, Position: pos}
+ return &Value{Children: values, Kind: ListValue, Position: pos, Comment: comment}
}
func (p *parser) parseObject(isConst bool) *Value {
var fields ChildValueList
pos := p.peekPos()
+ comment := p.comment
p.many(lexer.BraceL, lexer.BraceR, func() {
fields = append(fields, p.parseObjectField(isConst))
})
- return &Value{Children: fields, Kind: ObjectValue, Position: pos}
+ return &Value{Children: fields, Kind: ObjectValue, Position: pos, Comment: comment}
}
func (p *parser) parseObjectField(isConst bool) *ChildValue {
field := ChildValue{}
field.Position = p.peekPos()
+ field.Comment = p.comment
field.Name = p.parseName()
p.expect(lexer.Colon)
@@ -343,7 +362,7 @@ func (p *parser) parseTypeReference() *Type {
}
func (p *parser) parseName() string {
- token := p.expect(lexer.Name)
+ token, _ := p.expect(lexer.Name)
return token.Value
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/query_test.yml b/vendor/github.com/vektah/gqlparser/v2/parser/query_test.yml
similarity index 98%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/query_test.yml
rename to vendor/github.com/vektah/gqlparser/v2/parser/query_test.yml
index a46a01e718..ec0580f5fa 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/query_test.yml
+++ b/vendor/github.com/vektah/gqlparser/v2/parser/query_test.yml
@@ -436,6 +436,7 @@ large queries:
-
Alias: "id"
Name: "id"
+ Comment: "# Copyright (c) 2015-present, Facebook, Inc.\n#\n# This source code is licensed under the MIT license found in the\n# LICENSE file in the root directory of this source tree.\n"
-
Operation: Operation("mutation")
Name: "likeStory"
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/schema.go b/vendor/github.com/vektah/gqlparser/v2/parser/schema.go
similarity index 58%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/schema.go
rename to vendor/github.com/vektah/gqlparser/v2/parser/schema.go
index 32c293399b..804f02c9f8 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/schema.go
+++ b/vendor/github.com/vektah/gqlparser/v2/parser/schema.go
@@ -1,40 +1,72 @@
package parser
import (
- //nolint:revive
- . "github.com/open-policy-agent/opa/internal/gqlparser/ast"
- "github.com/open-policy-agent/opa/internal/gqlparser/lexer"
+ . "github.com/vektah/gqlparser/v2/ast" //nolint:staticcheck // bad, yeah
+ "github.com/vektah/gqlparser/v2/lexer"
)
+func ParseSchemas(inputs ...*Source) (*SchemaDocument, error) {
+ sd := &SchemaDocument{}
+ for _, input := range inputs {
+ inputAst, err := ParseSchema(input)
+ if err != nil {
+ return nil, err
+ }
+ sd.Merge(inputAst)
+ }
+ return sd, nil
+}
+
func ParseSchema(source *Source) (*SchemaDocument, error) {
p := parser{
- lexer: lexer.New(source),
+ lexer: lexer.New(source),
+ maxTokenLimit: 0, // default value is unlimited
}
- ast, err := p.parseSchemaDocument(), p.err
+ sd, err := p.parseSchemaDocument(), p.err
if err != nil {
return nil, err
}
- for _, def := range ast.Definitions {
+ for _, def := range sd.Definitions {
def.BuiltIn = source.BuiltIn
}
- for _, def := range ast.Extensions {
+ for _, def := range sd.Extensions {
def.BuiltIn = source.BuiltIn
}
- return ast, nil
+ return sd, nil
}
-func ParseSchemas(inputs ...*Source) (*SchemaDocument, error) {
- ast := &SchemaDocument{}
+func ParseSchemasWithLimit(maxTokenLimit int, inputs ...*Source) (*SchemaDocument, error) {
+ sd := &SchemaDocument{}
for _, input := range inputs {
- inputAst, err := ParseSchema(input)
+ inputAst, err := ParseSchemaWithLimit(input, maxTokenLimit)
if err != nil {
return nil, err
}
- ast.Merge(inputAst)
+ sd.Merge(inputAst)
}
- return ast, nil
+ return sd, nil
+}
+
+func ParseSchemaWithLimit(source *Source, maxTokenLimit int) (*SchemaDocument, error) {
+ p := parser{
+ lexer: lexer.New(source),
+ maxTokenLimit: maxTokenLimit, // 0 is unlimited
+ }
+ sd, err := p.parseSchemaDocument(), p.err
+ if err != nil {
+ return nil, err
+ }
+
+ for _, def := range sd.Definitions {
+ def.BuiltIn = source.BuiltIn
+ }
+ for _, def := range sd.Extensions {
+ def.BuiltIn = source.BuiltIn
+ }
+
+ return sd, nil
}
func (p *parser) parseSchemaDocument() *SchemaDocument {
@@ -45,7 +77,7 @@ func (p *parser) parseSchemaDocument() *SchemaDocument {
return nil
}
- var description string
+ var description descriptionWithComment
if p.peek().Kind == lexer.BlockString || p.peek().Kind == lexer.String {
description = p.parseDescription()
}
@@ -63,7 +95,7 @@ func (p *parser) parseSchemaDocument() *SchemaDocument {
case "directive":
doc.Directives = append(doc.Directives, p.parseDirectiveDefinition(description))
case "extend":
- if description != "" {
+ if description.text != "" {
p.unexpectedToken(p.prev)
}
p.parseTypeSystemExtension(&doc)
@@ -73,20 +105,26 @@ func (p *parser) parseSchemaDocument() *SchemaDocument {
}
}
+ // treat end of file comments
+ doc.Comment = p.comment
+
return &doc
}
-func (p *parser) parseDescription() string {
+func (p *parser) parseDescription() descriptionWithComment {
token := p.peek()
+ var desc descriptionWithComment
if token.Kind != lexer.BlockString && token.Kind != lexer.String {
- return ""
+ return desc
}
- return p.next().Value
+ desc.comment = p.comment
+ desc.text = p.next().Value
+ return desc
}
-func (p *parser) parseTypeSystemDefinition(description string) *Definition {
+func (p *parser) parseTypeSystemDefinition(description descriptionWithComment) *Definition {
tok := p.peek()
if tok.Kind != lexer.Name {
p.unexpectedError()
@@ -112,15 +150,17 @@ func (p *parser) parseTypeSystemDefinition(description string) *Definition {
}
}
-func (p *parser) parseSchemaDefinition(description string) *SchemaDefinition {
- p.expectKeyword("schema")
+func (p *parser) parseSchemaDefinition(description descriptionWithComment) *SchemaDefinition {
+ _, comment := p.expectKeyword("schema")
- def := SchemaDefinition{Description: description}
+ def := SchemaDefinition{}
def.Position = p.peekPos()
- def.Description = description
+ def.BeforeDescriptionComment = description.comment
+ def.Description = description.text
+ def.AfterDescriptionComment = comment
def.Directives = p.parseDirectives(true)
- p.some(lexer.BraceL, lexer.BraceR, func() {
+ def.EndOfDefinitionComment = p.some(lexer.BraceL, lexer.BraceR, func() {
def.OperationTypes = append(def.OperationTypes, p.parseOperationTypeDefinition())
})
return &def
@@ -129,35 +169,40 @@ func (p *parser) parseSchemaDefinition(description string) *SchemaDefinition {
func (p *parser) parseOperationTypeDefinition() *OperationTypeDefinition {
var op OperationTypeDefinition
op.Position = p.peekPos()
+ op.Comment = p.comment
op.Operation = p.parseOperationType()
p.expect(lexer.Colon)
op.Type = p.parseName()
return &op
}
-func (p *parser) parseScalarTypeDefinition(description string) *Definition {
- p.expectKeyword("scalar")
+func (p *parser) parseScalarTypeDefinition(description descriptionWithComment) *Definition {
+ _, comment := p.expectKeyword("scalar")
var def Definition
def.Position = p.peekPos()
+ def.BeforeDescriptionComment = description.comment
+ def.Description = description.text
+ def.AfterDescriptionComment = comment
def.Kind = Scalar
- def.Description = description
def.Name = p.parseName()
def.Directives = p.parseDirectives(true)
return &def
}
-func (p *parser) parseObjectTypeDefinition(description string) *Definition {
- p.expectKeyword("type")
+func (p *parser) parseObjectTypeDefinition(description descriptionWithComment) *Definition {
+ _, comment := p.expectKeyword("type")
var def Definition
def.Position = p.peekPos()
def.Kind = Object
- def.Description = description
+ def.BeforeDescriptionComment = description.comment
+ def.Description = description.text
+ def.AfterDescriptionComment = comment
def.Name = p.parseName()
def.Interfaces = p.parseImplementsInterfaces()
def.Directives = p.parseDirectives(true)
- def.Fields = p.parseFieldsDefinition()
+ def.Fields, def.EndOfDefinitionComment = p.parseFieldsDefinition()
return &def
}
@@ -176,18 +221,26 @@ func (p *parser) parseImplementsInterfaces() []string {
return types
}
-func (p *parser) parseFieldsDefinition() FieldList {
+func (p *parser) parseFieldsDefinition() (FieldList, *CommentGroup) {
var defs FieldList
- p.some(lexer.BraceL, lexer.BraceR, func() {
+ comment := p.some(lexer.BraceL, lexer.BraceR, func() {
defs = append(defs, p.parseFieldDefinition())
})
- return defs
+ return defs, comment
}
func (p *parser) parseFieldDefinition() *FieldDefinition {
var def FieldDefinition
def.Position = p.peekPos()
- def.Description = p.parseDescription()
+
+ desc := p.parseDescription()
+ if desc.text != "" {
+ def.BeforeDescriptionComment = desc.comment
+ def.Description = desc.text
+ }
+
+ p.peek() // peek to set p.comment
+ def.AfterDescriptionComment = p.comment
def.Name = p.parseName()
def.Arguments = p.parseArgumentDefs()
p.expect(lexer.Colon)
@@ -208,7 +261,15 @@ func (p *parser) parseArgumentDefs() ArgumentDefinitionList {
func (p *parser) parseArgumentDef() *ArgumentDefinition {
var def ArgumentDefinition
def.Position = p.peekPos()
- def.Description = p.parseDescription()
+
+ desc := p.parseDescription()
+ if desc.text != "" {
+ def.BeforeDescriptionComment = desc.comment
+ def.Description = desc.text
+ }
+
+ p.peek() // peek to set p.comment
+ def.AfterDescriptionComment = p.comment
def.Name = p.parseName()
p.expect(lexer.Colon)
def.Type = p.parseTypeReference()
@@ -222,7 +283,15 @@ func (p *parser) parseArgumentDef() *ArgumentDefinition {
func (p *parser) parseInputValueDef() *FieldDefinition {
var def FieldDefinition
def.Position = p.peekPos()
- def.Description = p.parseDescription()
+
+ desc := p.parseDescription()
+ if desc.text != "" {
+ def.BeforeDescriptionComment = desc.comment
+ def.Description = desc.text
+ }
+
+ p.peek() // peek to set p.comment
+ def.AfterDescriptionComment = p.comment
def.Name = p.parseName()
p.expect(lexer.Colon)
def.Type = p.parseTypeReference()
@@ -233,27 +302,31 @@ func (p *parser) parseInputValueDef() *FieldDefinition {
return &def
}
-func (p *parser) parseInterfaceTypeDefinition(description string) *Definition {
- p.expectKeyword("interface")
+func (p *parser) parseInterfaceTypeDefinition(description descriptionWithComment) *Definition {
+ _, comment := p.expectKeyword("interface")
var def Definition
def.Position = p.peekPos()
def.Kind = Interface
- def.Description = description
+ def.BeforeDescriptionComment = description.comment
+ def.Description = description.text
+ def.AfterDescriptionComment = comment
def.Name = p.parseName()
def.Interfaces = p.parseImplementsInterfaces()
def.Directives = p.parseDirectives(true)
- def.Fields = p.parseFieldsDefinition()
+ def.Fields, def.EndOfDefinitionComment = p.parseFieldsDefinition()
return &def
}
-func (p *parser) parseUnionTypeDefinition(description string) *Definition {
- p.expectKeyword("union")
+func (p *parser) parseUnionTypeDefinition(description descriptionWithComment) *Definition {
+ _, comment := p.expectKeyword("union")
var def Definition
def.Position = p.peekPos()
def.Kind = Union
- def.Description = description
+ def.BeforeDescriptionComment = description.comment
+ def.Description = description.text
+ def.AfterDescriptionComment = comment
def.Name = p.parseName()
def.Directives = p.parseDirectives(true)
def.Types = p.parseUnionMemberTypes()
@@ -274,87 +347,101 @@ func (p *parser) parseUnionMemberTypes() []string {
return types
}
-func (p *parser) parseEnumTypeDefinition(description string) *Definition {
- p.expectKeyword("enum")
+func (p *parser) parseEnumTypeDefinition(description descriptionWithComment) *Definition {
+ _, comment := p.expectKeyword("enum")
var def Definition
def.Position = p.peekPos()
def.Kind = Enum
- def.Description = description
+ def.BeforeDescriptionComment = description.comment
+ def.Description = description.text
+ def.AfterDescriptionComment = comment
def.Name = p.parseName()
def.Directives = p.parseDirectives(true)
- def.EnumValues = p.parseEnumValuesDefinition()
+ def.EnumValues, def.EndOfDefinitionComment = p.parseEnumValuesDefinition()
return &def
}
-func (p *parser) parseEnumValuesDefinition() EnumValueList {
+func (p *parser) parseEnumValuesDefinition() (EnumValueList, *CommentGroup) {
var values EnumValueList
- p.some(lexer.BraceL, lexer.BraceR, func() {
+ comment := p.some(lexer.BraceL, lexer.BraceR, func() {
values = append(values, p.parseEnumValueDefinition())
})
- return values
+ return values, comment
}
func (p *parser) parseEnumValueDefinition() *EnumValueDefinition {
- return &EnumValueDefinition{
- Position: p.peekPos(),
- Description: p.parseDescription(),
- Name: p.parseName(),
- Directives: p.parseDirectives(true),
+ var def EnumValueDefinition
+ def.Position = p.peekPos()
+ desc := p.parseDescription()
+ if desc.text != "" {
+ def.BeforeDescriptionComment = desc.comment
+ def.Description = desc.text
}
+
+ p.peek() // peek to set p.comment
+ def.AfterDescriptionComment = p.comment
+
+ def.Name = p.parseName()
+ def.Directives = p.parseDirectives(true)
+
+ return &def
}
-func (p *parser) parseInputObjectTypeDefinition(description string) *Definition {
- p.expectKeyword("input")
+func (p *parser) parseInputObjectTypeDefinition(description descriptionWithComment) *Definition {
+ _, comment := p.expectKeyword("input")
var def Definition
def.Position = p.peekPos()
def.Kind = InputObject
- def.Description = description
+ def.BeforeDescriptionComment = description.comment
+ def.Description = description.text
+ def.AfterDescriptionComment = comment
def.Name = p.parseName()
def.Directives = p.parseDirectives(true)
- def.Fields = p.parseInputFieldsDefinition()
+ def.Fields, def.EndOfDefinitionComment = p.parseInputFieldsDefinition()
return &def
}
-func (p *parser) parseInputFieldsDefinition() FieldList {
+func (p *parser) parseInputFieldsDefinition() (FieldList, *CommentGroup) {
var values FieldList
- p.some(lexer.BraceL, lexer.BraceR, func() {
+ comment := p.some(lexer.BraceL, lexer.BraceR, func() {
values = append(values, p.parseInputValueDef())
})
- return values
+ return values, comment
}
func (p *parser) parseTypeSystemExtension(doc *SchemaDocument) {
- p.expectKeyword("extend")
+ _, comment := p.expectKeyword("extend")
switch p.peek().Value {
case "schema":
- doc.SchemaExtension = append(doc.SchemaExtension, p.parseSchemaExtension())
+ doc.SchemaExtension = append(doc.SchemaExtension, p.parseSchemaExtension(comment))
case "scalar":
- doc.Extensions = append(doc.Extensions, p.parseScalarTypeExtension())
+ doc.Extensions = append(doc.Extensions, p.parseScalarTypeExtension(comment))
case "type":
- doc.Extensions = append(doc.Extensions, p.parseObjectTypeExtension())
+ doc.Extensions = append(doc.Extensions, p.parseObjectTypeExtension(comment))
case "interface":
- doc.Extensions = append(doc.Extensions, p.parseInterfaceTypeExtension())
+ doc.Extensions = append(doc.Extensions, p.parseInterfaceTypeExtension(comment))
case "union":
- doc.Extensions = append(doc.Extensions, p.parseUnionTypeExtension())
+ doc.Extensions = append(doc.Extensions, p.parseUnionTypeExtension(comment))
case "enum":
- doc.Extensions = append(doc.Extensions, p.parseEnumTypeExtension())
+ doc.Extensions = append(doc.Extensions, p.parseEnumTypeExtension(comment))
case "input":
- doc.Extensions = append(doc.Extensions, p.parseInputObjectTypeExtension())
+ doc.Extensions = append(doc.Extensions, p.parseInputObjectTypeExtension(comment))
default:
p.unexpectedError()
}
}
-func (p *parser) parseSchemaExtension() *SchemaDefinition {
+func (p *parser) parseSchemaExtension(comment *CommentGroup) *SchemaDefinition {
p.expectKeyword("schema")
var def SchemaDefinition
def.Position = p.peekPos()
+ def.AfterDescriptionComment = comment
def.Directives = p.parseDirectives(true)
- p.some(lexer.BraceL, lexer.BraceR, func() {
+ def.EndOfDefinitionComment = p.some(lexer.BraceL, lexer.BraceR, func() {
def.OperationTypes = append(def.OperationTypes, p.parseOperationTypeDefinition())
})
if len(def.Directives) == 0 && len(def.OperationTypes) == 0 {
@@ -363,11 +450,12 @@ func (p *parser) parseSchemaExtension() *SchemaDefinition {
return &def
}
-func (p *parser) parseScalarTypeExtension() *Definition {
+func (p *parser) parseScalarTypeExtension(comment *CommentGroup) *Definition {
p.expectKeyword("scalar")
var def Definition
def.Position = p.peekPos()
+ def.AfterDescriptionComment = comment
def.Kind = Scalar
def.Name = p.parseName()
def.Directives = p.parseDirectives(true)
@@ -377,42 +465,45 @@ func (p *parser) parseScalarTypeExtension() *Definition {
return &def
}
-func (p *parser) parseObjectTypeExtension() *Definition {
+func (p *parser) parseObjectTypeExtension(comment *CommentGroup) *Definition {
p.expectKeyword("type")
var def Definition
def.Position = p.peekPos()
+ def.AfterDescriptionComment = comment
def.Kind = Object
def.Name = p.parseName()
def.Interfaces = p.parseImplementsInterfaces()
def.Directives = p.parseDirectives(true)
- def.Fields = p.parseFieldsDefinition()
+ def.Fields, def.EndOfDefinitionComment = p.parseFieldsDefinition()
if len(def.Interfaces) == 0 && len(def.Directives) == 0 && len(def.Fields) == 0 {
p.unexpectedError()
}
return &def
}
-func (p *parser) parseInterfaceTypeExtension() *Definition {
+func (p *parser) parseInterfaceTypeExtension(comment *CommentGroup) *Definition {
p.expectKeyword("interface")
var def Definition
def.Position = p.peekPos()
+ def.AfterDescriptionComment = comment
def.Kind = Interface
def.Name = p.parseName()
def.Directives = p.parseDirectives(true)
- def.Fields = p.parseFieldsDefinition()
+ def.Fields, def.EndOfDefinitionComment = p.parseFieldsDefinition()
if len(def.Directives) == 0 && len(def.Fields) == 0 {
p.unexpectedError()
}
return &def
}
-func (p *parser) parseUnionTypeExtension() *Definition {
+func (p *parser) parseUnionTypeExtension(comment *CommentGroup) *Definition {
p.expectKeyword("union")
var def Definition
def.Position = p.peekPos()
+ def.AfterDescriptionComment = comment
def.Kind = Union
def.Name = p.parseName()
def.Directives = p.parseDirectives(true)
@@ -424,43 +515,47 @@ func (p *parser) parseUnionTypeExtension() *Definition {
return &def
}
-func (p *parser) parseEnumTypeExtension() *Definition {
+func (p *parser) parseEnumTypeExtension(comment *CommentGroup) *Definition {
p.expectKeyword("enum")
var def Definition
def.Position = p.peekPos()
+ def.AfterDescriptionComment = comment
def.Kind = Enum
def.Name = p.parseName()
def.Directives = p.parseDirectives(true)
- def.EnumValues = p.parseEnumValuesDefinition()
+ def.EnumValues, def.EndOfDefinitionComment = p.parseEnumValuesDefinition()
if len(def.Directives) == 0 && len(def.EnumValues) == 0 {
p.unexpectedError()
}
return &def
}
-func (p *parser) parseInputObjectTypeExtension() *Definition {
+func (p *parser) parseInputObjectTypeExtension(comment *CommentGroup) *Definition {
p.expectKeyword("input")
var def Definition
def.Position = p.peekPos()
+ def.AfterDescriptionComment = comment
def.Kind = InputObject
def.Name = p.parseName()
def.Directives = p.parseDirectives(false)
- def.Fields = p.parseInputFieldsDefinition()
+ def.Fields, def.EndOfDefinitionComment = p.parseInputFieldsDefinition()
if len(def.Directives) == 0 && len(def.Fields) == 0 {
p.unexpectedError()
}
return &def
}
-func (p *parser) parseDirectiveDefinition(description string) *DirectiveDefinition {
- p.expectKeyword("directive")
+func (p *parser) parseDirectiveDefinition(description descriptionWithComment) *DirectiveDefinition {
+ _, comment := p.expectKeyword("directive")
p.expect(lexer.At)
var def DirectiveDefinition
def.Position = p.peekPos()
- def.Description = description
+ def.BeforeDescriptionComment = description.comment
+ def.Description = description.text
+ def.AfterDescriptionComment = comment
def.Name = p.parseName()
def.Arguments = p.parseArgumentDefs()
@@ -487,7 +582,7 @@ func (p *parser) parseDirectiveLocations() []DirectiveLocation {
}
func (p *parser) parseDirectiveLocation() DirectiveLocation {
- name := p.expect(lexer.Name)
+ name, _ := p.expect(lexer.Name)
switch name.Value {
case `QUERY`:
@@ -533,3 +628,8 @@ func (p *parser) parseDirectiveLocation() DirectiveLocation {
p.unexpectedToken(name)
return ""
}
+
+type descriptionWithComment struct {
+ text string
+ comment *CommentGroup
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/schema_test.yml b/vendor/github.com/vektah/gqlparser/v2/parser/schema_test.yml
similarity index 81%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/schema_test.yml
rename to vendor/github.com/vektah/gqlparser/v2/parser/schema_test.yml
index 8b6a5d0ca3..705514a995 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/parser/schema_test.yml
+++ b/vendor/github.com/vektah/gqlparser/v2/parser/schema_test.yml
@@ -15,6 +15,67 @@ object types:
Name: "world"
Type: String
+ - name: with comments
+ input: |
+ # Hello
+ # Hello another
+ type Hello {
+ # World
+ # World another
+ world: String
+ # end of type comments
+ }
+ # end of file comments
+ ast: |
+
+ Definitions: [Definition]
+ -
+ Kind: DefinitionKind("OBJECT")
+ Name: "Hello"
+ Fields: [FieldDefinition]
+ -
+ Name: "world"
+ Type: String
+ AfterDescriptionComment: "# World\n# World another\n"
+ AfterDescriptionComment: "# Hello\n# Hello another\n"
+ EndOfDefinitionComment: "# end of type comments\n"
+ Comment: "# end of file comments\n"
+
+ - name: with comments and description
+ input: |
+ # Hello
+ # Hello another
+ "type description"
+ # Hello after description
+ # Hello after description another
+ type Hello {
+ # World
+ # World another
+ "field description"
+ # World after description
+ # World after description another
+ world: String
+ # end of definition coments
+ # end of definition comments another
+ }
+ ast: |
+
+ Definitions: [Definition]
+ -
+ Kind: DefinitionKind("OBJECT")
+ Description: "type description"
+ Name: "Hello"
+ Fields: [FieldDefinition]
+ -
+ Description: "field description"
+ Name: "world"
+ Type: String
+ BeforeDescriptionComment: "# World\n# World another\n"
+ AfterDescriptionComment: "# World after description\n# World after description another\n"
+ BeforeDescriptionComment: "# Hello\n# Hello another\n"
+ AfterDescriptionComment: "# Hello after description\n# Hello after description another\n"
+ EndOfDefinitionComment: "# end of definition coments\n# end of definition comments another\n"
+
- name: with description
input: |
"Description"
@@ -35,6 +96,7 @@ object types:
- name: with block description
input: |
+ # Before description comment
"""
Description
"""
@@ -53,6 +115,8 @@ object types:
-
Name: "world"
Type: String
+ BeforeDescriptionComment: "# Before description comment\n"
+ AfterDescriptionComment: "# Even with comments between them\n"
- name: with field arg
input: |
type Hello {
@@ -146,8 +210,11 @@ object types:
type extensions:
- name: Object extension
input: |
+ # comment
extend type Hello {
+ # comment world
world: String
+ # end of definition comment
}
ast: |
@@ -159,6 +226,9 @@ type extensions:
-
Name: "world"
Type: String
+ AfterDescriptionComment: "# comment world\n"
+ AfterDescriptionComment: "# comment\n"
+ EndOfDefinitionComment: "# end of definition comment\n"
- name: without any fields
input: "extend type Hello implements Greeting"
@@ -277,6 +347,30 @@ schema definition:
Operation: Operation("query")
Type: "Query"
+ - name: with comments and description
+ input: |
+ # before description comment
+ "description"
+ # after description comment
+ schema {
+ # before field comment
+ query: Query
+ # after field comment
+ }
+ ast: |
+
+ Schema: [SchemaDefinition]
+ -
+ Description: "description"
+ OperationTypes: [OperationTypeDefinition]
+ -
+ Operation: Operation("query")
+ Type: "Query"
+ Comment: "# before field comment\n"
+ BeforeDescriptionComment: "# before description comment\n"
+ AfterDescriptionComment: "# after description comment\n"
+ EndOfDefinitionComment: "# after field comment\n"
+
schema extensions:
- name: simple
input: |
@@ -292,6 +386,26 @@ schema extensions:
Operation: Operation("mutation")
Type: "Mutation"
+ - name: with comment and description
+ input: |
+ # before extend comment
+ extend schema {
+ # before field comment
+ mutation: Mutation
+ # after field comment
+ }
+ ast: |
+
+ SchemaExtension: [SchemaDefinition]
+ -
+ OperationTypes: [OperationTypeDefinition]
+ -
+ Operation: Operation("mutation")
+ Type: "Mutation"
+ Comment: "# before field comment\n"
+ AfterDescriptionComment: "# before extend comment\n"
+ EndOfDefinitionComment: "# after field comment\n"
+
- name: directive only
input: "extend schema @directive"
ast: |
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/error.go b/vendor/github.com/vektah/gqlparser/v2/validator/error.go
similarity index 91%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/error.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/error.go
index f31f180a2e..f8f76055ac 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/error.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/error.go
@@ -3,8 +3,8 @@ package validator
import (
"fmt"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
- "github.com/open-policy-agent/opa/internal/gqlparser/gqlerror"
+ "github.com/vektah/gqlparser/v2/ast"
+ "github.com/vektah/gqlparser/v2/gqlerror"
)
type ErrorOption func(err *gqlerror.Error)
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/imported/prelude.graphql b/vendor/github.com/vektah/gqlparser/v2/validator/imported/prelude.graphql
new file mode 100644
index 0000000000..8be3d2f5b6
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/imported/prelude.graphql
@@ -0,0 +1,250 @@
+# This file defines all the implicitly declared types that are required by the graphql spec. It is implicitly included by calls to LoadSchema
+
+"The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1."
+scalar Int
+
+"The `Float` scalar type represents signed double-precision fractional values as specified by [IEEE 754](http://en.wikipedia.org/wiki/IEEE_floating_point)."
+scalar Float
+
+"The `String`scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text."
+scalar String
+
+"The `Boolean` scalar type represents `true` or `false`."
+scalar Boolean
+
+"""The `ID` scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID."""
+scalar ID
+
+"Directs the executor to defer this fragment when the `if` argument is true or undefined."
+directive @defer(
+ "Deferred when true or undefined."
+ if: Boolean = true,
+ "Unique name"
+ label: String
+) on FRAGMENT_SPREAD | INLINE_FRAGMENT
+
+"""
+Directs the executor to include this field or fragment only when the `if` argument is true.
+"""
+directive @include(
+ """Included when true."""
+ if: Boolean!
+) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT
+
+"""
+Directs the executor to skip this field or fragment when the `if` argument is true.
+"""
+directive @skip(
+ """Skipped when true."""
+ if: Boolean!
+) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT
+
+"""Marks an element of a GraphQL schema as no longer supported."""
+directive @deprecated(
+ """
+ Explains why this element was deprecated, usually also including a suggestion for how to access supported similar data. Formatted using the Markdown syntax, as specified by [CommonMark](https://commonmark.org/).
+ """
+ reason: String = "No longer supported"
+) on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | ENUM_VALUE
+
+"""Exposes a URL that specifies the behavior of this scalar."""
+directive @specifiedBy(
+ """The URL that specifies the behavior of this scalar."""
+ url: String!
+) on SCALAR
+
+"""
+Indicates exactly one field must be supplied and this field must not be `null`.
+"""
+directive @oneOf on INPUT_OBJECT
+
+"""
+A GraphQL Schema defines the capabilities of a GraphQL server. It exposes all available types and directives on the server, as well as the entry points for query, mutation, and subscription operations.
+"""
+type __Schema {
+ description: String
+
+ """A list of all types supported by this server."""
+ types: [__Type!]!
+
+ """The type that query operations will be rooted at."""
+ queryType: __Type!
+
+ """
+ If this server supports mutation, the type that mutation operations will be rooted at.
+ """
+ mutationType: __Type
+
+ """
+ If this server support subscription, the type that subscription operations will be rooted at.
+ """
+ subscriptionType: __Type
+
+ """A list of all directives supported by this server."""
+ directives: [__Directive!]!
+}
+
+"""
+The fundamental unit of any GraphQL Schema is the type. There are many kinds of types in GraphQL as represented by the `__TypeKind` enum.
+
+Depending on the kind of a type, certain fields describe information about that type. Scalar types provide no information beyond a name, description and optional `specifiedByURL`, while Enum types provide their values. Object and Interface types provide the fields they describe. Abstract types, Union and Interface, provide the Object types possible at runtime. List and NonNull types compose other types.
+"""
+type __Type {
+ kind: __TypeKind!
+ name: String
+ description: String
+ specifiedByURL: String
+ fields(includeDeprecated: Boolean = false): [__Field!]
+ interfaces: [__Type!]
+ possibleTypes: [__Type!]
+ enumValues(includeDeprecated: Boolean = false): [__EnumValue!]
+ inputFields(includeDeprecated: Boolean = false): [__InputValue!]
+ ofType: __Type
+ isOneOf: Boolean
+}
+
+"""An enum describing what kind of type a given `__Type` is."""
+enum __TypeKind {
+ """Indicates this type is a scalar."""
+ SCALAR
+
+ """
+ Indicates this type is an object. `fields` and `interfaces` are valid fields.
+ """
+ OBJECT
+
+ """
+ Indicates this type is an interface. `fields`, `interfaces`, and `possibleTypes` are valid fields.
+ """
+ INTERFACE
+
+ """Indicates this type is a union. `possibleTypes` is a valid field."""
+ UNION
+
+ """Indicates this type is an enum. `enumValues` is a valid field."""
+ ENUM
+
+ """
+ Indicates this type is an input object. `inputFields` is a valid field.
+ """
+ INPUT_OBJECT
+
+ """Indicates this type is a list. `ofType` is a valid field."""
+ LIST
+
+ """Indicates this type is a non-null. `ofType` is a valid field."""
+ NON_NULL
+}
+
+"""
+Object and Interface types are described by a list of Fields, each of which has a name, potentially a list of arguments, and a return type.
+"""
+type __Field {
+ name: String!
+ description: String
+ args(includeDeprecated: Boolean = false): [__InputValue!]!
+ type: __Type!
+ isDeprecated: Boolean!
+ deprecationReason: String
+}
+
+"""
+Arguments provided to Fields or Directives and the input fields of an InputObject are represented as Input Values which describe their type and optionally a default value.
+"""
+type __InputValue {
+ name: String!
+ description: String
+ type: __Type!
+
+ """
+ A GraphQL-formatted string representing the default value for this input value.
+ """
+ defaultValue: String
+ isDeprecated: Boolean!
+ deprecationReason: String
+}
+
+"""
+One possible value for a given Enum. Enum values are unique values, not a placeholder for a string or numeric value. However an Enum value is returned in a JSON response as a string.
+"""
+type __EnumValue {
+ name: String!
+ description: String
+ isDeprecated: Boolean!
+ deprecationReason: String
+}
+
+"""
+A Directive provides a way to describe alternate runtime execution and type validation behavior in a GraphQL document.
+
+In some cases, you need to provide options to alter GraphQL's execution behavior in ways field arguments will not suffice, such as conditionally including or skipping a field. Directives provide this by describing additional information to the executor.
+"""
+type __Directive {
+ name: String!
+ description: String
+ isRepeatable: Boolean!
+ locations: [__DirectiveLocation!]!
+ args(includeDeprecated: Boolean = false): [__InputValue!]!
+}
+
+"""
+A Directive can be adjacent to many parts of the GraphQL language, a __DirectiveLocation describes one such possible adjacencies.
+"""
+enum __DirectiveLocation {
+ """Location adjacent to a query operation."""
+ QUERY
+
+ """Location adjacent to a mutation operation."""
+ MUTATION
+
+ """Location adjacent to a subscription operation."""
+ SUBSCRIPTION
+
+ """Location adjacent to a field."""
+ FIELD
+
+ """Location adjacent to a fragment definition."""
+ FRAGMENT_DEFINITION
+
+ """Location adjacent to a fragment spread."""
+ FRAGMENT_SPREAD
+
+ """Location adjacent to an inline fragment."""
+ INLINE_FRAGMENT
+
+ """Location adjacent to a variable definition."""
+ VARIABLE_DEFINITION
+
+ """Location adjacent to a schema definition."""
+ SCHEMA
+
+ """Location adjacent to a scalar definition."""
+ SCALAR
+
+ """Location adjacent to an object type definition."""
+ OBJECT
+
+ """Location adjacent to a field definition."""
+ FIELD_DEFINITION
+
+ """Location adjacent to an argument definition."""
+ ARGUMENT_DEFINITION
+
+ """Location adjacent to an interface definition."""
+ INTERFACE
+
+ """Location adjacent to a union definition."""
+ UNION
+
+ """Location adjacent to an enum definition."""
+ ENUM
+
+ """Location adjacent to an enum value definition."""
+ ENUM_VALUE
+
+ """Location adjacent to an input object type definition."""
+ INPUT_OBJECT
+
+ """Location adjacent to an input object field definition."""
+ INPUT_FIELD_DEFINITION
+}
\ No newline at end of file
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/messaging.go b/vendor/github.com/vektah/gqlparser/v2/validator/messaging.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/messaging.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/messaging.go
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/prelude.go b/vendor/github.com/vektah/gqlparser/v2/validator/prelude.go
similarity index 66%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/prelude.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/prelude.go
index 86796fab6c..5c88e93b3f 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/prelude.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/prelude.go
@@ -3,10 +3,10 @@ package validator
import (
_ "embed"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
)
-//go:embed prelude.graphql
+//go:embed imported/prelude.graphql
var preludeGraphql string
var Prelude = &ast.Source{
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/fields_on_correct_type.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/fields_on_correct_type.go
similarity index 56%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/fields_on_correct_type.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/fields_on_correct_type.go
index d536e5e5f4..b57d2a9014 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/fields_on_correct_type.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/fields_on_correct_type.go
@@ -1,40 +1,58 @@
-package validator
+package rules
import (
"fmt"
"sort"
"strings"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("FieldsOnCorrectType", func(observers *Events, addError AddErrFunc) {
- observers.OnField(func(walker *Walker, field *ast.Field) {
- if field.ObjectDefinition == nil || field.Definition != nil {
- return
- }
+func ruleFuncFieldsOnCorrectType(observers *Events, addError AddErrFunc, disableSuggestion bool) {
+ observers.OnField(func(walker *Walker, field *ast.Field) {
+ if field.ObjectDefinition == nil || field.Definition != nil {
+ return
+ }
- message := fmt.Sprintf(`Cannot query field "%s" on type "%s".`, field.Name, field.ObjectDefinition.Name)
+ message := fmt.Sprintf(`Cannot query field "%s" on type "%s".`, field.Name, field.ObjectDefinition.Name)
+ if !disableSuggestion {
if suggestedTypeNames := getSuggestedTypeNames(walker, field.ObjectDefinition, field.Name); suggestedTypeNames != nil {
message += " Did you mean to use an inline fragment on " + QuotedOrList(suggestedTypeNames...) + "?"
} else if suggestedFieldNames := getSuggestedFieldNames(field.ObjectDefinition, field.Name); suggestedFieldNames != nil {
message += " Did you mean " + QuotedOrList(suggestedFieldNames...) + "?"
}
+ }
- addError(
- Message(message),
- At(field.Position),
- )
- })
+ addError(
+ Message("%s", message),
+ At(field.Position),
+ )
})
}
-// Go through all of the implementations of type, as well as the interfaces
+var FieldsOnCorrectTypeRule = Rule{
+ Name: "FieldsOnCorrectType",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ ruleFuncFieldsOnCorrectType(observers, addError, false)
+ },
+}
+
+var FieldsOnCorrectTypeRuleWithoutSuggestions = Rule{
+ Name: "FieldsOnCorrectTypeWithoutSuggestions",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ ruleFuncFieldsOnCorrectType(observers, addError, true)
+ },
+}
+
+func init() {
+ AddRule(FieldsOnCorrectTypeRule.Name, FieldsOnCorrectTypeRule.RuleFunc)
+}
+
+// Go through all the implementations of type, as well as the interfaces
// that they implement. If any of those types include the provided field,
// suggest them, sorted by how often the type is referenced, starting
// with Interfaces.
@@ -44,7 +62,7 @@ func getSuggestedTypeNames(walker *Walker, parent *ast.Definition, name string)
}
possibleTypes := walker.Schema.GetPossibleTypes(parent)
- var suggestedObjectTypes = make([]string, 0, len(possibleTypes))
+ suggestedObjectTypes := make([]string, 0, len(possibleTypes))
var suggestedInterfaceTypes []string
interfaceUsageCount := map[string]int{}
@@ -67,7 +85,7 @@ func getSuggestedTypeNames(walker *Walker, parent *ast.Definition, name string)
}
}
- suggestedTypes := append(suggestedInterfaceTypes, suggestedObjectTypes...)
+ suggestedTypes := concatSlice(suggestedInterfaceTypes, suggestedObjectTypes)
sort.SliceStable(suggestedTypes, func(i, j int) bool {
typeA, typeB := suggestedTypes[i], suggestedTypes[j]
@@ -81,6 +99,16 @@ func getSuggestedTypeNames(walker *Walker, parent *ast.Definition, name string)
return suggestedTypes
}
+// By employing a full slice expression (slice[low:high:max]),
+// where max is set to the slice’s length,
+// we ensure that appending elements results
+// in a slice backed by a distinct array.
+// This method prevents the shared array issue
+func concatSlice(first []string, second []string) []string {
+ n := len(first)
+ return append(first[:n:n], second...)
+}
+
// For the field name provided, determine if there are any similar field names
// that may be the result of a typo.
func getSuggestedFieldNames(parent *ast.Definition, name string) []string {
@@ -88,7 +116,7 @@ func getSuggestedFieldNames(parent *ast.Definition, name string) []string {
return nil
}
- var possibleFieldNames = make([]string, 0, len(parent.Fields))
+ possibleFieldNames := make([]string, 0, len(parent.Fields))
for _, field := range parent.Fields {
possibleFieldNames = append(possibleFieldNames, field.Name)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/fragments_on_composite_types.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/fragments_on_composite_types.go
similarity index 58%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/fragments_on_composite_types.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/fragments_on_composite_types.go
index 66bd348c47..a88e3f1cf7 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/fragments_on_composite_types.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/fragments_on_composite_types.go
@@ -1,16 +1,17 @@
-package validator
+package rules
import (
"fmt"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("FragmentsOnCompositeTypes", func(observers *Events, addError AddErrFunc) {
+var FragmentsOnCompositeTypesRule = Rule{
+ Name: "FragmentsOnCompositeTypes",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
observers.OnInlineFragment(func(walker *Walker, inlineFragment *ast.InlineFragment) {
fragmentType := walker.Schema.Types[inlineFragment.TypeCondition]
if fragmentType == nil || fragmentType.IsCompositeType() {
@@ -20,12 +21,12 @@ func init() {
message := fmt.Sprintf(`Fragment cannot condition on non composite type "%s".`, inlineFragment.TypeCondition)
addError(
- Message(message),
+ Message("%s", message),
At(inlineFragment.Position),
)
})
- observers.OnFragment(func(_ *Walker, fragment *ast.FragmentDefinition) {
+ observers.OnFragment(func(walker *Walker, fragment *ast.FragmentDefinition) {
if fragment.Definition == nil || fragment.TypeCondition == "" || fragment.Definition.IsCompositeType() {
return
}
@@ -33,9 +34,13 @@ func init() {
message := fmt.Sprintf(`Fragment "%s" cannot condition on non composite type "%s".`, fragment.Name, fragment.TypeCondition)
addError(
- Message(message),
+ Message("%s", message),
At(fragment.Position),
)
})
- })
+ },
+}
+
+func init() {
+ AddRule(FragmentsOnCompositeTypesRule.Name, FragmentsOnCompositeTypesRule.RuleFunc)
}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_argument_names.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_argument_names.go
new file mode 100644
index 0000000000..83b4e05758
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_argument_names.go
@@ -0,0 +1,88 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+func ruleFuncKnownArgumentNames(observers *Events, addError AddErrFunc, disableSuggestion bool) {
+ // A GraphQL field is only valid if all supplied arguments are defined by that field.
+ observers.OnField(func(walker *Walker, field *ast.Field) {
+ if field.Definition == nil || field.ObjectDefinition == nil {
+ return
+ }
+ for _, arg := range field.Arguments {
+ def := field.Definition.Arguments.ForName(arg.Name)
+ if def != nil {
+ continue
+ }
+
+ if disableSuggestion {
+ addError(
+ Message(`Unknown argument "%s" on field "%s.%s".`, arg.Name, field.ObjectDefinition.Name, field.Name),
+ At(field.Position),
+ )
+ } else {
+ var suggestions []string
+ for _, argDef := range field.Definition.Arguments {
+ suggestions = append(suggestions, argDef.Name)
+ }
+ addError(
+ Message(`Unknown argument "%s" on field "%s.%s".`, arg.Name, field.ObjectDefinition.Name, field.Name),
+ SuggestListQuoted("Did you mean", arg.Name, suggestions),
+ At(field.Position),
+ )
+ }
+ }
+ })
+
+ observers.OnDirective(func(walker *Walker, directive *ast.Directive) {
+ if directive.Definition == nil {
+ return
+ }
+ for _, arg := range directive.Arguments {
+ def := directive.Definition.Arguments.ForName(arg.Name)
+ if def != nil {
+ continue
+ }
+
+ if disableSuggestion {
+ addError(
+ Message(`Unknown argument "%s" on directive "@%s".`, arg.Name, directive.Name),
+ At(directive.Position),
+ )
+ } else {
+ var suggestions []string
+ for _, argDef := range directive.Definition.Arguments {
+ suggestions = append(suggestions, argDef.Name)
+ }
+
+ addError(
+ Message(`Unknown argument "%s" on directive "@%s".`, arg.Name, directive.Name),
+ SuggestListQuoted("Did you mean", arg.Name, suggestions),
+ At(directive.Position),
+ )
+ }
+ }
+ })
+}
+
+var KnownArgumentNamesRule = Rule{
+ Name: "KnownArgumentNames",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ ruleFuncKnownArgumentNames(observers, addError, false)
+ },
+}
+
+var KnownArgumentNamesRuleWithoutSuggestions = Rule{
+ Name: "KnownArgumentNamesWithoutSuggestions",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ ruleFuncKnownArgumentNames(observers, addError, true)
+ },
+}
+
+func init() {
+ AddRule(KnownArgumentNamesRule.Name, KnownArgumentNamesRule.RuleFunc)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_directives.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_directives.go
similarity index 62%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_directives.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/known_directives.go
index 9855291e3b..ccb5efeb95 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_directives.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_directives.go
@@ -1,21 +1,22 @@
-package validator
+package rules
import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("KnownDirectives", func(observers *Events, addError AddErrFunc) {
+var KnownDirectivesRule = Rule{
+ Name: "KnownDirectives",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
type mayNotBeUsedDirective struct {
Name string
Line int
Column int
}
- var seen = map[mayNotBeUsedDirective]bool{}
- observers.OnDirective(func(_ *Walker, directive *ast.Directive) {
+ seen := map[mayNotBeUsedDirective]bool{}
+ observers.OnDirective(func(walker *Walker, directive *ast.Directive) {
if directive.Definition == nil {
addError(
Message(`Unknown directive "@%s".`, directive.Name),
@@ -45,5 +46,9 @@ func init() {
seen[tmp] = true
}
})
- })
+ },
+}
+
+func init() {
+ AddRule(KnownDirectivesRule.Name, KnownDirectivesRule.RuleFunc)
}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_fragment_names.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_fragment_names.go
new file mode 100644
index 0000000000..525698fb94
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_fragment_names.go
@@ -0,0 +1,26 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var KnownFragmentNamesRule = Rule{
+ Name: "KnownFragmentNames",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ observers.OnFragmentSpread(func(walker *Walker, fragmentSpread *ast.FragmentSpread) {
+ if fragmentSpread.Definition == nil {
+ addError(
+ Message(`Unknown fragment "%s".`, fragmentSpread.Name),
+ At(fragmentSpread.Position),
+ )
+ }
+ })
+ },
+}
+
+func init() {
+ AddRule(KnownFragmentNamesRule.Name, KnownFragmentNamesRule.RuleFunc)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_root_type.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_root_type.go
similarity index 69%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_root_type.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/known_root_type.go
index ab97cd9017..aa66d16c28 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/known_root_type.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_root_type.go
@@ -1,16 +1,17 @@
-package validator
+package rules
import (
"fmt"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("KnownRootType", func(observers *Events, addError AddErrFunc) {
+var KnownRootTypeRule = Rule{
+ Name: "KnownRootType",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
// A query's root must be a valid type. Surprisingly, this isn't
// checked anywhere else!
observers.OnOperation(func(walker *Walker, operation *ast.OperationDefinition) {
@@ -33,5 +34,9 @@ func init() {
At(operation.Position))
}
})
- })
+ },
+}
+
+func init() {
+ AddRule(KnownRootTypeRule.Name, KnownRootTypeRule.RuleFunc)
}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_type_names.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_type_names.go
new file mode 100644
index 0000000000..ef85c58e65
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/known_type_names.go
@@ -0,0 +1,84 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+func ruleFuncKnownTypeNames(observers *Events, addError AddErrFunc, disableSuggestion bool) {
+ observers.OnVariable(func(walker *Walker, variable *ast.VariableDefinition) {
+ typeName := variable.Type.Name()
+ typdef := walker.Schema.Types[typeName]
+ if typdef != nil {
+ return
+ }
+
+ addError(
+ Message(`Unknown type "%s".`, typeName),
+ At(variable.Position),
+ )
+ })
+
+ observers.OnInlineFragment(func(walker *Walker, inlineFragment *ast.InlineFragment) {
+ typedName := inlineFragment.TypeCondition
+ if typedName == "" {
+ return
+ }
+
+ def := walker.Schema.Types[typedName]
+ if def != nil {
+ return
+ }
+
+ addError(
+ Message(`Unknown type "%s".`, typedName),
+ At(inlineFragment.Position),
+ )
+ })
+
+ observers.OnFragment(func(walker *Walker, fragment *ast.FragmentDefinition) {
+ typeName := fragment.TypeCondition
+ def := walker.Schema.Types[typeName]
+ if def != nil {
+ return
+ }
+
+ if disableSuggestion {
+ addError(
+ Message(`Unknown type "%s".`, typeName),
+ At(fragment.Position),
+ )
+ } else {
+ var possibleTypes []string
+ for _, t := range walker.Schema.Types {
+ possibleTypes = append(possibleTypes, t.Name)
+ }
+
+ addError(
+ Message(`Unknown type "%s".`, typeName),
+ SuggestListQuoted("Did you mean", typeName, possibleTypes),
+ At(fragment.Position),
+ )
+ }
+ })
+}
+
+var KnownTypeNamesRule = Rule{
+ Name: "KnownTypeNames",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ ruleFuncKnownTypeNames(observers, addError, false)
+ },
+}
+
+var KnownTypeNamesRuleWithoutSuggestions = Rule{
+ Name: "KnownTypeNamesWithoutSuggestions",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ ruleFuncKnownTypeNames(observers, addError, true)
+ },
+}
+
+func init() {
+ AddRule(KnownTypeNamesRule.Name, KnownTypeNamesRule.RuleFunc)
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/lone_anonymous_operation.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/lone_anonymous_operation.go
new file mode 100644
index 0000000000..6e246f715f
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/lone_anonymous_operation.go
@@ -0,0 +1,26 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var LoneAnonymousOperationRule = Rule{
+ Name: "LoneAnonymousOperation",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ observers.OnOperation(func(walker *Walker, operation *ast.OperationDefinition) {
+ if operation.Name == "" && len(walker.Document.Operations) > 1 {
+ addError(
+ Message(`This anonymous operation must be the only defined operation.`),
+ At(operation.Position),
+ )
+ }
+ })
+ },
+}
+
+func init() {
+ AddRule(LoneAnonymousOperationRule.Name, LoneAnonymousOperationRule.RuleFunc)
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/max_introspection_depth.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/max_introspection_depth.go
new file mode 100644
index 0000000000..57a68b32b9
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/max_introspection_depth.go
@@ -0,0 +1,90 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+const maxListsDepth = 3
+
+var MaxIntrospectionDepth = Rule{
+ Name: "MaxIntrospectionDepth",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ // Counts the depth of list fields in "__Type" recursively and
+ // returns `true` if the limit has been reached.
+ observers.OnField(func(walker *Walker, field *ast.Field) {
+ if field.Name == "__schema" || field.Name == "__type" {
+ visitedFragments := make(map[string]bool)
+ if checkDepthField(field, visitedFragments, 0) {
+ addError(
+ Message(`Maximum introspection depth exceeded`),
+ At(field.Position),
+ )
+ }
+ return
+ }
+ })
+ },
+}
+
+func checkDepthSelectionSet(selectionSet ast.SelectionSet, visitedFragments map[string]bool, depth int) bool {
+ for _, child := range selectionSet {
+ if field, ok := child.(*ast.Field); ok {
+ if checkDepthField(field, visitedFragments, depth) {
+ return true
+ }
+ }
+ if fragmentSpread, ok := child.(*ast.FragmentSpread); ok {
+ if checkDepthFragmentSpread(fragmentSpread, visitedFragments, depth) {
+ return true
+ }
+ }
+ if inlineFragment, ok := child.(*ast.InlineFragment); ok {
+ if checkDepthSelectionSet(inlineFragment.SelectionSet, visitedFragments, depth) {
+ return true
+ }
+ }
+ }
+ return false
+}
+
+func checkDepthField(field *ast.Field, visitedFragments map[string]bool, depth int) bool {
+ if field.Name == "fields" ||
+ field.Name == "interfaces" ||
+ field.Name == "possibleTypes" ||
+ field.Name == "inputFields" {
+ depth++
+ if depth >= maxListsDepth {
+ return true
+ }
+ }
+ return checkDepthSelectionSet(field.SelectionSet, visitedFragments, depth)
+}
+
+func checkDepthFragmentSpread(fragmentSpread *ast.FragmentSpread, visitedFragments map[string]bool, depth int) bool {
+ fragmentName := fragmentSpread.Name
+ if visited, ok := visitedFragments[fragmentName]; ok && visited {
+ // Fragment cycles are handled by `NoFragmentCyclesRule`.
+ return false
+ }
+ fragment := fragmentSpread.Definition
+ if fragment == nil {
+ // Missing fragments checks are handled by `KnownFragmentNamesRule`.
+ return false
+ }
+
+ // Rather than following an immutable programming pattern which has
+ // significant memory and garbage collection overhead, we've opted to
+ // take a mutable approach for efficiency's sake. Importantly visiting a
+ // fragment twice is fine, so long as you don't do one visit inside the
+ // other.
+ visitedFragments[fragmentName] = true
+ defer delete(visitedFragments, fragmentName)
+ return checkDepthSelectionSet(fragment.SelectionSet, visitedFragments, depth)
+}
+
+func init() {
+ AddRule(MaxIntrospectionDepth.Name, MaxIntrospectionDepth.RuleFunc)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_fragment_cycles.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_fragment_cycles.go
similarity index 85%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_fragment_cycles.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/no_fragment_cycles.go
index a7de611f17..4e7907e243 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_fragment_cycles.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_fragment_cycles.go
@@ -1,17 +1,18 @@
-package validator
+package rules
import (
"fmt"
"strings"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("NoFragmentCycles", func(observers *Events, addError AddErrFunc) {
+var NoFragmentCyclesRule = Rule{
+ Name: "NoFragmentCycles",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
visitedFrags := make(map[string]bool)
observers.OnFragment(func(walker *Walker, fragment *ast.FragmentDefinition) {
@@ -67,7 +68,11 @@ func init() {
recursive(fragment)
})
- })
+ },
+}
+
+func init() {
+ AddRule(NoFragmentCyclesRule.Name, NoFragmentCyclesRule.RuleFunc)
}
func getFragmentSpreads(node ast.SelectionSet) []*ast.FragmentSpread {
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_undefined_variables.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_undefined_variables.go
similarity index 57%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_undefined_variables.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/no_undefined_variables.go
index e45a5e3d51..64f2dc7764 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/no_undefined_variables.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_undefined_variables.go
@@ -1,14 +1,15 @@
-package validator
+package rules
import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("NoUndefinedVariables", func(observers *Events, addError AddErrFunc) {
+var NoUndefinedVariablesRule = Rule{
+ Name: "NoUndefinedVariables",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
observers.OnValue(func(walker *Walker, value *ast.Value) {
if walker.CurrentOperation == nil || value.Kind != ast.Variable || value.VariableDefinition != nil {
return
@@ -26,5 +27,9 @@ func init() {
)
}
})
- })
+ },
+}
+
+func init() {
+ AddRule(NoUndefinedVariablesRule.Name, NoUndefinedVariablesRule.RuleFunc)
}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_unused_fragments.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_unused_fragments.go
new file mode 100644
index 0000000000..a914ee6d34
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_unused_fragments.go
@@ -0,0 +1,36 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var NoUnusedFragmentsRule = Rule{
+ Name: "NoUnusedFragments",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ inFragmentDefinition := false
+ fragmentNameUsed := make(map[string]bool)
+
+ observers.OnFragmentSpread(func(walker *Walker, fragmentSpread *ast.FragmentSpread) {
+ if !inFragmentDefinition {
+ fragmentNameUsed[fragmentSpread.Name] = true
+ }
+ })
+
+ observers.OnFragment(func(walker *Walker, fragment *ast.FragmentDefinition) {
+ inFragmentDefinition = true
+ if !fragmentNameUsed[fragment.Name] {
+ addError(
+ Message(`Fragment "%s" is never used.`, fragment.Name),
+ At(fragment.Position),
+ )
+ }
+ })
+ },
+}
+
+func init() {
+ AddRule(NoUnusedFragmentsRule.Name, NoUnusedFragmentsRule.RuleFunc)
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_unused_variables.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_unused_variables.go
new file mode 100644
index 0000000000..daed80ebbb
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/no_unused_variables.go
@@ -0,0 +1,37 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var NoUnusedVariablesRule = Rule{
+ Name: "NoUnusedVariables",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ observers.OnOperation(func(walker *Walker, operation *ast.OperationDefinition) {
+ for _, varDef := range operation.VariableDefinitions {
+ if varDef.Used {
+ continue
+ }
+
+ if operation.Name != "" {
+ addError(
+ Message(`Variable "$%s" is never used in operation "%s".`, varDef.Variable, operation.Name),
+ At(varDef.Position),
+ )
+ } else {
+ addError(
+ Message(`Variable "$%s" is never used.`, varDef.Variable),
+ At(varDef.Position),
+ )
+ }
+ }
+ })
+ },
+}
+
+func init() {
+ AddRule(NoUnusedVariablesRule.Name, NoUnusedVariablesRule.RuleFunc)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/overlapping_fields_can_be_merged.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/overlapping_fields_can_be_merged.go
similarity index 97%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/overlapping_fields_can_be_merged.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/overlapping_fields_can_be_merged.go
index 1e207a43e7..1295682200 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/overlapping_fields_can_be_merged.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/overlapping_fields_can_be_merged.go
@@ -1,19 +1,19 @@
-package validator
+package rules
import (
"bytes"
"fmt"
"reflect"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
-
- AddRule("OverlappingFieldsCanBeMerged", func(observers *Events, addError AddErrFunc) {
+var OverlappingFieldsCanBeMergedRule = Rule{
+ Name: "OverlappingFieldsCanBeMerged",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
/**
* Algorithm:
*
@@ -105,7 +105,11 @@ func init() {
conflict.addFieldsConflictMessage(addError)
}
})
- })
+ },
+}
+
+func init() {
+ AddRule(OverlappingFieldsCanBeMergedRule.Name, OverlappingFieldsCanBeMergedRule.RuleFunc)
}
type pairSet struct {
@@ -304,10 +308,8 @@ func (m *overlappingFieldsCanBeMergedManager) collectConflictsBetweenFieldsAndFr
}
func (m *overlappingFieldsCanBeMergedManager) collectConflictsBetweenFragments(conflicts *conflictMessageContainer, areMutuallyExclusive bool, fragmentSpreadA *ast.FragmentSpread, fragmentSpreadB *ast.FragmentSpread) {
-
var check func(fragmentSpreadA *ast.FragmentSpread, fragmentSpreadB *ast.FragmentSpread)
check = func(fragmentSpreadA *ast.FragmentSpread, fragmentSpreadB *ast.FragmentSpread) {
-
if fragmentSpreadA.Name == fragmentSpreadB.Name {
return
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/possible_fragment_spreads.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/possible_fragment_spreads.go
similarity index 82%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/possible_fragment_spreads.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/possible_fragment_spreads.go
index 79cb20c49c..b81f375658 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/possible_fragment_spreads.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/possible_fragment_spreads.go
@@ -1,15 +1,15 @@
-package validator
+package rules
import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("PossibleFragmentSpreads", func(observers *Events, addError AddErrFunc) {
-
+var PossibleFragmentSpreadsRule = Rule{
+ Name: "PossibleFragmentSpreads",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
validate := func(walker *Walker, parentDef *ast.Definition, fragmentName string, emitError func()) {
if parentDef == nil {
return
@@ -66,5 +66,9 @@ func init() {
)
})
})
- })
+ },
+}
+
+func init() {
+ AddRule(PossibleFragmentSpreadsRule.Name, PossibleFragmentSpreadsRule.RuleFunc)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/provided_required_arguments.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/provided_required_arguments.go
similarity index 67%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/provided_required_arguments.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/provided_required_arguments.go
index d6d12c4fd2..90667af23b 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/provided_required_arguments.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/provided_required_arguments.go
@@ -1,15 +1,15 @@
-package validator
+package rules
import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
-
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ "github.com/vektah/gqlparser/v2/ast"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("ProvidedRequiredArguments", func(observers *Events, addError AddErrFunc) {
- observers.OnField(func(_ *Walker, field *ast.Field) {
+var ProvidedRequiredArgumentsRule = Rule{
+ Name: "ProvidedRequiredArguments",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ observers.OnField(func(walker *Walker, field *ast.Field) {
if field.Definition == nil {
return
}
@@ -35,7 +35,7 @@ func init() {
}
})
- observers.OnDirective(func(_ *Walker, directive *ast.Directive) {
+ observers.OnDirective(func(walker *Walker, directive *ast.Directive) {
if directive.Definition == nil {
return
}
@@ -60,5 +60,9 @@ func init() {
)
}
})
- })
+ },
+}
+
+func init() {
+ AddRule(ProvidedRequiredArgumentsRule.Name, ProvidedRequiredArgumentsRule.RuleFunc)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/scalar_leafs.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/scalar_leafs.go
similarity index 68%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/scalar_leafs.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/scalar_leafs.go
index cd17b47c87..73a1e89677 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/scalar_leafs.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/scalar_leafs.go
@@ -1,14 +1,15 @@
-package validator
+package rules
import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("ScalarLeafs", func(observers *Events, addError AddErrFunc) {
+var ScalarLeafsRule = Rule{
+ Name: "ScalarLeafs",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
observers.OnField(func(walker *Walker, field *ast.Field) {
if field.Definition == nil {
return
@@ -34,5 +35,9 @@ func init() {
)
}
})
- })
+ },
+}
+
+func init() {
+ AddRule(ScalarLeafsRule.Name, ScalarLeafsRule.RuleFunc)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/single_field_subscriptions.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/single_field_subscriptions.go
similarity index 82%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/single_field_subscriptions.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/single_field_subscriptions.go
index 98cb984b40..1498d82986 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/single_field_subscriptions.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/single_field_subscriptions.go
@@ -1,17 +1,18 @@
-package validator
+package rules
import (
"strconv"
"strings"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("SingleFieldSubscriptions", func(observers *Events, addError AddErrFunc) {
+var SingleFieldSubscriptionsRule = Rule{
+ Name: "SingleFieldSubscriptions",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
observers.OnOperation(func(walker *Walker, operation *ast.OperationDefinition) {
if walker.Schema.Subscription == nil || operation.Operation != ast.Subscription {
return
@@ -40,7 +41,11 @@ func init() {
}
}
})
- })
+ },
+}
+
+func init() {
+ AddRule(SingleFieldSubscriptionsRule.Name, SingleFieldSubscriptionsRule.RuleFunc)
}
type topField struct {
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_argument_names.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_argument_names.go
new file mode 100644
index 0000000000..b90cc65107
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_argument_names.go
@@ -0,0 +1,40 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var UniqueArgumentNamesRule = Rule{
+ Name: "UniqueArgumentNames",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ observers.OnField(func(walker *Walker, field *ast.Field) {
+ checkUniqueArgs(field.Arguments, addError)
+ })
+
+ observers.OnDirective(func(walker *Walker, directive *ast.Directive) {
+ checkUniqueArgs(directive.Arguments, addError)
+ })
+ },
+}
+
+func init() {
+ AddRule(UniqueArgumentNamesRule.Name, UniqueArgumentNamesRule.RuleFunc)
+}
+
+func checkUniqueArgs(args ast.ArgumentList, addError AddErrFunc) {
+ knownArgNames := map[string]int{}
+
+ for _, arg := range args {
+ if knownArgNames[arg.Name] == 1 {
+ addError(
+ Message(`There can be only one argument named "%s".`, arg.Name),
+ At(arg.Position),
+ )
+ }
+
+ knownArgNames[arg.Name]++
+ }
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_directives_per_location.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_directives_per_location.go
new file mode 100644
index 0000000000..4222f36aec
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_directives_per_location.go
@@ -0,0 +1,31 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var UniqueDirectivesPerLocationRule = Rule{
+ Name: "UniqueDirectivesPerLocation",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ observers.OnDirectiveList(func(walker *Walker, directives []*ast.Directive) {
+ seen := map[string]bool{}
+
+ for _, dir := range directives {
+ if dir.Name != "repeatable" && seen[dir.Name] {
+ addError(
+ Message(`The directive "@%s" can only be used once at this location.`, dir.Name),
+ At(dir.Position),
+ )
+ }
+ seen[dir.Name] = true
+ }
+ })
+ },
+}
+
+func init() {
+ AddRule(UniqueDirectivesPerLocationRule.Name, UniqueDirectivesPerLocationRule.RuleFunc)
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_fragment_names.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_fragment_names.go
new file mode 100644
index 0000000000..aab8eeb4eb
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_fragment_names.go
@@ -0,0 +1,29 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var UniqueFragmentNamesRule = Rule{
+ Name: "UniqueFragmentNames",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ seenFragments := map[string]bool{}
+
+ observers.OnFragment(func(walker *Walker, fragment *ast.FragmentDefinition) {
+ if seenFragments[fragment.Name] {
+ addError(
+ Message(`There can be only one fragment named "%s".`, fragment.Name),
+ At(fragment.Position),
+ )
+ }
+ seenFragments[fragment.Name] = true
+ })
+ },
+}
+
+func init() {
+ AddRule(UniqueFragmentNamesRule.Name, UniqueFragmentNamesRule.RuleFunc)
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_input_field_names.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_input_field_names.go
new file mode 100644
index 0000000000..250849344b
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_input_field_names.go
@@ -0,0 +1,34 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var UniqueInputFieldNamesRule = Rule{
+ Name: "UniqueInputFieldNames",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ observers.OnValue(func(walker *Walker, value *ast.Value) {
+ if value.Kind != ast.ObjectValue {
+ return
+ }
+
+ seen := map[string]bool{}
+ for _, field := range value.Children {
+ if seen[field.Name] {
+ addError(
+ Message(`There can be only one input field named "%s".`, field.Name),
+ At(field.Position),
+ )
+ }
+ seen[field.Name] = true
+ }
+ })
+ },
+}
+
+func init() {
+ AddRule(UniqueInputFieldNamesRule.Name, UniqueInputFieldNamesRule.RuleFunc)
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_operation_names.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_operation_names.go
new file mode 100644
index 0000000000..6f1ec26abf
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_operation_names.go
@@ -0,0 +1,29 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var UniqueOperationNamesRule = Rule{
+ Name: "UniqueOperationNames",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ seen := map[string]bool{}
+
+ observers.OnOperation(func(walker *Walker, operation *ast.OperationDefinition) {
+ if seen[operation.Name] {
+ addError(
+ Message(`There can be only one operation named "%s".`, operation.Name),
+ At(operation.Position),
+ )
+ }
+ seen[operation.Name] = true
+ })
+ },
+}
+
+func init() {
+ AddRule(UniqueOperationNamesRule.Name, UniqueOperationNamesRule.RuleFunc)
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_variable_names.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_variable_names.go
new file mode 100644
index 0000000000..6b037ed527
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/unique_variable_names.go
@@ -0,0 +1,31 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var UniqueVariableNamesRule = Rule{
+ Name: "UniqueVariableNames",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ observers.OnOperation(func(walker *Walker, operation *ast.OperationDefinition) {
+ seen := map[string]int{}
+ for _, def := range operation.VariableDefinitions {
+ // add the same error only once per a variable.
+ if seen[def.Variable] == 1 {
+ addError(
+ Message(`There can be only one variable named "$%s".`, def.Variable),
+ At(def.Position),
+ )
+ }
+ seen[def.Variable]++
+ }
+ })
+ },
+}
+
+func init() {
+ AddRule(UniqueVariableNamesRule.Name, UniqueVariableNamesRule.RuleFunc)
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/values_of_correct_type.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/values_of_correct_type.go
new file mode 100644
index 0000000000..01510b7b5a
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/values_of_correct_type.go
@@ -0,0 +1,250 @@
+package rules
+
+import (
+ "errors"
+ "fmt"
+ "strconv"
+
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+func ruleFuncValuesOfCorrectType(observers *Events, addError AddErrFunc, disableSuggestion bool) {
+ observers.OnValue(func(walker *Walker, value *ast.Value) {
+ if value.Definition == nil || value.ExpectedType == nil {
+ return
+ }
+
+ if value.Kind == ast.NullValue && value.ExpectedType.NonNull {
+ addError(
+ Message(`Expected value of type "%s", found %s.`, value.ExpectedType.String(), value.String()),
+ At(value.Position),
+ )
+ }
+
+ if value.Definition.Kind == ast.Scalar {
+ // Skip custom validating scalars
+ if !value.Definition.OneOf("Int", "Float", "String", "Boolean", "ID") {
+ return
+ }
+ }
+
+ var possibleEnums []string
+ if value.Definition.Kind == ast.Enum {
+ for _, val := range value.Definition.EnumValues {
+ possibleEnums = append(possibleEnums, val.Name)
+ }
+ }
+
+ rawVal, err := value.Value(nil)
+ if err != nil {
+ unexpectedTypeMessage(addError, value)
+ }
+
+ switch value.Kind {
+ case ast.NullValue:
+ return
+ case ast.ListValue:
+ if value.ExpectedType.Elem == nil {
+ unexpectedTypeMessage(addError, value)
+ return
+ }
+
+ case ast.IntValue:
+ if !value.Definition.OneOf("Int", "Float", "ID") {
+ unexpectedTypeMessage(addError, value)
+ }
+
+ case ast.FloatValue:
+ if !value.Definition.OneOf("Float") {
+ unexpectedTypeMessage(addError, value)
+ }
+
+ case ast.StringValue, ast.BlockValue:
+ if value.Definition.Kind == ast.Enum {
+ if disableSuggestion {
+ addError(
+ Message(`Enum "%s" cannot represent non-enum value: %s.`, value.ExpectedType.String(), value.String()),
+ At(value.Position),
+ )
+ } else {
+ rawValStr := fmt.Sprint(rawVal)
+ addError(
+ Message(`Enum "%s" cannot represent non-enum value: %s.`, value.ExpectedType.String(), value.String()),
+ SuggestListQuoted("Did you mean the enum value", rawValStr, possibleEnums),
+ At(value.Position),
+ )
+ }
+ } else if !value.Definition.OneOf("String", "ID") {
+ unexpectedTypeMessage(addError, value)
+ }
+
+ case ast.EnumValue:
+ if value.Definition.Kind != ast.Enum {
+ if disableSuggestion {
+ addError(
+ unexpectedTypeMessageOnly(value),
+ At(value.Position),
+ )
+ } else {
+ rawValStr := fmt.Sprint(rawVal)
+ addError(
+ unexpectedTypeMessageOnly(value),
+ SuggestListUnquoted("Did you mean the enum value", rawValStr, possibleEnums),
+ At(value.Position),
+ )
+ }
+ } else if value.Definition.EnumValues.ForName(value.Raw) == nil {
+ if disableSuggestion {
+ addError(
+ Message(`Value "%s" does not exist in "%s" enum.`, value.String(), value.ExpectedType.String()),
+ At(value.Position),
+ )
+ } else {
+ rawValStr := fmt.Sprint(rawVal)
+ addError(
+ Message(`Value "%s" does not exist in "%s" enum.`, value.String(), value.ExpectedType.String()),
+ SuggestListQuoted("Did you mean the enum value", rawValStr, possibleEnums),
+ At(value.Position),
+ )
+ }
+ }
+
+ case ast.BooleanValue:
+ if !value.Definition.OneOf("Boolean") {
+ unexpectedTypeMessage(addError, value)
+ }
+
+ case ast.ObjectValue:
+
+ for _, field := range value.Definition.Fields {
+ if field.Type.NonNull {
+ fieldValue := value.Children.ForName(field.Name)
+ if fieldValue == nil && field.DefaultValue == nil {
+ addError(
+ Message(`Field "%s.%s" of required type "%s" was not provided.`, value.Definition.Name, field.Name, field.Type.String()),
+ At(value.Position),
+ )
+ continue
+ }
+ }
+ }
+
+ for _, directive := range value.Definition.Directives {
+ if directive.Name == "oneOf" {
+ func() {
+ if len(value.Children) != 1 {
+ addError(
+ Message(`OneOf Input Object "%s" must specify exactly one key.`, value.Definition.Name),
+ At(value.Position),
+ )
+ return
+ }
+
+ fieldValue := value.Children[0].Value
+ isNullLiteral := fieldValue == nil || fieldValue.Kind == ast.NullValue
+ if isNullLiteral {
+ addError(
+ Message(`Field "%s.%s" must be non-null.`, value.Definition.Name, value.Definition.Fields[0].Name),
+ At(fieldValue.Position),
+ )
+ return
+ }
+
+ isVariable := fieldValue.Kind == ast.Variable
+ if isVariable {
+ variableName := fieldValue.VariableDefinition.Variable
+ isNullableVariable := !fieldValue.VariableDefinition.Type.NonNull
+ if isNullableVariable {
+ addError(
+ Message(`Variable "%s" must be non-nullable to be used for OneOf Input Object "%s".`, variableName, value.Definition.Name),
+ At(fieldValue.Position),
+ )
+ }
+ }
+ }()
+ }
+ }
+
+ for _, fieldValue := range value.Children {
+ if value.Definition.Fields.ForName(fieldValue.Name) == nil {
+ if disableSuggestion {
+ addError(
+ Message(`Field "%s" is not defined by type "%s".`, fieldValue.Name, value.Definition.Name),
+ At(fieldValue.Position),
+ )
+ } else {
+ var suggestions []string
+ for _, fieldValue := range value.Definition.Fields {
+ suggestions = append(suggestions, fieldValue.Name)
+ }
+
+ addError(
+ Message(`Field "%s" is not defined by type "%s".`, fieldValue.Name, value.Definition.Name),
+ SuggestListQuoted("Did you mean", fieldValue.Name, suggestions),
+ At(fieldValue.Position),
+ )
+ }
+ }
+ }
+
+ case ast.Variable:
+ return
+
+ default:
+ panic(fmt.Errorf("unhandled %T", value))
+ }
+ })
+}
+
+var ValuesOfCorrectTypeRule = Rule{
+ Name: "ValuesOfCorrectType",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ ruleFuncValuesOfCorrectType(observers, addError, false)
+ },
+}
+
+var ValuesOfCorrectTypeRuleWithoutSuggestions = Rule{
+ Name: "ValuesOfCorrectTypeWithoutSuggestions",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ ruleFuncValuesOfCorrectType(observers, addError, true)
+ },
+}
+
+func init() {
+ AddRule(ValuesOfCorrectTypeRule.Name, ValuesOfCorrectTypeRule.RuleFunc)
+}
+
+func unexpectedTypeMessage(addError AddErrFunc, v *ast.Value) {
+ addError(
+ unexpectedTypeMessageOnly(v),
+ At(v.Position),
+ )
+}
+
+func unexpectedTypeMessageOnly(v *ast.Value) ErrorOption {
+ switch v.ExpectedType.String() {
+ case "Int", "Int!":
+ if _, err := strconv.ParseInt(v.Raw, 10, 32); err != nil && errors.Is(err, strconv.ErrRange) {
+ return Message(`Int cannot represent non 32-bit signed integer value: %s`, v.String())
+ }
+ return Message(`Int cannot represent non-integer value: %s`, v.String())
+ case "String", "String!", "[String]":
+ return Message(`String cannot represent a non string value: %s`, v.String())
+ case "Boolean", "Boolean!":
+ return Message(`Boolean cannot represent a non boolean value: %s`, v.String())
+ case "Float", "Float!":
+ return Message(`Float cannot represent non numeric value: %s`, v.String())
+ case "ID", "ID!":
+ return Message(`ID cannot represent a non-string and non-integer value: %s`, v.String())
+ // case "Enum":
+ // return Message(`Enum "%s" cannot represent non-enum value: %s`, v.ExpectedType.String(), v.String())
+ default:
+ if v.Definition.Kind == ast.Enum {
+ return Message(`Enum "%s" cannot represent non-enum value: %s.`, v.ExpectedType.String(), v.String())
+ }
+ return Message(`Expected value of type "%s", found %s.`, v.ExpectedType.String(), v.String())
+ }
+}
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/rules/variables_are_input_types.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/variables_are_input_types.go
new file mode 100644
index 0000000000..e1bf2b1f57
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/variables_are_input_types.go
@@ -0,0 +1,35 @@
+package rules
+
+import (
+ "github.com/vektah/gqlparser/v2/ast"
+
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
+)
+
+var VariablesAreInputTypesRule = Rule{
+ Name: "VariablesAreInputTypes",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
+ observers.OnOperation(func(walker *Walker, operation *ast.OperationDefinition) {
+ for _, def := range operation.VariableDefinitions {
+ if def.Definition == nil {
+ continue
+ }
+ if !def.Definition.IsInputType() {
+ addError(
+ Message(
+ `Variable "$%s" cannot be non-input type "%s".`,
+ def.Variable,
+ def.Type.String(),
+ ),
+ At(def.Position),
+ )
+ }
+ }
+ })
+ },
+}
+
+func init() {
+ AddRule(VariablesAreInputTypesRule.Name, VariablesAreInputTypesRule.RuleFunc)
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/variables_in_allowed_position.go b/vendor/github.com/vektah/gqlparser/v2/validator/rules/variables_in_allowed_position.go
similarity index 67%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/variables_in_allowed_position.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/rules/variables_in_allowed_position.go
index 08a8e18c09..f05ee687ad 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/rules/variables_in_allowed_position.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/rules/variables_in_allowed_position.go
@@ -1,14 +1,15 @@
-package validator
+package rules
import (
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
- //nolint:revive // Validator rules each use dot imports for convenience.
- . "github.com/open-policy-agent/opa/internal/gqlparser/validator"
+ //nolint:staticcheck // Validator rules each use dot imports for convenience.
+ . "github.com/vektah/gqlparser/v2/validator"
)
-func init() {
- AddRule("VariablesInAllowedPosition", func(observers *Events, addError AddErrFunc) {
+var VariablesInAllowedPositionRule = Rule{
+ Name: "VariablesInAllowedPosition",
+ RuleFunc: func(observers *Events, addError AddErrFunc) {
observers.OnValue(func(walker *Walker, value *ast.Value) {
if value.Kind != ast.Variable || value.ExpectedType == nil || value.VariableDefinition == nil || walker.CurrentOperation == nil {
return
@@ -36,5 +37,9 @@ func init() {
)
}
})
- })
+ },
+}
+
+func init() {
+ AddRule(VariablesInAllowedPositionRule.Name, VariablesInAllowedPositionRule.RuleFunc)
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/schema.go b/vendor/github.com/vektah/gqlparser/v2/validator/schema.go
similarity index 86%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/schema.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/schema.go
index c9c542195d..a8754afc2b 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/schema.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/schema.go
@@ -5,21 +5,20 @@ import (
"strconv"
"strings"
- //nolint:revive
- . "github.com/open-policy-agent/opa/internal/gqlparser/ast"
- "github.com/open-policy-agent/opa/internal/gqlparser/gqlerror"
- "github.com/open-policy-agent/opa/internal/gqlparser/parser"
+ . "github.com/vektah/gqlparser/v2/ast" //nolint:staticcheck // bad, yeah
+ "github.com/vektah/gqlparser/v2/gqlerror"
+ "github.com/vektah/gqlparser/v2/parser"
)
func LoadSchema(inputs ...*Source) (*Schema, error) {
- ast, err := parser.ParseSchemas(inputs...)
+ sd, err := parser.ParseSchemas(inputs...)
if err != nil {
- return nil, err
+ return nil, gqlerror.WrapIfUnwrapped(err)
}
- return ValidateSchemaDocument(ast)
+ return ValidateSchemaDocument(sd)
}
-func ValidateSchemaDocument(ast *SchemaDocument) (*Schema, error) {
+func ValidateSchemaDocument(sd *SchemaDocument) (*Schema, error) {
schema := Schema{
Types: map[string]*Definition{},
Directives: map[string]*DirectiveDefinition{},
@@ -27,16 +26,16 @@ func ValidateSchemaDocument(ast *SchemaDocument) (*Schema, error) {
Implements: map[string][]*Definition{},
}
- for i, def := range ast.Definitions {
+ for i, def := range sd.Definitions {
if schema.Types[def.Name] != nil {
return nil, gqlerror.ErrorPosf(def.Position, "Cannot redeclare type %s.", def.Name)
}
- schema.Types[def.Name] = ast.Definitions[i]
+ schema.Types[def.Name] = sd.Definitions[i]
}
- defs := append(DefinitionList{}, ast.Definitions...)
+ defs := append(DefinitionList{}, sd.Definitions...)
- for _, ext := range ast.Extensions {
+ for _, ext := range sd.Extensions {
def := schema.Types[ext.Name]
if def == nil {
schema.Types[ext.Name] = &Definition{
@@ -80,13 +79,13 @@ func ValidateSchemaDocument(ast *SchemaDocument) (*Schema, error) {
}
}
- for i, dir := range ast.Directives {
+ for i, dir := range sd.Directives {
if schema.Directives[dir.Name] != nil {
// While the spec says SDL must not (§3.5) explicitly define builtin
// scalars, it may (§3.13) define builtin directives. Here we check for
// that, and reject doubly-defined directives otherwise.
switch dir.Name {
- case "include", "skip", "deprecated", "specifiedBy": // the builtins
+ case "include", "skip", "deprecated", "specifiedBy", "defer", "oneOf": // the builtins
// In principle here we might want to validate that the
// directives are the same. But they might not be, if the
// server has an older spec than we do. (Plus, validating this
@@ -99,16 +98,16 @@ func ValidateSchemaDocument(ast *SchemaDocument) (*Schema, error) {
return nil, gqlerror.ErrorPosf(dir.Position, "Cannot redeclare directive %s.", dir.Name)
}
}
- schema.Directives[dir.Name] = ast.Directives[i]
+ schema.Directives[dir.Name] = sd.Directives[i]
}
- if len(ast.Schema) > 1 {
- return nil, gqlerror.ErrorPosf(ast.Schema[1].Position, "Cannot have multiple schema entry points, consider schema extensions instead.")
+ if len(sd.Schema) > 1 {
+ return nil, gqlerror.ErrorPosf(sd.Schema[1].Position, "Cannot have multiple schema entry points, consider schema extensions instead.")
}
- if len(ast.Schema) == 1 {
- schema.Description = ast.Schema[0].Description
- for _, entrypoint := range ast.Schema[0].OperationTypes {
+ if len(sd.Schema) == 1 {
+ schema.Description = sd.Schema[0].Description
+ for _, entrypoint := range sd.Schema[0].OperationTypes {
def := schema.Types[entrypoint.Type]
if def == nil {
return nil, gqlerror.ErrorPosf(entrypoint.Position, "Schema root %s refers to a type %s that does not exist.", entrypoint.Operation, entrypoint.Type)
@@ -122,9 +121,13 @@ func ValidateSchemaDocument(ast *SchemaDocument) (*Schema, error) {
schema.Subscription = def
}
}
+ if err := validateDirectives(&schema, sd.Schema[0].Directives, LocationSchema, nil); err != nil {
+ return nil, err
+ }
+ schema.SchemaDirectives = append(schema.SchemaDirectives, sd.Schema[0].Directives...)
}
- for _, ext := range ast.SchemaExtension {
+ for _, ext := range sd.SchemaExtension {
for _, entrypoint := range ext.OperationTypes {
def := schema.Types[entrypoint.Type]
if def == nil {
@@ -139,6 +142,10 @@ func ValidateSchemaDocument(ast *SchemaDocument) (*Schema, error) {
schema.Subscription = def
}
}
+ if err := validateDirectives(&schema, ext.Directives, LocationSchema, nil); err != nil {
+ return nil, err
+ }
+ schema.SchemaDirectives = append(schema.SchemaDirectives, ext.Directives...)
}
if err := validateTypeDefinitions(&schema); err != nil {
@@ -152,7 +159,7 @@ func ValidateSchemaDocument(ast *SchemaDocument) (*Schema, error) {
// Inferred root operation type names should be performed only when a `schema` directive is
// **not** provided, when it is, `Mutation` and `Subscription` becomes valid types and are not
// assigned as a root operation on the schema.
- if len(ast.Schema) == 0 {
+ if len(sd.Schema) == 0 {
if schema.Query == nil && schema.Types["Query"] != nil {
schema.Query = schema.Types["Query"]
}
@@ -284,6 +291,9 @@ func validateDefinition(schema *Schema, def *Definition) *gqlerror.Error {
return gqlerror.ErrorPosf(def.Position, "%s %s: non-enum value %s.", def.Kind, def.Name, value.Name)
}
}
+ if err := validateDirectives(schema, value.Directives, LocationEnumValue, nil); err != nil {
+ return err
+ }
}
case InputObject:
if len(def.Fields) == 0 {
@@ -359,11 +369,12 @@ func validateDirectives(schema *Schema, dirs DirectiveList, location DirectiveLo
if currentDirective != nil && dir.Name == currentDirective.Name {
return gqlerror.ErrorPosf(dir.Position, "Directive %s cannot refer to itself.", currentDirective.Name)
}
- if schema.Directives[dir.Name] == nil {
+ dirDefinition := schema.Directives[dir.Name]
+ if dirDefinition == nil {
return gqlerror.ErrorPosf(dir.Position, "Undefined directive %s.", dir.Name)
}
validKind := false
- for _, dirLocation := range schema.Directives[dir.Name].Locations {
+ for _, dirLocation := range dirDefinition.Locations {
if dirLocation == location {
validKind = true
break
@@ -372,6 +383,18 @@ func validateDirectives(schema *Schema, dirs DirectiveList, location DirectiveLo
if !validKind {
return gqlerror.ErrorPosf(dir.Position, "Directive %s is not applicable on %s.", dir.Name, location)
}
+ for _, arg := range dir.Arguments {
+ if dirDefinition.Arguments.ForName(arg.Name) == nil {
+ return gqlerror.ErrorPosf(arg.Position, "Undefined argument %s for directive %s.", arg.Name, dir.Name)
+ }
+ }
+ for _, schemaArg := range dirDefinition.Arguments {
+ if schemaArg.Type.NonNull && schemaArg.DefaultValue == nil {
+ if arg := dir.Arguments.ForName(schemaArg.Name); arg == nil || arg.Value.Kind == NullValue {
+ return gqlerror.ErrorPosf(dir.Position, "Argument %s for directive %s cannot be null.", schemaArg.Name, dir.Name)
+ }
+ }
+ }
dir.Definition = schema.Directives[dir.Name]
}
return nil
@@ -379,7 +402,7 @@ func validateDirectives(schema *Schema, dirs DirectiveList, location DirectiveLo
func validateImplements(schema *Schema, def *Definition, intfName string) *gqlerror.Error {
// see validation rules at the bottom of
- // https://facebook.github.io/graphql/October2021/#sec-Objects
+ // https://spec.graphql.org/October2021/#sec-Objects
intf := schema.Types[intfName]
if intf == nil {
return gqlerror.ErrorPosf(def.Position, "Undefined type %s.", strconv.Quote(intfName))
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/schema_test.yml b/vendor/github.com/vektah/gqlparser/v2/validator/schema_test.yml
similarity index 92%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/schema_test.yml
rename to vendor/github.com/vektah/gqlparser/v2/validator/schema_test.yml
index 7034a4697c..22f125bec4 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/schema_test.yml
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/schema_test.yml
@@ -80,6 +80,15 @@ object types:
message: 'Name "__id" must not begin with "__", which is reserved by GraphQL introspection.'
locations: [{line: 2, column: 3}]
+ - name: field argument list must not be empty
+ input: |
+ type FooBar {
+ foo(): ID
+ }
+ error:
+ message: 'expected at least one definition, found )'
+ locations: [{line: 2, column: 7}]
+
- name: check reserved names on type field argument
input: |
type FooBar {
@@ -528,7 +537,16 @@ directives:
directive @skip(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT
directive @skip(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT
- - name: must be declared
+ - name: must be declared (type)
+ input: |
+ type User @foo {
+ name: String
+ }
+ error:
+ message: "Undefined directive foo."
+ locations: [{line: 1, column: 12}]
+
+ - name: must be declared (field)
input: |
type User {
name: String @foo
@@ -537,6 +555,15 @@ directives:
message: "Undefined directive foo."
locations: [{line: 2, column: 17}]
+ - name: must be declared (enum)
+ input: |
+ enum Unit {
+ METER @foo
+ }
+ error:
+ message: "Undefined directive foo."
+ locations: [{line: 2, column: 10}]
+
- name: cannot be self-referential
input: |
directive @A(foo: Int! @A) on FIELD_DEFINITION
@@ -604,6 +631,32 @@ directives:
type P { name: String @testField }
interface I { id: ID @testField }
+ - name: Invalid directive argument not allowed
+ input: |
+ directive @foo(bla: Int!) on FIELD_DEFINITION
+ type P {f: Int @foo(foobla: 11)}
+
+ error:
+ message: 'Undefined argument foobla for directive foo.'
+ locations: [{line: 2, column: 21}]
+
+ - name: non-null argument must be provided
+ input: |
+ directive @foo(bla: Int!) on FIELD_DEFINITION
+ type P {f: Int @foo }
+
+ error:
+ message: 'Argument bla for directive foo cannot be null.'
+ locations: [{line: 2, column: 17}]
+
+ - name: non-null argument must not be null
+ input: |
+ directive @foo(bla: Int!) on FIELD_DEFINITION
+ type P {f: Int @foo(bla: null) }
+
+ error:
+ message: 'Argument bla for directive foo cannot be null.'
+ locations: [{line: 2, column: 17}]
entry points:
- name: multiple schema entry points
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/suggestionList.go b/vendor/github.com/vektah/gqlparser/v2/validator/suggestionList.go
similarity index 100%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/suggestionList.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/suggestionList.go
diff --git a/vendor/github.com/vektah/gqlparser/v2/validator/validator.go b/vendor/github.com/vektah/gqlparser/v2/validator/validator.go
new file mode 100644
index 0000000000..1b4040c2c8
--- /dev/null
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/validator.go
@@ -0,0 +1,93 @@
+package validator
+
+import (
+ //nolint:staticcheck // bad, yeah
+ . "github.com/vektah/gqlparser/v2/ast"
+ "github.com/vektah/gqlparser/v2/gqlerror"
+)
+
+type AddErrFunc func(options ...ErrorOption)
+
+type RuleFunc func(observers *Events, addError AddErrFunc)
+
+type Rule struct {
+ Name string
+ RuleFunc RuleFunc
+}
+
+var specifiedRules []Rule
+
+// AddRule adds a rule to the rule set.
+// ruleFunc is called once each time `Validate` is executed.
+func AddRule(name string, ruleFunc RuleFunc) {
+ specifiedRules = append(specifiedRules, Rule{Name: name, RuleFunc: ruleFunc})
+}
+
+// RemoveRule removes an existing rule from the rule set
+// if one of the same name exists.
+// The rule set is global, so it is not safe for concurrent changes
+func RemoveRule(name string) {
+ var result []Rule // nolint:prealloc // using initialized with len(rules) produces a race condition
+ for _, r := range specifiedRules {
+ if r.Name == name {
+ continue
+ }
+ result = append(result, r)
+ }
+ specifiedRules = result
+}
+
+// ReplaceRule replaces an existing rule from the rule set
+// if one of the same name exists.
+// If no match is found, it will add a new rule to the rule set.
+// The rule set is global, so it is not safe for concurrent changes
+func ReplaceRule(name string, ruleFunc RuleFunc) {
+ var found bool
+ var result []Rule // nolint:prealloc // using initialized with len(rules) produces a race condition
+ for _, r := range specifiedRules {
+ if r.Name == name {
+ found = true
+ result = append(result, Rule{Name: name, RuleFunc: ruleFunc})
+ continue
+ }
+ result = append(result, r)
+ }
+ if !found {
+ specifiedRules = append(specifiedRules, Rule{Name: name, RuleFunc: ruleFunc})
+ return
+ }
+ specifiedRules = result
+}
+
+func Validate(schema *Schema, doc *QueryDocument, rules ...Rule) gqlerror.List {
+ if rules == nil {
+ rules = specifiedRules
+ }
+
+ var errs gqlerror.List
+ if schema == nil {
+ errs = append(errs, gqlerror.Errorf("cannot validate as Schema is nil"))
+ }
+ if doc == nil {
+ errs = append(errs, gqlerror.Errorf("cannot validate as QueryDocument is nil"))
+ }
+ if len(errs) > 0 {
+ return errs
+ }
+ observers := &Events{}
+ for i := range rules {
+ rule := rules[i]
+ rule.RuleFunc(observers, func(options ...ErrorOption) {
+ err := &gqlerror.Error{
+ Rule: rule.Name,
+ }
+ for _, o := range options {
+ o(err)
+ }
+ errs = append(errs, err)
+ })
+ }
+
+ Walk(schema, doc, observers)
+ return errs
+}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/vars.go b/vendor/github.com/vektah/gqlparser/v2/validator/vars.go
similarity index 95%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/vars.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/vars.go
index 86be7c4df2..205a7fb516 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/vars.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/vars.go
@@ -7,10 +7,11 @@ import (
"strconv"
"strings"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
- "github.com/open-policy-agent/opa/internal/gqlparser/gqlerror"
+ "github.com/vektah/gqlparser/v2/ast"
+ "github.com/vektah/gqlparser/v2/gqlerror"
)
+//nolint:staticcheck // We do not care about capitalized error strings
var ErrUnexpectedType = fmt.Errorf("Unexpected Type")
// VariableValues coerces and validates variable values
@@ -55,19 +56,19 @@ func VariableValues(schema *ast.Schema, op *ast.OperationDefinition, variables m
jsonNumber, isJSONNumber := val.(json.Number)
if isJSONNumber {
- if v.Type.NamedType == "Int" {
+ switch v.Type.NamedType {
+ case "Int":
n, err := jsonNumber.Int64()
if err != nil {
return nil, gqlerror.ErrorPathf(validator.path, "cannot use value %d as %s", n, v.Type.NamedType)
}
rv = reflect.ValueOf(n)
- } else if v.Type.NamedType == "Float" {
+ case "Float":
f, err := jsonNumber.Float64()
if err != nil {
return nil, gqlerror.ErrorPathf(validator.path, "cannot use value %f as %s", f, v.Type.NamedType)
}
rv = reflect.ValueOf(f)
-
}
}
if rv.Kind() == reflect.Ptr || rv.Kind() == reflect.Interface {
@@ -181,7 +182,7 @@ func (v *varValidator) validateVarType(typ *ast.Type, val reflect.Value) (reflec
return val, gqlerror.ErrorPathf(v.path, "cannot use %s as %s", kind.String(), typ.NamedType)
case ast.InputObject:
if val.Kind() != reflect.Map {
- return val, gqlerror.ErrorPathf(v.path, "must be a %s", def.Name)
+ return val, gqlerror.ErrorPathf(v.path, "must be a %s, not a %s", def.Name, val.Kind())
}
// check for unknown fields
@@ -222,7 +223,7 @@ func (v *varValidator) validateVarType(typ *ast.Type, val reflect.Value) (reflec
if fieldDef.Type.NonNull && field.IsNil() {
return val, gqlerror.ErrorPathf(v.path, "cannot be null")
}
- //allow null object field and skip it
+ // allow null object field and skip it
if !fieldDef.Type.NonNull && field.IsNil() {
continue
}
diff --git a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/walk.go b/vendor/github.com/vektah/gqlparser/v2/validator/walk.go
similarity index 98%
rename from vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/walk.go
rename to vendor/github.com/vektah/gqlparser/v2/validator/walk.go
index f722871869..d3140746fb 100644
--- a/vendor/github.com/open-policy-agent/opa/internal/gqlparser/validator/walk.go
+++ b/vendor/github.com/vektah/gqlparser/v2/validator/walk.go
@@ -4,7 +4,7 @@ import (
"context"
"fmt"
- "github.com/open-policy-agent/opa/internal/gqlparser/ast"
+ "github.com/vektah/gqlparser/v2/ast"
)
type Events struct {
@@ -22,27 +22,35 @@ type Events struct {
func (o *Events) OnOperation(f func(walker *Walker, operation *ast.OperationDefinition)) {
o.operationVisitor = append(o.operationVisitor, f)
}
+
func (o *Events) OnField(f func(walker *Walker, field *ast.Field)) {
o.field = append(o.field, f)
}
+
func (o *Events) OnFragment(f func(walker *Walker, fragment *ast.FragmentDefinition)) {
o.fragment = append(o.fragment, f)
}
+
func (o *Events) OnInlineFragment(f func(walker *Walker, inlineFragment *ast.InlineFragment)) {
o.inlineFragment = append(o.inlineFragment, f)
}
+
func (o *Events) OnFragmentSpread(f func(walker *Walker, fragmentSpread *ast.FragmentSpread)) {
o.fragmentSpread = append(o.fragmentSpread, f)
}
+
func (o *Events) OnDirective(f func(walker *Walker, directive *ast.Directive)) {
o.directive = append(o.directive, f)
}
+
func (o *Events) OnDirectiveList(f func(walker *Walker, directives []*ast.Directive)) {
o.directiveList = append(o.directiveList, f)
}
+
func (o *Events) OnValue(f func(walker *Walker, value *ast.Value)) {
o.value = append(o.value, f)
}
+
func (o *Events) OnVariable(f func(walker *Walker, variable *ast.VariableDefinition)) {
o.variable = append(o.variable, f)
}
@@ -277,7 +285,7 @@ func (w *Walker) walkSelection(parentDef *ast.Definition, it ast.Selection) {
w.walkDirectives(nextParentDef, it.Directives, ast.LocationFragmentSpread)
if def != nil && !w.validatedFragmentSpreads[def.Name] {
- // prevent inifinite recursion
+ // prevent infinite recursion
w.validatedFragmentSpreads[def.Name] = true
w.walkSelectionSet(nextParentDef, def.SelectionSet)
}
diff --git a/vendor/github.com/vishvananda/netlink/addr_linux.go b/vendor/github.com/vishvananda/netlink/addr_linux.go
index 218ab23796..01c2306cb2 100644
--- a/vendor/github.com/vishvananda/netlink/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/addr_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"net"
"strings"
@@ -17,6 +18,7 @@ import (
//
// If `addr` is an IPv4 address and the broadcast address is not given, it
// will be automatically computed based on the IP mask if /30 or larger.
+// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled.
func AddrAdd(link Link, addr *Addr) error {
return pkgHandle.AddrAdd(link, addr)
}
@@ -27,6 +29,7 @@ func AddrAdd(link Link, addr *Addr) error {
//
// If `addr` is an IPv4 address and the broadcast address is not given, it
// will be automatically computed based on the IP mask if /30 or larger.
+// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled.
func (h *Handle) AddrAdd(link Link, addr *Addr) error {
req := h.newNetlinkRequest(unix.RTM_NEWADDR, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
return h.addrHandle(link, addr, req)
@@ -38,6 +41,7 @@ func (h *Handle) AddrAdd(link Link, addr *Addr) error {
//
// If `addr` is an IPv4 address and the broadcast address is not given, it
// will be automatically computed based on the IP mask if /30 or larger.
+// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled.
func AddrReplace(link Link, addr *Addr) error {
return pkgHandle.AddrReplace(link, addr)
}
@@ -48,6 +52,7 @@ func AddrReplace(link Link, addr *Addr) error {
//
// If `addr` is an IPv4 address and the broadcast address is not given, it
// will be automatically computed based on the IP mask if /30 or larger.
+// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled.
func (h *Handle) AddrReplace(link Link, addr *Addr) error {
req := h.newNetlinkRequest(unix.RTM_NEWADDR, unix.NLM_F_CREATE|unix.NLM_F_REPLACE|unix.NLM_F_ACK)
return h.addrHandle(link, addr, req)
@@ -56,18 +61,13 @@ func (h *Handle) AddrReplace(link Link, addr *Addr) error {
// AddrDel will delete an IP address from a link device.
//
// Equivalent to: `ip addr del $addr dev $link`
-//
-// If `addr` is an IPv4 address and the broadcast address is not given, it
-// will be automatically computed based on the IP mask if /30 or larger.
func AddrDel(link Link, addr *Addr) error {
return pkgHandle.AddrDel(link, addr)
}
// AddrDel will delete an IP address from a link device.
-// Equivalent to: `ip addr del $addr dev $link`
//
-// If `addr` is an IPv4 address and the broadcast address is not given, it
-// will be automatically computed based on the IP mask if /30 or larger.
+// Equivalent to: `ip addr del $addr dev $link`
func (h *Handle) AddrDel(link Link, addr *Addr) error {
req := h.newNetlinkRequest(unix.RTM_DELADDR, unix.NLM_F_ACK)
return h.addrHandle(link, addr, req)
@@ -141,6 +141,10 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
addr.Broadcast = calcBroadcast
}
+ if net.IPv4zero.Equal(addr.Broadcast) {
+ addr.Broadcast = nil
+ }
+
if addr.Broadcast != nil {
req.AddData(nl.NewRtAttr(unix.IFA_BROADCAST, addr.Broadcast))
}
@@ -169,6 +173,9 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
// AddrList gets a list of IP addresses in the system.
// Equivalent to: `ip addr show`.
// The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func AddrList(link Link, family int) ([]Addr, error) {
return pkgHandle.AddrList(link, family)
}
@@ -176,14 +183,17 @@ func AddrList(link Link, family int) ([]Addr, error) {
// AddrList gets a list of IP addresses in the system.
// Equivalent to: `ip addr show`.
// The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
req := h.newNetlinkRequest(unix.RTM_GETADDR, unix.NLM_F_DUMP)
msg := nl.NewIfAddrmsg(family)
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWADDR)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWADDR)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
indexFilter := 0
@@ -212,7 +222,7 @@ func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
res = append(res, addr)
}
- return res, nil
+ return res, executeErr
}
func parseAddr(m []byte) (addr Addr, family int, err error) {
diff --git a/vendor/github.com/vishvananda/netlink/bridge_linux.go b/vendor/github.com/vishvananda/netlink/bridge_linux.go
index 6c340b0ce9..fa5766b801 100644
--- a/vendor/github.com/vishvananda/netlink/bridge_linux.go
+++ b/vendor/github.com/vishvananda/netlink/bridge_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"github.com/vishvananda/netlink/nl"
@@ -9,21 +10,27 @@ import (
// BridgeVlanList gets a map of device id to bridge vlan infos.
// Equivalent to: `bridge vlan show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
return pkgHandle.BridgeVlanList()
}
// BridgeVlanList gets a map of device id to bridge vlan infos.
// Equivalent to: `bridge vlan show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP)
msg := nl.NewIfInfomsg(unix.AF_BRIDGE)
req.AddData(msg)
req.AddData(nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(uint32(nl.RTEXT_FILTER_BRVLAN))))
- msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
ret := make(map[int32][]*nl.BridgeVlanInfo)
for _, m := range msgs {
@@ -51,7 +58,7 @@ func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
}
}
}
- return ret, nil
+ return ret, executeErr
}
// BridgeVlanAdd adds a new vlan filter entry
diff --git a/vendor/github.com/vishvananda/netlink/chain_linux.go b/vendor/github.com/vishvananda/netlink/chain_linux.go
index d9f441613c..5008e7101f 100644
--- a/vendor/github.com/vishvananda/netlink/chain_linux.go
+++ b/vendor/github.com/vishvananda/netlink/chain_linux.go
@@ -1,6 +1,8 @@
package netlink
import (
+ "errors"
+
"github.com/vishvananda/netlink/nl"
"golang.org/x/sys/unix"
)
@@ -56,6 +58,9 @@ func (h *Handle) chainModify(cmd, flags int, link Link, chain Chain) error {
// ChainList gets a list of chains in the system.
// Equivalent to: `tc chain list`.
// The list can be filtered by link.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func ChainList(link Link, parent uint32) ([]Chain, error) {
return pkgHandle.ChainList(link, parent)
}
@@ -63,6 +68,9 @@ func ChainList(link Link, parent uint32) ([]Chain, error) {
// ChainList gets a list of chains in the system.
// Equivalent to: `tc chain list`.
// The list can be filtered by link.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) ChainList(link Link, parent uint32) ([]Chain, error) {
req := h.newNetlinkRequest(unix.RTM_GETCHAIN, unix.NLM_F_DUMP)
index := int32(0)
@@ -78,9 +86,9 @@ func (h *Handle) ChainList(link Link, parent uint32) ([]Chain, error) {
}
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWCHAIN)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWCHAIN)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res []Chain
@@ -108,5 +116,5 @@ func (h *Handle) ChainList(link Link, parent uint32) ([]Chain, error) {
res = append(res, chain)
}
- return res, nil
+ return res, executeErr
}
diff --git a/vendor/github.com/vishvananda/netlink/class_linux.go b/vendor/github.com/vishvananda/netlink/class_linux.go
index a82eb09de2..08fb16c2bc 100644
--- a/vendor/github.com/vishvananda/netlink/class_linux.go
+++ b/vendor/github.com/vishvananda/netlink/class_linux.go
@@ -201,14 +201,20 @@ func classPayload(req *nl.NetlinkRequest, class Class) error {
// ClassList gets a list of classes in the system.
// Equivalent to: `tc class show`.
+//
// Generally returns nothing if link and parent are not specified.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func ClassList(link Link, parent uint32) ([]Class, error) {
return pkgHandle.ClassList(link, parent)
}
// ClassList gets a list of classes in the system.
// Equivalent to: `tc class show`.
+//
// Generally returns nothing if link and parent are not specified.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
req := h.newNetlinkRequest(unix.RTM_GETTCLASS, unix.NLM_F_DUMP)
msg := &nl.TcMsg{
@@ -222,9 +228,9 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
}
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTCLASS)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTCLASS)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res []Class
@@ -295,7 +301,7 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
res = append(res, class)
}
- return res, nil
+ return res, executeErr
}
func parseHtbClassData(class Class, data []syscall.NetlinkRouteAttr) (bool, error) {
diff --git a/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
index ba022453b3..b3d354d75e 100644
--- a/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
@@ -5,6 +5,7 @@ import (
"encoding/binary"
"errors"
"fmt"
+ "io/fs"
"net"
"time"
@@ -44,6 +45,9 @@ type InetFamily uint8
// ConntrackTableList returns the flow list of a table of a specific family
// conntrack -L [table] [options] List conntrack or expectation table
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error) {
return pkgHandle.ConntrackTableList(table, family)
}
@@ -70,7 +74,7 @@ func ConntrackUpdate(table ConntrackTableType, family InetFamily, flow *Conntrac
// ConntrackDeleteFilter deletes entries on the specified table on the base of the filter
// conntrack -D [table] parameters Delete conntrack or expectation
//
-// Deprecated: use [ConntrackDeleteFilter] instead.
+// Deprecated: use [ConntrackDeleteFilters] instead.
func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error) {
return pkgHandle.ConntrackDeleteFilters(table, family, filter)
}
@@ -83,10 +87,13 @@ func ConntrackDeleteFilters(table ConntrackTableType, family InetFamily, filters
// ConntrackTableList returns the flow list of a table of a specific family using the netlink handle passed
// conntrack -L [table] [options] List conntrack or expectation table
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error) {
- res, err := h.dumpConntrackTable(table, family)
- if err != nil {
- return nil, err
+ res, executeErr := h.dumpConntrackTable(table, family)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
// Deserialize all the flows
@@ -95,7 +102,7 @@ func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily)
result = append(result, parseRawData(dataRaw))
}
- return result, nil
+ return result, executeErr
}
// ConntrackTableFlush flushes all the flows of a specified table using the netlink handle passed
@@ -152,11 +159,18 @@ func (h *Handle) ConntrackDeleteFilter(table ConntrackTableType, family InetFami
// ConntrackDeleteFilters deletes entries on the specified table matching any of the specified filters using the netlink handle passed
// conntrack -D [table] parameters Delete conntrack or expectation
func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFamily, filters ...CustomConntrackFilter) (uint, error) {
+ var finalErr error
res, err := h.dumpConntrackTable(table, family)
if err != nil {
- return 0, err
+ if !errors.Is(err, ErrDumpInterrupted) {
+ return 0, err
+ }
+ // This allows us to at least do a best effort to try to clean the
+ // entries matching the filter.
+ finalErr = err
}
+ var totalFilterErrors int
var matched uint
for _, dataRaw := range res {
flow := parseRawData(dataRaw)
@@ -165,15 +179,20 @@ func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFam
req2 := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_DELETE, unix.NLM_F_ACK)
// skip the first 4 byte that are the netfilter header, the newConntrackRequest is adding it already
req2.AddRawData(dataRaw[4:])
- req2.Execute(unix.NETLINK_NETFILTER, 0)
- matched++
- // flow is already deleted, no need to match on other filters and continue to the next flow.
- break
+ if _, err = req2.Execute(unix.NETLINK_NETFILTER, 0); err == nil || errors.Is(err, fs.ErrNotExist) {
+ matched++
+ // flow is already deleted, no need to match on other filters and continue to the next flow.
+ break
+ } else {
+ totalFilterErrors++
+ }
}
}
}
-
- return matched, nil
+ if totalFilterErrors > 0 {
+ finalErr = errors.Join(finalErr, fmt.Errorf("failed to delete %d conntrack flows with %d filters", totalFilterErrors, len(filters)))
+ }
+ return matched, finalErr
}
func (h *Handle) newConntrackRequest(table ConntrackTableType, family InetFamily, operation, flags int) *nl.NetlinkRequest {
diff --git a/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go b/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go
index 0bfdf422d1..0049048dc3 100644
--- a/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go
@@ -33,7 +33,7 @@ func ConntrackTableFlush(table ConntrackTableType) error {
// ConntrackDeleteFilter deletes entries on the specified table on the base of the filter
// conntrack -D [table] parameters Delete conntrack or expectation
//
-// Deprecated: use [ConntrackDeleteFilter] instead.
+// Deprecated: use [ConntrackDeleteFilters] instead.
func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter *ConntrackFilter) (uint, error) {
return 0, ErrNotImplemented
}
diff --git a/vendor/github.com/vishvananda/netlink/devlink_linux.go b/vendor/github.com/vishvananda/netlink/devlink_linux.go
index d98801dbbe..45d8ee4b6b 100644
--- a/vendor/github.com/vishvananda/netlink/devlink_linux.go
+++ b/vendor/github.com/vishvananda/netlink/devlink_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"net"
"strings"
@@ -466,6 +467,8 @@ func (h *Handle) getEswitchAttrs(family *GenlFamily, dev *DevlinkDevice) {
// DevLinkGetDeviceList provides a pointer to devlink devices and nil error,
// otherwise returns an error code.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
f, err := h.GenlFamilyGet(nl.GENL_DEVLINK_NAME)
if err != nil {
@@ -478,9 +481,9 @@ func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
req := h.newNetlinkRequest(int(f.ID),
unix.NLM_F_REQUEST|unix.NLM_F_ACK|unix.NLM_F_DUMP)
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
devices, err := parseDevLinkDeviceList(msgs)
if err != nil {
@@ -489,11 +492,14 @@ func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
for _, d := range devices {
h.getEswitchAttrs(f, d)
}
- return devices, nil
+ return devices, executeErr
}
// DevLinkGetDeviceList provides a pointer to devlink devices and nil error,
// otherwise returns an error code.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
return pkgHandle.DevLinkGetDeviceList()
}
@@ -646,6 +652,8 @@ func parseDevLinkAllPortList(msgs [][]byte) ([]*DevlinkPort, error) {
// DevLinkGetPortList provides a pointer to devlink ports and nil error,
// otherwise returns an error code.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) DevLinkGetAllPortList() ([]*DevlinkPort, error) {
f, err := h.GenlFamilyGet(nl.GENL_DEVLINK_NAME)
if err != nil {
@@ -658,19 +666,21 @@ func (h *Handle) DevLinkGetAllPortList() ([]*DevlinkPort, error) {
req := h.newNetlinkRequest(int(f.ID),
unix.NLM_F_REQUEST|unix.NLM_F_ACK|unix.NLM_F_DUMP)
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
ports, err := parseDevLinkAllPortList(msgs)
if err != nil {
return nil, err
}
- return ports, nil
+ return ports, executeErr
}
// DevLinkGetPortList provides a pointer to devlink ports and nil error,
// otherwise returns an error code.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func DevLinkGetAllPortList() ([]*DevlinkPort, error) {
return pkgHandle.DevLinkGetAllPortList()
}
@@ -738,15 +748,18 @@ func (h *Handle) DevlinkGetDeviceResources(bus string, device string) (*DevlinkR
// DevlinkGetDeviceParams returns parameters for devlink device
// Equivalent to: `devlink dev param show /`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkParam, error) {
_, req, err := h.createCmdReq(nl.DEVLINK_CMD_PARAM_GET, bus, device)
if err != nil {
return nil, err
}
req.Flags |= unix.NLM_F_DUMP
- respmsg, err := req.Execute(unix.NETLINK_GENERIC, 0)
- if err != nil {
- return nil, err
+ respmsg, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var params []*DevlinkParam
for _, m := range respmsg {
@@ -761,11 +774,14 @@ func (h *Handle) DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkPa
params = append(params, p)
}
- return params, nil
+ return params, executeErr
}
// DevlinkGetDeviceParams returns parameters for devlink device
// Equivalent to: `devlink dev param show /`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkParam, error) {
return pkgHandle.DevlinkGetDeviceParams(bus, device)
}
diff --git a/vendor/github.com/vishvananda/netlink/filter.go b/vendor/github.com/vishvananda/netlink/filter.go
index 84e1ca7a49..a722e0a27b 100644
--- a/vendor/github.com/vishvananda/netlink/filter.go
+++ b/vendor/github.com/vishvananda/netlink/filter.go
@@ -231,6 +231,35 @@ func NewCsumAction() *CsumAction {
}
}
+type VlanAct int8
+
+type VlanAction struct {
+ ActionAttrs
+ Action VlanAct
+ VlanID uint16
+}
+
+const (
+ TCA_VLAN_ACT_POP VlanAct = 1
+ TCA_VLAN_ACT_PUSH VlanAct = 2
+)
+
+func (action *VlanAction) Type() string {
+ return "vlan"
+}
+
+func (action *VlanAction) Attrs() *ActionAttrs {
+ return &action.ActionAttrs
+}
+
+func NewVlanAction() *VlanAction {
+ return &VlanAction{
+ ActionAttrs: ActionAttrs{
+ Action: TC_ACT_PIPE,
+ },
+ }
+}
+
type MirredAct uint8
func (a MirredAct) String() string {
diff --git a/vendor/github.com/vishvananda/netlink/filter_linux.go b/vendor/github.com/vishvananda/netlink/filter_linux.go
index 87cd18f8e4..404e50d524 100644
--- a/vendor/github.com/vishvananda/netlink/filter_linux.go
+++ b/vendor/github.com/vishvananda/netlink/filter_linux.go
@@ -65,6 +65,9 @@ type Flower struct {
EncSrcIPMask net.IPMask
EncDestPort uint16
EncKeyId uint32
+ SrcMac net.HardwareAddr
+ DestMac net.HardwareAddr
+ VlanId uint16
SkipHw bool
SkipSw bool
IPProto *nl.IPProto
@@ -135,6 +138,15 @@ func (filter *Flower) encode(parent *nl.RtAttr) error {
if filter.EncKeyId != 0 {
parent.AddRtAttr(nl.TCA_FLOWER_KEY_ENC_KEY_ID, htonl(filter.EncKeyId))
}
+ if filter.SrcMac != nil {
+ parent.AddRtAttr(nl.TCA_FLOWER_KEY_ETH_SRC, filter.SrcMac)
+ }
+ if filter.DestMac != nil {
+ parent.AddRtAttr(nl.TCA_FLOWER_KEY_ETH_DST, filter.DestMac)
+ }
+ if filter.VlanId != 0 {
+ parent.AddRtAttr(nl.TCA_FLOWER_KEY_VLAN_ID, nl.Uint16Attr(filter.VlanId))
+ }
if filter.IPProto != nil {
ipproto := *filter.IPProto
parent.AddRtAttr(nl.TCA_FLOWER_KEY_IP_PROTO, ipproto.Serialize())
@@ -201,6 +213,13 @@ func (filter *Flower) decode(data []syscall.NetlinkRouteAttr) error {
filter.EncDestPort = ntohs(datum.Value)
case nl.TCA_FLOWER_KEY_ENC_KEY_ID:
filter.EncKeyId = ntohl(datum.Value)
+ case nl.TCA_FLOWER_KEY_ETH_SRC:
+ filter.SrcMac = datum.Value
+ case nl.TCA_FLOWER_KEY_ETH_DST:
+ filter.DestMac = datum.Value
+ case nl.TCA_FLOWER_KEY_VLAN_ID:
+ filter.VlanId = native.Uint16(datum.Value[0:2])
+ filter.EthType = unix.ETH_P_8021Q
case nl.TCA_FLOWER_KEY_IP_PROTO:
val := new(nl.IPProto)
*val = nl.IPProto(datum.Value[0])
@@ -405,14 +424,20 @@ func (h *Handle) filterModify(filter Filter, proto, flags int) error {
// FilterList gets a list of filters in the system.
// Equivalent to: `tc filter show`.
+//
// Generally returns nothing if link and parent are not specified.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func FilterList(link Link, parent uint32) ([]Filter, error) {
return pkgHandle.FilterList(link, parent)
}
// FilterList gets a list of filters in the system.
// Equivalent to: `tc filter show`.
+//
// Generally returns nothing if link and parent are not specified.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
req := h.newNetlinkRequest(unix.RTM_GETTFILTER, unix.NLM_F_DUMP)
msg := &nl.TcMsg{
@@ -426,9 +451,9 @@ func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
}
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTFILTER)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTFILTER)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res []Filter
@@ -516,7 +541,7 @@ func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
}
}
- return res, nil
+ return res, executeErr
}
func toTcGen(attrs *ActionAttrs, tcgen *nl.TcGen) {
@@ -616,6 +641,22 @@ func EncodeActions(attr *nl.RtAttr, actions []Action) error {
}
toTcGen(action.Attrs(), &mirred.TcGen)
aopts.AddRtAttr(nl.TCA_MIRRED_PARMS, mirred.Serialize())
+ case *VlanAction:
+ table := attr.AddRtAttr(tabIndex, nil)
+ tabIndex++
+ table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("vlan"))
+ aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil)
+ vlan := nl.TcVlan{
+ Action: int32(action.Action),
+ }
+ toTcGen(action.Attrs(), &vlan.TcGen)
+ aopts.AddRtAttr(nl.TCA_VLAN_PARMS, vlan.Serialize())
+ if action.Action == TCA_VLAN_ACT_PUSH && action.VlanID == 0 {
+ return fmt.Errorf("vlan id is required for push action")
+ }
+ if action.VlanID != 0 {
+ aopts.AddRtAttr(nl.TCA_VLAN_PUSH_VLAN_ID, nl.Uint16Attr(action.VlanID))
+ }
case *TunnelKeyAction:
table := attr.AddRtAttr(tabIndex, nil)
tabIndex++
@@ -786,6 +827,8 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
action = &CsumAction{}
case "gact":
action = &GenericAction{}
+ case "vlan":
+ action = &VlanAction{}
case "tunnel_key":
action = &TunnelKeyAction{}
case "skbedit":
@@ -816,7 +859,17 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
tcTs := nl.DeserializeTcf(adatum.Value)
actionTimestamp = toTimeStamp(tcTs)
}
-
+ case "vlan":
+ switch adatum.Attr.Type {
+ case nl.TCA_VLAN_PARMS:
+ vlan := *nl.DeserializeTcVlan(adatum.Value)
+ action.(*VlanAction).ActionAttrs = ActionAttrs{}
+ toAttrs(&vlan.TcGen, action.Attrs())
+ action.(*VlanAction).Action = VlanAct(vlan.Action)
+ case nl.TCA_VLAN_PUSH_VLAN_ID:
+ vlanId := native.Uint16(adatum.Value[0:2])
+ action.(*VlanAction).VlanID = vlanId
+ }
case "tunnel_key":
switch adatum.Attr.Type {
case nl.TCA_TUNNEL_KEY_PARMS:
@@ -920,9 +973,11 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
actionnStatistic = (*ActionStatistic)(s)
}
}
- action.Attrs().Statistics = actionnStatistic
- action.Attrs().Timestamp = actionTimestamp
- actions = append(actions, action)
+ if action != nil {
+ action.Attrs().Statistics = actionnStatistic
+ action.Attrs().Timestamp = actionTimestamp
+ actions = append(actions, action)
+ }
}
return actions, nil
}
diff --git a/vendor/github.com/vishvananda/netlink/fou.go b/vendor/github.com/vishvananda/netlink/fou.go
index 71e73c37a0..ea9f6cf673 100644
--- a/vendor/github.com/vishvananda/netlink/fou.go
+++ b/vendor/github.com/vishvananda/netlink/fou.go
@@ -1,16 +1,7 @@
package netlink
import (
- "errors"
-)
-
-var (
- // ErrAttrHeaderTruncated is returned when a netlink attribute's header is
- // truncated.
- ErrAttrHeaderTruncated = errors.New("attribute header truncated")
- // ErrAttrBodyTruncated is returned when a netlink attribute's body is
- // truncated.
- ErrAttrBodyTruncated = errors.New("attribute body truncated")
+ "net"
)
type Fou struct {
@@ -18,4 +9,8 @@ type Fou struct {
Port int
Protocol int
EncapType int
+ Local net.IP
+ Peer net.IP
+ PeerPort int
+ IfIndex int
}
diff --git a/vendor/github.com/vishvananda/netlink/fou_linux.go b/vendor/github.com/vishvananda/netlink/fou_linux.go
index ed55b2b790..7645a5a5c2 100644
--- a/vendor/github.com/vishvananda/netlink/fou_linux.go
+++ b/vendor/github.com/vishvananda/netlink/fou_linux.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
package netlink
@@ -5,6 +6,8 @@ package netlink
import (
"encoding/binary"
"errors"
+ "log"
+ "net"
"github.com/vishvananda/netlink/nl"
"golang.org/x/sys/unix"
@@ -29,6 +32,12 @@ const (
FOU_ATTR_IPPROTO
FOU_ATTR_TYPE
FOU_ATTR_REMCSUM_NOPARTIAL
+ FOU_ATTR_LOCAL_V4
+ FOU_ATTR_LOCAL_V6
+ FOU_ATTR_PEER_V4
+ FOU_ATTR_PEER_V6
+ FOU_ATTR_PEER_PORT
+ FOU_ATTR_IFINDEX
FOU_ATTR_MAX = FOU_ATTR_REMCSUM_NOPARTIAL
)
@@ -128,10 +137,14 @@ func (h *Handle) FouDel(f Fou) error {
return nil
}
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func FouList(fam int) ([]Fou, error) {
return pkgHandle.FouList(fam)
}
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) FouList(fam int) ([]Fou, error) {
fam_id, err := FouFamilyId()
if err != nil {
@@ -150,9 +163,9 @@ func (h *Handle) FouList(fam int) ([]Fou, error) {
req.AddRawData(raw)
- msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+ if executeErr != nil && !errors.Is(err, ErrDumpInterrupted) {
+ return nil, executeErr
}
fous := make([]Fou, 0, len(msgs))
@@ -165,45 +178,32 @@ func (h *Handle) FouList(fam int) ([]Fou, error) {
fous = append(fous, f)
}
- return fous, nil
+ return fous, executeErr
}
func deserializeFouMsg(msg []byte) (Fou, error) {
- // we'll skip to byte 4 to first attribute
- msg = msg[3:]
- var shift int
fou := Fou{}
- for {
- // attribute header is at least 16 bits
- if len(msg) < 4 {
- return fou, ErrAttrHeaderTruncated
- }
-
- lgt := int(binary.BigEndian.Uint16(msg[0:2]))
- if len(msg) < lgt+4 {
- return fou, ErrAttrBodyTruncated
- }
- attr := binary.BigEndian.Uint16(msg[2:4])
-
- shift = lgt + 3
- switch attr {
+ for attr := range nl.ParseAttributes(msg[4:]) {
+ switch attr.Type {
case FOU_ATTR_AF:
- fou.Family = int(msg[5])
+ fou.Family = int(attr.Value[0])
case FOU_ATTR_PORT:
- fou.Port = int(binary.BigEndian.Uint16(msg[5:7]))
- // port is 2 bytes
- shift = lgt + 2
+ fou.Port = int(networkOrder.Uint16(attr.Value))
case FOU_ATTR_IPPROTO:
- fou.Protocol = int(msg[5])
+ fou.Protocol = int(attr.Value[0])
case FOU_ATTR_TYPE:
- fou.EncapType = int(msg[5])
- }
-
- msg = msg[shift:]
-
- if len(msg) < 4 {
- break
+ fou.EncapType = int(attr.Value[0])
+ case FOU_ATTR_LOCAL_V4, FOU_ATTR_LOCAL_V6:
+ fou.Local = net.IP(attr.Value)
+ case FOU_ATTR_PEER_V4, FOU_ATTR_PEER_V6:
+ fou.Peer = net.IP(attr.Value)
+ case FOU_ATTR_PEER_PORT:
+ fou.PeerPort = int(networkOrder.Uint16(attr.Value))
+ case FOU_ATTR_IFINDEX:
+ fou.IfIndex = int(native.Uint16(attr.Value))
+ default:
+ log.Printf("unknown fou attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
}
}
diff --git a/vendor/github.com/vishvananda/netlink/fou_unspecified.go b/vendor/github.com/vishvananda/netlink/fou_unspecified.go
index 3a8365bfe6..7e550151ad 100644
--- a/vendor/github.com/vishvananda/netlink/fou_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/fou_unspecified.go
@@ -1,3 +1,4 @@
+//go:build !linux
// +build !linux
package netlink
diff --git a/vendor/github.com/vishvananda/netlink/genetlink_linux.go b/vendor/github.com/vishvananda/netlink/genetlink_linux.go
index 772e5834a2..7bdaad97b4 100644
--- a/vendor/github.com/vishvananda/netlink/genetlink_linux.go
+++ b/vendor/github.com/vishvananda/netlink/genetlink_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"syscall"
@@ -126,6 +127,8 @@ func parseFamilies(msgs [][]byte) ([]*GenlFamily, error) {
return families, nil
}
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) GenlFamilyList() ([]*GenlFamily, error) {
msg := &nl.Genlmsg{
Command: nl.GENL_CTRL_CMD_GETFAMILY,
@@ -133,13 +136,19 @@ func (h *Handle) GenlFamilyList() ([]*GenlFamily, error) {
}
req := h.newNetlinkRequest(nl.GENL_ID_CTRL, unix.NLM_F_DUMP)
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
+ msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
+ }
+ families, err := parseFamilies(msgs)
if err != nil {
return nil, err
}
- return parseFamilies(msgs)
+ return families, executeErr
}
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func GenlFamilyList() ([]*GenlFamily, error) {
return pkgHandle.GenlFamilyList()
}
diff --git a/vendor/github.com/vishvananda/netlink/gtp_linux.go b/vendor/github.com/vishvananda/netlink/gtp_linux.go
index f5e160ba5c..377dcae5c0 100644
--- a/vendor/github.com/vishvananda/netlink/gtp_linux.go
+++ b/vendor/github.com/vishvananda/netlink/gtp_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"net"
"strings"
@@ -74,6 +75,8 @@ func parsePDP(msgs [][]byte) ([]*PDP, error) {
return pdps, nil
}
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) GTPPDPList() ([]*PDP, error) {
f, err := h.GenlFamilyGet(nl.GENL_GTP_NAME)
if err != nil {
@@ -85,13 +88,19 @@ func (h *Handle) GTPPDPList() ([]*PDP, error) {
}
req := h.newNetlinkRequest(int(f.ID), unix.NLM_F_DUMP)
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
+ msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+ if executeErr != nil && !errors.Is(err, ErrDumpInterrupted) {
+ return nil, executeErr
+ }
+ pdps, err := parsePDP(msgs)
if err != nil {
return nil, err
}
- return parsePDP(msgs)
+ return pdps, executeErr
}
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func GTPPDPList() ([]*PDP, error) {
return pkgHandle.GTPPDPList()
}
diff --git a/vendor/github.com/vishvananda/netlink/link.go b/vendor/github.com/vishvananda/netlink/link.go
index f820cdb678..cccf5d792a 100644
--- a/vendor/github.com/vishvananda/netlink/link.go
+++ b/vendor/github.com/vishvananda/netlink/link.go
@@ -56,6 +56,8 @@ type LinkAttrs struct {
Vfs []VfInfo // virtual functions available on link
Group uint32
PermHWAddr net.HardwareAddr
+ ParentDev string
+ ParentDevBus string
Slave LinkSlave
}
@@ -377,6 +379,13 @@ const (
NETKIT_POLICY_BLACKHOLE NetkitPolicy = 2
)
+type NetkitScrub int
+
+const (
+ NETKIT_SCRUB_NONE NetkitScrub = 0
+ NETKIT_SCRUB_DEFAULT NetkitScrub = 1
+)
+
func (n *Netkit) IsPrimary() bool {
return n.isPrimary
}
@@ -391,6 +400,9 @@ type Netkit struct {
Mode NetkitMode
Policy NetkitPolicy
PeerPolicy NetkitPolicy
+ Scrub NetkitScrub
+ PeerScrub NetkitScrub
+ supportsScrub bool
isPrimary bool
peerLinkAttrs LinkAttrs
}
@@ -403,6 +415,10 @@ func (n *Netkit) Type() string {
return "netkit"
}
+func (n *Netkit) SupportsScrub() bool {
+ return n.supportsScrub
+}
+
// Veth devices must specify PeerName on create
type Veth struct {
LinkAttrs
@@ -761,19 +777,19 @@ const (
)
var bondXmitHashPolicyToString = map[BondXmitHashPolicy]string{
- BOND_XMIT_HASH_POLICY_LAYER2: "layer2",
- BOND_XMIT_HASH_POLICY_LAYER3_4: "layer3+4",
- BOND_XMIT_HASH_POLICY_LAYER2_3: "layer2+3",
- BOND_XMIT_HASH_POLICY_ENCAP2_3: "encap2+3",
- BOND_XMIT_HASH_POLICY_ENCAP3_4: "encap3+4",
+ BOND_XMIT_HASH_POLICY_LAYER2: "layer2",
+ BOND_XMIT_HASH_POLICY_LAYER3_4: "layer3+4",
+ BOND_XMIT_HASH_POLICY_LAYER2_3: "layer2+3",
+ BOND_XMIT_HASH_POLICY_ENCAP2_3: "encap2+3",
+ BOND_XMIT_HASH_POLICY_ENCAP3_4: "encap3+4",
BOND_XMIT_HASH_POLICY_VLAN_SRCMAC: "vlan+srcmac",
}
var StringToBondXmitHashPolicyMap = map[string]BondXmitHashPolicy{
- "layer2": BOND_XMIT_HASH_POLICY_LAYER2,
- "layer3+4": BOND_XMIT_HASH_POLICY_LAYER3_4,
- "layer2+3": BOND_XMIT_HASH_POLICY_LAYER2_3,
- "encap2+3": BOND_XMIT_HASH_POLICY_ENCAP2_3,
- "encap3+4": BOND_XMIT_HASH_POLICY_ENCAP3_4,
+ "layer2": BOND_XMIT_HASH_POLICY_LAYER2,
+ "layer3+4": BOND_XMIT_HASH_POLICY_LAYER3_4,
+ "layer2+3": BOND_XMIT_HASH_POLICY_LAYER2_3,
+ "encap2+3": BOND_XMIT_HASH_POLICY_ENCAP2_3,
+ "encap3+4": BOND_XMIT_HASH_POLICY_ENCAP3_4,
"vlan+srcmac": BOND_XMIT_HASH_POLICY_VLAN_SRCMAC,
}
diff --git a/vendor/github.com/vishvananda/netlink/link_linux.go b/vendor/github.com/vishvananda/netlink/link_linux.go
index d713612a90..889ce64360 100644
--- a/vendor/github.com/vishvananda/netlink/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/link_linux.go
@@ -3,6 +3,7 @@ package netlink
import (
"bytes"
"encoding/binary"
+ "errors"
"fmt"
"io/ioutil"
"net"
@@ -1807,20 +1808,20 @@ func (h *Handle) LinkDel(link Link) error {
}
func (h *Handle) linkByNameDump(name string) (Link, error) {
- links, err := h.LinkList()
- if err != nil {
- return nil, err
+ links, executeErr := h.LinkList()
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
for _, link := range links {
if link.Attrs().Name == name {
- return link, nil
+ return link, executeErr
}
// support finding interfaces also via altnames
for _, altName := range link.Attrs().AltNames {
if altName == name {
- return link, nil
+ return link, executeErr
}
}
}
@@ -1828,25 +1829,33 @@ func (h *Handle) linkByNameDump(name string) (Link, error) {
}
func (h *Handle) linkByAliasDump(alias string) (Link, error) {
- links, err := h.LinkList()
- if err != nil {
- return nil, err
+ links, executeErr := h.LinkList()
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
for _, link := range links {
if link.Attrs().Alias == alias {
- return link, nil
+ return link, executeErr
}
}
return nil, LinkNotFoundError{fmt.Errorf("Link alias %s not found", alias)}
}
// LinkByName finds a link by name and returns a pointer to the object.
+//
+// If the kernel doesn't support IFLA_IFNAME, this method will fall back to
+// filtering a dump of all link names. In this case, if the returned error is
+// [ErrDumpInterrupted] the result may be missing or outdated.
func LinkByName(name string) (Link, error) {
return pkgHandle.LinkByName(name)
}
// LinkByName finds a link by name and returns a pointer to the object.
+//
+// If the kernel doesn't support IFLA_IFNAME, this method will fall back to
+// filtering a dump of all link names. In this case, if the returned error is
+// [ErrDumpInterrupted] the result may be missing or outdated.
func (h *Handle) LinkByName(name string) (Link, error) {
if h.lookupByDump {
return h.linkByNameDump(name)
@@ -1879,12 +1888,20 @@ func (h *Handle) LinkByName(name string) (Link, error) {
// LinkByAlias finds a link by its alias and returns a pointer to the object.
// If there are multiple links with the alias it returns the first one
+//
+// If the kernel doesn't support IFLA_IFALIAS, this method will fall back to
+// filtering a dump of all link names. In this case, if the returned error is
+// [ErrDumpInterrupted] the result may be missing or outdated.
func LinkByAlias(alias string) (Link, error) {
return pkgHandle.LinkByAlias(alias)
}
// LinkByAlias finds a link by its alias and returns a pointer to the object.
// If there are multiple links with the alias it returns the first one
+//
+// If the kernel doesn't support IFLA_IFALIAS, this method will fall back to
+// filtering a dump of all link names. In this case, if the returned error is
+// [ErrDumpInterrupted] the result may be missing or outdated.
func (h *Handle) LinkByAlias(alias string) (Link, error) {
if h.lookupByDump {
return h.linkByAliasDump(alias)
@@ -2246,6 +2263,10 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) {
break
}
}
+ case unix.IFLA_PARENT_DEV_NAME:
+ base.ParentDev = string(attr.Value[:len(attr.Value)-1])
+ case unix.IFLA_PARENT_DEV_BUS_NAME:
+ base.ParentDevBus = string(attr.Value[:len(attr.Value)-1])
}
}
@@ -2321,6 +2342,9 @@ func LinkList() ([]Link, error) {
// LinkList gets a list of link devices.
// Equivalent to: `ip link show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) LinkList() ([]Link, error) {
// NOTE(vish): This duplicates functionality in net/iface_linux.go, but we need
// to get the message ourselves to parse link type.
@@ -2331,9 +2355,9 @@ func (h *Handle) LinkList() ([]Link, error) {
attr := nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(nl.RTEXT_FILTER_VF))
req.AddData(attr)
- msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res []Link
@@ -2345,7 +2369,7 @@ func (h *Handle) LinkList() ([]Link, error) {
res = append(res, link)
}
- return res, nil
+ return res, executeErr
}
// LinkUpdate is used to pass information back from LinkSubscribe()
@@ -2381,6 +2405,10 @@ type LinkSubscribeOptions struct {
// LinkSubscribeWithOptions work like LinkSubscribe but enable to
// provide additional options to modify the behavior. Currently, the
// namespace can be provided as well as an error callback.
+//
+// When options.ListExisting is true, options.ErrorCallback may be
+// called with [ErrDumpInterrupted] to indicate that results from
+// the initial dump of links may be inconsistent or incomplete.
func LinkSubscribeWithOptions(ch chan<- LinkUpdate, done <-chan struct{}, options LinkSubscribeOptions) error {
if options.Namespace == nil {
none := netns.None()
@@ -2440,6 +2468,9 @@ func linkSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- LinkUpdate, done <-c
continue
}
for _, m := range msgs {
+ if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil {
+ cberr(ErrDumpInterrupted)
+ }
if m.Header.Type == unix.NLMSG_DONE {
continue
}
@@ -2640,8 +2671,8 @@ func (h *Handle) LinkSetGroup(link Link, group int) error {
}
func addNetkitAttrs(nk *Netkit, linkInfo *nl.RtAttr, flag int) error {
- if nk.peerLinkAttrs.HardwareAddr != nil || nk.HardwareAddr != nil {
- return fmt.Errorf("netkit doesn't support setting Ethernet")
+ if nk.Mode != NETKIT_MODE_L2 && (nk.LinkAttrs.HardwareAddr != nil || nk.peerLinkAttrs.HardwareAddr != nil) {
+ return fmt.Errorf("netkit only allows setting Ethernet in L2 mode")
}
data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
@@ -2649,6 +2680,8 @@ func addNetkitAttrs(nk *Netkit, linkInfo *nl.RtAttr, flag int) error {
data.AddRtAttr(nl.IFLA_NETKIT_MODE, nl.Uint32Attr(uint32(nk.Mode)))
data.AddRtAttr(nl.IFLA_NETKIT_POLICY, nl.Uint32Attr(uint32(nk.Policy)))
data.AddRtAttr(nl.IFLA_NETKIT_PEER_POLICY, nl.Uint32Attr(uint32(nk.PeerPolicy)))
+ data.AddRtAttr(nl.IFLA_NETKIT_SCRUB, nl.Uint32Attr(uint32(nk.Scrub)))
+ data.AddRtAttr(nl.IFLA_NETKIT_PEER_SCRUB, nl.Uint32Attr(uint32(nk.PeerScrub)))
if (flag & unix.NLM_F_EXCL) == 0 {
// Modifying peer link attributes will not take effect
@@ -2691,6 +2724,9 @@ func addNetkitAttrs(nk *Netkit, linkInfo *nl.RtAttr, flag int) error {
peer.AddRtAttr(unix.IFLA_NET_NS_FD, nl.Uint32Attr(uint32(ns)))
}
}
+ if nk.peerLinkAttrs.HardwareAddr != nil {
+ peer.AddRtAttr(unix.IFLA_ADDRESS, []byte(nk.peerLinkAttrs.HardwareAddr))
+ }
return nil
}
@@ -2709,6 +2745,12 @@ func parseNetkitData(link Link, data []syscall.NetlinkRouteAttr) {
netkit.Policy = NetkitPolicy(native.Uint32(datum.Value[0:4]))
case nl.IFLA_NETKIT_PEER_POLICY:
netkit.PeerPolicy = NetkitPolicy(native.Uint32(datum.Value[0:4]))
+ case nl.IFLA_NETKIT_SCRUB:
+ netkit.supportsScrub = true
+ netkit.Scrub = NetkitScrub(native.Uint32(datum.Value[0:4]))
+ case nl.IFLA_NETKIT_PEER_SCRUB:
+ netkit.supportsScrub = true
+ netkit.PeerScrub = NetkitScrub(native.Uint32(datum.Value[0:4]))
}
}
}
@@ -2782,7 +2824,7 @@ func parseVxlanData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_VXLAN_PORT_RANGE:
buf := bytes.NewBuffer(datum.Value[0:4])
var pr vxlanPortRange
- if binary.Read(buf, binary.BigEndian, &pr) != nil {
+ if binary.Read(buf, binary.BigEndian, &pr) == nil {
vxlan.PortLow = int(pr.Lo)
vxlan.PortHigh = int(pr.Hi)
}
@@ -3006,7 +3048,6 @@ func parseMacvlanData(link Link, data []syscall.NetlinkRouteAttr) {
}
}
-// copied from pkg/net_linux.go
func linkFlags(rawFlags uint32) net.Flags {
var f net.Flags
if rawFlags&unix.IFF_UP != 0 {
@@ -3024,6 +3065,9 @@ func linkFlags(rawFlags uint32) net.Flags {
if rawFlags&unix.IFF_MULTICAST != 0 {
f |= net.FlagMulticast
}
+ if rawFlags&unix.IFF_RUNNING != 0 {
+ f |= net.FlagRunning
+ }
return f
}
diff --git a/vendor/github.com/vishvananda/netlink/neigh_linux.go b/vendor/github.com/vishvananda/netlink/neigh_linux.go
index 2d93044a6e..1c6f2958ae 100644
--- a/vendor/github.com/vishvananda/netlink/neigh_linux.go
+++ b/vendor/github.com/vishvananda/netlink/neigh_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"net"
"syscall"
@@ -206,6 +207,9 @@ func neighHandle(neigh *Neigh, req *nl.NetlinkRequest) error {
// NeighList returns a list of IP-MAC mappings in the system (ARP table).
// Equivalent to: `ip neighbor show`.
// The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func NeighList(linkIndex, family int) ([]Neigh, error) {
return pkgHandle.NeighList(linkIndex, family)
}
@@ -213,6 +217,9 @@ func NeighList(linkIndex, family int) ([]Neigh, error) {
// NeighProxyList returns a list of neighbor proxies in the system.
// Equivalent to: `ip neighbor show proxy`.
// The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func NeighProxyList(linkIndex, family int) ([]Neigh, error) {
return pkgHandle.NeighProxyList(linkIndex, family)
}
@@ -220,6 +227,9 @@ func NeighProxyList(linkIndex, family int) ([]Neigh, error) {
// NeighList returns a list of IP-MAC mappings in the system (ARP table).
// Equivalent to: `ip neighbor show`.
// The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error) {
return h.NeighListExecute(Ndmsg{
Family: uint8(family),
@@ -230,6 +240,9 @@ func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error) {
// NeighProxyList returns a list of neighbor proxies in the system.
// Equivalent to: `ip neighbor show proxy`.
// The list can be filtered by link, ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error) {
return h.NeighListExecute(Ndmsg{
Family: uint8(family),
@@ -239,18 +252,24 @@ func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error) {
}
// NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func NeighListExecute(msg Ndmsg) ([]Neigh, error) {
return pkgHandle.NeighListExecute(msg)
}
// NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) {
req := h.newNetlinkRequest(unix.RTM_GETNEIGH, unix.NLM_F_DUMP)
req.AddData(&msg)
- msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNEIGH)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNEIGH)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res []Neigh
@@ -281,7 +300,7 @@ func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) {
res = append(res, *neigh)
}
- return res, nil
+ return res, executeErr
}
func NeighDeserialize(m []byte) (*Neigh, error) {
@@ -364,6 +383,10 @@ type NeighSubscribeOptions struct {
// NeighSubscribeWithOptions work like NeighSubscribe but enable to
// provide additional options to modify the behavior. Currently, the
// namespace can be provided as well as an error callback.
+//
+// When options.ListExisting is true, options.ErrorCallback may be
+// called with [ErrDumpInterrupted] to indicate that results from
+// the initial dump of links may be inconsistent or incomplete.
func NeighSubscribeWithOptions(ch chan<- NeighUpdate, done <-chan struct{}, options NeighSubscribeOptions) error {
if options.Namespace == nil {
none := netns.None()
@@ -428,6 +451,9 @@ func neighSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- NeighUpdate, done <
continue
}
for _, m := range msgs {
+ if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil {
+ cberr(ErrDumpInterrupted)
+ }
if m.Header.Type == unix.NLMSG_DONE {
if listExisting {
// This will be called after handling AF_UNSPEC
diff --git a/vendor/github.com/vishvananda/netlink/netlink_linux.go b/vendor/github.com/vishvananda/netlink/netlink_linux.go
index a20d293d87..7416e30510 100644
--- a/vendor/github.com/vishvananda/netlink/netlink_linux.go
+++ b/vendor/github.com/vishvananda/netlink/netlink_linux.go
@@ -9,3 +9,6 @@ const (
FAMILY_V6 = nl.FAMILY_V6
FAMILY_MPLS = nl.FAMILY_MPLS
)
+
+// ErrDumpInterrupted is an alias for [nl.ErrDumpInterrupted].
+var ErrDumpInterrupted = nl.ErrDumpInterrupted
diff --git a/vendor/github.com/vishvananda/netlink/nl/link_linux.go b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
index 0b5be470cb..6dfa16cc28 100644
--- a/vendor/github.com/vishvananda/netlink/nl/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
@@ -38,6 +38,8 @@ const (
IFLA_NETKIT_POLICY
IFLA_NETKIT_PEER_POLICY
IFLA_NETKIT_MODE
+ IFLA_NETKIT_SCRUB
+ IFLA_NETKIT_PEER_SCRUB
IFLA_NETKIT_MAX = IFLA_NETKIT_MODE
)
diff --git a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
index 6cecc4517a..4d2732a9e8 100644
--- a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
@@ -4,6 +4,7 @@ package nl
import (
"bytes"
"encoding/binary"
+ "errors"
"fmt"
"net"
"os"
@@ -11,6 +12,7 @@ import (
"sync"
"sync/atomic"
"syscall"
+ "time"
"unsafe"
"github.com/vishvananda/netns"
@@ -43,6 +45,26 @@ var SocketTimeoutTv = unix.Timeval{Sec: 60, Usec: 0}
// ErrorMessageReporting is the default error message reporting configuration for the new netlink sockets
var EnableErrorMessageReporting bool = false
+// ErrDumpInterrupted is an instance of errDumpInterrupted, used to report that
+// a netlink function has set the NLM_F_DUMP_INTR flag in a response message,
+// indicating that the results may be incomplete or inconsistent.
+var ErrDumpInterrupted = errDumpInterrupted{}
+
+// errDumpInterrupted is an error type, used to report that NLM_F_DUMP_INTR was
+// set in a netlink response.
+type errDumpInterrupted struct{}
+
+func (errDumpInterrupted) Error() string {
+ return "results may be incomplete or inconsistent"
+}
+
+// Before errDumpInterrupted was introduced, EINTR was returned when a netlink
+// response had NLM_F_DUMP_INTR. Retain backward compatibility with code that
+// may be checking for EINTR using Is.
+func (e errDumpInterrupted) Is(target error) bool {
+ return target == unix.EINTR
+}
+
// GetIPFamily returns the family type of a net.IP.
func GetIPFamily(ip net.IP) int {
if len(ip) <= net.IPv4len {
@@ -492,22 +514,26 @@ func (req *NetlinkRequest) AddRawData(data []byte) {
// Execute the request against the given sockType.
// Returns a list of netlink messages in serialized format, optionally filtered
// by resType.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (req *NetlinkRequest) Execute(sockType int, resType uint16) ([][]byte, error) {
var res [][]byte
err := req.ExecuteIter(sockType, resType, func(msg []byte) bool {
res = append(res, msg)
return true
})
- if err != nil {
+ if err != nil && !errors.Is(err, ErrDumpInterrupted) {
return nil, err
}
- return res, nil
+ return res, err
}
// ExecuteIter executes the request against the given sockType.
// Calls the provided callback func once for each netlink message.
// If the callback returns false, it is not called again, but
// the remaining messages are consumed/discarded.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
//
// Thread safety: ExecuteIter holds a lock on the socket until
// it finishes iteration so the callback must not call back into
@@ -559,6 +585,8 @@ func (req *NetlinkRequest) ExecuteIter(sockType int, resType uint16, f func(msg
return err
}
+ dumpIntr := false
+
done:
for {
msgs, from, err := s.Receive()
@@ -580,7 +608,7 @@ done:
}
if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 {
- return syscall.Errno(unix.EINTR)
+ dumpIntr = true
}
if m.Header.Type == unix.NLMSG_DONE || m.Header.Type == unix.NLMSG_ERROR {
@@ -634,6 +662,9 @@ done:
}
}
}
+ if dumpIntr {
+ return ErrDumpInterrupted
+ }
return nil
}
@@ -656,9 +687,11 @@ func NewNetlinkRequest(proto, flags int) *NetlinkRequest {
}
type NetlinkSocket struct {
- fd int32
- file *os.File
- lsa unix.SockaddrNetlink
+ fd int32
+ file *os.File
+ lsa unix.SockaddrNetlink
+ sendTimeout int64 // Access using atomic.Load/StoreInt64
+ receiveTimeout int64 // Access using atomic.Load/StoreInt64
sync.Mutex
}
@@ -802,8 +835,44 @@ func (s *NetlinkSocket) GetFd() int {
return int(s.fd)
}
+func (s *NetlinkSocket) GetTimeouts() (send, receive time.Duration) {
+ return time.Duration(atomic.LoadInt64(&s.sendTimeout)),
+ time.Duration(atomic.LoadInt64(&s.receiveTimeout))
+}
+
func (s *NetlinkSocket) Send(request *NetlinkRequest) error {
- return unix.Sendto(int(s.fd), request.Serialize(), 0, &s.lsa)
+ rawConn, err := s.file.SyscallConn()
+ if err != nil {
+ return err
+ }
+ var (
+ deadline time.Time
+ innerErr error
+ )
+ sendTimeout := atomic.LoadInt64(&s.sendTimeout)
+ if sendTimeout != 0 {
+ deadline = time.Now().Add(time.Duration(sendTimeout))
+ }
+ if err := s.file.SetWriteDeadline(deadline); err != nil {
+ return err
+ }
+ serializedReq := request.Serialize()
+ err = rawConn.Write(func(fd uintptr) (done bool) {
+ innerErr = unix.Sendto(int(s.fd), serializedReq, 0, &s.lsa)
+ return innerErr != unix.EWOULDBLOCK
+ })
+ if innerErr != nil {
+ return innerErr
+ }
+ if err != nil {
+ // The timeout was previously implemented using SO_SNDTIMEO on a blocking
+ // socket. So, continue to return EAGAIN when the timeout is reached.
+ if errors.Is(err, os.ErrDeadlineExceeded) {
+ return unix.EAGAIN
+ }
+ return err
+ }
+ return nil
}
func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetlink, error) {
@@ -812,20 +881,33 @@ func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetli
return nil, nil, err
}
var (
+ deadline time.Time
fromAddr *unix.SockaddrNetlink
rb [RECEIVE_BUFFER_SIZE]byte
nr int
from unix.Sockaddr
innerErr error
)
+ receiveTimeout := atomic.LoadInt64(&s.receiveTimeout)
+ if receiveTimeout != 0 {
+ deadline = time.Now().Add(time.Duration(receiveTimeout))
+ }
+ if err := s.file.SetReadDeadline(deadline); err != nil {
+ return nil, nil, err
+ }
err = rawConn.Read(func(fd uintptr) (done bool) {
nr, from, innerErr = unix.Recvfrom(int(fd), rb[:], 0)
return innerErr != unix.EWOULDBLOCK
})
if innerErr != nil {
- err = innerErr
+ return nil, nil, innerErr
}
if err != nil {
+ // The timeout was previously implemented using SO_RCVTIMEO on a blocking
+ // socket. So, continue to return EAGAIN when the timeout is reached.
+ if errors.Is(err, os.ErrDeadlineExceeded) {
+ return nil, nil, unix.EAGAIN
+ }
return nil, nil, err
}
fromAddr, ok := from.(*unix.SockaddrNetlink)
@@ -847,16 +929,14 @@ func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetli
// SetSendTimeout allows to set a send timeout on the socket
func (s *NetlinkSocket) SetSendTimeout(timeout *unix.Timeval) error {
- // Set a send timeout of SOCKET_SEND_TIMEOUT, this will allow the Send to periodically unblock and avoid that a routine
- // remains stuck on a send on a closed fd
- return unix.SetsockoptTimeval(int(s.fd), unix.SOL_SOCKET, unix.SO_SNDTIMEO, timeout)
+ atomic.StoreInt64(&s.sendTimeout, timeout.Nano())
+ return nil
}
// SetReceiveTimeout allows to set a receive timeout on the socket
func (s *NetlinkSocket) SetReceiveTimeout(timeout *unix.Timeval) error {
- // Set a read timeout of SOCKET_READ_TIMEOUT, this will allow the Read to periodically unblock and avoid that a routine
- // remains stuck on a recvmsg on a closed fd
- return unix.SetsockoptTimeval(int(s.fd), unix.SOL_SOCKET, unix.SO_RCVTIMEO, timeout)
+ atomic.StoreInt64(&s.receiveTimeout, timeout.Nano())
+ return nil
}
// SetReceiveBufferSize allows to set a receive buffer size on the socket
diff --git a/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go b/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go
index 7f49125cff..8ee0428db8 100644
--- a/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go
@@ -17,7 +17,7 @@ func ParseAttributes(data []byte) <-chan Attribute {
go func() {
i := 0
- for i+4 < len(data) {
+ for i+4 <= len(data) {
length := int(native.Uint16(data[i : i+2]))
attrType := native.Uint16(data[i+2 : i+4])
diff --git a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
index 0720729a90..b8f500792b 100644
--- a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
@@ -115,6 +115,7 @@ const (
SizeofTcConnmark = SizeofTcGen + 0x04
SizeofTcCsum = SizeofTcGen + 0x04
SizeofTcMirred = SizeofTcGen + 0x08
+ SizeofTcVlan = SizeofTcGen + 0x04
SizeofTcTunnelKey = SizeofTcGen + 0x04
SizeofTcSkbEdit = SizeofTcGen
SizeofTcPolice = 2*SizeofTcRateSpec + 0x20
@@ -816,6 +817,41 @@ func (x *TcMirred) Serialize() []byte {
return (*(*[SizeofTcMirred]byte)(unsafe.Pointer(x)))[:]
}
+const (
+ TCA_VLAN_UNSPEC = iota
+ TCA_VLAN_TM
+ TCA_VLAN_PARMS
+ TCA_VLAN_PUSH_VLAN_ID
+ TCA_VLAN_PUSH_VLAN_PROTOCOL
+ TCA_VLAN_PAD
+ TCA_VLAN_PUSH_VLAN_PRIORITY
+ TCA_VLAN_PUSH_ETH_DST
+ TCA_VLAN_PUSH_ETH_SRC
+ TCA_VLAN_MAX
+)
+
+//struct tc_vlan {
+// tc_gen;
+// int v_action;
+//};
+
+type TcVlan struct {
+ TcGen
+ Action int32
+}
+
+func (msg *TcVlan) Len() int {
+ return SizeofTcVlan
+}
+
+func DeserializeTcVlan(b []byte) *TcVlan {
+ return (*TcVlan)(unsafe.Pointer(&b[0:SizeofTcVlan][0]))
+}
+
+func (x *TcVlan) Serialize() []byte {
+ return (*(*[SizeofTcVlan]byte)(unsafe.Pointer(x)))[:]
+}
+
const (
TCA_TUNNEL_KEY_UNSPEC = iota
TCA_TUNNEL_KEY_TM
@@ -1239,8 +1275,8 @@ const (
)
// /* TCA_PEDIT_KEY_EX_HDR_TYPE_NETWROK is a special case for legacy users. It
-// * means no specific header type - offset is relative to the network layer
-// */
+// - means no specific header type - offset is relative to the network layer
+// */
type PeditHeaderType uint16
const (
diff --git a/vendor/github.com/vishvananda/netlink/protinfo_linux.go b/vendor/github.com/vishvananda/netlink/protinfo_linux.go
index 1ba25d3cd4..aa51e3b470 100644
--- a/vendor/github.com/vishvananda/netlink/protinfo_linux.go
+++ b/vendor/github.com/vishvananda/netlink/protinfo_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"syscall"
@@ -8,10 +9,14 @@ import (
"golang.org/x/sys/unix"
)
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func LinkGetProtinfo(link Link) (Protinfo, error) {
return pkgHandle.LinkGetProtinfo(link)
}
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) {
base := link.Attrs()
h.ensureIndex(base)
@@ -19,9 +24,9 @@ func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) {
req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP)
msg := nl.NewIfInfomsg(unix.AF_BRIDGE)
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_ROUTE, 0)
- if err != nil {
- return pi, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, 0)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return pi, executeErr
}
for _, m := range msgs {
@@ -43,7 +48,7 @@ func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) {
}
pi = parseProtinfo(infos)
- return pi, nil
+ return pi, executeErr
}
}
return pi, fmt.Errorf("Device with index %d not found", base.Index)
diff --git a/vendor/github.com/vishvananda/netlink/qdisc_linux.go b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
index e732ae3bd6..22cf0e5825 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"io/ioutil"
"strconv"
@@ -338,6 +339,9 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error {
// QdiscList gets a list of qdiscs in the system.
// Equivalent to: `tc qdisc show`.
// The list can be filtered by link.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func QdiscList(link Link) ([]Qdisc, error) {
return pkgHandle.QdiscList(link)
}
@@ -345,6 +349,9 @@ func QdiscList(link Link) ([]Qdisc, error) {
// QdiscList gets a list of qdiscs in the system.
// Equivalent to: `tc qdisc show`.
// The list can be filtered by link.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
req := h.newNetlinkRequest(unix.RTM_GETQDISC, unix.NLM_F_DUMP)
index := int32(0)
@@ -359,9 +366,9 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
}
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWQDISC)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWQDISC)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res []Qdisc
@@ -497,7 +504,7 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
res = append(res, qdisc)
}
- return res, nil
+ return res, executeErr
}
func parsePfifoFastData(qdisc Qdisc, value []byte) error {
diff --git a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
index 036399db6b..9bb7507321 100644
--- a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
@@ -3,6 +3,7 @@ package netlink
import (
"bytes"
"encoding/binary"
+ "errors"
"fmt"
"net"
@@ -85,19 +86,25 @@ func execRdmaSetLink(req *nl.NetlinkRequest) error {
// RdmaLinkList gets a list of RDMA link devices.
// Equivalent to: `rdma dev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func RdmaLinkList() ([]*RdmaLink, error) {
return pkgHandle.RdmaLinkList()
}
// RdmaLinkList gets a list of RDMA link devices.
// Equivalent to: `rdma dev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) RdmaLinkList() ([]*RdmaLink, error) {
proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET)
req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP)
- msgs, err := req.Execute(unix.NETLINK_RDMA, 0)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_RDMA, 0)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res []*RdmaLink
@@ -109,17 +116,23 @@ func (h *Handle) RdmaLinkList() ([]*RdmaLink, error) {
res = append(res, link)
}
- return res, nil
+ return res, executeErr
}
// RdmaLinkByName finds a link by name and returns a pointer to the object if
// found and nil error, otherwise returns error code.
+//
+// If the returned error is [ErrDumpInterrupted], the result may be missing or
+// outdated and the caller should retry.
func RdmaLinkByName(name string) (*RdmaLink, error) {
return pkgHandle.RdmaLinkByName(name)
}
// RdmaLinkByName finds a link by name and returns a pointer to the object if
// found and nil error, otherwise returns error code.
+//
+// If the returned error is [ErrDumpInterrupted], the result may be missing or
+// outdated and the caller should retry.
func (h *Handle) RdmaLinkByName(name string) (*RdmaLink, error) {
links, err := h.RdmaLinkList()
if err != nil {
@@ -288,6 +301,8 @@ func RdmaLinkDel(name string) error {
}
// RdmaLinkDel deletes an rdma link.
+//
+// If the returned error is [ErrDumpInterrupted], the caller should retry.
func (h *Handle) RdmaLinkDel(name string) error {
link, err := h.RdmaLinkByName(name)
if err != nil {
@@ -307,6 +322,7 @@ func (h *Handle) RdmaLinkDel(name string) error {
// RdmaLinkAdd adds an rdma link for the specified type to the network device.
// Similar to: rdma link add NAME type TYPE netdev NETDEV
+//
// NAME - specifies the new name of the rdma link to add
// TYPE - specifies which rdma type to use. Link types:
// rxe - Soft RoCE driver
diff --git a/vendor/github.com/vishvananda/netlink/route_linux.go b/vendor/github.com/vishvananda/netlink/route_linux.go
index 0cd4f8363a..28a132a2f0 100644
--- a/vendor/github.com/vishvananda/netlink/route_linux.go
+++ b/vendor/github.com/vishvananda/netlink/route_linux.go
@@ -3,6 +3,7 @@ package netlink
import (
"bytes"
"encoding/binary"
+ "errors"
"fmt"
"net"
"strconv"
@@ -1163,6 +1164,9 @@ func (h *Handle) prepareRouteReq(route *Route, req *nl.NetlinkRequest, msg *nl.R
// RouteList gets a list of routes in the system.
// Equivalent to: `ip route show`.
// The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func RouteList(link Link, family int) ([]Route, error) {
return pkgHandle.RouteList(link, family)
}
@@ -1170,6 +1174,9 @@ func RouteList(link Link, family int) ([]Route, error) {
// RouteList gets a list of routes in the system.
// Equivalent to: `ip route show`.
// The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) RouteList(link Link, family int) ([]Route, error) {
routeFilter := &Route{}
if link != nil {
@@ -1188,6 +1195,9 @@ func RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, e
// RouteListFiltered gets a list of routes in the system filtered with specified rules.
// All rules must be defined in RouteFilter struct
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, error) {
var res []Route
err := h.RouteListFilteredIter(family, filter, filterMask, func(route Route) (cont bool) {
@@ -1202,17 +1212,22 @@ func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64)
// RouteListFilteredIter passes each route that matches the filter to the given iterator func. Iteration continues
// until all routes are loaded or the func returns false.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func RouteListFilteredIter(family int, filter *Route, filterMask uint64, f func(Route) (cont bool)) error {
return pkgHandle.RouteListFilteredIter(family, filter, filterMask, f)
}
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) RouteListFilteredIter(family int, filter *Route, filterMask uint64, f func(Route) (cont bool)) error {
req := h.newNetlinkRequest(unix.RTM_GETROUTE, unix.NLM_F_DUMP)
rtmsg := &nl.RtMsg{}
rtmsg.Family = uint8(family)
var parseErr error
- err := h.routeHandleIter(filter, req, rtmsg, func(m []byte) bool {
+ executeErr := h.routeHandleIter(filter, req, rtmsg, func(m []byte) bool {
msg := nl.DeserializeRtMsg(m)
if family != FAMILY_ALL && msg.Family != uint8(family) {
// Ignore routes not matching requested family
@@ -1270,13 +1285,13 @@ func (h *Handle) RouteListFilteredIter(family int, filter *Route, filterMask uin
}
return f(route)
})
- if err != nil {
- return err
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return executeErr
}
if parseErr != nil {
return parseErr
}
- return nil
+ return executeErr
}
// deserializeRoute decodes a binary netlink message into a Route struct
@@ -1684,6 +1699,10 @@ type RouteSubscribeOptions struct {
// RouteSubscribeWithOptions work like RouteSubscribe but enable to
// provide additional options to modify the behavior. Currently, the
// namespace can be provided as well as an error callback.
+//
+// When options.ListExisting is true, options.ErrorCallback may be
+// called with [ErrDumpInterrupted] to indicate that results from
+// the initial dump of links may be inconsistent or incomplete.
func RouteSubscribeWithOptions(ch chan<- RouteUpdate, done <-chan struct{}, options RouteSubscribeOptions) error {
if options.Namespace == nil {
none := netns.None()
@@ -1743,6 +1762,9 @@ func routeSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- RouteUpdate, done <
continue
}
for _, m := range msgs {
+ if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil {
+ cberr(ErrDumpInterrupted)
+ }
if m.Header.Type == unix.NLMSG_DONE {
continue
}
diff --git a/vendor/github.com/vishvananda/netlink/rule_linux.go b/vendor/github.com/vishvananda/netlink/rule_linux.go
index ddff99cfad..dba99147b2 100644
--- a/vendor/github.com/vishvananda/netlink/rule_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rule_linux.go
@@ -2,6 +2,7 @@ package netlink
import (
"bytes"
+ "errors"
"fmt"
"net"
@@ -183,12 +184,18 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
// RuleList lists rules in the system.
// Equivalent to: ip rule list
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func RuleList(family int) ([]Rule, error) {
return pkgHandle.RuleList(family)
}
// RuleList lists rules in the system.
// Equivalent to: ip rule list
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) RuleList(family int) ([]Rule, error) {
return h.RuleListFiltered(family, nil, 0)
}
@@ -196,20 +203,26 @@ func (h *Handle) RuleList(family int) ([]Rule, error) {
// RuleListFiltered gets a list of rules in the system filtered by the
// specified rule template `filter`.
// Equivalent to: ip rule list
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
return pkgHandle.RuleListFiltered(family, filter, filterMask)
}
// RuleListFiltered lists rules in the system.
// Equivalent to: ip rule list
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
req := h.newNetlinkRequest(unix.RTM_GETRULE, unix.NLM_F_DUMP|unix.NLM_F_REQUEST)
msg := nl.NewIfInfomsg(family)
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWRULE)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWRULE)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res = make([]Rule, 0)
@@ -306,7 +319,7 @@ func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) (
res = append(res, *rule)
}
- return res, nil
+ return res, executeErr
}
func (pr *RulePortRange) toRtAttrData() []byte {
diff --git a/vendor/github.com/vishvananda/netlink/socket_linux.go b/vendor/github.com/vishvananda/netlink/socket_linux.go
index 4eb4aeafbd..ebda532a88 100644
--- a/vendor/github.com/vishvananda/netlink/socket_linux.go
+++ b/vendor/github.com/vishvananda/netlink/socket_linux.go
@@ -157,6 +157,9 @@ func (u *UnixSocket) deserialize(b []byte) error {
}
// SocketGet returns the Socket identified by its local and remote addresses.
+//
+// If the returned error is [ErrDumpInterrupted], the search for a result may
+// be incomplete and the caller should retry.
func (h *Handle) SocketGet(local, remote net.Addr) (*Socket, error) {
var protocol uint8
var localIP, remoteIP net.IP
@@ -232,6 +235,9 @@ func (h *Handle) SocketGet(local, remote net.Addr) (*Socket, error) {
}
// SocketGet returns the Socket identified by its local and remote addresses.
+//
+// If the returned error is [ErrDumpInterrupted], the search for a result may
+// be incomplete and the caller should retry.
func SocketGet(local, remote net.Addr) (*Socket, error) {
return pkgHandle.SocketGet(local, remote)
}
@@ -283,6 +289,9 @@ func SocketDestroy(local, remote net.Addr) error {
}
// SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type and return with extension TCP info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) {
// Construct the request
req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
@@ -295,9 +304,9 @@ func (h *Handle) SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error)
// Do the query and parse the result
var result []*InetDiagTCPInfoResp
- var err error
- err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+ executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
sockInfo := &Socket{}
+ var err error
if err = sockInfo.deserialize(msg); err != nil {
return false
}
@@ -315,18 +324,24 @@ func (h *Handle) SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error)
return true
})
- if err != nil {
- return nil, err
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
- return result, nil
+ return result, executeErr
}
// SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type and return with extension TCP info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) {
return pkgHandle.SocketDiagTCPInfo(family)
}
// SocketDiagTCP requests INET_DIAG_INFO for TCP protocol for specified family type and return related socket.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) SocketDiagTCP(family uint8) ([]*Socket, error) {
// Construct the request
req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
@@ -339,27 +354,32 @@ func (h *Handle) SocketDiagTCP(family uint8) ([]*Socket, error) {
// Do the query and parse the result
var result []*Socket
- var err error
- err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+ executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
sockInfo := &Socket{}
- if err = sockInfo.deserialize(msg); err != nil {
+ if err := sockInfo.deserialize(msg); err != nil {
return false
}
result = append(result, sockInfo)
return true
})
- if err != nil {
- return nil, err
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
- return result, nil
+ return result, executeErr
}
// SocketDiagTCP requests INET_DIAG_INFO for TCP protocol for specified family type and return related socket.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func SocketDiagTCP(family uint8) ([]*Socket, error) {
return pkgHandle.SocketDiagTCP(family)
}
// SocketDiagUDPInfo requests INET_DIAG_INFO for UDP protocol for specified family type and return with extension info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error) {
// Construct the request
var extensions uint8
@@ -377,14 +397,14 @@ func (h *Handle) SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error)
// Do the query and parse the result
var result []*InetDiagUDPInfoResp
- var err error
- err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+ executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
sockInfo := &Socket{}
- if err = sockInfo.deserialize(msg); err != nil {
+ if err := sockInfo.deserialize(msg); err != nil {
return false
}
var attrs []syscall.NetlinkRouteAttr
+ var err error
if attrs, err = nl.ParseRouteAttr(msg[sizeofSocket:]); err != nil {
return false
}
@@ -397,18 +417,24 @@ func (h *Handle) SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error)
result = append(result, res)
return true
})
- if err != nil {
- return nil, err
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
- return result, nil
+ return result, executeErr
}
// SocketDiagUDPInfo requests INET_DIAG_INFO for UDP protocol for specified family type and return with extension info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error) {
return pkgHandle.SocketDiagUDPInfo(family)
}
// SocketDiagUDP requests INET_DIAG_INFO for UDP protocol for specified family type and return related socket.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) SocketDiagUDP(family uint8) ([]*Socket, error) {
// Construct the request
req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
@@ -421,27 +447,32 @@ func (h *Handle) SocketDiagUDP(family uint8) ([]*Socket, error) {
// Do the query and parse the result
var result []*Socket
- var err error
- err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+ executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
sockInfo := &Socket{}
- if err = sockInfo.deserialize(msg); err != nil {
+ if err := sockInfo.deserialize(msg); err != nil {
return false
}
result = append(result, sockInfo)
return true
})
- if err != nil {
- return nil, err
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
- return result, nil
+ return result, executeErr
}
// SocketDiagUDP requests INET_DIAG_INFO for UDP protocol for specified family type and return related socket.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func SocketDiagUDP(family uint8) ([]*Socket, error) {
return pkgHandle.SocketDiagUDP(family)
}
// UnixSocketDiagInfo requests UNIX_DIAG_INFO for unix sockets and return with extension info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
// Construct the request
var extensions uint8
@@ -456,10 +487,9 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
})
var result []*UnixDiagInfoResp
- var err error
- err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+ executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
sockInfo := &UnixSocket{}
- if err = sockInfo.deserialize(msg); err != nil {
+ if err := sockInfo.deserialize(msg); err != nil {
return false
}
@@ -469,7 +499,8 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
}
var attrs []syscall.NetlinkRouteAttr
- if attrs, err = nl.ParseRouteAttr(msg[sizeofSocket:]); err != nil {
+ var err error
+ if attrs, err = nl.ParseRouteAttr(msg[sizeofUnixSocket:]); err != nil {
return false
}
@@ -480,18 +511,24 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
result = append(result, res)
return true
})
- if err != nil {
- return nil, err
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
- return result, nil
+ return result, executeErr
}
// UnixSocketDiagInfo requests UNIX_DIAG_INFO for unix sockets and return with extension info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
return pkgHandle.UnixSocketDiagInfo()
}
// UnixSocketDiag requests UNIX_DIAG_INFO for unix sockets.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) UnixSocketDiag() ([]*UnixSocket, error) {
// Construct the request
req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
@@ -501,10 +538,9 @@ func (h *Handle) UnixSocketDiag() ([]*UnixSocket, error) {
})
var result []*UnixSocket
- var err error
- err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+ executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
sockInfo := &UnixSocket{}
- if err = sockInfo.deserialize(msg); err != nil {
+ if err := sockInfo.deserialize(msg); err != nil {
return false
}
@@ -514,13 +550,16 @@ func (h *Handle) UnixSocketDiag() ([]*UnixSocket, error) {
}
return true
})
- if err != nil {
- return nil, err
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
- return result, nil
+ return result, executeErr
}
// UnixSocketDiag requests UNIX_DIAG_INFO for unix sockets.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func UnixSocketDiag() ([]*UnixSocket, error) {
return pkgHandle.UnixSocketDiag()
}
diff --git a/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go b/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go
index 20c82f9c76..c1dd00a864 100644
--- a/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go
+++ b/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go
@@ -52,8 +52,10 @@ func (s *XDPSocket) deserialize(b []byte) error {
return nil
}
-// XDPSocketGet returns the XDP socket identified by its inode number and/or
+// SocketXDPGetInfo returns the XDP socket identified by its inode number and/or
// socket cookie. Specify the cookie as SOCK_ANY_COOKIE if
+//
+// If the returned error is [ErrDumpInterrupted], the caller should retry.
func SocketXDPGetInfo(ino uint32, cookie uint64) (*XDPDiagInfoResp, error) {
// We have a problem here: dumping AF_XDP sockets currently does not support
// filtering. We thus need to dump all XSKs and then only filter afterwards
@@ -85,6 +87,9 @@ func SocketXDPGetInfo(ino uint32, cookie uint64) (*XDPDiagInfoResp, error) {
}
// SocketDiagXDP requests XDP_DIAG_INFO for XDP family sockets.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func SocketDiagXDP() ([]*XDPDiagInfoResp, error) {
var result []*XDPDiagInfoResp
err := socketDiagXDPExecutor(func(m syscall.NetlinkMessage) error {
@@ -105,10 +110,10 @@ func SocketDiagXDP() ([]*XDPDiagInfoResp, error) {
result = append(result, res)
return nil
})
- if err != nil {
+ if err != nil && !errors.Is(err, ErrDumpInterrupted) {
return nil, err
}
- return result, nil
+ return result, err
}
// socketDiagXDPExecutor requests XDP_DIAG_INFO for XDP family sockets.
@@ -128,6 +133,7 @@ func socketDiagXDPExecutor(receiver func(syscall.NetlinkMessage) error) error {
return err
}
+ dumpIntr := false
loop:
for {
msgs, from, err := s.Receive()
@@ -142,6 +148,9 @@ loop:
}
for _, m := range msgs {
+ if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 {
+ dumpIntr = true
+ }
switch m.Header.Type {
case unix.NLMSG_DONE:
break loop
@@ -154,6 +163,9 @@ loop:
}
}
}
+ if dumpIntr {
+ return ErrDumpInterrupted
+ }
return nil
}
diff --git a/vendor/github.com/vishvananda/netlink/vdpa_linux.go b/vendor/github.com/vishvananda/netlink/vdpa_linux.go
index 7c15986d0f..c14877a295 100644
--- a/vendor/github.com/vishvananda/netlink/vdpa_linux.go
+++ b/vendor/github.com/vishvananda/netlink/vdpa_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"net"
"syscall"
@@ -118,6 +119,9 @@ func VDPADelDev(name string) error {
// VDPAGetDevList returns list of VDPA devices
// Equivalent to: `vdpa dev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func VDPAGetDevList() ([]*VDPADev, error) {
return pkgHandle.VDPAGetDevList()
}
@@ -130,6 +134,9 @@ func VDPAGetDevByName(name string) (*VDPADev, error) {
// VDPAGetDevConfigList returns list of VDPA devices configurations
// Equivalent to: `vdpa dev config show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func VDPAGetDevConfigList() ([]*VDPADevConfig, error) {
return pkgHandle.VDPAGetDevConfigList()
}
@@ -148,6 +155,9 @@ func VDPAGetDevVStats(name string, queueIndex uint32) (*VDPADevVStats, error) {
// VDPAGetMGMTDevList returns list of mgmt devices
// Equivalent to: `vdpa mgmtdev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func VDPAGetMGMTDevList() ([]*VDPAMGMTDev, error) {
return pkgHandle.VDPAGetMGMTDevList()
}
@@ -261,9 +271,9 @@ func (h *Handle) vdpaRequest(command uint8, extraFlags int, attrs []*nl.RtAttr)
req.AddData(a)
}
- resp, err := req.Execute(unix.NETLINK_GENERIC, 0)
- if err != nil {
- return nil, err
+ resp, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
messages := make([]vdpaNetlinkMessage, 0, len(resp))
for _, m := range resp {
@@ -273,10 +283,13 @@ func (h *Handle) vdpaRequest(command uint8, extraFlags int, attrs []*nl.RtAttr)
}
messages = append(messages, attrs)
}
- return messages, nil
+ return messages, executeErr
}
// dump all devices if dev is nil
+//
+// If dev is nil and the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) {
var extraFlags int
var attrs []*nl.RtAttr
@@ -285,9 +298,9 @@ func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) {
} else {
extraFlags = extraFlags | unix.NLM_F_DUMP
}
- messages, err := h.vdpaRequest(nl.VDPA_CMD_DEV_GET, extraFlags, attrs)
- if err != nil {
- return nil, err
+ messages, executeErr := h.vdpaRequest(nl.VDPA_CMD_DEV_GET, extraFlags, attrs)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
devs := make([]*VDPADev, 0, len(messages))
for _, m := range messages {
@@ -295,10 +308,13 @@ func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) {
d.parseAttributes(m)
devs = append(devs, d)
}
- return devs, nil
+ return devs, executeErr
}
// dump all devices if dev is nil
+//
+// If dev is nil, and the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) {
var extraFlags int
var attrs []*nl.RtAttr
@@ -307,9 +323,9 @@ func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) {
} else {
extraFlags = extraFlags | unix.NLM_F_DUMP
}
- messages, err := h.vdpaRequest(nl.VDPA_CMD_DEV_CONFIG_GET, extraFlags, attrs)
- if err != nil {
- return nil, err
+ messages, executeErr := h.vdpaRequest(nl.VDPA_CMD_DEV_CONFIG_GET, extraFlags, attrs)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
cfgs := make([]*VDPADevConfig, 0, len(messages))
for _, m := range messages {
@@ -317,10 +333,13 @@ func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) {
cfg.parseAttributes(m)
cfgs = append(cfgs, cfg)
}
- return cfgs, nil
+ return cfgs, executeErr
}
// dump all devices if dev is nil
+//
+// If dev is nil and the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) {
var extraFlags int
var attrs []*nl.RtAttr
@@ -336,9 +355,9 @@ func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) {
} else {
extraFlags = extraFlags | unix.NLM_F_DUMP
}
- messages, err := h.vdpaRequest(nl.VDPA_CMD_MGMTDEV_GET, extraFlags, attrs)
- if err != nil {
- return nil, err
+ messages, executeErr := h.vdpaRequest(nl.VDPA_CMD_MGMTDEV_GET, extraFlags, attrs)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
cfgs := make([]*VDPAMGMTDev, 0, len(messages))
for _, m := range messages {
@@ -346,7 +365,7 @@ func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) {
cfg.parseAttributes(m)
cfgs = append(cfgs, cfg)
}
- return cfgs, nil
+ return cfgs, executeErr
}
// VDPANewDev adds new VDPA device
@@ -385,6 +404,9 @@ func (h *Handle) VDPADelDev(name string) error {
// VDPAGetDevList returns list of VDPA devices
// Equivalent to: `vdpa dev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) VDPAGetDevList() ([]*VDPADev, error) {
return h.vdpaDevGet(nil)
}
@@ -404,6 +426,9 @@ func (h *Handle) VDPAGetDevByName(name string) (*VDPADev, error) {
// VDPAGetDevConfigList returns list of VDPA devices configurations
// Equivalent to: `vdpa dev config show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) VDPAGetDevConfigList() ([]*VDPADevConfig, error) {
return h.vdpaDevConfigGet(nil)
}
@@ -441,6 +466,9 @@ func (h *Handle) VDPAGetDevVStats(name string, queueIndex uint32) (*VDPADevVStat
// VDPAGetMGMTDevList returns list of mgmt devices
// Equivalent to: `vdpa mgmtdev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) VDPAGetMGMTDevList() ([]*VDPAMGMTDev, error) {
return h.vdpaMGMTDevGet(nil, nil)
}
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go
index d526739ceb..bf143a1b13 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"net"
@@ -215,6 +216,9 @@ func (h *Handle) XfrmPolicyDel(policy *XfrmPolicy) error {
// XfrmPolicyList gets a list of xfrm policies in the system.
// Equivalent to: `ip xfrm policy show`.
// The list can be filtered by ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func XfrmPolicyList(family int) ([]XfrmPolicy, error) {
return pkgHandle.XfrmPolicyList(family)
}
@@ -222,15 +226,18 @@ func XfrmPolicyList(family int) ([]XfrmPolicy, error) {
// XfrmPolicyList gets a list of xfrm policies in the system.
// Equivalent to: `ip xfrm policy show`.
// The list can be filtered by ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error) {
req := h.newNetlinkRequest(nl.XFRM_MSG_GETPOLICY, unix.NLM_F_DUMP)
msg := nl.NewIfInfomsg(family)
req.AddData(msg)
- msgs, err := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWPOLICY)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWPOLICY)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res []XfrmPolicy
@@ -243,7 +250,7 @@ func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error) {
return nil, err
}
}
- return res, nil
+ return res, executeErr
}
// XfrmPolicyGet gets a the policy described by the index or selector, if found.
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
index 554f2498c2..2f46146514 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "errors"
"fmt"
"net"
"time"
@@ -382,6 +383,9 @@ func (h *Handle) XfrmStateDel(state *XfrmState) error {
// XfrmStateList gets a list of xfrm states in the system.
// Equivalent to: `ip [-4|-6] xfrm state show`.
// The list can be filtered by ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func XfrmStateList(family int) ([]XfrmState, error) {
return pkgHandle.XfrmStateList(family)
}
@@ -389,12 +393,15 @@ func XfrmStateList(family int) ([]XfrmState, error) {
// XfrmStateList gets a list of xfrm states in the system.
// Equivalent to: `ip xfrm state show`.
// The list can be filtered by ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
func (h *Handle) XfrmStateList(family int) ([]XfrmState, error) {
req := h.newNetlinkRequest(nl.XFRM_MSG_GETSA, unix.NLM_F_DUMP)
- msgs, err := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWSA)
- if err != nil {
- return nil, err
+ msgs, executeErr := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWSA)
+ if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+ return nil, executeErr
}
var res []XfrmState
@@ -407,7 +414,7 @@ func (h *Handle) XfrmStateList(family int) ([]XfrmState, error) {
return nil, err
}
}
- return res, nil
+ return res, executeErr
}
// XfrmStateGet gets the xfrm state described by the ID, if found.
diff --git a/vendor/github.com/vishvananda/netns/.golangci.yml b/vendor/github.com/vishvananda/netns/.golangci.yml
index 600bef78e2..2b6988f286 100644
--- a/vendor/github.com/vishvananda/netns/.golangci.yml
+++ b/vendor/github.com/vishvananda/netns/.golangci.yml
@@ -1,2 +1,26 @@
+linters:
+ enable:
+ - errcheck
+ - errorlint
+ - gocritic
+ - gosec
+ - gosimple
+ - govet
+ - gci
+ - misspell
+ - nonamedreturns
+ - staticcheck
+ - unconvert
+ - unparam
+ - unused
+ - whitespace
+
+linters-settings:
+ gci:
+ sections:
+ - standard
+ - default
+ - prefix(github.com/vishvananda)
+
run:
timeout: 5m
diff --git a/vendor/github.com/vishvananda/netns/.yamllint.yml b/vendor/github.com/vishvananda/netns/.yamllint.yml
new file mode 100644
index 0000000000..1b2830cc99
--- /dev/null
+++ b/vendor/github.com/vishvananda/netns/.yamllint.yml
@@ -0,0 +1,9 @@
+---
+extends: default
+
+rules:
+ document-start: disable
+ line-length: disable
+ truthy:
+ ignore: |
+ .github/workflows/*.yml
diff --git a/vendor/github.com/vishvananda/netns/netns_linux.go b/vendor/github.com/vishvananda/netns/netns_linux.go
index 2ed7c7e2fa..51c8f4b869 100644
--- a/vendor/github.com/vishvananda/netns/netns_linux.go
+++ b/vendor/github.com/vishvananda/netns/netns_linux.go
@@ -26,19 +26,19 @@ const bindMountPath = "/run/netns" /* Bind mount path for named netns */
// Setns sets namespace using golang.org/x/sys/unix.Setns.
//
// Deprecated: Use golang.org/x/sys/unix.Setns instead.
-func Setns(ns NsHandle, nstype int) (err error) {
+func Setns(ns NsHandle, nstype int) error {
return unix.Setns(int(ns), nstype)
}
// Set sets the current network namespace to the namespace represented
// by NsHandle.
-func Set(ns NsHandle) (err error) {
+func Set(ns NsHandle) error {
return unix.Setns(int(ns), unix.CLONE_NEWNET)
}
// New creates a new network namespace, sets it as current and returns
// a handle to it.
-func New() (ns NsHandle, err error) {
+func New() (NsHandle, error) {
if err := unix.Unshare(unix.CLONE_NEWNET); err != nil {
return -1, err
}
@@ -49,7 +49,7 @@ func New() (ns NsHandle, err error) {
// and returns a handle to it
func NewNamed(name string) (NsHandle, error) {
if _, err := os.Stat(bindMountPath); os.IsNotExist(err) {
- err = os.MkdirAll(bindMountPath, 0755)
+ err = os.MkdirAll(bindMountPath, 0o755)
if err != nil {
return None(), err
}
@@ -62,7 +62,7 @@ func NewNamed(name string) (NsHandle, error) {
namedPath := path.Join(bindMountPath, name)
- f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0444)
+ f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0o444)
if err != nil {
newNs.Close()
return None(), err
@@ -217,11 +217,12 @@ func getPidForContainer(id string) (int, error) {
id += "*"
var pidFile string
- if cgroupVer == 1 {
+ switch cgroupVer {
+ case 1:
pidFile = "tasks"
- } else if cgroupVer == 2 {
+ case 2:
pidFile = "cgroup.procs"
- } else {
+ default:
return -1, fmt.Errorf("Invalid cgroup version '%d'", cgroupVer)
}
@@ -247,6 +248,10 @@ func getPidForContainer(id string) (int, error) {
filepath.Join(cgroupRoot, "kubepods.slice", "*.slice", "*", "docker-"+id+".scope", pidFile),
// Same as above but for Guaranteed QoS
filepath.Join(cgroupRoot, "kubepods.slice", "*", "docker-"+id+".scope", pidFile),
+ // Support for nerdctl
+ filepath.Join(cgroupRoot, "system.slice", "nerdctl-"+id+".scope", pidFile),
+ // Support for finch
+ filepath.Join(cgroupRoot, "..", "systemd", "finch", id, pidFile),
}
var filename string
@@ -276,7 +281,7 @@ func getPidForContainer(id string) (int, error) {
pid, err = strconv.Atoi(result[0])
if err != nil {
- return pid, fmt.Errorf("Invalid pid '%s': %s", result[0], err)
+ return pid, fmt.Errorf("Invalid pid '%s': %w", result[0], err)
}
return pid, nil
diff --git a/vendor/github.com/vishvananda/netns/netns_others.go b/vendor/github.com/vishvananda/netns/netns_others.go
index 0489837741..f444f6e77f 100644
--- a/vendor/github.com/vishvananda/netns/netns_others.go
+++ b/vendor/github.com/vishvananda/netns/netns_others.go
@@ -3,27 +3,23 @@
package netns
-import (
- "errors"
-)
+import "errors"
-var (
- ErrNotImplemented = errors.New("not implemented")
-)
+var ErrNotImplemented = errors.New("not implemented")
// Setns sets namespace using golang.org/x/sys/unix.Setns on Linux. It
// is not implemented on other platforms.
//
// Deprecated: Use golang.org/x/sys/unix.Setns instead.
-func Setns(ns NsHandle, nstype int) (err error) {
+func Setns(ns NsHandle, nstype int) error {
return ErrNotImplemented
}
-func Set(ns NsHandle) (err error) {
+func Set(ns NsHandle) error {
return ErrNotImplemented
}
-func New() (ns NsHandle, err error) {
+func New() (NsHandle, error) {
return -1, ErrNotImplemented
}
@@ -51,7 +47,7 @@ func GetFromPid(pid int) (NsHandle, error) {
return -1, ErrNotImplemented
}
-func GetFromThread(pid, tid int) (NsHandle, error) {
+func GetFromThread(pid int, tid int) (NsHandle, error) {
return -1, ErrNotImplemented
}
diff --git a/vendor/go.etcd.io/bbolt/.gitignore b/vendor/go.etcd.io/bbolt/.gitignore
index 9fa948ebf9..ed4d259db2 100644
--- a/vendor/go.etcd.io/bbolt/.gitignore
+++ b/vendor/go.etcd.io/bbolt/.gitignore
@@ -6,5 +6,7 @@ cover.out
cover-*.out
/.idea
*.iml
+/bbolt
/cmd/bbolt/bbolt
+.DS_Store
diff --git a/vendor/go.etcd.io/bbolt/.go-version b/vendor/go.etcd.io/bbolt/.go-version
index f124bfa155..d8c40e539c 100644
--- a/vendor/go.etcd.io/bbolt/.go-version
+++ b/vendor/go.etcd.io/bbolt/.go-version
@@ -1 +1 @@
-1.21.9
+1.23.6
diff --git a/vendor/go.etcd.io/bbolt/Makefile b/vendor/go.etcd.io/bbolt/Makefile
index 18154c6388..f5a6703a0b 100644
--- a/vendor/go.etcd.io/bbolt/Makefile
+++ b/vendor/go.etcd.io/bbolt/Makefile
@@ -1,6 +1,7 @@
BRANCH=`git rev-parse --abbrev-ref HEAD`
COMMIT=`git rev-parse --short HEAD`
GOLDFLAGS="-X main.branch $(BRANCH) -X main.commit $(COMMIT)"
+GOFILES = $(shell find . -name \*.go)
TESTFLAGS_RACE=-race=false
ifdef ENABLE_RACE
@@ -13,9 +14,26 @@ ifdef CPU
endif
TESTFLAGS = $(TESTFLAGS_RACE) $(TESTFLAGS_CPU) $(EXTRA_TESTFLAGS)
+TESTFLAGS_TIMEOUT=30m
+ifdef TIMEOUT
+ TESTFLAGS_TIMEOUT=$(TIMEOUT)
+endif
+
+TESTFLAGS_ENABLE_STRICT_MODE=false
+ifdef ENABLE_STRICT_MODE
+ TESTFLAGS_ENABLE_STRICT_MODE=$(ENABLE_STRICT_MODE)
+endif
+
+.EXPORT_ALL_VARIABLES:
+TEST_ENABLE_STRICT_MODE=${TESTFLAGS_ENABLE_STRICT_MODE}
+
.PHONY: fmt
fmt:
- !(gofmt -l -s -d $(shell find . -name \*.go) | grep '[a-z]')
+ @echo "Verifying gofmt, failures can be fixed with ./scripts/fix.sh"
+ @!(gofmt -l -s -d ${GOFILES} | grep '[a-z]')
+
+ @echo "Verifying goimports, failures can be fixed with ./scripts/fix.sh"
+ @!(go run golang.org/x/tools/cmd/goimports@latest -l -d ${GOFILES} | grep '[a-z]')
.PHONY: lint
lint:
@@ -24,29 +42,40 @@ lint:
.PHONY: test
test:
@echo "hashmap freelist test"
- TEST_FREELIST_TYPE=hashmap go test -v ${TESTFLAGS} -timeout 30m
- TEST_FREELIST_TYPE=hashmap go test -v ${TESTFLAGS} ./cmd/bbolt
+ BBOLT_VERIFY=all TEST_FREELIST_TYPE=hashmap go test -v ${TESTFLAGS} -timeout ${TESTFLAGS_TIMEOUT}
+ BBOLT_VERIFY=all TEST_FREELIST_TYPE=hashmap go test -v ${TESTFLAGS} ./internal/...
+ BBOLT_VERIFY=all TEST_FREELIST_TYPE=hashmap go test -v ${TESTFLAGS} ./cmd/bbolt
@echo "array freelist test"
- TEST_FREELIST_TYPE=array go test -v ${TESTFLAGS} -timeout 30m
- TEST_FREELIST_TYPE=array go test -v ${TESTFLAGS} ./cmd/bbolt
+ BBOLT_VERIFY=all TEST_FREELIST_TYPE=array go test -v ${TESTFLAGS} -timeout ${TESTFLAGS_TIMEOUT}
+ BBOLT_VERIFY=all TEST_FREELIST_TYPE=array go test -v ${TESTFLAGS} ./internal/...
+ BBOLT_VERIFY=all TEST_FREELIST_TYPE=array go test -v ${TESTFLAGS} ./cmd/bbolt
.PHONY: coverage
coverage:
@echo "hashmap freelist test"
- TEST_FREELIST_TYPE=hashmap go test -v -timeout 30m \
+ TEST_FREELIST_TYPE=hashmap go test -v -timeout ${TESTFLAGS_TIMEOUT} \
-coverprofile cover-freelist-hashmap.out -covermode atomic
@echo "array freelist test"
- TEST_FREELIST_TYPE=array go test -v -timeout 30m \
+ TEST_FREELIST_TYPE=array go test -v -timeout ${TESTFLAGS_TIMEOUT} \
-coverprofile cover-freelist-array.out -covermode atomic
+BOLT_CMD=bbolt
+
+build:
+ go build -o bin/${BOLT_CMD} ./cmd/${BOLT_CMD}
+
+.PHONY: clean
+clean: # Clean binaries
+ rm -f ./bin/${BOLT_CMD}
+
.PHONY: gofail-enable
gofail-enable: install-gofail
gofail enable .
.PHONY: gofail-disable
-gofail-disable:
+gofail-disable: install-gofail
gofail disable .
.PHONY: install-gofail
@@ -56,8 +85,24 @@ install-gofail:
.PHONY: test-failpoint
test-failpoint:
@echo "[failpoint] hashmap freelist test"
- TEST_FREELIST_TYPE=hashmap go test -v ${TESTFLAGS} -timeout 30m ./tests/failpoint
+ BBOLT_VERIFY=all TEST_FREELIST_TYPE=hashmap go test -v ${TESTFLAGS} -timeout 30m ./tests/failpoint
@echo "[failpoint] array freelist test"
- TEST_FREELIST_TYPE=array go test -v ${TESTFLAGS} -timeout 30m ./tests/failpoint
+ BBOLT_VERIFY=all TEST_FREELIST_TYPE=array go test -v ${TESTFLAGS} -timeout 30m ./tests/failpoint
+
+.PHONY: test-robustness # Running robustness tests requires root permission for now
+# TODO: Remove sudo once we fully migrate to the prow infrastructure
+test-robustness: gofail-enable build
+ sudo env PATH=$$PATH go test -v ${TESTFLAGS} ./tests/dmflakey -test.root
+ sudo env PATH=$(PWD)/bin:$$PATH go test -v ${TESTFLAGS} ${ROBUSTNESS_TESTFLAGS} ./tests/robustness -test.root
+
+.PHONY: test-benchmark-compare
+# Runs benchmark tests on the current git ref and the given REF, and compares
+# the two.
+test-benchmark-compare: install-benchstat
+ @git fetch
+ ./scripts/compare_benchmarks.sh $(REF)
+.PHONY: install-benchstat
+install-benchstat:
+ go install golang.org/x/perf/cmd/benchstat@latest
diff --git a/vendor/go.etcd.io/bbolt/OWNERS b/vendor/go.etcd.io/bbolt/OWNERS
new file mode 100644
index 0000000000..91f168a798
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/OWNERS
@@ -0,0 +1,10 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+ - ahrtr # Benjamin Wang
+ - serathius # Marek Siarkowicz
+ - ptabor # Piotr Tabor
+ - spzala # Sahdev Zala
+reviewers:
+ - fuweid # Wei Fu
+ - tjungblu # Thomas Jungblut
diff --git a/vendor/go.etcd.io/bbolt/README.md b/vendor/go.etcd.io/bbolt/README.md
index 495a93ef8f..f365e51e3e 100644
--- a/vendor/go.etcd.io/bbolt/README.md
+++ b/vendor/go.etcd.io/bbolt/README.md
@@ -1,10 +1,8 @@
bbolt
=====
-[](https://goreportcard.com/report/github.com/etcd-io/bbolt)
-[](https://codecov.io/gh/etcd-io/bbolt)
-[](https://travis-ci.com/etcd-io/bbolt)
-[](https://godoc.org/github.com/etcd-io/bbolt)
+[](https://goreportcard.com/report/go.etcd.io/bbolt)
+[](https://pkg.go.dev/go.etcd.io/bbolt)
[](https://github.com/etcd-io/bbolt/releases)
[](https://github.com/etcd-io/bbolt/blob/master/LICENSE)
@@ -71,13 +69,14 @@ New minor versions may add additional features to the API.
- [LMDB](#lmdb)
- [Caveats & Limitations](#caveats--limitations)
- [Reading the Source](#reading-the-source)
+ - [Known Issues](#known-issues)
- [Other Projects Using Bolt](#other-projects-using-bolt)
## Getting Started
### Installing
-To start using Bolt, install Go and run `go get`:
+To start using `bbolt`, install Go and run `go get`:
```sh
$ go get go.etcd.io/bbolt@latest
```
@@ -103,7 +102,7 @@ To use bbolt as an embedded key-value store, import as:
```go
import bolt "go.etcd.io/bbolt"
-db, err := bolt.Open(path, 0666, nil)
+db, err := bolt.Open(path, 0600, nil)
if err != nil {
return err
}
@@ -298,6 +297,17 @@ db.Update(func(tx *bolt.Tx) error {
})
```
+You can retrieve an existing bucket using the `Tx.Bucket()` function:
+```go
+db.Update(func(tx *bolt.Tx) error {
+ b := tx.Bucket([]byte("MyBucket"))
+ if b == nil {
+ return errors.New("bucket does not exist")
+ }
+ return nil
+})
+```
+
You can also create a bucket only if it doesn't exist by using the
`Tx.CreateBucketIfNotExists()` function. It's a common pattern to call this
function for all your top-level buckets after you open your database so you can
@@ -305,6 +315,17 @@ guarantee that they exist for future transactions.
To delete a bucket, simply call the `Tx.DeleteBucket()` function.
+You can also iterate over all existing top-level buckets with `Tx.ForEach()`:
+
+```go
+db.View(func(tx *bolt.Tx) error {
+ tx.ForEach(func(name []byte, b *bolt.Bucket) error {
+ fmt.Println(string(name))
+ return nil
+ })
+ return nil
+})
+```
### Using key/value pairs
@@ -336,7 +357,17 @@ exists then it will return its byte slice value. If it doesn't exist then it
will return `nil`. It's important to note that you can have a zero-length value
set to a key which is different than the key not existing.
-Use the `Bucket.Delete()` function to delete a key from the bucket.
+Use the `Bucket.Delete()` function to delete a key from the bucket:
+
+```go
+db.Update(func (tx *bolt.Tx) error {
+ b := tx.Bucket([]byte("MyBucket"))
+ err := b.Delete([]byte("answer"))
+ return err
+})
+```
+
+This will delete the key `answers` from the bucket `MyBucket`.
Please note that values returned from `Get()` are only valid while the
transaction is open. If you need to use a value outside of the transaction
@@ -654,7 +685,7 @@ uses a shared lock to allow multiple processes to read from the database but
it will block any processes from opening the database in read-write mode.
```go
-db, err := bolt.Open("my.db", 0666, &bolt.Options{ReadOnly: true})
+db, err := bolt.Open("my.db", 0600, &bolt.Options{ReadOnly: true})
if err != nil {
log.Fatal(err)
}
@@ -890,7 +921,7 @@ The best places to start are the main entry points into Bolt:
- `Bucket.Put()` - Writes a key/value pair into a bucket. After validating the
arguments, a cursor is used to traverse the B+tree to the page and position
- where they key & value will be written. Once the position is found, the bucket
+ where the key & value will be written. Once the position is found, the bucket
materializes the underlying page and the page's parent pages into memory as
"nodes". These nodes are where mutations occur during read-write transactions.
These changes get flushed to disk during commit.
@@ -919,6 +950,21 @@ The best places to start are the main entry points into Bolt:
If you have additional notes that could be helpful for others, please submit
them via pull request.
+## Known Issues
+
+- bbolt might run into data corruption issue on Linux when the feature
+ [ext4: fast commit](https://lwn.net/Articles/842385/), which was introduced in
+ linux kernel version v5.10, is enabled. The fixes to the issue were included in
+ linux kernel version v5.17, please refer to links below,
+
+ * [ext4: fast commit may miss tracking unwritten range during ftruncate](https://lore.kernel.org/linux-ext4/20211223032337.5198-3-yinxin.x@bytedance.com/)
+ * [ext4: fast commit may not fallback for ineligible commit](https://lore.kernel.org/lkml/202201091544.W5HHEXAp-lkp@intel.com/T/#ma0768815e4b5f671e9e451d578256ef9a76fe30e)
+ * [ext4 updates for 5.17](https://lore.kernel.org/lkml/YdyxjTFaLWif6BCM@mit.edu/)
+
+ Please also refer to the discussion in https://github.com/etcd-io/bbolt/issues/562.
+
+- Writing a value with a length of 0 will always result in reading back an empty `[]byte{}` value.
+ Please refer to [issues/726#issuecomment-2061694802](https://github.com/etcd-io/bbolt/issues/726#issuecomment-2061694802).
## Other Projects Using Bolt
@@ -934,13 +980,16 @@ Below is a list of public, open source projects that use Bolt:
* [BoltDbWeb](https://github.com/evnix/boltdbweb) - A web based GUI for BoltDB files.
* [BoltDB Viewer](https://github.com/zc310/rich_boltdb) - A BoltDB Viewer Can run on Windows、Linux、Android system.
* [bleve](http://www.blevesearch.com/) - A pure Go search engine similar to ElasticSearch that uses Bolt as the default storage backend.
+* [bstore](https://github.com/mjl-/bstore) - Database library storing Go values, with referential/unique/nonzero constraints, indices, automatic schema management with struct tags, and a query API.
* [btcwallet](https://github.com/btcsuite/btcwallet) - A bitcoin wallet.
* [buckets](https://github.com/joyrexus/buckets) - a bolt wrapper streamlining
simple tx and key scans.
+* [Buildkit](https://github.com/moby/buildkit) - concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
* [cayley](https://github.com/google/cayley) - Cayley is an open-source graph database using Bolt as optional backend.
* [ChainStore](https://github.com/pressly/chainstore) - Simple key-value interface to a variety of storage engines organized as a chain of operations.
* [🌰 Chestnut](https://github.com/jrapoport/chestnut) - Chestnut is encrypted storage for Go.
* [Consul](https://github.com/hashicorp/consul) - Consul is service discovery and configuration made easy. Distributed, highly available, and datacenter-aware.
+* [Containerd](https://github.com/containerd/containerd) - An open and reliable container runtime
* [DVID](https://github.com/janelia-flyem/dvid) - Added Bolt as optional storage engine and testing it against Basho-tuned leveldb.
* [dcrwallet](https://github.com/decred/dcrwallet) - A wallet for the Decred cryptocurrency.
* [drive](https://github.com/odeke-em/drive) - drive is an unofficial Google Drive command line client for \*NIX operating systems.
@@ -964,6 +1013,7 @@ Below is a list of public, open source projects that use Bolt:
* [MetricBase](https://github.com/msiebuhr/MetricBase) - Single-binary version of Graphite.
* [MuLiFS](https://github.com/dankomiocevic/mulifs) - Music Library Filesystem creates a filesystem to organise your music files.
* [NATS](https://github.com/nats-io/nats-streaming-server) - NATS Streaming uses bbolt for message and metadata storage.
+* [Portainer](https://github.com/portainer/portainer) - A lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments.
* [Prometheus Annotation Server](https://github.com/oliver006/prom_annotation_server) - Annotation server for PromDash & Prometheus service monitoring system.
* [Rain](https://github.com/cenkalti/rain) - BitTorrent client and library.
* [reef-pi](https://github.com/reef-pi/reef-pi) - reef-pi is an award winning, modular, DIY reef tank controller using easy to learn electronics based on a Raspberry Pi.
diff --git a/vendor/go.etcd.io/bbolt/bolt_unix_aix.go b/vendor/go.etcd.io/bbolt/bolt_aix.go
similarity index 99%
rename from vendor/go.etcd.io/bbolt/bolt_unix_aix.go
rename to vendor/go.etcd.io/bbolt/bolt_aix.go
index 6dea4294dc..4b424ed4c4 100644
--- a/vendor/go.etcd.io/bbolt/bolt_unix_aix.go
+++ b/vendor/go.etcd.io/bbolt/bolt_aix.go
@@ -1,5 +1,4 @@
//go:build aix
-// +build aix
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_android.go b/vendor/go.etcd.io/bbolt/bolt_android.go
new file mode 100644
index 0000000000..11890f0d70
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/bolt_android.go
@@ -0,0 +1,90 @@
+package bbolt
+
+import (
+ "fmt"
+ "syscall"
+ "time"
+ "unsafe"
+
+ "golang.org/x/sys/unix"
+)
+
+// flock acquires an advisory lock on a file descriptor.
+func flock(db *DB, exclusive bool, timeout time.Duration) error {
+ var t time.Time
+ if timeout != 0 {
+ t = time.Now()
+ }
+ fd := db.file.Fd()
+ var lockType int16
+ if exclusive {
+ lockType = syscall.F_WRLCK
+ } else {
+ lockType = syscall.F_RDLCK
+ }
+ for {
+ // Attempt to obtain an exclusive lock.
+ lock := syscall.Flock_t{Type: lockType}
+ err := syscall.FcntlFlock(fd, syscall.F_SETLK, &lock)
+ if err == nil {
+ return nil
+ } else if err != syscall.EAGAIN {
+ return err
+ }
+
+ // If we timed out then return an error.
+ if timeout != 0 && time.Since(t) > timeout-flockRetryTimeout {
+ return ErrTimeout
+ }
+
+ // Wait for a bit and try again.
+ time.Sleep(flockRetryTimeout)
+ }
+}
+
+// funlock releases an advisory lock on a file descriptor.
+func funlock(db *DB) error {
+ var lock syscall.Flock_t
+ lock.Start = 0
+ lock.Len = 0
+ lock.Type = syscall.F_UNLCK
+ lock.Whence = 0
+ return syscall.FcntlFlock(uintptr(db.file.Fd()), syscall.F_SETLK, &lock)
+}
+
+// mmap memory maps a DB's data file.
+func mmap(db *DB, sz int) error {
+ // Map the data file to memory.
+ b, err := unix.Mmap(int(db.file.Fd()), 0, sz, syscall.PROT_READ, syscall.MAP_SHARED|db.MmapFlags)
+ if err != nil {
+ return err
+ }
+
+ // Advise the kernel that the mmap is accessed randomly.
+ err = unix.Madvise(b, syscall.MADV_RANDOM)
+ if err != nil && err != syscall.ENOSYS {
+ // Ignore not implemented error in kernel because it still works.
+ return fmt.Errorf("madvise: %s", err)
+ }
+
+ // Save the original byte slice and convert to a byte array pointer.
+ db.dataref = b
+ db.data = (*[maxMapSize]byte)(unsafe.Pointer(&b[0]))
+ db.datasz = sz
+ return nil
+}
+
+// munmap unmaps a DB's data file from memory.
+func munmap(db *DB) error {
+ // Ignore the unmap if we have no mapped data.
+ if db.dataref == nil {
+ return nil
+ }
+
+ // Unmap using the original byte slice.
+ err := unix.Munmap(db.dataref)
+ db.dataref = nil
+ db.data = nil
+ db.datasz = 0
+ return err
+}
diff --git a/vendor/go.etcd.io/bbolt/bolt_arm64.go b/vendor/go.etcd.io/bbolt/bolt_arm64.go
index 447bc19733..2c67ab10cd 100644
--- a/vendor/go.etcd.io/bbolt/bolt_arm64.go
+++ b/vendor/go.etcd.io/bbolt/bolt_arm64.go
@@ -1,5 +1,4 @@
//go:build arm64
-// +build arm64
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_loong64.go b/vendor/go.etcd.io/bbolt/bolt_loong64.go
index 31c17c1d07..1ef2145c67 100644
--- a/vendor/go.etcd.io/bbolt/bolt_loong64.go
+++ b/vendor/go.etcd.io/bbolt/bolt_loong64.go
@@ -1,5 +1,4 @@
//go:build loong64
-// +build loong64
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_mips64x.go b/vendor/go.etcd.io/bbolt/bolt_mips64x.go
index a9385beb68..f28a0512a1 100644
--- a/vendor/go.etcd.io/bbolt/bolt_mips64x.go
+++ b/vendor/go.etcd.io/bbolt/bolt_mips64x.go
@@ -1,5 +1,4 @@
//go:build mips64 || mips64le
-// +build mips64 mips64le
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_mipsx.go b/vendor/go.etcd.io/bbolt/bolt_mipsx.go
index ed734ff7f3..708fccdc01 100644
--- a/vendor/go.etcd.io/bbolt/bolt_mipsx.go
+++ b/vendor/go.etcd.io/bbolt/bolt_mipsx.go
@@ -1,5 +1,4 @@
//go:build mips || mipsle
-// +build mips mipsle
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_ppc.go b/vendor/go.etcd.io/bbolt/bolt_ppc.go
index e403f57d8a..6a21cf33c7 100644
--- a/vendor/go.etcd.io/bbolt/bolt_ppc.go
+++ b/vendor/go.etcd.io/bbolt/bolt_ppc.go
@@ -1,5 +1,4 @@
//go:build ppc
-// +build ppc
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_ppc64.go b/vendor/go.etcd.io/bbolt/bolt_ppc64.go
index fcd86529f9..a32f246228 100644
--- a/vendor/go.etcd.io/bbolt/bolt_ppc64.go
+++ b/vendor/go.etcd.io/bbolt/bolt_ppc64.go
@@ -1,5 +1,4 @@
//go:build ppc64
-// +build ppc64
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_ppc64le.go b/vendor/go.etcd.io/bbolt/bolt_ppc64le.go
index 20234aca46..8fb60dddcb 100644
--- a/vendor/go.etcd.io/bbolt/bolt_ppc64le.go
+++ b/vendor/go.etcd.io/bbolt/bolt_ppc64le.go
@@ -1,5 +1,4 @@
//go:build ppc64le
-// +build ppc64le
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_riscv64.go b/vendor/go.etcd.io/bbolt/bolt_riscv64.go
index 060f30c73c..a63d26ab21 100644
--- a/vendor/go.etcd.io/bbolt/bolt_riscv64.go
+++ b/vendor/go.etcd.io/bbolt/bolt_riscv64.go
@@ -1,5 +1,4 @@
//go:build riscv64
-// +build riscv64
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_s390x.go b/vendor/go.etcd.io/bbolt/bolt_s390x.go
index 92d2755adb..749ea97e3a 100644
--- a/vendor/go.etcd.io/bbolt/bolt_s390x.go
+++ b/vendor/go.etcd.io/bbolt/bolt_s390x.go
@@ -1,5 +1,4 @@
//go:build s390x
-// +build s390x
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bolt_unix_solaris.go b/vendor/go.etcd.io/bbolt/bolt_solaris.go
similarity index 100%
rename from vendor/go.etcd.io/bbolt/bolt_unix_solaris.go
rename to vendor/go.etcd.io/bbolt/bolt_solaris.go
diff --git a/vendor/go.etcd.io/bbolt/bolt_unix.go b/vendor/go.etcd.io/bbolt/bolt_unix.go
index 757ae4d1a4..d1922c2d99 100644
--- a/vendor/go.etcd.io/bbolt/bolt_unix.go
+++ b/vendor/go.etcd.io/bbolt/bolt_unix.go
@@ -1,5 +1,4 @@
-//go:build !windows && !plan9 && !solaris && !aix
-// +build !windows,!plan9,!solaris,!aix
+//go:build !windows && !plan9 && !solaris && !aix && !android
package bbolt
@@ -10,6 +9,8 @@ import (
"unsafe"
"golang.org/x/sys/unix"
+
+ "go.etcd.io/bbolt/errors"
)
// flock acquires an advisory lock on a file descriptor.
@@ -36,7 +37,7 @@ func flock(db *DB, exclusive bool, timeout time.Duration) error {
// If we timed out then return an error.
if timeout != 0 && time.Since(t) > timeout-flockRetryTimeout {
- return ErrTimeout
+ return errors.ErrTimeout
}
// Wait for a bit and try again.
diff --git a/vendor/go.etcd.io/bbolt/bolt_windows.go b/vendor/go.etcd.io/bbolt/bolt_windows.go
index e5dde27454..ec21ecb85c 100644
--- a/vendor/go.etcd.io/bbolt/bolt_windows.go
+++ b/vendor/go.etcd.io/bbolt/bolt_windows.go
@@ -8,6 +8,8 @@ import (
"unsafe"
"golang.org/x/sys/windows"
+
+ "go.etcd.io/bbolt/errors"
)
// fdatasync flushes written data to a file descriptor.
@@ -42,7 +44,7 @@ func flock(db *DB, exclusive bool, timeout time.Duration) error {
// If we timed oumercit then return an error.
if timeout != 0 && time.Since(t) > timeout-flockRetryTimeout {
- return ErrTimeout
+ return errors.ErrTimeout
}
// Wait for a bit and try again.
@@ -70,7 +72,7 @@ func mmap(db *DB, sz int) error {
return fmt.Errorf("truncate: %s", err)
}
sizehi = uint32(sz >> 32)
- sizelo = uint32(sz) & 0xffffffff
+ sizelo = uint32(sz)
}
// Open a file mapping handle.
@@ -93,7 +95,7 @@ func mmap(db *DB, sz int) error {
}
// Convert to a byte array.
- db.data = ((*[maxMapSize]byte)(unsafe.Pointer(addr)))
+ db.data = (*[maxMapSize]byte)(unsafe.Pointer(addr))
db.datasz = sz
return nil
diff --git a/vendor/go.etcd.io/bbolt/boltsync_unix.go b/vendor/go.etcd.io/bbolt/boltsync_unix.go
index 81e09a5310..27face752e 100644
--- a/vendor/go.etcd.io/bbolt/boltsync_unix.go
+++ b/vendor/go.etcd.io/bbolt/boltsync_unix.go
@@ -1,5 +1,4 @@
//go:build !windows && !plan9 && !linux && !openbsd
-// +build !windows,!plan9,!linux,!openbsd
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/bucket.go b/vendor/go.etcd.io/bbolt/bucket.go
index f3533d3446..6371ace972 100644
--- a/vendor/go.etcd.io/bbolt/bucket.go
+++ b/vendor/go.etcd.io/bbolt/bucket.go
@@ -4,6 +4,9 @@ import (
"bytes"
"fmt"
"unsafe"
+
+ "go.etcd.io/bbolt/errors"
+ "go.etcd.io/bbolt/internal/common"
)
const (
@@ -14,8 +17,6 @@ const (
MaxValueSize = (1 << 31) - 2
)
-const bucketHeaderSize = int(unsafe.Sizeof(bucket{}))
-
const (
minFillPercent = 0.1
maxFillPercent = 1.0
@@ -27,12 +28,12 @@ const DefaultFillPercent = 0.5
// Bucket represents a collection of key/value pairs inside the database.
type Bucket struct {
- *bucket
- tx *Tx // the associated transaction
- buckets map[string]*Bucket // subbucket cache
- page *page // inline page reference
- rootNode *node // materialized node for the root page.
- nodes map[pgid]*node // node cache
+ *common.InBucket
+ tx *Tx // the associated transaction
+ buckets map[string]*Bucket // subbucket cache
+ page *common.Page // inline page reference
+ rootNode *node // materialized node for the root page.
+ nodes map[common.Pgid]*node // node cache
// Sets the threshold for filling nodes when they split. By default,
// the bucket will fill to 50% but it can be useful to increase this
@@ -42,21 +43,12 @@ type Bucket struct {
FillPercent float64
}
-// bucket represents the on-file representation of a bucket.
-// This is stored as the "value" of a bucket key. If the bucket is small enough,
-// then its root page can be stored inline in the "value", after the bucket
-// header. In the case of inline buckets, the "root" will be 0.
-type bucket struct {
- root pgid // page id of the bucket's root-level page
- sequence uint64 // monotonically incrementing, used by NextSequence()
-}
-
// newBucket returns a new bucket associated with a transaction.
func newBucket(tx *Tx) Bucket {
var b = Bucket{tx: tx, FillPercent: DefaultFillPercent}
if tx.writable {
b.buckets = make(map[string]*Bucket)
- b.nodes = make(map[pgid]*node)
+ b.nodes = make(map[common.Pgid]*node)
}
return b
}
@@ -67,8 +59,8 @@ func (b *Bucket) Tx() *Tx {
}
// Root returns the root of the bucket.
-func (b *Bucket) Root() pgid {
- return b.root
+func (b *Bucket) Root() common.Pgid {
+ return b.RootPage()
}
// Writable returns whether the bucket is writable.
@@ -105,7 +97,7 @@ func (b *Bucket) Bucket(name []byte) *Bucket {
k, v, flags := c.seek(name)
// Return nil if the key doesn't exist or it is not a bucket.
- if !bytes.Equal(name, k) || (flags&bucketLeafFlag) == 0 {
+ if !bytes.Equal(name, k) || (flags&common.BucketLeafFlag) == 0 {
return nil
}
@@ -125,8 +117,8 @@ func (b *Bucket) openBucket(value []byte) *Bucket {
// Unaligned access requires a copy to be made.
const unalignedMask = unsafe.Alignof(struct {
- bucket
- page
+ common.InBucket
+ common.Page
}{}) - 1
unaligned := uintptr(unsafe.Pointer(&value[0]))&unalignedMask != 0
if unaligned {
@@ -136,15 +128,15 @@ func (b *Bucket) openBucket(value []byte) *Bucket {
// If this is a writable transaction then we need to copy the bucket entry.
// Read-only transactions can point directly at the mmap entry.
if b.tx.writable && !unaligned {
- child.bucket = &bucket{}
- *child.bucket = *(*bucket)(unsafe.Pointer(&value[0]))
+ child.InBucket = &common.InBucket{}
+ *child.InBucket = *(*common.InBucket)(unsafe.Pointer(&value[0]))
} else {
- child.bucket = (*bucket)(unsafe.Pointer(&value[0]))
+ child.InBucket = (*common.InBucket)(unsafe.Pointer(&value[0]))
}
// Save a reference to the inline page if the bucket is inline.
- if child.root == 0 {
- child.page = (*page)(unsafe.Pointer(&value[bucketHeaderSize]))
+ if child.RootPage() == 0 {
+ child.page = (*common.Page)(unsafe.Pointer(&value[common.BucketHeaderSize]))
}
return &child
@@ -153,13 +145,23 @@ func (b *Bucket) openBucket(value []byte) *Bucket {
// CreateBucket creates a new bucket at the given key and returns the new bucket.
// Returns an error if the key already exists, if the bucket name is blank, or if the bucket name is too long.
// The bucket instance is only valid for the lifetime of the transaction.
-func (b *Bucket) CreateBucket(key []byte) (*Bucket, error) {
+func (b *Bucket) CreateBucket(key []byte) (rb *Bucket, err error) {
+ if lg := b.tx.db.Logger(); lg != discardLogger {
+ lg.Debugf("Creating bucket %q", key)
+ defer func() {
+ if err != nil {
+ lg.Errorf("Creating bucket %q failed: %v", key, err)
+ } else {
+ lg.Debugf("Creating bucket %q successfully", key)
+ }
+ }()
+ }
if b.tx.db == nil {
- return nil, ErrTxClosed
+ return nil, errors.ErrTxClosed
} else if !b.tx.writable {
- return nil, ErrTxNotWritable
+ return nil, errors.ErrTxNotWritable
} else if len(key) == 0 {
- return nil, ErrBucketNameRequired
+ return nil, errors.ErrBucketNameRequired
}
// Insert into node.
@@ -173,21 +175,21 @@ func (b *Bucket) CreateBucket(key []byte) (*Bucket, error) {
// Return an error if there is an existing key.
if bytes.Equal(newKey, k) {
- if (flags & bucketLeafFlag) != 0 {
- return nil, ErrBucketExists
+ if (flags & common.BucketLeafFlag) != 0 {
+ return nil, errors.ErrBucketExists
}
- return nil, ErrIncompatibleValue
+ return nil, errors.ErrIncompatibleValue
}
// Create empty, inline bucket.
var bucket = Bucket{
- bucket: &bucket{},
+ InBucket: &common.InBucket{},
rootNode: &node{isLeaf: true},
FillPercent: DefaultFillPercent,
}
var value = bucket.write()
- c.node().put(newKey, newKey, value, 0, bucketLeafFlag)
+ c.node().put(newKey, newKey, value, 0, common.BucketLeafFlag)
// Since subbuckets are not allowed on inline buckets, we need to
// dereference the inline page, if it exists. This will cause the bucket
@@ -200,39 +202,108 @@ func (b *Bucket) CreateBucket(key []byte) (*Bucket, error) {
// CreateBucketIfNotExists creates a new bucket if it doesn't already exist and returns a reference to it.
// Returns an error if the bucket name is blank, or if the bucket name is too long.
// The bucket instance is only valid for the lifetime of the transaction.
-func (b *Bucket) CreateBucketIfNotExists(key []byte) (*Bucket, error) {
- child, err := b.CreateBucket(key)
- if err == ErrBucketExists {
- return b.Bucket(key), nil
- } else if err != nil {
- return nil, err
+func (b *Bucket) CreateBucketIfNotExists(key []byte) (rb *Bucket, err error) {
+ if lg := b.tx.db.Logger(); lg != discardLogger {
+ lg.Debugf("Creating bucket if not exist %q", key)
+ defer func() {
+ if err != nil {
+ lg.Errorf("Creating bucket if not exist %q failed: %v", key, err)
+ } else {
+ lg.Debugf("Creating bucket if not exist %q successfully", key)
+ }
+ }()
+ }
+
+ if b.tx.db == nil {
+ return nil, errors.ErrTxClosed
+ } else if !b.tx.writable {
+ return nil, errors.ErrTxNotWritable
+ } else if len(key) == 0 {
+ return nil, errors.ErrBucketNameRequired
+ }
+
+ // Insert into node.
+ // Tip: Use a new variable `newKey` instead of reusing the existing `key` to prevent
+ // it from being marked as leaking, and accordingly cannot be allocated on stack.
+ newKey := cloneBytes(key)
+
+ if b.buckets != nil {
+ if child := b.buckets[string(newKey)]; child != nil {
+ return child, nil
+ }
+ }
+
+ // Move cursor to correct position.
+ c := b.Cursor()
+ k, v, flags := c.seek(newKey)
+
+ // Return an error if there is an existing non-bucket key.
+ if bytes.Equal(newKey, k) {
+ if (flags & common.BucketLeafFlag) != 0 {
+ var child = b.openBucket(v)
+ if b.buckets != nil {
+ b.buckets[string(newKey)] = child
+ }
+
+ return child, nil
+ }
+ return nil, errors.ErrIncompatibleValue
+ }
+
+ // Create empty, inline bucket.
+ var bucket = Bucket{
+ InBucket: &common.InBucket{},
+ rootNode: &node{isLeaf: true},
+ FillPercent: DefaultFillPercent,
}
- return child, nil
+ var value = bucket.write()
+
+ c.node().put(newKey, newKey, value, 0, common.BucketLeafFlag)
+
+ // Since subbuckets are not allowed on inline buckets, we need to
+ // dereference the inline page, if it exists. This will cause the bucket
+ // to be treated as a regular, non-inline bucket for the rest of the tx.
+ b.page = nil
+
+ return b.Bucket(newKey), nil
}
// DeleteBucket deletes a bucket at the given key.
// Returns an error if the bucket does not exist, or if the key represents a non-bucket value.
-func (b *Bucket) DeleteBucket(key []byte) error {
+func (b *Bucket) DeleteBucket(key []byte) (err error) {
+ if lg := b.tx.db.Logger(); lg != discardLogger {
+ lg.Debugf("Deleting bucket %q", key)
+ defer func() {
+ if err != nil {
+ lg.Errorf("Deleting bucket %q failed: %v", key, err)
+ } else {
+ lg.Debugf("Deleting bucket %q successfully", key)
+ }
+ }()
+ }
+
if b.tx.db == nil {
- return ErrTxClosed
+ return errors.ErrTxClosed
} else if !b.Writable() {
- return ErrTxNotWritable
+ return errors.ErrTxNotWritable
}
+ newKey := cloneBytes(key)
+
// Move cursor to correct position.
c := b.Cursor()
- k, _, flags := c.seek(key)
+ k, _, flags := c.seek(newKey)
// Return an error if bucket doesn't exist or is not a bucket.
- if !bytes.Equal(key, k) {
- return ErrBucketNotFound
- } else if (flags & bucketLeafFlag) == 0 {
- return ErrIncompatibleValue
+ if !bytes.Equal(newKey, k) {
+ return errors.ErrBucketNotFound
+ } else if (flags & common.BucketLeafFlag) == 0 {
+ return errors.ErrIncompatibleValue
}
// Recursively delete all child buckets.
- child := b.Bucket(key)
- err := child.ForEachBucket(func(k []byte) error {
+ child := b.Bucket(newKey)
+ err = child.ForEachBucket(func(k []byte) error {
if err := child.DeleteBucket(k); err != nil {
return fmt.Errorf("delete bucket: %s", err)
}
@@ -243,7 +314,7 @@ func (b *Bucket) DeleteBucket(key []byte) error {
}
// Remove cached copy.
- delete(b.buckets, string(key))
+ delete(b.buckets, string(newKey))
// Release all bucket pages to freelist.
child.nodes = nil
@@ -251,19 +322,119 @@ func (b *Bucket) DeleteBucket(key []byte) error {
child.free()
// Delete the node if we have a matching key.
- c.node().del(key)
+ c.node().del(newKey)
return nil
}
+// MoveBucket moves a sub-bucket from the source bucket to the destination bucket.
+// Returns an error if
+// 1. the sub-bucket cannot be found in the source bucket;
+// 2. or the key already exists in the destination bucket;
+// 3. or the key represents a non-bucket value;
+// 4. the source and destination buckets are the same.
+func (b *Bucket) MoveBucket(key []byte, dstBucket *Bucket) (err error) {
+ lg := b.tx.db.Logger()
+ if lg != discardLogger {
+ lg.Debugf("Moving bucket %q", key)
+ defer func() {
+ if err != nil {
+ lg.Errorf("Moving bucket %q failed: %v", key, err)
+ } else {
+ lg.Debugf("Moving bucket %q successfully", key)
+ }
+ }()
+ }
+
+ if b.tx.db == nil || dstBucket.tx.db == nil {
+ return errors.ErrTxClosed
+ } else if !b.Writable() || !dstBucket.Writable() {
+ return errors.ErrTxNotWritable
+ }
+
+ if b.tx.db.Path() != dstBucket.tx.db.Path() || b.tx != dstBucket.tx {
+ lg.Errorf("The source and target buckets are not in the same db file, source bucket in %s and target bucket in %s", b.tx.db.Path(), dstBucket.tx.db.Path())
+ return errors.ErrDifferentDB
+ }
+
+ newKey := cloneBytes(key)
+
+ // Move cursor to correct position.
+ c := b.Cursor()
+ k, v, flags := c.seek(newKey)
+
+ // Return an error if bucket doesn't exist or is not a bucket.
+ if !bytes.Equal(newKey, k) {
+ return errors.ErrBucketNotFound
+ } else if (flags & common.BucketLeafFlag) == 0 {
+ lg.Errorf("An incompatible key %s exists in the source bucket", newKey)
+ return errors.ErrIncompatibleValue
+ }
+
+ // Do nothing (return true directly) if the source bucket and the
+ // destination bucket are actually the same bucket.
+ if b == dstBucket || (b.RootPage() == dstBucket.RootPage() && b.RootPage() != 0) {
+ lg.Errorf("The source bucket (%s) and the target bucket (%s) are the same bucket", b, dstBucket)
+ return errors.ErrSameBuckets
+ }
+
+ // check whether the key already exists in the destination bucket
+ curDst := dstBucket.Cursor()
+ k, _, flags = curDst.seek(newKey)
+
+ // Return an error if there is an existing key in the destination bucket.
+ if bytes.Equal(newKey, k) {
+ if (flags & common.BucketLeafFlag) != 0 {
+ return errors.ErrBucketExists
+ }
+ lg.Errorf("An incompatible key %s exists in the target bucket", newKey)
+ return errors.ErrIncompatibleValue
+ }
+
+ // remove the sub-bucket from the source bucket
+ delete(b.buckets, string(newKey))
+ c.node().del(newKey)
+
+ // add te sub-bucket to the destination bucket
+ newValue := cloneBytes(v)
+ curDst.node().put(newKey, newKey, newValue, 0, common.BucketLeafFlag)
+
+ return nil
+}
+
+// Inspect returns the structure of the bucket.
+func (b *Bucket) Inspect() BucketStructure {
+ return b.recursivelyInspect([]byte("root"))
+}
+
+func (b *Bucket) recursivelyInspect(name []byte) BucketStructure {
+ bs := BucketStructure{Name: string(name)}
+
+ keyN := 0
+ c := b.Cursor()
+ for k, _, flags := c.first(); k != nil; k, _, flags = c.next() {
+ if flags&common.BucketLeafFlag != 0 {
+ childBucket := b.Bucket(k)
+ childBS := childBucket.recursivelyInspect(k)
+ bs.Children = append(bs.Children, childBS)
+ } else {
+ keyN++
+ }
+ }
+ bs.KeyN = keyN
+
+ return bs
+}
+
// Get retrieves the value for a key in the bucket.
// Returns a nil value if the key does not exist or if the key is a nested bucket.
// The returned value is only valid for the life of the transaction.
+// The returned memory is owned by bbolt and must never be modified; writing to this memory might corrupt the database.
func (b *Bucket) Get(key []byte) []byte {
k, v, flags := b.Cursor().seek(key)
// Return nil if this is a bucket.
- if (flags & bucketLeafFlag) != 0 {
+ if (flags & common.BucketLeafFlag) != 0 {
return nil
}
@@ -278,17 +449,27 @@ func (b *Bucket) Get(key []byte) []byte {
// If the key exist then its previous value will be overwritten.
// Supplied value must remain valid for the life of the transaction.
// Returns an error if the bucket was created from a read-only transaction, if the key is blank, if the key is too large, or if the value is too large.
-func (b *Bucket) Put(key []byte, value []byte) error {
+func (b *Bucket) Put(key []byte, value []byte) (err error) {
+ if lg := b.tx.db.Logger(); lg != discardLogger {
+ lg.Debugf("Putting key %q", key)
+ defer func() {
+ if err != nil {
+ lg.Errorf("Putting key %q failed: %v", key, err)
+ } else {
+ lg.Debugf("Putting key %q successfully", key)
+ }
+ }()
+ }
if b.tx.db == nil {
- return ErrTxClosed
+ return errors.ErrTxClosed
} else if !b.Writable() {
- return ErrTxNotWritable
+ return errors.ErrTxNotWritable
} else if len(key) == 0 {
- return ErrKeyRequired
+ return errors.ErrKeyRequired
} else if len(key) > MaxKeySize {
- return ErrKeyTooLarge
+ return errors.ErrKeyTooLarge
} else if int64(len(value)) > MaxValueSize {
- return ErrValueTooLarge
+ return errors.ErrValueTooLarge
}
// Insert into node.
@@ -301,8 +482,8 @@ func (b *Bucket) Put(key []byte, value []byte) error {
k, _, flags := c.seek(newKey)
// Return an error if there is an existing key with a bucket value.
- if bytes.Equal(newKey, k) && (flags&bucketLeafFlag) != 0 {
- return ErrIncompatibleValue
+ if bytes.Equal(newKey, k) && (flags&common.BucketLeafFlag) != 0 {
+ return errors.ErrIncompatibleValue
}
// gofail: var beforeBucketPut struct{}
@@ -315,11 +496,22 @@ func (b *Bucket) Put(key []byte, value []byte) error {
// Delete removes a key from the bucket.
// If the key does not exist then nothing is done and a nil error is returned.
// Returns an error if the bucket was created from a read-only transaction.
-func (b *Bucket) Delete(key []byte) error {
+func (b *Bucket) Delete(key []byte) (err error) {
+ if lg := b.tx.db.Logger(); lg != discardLogger {
+ lg.Debugf("Deleting key %q", key)
+ defer func() {
+ if err != nil {
+ lg.Errorf("Deleting key %q failed: %v", key, err)
+ } else {
+ lg.Debugf("Deleting key %q successfully", key)
+ }
+ }()
+ }
+
if b.tx.db == nil {
- return ErrTxClosed
+ return errors.ErrTxClosed
} else if !b.Writable() {
- return ErrTxNotWritable
+ return errors.ErrTxNotWritable
}
// Move cursor to correct position.
@@ -332,8 +524,8 @@ func (b *Bucket) Delete(key []byte) error {
}
// Return an error if there is already existing bucket value.
- if (flags & bucketLeafFlag) != 0 {
- return ErrIncompatibleValue
+ if (flags & common.BucketLeafFlag) != 0 {
+ return errors.ErrIncompatibleValue
}
// Delete the node if we have a matching key.
@@ -343,44 +535,46 @@ func (b *Bucket) Delete(key []byte) error {
}
// Sequence returns the current integer for the bucket without incrementing it.
-func (b *Bucket) Sequence() uint64 { return b.bucket.sequence }
+func (b *Bucket) Sequence() uint64 {
+ return b.InSequence()
+}
// SetSequence updates the sequence number for the bucket.
func (b *Bucket) SetSequence(v uint64) error {
if b.tx.db == nil {
- return ErrTxClosed
+ return errors.ErrTxClosed
} else if !b.Writable() {
- return ErrTxNotWritable
+ return errors.ErrTxNotWritable
}
// Materialize the root node if it hasn't been already so that the
// bucket will be saved during commit.
if b.rootNode == nil {
- _ = b.node(b.root, nil)
+ _ = b.node(b.RootPage(), nil)
}
// Set the sequence.
- b.bucket.sequence = v
+ b.SetInSequence(v)
return nil
}
// NextSequence returns an autoincrementing integer for the bucket.
func (b *Bucket) NextSequence() (uint64, error) {
if b.tx.db == nil {
- return 0, ErrTxClosed
+ return 0, errors.ErrTxClosed
} else if !b.Writable() {
- return 0, ErrTxNotWritable
+ return 0, errors.ErrTxNotWritable
}
// Materialize the root node if it hasn't been already so that the
// bucket will be saved during commit.
if b.rootNode == nil {
- _ = b.node(b.root, nil)
+ _ = b.node(b.RootPage(), nil)
}
// Increment and return the sequence.
- b.bucket.sequence++
- return b.bucket.sequence, nil
+ b.IncSequence()
+ return b.Sequence(), nil
}
// ForEach executes a function for each key/value pair in a bucket.
@@ -390,7 +584,7 @@ func (b *Bucket) NextSequence() (uint64, error) {
// the bucket; this will result in undefined behavior.
func (b *Bucket) ForEach(fn func(k, v []byte) error) error {
if b.tx.db == nil {
- return ErrTxClosed
+ return errors.ErrTxClosed
}
c := b.Cursor()
for k, v := c.First(); k != nil; k, v = c.Next() {
@@ -403,11 +597,11 @@ func (b *Bucket) ForEach(fn func(k, v []byte) error) error {
func (b *Bucket) ForEachBucket(fn func(k []byte) error) error {
if b.tx.db == nil {
- return ErrTxClosed
+ return errors.ErrTxClosed
}
c := b.Cursor()
for k, _, flags := c.first(); k != nil; k, _, flags = c.next() {
- if flags&bucketLeafFlag != 0 {
+ if flags&common.BucketLeafFlag != 0 {
if err := fn(k); err != nil {
return err
}
@@ -421,64 +615,64 @@ func (b *Bucket) Stats() BucketStats {
var s, subStats BucketStats
pageSize := b.tx.db.pageSize
s.BucketN += 1
- if b.root == 0 {
+ if b.RootPage() == 0 {
s.InlineBucketN += 1
}
- b.forEachPage(func(p *page, depth int, pgstack []pgid) {
- if (p.flags & leafPageFlag) != 0 {
- s.KeyN += int(p.count)
+ b.forEachPage(func(p *common.Page, depth int, pgstack []common.Pgid) {
+ if p.IsLeafPage() {
+ s.KeyN += int(p.Count())
// used totals the used bytes for the page
- used := pageHeaderSize
+ used := common.PageHeaderSize
- if p.count != 0 {
+ if p.Count() != 0 {
// If page has any elements, add all element headers.
- used += leafPageElementSize * uintptr(p.count-1)
+ used += common.LeafPageElementSize * uintptr(p.Count()-1)
// Add all element key, value sizes.
// The computation takes advantage of the fact that the position
// of the last element's key/value equals to the total of the sizes
// of all previous elements' keys and values.
// It also includes the last element's header.
- lastElement := p.leafPageElement(p.count - 1)
- used += uintptr(lastElement.pos + lastElement.ksize + lastElement.vsize)
+ lastElement := p.LeafPageElement(p.Count() - 1)
+ used += uintptr(lastElement.Pos() + lastElement.Ksize() + lastElement.Vsize())
}
- if b.root == 0 {
+ if b.RootPage() == 0 {
// For inlined bucket just update the inline stats
s.InlineBucketInuse += int(used)
} else {
// For non-inlined bucket update all the leaf stats
s.LeafPageN++
s.LeafInuse += int(used)
- s.LeafOverflowN += int(p.overflow)
+ s.LeafOverflowN += int(p.Overflow())
// Collect stats from sub-buckets.
// Do that by iterating over all element headers
// looking for the ones with the bucketLeafFlag.
- for i := uint16(0); i < p.count; i++ {
- e := p.leafPageElement(i)
- if (e.flags & bucketLeafFlag) != 0 {
+ for i := uint16(0); i < p.Count(); i++ {
+ e := p.LeafPageElement(i)
+ if (e.Flags() & common.BucketLeafFlag) != 0 {
// For any bucket element, open the element value
// and recursively call Stats on the contained bucket.
- subStats.Add(b.openBucket(e.value()).Stats())
+ subStats.Add(b.openBucket(e.Value()).Stats())
}
}
}
- } else if (p.flags & branchPageFlag) != 0 {
+ } else if p.IsBranchPage() {
s.BranchPageN++
- lastElement := p.branchPageElement(p.count - 1)
+ lastElement := p.BranchPageElement(p.Count() - 1)
// used totals the used bytes for the page
// Add header and all element headers.
- used := pageHeaderSize + (branchPageElementSize * uintptr(p.count-1))
+ used := common.PageHeaderSize + (common.BranchPageElementSize * uintptr(p.Count()-1))
// Add size of all keys and values.
// Again, use the fact that last element's position equals to
// the total of key, value sizes of all previous elements.
- used += uintptr(lastElement.pos + lastElement.ksize)
+ used += uintptr(lastElement.Pos() + lastElement.Ksize())
s.BranchInuse += int(used)
- s.BranchOverflowN += int(p.overflow)
+ s.BranchOverflowN += int(p.Overflow())
}
// Keep track of maximum page depth.
@@ -499,29 +693,29 @@ func (b *Bucket) Stats() BucketStats {
}
// forEachPage iterates over every page in a bucket, including inline pages.
-func (b *Bucket) forEachPage(fn func(*page, int, []pgid)) {
+func (b *Bucket) forEachPage(fn func(*common.Page, int, []common.Pgid)) {
// If we have an inline page then just use that.
if b.page != nil {
- fn(b.page, 0, []pgid{b.root})
+ fn(b.page, 0, []common.Pgid{b.RootPage()})
return
}
// Otherwise traverse the page hierarchy.
- b.tx.forEachPage(b.root, fn)
+ b.tx.forEachPage(b.RootPage(), fn)
}
// forEachPageNode iterates over every page (or node) in a bucket.
// This also includes inline pages.
-func (b *Bucket) forEachPageNode(fn func(*page, *node, int)) {
+func (b *Bucket) forEachPageNode(fn func(*common.Page, *node, int)) {
// If we have an inline page or root node then just use that.
if b.page != nil {
fn(b.page, nil, 0)
return
}
- b._forEachPageNode(b.root, 0, fn)
+ b._forEachPageNode(b.RootPage(), 0, fn)
}
-func (b *Bucket) _forEachPageNode(pgId pgid, depth int, fn func(*page, *node, int)) {
+func (b *Bucket) _forEachPageNode(pgId common.Pgid, depth int, fn func(*common.Page, *node, int)) {
var p, n = b.pageNode(pgId)
// Execute function.
@@ -529,16 +723,16 @@ func (b *Bucket) _forEachPageNode(pgId pgid, depth int, fn func(*page, *node, in
// Recursively loop over children.
if p != nil {
- if (p.flags & branchPageFlag) != 0 {
- for i := 0; i < int(p.count); i++ {
- elem := p.branchPageElement(uint16(i))
- b._forEachPageNode(elem.pgid, depth+1, fn)
+ if p.IsBranchPage() {
+ for i := 0; i < int(p.Count()); i++ {
+ elem := p.BranchPageElement(uint16(i))
+ b._forEachPageNode(elem.Pgid(), depth+1, fn)
}
}
} else {
if !n.isLeaf {
for _, inode := range n.inodes {
- b._forEachPageNode(inode.pgid, depth+1, fn)
+ b._forEachPageNode(inode.Pgid(), depth+1, fn)
}
}
}
@@ -561,9 +755,9 @@ func (b *Bucket) spill() error {
}
// Update the child bucket header in this bucket.
- value = make([]byte, unsafe.Sizeof(bucket{}))
- var bucket = (*bucket)(unsafe.Pointer(&value[0]))
- *bucket = *child.bucket
+ value = make([]byte, unsafe.Sizeof(common.InBucket{}))
+ var bucket = (*common.InBucket)(unsafe.Pointer(&value[0]))
+ *bucket = *child.InBucket
}
// Skip writing the bucket if there are no materialized nodes.
@@ -577,10 +771,10 @@ func (b *Bucket) spill() error {
if !bytes.Equal([]byte(name), k) {
panic(fmt.Sprintf("misplaced bucket header: %x -> %x", []byte(name), k))
}
- if flags&bucketLeafFlag == 0 {
+ if flags&common.BucketLeafFlag == 0 {
panic(fmt.Sprintf("unexpected bucket header flag: %x", flags))
}
- c.node().put([]byte(name), []byte(name), value, 0, bucketLeafFlag)
+ c.node().put([]byte(name), []byte(name), value, 0, common.BucketLeafFlag)
}
// Ignore if there's not a materialized root node.
@@ -595,16 +789,16 @@ func (b *Bucket) spill() error {
b.rootNode = b.rootNode.root()
// Update the root node for this bucket.
- if b.rootNode.pgid >= b.tx.meta.pgid {
- panic(fmt.Sprintf("pgid (%d) above high water mark (%d)", b.rootNode.pgid, b.tx.meta.pgid))
+ if b.rootNode.pgid >= b.tx.meta.Pgid() {
+ panic(fmt.Sprintf("pgid (%d) above high water mark (%d)", b.rootNode.pgid, b.tx.meta.Pgid()))
}
- b.root = b.rootNode.pgid
+ b.SetRootPage(b.rootNode.pgid)
return nil
}
// inlineable returns true if a bucket is small enough to be written inline
-// and if it contains no subbuckets. Otherwise returns false.
+// and if it contains no subbuckets. Otherwise, returns false.
func (b *Bucket) inlineable() bool {
var n = b.rootNode
@@ -615,11 +809,11 @@ func (b *Bucket) inlineable() bool {
// Bucket is not inlineable if it contains subbuckets or if it goes beyond
// our threshold for inline bucket size.
- var size = pageHeaderSize
+ var size = common.PageHeaderSize
for _, inode := range n.inodes {
- size += leafPageElementSize + uintptr(len(inode.key)) + uintptr(len(inode.value))
+ size += common.LeafPageElementSize + uintptr(len(inode.Key())) + uintptr(len(inode.Value()))
- if inode.flags&bucketLeafFlag != 0 {
+ if inode.Flags()&common.BucketLeafFlag != 0 {
return false
} else if size > b.maxInlineBucketSize() {
return false
@@ -638,14 +832,14 @@ func (b *Bucket) maxInlineBucketSize() uintptr {
func (b *Bucket) write() []byte {
// Allocate the appropriate size.
var n = b.rootNode
- var value = make([]byte, bucketHeaderSize+n.size())
+ var value = make([]byte, common.BucketHeaderSize+n.size())
// Write a bucket header.
- var bucket = (*bucket)(unsafe.Pointer(&value[0]))
- *bucket = *b.bucket
+ var bucket = (*common.InBucket)(unsafe.Pointer(&value[0]))
+ *bucket = *b.InBucket
// Convert byte slice to a fake page and write the root node.
- var p = (*page)(unsafe.Pointer(&value[bucketHeaderSize]))
+ var p = (*common.Page)(unsafe.Pointer(&value[common.BucketHeaderSize]))
n.write(p)
return value
@@ -662,8 +856,8 @@ func (b *Bucket) rebalance() {
}
// node creates a node from a page and associates it with a given parent.
-func (b *Bucket) node(pgId pgid, parent *node) *node {
- _assert(b.nodes != nil, "nodes map expected")
+func (b *Bucket) node(pgId common.Pgid, parent *node) *node {
+ common.Assert(b.nodes != nil, "nodes map expected")
// Retrieve node if it's already been created.
if n := b.nodes[pgId]; n != nil {
@@ -682,6 +876,12 @@ func (b *Bucket) node(pgId pgid, parent *node) *node {
var p = b.page
if p == nil {
p = b.tx.page(pgId)
+ } else {
+ // if p isn't nil, then it's an inline bucket.
+ // The pgId must be 0 in this case.
+ common.Verify(func() {
+ common.Assert(pgId == 0, "The page ID (%d) isn't 0 for an inline bucket", pgId)
+ })
}
// Read the page into the node and cache it.
@@ -696,19 +896,19 @@ func (b *Bucket) node(pgId pgid, parent *node) *node {
// free recursively frees all pages in the bucket.
func (b *Bucket) free() {
- if b.root == 0 {
+ if b.RootPage() == 0 {
return
}
var tx = b.tx
- b.forEachPageNode(func(p *page, n *node, _ int) {
+ b.forEachPageNode(func(p *common.Page, n *node, _ int) {
if p != nil {
- tx.db.freelist.free(tx.meta.txid, p)
+ tx.db.freelist.Free(tx.meta.Txid(), p)
} else {
n.free()
}
})
- b.root = 0
+ b.SetRootPage(0)
}
// dereference removes all references to the old mmap.
@@ -723,11 +923,11 @@ func (b *Bucket) dereference() {
}
// pageNode returns the in-memory node, if it exists.
-// Otherwise returns the underlying page.
-func (b *Bucket) pageNode(id pgid) (*page, *node) {
+// Otherwise, returns the underlying page.
+func (b *Bucket) pageNode(id common.Pgid) (*common.Page, *node) {
// Inline buckets have a fake page embedded in their value so treat them
// differently. We'll return the rootNode (if available) or the fake page.
- if b.root == 0 {
+ if b.RootPage() == 0 {
if id != 0 {
panic(fmt.Sprintf("inline bucket non-zero page access(2): %d != 0", id))
}
@@ -797,3 +997,9 @@ func cloneBytes(v []byte) []byte {
copy(clone, v)
return clone
}
+
+type BucketStructure struct {
+ Name string `json:"name"` // name of the bucket
+ KeyN int `json:"keyN"` // number of key/value pairs
+ Children []BucketStructure `json:"buckets,omitempty"` // child buckets
+}
diff --git a/vendor/go.etcd.io/bbolt/cursor.go b/vendor/go.etcd.io/bbolt/cursor.go
index bbfd92a9bc..0c1e28c106 100644
--- a/vendor/go.etcd.io/bbolt/cursor.go
+++ b/vendor/go.etcd.io/bbolt/cursor.go
@@ -4,6 +4,9 @@ import (
"bytes"
"fmt"
"sort"
+
+ "go.etcd.io/bbolt/errors"
+ "go.etcd.io/bbolt/internal/common"
)
// Cursor represents an iterator that can traverse over all key/value pairs in a bucket
@@ -30,9 +33,9 @@ func (c *Cursor) Bucket() *Bucket {
// If the bucket is empty then a nil key and value are returned.
// The returned key and value are only valid for the life of the transaction.
func (c *Cursor) First() (key []byte, value []byte) {
- _assert(c.bucket.tx.db != nil, "tx closed")
+ common.Assert(c.bucket.tx.db != nil, "tx closed")
k, v, flags := c.first()
- if (flags & uint32(bucketLeafFlag)) != 0 {
+ if (flags & uint32(common.BucketLeafFlag)) != 0 {
return k, nil
}
return k, v
@@ -40,7 +43,7 @@ func (c *Cursor) First() (key []byte, value []byte) {
func (c *Cursor) first() (key []byte, value []byte, flags uint32) {
c.stack = c.stack[:0]
- p, n := c.bucket.pageNode(c.bucket.root)
+ p, n := c.bucket.pageNode(c.bucket.RootPage())
c.stack = append(c.stack, elemRef{page: p, node: n, index: 0})
c.goToFirstElementOnTheStack()
@@ -51,7 +54,7 @@ func (c *Cursor) first() (key []byte, value []byte, flags uint32) {
}
k, v, flags := c.keyValue()
- if (flags & uint32(bucketLeafFlag)) != 0 {
+ if (flags & uint32(common.BucketLeafFlag)) != 0 {
return k, nil, flags
}
return k, v, flags
@@ -61,9 +64,9 @@ func (c *Cursor) first() (key []byte, value []byte, flags uint32) {
// If the bucket is empty then a nil key and value are returned.
// The returned key and value are only valid for the life of the transaction.
func (c *Cursor) Last() (key []byte, value []byte) {
- _assert(c.bucket.tx.db != nil, "tx closed")
+ common.Assert(c.bucket.tx.db != nil, "tx closed")
c.stack = c.stack[:0]
- p, n := c.bucket.pageNode(c.bucket.root)
+ p, n := c.bucket.pageNode(c.bucket.RootPage())
ref := elemRef{page: p, node: n}
ref.index = ref.count() - 1
c.stack = append(c.stack, ref)
@@ -80,7 +83,7 @@ func (c *Cursor) Last() (key []byte, value []byte) {
}
k, v, flags := c.keyValue()
- if (flags & uint32(bucketLeafFlag)) != 0 {
+ if (flags & uint32(common.BucketLeafFlag)) != 0 {
return k, nil
}
return k, v
@@ -90,9 +93,9 @@ func (c *Cursor) Last() (key []byte, value []byte) {
// If the cursor is at the end of the bucket then a nil key and value are returned.
// The returned key and value are only valid for the life of the transaction.
func (c *Cursor) Next() (key []byte, value []byte) {
- _assert(c.bucket.tx.db != nil, "tx closed")
+ common.Assert(c.bucket.tx.db != nil, "tx closed")
k, v, flags := c.next()
- if (flags & uint32(bucketLeafFlag)) != 0 {
+ if (flags & uint32(common.BucketLeafFlag)) != 0 {
return k, nil
}
return k, v
@@ -102,9 +105,9 @@ func (c *Cursor) Next() (key []byte, value []byte) {
// If the cursor is at the beginning of the bucket then a nil key and value are returned.
// The returned key and value are only valid for the life of the transaction.
func (c *Cursor) Prev() (key []byte, value []byte) {
- _assert(c.bucket.tx.db != nil, "tx closed")
+ common.Assert(c.bucket.tx.db != nil, "tx closed")
k, v, flags := c.prev()
- if (flags & uint32(bucketLeafFlag)) != 0 {
+ if (flags & uint32(common.BucketLeafFlag)) != 0 {
return k, nil
}
return k, v
@@ -115,7 +118,7 @@ func (c *Cursor) Prev() (key []byte, value []byte) {
// follow, a nil key is returned.
// The returned key and value are only valid for the life of the transaction.
func (c *Cursor) Seek(seek []byte) (key []byte, value []byte) {
- _assert(c.bucket.tx.db != nil, "tx closed")
+ common.Assert(c.bucket.tx.db != nil, "tx closed")
k, v, flags := c.seek(seek)
@@ -126,7 +129,7 @@ func (c *Cursor) Seek(seek []byte) (key []byte, value []byte) {
if k == nil {
return nil, nil
- } else if (flags & uint32(bucketLeafFlag)) != 0 {
+ } else if (flags & uint32(common.BucketLeafFlag)) != 0 {
return k, nil
}
return k, v
@@ -136,15 +139,15 @@ func (c *Cursor) Seek(seek []byte) (key []byte, value []byte) {
// Delete fails if current key/value is a bucket or if the transaction is not writable.
func (c *Cursor) Delete() error {
if c.bucket.tx.db == nil {
- return ErrTxClosed
+ return errors.ErrTxClosed
} else if !c.bucket.Writable() {
- return ErrTxNotWritable
+ return errors.ErrTxNotWritable
}
key, _, flags := c.keyValue()
// Return an error if current value is a bucket.
- if (flags & bucketLeafFlag) != 0 {
- return ErrIncompatibleValue
+ if (flags & common.BucketLeafFlag) != 0 {
+ return errors.ErrIncompatibleValue
}
c.node().del(key)
@@ -156,7 +159,7 @@ func (c *Cursor) Delete() error {
func (c *Cursor) seek(seek []byte) (key []byte, value []byte, flags uint32) {
// Start from root page/node and traverse to correct page.
c.stack = c.stack[:0]
- c.search(seek, c.bucket.root)
+ c.search(seek, c.bucket.RootPage())
// If this is a bucket then return a nil value.
return c.keyValue()
@@ -172,11 +175,11 @@ func (c *Cursor) goToFirstElementOnTheStack() {
}
// Keep adding pages pointing to the first element to the stack.
- var pgId pgid
+ var pgId common.Pgid
if ref.node != nil {
- pgId = ref.node.inodes[ref.index].pgid
+ pgId = ref.node.inodes[ref.index].Pgid()
} else {
- pgId = ref.page.branchPageElement(uint16(ref.index)).pgid
+ pgId = ref.page.BranchPageElement(uint16(ref.index)).Pgid()
}
p, n := c.bucket.pageNode(pgId)
c.stack = append(c.stack, elemRef{page: p, node: n, index: 0})
@@ -193,11 +196,11 @@ func (c *Cursor) last() {
}
// Keep adding pages pointing to the last element in the stack.
- var pgId pgid
+ var pgId common.Pgid
if ref.node != nil {
- pgId = ref.node.inodes[ref.index].pgid
+ pgId = ref.node.inodes[ref.index].Pgid()
} else {
- pgId = ref.page.branchPageElement(uint16(ref.index)).pgid
+ pgId = ref.page.BranchPageElement(uint16(ref.index)).Pgid()
}
p, n := c.bucket.pageNode(pgId)
@@ -277,10 +280,10 @@ func (c *Cursor) prev() (key []byte, value []byte, flags uint32) {
}
// search recursively performs a binary search against a given page/node until it finds a given key.
-func (c *Cursor) search(key []byte, pgId pgid) {
+func (c *Cursor) search(key []byte, pgId common.Pgid) {
p, n := c.bucket.pageNode(pgId)
- if p != nil && (p.flags&(branchPageFlag|leafPageFlag)) == 0 {
- panic(fmt.Sprintf("invalid page type: %d: %x", p.id, p.flags))
+ if p != nil && !p.IsBranchPage() && !p.IsLeafPage() {
+ panic(fmt.Sprintf("invalid page type: %d: %x", p.Id(), p.Flags()))
}
e := elemRef{page: p, node: n}
c.stack = append(c.stack, e)
@@ -303,7 +306,7 @@ func (c *Cursor) searchNode(key []byte, n *node) {
index := sort.Search(len(n.inodes), func(i int) bool {
// TODO(benbjohnson): Optimize this range search. It's a bit hacky right now.
// sort.Search() finds the lowest index where f() != -1 but we need the highest index.
- ret := bytes.Compare(n.inodes[i].key, key)
+ ret := bytes.Compare(n.inodes[i].Key(), key)
if ret == 0 {
exact = true
}
@@ -315,18 +318,18 @@ func (c *Cursor) searchNode(key []byte, n *node) {
c.stack[len(c.stack)-1].index = index
// Recursively search to the next page.
- c.search(key, n.inodes[index].pgid)
+ c.search(key, n.inodes[index].Pgid())
}
-func (c *Cursor) searchPage(key []byte, p *page) {
+func (c *Cursor) searchPage(key []byte, p *common.Page) {
// Binary search for the correct range.
- inodes := p.branchPageElements()
+ inodes := p.BranchPageElements()
var exact bool
- index := sort.Search(int(p.count), func(i int) bool {
+ index := sort.Search(int(p.Count()), func(i int) bool {
// TODO(benbjohnson): Optimize this range search. It's a bit hacky right now.
// sort.Search() finds the lowest index where f() != -1 but we need the highest index.
- ret := bytes.Compare(inodes[i].key(), key)
+ ret := bytes.Compare(inodes[i].Key(), key)
if ret == 0 {
exact = true
}
@@ -338,7 +341,7 @@ func (c *Cursor) searchPage(key []byte, p *page) {
c.stack[len(c.stack)-1].index = index
// Recursively search to the next page.
- c.search(key, inodes[index].pgid)
+ c.search(key, inodes[index].Pgid())
}
// nsearch searches the leaf node on the top of the stack for a key.
@@ -349,16 +352,16 @@ func (c *Cursor) nsearch(key []byte) {
// If we have a node then search its inodes.
if n != nil {
index := sort.Search(len(n.inodes), func(i int) bool {
- return bytes.Compare(n.inodes[i].key, key) != -1
+ return bytes.Compare(n.inodes[i].Key(), key) != -1
})
e.index = index
return
}
// If we have a page then search its leaf elements.
- inodes := p.leafPageElements()
- index := sort.Search(int(p.count), func(i int) bool {
- return bytes.Compare(inodes[i].key(), key) != -1
+ inodes := p.LeafPageElements()
+ index := sort.Search(int(p.Count()), func(i int) bool {
+ return bytes.Compare(inodes[i].Key(), key) != -1
})
e.index = index
}
@@ -375,17 +378,17 @@ func (c *Cursor) keyValue() ([]byte, []byte, uint32) {
// Retrieve value from node.
if ref.node != nil {
inode := &ref.node.inodes[ref.index]
- return inode.key, inode.value, inode.flags
+ return inode.Key(), inode.Value(), inode.Flags()
}
// Or retrieve value from page.
- elem := ref.page.leafPageElement(uint16(ref.index))
- return elem.key(), elem.value(), elem.flags
+ elem := ref.page.LeafPageElement(uint16(ref.index))
+ return elem.Key(), elem.Value(), elem.Flags()
}
// node returns the node that the cursor is currently positioned on.
func (c *Cursor) node() *node {
- _assert(len(c.stack) > 0, "accessing a node with a zero-length cursor stack")
+ common.Assert(len(c.stack) > 0, "accessing a node with a zero-length cursor stack")
// If the top of the stack is a leaf node then just return it.
if ref := &c.stack[len(c.stack)-1]; ref.node != nil && ref.isLeaf() {
@@ -395,19 +398,19 @@ func (c *Cursor) node() *node {
// Start from root and traverse down the hierarchy.
var n = c.stack[0].node
if n == nil {
- n = c.bucket.node(c.stack[0].page.id, nil)
+ n = c.bucket.node(c.stack[0].page.Id(), nil)
}
for _, ref := range c.stack[:len(c.stack)-1] {
- _assert(!n.isLeaf, "expected branch node")
+ common.Assert(!n.isLeaf, "expected branch node")
n = n.childAt(ref.index)
}
- _assert(n.isLeaf, "expected leaf node")
+ common.Assert(n.isLeaf, "expected leaf node")
return n
}
// elemRef represents a reference to an element on a given page/node.
type elemRef struct {
- page *page
+ page *common.Page
node *node
index int
}
@@ -417,7 +420,7 @@ func (r *elemRef) isLeaf() bool {
if r.node != nil {
return r.node.isLeaf
}
- return (r.page.flags & leafPageFlag) != 0
+ return r.page.IsLeafPage()
}
// count returns the number of inodes or page elements.
@@ -425,5 +428,5 @@ func (r *elemRef) count() int {
if r.node != nil {
return len(r.node.inodes)
}
- return int(r.page.count)
+ return int(r.page.Count())
}
diff --git a/vendor/go.etcd.io/bbolt/db.go b/vendor/go.etcd.io/bbolt/db.go
index 4175bdf3dd..5c1947e998 100644
--- a/vendor/go.etcd.io/bbolt/db.go
+++ b/vendor/go.etcd.io/bbolt/db.go
@@ -3,49 +3,28 @@ package bbolt
import (
"errors"
"fmt"
- "hash/fnv"
"io"
"os"
"runtime"
- "sort"
"sync"
"time"
"unsafe"
-)
-
-// The largest step that can be taken when remapping the mmap.
-const maxMmapStep = 1 << 30 // 1GB
-
-// The data file format version.
-const version = 2
-
-// Represents a marker value to indicate that a file is a Bolt DB.
-const magic uint32 = 0xED0CDAED
-
-const pgidNoFreelist pgid = 0xffffffffffffffff
-
-// IgnoreNoSync specifies whether the NoSync field of a DB is ignored when
-// syncing changes to a file. This is required as some operating systems,
-// such as OpenBSD, do not have a unified buffer cache (UBC) and writes
-// must be synchronized using the msync(2) syscall.
-const IgnoreNoSync = runtime.GOOS == "openbsd"
-// Default values if not set in a DB instance.
-const (
- DefaultMaxBatchSize int = 1000
- DefaultMaxBatchDelay = 10 * time.Millisecond
- DefaultAllocSize = 16 * 1024 * 1024
+ berrors "go.etcd.io/bbolt/errors"
+ "go.etcd.io/bbolt/internal/common"
+ fl "go.etcd.io/bbolt/internal/freelist"
)
-// default page size for db is set to the OS page size.
-var defaultPageSize = os.Getpagesize()
-
// The time elapsed between consecutive file locking attempts.
const flockRetryTimeout = 50 * time.Millisecond
// FreelistType is the type of the freelist backend
type FreelistType string
+// TODO(ahrtr): eventually we should (step by step)
+// 1. default to `FreelistMapType`;
+// 2. remove the `FreelistArrayType`, do not export `FreelistMapType`
+// and remove field `FreelistType' from both `DB` and `Options`;
const (
// FreelistArrayType indicates backend freelist type is array
FreelistArrayType = FreelistType("array")
@@ -137,6 +116,8 @@ type DB struct {
// Supported only on Unix via mlock/munlock syscalls.
Mlock bool
+ logger Logger
+
path string
openFile func(string, int, os.FileMode) (*os.File, error)
file *os.File
@@ -146,15 +127,14 @@ type DB struct {
dataref []byte // mmap'ed readonly, write throws SEGV
data *[maxMapSize]byte
datasz int
- filesz int // current on disk file size
- meta0 *meta
- meta1 *meta
+ meta0 *common.Meta
+ meta1 *common.Meta
pageSize int
opened bool
rwtx *Tx
txs []*Tx
- freelist *freelist
+ freelist fl.Interface
freelistLoad sync.Once
pagePool sync.Pool
@@ -191,13 +171,15 @@ func (db *DB) String() string {
return fmt.Sprintf("DB<%q>", db.path)
}
-// Open creates and opens a database at the given path.
-// If the file does not exist then it will be created automatically.
+// Open creates and opens a database at the given path with a given file mode.
+// If the file does not exist then it will be created automatically with a given file mode.
// Passing in nil options will cause Bolt to open the database with the default options.
-func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
- db := &DB{
+// Note: For read/write transactions, ensure the owner has write permission on the created/opened database file, e.g. 0600
+func Open(path string, mode os.FileMode, options *Options) (db *DB, err error) {
+ db = &DB{
opened: true,
}
+
// Set default options if no options are provided.
if options == nil {
options = DefaultOptions
@@ -211,9 +193,27 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
db.Mlock = options.Mlock
// Set default values for later DB operations.
- db.MaxBatchSize = DefaultMaxBatchSize
- db.MaxBatchDelay = DefaultMaxBatchDelay
- db.AllocSize = DefaultAllocSize
+ db.MaxBatchSize = common.DefaultMaxBatchSize
+ db.MaxBatchDelay = common.DefaultMaxBatchDelay
+ db.AllocSize = common.DefaultAllocSize
+
+ if options.Logger == nil {
+ db.logger = getDiscardLogger()
+ } else {
+ db.logger = options.Logger
+ }
+
+ lg := db.Logger()
+ if lg != discardLogger {
+ lg.Infof("Opening db file (%s) with mode %s and with options: %s", path, mode, options)
+ defer func() {
+ if err != nil {
+ lg.Errorf("Opening bbolt db (%s) failed: %v", path, err)
+ } else {
+ lg.Infof("Opening bbolt db (%s) successfully", path)
+ }
+ }()
+ }
flag := os.O_RDWR
if options.ReadOnly {
@@ -222,6 +222,7 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
} else {
// always load free pages in write mode
db.PreLoadFreelist = true
+ flag |= os.O_CREATE
}
db.openFile = options.OpenFile
@@ -230,9 +231,9 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
}
// Open data file and separate sync handler for metadata writes.
- var err error
- if db.file, err = db.openFile(path, flag|os.O_CREATE, mode); err != nil {
+ if db.file, err = db.openFile(path, flag, mode); err != nil {
_ = db.close()
+ lg.Errorf("failed to open db file (%s): %v", path, err)
return nil, err
}
db.path = db.file.Name()
@@ -244,8 +245,9 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
// if !options.ReadOnly.
// The database file is locked using the shared lock (more than one process may
// hold a lock at the same time) otherwise (options.ReadOnly is set).
- if err := flock(db, !db.readOnly, options.Timeout); err != nil {
+ if err = flock(db, !db.readOnly, options.Timeout); err != nil {
_ = db.close()
+ lg.Errorf("failed to lock db file (%s), readonly: %t, error: %v", path, db.readOnly, err)
return nil, err
}
@@ -254,27 +256,28 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
if db.pageSize = options.PageSize; db.pageSize == 0 {
// Set the default page size to the OS page size.
- db.pageSize = defaultPageSize
+ db.pageSize = common.DefaultPageSize
}
// Initialize the database if it doesn't exist.
- if info, err := db.file.Stat(); err != nil {
+ if info, statErr := db.file.Stat(); statErr != nil {
_ = db.close()
- return nil, err
+ lg.Errorf("failed to get db file's stats (%s): %v", path, err)
+ return nil, statErr
} else if info.Size() == 0 {
// Initialize new files with meta pages.
- if err := db.init(); err != nil {
+ if err = db.init(); err != nil {
// clean up file descriptor on initialization fail
_ = db.close()
+ lg.Errorf("failed to initialize db file (%s): %v", path, err)
return nil, err
}
} else {
// try to get the page size from the metadata pages
- if pgSize, err := db.getPageSize(); err == nil {
- db.pageSize = pgSize
- } else {
+ if db.pageSize, err = db.getPageSize(); err != nil {
_ = db.close()
- return nil, ErrInvalid
+ lg.Errorf("failed to get page size from db file (%s): %v", path, err)
+ return nil, err
}
}
@@ -286,8 +289,9 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
}
// Memory map the data file.
- if err := db.mmap(options.InitialMmapSize); err != nil {
+ if err = db.mmap(options.InitialMmapSize); err != nil {
_ = db.close()
+ lg.Errorf("failed to map db file (%s): %v", path, err)
return nil, err
}
@@ -302,13 +306,14 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
// Flush freelist when transitioning from no sync to sync so
// NoFreelistSync unaware boltdb can open the db later.
if !db.NoFreelistSync && !db.hasSyncedFreelist() {
- tx, err := db.Begin(true)
+ tx, txErr := db.Begin(true)
if tx != nil {
- err = tx.Commit()
+ txErr = tx.Commit()
}
- if err != nil {
+ if txErr != nil {
+ lg.Errorf("starting readwrite transaction failed: %v", txErr)
_ = db.close()
- return nil, err
+ return nil, txErr
}
}
@@ -352,7 +357,7 @@ func (db *DB) getPageSize() (int, error) {
return db.pageSize, nil
}
- return 0, ErrInvalid
+ return 0, berrors.ErrInvalid
}
// getPageSizeFromFirstMeta reads the pageSize from the first meta page
@@ -361,11 +366,11 @@ func (db *DB) getPageSizeFromFirstMeta() (int, bool, error) {
var metaCanRead bool
if bw, err := db.file.ReadAt(buf[:], 0); err == nil && bw == len(buf) {
metaCanRead = true
- if m := db.pageInBuffer(buf[:], 0).meta(); m.validate() == nil {
- return int(m.pageSize), metaCanRead, nil
+ if m := db.pageInBuffer(buf[:], 0).Meta(); m.Validate() == nil {
+ return int(m.PageSize()), metaCanRead, nil
}
}
- return 0, metaCanRead, ErrInvalid
+ return 0, metaCanRead, berrors.ErrInvalid
}
// getPageSizeFromSecondMeta reads the pageSize from the second meta page
@@ -397,13 +402,13 @@ func (db *DB) getPageSizeFromSecondMeta() (int, bool, error) {
bw, err := db.file.ReadAt(buf[:], pos)
if (err == nil && bw == len(buf)) || (err == io.EOF && int64(bw) == (fileSize-pos)) {
metaCanRead = true
- if m := db.pageInBuffer(buf[:], 0).meta(); m.validate() == nil {
- return int(m.pageSize), metaCanRead, nil
+ if m := db.pageInBuffer(buf[:], 0).Meta(); m.Validate() == nil {
+ return int(m.PageSize()), metaCanRead, nil
}
}
}
- return 0, metaCanRead, ErrInvalid
+ return 0, metaCanRead, berrors.ErrInvalid
}
// loadFreelist reads the freelist if it is synced, or reconstructs it
@@ -414,17 +419,29 @@ func (db *DB) loadFreelist() {
db.freelist = newFreelist(db.FreelistType)
if !db.hasSyncedFreelist() {
// Reconstruct free list by scanning the DB.
- db.freelist.readIDs(db.freepages())
+ db.freelist.Init(db.freepages())
} else {
// Read free list from freelist page.
- db.freelist.read(db.page(db.meta().freelist))
+ db.freelist.Read(db.page(db.meta().Freelist()))
}
- db.stats.FreePageN = db.freelist.free_count()
+ db.stats.FreePageN = db.freelist.FreeCount()
})
}
func (db *DB) hasSyncedFreelist() bool {
- return db.meta().freelist != pgidNoFreelist
+ return db.meta().Freelist() != common.PgidNoFreelist
+}
+
+func (db *DB) fileSize() (int, error) {
+ info, err := db.file.Stat()
+ if err != nil {
+ return 0, fmt.Errorf("file stat error: %w", err)
+ }
+ sz := int(info.Size())
+ if sz < db.pageSize*2 {
+ return 0, fmt.Errorf("file size too small %d", sz)
+ }
+ return sz, nil
}
// mmap opens the underlying memory-mapped file and initializes the meta references.
@@ -433,21 +450,22 @@ func (db *DB) mmap(minsz int) (err error) {
db.mmaplock.Lock()
defer db.mmaplock.Unlock()
- info, err := db.file.Stat()
- if err != nil {
- return fmt.Errorf("mmap stat error: %s", err)
- } else if int(info.Size()) < db.pageSize*2 {
- return fmt.Errorf("file size too small")
- }
+ lg := db.Logger()
// Ensure the size is at least the minimum size.
- fileSize := int(info.Size())
+ var fileSize int
+ fileSize, err = db.fileSize()
+ if err != nil {
+ lg.Errorf("getting file size failed: %w", err)
+ return err
+ }
var size = fileSize
if size < minsz {
size = minsz
}
size, err = db.mmapSize(size)
if err != nil {
+ lg.Errorf("getting map size failed: %w", err)
return err
}
@@ -472,6 +490,7 @@ func (db *DB) mmap(minsz int) (err error) {
// gofail: var mapError string
// return errors.New(mapError)
if err = mmap(db, size); err != nil {
+ lg.Errorf("[GOOS: %s, GOARCH: %s] mmap failed, size: %d, error: %v", runtime.GOOS, runtime.GOARCH, size, err)
return err
}
@@ -493,15 +512,16 @@ func (db *DB) mmap(minsz int) (err error) {
}
// Save references to the meta pages.
- db.meta0 = db.page(0).meta()
- db.meta1 = db.page(1).meta()
+ db.meta0 = db.page(0).Meta()
+ db.meta1 = db.page(1).Meta()
// Validate the meta pages. We only return an error if both meta pages fail
// validation, since meta0 failing validation means that it wasn't saved
// properly -- but we can recover using meta1. And vice-versa.
- err0 := db.meta0.validate()
- err1 := db.meta1.validate()
+ err0 := db.meta0.Validate()
+ err1 := db.meta1.Validate()
if err0 != nil && err1 != nil {
+ lg.Errorf("both meta pages are invalid, meta0: %v, meta1: %v", err0, err1)
return err0
}
@@ -524,7 +544,8 @@ func (db *DB) munmap() error {
// gofail: var unmapError string
// return errors.New(unmapError)
if err := munmap(db); err != nil {
- return fmt.Errorf("unmap error: " + err.Error())
+ db.Logger().Errorf("[GOOS: %s, GOARCH: %s] munmap failed, db.datasz: %d, error: %v", runtime.GOOS, runtime.GOARCH, db.datasz, err)
+ return fmt.Errorf("unmap error: %v", err.Error())
}
return nil
@@ -543,13 +564,13 @@ func (db *DB) mmapSize(size int) (int, error) {
// Verify the requested size is not above the maximum allowed.
if size > maxMapSize {
- return 0, fmt.Errorf("mmap too large")
+ return 0, errors.New("mmap too large")
}
// If larger than 1GB then grow by 1GB at a time.
sz := int64(size)
- if remainder := sz % int64(maxMmapStep); remainder > 0 {
- sz += int64(maxMmapStep) - remainder
+ if remainder := sz % int64(common.MaxMmapStep); remainder > 0 {
+ sz += int64(common.MaxMmapStep) - remainder
}
// Ensure that the mmap size is a multiple of the page size.
@@ -571,7 +592,8 @@ func (db *DB) munlock(fileSize int) error {
// gofail: var munlockError string
// return errors.New(munlockError)
if err := munlock(db, fileSize); err != nil {
- return fmt.Errorf("munlock error: " + err.Error())
+ db.Logger().Errorf("[GOOS: %s, GOARCH: %s] munlock failed, fileSize: %d, db.datasz: %d, error: %v", runtime.GOOS, runtime.GOARCH, fileSize, db.datasz, err)
+ return fmt.Errorf("munlock error: %v", err.Error())
}
return nil
}
@@ -580,7 +602,8 @@ func (db *DB) mlock(fileSize int) error {
// gofail: var mlockError string
// return errors.New(mlockError)
if err := mlock(db, fileSize); err != nil {
- return fmt.Errorf("mlock error: " + err.Error())
+ db.Logger().Errorf("[GOOS: %s, GOARCH: %s] mlock failed, fileSize: %d, db.datasz: %d, error: %v", runtime.GOOS, runtime.GOARCH, fileSize, db.datasz, err)
+ return fmt.Errorf("mlock error: %v", err.Error())
}
return nil
}
@@ -600,42 +623,43 @@ func (db *DB) init() error {
// Create two meta pages on a buffer.
buf := make([]byte, db.pageSize*4)
for i := 0; i < 2; i++ {
- p := db.pageInBuffer(buf, pgid(i))
- p.id = pgid(i)
- p.flags = metaPageFlag
+ p := db.pageInBuffer(buf, common.Pgid(i))
+ p.SetId(common.Pgid(i))
+ p.SetFlags(common.MetaPageFlag)
// Initialize the meta page.
- m := p.meta()
- m.magic = magic
- m.version = version
- m.pageSize = uint32(db.pageSize)
- m.freelist = 2
- m.root = bucket{root: 3}
- m.pgid = 4
- m.txid = txid(i)
- m.checksum = m.sum64()
+ m := p.Meta()
+ m.SetMagic(common.Magic)
+ m.SetVersion(common.Version)
+ m.SetPageSize(uint32(db.pageSize))
+ m.SetFreelist(2)
+ m.SetRootBucket(common.NewInBucket(3, 0))
+ m.SetPgid(4)
+ m.SetTxid(common.Txid(i))
+ m.SetChecksum(m.Sum64())
}
// Write an empty freelist at page 3.
- p := db.pageInBuffer(buf, pgid(2))
- p.id = pgid(2)
- p.flags = freelistPageFlag
- p.count = 0
+ p := db.pageInBuffer(buf, common.Pgid(2))
+ p.SetId(2)
+ p.SetFlags(common.FreelistPageFlag)
+ p.SetCount(0)
// Write an empty leaf page at page 4.
- p = db.pageInBuffer(buf, pgid(3))
- p.id = pgid(3)
- p.flags = leafPageFlag
- p.count = 0
+ p = db.pageInBuffer(buf, common.Pgid(3))
+ p.SetId(3)
+ p.SetFlags(common.LeafPageFlag)
+ p.SetCount(0)
// Write the buffer to our data file.
if _, err := db.ops.writeAt(buf, 0); err != nil {
+ db.Logger().Errorf("writeAt failed: %w", err)
return err
}
if err := fdatasync(db); err != nil {
+ db.Logger().Errorf("[GOOS: %s, GOARCH: %s] fdatasync failed: %w", runtime.GOOS, runtime.GOARCH, err)
return err
}
- db.filesz = len(buf)
return nil
}
@@ -716,13 +740,31 @@ func (db *DB) close() error {
//
// IMPORTANT: You must close read-only transactions after you are finished or
// else the database will not reclaim old pages.
-func (db *DB) Begin(writable bool) (*Tx, error) {
+func (db *DB) Begin(writable bool) (t *Tx, err error) {
+ if lg := db.Logger(); lg != discardLogger {
+ lg.Debugf("Starting a new transaction [writable: %t]", writable)
+ defer func() {
+ if err != nil {
+ lg.Errorf("Starting a new transaction [writable: %t] failed: %v", writable, err)
+ } else {
+ lg.Debugf("Starting a new transaction [writable: %t] successfully", writable)
+ }
+ }()
+ }
+
if writable {
return db.beginRWTx()
}
return db.beginTx()
}
+func (db *DB) Logger() Logger {
+ if db == nil || db.logger == nil {
+ return getDiscardLogger()
+ }
+ return db.logger
+}
+
func (db *DB) beginTx() (*Tx, error) {
// Lock the meta pages while we initialize the transaction. We obtain
// the meta lock before the mmap lock because that's the order that the
@@ -738,14 +780,14 @@ func (db *DB) beginTx() (*Tx, error) {
if !db.opened {
db.mmaplock.RUnlock()
db.metalock.Unlock()
- return nil, ErrDatabaseNotOpen
+ return nil, berrors.ErrDatabaseNotOpen
}
// Exit if the database is not correctly mapped.
if db.data == nil {
db.mmaplock.RUnlock()
db.metalock.Unlock()
- return nil, ErrInvalidMapping
+ return nil, berrors.ErrInvalidMapping
}
// Create a transaction associated with the database.
@@ -755,6 +797,9 @@ func (db *DB) beginTx() (*Tx, error) {
// Keep track of transaction until it closes.
db.txs = append(db.txs, t)
n := len(db.txs)
+ if db.freelist != nil {
+ db.freelist.AddReadonlyTXID(t.meta.Txid())
+ }
// Unlock the meta pages.
db.metalock.Unlock()
@@ -771,7 +816,7 @@ func (db *DB) beginTx() (*Tx, error) {
func (db *DB) beginRWTx() (*Tx, error) {
// If the database was opened with Options.ReadOnly, return an error.
if db.readOnly {
- return nil, ErrDatabaseReadOnly
+ return nil, berrors.ErrDatabaseReadOnly
}
// Obtain writer lock. This is released by the transaction when it closes.
@@ -786,49 +831,23 @@ func (db *DB) beginRWTx() (*Tx, error) {
// Exit if the database is not open yet.
if !db.opened {
db.rwlock.Unlock()
- return nil, ErrDatabaseNotOpen
+ return nil, berrors.ErrDatabaseNotOpen
}
// Exit if the database is not correctly mapped.
if db.data == nil {
db.rwlock.Unlock()
- return nil, ErrInvalidMapping
+ return nil, berrors.ErrInvalidMapping
}
// Create a transaction associated with the database.
t := &Tx{writable: true}
t.init(db)
db.rwtx = t
- db.freePages()
+ db.freelist.ReleasePendingPages()
return t, nil
}
-// freePages releases any pages associated with closed read-only transactions.
-func (db *DB) freePages() {
- // Free all pending pages prior to earliest open transaction.
- sort.Sort(txsById(db.txs))
- minid := txid(0xFFFFFFFFFFFFFFFF)
- if len(db.txs) > 0 {
- minid = db.txs[0].meta.txid
- }
- if minid > 0 {
- db.freelist.release(minid - 1)
- }
- // Release unused txid extents.
- for _, t := range db.txs {
- db.freelist.releaseRange(minid, t.meta.txid-1)
- minid = t.meta.txid + 1
- }
- db.freelist.releaseRange(minid, txid(0xFFFFFFFFFFFFFFFF))
- // Any page both allocated and freed in an extent is safe to release.
-}
-
-type txsById []*Tx
-
-func (t txsById) Len() int { return len(t) }
-func (t txsById) Swap(i, j int) { t[i], t[j] = t[j], t[i] }
-func (t txsById) Less(i, j int) bool { return t[i].meta.txid < t[j].meta.txid }
-
// removeTx removes a transaction from the database.
func (db *DB) removeTx(tx *Tx) {
// Release the read lock on the mmap.
@@ -848,6 +867,9 @@ func (db *DB) removeTx(tx *Tx) {
}
}
n := len(db.txs)
+ if db.freelist != nil {
+ db.freelist.RemoveReadonlyTXID(tx.meta.Txid())
+ }
// Unlock the meta pages.
db.metalock.Unlock()
@@ -1056,7 +1078,20 @@ func safelyCall(fn func(*Tx) error, tx *Tx) (err error) {
//
// This is not necessary under normal operation, however, if you use NoSync
// then it allows you to force the database file to sync against the disk.
-func (db *DB) Sync() error { return fdatasync(db) }
+func (db *DB) Sync() (err error) {
+ if lg := db.Logger(); lg != discardLogger {
+ lg.Debug("Syncing bbolt db (%s)", db.path)
+ defer func() {
+ if err != nil {
+ lg.Errorf("[GOOS: %s, GOARCH: %s] syncing bbolt db (%s) failed: %v", runtime.GOOS, runtime.GOARCH, db.path, err)
+ } else {
+ lg.Debugf("Syncing bbolt db (%s) successfully", db.path)
+ }
+ }()
+ }
+
+ return fdatasync(db)
+}
// Stats retrieves ongoing performance stats for the database.
// This is only updated when a transaction closes.
@@ -1069,37 +1104,37 @@ func (db *DB) Stats() Stats {
// This is for internal access to the raw data bytes from the C cursor, use
// carefully, or not at all.
func (db *DB) Info() *Info {
- _assert(db.data != nil, "database file isn't correctly mapped")
+ common.Assert(db.data != nil, "database file isn't correctly mapped")
return &Info{uintptr(unsafe.Pointer(&db.data[0])), db.pageSize}
}
// page retrieves a page reference from the mmap based on the current page size.
-func (db *DB) page(id pgid) *page {
- pos := id * pgid(db.pageSize)
- return (*page)(unsafe.Pointer(&db.data[pos]))
+func (db *DB) page(id common.Pgid) *common.Page {
+ pos := id * common.Pgid(db.pageSize)
+ return (*common.Page)(unsafe.Pointer(&db.data[pos]))
}
// pageInBuffer retrieves a page reference from a given byte array based on the current page size.
-func (db *DB) pageInBuffer(b []byte, id pgid) *page {
- return (*page)(unsafe.Pointer(&b[id*pgid(db.pageSize)]))
+func (db *DB) pageInBuffer(b []byte, id common.Pgid) *common.Page {
+ return (*common.Page)(unsafe.Pointer(&b[id*common.Pgid(db.pageSize)]))
}
// meta retrieves the current meta page reference.
-func (db *DB) meta() *meta {
+func (db *DB) meta() *common.Meta {
// We have to return the meta with the highest txid which doesn't fail
// validation. Otherwise, we can cause errors when in fact the database is
// in a consistent state. metaA is the one with the higher txid.
metaA := db.meta0
metaB := db.meta1
- if db.meta1.txid > db.meta0.txid {
+ if db.meta1.Txid() > db.meta0.Txid() {
metaA = db.meta1
metaB = db.meta0
}
// Use higher meta page if valid. Otherwise, fallback to previous, if valid.
- if err := metaA.validate(); err == nil {
+ if err := metaA.Validate(); err == nil {
return metaA
- } else if err := metaB.validate(); err == nil {
+ } else if err := metaB.Validate(); err == nil {
return metaB
}
@@ -1109,7 +1144,7 @@ func (db *DB) meta() *meta {
}
// allocate returns a contiguous block of memory starting at a given page.
-func (db *DB) allocate(txid txid, count int) (*page, error) {
+func (db *DB) allocate(txid common.Txid, count int) (*common.Page, error) {
// Allocate a temporary buffer for the page.
var buf []byte
if count == 1 {
@@ -1117,17 +1152,18 @@ func (db *DB) allocate(txid txid, count int) (*page, error) {
} else {
buf = make([]byte, count*db.pageSize)
}
- p := (*page)(unsafe.Pointer(&buf[0]))
- p.overflow = uint32(count - 1)
+ p := (*common.Page)(unsafe.Pointer(&buf[0]))
+ p.SetOverflow(uint32(count - 1))
// Use pages from the freelist if they are available.
- if p.id = db.freelist.allocate(txid, count); p.id != 0 {
+ p.SetId(db.freelist.Allocate(txid, count))
+ if p.Id() != 0 {
return p, nil
}
// Resize mmap() if we're at the end.
- p.id = db.rwtx.meta.pgid
- var minsz = int((p.id+pgid(count))+1) * db.pageSize
+ p.SetId(db.rwtx.meta.Pgid())
+ var minsz = int((p.Id()+common.Pgid(count))+1) * db.pageSize
if minsz >= db.datasz {
if err := db.mmap(minsz); err != nil {
return nil, fmt.Errorf("mmap allocate error: %s", err)
@@ -1135,7 +1171,8 @@ func (db *DB) allocate(txid txid, count int) (*page, error) {
}
// Move the page id high water mark.
- db.rwtx.meta.pgid += pgid(count)
+ curPgid := db.rwtx.meta.Pgid()
+ db.rwtx.meta.SetPgid(curPgid + common.Pgid(count))
return p, nil
}
@@ -1143,7 +1180,13 @@ func (db *DB) allocate(txid txid, count int) (*page, error) {
// grow grows the size of the database to the given sz.
func (db *DB) grow(sz int) error {
// Ignore if the new size is less than available file size.
- if sz <= db.filesz {
+ lg := db.Logger()
+ fileSize, err := db.fileSize()
+ if err != nil {
+ lg.Errorf("getting file size failed: %w", err)
+ return err
+ }
+ if sz <= fileSize {
return nil
}
@@ -1159,22 +1202,25 @@ func (db *DB) grow(sz int) error {
// https://github.com/boltdb/bolt/issues/284
if !db.NoGrowSync && !db.readOnly {
if runtime.GOOS != "windows" {
+ // gofail: var resizeFileError string
+ // return errors.New(resizeFileError)
if err := db.file.Truncate(int64(sz)); err != nil {
+ lg.Errorf("[GOOS: %s, GOARCH: %s] truncating file failed, size: %d, db.datasz: %d, error: %v", runtime.GOOS, runtime.GOARCH, sz, db.datasz, err)
return fmt.Errorf("file resize error: %s", err)
}
}
if err := db.file.Sync(); err != nil {
+ lg.Errorf("[GOOS: %s, GOARCH: %s] syncing file failed, db.datasz: %d, error: %v", runtime.GOOS, runtime.GOARCH, db.datasz, err)
return fmt.Errorf("file sync error: %s", err)
}
if db.Mlock {
// unlock old file and lock new one
- if err := db.mrelock(db.filesz, sz); err != nil {
+ if err := db.mrelock(fileSize, sz); err != nil {
return fmt.Errorf("mlock/munlock error: %s", err)
}
}
}
- db.filesz = sz
return nil
}
@@ -1182,7 +1228,7 @@ func (db *DB) IsReadOnly() bool {
return db.readOnly
}
-func (db *DB) freepages() []pgid {
+func (db *DB) freepages() []common.Pgid {
tx, err := db.beginTx()
defer func() {
err = tx.Rollback()
@@ -1194,21 +1240,21 @@ func (db *DB) freepages() []pgid {
panic("freepages: failed to open read only tx")
}
- reachable := make(map[pgid]*page)
- nofreed := make(map[pgid]bool)
+ reachable := make(map[common.Pgid]*common.Page)
+ nofreed := make(map[common.Pgid]bool)
ech := make(chan error)
go func() {
for e := range ech {
panic(fmt.Sprintf("freepages: failed to get all reachable pages (%v)", e))
}
}()
- tx.checkBucket(&tx.root, reachable, nofreed, HexKVStringer(), ech)
+ tx.recursivelyCheckBucket(&tx.root, reachable, nofreed, HexKVStringer(), ech)
close(ech)
// TODO: If check bucket reported any corruptions (ech) we shouldn't proceed to freeing the pages.
- var fids []pgid
- for i := pgid(2); i < db.meta().pgid; i++ {
+ var fids []common.Pgid
+ for i := common.Pgid(2); i < db.meta().Pgid(); i++ {
if _, ok := reachable[i]; !ok {
fids = append(fids, i)
}
@@ -1216,11 +1262,17 @@ func (db *DB) freepages() []pgid {
return fids
}
+func newFreelist(freelistType FreelistType) fl.Interface {
+ if freelistType == FreelistMapType {
+ return fl.NewHashMapFreelist()
+ }
+ return fl.NewArrayFreelist()
+}
+
// Options represents the options that can be set when opening a database.
type Options struct {
// Timeout is the amount of time to wait to obtain a file lock.
- // When set to zero it will wait indefinitely. This option is only
- // available on Darwin and Linux.
+ // When set to zero it will wait indefinitely.
Timeout time.Duration
// Sets the DB.NoGrowSync flag before memory mapping the file.
@@ -1275,6 +1327,19 @@ type Options struct {
// It prevents potential page faults, however
// used memory can't be reclaimed. (UNIX only)
Mlock bool
+
+ // Logger is the logger used for bbolt.
+ Logger Logger
+}
+
+func (o *Options) String() string {
+ if o == nil {
+ return "{}"
+ }
+
+ return fmt.Sprintf("{Timeout: %s, NoGrowSync: %t, NoFreelistSync: %t, PreLoadFreelist: %t, FreelistType: %s, ReadOnly: %t, MmapFlags: %x, InitialMmapSize: %d, PageSize: %d, NoSync: %t, OpenFile: %p, Mlock: %t, Logger: %p}",
+ o.Timeout, o.NoGrowSync, o.NoFreelistSync, o.PreLoadFreelist, o.FreelistType, o.ReadOnly, o.MmapFlags, o.InitialMmapSize, o.PageSize, o.NoSync, o.OpenFile, o.Mlock, o.Logger)
+
}
// DefaultOptions represent the options used if nil options are passed into Open().
@@ -1325,65 +1390,3 @@ type Info struct {
Data uintptr
PageSize int
}
-
-type meta struct {
- magic uint32
- version uint32
- pageSize uint32
- flags uint32
- root bucket
- freelist pgid
- pgid pgid
- txid txid
- checksum uint64
-}
-
-// validate checks the marker bytes and version of the meta page to ensure it matches this binary.
-func (m *meta) validate() error {
- if m.magic != magic {
- return ErrInvalid
- } else if m.version != version {
- return ErrVersionMismatch
- } else if m.checksum != m.sum64() {
- return ErrChecksum
- }
- return nil
-}
-
-// copy copies one meta object to another.
-func (m *meta) copy(dest *meta) {
- *dest = *m
-}
-
-// write writes the meta onto a page.
-func (m *meta) write(p *page) {
- if m.root.root >= m.pgid {
- panic(fmt.Sprintf("root bucket pgid (%d) above high water mark (%d)", m.root.root, m.pgid))
- } else if m.freelist >= m.pgid && m.freelist != pgidNoFreelist {
- // TODO: reject pgidNoFreeList if !NoFreelistSync
- panic(fmt.Sprintf("freelist pgid (%d) above high water mark (%d)", m.freelist, m.pgid))
- }
-
- // Page id is either going to be 0 or 1 which we can determine by the transaction ID.
- p.id = pgid(m.txid % 2)
- p.flags |= metaPageFlag
-
- // Calculate the checksum.
- m.checksum = m.sum64()
-
- m.copy(p.meta())
-}
-
-// generates the checksum for the meta.
-func (m *meta) sum64() uint64 {
- var h = fnv.New64a()
- _, _ = h.Write((*[unsafe.Offsetof(meta{}.checksum)]byte)(unsafe.Pointer(m))[:])
- return h.Sum64()
-}
-
-// _assert will panic with a given formatted message if the given condition is false.
-func _assert(condition bool, msg string, v ...interface{}) {
- if !condition {
- panic(fmt.Sprintf("assertion failed: "+msg, v...))
- }
-}
diff --git a/vendor/go.etcd.io/bbolt/errors.go b/vendor/go.etcd.io/bbolt/errors.go
index f2c3b20ed8..02958c86f5 100644
--- a/vendor/go.etcd.io/bbolt/errors.go
+++ b/vendor/go.etcd.io/bbolt/errors.go
@@ -1,78 +1,108 @@
package bbolt
-import "errors"
+import "go.etcd.io/bbolt/errors"
// These errors can be returned when opening or calling methods on a DB.
var (
// ErrDatabaseNotOpen is returned when a DB instance is accessed before it
// is opened or after it is closed.
- ErrDatabaseNotOpen = errors.New("database not open")
-
- // ErrDatabaseOpen is returned when opening a database that is
- // already open.
- ErrDatabaseOpen = errors.New("database already open")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrDatabaseNotOpen = errors.ErrDatabaseNotOpen
// ErrInvalid is returned when both meta pages on a database are invalid.
// This typically occurs when a file is not a bolt database.
- ErrInvalid = errors.New("invalid database")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrInvalid = errors.ErrInvalid
// ErrInvalidMapping is returned when the database file fails to get mapped.
- ErrInvalidMapping = errors.New("database isn't correctly mapped")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrInvalidMapping = errors.ErrInvalidMapping
// ErrVersionMismatch is returned when the data file was created with a
// different version of Bolt.
- ErrVersionMismatch = errors.New("version mismatch")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrVersionMismatch = errors.ErrVersionMismatch
- // ErrChecksum is returned when either meta page checksum does not match.
- ErrChecksum = errors.New("checksum error")
+ // ErrChecksum is returned when a checksum mismatch occurs on either of the two meta pages.
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrChecksum = errors.ErrChecksum
// ErrTimeout is returned when a database cannot obtain an exclusive lock
// on the data file after the timeout passed to Open().
- ErrTimeout = errors.New("timeout")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrTimeout = errors.ErrTimeout
)
// These errors can occur when beginning or committing a Tx.
var (
// ErrTxNotWritable is returned when performing a write operation on a
// read-only transaction.
- ErrTxNotWritable = errors.New("tx not writable")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrTxNotWritable = errors.ErrTxNotWritable
// ErrTxClosed is returned when committing or rolling back a transaction
// that has already been committed or rolled back.
- ErrTxClosed = errors.New("tx closed")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrTxClosed = errors.ErrTxClosed
// ErrDatabaseReadOnly is returned when a mutating transaction is started on a
// read-only database.
- ErrDatabaseReadOnly = errors.New("database is in read-only mode")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrDatabaseReadOnly = errors.ErrDatabaseReadOnly
// ErrFreePagesNotLoaded is returned when a readonly transaction without
// preloading the free pages is trying to access the free pages.
- ErrFreePagesNotLoaded = errors.New("free pages are not pre-loaded")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrFreePagesNotLoaded = errors.ErrFreePagesNotLoaded
)
// These errors can occur when putting or deleting a value or a bucket.
var (
// ErrBucketNotFound is returned when trying to access a bucket that has
// not been created yet.
- ErrBucketNotFound = errors.New("bucket not found")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrBucketNotFound = errors.ErrBucketNotFound
// ErrBucketExists is returned when creating a bucket that already exists.
- ErrBucketExists = errors.New("bucket already exists")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrBucketExists = errors.ErrBucketExists
// ErrBucketNameRequired is returned when creating a bucket with a blank name.
- ErrBucketNameRequired = errors.New("bucket name required")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrBucketNameRequired = errors.ErrBucketNameRequired
// ErrKeyRequired is returned when inserting a zero-length key.
- ErrKeyRequired = errors.New("key required")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrKeyRequired = errors.ErrKeyRequired
// ErrKeyTooLarge is returned when inserting a key that is larger than MaxKeySize.
- ErrKeyTooLarge = errors.New("key too large")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrKeyTooLarge = errors.ErrKeyTooLarge
// ErrValueTooLarge is returned when inserting a value that is larger than MaxValueSize.
- ErrValueTooLarge = errors.New("value too large")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrValueTooLarge = errors.ErrValueTooLarge
// ErrIncompatibleValue is returned when trying create or delete a bucket
// on an existing non-bucket key or when trying to create or delete a
// non-bucket key on an existing bucket key.
- ErrIncompatibleValue = errors.New("incompatible value")
+ //
+ // Deprecated: Use the error variables defined in the bbolt/errors package.
+ ErrIncompatibleValue = errors.ErrIncompatibleValue
)
diff --git a/vendor/go.etcd.io/bbolt/errors/errors.go b/vendor/go.etcd.io/bbolt/errors/errors.go
new file mode 100644
index 0000000000..c115289e56
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/errors/errors.go
@@ -0,0 +1,84 @@
+// Package errors defines the error variables that may be returned
+// during bbolt operations.
+package errors
+
+import "errors"
+
+// These errors can be returned when opening or calling methods on a DB.
+var (
+ // ErrDatabaseNotOpen is returned when a DB instance is accessed before it
+ // is opened or after it is closed.
+ ErrDatabaseNotOpen = errors.New("database not open")
+
+ // ErrInvalid is returned when both meta pages on a database are invalid.
+ // This typically occurs when a file is not a bolt database.
+ ErrInvalid = errors.New("invalid database")
+
+ // ErrInvalidMapping is returned when the database file fails to get mapped.
+ ErrInvalidMapping = errors.New("database isn't correctly mapped")
+
+ // ErrVersionMismatch is returned when the data file was created with a
+ // different version of Bolt.
+ ErrVersionMismatch = errors.New("version mismatch")
+
+ // ErrChecksum is returned when a checksum mismatch occurs on either of the two meta pages.
+ ErrChecksum = errors.New("checksum error")
+
+ // ErrTimeout is returned when a database cannot obtain an exclusive lock
+ // on the data file after the timeout passed to Open().
+ ErrTimeout = errors.New("timeout")
+)
+
+// These errors can occur when beginning or committing a Tx.
+var (
+ // ErrTxNotWritable is returned when performing a write operation on a
+ // read-only transaction.
+ ErrTxNotWritable = errors.New("tx not writable")
+
+ // ErrTxClosed is returned when committing or rolling back a transaction
+ // that has already been committed or rolled back.
+ ErrTxClosed = errors.New("tx closed")
+
+ // ErrDatabaseReadOnly is returned when a mutating transaction is started on a
+ // read-only database.
+ ErrDatabaseReadOnly = errors.New("database is in read-only mode")
+
+ // ErrFreePagesNotLoaded is returned when a readonly transaction without
+ // preloading the free pages is trying to access the free pages.
+ ErrFreePagesNotLoaded = errors.New("free pages are not pre-loaded")
+)
+
+// These errors can occur when putting or deleting a value or a bucket.
+var (
+ // ErrBucketNotFound is returned when trying to access a bucket that has
+ // not been created yet.
+ ErrBucketNotFound = errors.New("bucket not found")
+
+ // ErrBucketExists is returned when creating a bucket that already exists.
+ ErrBucketExists = errors.New("bucket already exists")
+
+ // ErrBucketNameRequired is returned when creating a bucket with a blank name.
+ ErrBucketNameRequired = errors.New("bucket name required")
+
+ // ErrKeyRequired is returned when inserting a zero-length key.
+ ErrKeyRequired = errors.New("key required")
+
+ // ErrKeyTooLarge is returned when inserting a key that is larger than MaxKeySize.
+ ErrKeyTooLarge = errors.New("key too large")
+
+ // ErrValueTooLarge is returned when inserting a value that is larger than MaxValueSize.
+ ErrValueTooLarge = errors.New("value too large")
+
+ // ErrIncompatibleValue is returned when trying to create or delete a bucket
+ // on an existing non-bucket key or when trying to create or delete a
+ // non-bucket key on an existing bucket key.
+ ErrIncompatibleValue = errors.New("incompatible value")
+
+ // ErrSameBuckets is returned when trying to move a sub-bucket between
+ // source and target buckets, while source and target buckets are the same.
+ ErrSameBuckets = errors.New("the source and target are the same bucket")
+
+ // ErrDifferentDB is returned when trying to move a sub-bucket between
+ // source and target buckets, while source and target buckets are in different database files.
+ ErrDifferentDB = errors.New("the source and target buckets are in different database files")
+)
diff --git a/vendor/go.etcd.io/bbolt/freelist.go b/vendor/go.etcd.io/bbolt/freelist.go
deleted file mode 100644
index 61d43f81b4..0000000000
--- a/vendor/go.etcd.io/bbolt/freelist.go
+++ /dev/null
@@ -1,402 +0,0 @@
-package bbolt
-
-import (
- "fmt"
- "sort"
- "unsafe"
-)
-
-// txPending holds a list of pgids and corresponding allocation txns
-// that are pending to be freed.
-type txPending struct {
- ids []pgid
- alloctx []txid // txids allocating the ids
- lastReleaseBegin txid // beginning txid of last matching releaseRange
-}
-
-// pidSet holds the set of starting pgids which have the same span size
-type pidSet map[pgid]struct{}
-
-// freelist represents a list of all pages that are available for allocation.
-// It also tracks pages that have been freed but are still in use by open transactions.
-type freelist struct {
- freelistType FreelistType // freelist type
- ids []pgid // all free and available free page ids.
- allocs map[pgid]txid // mapping of txid that allocated a pgid.
- pending map[txid]*txPending // mapping of soon-to-be free page ids by tx.
- cache map[pgid]struct{} // fast lookup of all free and pending page ids.
- freemaps map[uint64]pidSet // key is the size of continuous pages(span), value is a set which contains the starting pgids of same size
- forwardMap map[pgid]uint64 // key is start pgid, value is its span size
- backwardMap map[pgid]uint64 // key is end pgid, value is its span size
- allocate func(txid txid, n int) pgid // the freelist allocate func
- free_count func() int // the function which gives you free page number
- mergeSpans func(ids pgids) // the mergeSpan func
- getFreePageIDs func() []pgid // get free pgids func
- readIDs func(pgids []pgid) // readIDs func reads list of pages and init the freelist
-}
-
-// newFreelist returns an empty, initialized freelist.
-func newFreelist(freelistType FreelistType) *freelist {
- f := &freelist{
- freelistType: freelistType,
- allocs: make(map[pgid]txid),
- pending: make(map[txid]*txPending),
- cache: make(map[pgid]struct{}),
- freemaps: make(map[uint64]pidSet),
- forwardMap: make(map[pgid]uint64),
- backwardMap: make(map[pgid]uint64),
- }
-
- if freelistType == FreelistMapType {
- f.allocate = f.hashmapAllocate
- f.free_count = f.hashmapFreeCount
- f.mergeSpans = f.hashmapMergeSpans
- f.getFreePageIDs = f.hashmapGetFreePageIDs
- f.readIDs = f.hashmapReadIDs
- } else {
- f.allocate = f.arrayAllocate
- f.free_count = f.arrayFreeCount
- f.mergeSpans = f.arrayMergeSpans
- f.getFreePageIDs = f.arrayGetFreePageIDs
- f.readIDs = f.arrayReadIDs
- }
-
- return f
-}
-
-// size returns the size of the page after serialization.
-func (f *freelist) size() int {
- n := f.count()
- if n >= 0xFFFF {
- // The first element will be used to store the count. See freelist.write.
- n++
- }
- return int(pageHeaderSize) + (int(unsafe.Sizeof(pgid(0))) * n)
-}
-
-// count returns count of pages on the freelist
-func (f *freelist) count() int {
- return f.free_count() + f.pending_count()
-}
-
-// arrayFreeCount returns count of free pages(array version)
-func (f *freelist) arrayFreeCount() int {
- return len(f.ids)
-}
-
-// pending_count returns count of pending pages
-func (f *freelist) pending_count() int {
- var count int
- for _, txp := range f.pending {
- count += len(txp.ids)
- }
- return count
-}
-
-// copyall copies a list of all free ids and all pending ids in one sorted list.
-// f.count returns the minimum length required for dst.
-func (f *freelist) copyall(dst []pgid) {
- m := make(pgids, 0, f.pending_count())
- for _, txp := range f.pending {
- m = append(m, txp.ids...)
- }
- sort.Sort(m)
- mergepgids(dst, f.getFreePageIDs(), m)
-}
-
-// arrayAllocate returns the starting page id of a contiguous list of pages of a given size.
-// If a contiguous block cannot be found then 0 is returned.
-func (f *freelist) arrayAllocate(txid txid, n int) pgid {
- if len(f.ids) == 0 {
- return 0
- }
-
- var initial, previd pgid
- for i, id := range f.ids {
- if id <= 1 {
- panic(fmt.Sprintf("invalid page allocation: %d", id))
- }
-
- // Reset initial page if this is not contiguous.
- if previd == 0 || id-previd != 1 {
- initial = id
- }
-
- // If we found a contiguous block then remove it and return it.
- if (id-initial)+1 == pgid(n) {
- // If we're allocating off the beginning then take the fast path
- // and just adjust the existing slice. This will use extra memory
- // temporarily but the append() in free() will realloc the slice
- // as is necessary.
- if (i + 1) == n {
- f.ids = f.ids[i+1:]
- } else {
- copy(f.ids[i-n+1:], f.ids[i+1:])
- f.ids = f.ids[:len(f.ids)-n]
- }
-
- // Remove from the free cache.
- for i := pgid(0); i < pgid(n); i++ {
- delete(f.cache, initial+i)
- }
- f.allocs[initial] = txid
- return initial
- }
-
- previd = id
- }
- return 0
-}
-
-// free releases a page and its overflow for a given transaction id.
-// If the page is already free then a panic will occur.
-func (f *freelist) free(txid txid, p *page) {
- if p.id <= 1 {
- panic(fmt.Sprintf("cannot free page 0 or 1: %d", p.id))
- }
-
- // Free page and all its overflow pages.
- txp := f.pending[txid]
- if txp == nil {
- txp = &txPending{}
- f.pending[txid] = txp
- }
- allocTxid, ok := f.allocs[p.id]
- if ok {
- delete(f.allocs, p.id)
- } else if (p.flags & freelistPageFlag) != 0 {
- // Freelist is always allocated by prior tx.
- allocTxid = txid - 1
- }
-
- for id := p.id; id <= p.id+pgid(p.overflow); id++ {
- // Verify that page is not already free.
- if _, ok := f.cache[id]; ok {
- panic(fmt.Sprintf("page %d already freed", id))
- }
- // Add to the freelist and cache.
- txp.ids = append(txp.ids, id)
- txp.alloctx = append(txp.alloctx, allocTxid)
- f.cache[id] = struct{}{}
- }
-}
-
-// release moves all page ids for a transaction id (or older) to the freelist.
-func (f *freelist) release(txid txid) {
- m := make(pgids, 0)
- for tid, txp := range f.pending {
- if tid <= txid {
- // Move transaction's pending pages to the available freelist.
- // Don't remove from the cache since the page is still free.
- m = append(m, txp.ids...)
- delete(f.pending, tid)
- }
- }
- f.mergeSpans(m)
-}
-
-// releaseRange moves pending pages allocated within an extent [begin,end] to the free list.
-func (f *freelist) releaseRange(begin, end txid) {
- if begin > end {
- return
- }
- var m pgids
- for tid, txp := range f.pending {
- if tid < begin || tid > end {
- continue
- }
- // Don't recompute freed pages if ranges haven't updated.
- if txp.lastReleaseBegin == begin {
- continue
- }
- for i := 0; i < len(txp.ids); i++ {
- if atx := txp.alloctx[i]; atx < begin || atx > end {
- continue
- }
- m = append(m, txp.ids[i])
- txp.ids[i] = txp.ids[len(txp.ids)-1]
- txp.ids = txp.ids[:len(txp.ids)-1]
- txp.alloctx[i] = txp.alloctx[len(txp.alloctx)-1]
- txp.alloctx = txp.alloctx[:len(txp.alloctx)-1]
- i--
- }
- txp.lastReleaseBegin = begin
- if len(txp.ids) == 0 {
- delete(f.pending, tid)
- }
- }
- f.mergeSpans(m)
-}
-
-// rollback removes the pages from a given pending tx.
-func (f *freelist) rollback(txid txid) {
- // Remove page ids from cache.
- txp := f.pending[txid]
- if txp == nil {
- return
- }
- var m pgids
- for i, pgid := range txp.ids {
- delete(f.cache, pgid)
- tx := txp.alloctx[i]
- if tx == 0 {
- continue
- }
- if tx != txid {
- // Pending free aborted; restore page back to alloc list.
- f.allocs[pgid] = tx
- } else {
- // Freed page was allocated by this txn; OK to throw away.
- m = append(m, pgid)
- }
- }
- // Remove pages from pending list and mark as free if allocated by txid.
- delete(f.pending, txid)
- f.mergeSpans(m)
-}
-
-// freed returns whether a given page is in the free list.
-func (f *freelist) freed(pgId pgid) bool {
- _, ok := f.cache[pgId]
- return ok
-}
-
-// read initializes the freelist from a freelist page.
-func (f *freelist) read(p *page) {
- if (p.flags & freelistPageFlag) == 0 {
- panic(fmt.Sprintf("invalid freelist page: %d, page type is %s", p.id, p.typ()))
- }
- // If the page.count is at the max uint16 value (64k) then it's considered
- // an overflow and the size of the freelist is stored as the first element.
- var idx, count = 0, int(p.count)
- if count == 0xFFFF {
- idx = 1
- c := *(*pgid)(unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p)))
- count = int(c)
- if count < 0 {
- panic(fmt.Sprintf("leading element count %d overflows int", c))
- }
- }
-
- // Copy the list of page ids from the freelist.
- if count == 0 {
- f.ids = nil
- } else {
- data := unsafeIndex(unsafe.Pointer(p), unsafe.Sizeof(*p), unsafe.Sizeof(pgid(0)), idx)
- ids := unsafe.Slice((*pgid)(data), count)
-
- // copy the ids, so we don't modify on the freelist page directly
- idsCopy := make([]pgid, count)
- copy(idsCopy, ids)
- // Make sure they're sorted.
- sort.Sort(pgids(idsCopy))
-
- f.readIDs(idsCopy)
- }
-}
-
-// arrayReadIDs initializes the freelist from a given list of ids.
-func (f *freelist) arrayReadIDs(ids []pgid) {
- f.ids = ids
- f.reindex()
-}
-
-func (f *freelist) arrayGetFreePageIDs() []pgid {
- return f.ids
-}
-
-// write writes the page ids onto a freelist page. All free and pending ids are
-// saved to disk since in the event of a program crash, all pending ids will
-// become free.
-func (f *freelist) write(p *page) error {
- // Combine the old free pgids and pgids waiting on an open transaction.
-
- // Update the header flag.
- p.flags |= freelistPageFlag
-
- // The page.count can only hold up to 64k elements so if we overflow that
- // number then we handle it by putting the size in the first element.
- l := f.count()
- if l == 0 {
- p.count = uint16(l)
- } else if l < 0xFFFF {
- p.count = uint16(l)
- data := unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
- ids := unsafe.Slice((*pgid)(data), l)
- f.copyall(ids)
- } else {
- p.count = 0xFFFF
- data := unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
- ids := unsafe.Slice((*pgid)(data), l+1)
- ids[0] = pgid(l)
- f.copyall(ids[1:])
- }
-
- return nil
-}
-
-// reload reads the freelist from a page and filters out pending items.
-func (f *freelist) reload(p *page) {
- f.read(p)
-
- // Build a cache of only pending pages.
- pcache := make(map[pgid]bool)
- for _, txp := range f.pending {
- for _, pendingID := range txp.ids {
- pcache[pendingID] = true
- }
- }
-
- // Check each page in the freelist and build a new available freelist
- // with any pages not in the pending lists.
- var a []pgid
- for _, id := range f.getFreePageIDs() {
- if !pcache[id] {
- a = append(a, id)
- }
- }
-
- f.readIDs(a)
-}
-
-// noSyncReload reads the freelist from pgids and filters out pending items.
-func (f *freelist) noSyncReload(pgids []pgid) {
- // Build a cache of only pending pages.
- pcache := make(map[pgid]bool)
- for _, txp := range f.pending {
- for _, pendingID := range txp.ids {
- pcache[pendingID] = true
- }
- }
-
- // Check each page in the freelist and build a new available freelist
- // with any pages not in the pending lists.
- var a []pgid
- for _, id := range pgids {
- if !pcache[id] {
- a = append(a, id)
- }
- }
-
- f.readIDs(a)
-}
-
-// reindex rebuilds the free cache based on available and pending free lists.
-func (f *freelist) reindex() {
- ids := f.getFreePageIDs()
- f.cache = make(map[pgid]struct{}, len(ids))
- for _, id := range ids {
- f.cache[id] = struct{}{}
- }
- for _, txp := range f.pending {
- for _, pendingID := range txp.ids {
- f.cache[pendingID] = struct{}{}
- }
- }
-}
-
-// arrayMergeSpans try to merge list of pages(represented by pgids) with existing spans but using array
-func (f *freelist) arrayMergeSpans(ids pgids) {
- sort.Sort(ids)
- f.ids = pgids(f.ids).merge(ids)
-}
diff --git a/vendor/go.etcd.io/bbolt/freelist_hmap.go b/vendor/go.etcd.io/bbolt/freelist_hmap.go
deleted file mode 100644
index dbd67a1e73..0000000000
--- a/vendor/go.etcd.io/bbolt/freelist_hmap.go
+++ /dev/null
@@ -1,178 +0,0 @@
-package bbolt
-
-import "sort"
-
-// hashmapFreeCount returns count of free pages(hashmap version)
-func (f *freelist) hashmapFreeCount() int {
- // use the forwardMap to get the total count
- count := 0
- for _, size := range f.forwardMap {
- count += int(size)
- }
- return count
-}
-
-// hashmapAllocate serves the same purpose as arrayAllocate, but use hashmap as backend
-func (f *freelist) hashmapAllocate(txid txid, n int) pgid {
- if n == 0 {
- return 0
- }
-
- // if we have a exact size match just return short path
- if bm, ok := f.freemaps[uint64(n)]; ok {
- for pid := range bm {
- // remove the span
- f.delSpan(pid, uint64(n))
-
- f.allocs[pid] = txid
-
- for i := pgid(0); i < pgid(n); i++ {
- delete(f.cache, pid+i)
- }
- return pid
- }
- }
-
- // lookup the map to find larger span
- for size, bm := range f.freemaps {
- if size < uint64(n) {
- continue
- }
-
- for pid := range bm {
- // remove the initial
- f.delSpan(pid, size)
-
- f.allocs[pid] = txid
-
- remain := size - uint64(n)
-
- // add remain span
- f.addSpan(pid+pgid(n), remain)
-
- for i := pgid(0); i < pgid(n); i++ {
- delete(f.cache, pid+i)
- }
- return pid
- }
- }
-
- return 0
-}
-
-// hashmapReadIDs reads pgids as input an initial the freelist(hashmap version)
-func (f *freelist) hashmapReadIDs(pgids []pgid) {
- f.init(pgids)
-
- // Rebuild the page cache.
- f.reindex()
-}
-
-// hashmapGetFreePageIDs returns the sorted free page ids
-func (f *freelist) hashmapGetFreePageIDs() []pgid {
- count := f.free_count()
- if count == 0 {
- return nil
- }
-
- m := make([]pgid, 0, count)
- for start, size := range f.forwardMap {
- for i := 0; i < int(size); i++ {
- m = append(m, start+pgid(i))
- }
- }
- sort.Sort(pgids(m))
-
- return m
-}
-
-// hashmapMergeSpans try to merge list of pages(represented by pgids) with existing spans
-func (f *freelist) hashmapMergeSpans(ids pgids) {
- for _, id := range ids {
- // try to see if we can merge and update
- f.mergeWithExistingSpan(id)
- }
-}
-
-// mergeWithExistingSpan merges pid to the existing free spans, try to merge it backward and forward
-func (f *freelist) mergeWithExistingSpan(pid pgid) {
- prev := pid - 1
- next := pid + 1
-
- preSize, mergeWithPrev := f.backwardMap[prev]
- nextSize, mergeWithNext := f.forwardMap[next]
- newStart := pid
- newSize := uint64(1)
-
- if mergeWithPrev {
- //merge with previous span
- start := prev + 1 - pgid(preSize)
- f.delSpan(start, preSize)
-
- newStart -= pgid(preSize)
- newSize += preSize
- }
-
- if mergeWithNext {
- // merge with next span
- f.delSpan(next, nextSize)
- newSize += nextSize
- }
-
- f.addSpan(newStart, newSize)
-}
-
-func (f *freelist) addSpan(start pgid, size uint64) {
- f.backwardMap[start-1+pgid(size)] = size
- f.forwardMap[start] = size
- if _, ok := f.freemaps[size]; !ok {
- f.freemaps[size] = make(map[pgid]struct{})
- }
-
- f.freemaps[size][start] = struct{}{}
-}
-
-func (f *freelist) delSpan(start pgid, size uint64) {
- delete(f.forwardMap, start)
- delete(f.backwardMap, start+pgid(size-1))
- delete(f.freemaps[size], start)
- if len(f.freemaps[size]) == 0 {
- delete(f.freemaps, size)
- }
-}
-
-// initial from pgids using when use hashmap version
-// pgids must be sorted
-func (f *freelist) init(pgids []pgid) {
- if len(pgids) == 0 {
- return
- }
-
- size := uint64(1)
- start := pgids[0]
-
- if !sort.SliceIsSorted([]pgid(pgids), func(i, j int) bool { return pgids[i] < pgids[j] }) {
- panic("pgids not sorted")
- }
-
- f.freemaps = make(map[uint64]pidSet)
- f.forwardMap = make(map[pgid]uint64)
- f.backwardMap = make(map[pgid]uint64)
-
- for i := 1; i < len(pgids); i++ {
- // continuous page
- if pgids[i] == pgids[i-1]+1 {
- size++
- } else {
- f.addSpan(start, size)
-
- size = 1
- start = pgids[i]
- }
- }
-
- // init the tail
- if size != 0 && start != 0 {
- f.addSpan(start, size)
- }
-}
diff --git a/vendor/go.etcd.io/bbolt/internal/common/bucket.go b/vendor/go.etcd.io/bbolt/internal/common/bucket.go
new file mode 100644
index 0000000000..2b4ab1453a
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/common/bucket.go
@@ -0,0 +1,54 @@
+package common
+
+import (
+ "fmt"
+ "unsafe"
+)
+
+const BucketHeaderSize = int(unsafe.Sizeof(InBucket{}))
+
+// InBucket represents the on-file representation of a bucket.
+// This is stored as the "value" of a bucket key. If the bucket is small enough,
+// then its root page can be stored inline in the "value", after the bucket
+// header. In the case of inline buckets, the "root" will be 0.
+type InBucket struct {
+ root Pgid // page id of the bucket's root-level page
+ sequence uint64 // monotonically incrementing, used by NextSequence()
+}
+
+func NewInBucket(root Pgid, seq uint64) InBucket {
+ return InBucket{
+ root: root,
+ sequence: seq,
+ }
+}
+
+func (b *InBucket) RootPage() Pgid {
+ return b.root
+}
+
+func (b *InBucket) SetRootPage(id Pgid) {
+ b.root = id
+}
+
+// InSequence returns the sequence. The reason why not naming it `Sequence`
+// is to avoid duplicated name as `(*Bucket) Sequence()`
+func (b *InBucket) InSequence() uint64 {
+ return b.sequence
+}
+
+func (b *InBucket) SetInSequence(v uint64) {
+ b.sequence = v
+}
+
+func (b *InBucket) IncSequence() {
+ b.sequence++
+}
+
+func (b *InBucket) InlinePage(v []byte) *Page {
+ return (*Page)(unsafe.Pointer(&v[BucketHeaderSize]))
+}
+
+func (b *InBucket) String() string {
+ return fmt.Sprintf("", b.root, b.sequence)
+}
diff --git a/vendor/go.etcd.io/bbolt/internal/common/inode.go b/vendor/go.etcd.io/bbolt/internal/common/inode.go
new file mode 100644
index 0000000000..080b9af789
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/common/inode.go
@@ -0,0 +1,115 @@
+package common
+
+import "unsafe"
+
+// Inode represents an internal node inside of a node.
+// It can be used to point to elements in a page or point
+// to an element which hasn't been added to a page yet.
+type Inode struct {
+ flags uint32
+ pgid Pgid
+ key []byte
+ value []byte
+}
+
+type Inodes []Inode
+
+func (in *Inode) Flags() uint32 {
+ return in.flags
+}
+
+func (in *Inode) SetFlags(flags uint32) {
+ in.flags = flags
+}
+
+func (in *Inode) Pgid() Pgid {
+ return in.pgid
+}
+
+func (in *Inode) SetPgid(id Pgid) {
+ in.pgid = id
+}
+
+func (in *Inode) Key() []byte {
+ return in.key
+}
+
+func (in *Inode) SetKey(key []byte) {
+ in.key = key
+}
+
+func (in *Inode) Value() []byte {
+ return in.value
+}
+
+func (in *Inode) SetValue(value []byte) {
+ in.value = value
+}
+
+func ReadInodeFromPage(p *Page) Inodes {
+ inodes := make(Inodes, int(p.Count()))
+ isLeaf := p.IsLeafPage()
+ for i := 0; i < int(p.Count()); i++ {
+ inode := &inodes[i]
+ if isLeaf {
+ elem := p.LeafPageElement(uint16(i))
+ inode.SetFlags(elem.Flags())
+ inode.SetKey(elem.Key())
+ inode.SetValue(elem.Value())
+ } else {
+ elem := p.BranchPageElement(uint16(i))
+ inode.SetPgid(elem.Pgid())
+ inode.SetKey(elem.Key())
+ }
+ Assert(len(inode.Key()) > 0, "read: zero-length inode key")
+ }
+
+ return inodes
+}
+
+func WriteInodeToPage(inodes Inodes, p *Page) uint32 {
+ // Loop over each item and write it to the page.
+ // off tracks the offset into p of the start of the next data.
+ off := unsafe.Sizeof(*p) + p.PageElementSize()*uintptr(len(inodes))
+ isLeaf := p.IsLeafPage()
+ for i, item := range inodes {
+ Assert(len(item.Key()) > 0, "write: zero-length inode key")
+
+ // Create a slice to write into of needed size and advance
+ // byte pointer for next iteration.
+ sz := len(item.Key()) + len(item.Value())
+ b := UnsafeByteSlice(unsafe.Pointer(p), off, 0, sz)
+ off += uintptr(sz)
+
+ // Write the page element.
+ if isLeaf {
+ elem := p.LeafPageElement(uint16(i))
+ elem.SetPos(uint32(uintptr(unsafe.Pointer(&b[0])) - uintptr(unsafe.Pointer(elem))))
+ elem.SetFlags(item.Flags())
+ elem.SetKsize(uint32(len(item.Key())))
+ elem.SetVsize(uint32(len(item.Value())))
+ } else {
+ elem := p.BranchPageElement(uint16(i))
+ elem.SetPos(uint32(uintptr(unsafe.Pointer(&b[0])) - uintptr(unsafe.Pointer(elem))))
+ elem.SetKsize(uint32(len(item.Key())))
+ elem.SetPgid(item.Pgid())
+ Assert(elem.Pgid() != p.Id(), "write: circular dependency occurred")
+ }
+
+ // Write data for the element to the end of the page.
+ l := copy(b, item.Key())
+ copy(b[l:], item.Value())
+ }
+
+ return uint32(off)
+}
+
+func UsedSpaceInPage(inodes Inodes, p *Page) uint32 {
+ off := unsafe.Sizeof(*p) + p.PageElementSize()*uintptr(len(inodes))
+ for _, item := range inodes {
+ sz := len(item.Key()) + len(item.Value())
+ off += uintptr(sz)
+ }
+
+ return uint32(off)
+}
diff --git a/vendor/go.etcd.io/bbolt/internal/common/meta.go b/vendor/go.etcd.io/bbolt/internal/common/meta.go
new file mode 100644
index 0000000000..055388604a
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/common/meta.go
@@ -0,0 +1,161 @@
+package common
+
+import (
+ "fmt"
+ "hash/fnv"
+ "io"
+ "unsafe"
+
+ "go.etcd.io/bbolt/errors"
+)
+
+type Meta struct {
+ magic uint32
+ version uint32
+ pageSize uint32
+ flags uint32
+ root InBucket
+ freelist Pgid
+ pgid Pgid
+ txid Txid
+ checksum uint64
+}
+
+// Validate checks the marker bytes and version of the meta page to ensure it matches this binary.
+func (m *Meta) Validate() error {
+ if m.magic != Magic {
+ return errors.ErrInvalid
+ } else if m.version != Version {
+ return errors.ErrVersionMismatch
+ } else if m.checksum != m.Sum64() {
+ return errors.ErrChecksum
+ }
+ return nil
+}
+
+// Copy copies one meta object to another.
+func (m *Meta) Copy(dest *Meta) {
+ *dest = *m
+}
+
+// Write writes the meta onto a page.
+func (m *Meta) Write(p *Page) {
+ if m.root.root >= m.pgid {
+ panic(fmt.Sprintf("root bucket pgid (%d) above high water mark (%d)", m.root.root, m.pgid))
+ } else if m.freelist >= m.pgid && m.freelist != PgidNoFreelist {
+ // TODO: reject pgidNoFreeList if !NoFreelistSync
+ panic(fmt.Sprintf("freelist pgid (%d) above high water mark (%d)", m.freelist, m.pgid))
+ }
+
+ // Page id is either going to be 0 or 1 which we can determine by the transaction ID.
+ p.id = Pgid(m.txid % 2)
+ p.SetFlags(MetaPageFlag)
+
+ // Calculate the checksum.
+ m.checksum = m.Sum64()
+
+ m.Copy(p.Meta())
+}
+
+// Sum64 generates the checksum for the meta.
+func (m *Meta) Sum64() uint64 {
+ var h = fnv.New64a()
+ _, _ = h.Write((*[unsafe.Offsetof(Meta{}.checksum)]byte)(unsafe.Pointer(m))[:])
+ return h.Sum64()
+}
+
+func (m *Meta) Magic() uint32 {
+ return m.magic
+}
+
+func (m *Meta) SetMagic(v uint32) {
+ m.magic = v
+}
+
+func (m *Meta) Version() uint32 {
+ return m.version
+}
+
+func (m *Meta) SetVersion(v uint32) {
+ m.version = v
+}
+
+func (m *Meta) PageSize() uint32 {
+ return m.pageSize
+}
+
+func (m *Meta) SetPageSize(v uint32) {
+ m.pageSize = v
+}
+
+func (m *Meta) Flags() uint32 {
+ return m.flags
+}
+
+func (m *Meta) SetFlags(v uint32) {
+ m.flags = v
+}
+
+func (m *Meta) SetRootBucket(b InBucket) {
+ m.root = b
+}
+
+func (m *Meta) RootBucket() *InBucket {
+ return &m.root
+}
+
+func (m *Meta) Freelist() Pgid {
+ return m.freelist
+}
+
+func (m *Meta) SetFreelist(v Pgid) {
+ m.freelist = v
+}
+
+func (m *Meta) IsFreelistPersisted() bool {
+ return m.freelist != PgidNoFreelist
+}
+
+func (m *Meta) Pgid() Pgid {
+ return m.pgid
+}
+
+func (m *Meta) SetPgid(id Pgid) {
+ m.pgid = id
+}
+
+func (m *Meta) Txid() Txid {
+ return m.txid
+}
+
+func (m *Meta) SetTxid(id Txid) {
+ m.txid = id
+}
+
+func (m *Meta) IncTxid() {
+ m.txid += 1
+}
+
+func (m *Meta) DecTxid() {
+ m.txid -= 1
+}
+
+func (m *Meta) Checksum() uint64 {
+ return m.checksum
+}
+
+func (m *Meta) SetChecksum(v uint64) {
+ m.checksum = v
+}
+
+func (m *Meta) Print(w io.Writer) {
+ fmt.Fprintf(w, "Version: %d\n", m.version)
+ fmt.Fprintf(w, "Page Size: %d bytes\n", m.pageSize)
+ fmt.Fprintf(w, "Flags: %08x\n", m.flags)
+ fmt.Fprintf(w, "Root: \n", m.root.root)
+ fmt.Fprintf(w, "Freelist: \n", m.freelist)
+ fmt.Fprintf(w, "HWM: \n", m.pgid)
+ fmt.Fprintf(w, "Txn ID: %d\n", m.txid)
+ fmt.Fprintf(w, "Checksum: %016x\n", m.checksum)
+ fmt.Fprintf(w, "\n")
+}
diff --git a/vendor/go.etcd.io/bbolt/internal/common/page.go b/vendor/go.etcd.io/bbolt/internal/common/page.go
new file mode 100644
index 0000000000..ee808967c5
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/common/page.go
@@ -0,0 +1,391 @@
+package common
+
+import (
+ "fmt"
+ "os"
+ "sort"
+ "unsafe"
+)
+
+const PageHeaderSize = unsafe.Sizeof(Page{})
+
+const MinKeysPerPage = 2
+
+const BranchPageElementSize = unsafe.Sizeof(branchPageElement{})
+const LeafPageElementSize = unsafe.Sizeof(leafPageElement{})
+const pgidSize = unsafe.Sizeof(Pgid(0))
+
+const (
+ BranchPageFlag = 0x01
+ LeafPageFlag = 0x02
+ MetaPageFlag = 0x04
+ FreelistPageFlag = 0x10
+)
+
+const (
+ BucketLeafFlag = 0x01
+)
+
+type Pgid uint64
+
+type Page struct {
+ id Pgid
+ flags uint16
+ count uint16
+ overflow uint32
+}
+
+func NewPage(id Pgid, flags, count uint16, overflow uint32) *Page {
+ return &Page{
+ id: id,
+ flags: flags,
+ count: count,
+ overflow: overflow,
+ }
+}
+
+// Typ returns a human-readable page type string used for debugging.
+func (p *Page) Typ() string {
+ if p.IsBranchPage() {
+ return "branch"
+ } else if p.IsLeafPage() {
+ return "leaf"
+ } else if p.IsMetaPage() {
+ return "meta"
+ } else if p.IsFreelistPage() {
+ return "freelist"
+ }
+ return fmt.Sprintf("unknown<%02x>", p.flags)
+}
+
+func (p *Page) IsBranchPage() bool {
+ return p.flags == BranchPageFlag
+}
+
+func (p *Page) IsLeafPage() bool {
+ return p.flags == LeafPageFlag
+}
+
+func (p *Page) IsMetaPage() bool {
+ return p.flags == MetaPageFlag
+}
+
+func (p *Page) IsFreelistPage() bool {
+ return p.flags == FreelistPageFlag
+}
+
+// Meta returns a pointer to the metadata section of the page.
+func (p *Page) Meta() *Meta {
+ return (*Meta)(UnsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p)))
+}
+
+func (p *Page) FastCheck(id Pgid) {
+ Assert(p.id == id, "Page expected to be: %v, but self identifies as %v", id, p.id)
+ // Only one flag of page-type can be set.
+ Assert(p.IsBranchPage() ||
+ p.IsLeafPage() ||
+ p.IsMetaPage() ||
+ p.IsFreelistPage(),
+ "page %v: has unexpected type/flags: %x", p.id, p.flags)
+}
+
+// LeafPageElement retrieves the leaf node by index
+func (p *Page) LeafPageElement(index uint16) *leafPageElement {
+ return (*leafPageElement)(UnsafeIndex(unsafe.Pointer(p), unsafe.Sizeof(*p),
+ LeafPageElementSize, int(index)))
+}
+
+// LeafPageElements retrieves a list of leaf nodes.
+func (p *Page) LeafPageElements() []leafPageElement {
+ if p.count == 0 {
+ return nil
+ }
+ data := UnsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
+ elems := unsafe.Slice((*leafPageElement)(data), int(p.count))
+ return elems
+}
+
+// BranchPageElement retrieves the branch node by index
+func (p *Page) BranchPageElement(index uint16) *branchPageElement {
+ return (*branchPageElement)(UnsafeIndex(unsafe.Pointer(p), unsafe.Sizeof(*p),
+ unsafe.Sizeof(branchPageElement{}), int(index)))
+}
+
+// BranchPageElements retrieves a list of branch nodes.
+func (p *Page) BranchPageElements() []branchPageElement {
+ if p.count == 0 {
+ return nil
+ }
+ data := UnsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
+ elems := unsafe.Slice((*branchPageElement)(data), int(p.count))
+ return elems
+}
+
+func (p *Page) FreelistPageCount() (int, int) {
+ Assert(p.IsFreelistPage(), fmt.Sprintf("can't get freelist page count from a non-freelist page: %2x", p.flags))
+
+ // If the page.count is at the max uint16 value (64k) then it's considered
+ // an overflow and the size of the freelist is stored as the first element.
+ var idx, count = 0, int(p.count)
+ if count == 0xFFFF {
+ idx = 1
+ c := *(*Pgid)(UnsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p)))
+ count = int(c)
+ if count < 0 {
+ panic(fmt.Sprintf("leading element count %d overflows int", c))
+ }
+ }
+
+ return idx, count
+}
+
+func (p *Page) FreelistPageIds() []Pgid {
+ Assert(p.IsFreelistPage(), fmt.Sprintf("can't get freelist page IDs from a non-freelist page: %2x", p.flags))
+
+ idx, count := p.FreelistPageCount()
+
+ if count == 0 {
+ return nil
+ }
+
+ data := UnsafeIndex(unsafe.Pointer(p), unsafe.Sizeof(*p), pgidSize, idx)
+ ids := unsafe.Slice((*Pgid)(data), count)
+
+ return ids
+}
+
+// dump writes n bytes of the page to STDERR as hex output.
+func (p *Page) hexdump(n int) {
+ buf := UnsafeByteSlice(unsafe.Pointer(p), 0, 0, n)
+ fmt.Fprintf(os.Stderr, "%x\n", buf)
+}
+
+func (p *Page) PageElementSize() uintptr {
+ if p.IsLeafPage() {
+ return LeafPageElementSize
+ }
+ return BranchPageElementSize
+}
+
+func (p *Page) Id() Pgid {
+ return p.id
+}
+
+func (p *Page) SetId(target Pgid) {
+ p.id = target
+}
+
+func (p *Page) Flags() uint16 {
+ return p.flags
+}
+
+func (p *Page) SetFlags(v uint16) {
+ p.flags = v
+}
+
+func (p *Page) Count() uint16 {
+ return p.count
+}
+
+func (p *Page) SetCount(target uint16) {
+ p.count = target
+}
+
+func (p *Page) Overflow() uint32 {
+ return p.overflow
+}
+
+func (p *Page) SetOverflow(target uint32) {
+ p.overflow = target
+}
+
+func (p *Page) String() string {
+ return fmt.Sprintf("ID: %d, Type: %s, count: %d, overflow: %d", p.id, p.Typ(), p.count, p.overflow)
+}
+
+type Pages []*Page
+
+func (s Pages) Len() int { return len(s) }
+func (s Pages) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+func (s Pages) Less(i, j int) bool { return s[i].id < s[j].id }
+
+// branchPageElement represents a node on a branch page.
+type branchPageElement struct {
+ pos uint32
+ ksize uint32
+ pgid Pgid
+}
+
+func (n *branchPageElement) Pos() uint32 {
+ return n.pos
+}
+
+func (n *branchPageElement) SetPos(v uint32) {
+ n.pos = v
+}
+
+func (n *branchPageElement) Ksize() uint32 {
+ return n.ksize
+}
+
+func (n *branchPageElement) SetKsize(v uint32) {
+ n.ksize = v
+}
+
+func (n *branchPageElement) Pgid() Pgid {
+ return n.pgid
+}
+
+func (n *branchPageElement) SetPgid(v Pgid) {
+ n.pgid = v
+}
+
+// Key returns a byte slice of the node key.
+func (n *branchPageElement) Key() []byte {
+ return UnsafeByteSlice(unsafe.Pointer(n), 0, int(n.pos), int(n.pos)+int(n.ksize))
+}
+
+// leafPageElement represents a node on a leaf page.
+type leafPageElement struct {
+ flags uint32
+ pos uint32
+ ksize uint32
+ vsize uint32
+}
+
+func NewLeafPageElement(flags, pos, ksize, vsize uint32) *leafPageElement {
+ return &leafPageElement{
+ flags: flags,
+ pos: pos,
+ ksize: ksize,
+ vsize: vsize,
+ }
+}
+
+func (n *leafPageElement) Flags() uint32 {
+ return n.flags
+}
+
+func (n *leafPageElement) SetFlags(v uint32) {
+ n.flags = v
+}
+
+func (n *leafPageElement) Pos() uint32 {
+ return n.pos
+}
+
+func (n *leafPageElement) SetPos(v uint32) {
+ n.pos = v
+}
+
+func (n *leafPageElement) Ksize() uint32 {
+ return n.ksize
+}
+
+func (n *leafPageElement) SetKsize(v uint32) {
+ n.ksize = v
+}
+
+func (n *leafPageElement) Vsize() uint32 {
+ return n.vsize
+}
+
+func (n *leafPageElement) SetVsize(v uint32) {
+ n.vsize = v
+}
+
+// Key returns a byte slice of the node key.
+func (n *leafPageElement) Key() []byte {
+ i := int(n.pos)
+ j := i + int(n.ksize)
+ return UnsafeByteSlice(unsafe.Pointer(n), 0, i, j)
+}
+
+// Value returns a byte slice of the node value.
+func (n *leafPageElement) Value() []byte {
+ i := int(n.pos) + int(n.ksize)
+ j := i + int(n.vsize)
+ return UnsafeByteSlice(unsafe.Pointer(n), 0, i, j)
+}
+
+func (n *leafPageElement) IsBucketEntry() bool {
+ return n.flags&uint32(BucketLeafFlag) != 0
+}
+
+func (n *leafPageElement) Bucket() *InBucket {
+ if n.IsBucketEntry() {
+ return LoadBucket(n.Value())
+ } else {
+ return nil
+ }
+}
+
+// PageInfo represents human readable information about a page.
+type PageInfo struct {
+ ID int
+ Type string
+ Count int
+ OverflowCount int
+}
+
+type Pgids []Pgid
+
+func (s Pgids) Len() int { return len(s) }
+func (s Pgids) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+func (s Pgids) Less(i, j int) bool { return s[i] < s[j] }
+
+// Merge returns the sorted union of a and b.
+func (a Pgids) Merge(b Pgids) Pgids {
+ // Return the opposite slice if one is nil.
+ if len(a) == 0 {
+ return b
+ }
+ if len(b) == 0 {
+ return a
+ }
+ merged := make(Pgids, len(a)+len(b))
+ Mergepgids(merged, a, b)
+ return merged
+}
+
+// Mergepgids copies the sorted union of a and b into dst.
+// If dst is too small, it panics.
+func Mergepgids(dst, a, b Pgids) {
+ if len(dst) < len(a)+len(b) {
+ panic(fmt.Errorf("mergepgids bad len %d < %d + %d", len(dst), len(a), len(b)))
+ }
+ // Copy in the opposite slice if one is nil.
+ if len(a) == 0 {
+ copy(dst, b)
+ return
+ }
+ if len(b) == 0 {
+ copy(dst, a)
+ return
+ }
+
+ // Merged will hold all elements from both lists.
+ merged := dst[:0]
+
+ // Assign lead to the slice with a lower starting value, follow to the higher value.
+ lead, follow := a, b
+ if b[0] < a[0] {
+ lead, follow = b, a
+ }
+
+ // Continue while there are elements in the lead.
+ for len(lead) > 0 {
+ // Merge largest prefix of lead that is ahead of follow[0].
+ n := sort.Search(len(lead), func(i int) bool { return lead[i] > follow[0] })
+ merged = append(merged, lead[:n]...)
+ if n >= len(lead) {
+ break
+ }
+
+ // Swap lead and follow.
+ lead, follow = follow, lead[n:]
+ }
+
+ // Append what's left in follow.
+ _ = append(merged, follow...)
+}
diff --git a/vendor/go.etcd.io/bbolt/internal/common/types.go b/vendor/go.etcd.io/bbolt/internal/common/types.go
new file mode 100644
index 0000000000..8ad8279a09
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/common/types.go
@@ -0,0 +1,40 @@
+package common
+
+import (
+ "os"
+ "runtime"
+ "time"
+)
+
+// MaxMmapStep is the largest step that can be taken when remapping the mmap.
+const MaxMmapStep = 1 << 30 // 1GB
+
+// Version represents the data file format version.
+const Version uint32 = 2
+
+// Magic represents a marker value to indicate that a file is a Bolt DB.
+const Magic uint32 = 0xED0CDAED
+
+const PgidNoFreelist Pgid = 0xffffffffffffffff
+
+// DO NOT EDIT. Copied from the "bolt" package.
+const pageMaxAllocSize = 0xFFFFFFF
+
+// IgnoreNoSync specifies whether the NoSync field of a DB is ignored when
+// syncing changes to a file. This is required as some operating systems,
+// such as OpenBSD, do not have a unified buffer cache (UBC) and writes
+// must be synchronized using the msync(2) syscall.
+const IgnoreNoSync = runtime.GOOS == "openbsd"
+
+// Default values if not set in a DB instance.
+const (
+ DefaultMaxBatchSize int = 1000
+ DefaultMaxBatchDelay = 10 * time.Millisecond
+ DefaultAllocSize = 16 * 1024 * 1024
+)
+
+// DefaultPageSize is the default page size for db which is set to the OS page size.
+var DefaultPageSize = os.Getpagesize()
+
+// Txid represents the internal transaction identifier.
+type Txid uint64
diff --git a/vendor/go.etcd.io/bbolt/unsafe.go b/vendor/go.etcd.io/bbolt/internal/common/unsafe.go
similarity index 74%
rename from vendor/go.etcd.io/bbolt/unsafe.go
rename to vendor/go.etcd.io/bbolt/internal/common/unsafe.go
index 7745d32ce1..9b77dd7b2b 100644
--- a/vendor/go.etcd.io/bbolt/unsafe.go
+++ b/vendor/go.etcd.io/bbolt/internal/common/unsafe.go
@@ -1,18 +1,18 @@
-package bbolt
+package common
import (
"unsafe"
)
-func unsafeAdd(base unsafe.Pointer, offset uintptr) unsafe.Pointer {
+func UnsafeAdd(base unsafe.Pointer, offset uintptr) unsafe.Pointer {
return unsafe.Pointer(uintptr(base) + offset)
}
-func unsafeIndex(base unsafe.Pointer, offset uintptr, elemsz uintptr, n int) unsafe.Pointer {
+func UnsafeIndex(base unsafe.Pointer, offset uintptr, elemsz uintptr, n int) unsafe.Pointer {
return unsafe.Pointer(uintptr(base) + offset + uintptr(n)*elemsz)
}
-func unsafeByteSlice(base unsafe.Pointer, offset uintptr, i, j int) []byte {
+func UnsafeByteSlice(base unsafe.Pointer, offset uintptr, i, j int) []byte {
// See: https://github.com/golang/go/wiki/cgo#turning-c-arrays-into-go-slices
//
// This memory is not allocated from C, but it is unmanaged by Go's
@@ -23,5 +23,5 @@ func unsafeByteSlice(base unsafe.Pointer, offset uintptr, i, j int) []byte {
// index 0. However, the wiki never says that the address must be to
// the beginning of a C allocation (or even that malloc was used at
// all), so this is believed to be correct.
- return (*[maxAllocSize]byte)(unsafeAdd(base, offset))[i:j:j]
+ return (*[pageMaxAllocSize]byte)(UnsafeAdd(base, offset))[i:j:j]
}
diff --git a/vendor/go.etcd.io/bbolt/internal/common/utils.go b/vendor/go.etcd.io/bbolt/internal/common/utils.go
new file mode 100644
index 0000000000..bdf82a7b00
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/common/utils.go
@@ -0,0 +1,64 @@
+package common
+
+import (
+ "fmt"
+ "io"
+ "os"
+ "unsafe"
+)
+
+func LoadBucket(buf []byte) *InBucket {
+ return (*InBucket)(unsafe.Pointer(&buf[0]))
+}
+
+func LoadPage(buf []byte) *Page {
+ return (*Page)(unsafe.Pointer(&buf[0]))
+}
+
+func LoadPageMeta(buf []byte) *Meta {
+ return (*Meta)(unsafe.Pointer(&buf[PageHeaderSize]))
+}
+
+func CopyFile(srcPath, dstPath string) error {
+ // Ensure source file exists.
+ _, err := os.Stat(srcPath)
+ if os.IsNotExist(err) {
+ return fmt.Errorf("source file %q not found", srcPath)
+ } else if err != nil {
+ return err
+ }
+
+ // Ensure output file not exist.
+ _, err = os.Stat(dstPath)
+ if err == nil {
+ return fmt.Errorf("output file %q already exists", dstPath)
+ } else if !os.IsNotExist(err) {
+ return err
+ }
+
+ srcDB, err := os.Open(srcPath)
+ if err != nil {
+ return fmt.Errorf("failed to open source file %q: %w", srcPath, err)
+ }
+ defer srcDB.Close()
+ dstDB, err := os.Create(dstPath)
+ if err != nil {
+ return fmt.Errorf("failed to create output file %q: %w", dstPath, err)
+ }
+ defer dstDB.Close()
+ written, err := io.Copy(dstDB, srcDB)
+ if err != nil {
+ return fmt.Errorf("failed to copy database file from %q to %q: %w", srcPath, dstPath, err)
+ }
+
+ srcFi, err := srcDB.Stat()
+ if err != nil {
+ return fmt.Errorf("failed to get source file info %q: %w", srcPath, err)
+ }
+ initialSize := srcFi.Size()
+ if initialSize != written {
+ return fmt.Errorf("the byte copied (%q: %d) isn't equal to the initial db size (%q: %d)", dstPath, written, srcPath, initialSize)
+ }
+
+ return nil
+}
diff --git a/vendor/go.etcd.io/bbolt/internal/common/verify.go b/vendor/go.etcd.io/bbolt/internal/common/verify.go
new file mode 100644
index 0000000000..eac95e2630
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/common/verify.go
@@ -0,0 +1,67 @@
+// Copied from https://github.com/etcd-io/etcd/blob/main/client/pkg/verify/verify.go
+package common
+
+import (
+ "fmt"
+ "os"
+ "strings"
+)
+
+const ENV_VERIFY = "BBOLT_VERIFY"
+
+type VerificationType string
+
+const (
+ ENV_VERIFY_VALUE_ALL VerificationType = "all"
+ ENV_VERIFY_VALUE_ASSERT VerificationType = "assert"
+)
+
+func getEnvVerify() string {
+ return strings.ToLower(os.Getenv(ENV_VERIFY))
+}
+
+func IsVerificationEnabled(verification VerificationType) bool {
+ env := getEnvVerify()
+ return env == string(ENV_VERIFY_VALUE_ALL) || env == strings.ToLower(string(verification))
+}
+
+// EnableVerifications sets `ENV_VERIFY` and returns a function that
+// can be used to bring the original settings.
+func EnableVerifications(verification VerificationType) func() {
+ previousEnv := getEnvVerify()
+ os.Setenv(ENV_VERIFY, string(verification))
+ return func() {
+ os.Setenv(ENV_VERIFY, previousEnv)
+ }
+}
+
+// EnableAllVerifications enables verification and returns a function
+// that can be used to bring the original settings.
+func EnableAllVerifications() func() {
+ return EnableVerifications(ENV_VERIFY_VALUE_ALL)
+}
+
+// DisableVerifications unsets `ENV_VERIFY` and returns a function that
+// can be used to bring the original settings.
+func DisableVerifications() func() {
+ previousEnv := getEnvVerify()
+ os.Unsetenv(ENV_VERIFY)
+ return func() {
+ os.Setenv(ENV_VERIFY, previousEnv)
+ }
+}
+
+// Verify performs verification if the assertions are enabled.
+// In the default setup running in tests and skipped in the production code.
+func Verify(f func()) {
+ if IsVerificationEnabled(ENV_VERIFY_VALUE_ASSERT) {
+ f()
+ }
+}
+
+// Assert will panic with a given formatted message if the given condition is false.
+func Assert(condition bool, msg string, v ...any) {
+ if !condition {
+ panic(fmt.Sprintf("assertion failed: "+msg, v...))
+ }
+}
diff --git a/vendor/go.etcd.io/bbolt/internal/freelist/array.go b/vendor/go.etcd.io/bbolt/internal/freelist/array.go
new file mode 100644
index 0000000000..0cc1ba7150
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/freelist/array.go
@@ -0,0 +1,108 @@
+package freelist
+
+import (
+ "fmt"
+ "sort"
+
+ "go.etcd.io/bbolt/internal/common"
+)
+
+type array struct {
+ *shared
+
+ ids []common.Pgid // all free and available free page ids.
+}
+
+func (f *array) Init(ids common.Pgids) {
+ f.ids = ids
+ f.reindex()
+}
+
+func (f *array) Allocate(txid common.Txid, n int) common.Pgid {
+ if len(f.ids) == 0 {
+ return 0
+ }
+
+ var initial, previd common.Pgid
+ for i, id := range f.ids {
+ if id <= 1 {
+ panic(fmt.Sprintf("invalid page allocation: %d", id))
+ }
+
+ // Reset initial page if this is not contiguous.
+ if previd == 0 || id-previd != 1 {
+ initial = id
+ }
+
+ // If we found a contiguous block then remove it and return it.
+ if (id-initial)+1 == common.Pgid(n) {
+ // If we're allocating off the beginning then take the fast path
+ // and just adjust the existing slice. This will use extra memory
+ // temporarily but the append() in free() will realloc the slice
+ // as is necessary.
+ if (i + 1) == n {
+ f.ids = f.ids[i+1:]
+ } else {
+ copy(f.ids[i-n+1:], f.ids[i+1:])
+ f.ids = f.ids[:len(f.ids)-n]
+ }
+
+ // Remove from the free cache.
+ for i := common.Pgid(0); i < common.Pgid(n); i++ {
+ delete(f.cache, initial+i)
+ }
+ f.allocs[initial] = txid
+ return initial
+ }
+
+ previd = id
+ }
+ return 0
+}
+
+func (f *array) FreeCount() int {
+ return len(f.ids)
+}
+
+func (f *array) freePageIds() common.Pgids {
+ return f.ids
+}
+
+func (f *array) mergeSpans(ids common.Pgids) {
+ sort.Sort(ids)
+ common.Verify(func() {
+ idsIdx := make(map[common.Pgid]struct{})
+ for _, id := range f.ids {
+ // The existing f.ids shouldn't have duplicated free ID.
+ if _, ok := idsIdx[id]; ok {
+ panic(fmt.Sprintf("detected duplicated free page ID: %d in existing f.ids: %v", id, f.ids))
+ }
+ idsIdx[id] = struct{}{}
+ }
+
+ prev := common.Pgid(0)
+ for _, id := range ids {
+ // The ids shouldn't have duplicated free ID. Note page 0 and 1
+ // are reserved for meta pages, so they can never be free page IDs.
+ if prev == id {
+ panic(fmt.Sprintf("detected duplicated free ID: %d in ids: %v", id, ids))
+ }
+ prev = id
+
+ // The ids shouldn't have any overlap with the existing f.ids.
+ if _, ok := idsIdx[id]; ok {
+ panic(fmt.Sprintf("detected overlapped free page ID: %d between ids: %v and existing f.ids: %v", id, ids, f.ids))
+ }
+ }
+ })
+ f.ids = common.Pgids(f.ids).Merge(ids)
+}
+
+func NewArrayFreelist() Interface {
+ a := &array{
+ shared: newShared(),
+ ids: []common.Pgid{},
+ }
+ a.Interface = a
+ return a
+}
diff --git a/vendor/go.etcd.io/bbolt/internal/freelist/freelist.go b/vendor/go.etcd.io/bbolt/internal/freelist/freelist.go
new file mode 100644
index 0000000000..2b819506bd
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/freelist/freelist.go
@@ -0,0 +1,82 @@
+package freelist
+
+import (
+ "go.etcd.io/bbolt/internal/common"
+)
+
+type ReadWriter interface {
+ // Read calls Init with the page ids stored in the given page.
+ Read(page *common.Page)
+
+ // Write writes the freelist into the given page.
+ Write(page *common.Page)
+
+ // EstimatedWritePageSize returns the size in bytes of the freelist after serialization in Write.
+ // This should never underestimate the size.
+ EstimatedWritePageSize() int
+}
+
+type Interface interface {
+ ReadWriter
+
+ // Init initializes this freelist with the given list of pages.
+ Init(ids common.Pgids)
+
+ // Allocate tries to allocate the given number of contiguous pages
+ // from the free list pages. It returns the starting page ID if
+ // available; otherwise, it returns 0.
+ Allocate(txid common.Txid, numPages int) common.Pgid
+
+ // Count returns the number of free and pending pages.
+ Count() int
+
+ // FreeCount returns the number of free pages.
+ FreeCount() int
+
+ // PendingCount returns the number of pending pages.
+ PendingCount() int
+
+ // AddReadonlyTXID adds a given read-only transaction id for pending page tracking.
+ AddReadonlyTXID(txid common.Txid)
+
+ // RemoveReadonlyTXID removes a given read-only transaction id for pending page tracking.
+ RemoveReadonlyTXID(txid common.Txid)
+
+ // ReleasePendingPages releases any pages associated with closed read-only transactions.
+ ReleasePendingPages()
+
+ // Free releases a page and its overflow for a given transaction id.
+ // If the page is already free or is one of the meta pages, then a panic will occur.
+ Free(txId common.Txid, p *common.Page)
+
+ // Freed returns whether a given page is in the free list.
+ Freed(pgId common.Pgid) bool
+
+ // Rollback removes the pages from a given pending tx.
+ Rollback(txId common.Txid)
+
+ // Copyall copies a list of all free ids and all pending ids in one sorted list.
+ // f.count returns the minimum length required for dst.
+ Copyall(dst []common.Pgid)
+
+ // Reload reads the freelist from a page and filters out pending items.
+ Reload(p *common.Page)
+
+ // NoSyncReload reads the freelist from Pgids and filters out pending items.
+ NoSyncReload(pgIds common.Pgids)
+
+ // freePageIds returns the IDs of all free pages. Returns an empty slice if no free pages are available.
+ freePageIds() common.Pgids
+
+ // pendingPageIds returns all pending pages by transaction id.
+ pendingPageIds() map[common.Txid]*txPending
+
+ // release moves all page ids for a transaction id (or older) to the freelist.
+ release(txId common.Txid)
+
+ // releaseRange moves pending pages allocated within an extent [begin,end] to the free list.
+ releaseRange(begin, end common.Txid)
+
+ // mergeSpans is merging the given pages into the freelist
+ mergeSpans(ids common.Pgids)
+}
diff --git a/vendor/go.etcd.io/bbolt/internal/freelist/hashmap.go b/vendor/go.etcd.io/bbolt/internal/freelist/hashmap.go
new file mode 100644
index 0000000000..8d471f4b5b
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/freelist/hashmap.go
@@ -0,0 +1,292 @@
+package freelist
+
+import (
+ "fmt"
+ "reflect"
+ "sort"
+
+ "go.etcd.io/bbolt/internal/common"
+)
+
+// pidSet holds the set of starting pgids which have the same span size
+type pidSet map[common.Pgid]struct{}
+
+type hashMap struct {
+ *shared
+
+ freePagesCount uint64 // count of free pages(hashmap version)
+ freemaps map[uint64]pidSet // key is the size of continuous pages(span), value is a set which contains the starting pgids of same size
+ forwardMap map[common.Pgid]uint64 // key is start pgid, value is its span size
+ backwardMap map[common.Pgid]uint64 // key is end pgid, value is its span size
+}
+
+func (f *hashMap) Init(pgids common.Pgids) {
+ // reset the counter when freelist init
+ f.freePagesCount = 0
+ f.freemaps = make(map[uint64]pidSet)
+ f.forwardMap = make(map[common.Pgid]uint64)
+ f.backwardMap = make(map[common.Pgid]uint64)
+
+ if len(pgids) == 0 {
+ return
+ }
+
+ if !sort.SliceIsSorted([]common.Pgid(pgids), func(i, j int) bool { return pgids[i] < pgids[j] }) {
+ panic("pgids not sorted")
+ }
+
+ size := uint64(1)
+ start := pgids[0]
+
+ for i := 1; i < len(pgids); i++ {
+ // continuous page
+ if pgids[i] == pgids[i-1]+1 {
+ size++
+ } else {
+ f.addSpan(start, size)
+
+ size = 1
+ start = pgids[i]
+ }
+ }
+
+ // init the tail
+ if size != 0 && start != 0 {
+ f.addSpan(start, size)
+ }
+
+ f.reindex()
+}
+
+func (f *hashMap) Allocate(txid common.Txid, n int) common.Pgid {
+ if n == 0 {
+ return 0
+ }
+
+ // if we have a exact size match just return short path
+ if bm, ok := f.freemaps[uint64(n)]; ok {
+ for pid := range bm {
+ // remove the span
+ f.delSpan(pid, uint64(n))
+
+ f.allocs[pid] = txid
+
+ for i := common.Pgid(0); i < common.Pgid(n); i++ {
+ delete(f.cache, pid+i)
+ }
+ return pid
+ }
+ }
+
+ // lookup the map to find larger span
+ for size, bm := range f.freemaps {
+ if size < uint64(n) {
+ continue
+ }
+
+ for pid := range bm {
+ // remove the initial
+ f.delSpan(pid, size)
+
+ f.allocs[pid] = txid
+
+ remain := size - uint64(n)
+
+ // add remain span
+ f.addSpan(pid+common.Pgid(n), remain)
+
+ for i := common.Pgid(0); i < common.Pgid(n); i++ {
+ delete(f.cache, pid+i)
+ }
+ return pid
+ }
+ }
+
+ return 0
+}
+
+func (f *hashMap) FreeCount() int {
+ common.Verify(func() {
+ expectedFreePageCount := f.hashmapFreeCountSlow()
+ common.Assert(int(f.freePagesCount) == expectedFreePageCount,
+ "freePagesCount (%d) is out of sync with free pages map (%d)", f.freePagesCount, expectedFreePageCount)
+ })
+ return int(f.freePagesCount)
+}
+
+func (f *hashMap) freePageIds() common.Pgids {
+ count := f.FreeCount()
+ if count == 0 {
+ return common.Pgids{}
+ }
+
+ m := make([]common.Pgid, 0, count)
+
+ startPageIds := make([]common.Pgid, 0, len(f.forwardMap))
+ for k := range f.forwardMap {
+ startPageIds = append(startPageIds, k)
+ }
+ sort.Sort(common.Pgids(startPageIds))
+
+ for _, start := range startPageIds {
+ if size, ok := f.forwardMap[start]; ok {
+ for i := 0; i < int(size); i++ {
+ m = append(m, start+common.Pgid(i))
+ }
+ }
+ }
+
+ return m
+}
+
+func (f *hashMap) hashmapFreeCountSlow() int {
+ count := 0
+ for _, size := range f.forwardMap {
+ count += int(size)
+ }
+ return count
+}
+
+func (f *hashMap) addSpan(start common.Pgid, size uint64) {
+ f.backwardMap[start-1+common.Pgid(size)] = size
+ f.forwardMap[start] = size
+ if _, ok := f.freemaps[size]; !ok {
+ f.freemaps[size] = make(map[common.Pgid]struct{})
+ }
+
+ f.freemaps[size][start] = struct{}{}
+ f.freePagesCount += size
+}
+
+func (f *hashMap) delSpan(start common.Pgid, size uint64) {
+ delete(f.forwardMap, start)
+ delete(f.backwardMap, start+common.Pgid(size-1))
+ delete(f.freemaps[size], start)
+ if len(f.freemaps[size]) == 0 {
+ delete(f.freemaps, size)
+ }
+ f.freePagesCount -= size
+}
+
+func (f *hashMap) mergeSpans(ids common.Pgids) {
+ common.Verify(func() {
+ ids1Freemap := f.idsFromFreemaps()
+ ids2Forward := f.idsFromForwardMap()
+ ids3Backward := f.idsFromBackwardMap()
+
+ if !reflect.DeepEqual(ids1Freemap, ids2Forward) {
+ panic(fmt.Sprintf("Detected mismatch, f.freemaps: %v, f.forwardMap: %v", f.freemaps, f.forwardMap))
+ }
+ if !reflect.DeepEqual(ids1Freemap, ids3Backward) {
+ panic(fmt.Sprintf("Detected mismatch, f.freemaps: %v, f.backwardMap: %v", f.freemaps, f.backwardMap))
+ }
+
+ sort.Sort(ids)
+ prev := common.Pgid(0)
+ for _, id := range ids {
+ // The ids shouldn't have duplicated free ID.
+ if prev == id {
+ panic(fmt.Sprintf("detected duplicated free ID: %d in ids: %v", id, ids))
+ }
+ prev = id
+
+ // The ids shouldn't have any overlap with the existing f.freemaps.
+ if _, ok := ids1Freemap[id]; ok {
+ panic(fmt.Sprintf("detected overlapped free page ID: %d between ids: %v and existing f.freemaps: %v", id, ids, f.freemaps))
+ }
+ }
+ })
+ for _, id := range ids {
+ // try to see if we can merge and update
+ f.mergeWithExistingSpan(id)
+ }
+}
+
+// mergeWithExistingSpan merges pid to the existing free spans, try to merge it backward and forward
+func (f *hashMap) mergeWithExistingSpan(pid common.Pgid) {
+ prev := pid - 1
+ next := pid + 1
+
+ preSize, mergeWithPrev := f.backwardMap[prev]
+ nextSize, mergeWithNext := f.forwardMap[next]
+ newStart := pid
+ newSize := uint64(1)
+
+ if mergeWithPrev {
+ //merge with previous span
+ start := prev + 1 - common.Pgid(preSize)
+ f.delSpan(start, preSize)
+
+ newStart -= common.Pgid(preSize)
+ newSize += preSize
+ }
+
+ if mergeWithNext {
+ // merge with next span
+ f.delSpan(next, nextSize)
+ newSize += nextSize
+ }
+
+ f.addSpan(newStart, newSize)
+}
+
+// idsFromFreemaps get all free page IDs from f.freemaps.
+// used by test only.
+func (f *hashMap) idsFromFreemaps() map[common.Pgid]struct{} {
+ ids := make(map[common.Pgid]struct{})
+ for size, idSet := range f.freemaps {
+ for start := range idSet {
+ for i := 0; i < int(size); i++ {
+ id := start + common.Pgid(i)
+ if _, ok := ids[id]; ok {
+ panic(fmt.Sprintf("detected duplicated free page ID: %d in f.freemaps: %v", id, f.freemaps))
+ }
+ ids[id] = struct{}{}
+ }
+ }
+ }
+ return ids
+}
+
+// idsFromForwardMap get all free page IDs from f.forwardMap.
+// used by test only.
+func (f *hashMap) idsFromForwardMap() map[common.Pgid]struct{} {
+ ids := make(map[common.Pgid]struct{})
+ for start, size := range f.forwardMap {
+ for i := 0; i < int(size); i++ {
+ id := start + common.Pgid(i)
+ if _, ok := ids[id]; ok {
+ panic(fmt.Sprintf("detected duplicated free page ID: %d in f.forwardMap: %v", id, f.forwardMap))
+ }
+ ids[id] = struct{}{}
+ }
+ }
+ return ids
+}
+
+// idsFromBackwardMap get all free page IDs from f.backwardMap.
+// used by test only.
+func (f *hashMap) idsFromBackwardMap() map[common.Pgid]struct{} {
+ ids := make(map[common.Pgid]struct{})
+ for end, size := range f.backwardMap {
+ for i := 0; i < int(size); i++ {
+ id := end - common.Pgid(i)
+ if _, ok := ids[id]; ok {
+ panic(fmt.Sprintf("detected duplicated free page ID: %d in f.backwardMap: %v", id, f.backwardMap))
+ }
+ ids[id] = struct{}{}
+ }
+ }
+ return ids
+}
+
+func NewHashMapFreelist() Interface {
+ hm := &hashMap{
+ shared: newShared(),
+ freemaps: make(map[uint64]pidSet),
+ forwardMap: make(map[common.Pgid]uint64),
+ backwardMap: make(map[common.Pgid]uint64),
+ }
+ hm.Interface = hm
+ return hm
+}
diff --git a/vendor/go.etcd.io/bbolt/internal/freelist/shared.go b/vendor/go.etcd.io/bbolt/internal/freelist/shared.go
new file mode 100644
index 0000000000..f2d1130083
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/internal/freelist/shared.go
@@ -0,0 +1,310 @@
+package freelist
+
+import (
+ "fmt"
+ "math"
+ "sort"
+ "unsafe"
+
+ "go.etcd.io/bbolt/internal/common"
+)
+
+type txPending struct {
+ ids []common.Pgid
+ alloctx []common.Txid // txids allocating the ids
+ lastReleaseBegin common.Txid // beginning txid of last matching releaseRange
+}
+
+type shared struct {
+ Interface
+
+ readonlyTXIDs []common.Txid // all readonly transaction IDs.
+ allocs map[common.Pgid]common.Txid // mapping of Txid that allocated a pgid.
+ cache map[common.Pgid]struct{} // fast lookup of all free and pending page ids.
+ pending map[common.Txid]*txPending // mapping of soon-to-be free page ids by tx.
+}
+
+func newShared() *shared {
+ return &shared{
+ pending: make(map[common.Txid]*txPending),
+ allocs: make(map[common.Pgid]common.Txid),
+ cache: make(map[common.Pgid]struct{}),
+ }
+}
+
+func (t *shared) pendingPageIds() map[common.Txid]*txPending {
+ return t.pending
+}
+
+func (t *shared) PendingCount() int {
+ var count int
+ for _, txp := range t.pending {
+ count += len(txp.ids)
+ }
+ return count
+}
+
+func (t *shared) Count() int {
+ return t.FreeCount() + t.PendingCount()
+}
+
+func (t *shared) Freed(pgId common.Pgid) bool {
+ _, ok := t.cache[pgId]
+ return ok
+}
+
+func (t *shared) Free(txid common.Txid, p *common.Page) {
+ if p.Id() <= 1 {
+ panic(fmt.Sprintf("cannot free page 0 or 1: %d", p.Id()))
+ }
+
+ // Free page and all its overflow pages.
+ txp := t.pending[txid]
+ if txp == nil {
+ txp = &txPending{}
+ t.pending[txid] = txp
+ }
+ allocTxid, ok := t.allocs[p.Id()]
+ common.Verify(func() {
+ if allocTxid == txid {
+ panic(fmt.Sprintf("free: freed page (%d) was allocated by the same transaction (%d)", p.Id(), txid))
+ }
+ })
+ if ok {
+ delete(t.allocs, p.Id())
+ }
+
+ for id := p.Id(); id <= p.Id()+common.Pgid(p.Overflow()); id++ {
+ // Verify that page is not already free.
+ if _, ok := t.cache[id]; ok {
+ panic(fmt.Sprintf("page %d already freed", id))
+ }
+ // Add to the freelist and cache.
+ txp.ids = append(txp.ids, id)
+ txp.alloctx = append(txp.alloctx, allocTxid)
+ t.cache[id] = struct{}{}
+ }
+}
+
+func (t *shared) Rollback(txid common.Txid) {
+ // Remove page ids from cache.
+ txp := t.pending[txid]
+ if txp == nil {
+ return
+ }
+ for i, pgid := range txp.ids {
+ delete(t.cache, pgid)
+ tx := txp.alloctx[i]
+ if tx == 0 {
+ continue
+ }
+ if tx != txid {
+ // Pending free aborted; restore page back to alloc list.
+ t.allocs[pgid] = tx
+ } else {
+ // A writing TXN should never free a page which was allocated by itself.
+ panic(fmt.Sprintf("rollback: freed page (%d) was allocated by the same transaction (%d)", pgid, txid))
+ }
+ }
+ // Remove pages from pending list and mark as free if allocated by txid.
+ delete(t.pending, txid)
+
+ // Remove pgids which are allocated by this txid
+ for pgid, tid := range t.allocs {
+ if tid == txid {
+ delete(t.allocs, pgid)
+ }
+ }
+}
+
+func (t *shared) AddReadonlyTXID(tid common.Txid) {
+ t.readonlyTXIDs = append(t.readonlyTXIDs, tid)
+}
+
+func (t *shared) RemoveReadonlyTXID(tid common.Txid) {
+ for i := range t.readonlyTXIDs {
+ if t.readonlyTXIDs[i] == tid {
+ last := len(t.readonlyTXIDs) - 1
+ t.readonlyTXIDs[i] = t.readonlyTXIDs[last]
+ t.readonlyTXIDs = t.readonlyTXIDs[:last]
+ break
+ }
+ }
+}
+
+type txIDx []common.Txid
+
+func (t txIDx) Len() int { return len(t) }
+func (t txIDx) Swap(i, j int) { t[i], t[j] = t[j], t[i] }
+func (t txIDx) Less(i, j int) bool { return t[i] < t[j] }
+
+func (t *shared) ReleasePendingPages() {
+ // Free all pending pages prior to the earliest open transaction.
+ sort.Sort(txIDx(t.readonlyTXIDs))
+ minid := common.Txid(math.MaxUint64)
+ if len(t.readonlyTXIDs) > 0 {
+ minid = t.readonlyTXIDs[0]
+ }
+ if minid > 0 {
+ t.release(minid - 1)
+ }
+ // Release unused txid extents.
+ for _, tid := range t.readonlyTXIDs {
+ t.releaseRange(minid, tid-1)
+ minid = tid + 1
+ }
+ t.releaseRange(minid, common.Txid(math.MaxUint64))
+ // Any page both allocated and freed in an extent is safe to release.
+}
+
+func (t *shared) release(txid common.Txid) {
+ m := make(common.Pgids, 0)
+ for tid, txp := range t.pending {
+ if tid <= txid {
+ // Move transaction's pending pages to the available freelist.
+ // Don't remove from the cache since the page is still free.
+ m = append(m, txp.ids...)
+ delete(t.pending, tid)
+ }
+ }
+ t.mergeSpans(m)
+}
+
+func (t *shared) releaseRange(begin, end common.Txid) {
+ if begin > end {
+ return
+ }
+ m := common.Pgids{}
+ for tid, txp := range t.pending {
+ if tid < begin || tid > end {
+ continue
+ }
+ // Don't recompute freed pages if ranges haven't updated.
+ if txp.lastReleaseBegin == begin {
+ continue
+ }
+ for i := 0; i < len(txp.ids); i++ {
+ if atx := txp.alloctx[i]; atx < begin || atx > end {
+ continue
+ }
+ m = append(m, txp.ids[i])
+ txp.ids[i] = txp.ids[len(txp.ids)-1]
+ txp.ids = txp.ids[:len(txp.ids)-1]
+ txp.alloctx[i] = txp.alloctx[len(txp.alloctx)-1]
+ txp.alloctx = txp.alloctx[:len(txp.alloctx)-1]
+ i--
+ }
+ txp.lastReleaseBegin = begin
+ if len(txp.ids) == 0 {
+ delete(t.pending, tid)
+ }
+ }
+ t.mergeSpans(m)
+}
+
+// Copyall copies a list of all free ids and all pending ids in one sorted list.
+// f.count returns the minimum length required for dst.
+func (t *shared) Copyall(dst []common.Pgid) {
+ m := make(common.Pgids, 0, t.PendingCount())
+ for _, txp := range t.pendingPageIds() {
+ m = append(m, txp.ids...)
+ }
+ sort.Sort(m)
+ common.Mergepgids(dst, t.freePageIds(), m)
+}
+
+func (t *shared) Reload(p *common.Page) {
+ t.Read(p)
+ t.NoSyncReload(t.freePageIds())
+}
+
+func (t *shared) NoSyncReload(pgIds common.Pgids) {
+ // Build a cache of only pending pages.
+ pcache := make(map[common.Pgid]bool)
+ for _, txp := range t.pending {
+ for _, pendingID := range txp.ids {
+ pcache[pendingID] = true
+ }
+ }
+
+ // Check each page in the freelist and build a new available freelist
+ // with any pages not in the pending lists.
+ a := []common.Pgid{}
+ for _, id := range pgIds {
+ if !pcache[id] {
+ a = append(a, id)
+ }
+ }
+
+ t.Init(a)
+}
+
+// reindex rebuilds the free cache based on available and pending free lists.
+func (t *shared) reindex() {
+ free := t.freePageIds()
+ pending := t.pendingPageIds()
+ t.cache = make(map[common.Pgid]struct{}, len(free))
+ for _, id := range free {
+ t.cache[id] = struct{}{}
+ }
+ for _, txp := range pending {
+ for _, pendingID := range txp.ids {
+ t.cache[pendingID] = struct{}{}
+ }
+ }
+}
+
+func (t *shared) Read(p *common.Page) {
+ if !p.IsFreelistPage() {
+ panic(fmt.Sprintf("invalid freelist page: %d, page type is %s", p.Id(), p.Typ()))
+ }
+
+ ids := p.FreelistPageIds()
+
+ // Copy the list of page ids from the freelist.
+ if len(ids) == 0 {
+ t.Init([]common.Pgid{})
+ } else {
+ // copy the ids, so we don't modify on the freelist page directly
+ idsCopy := make([]common.Pgid, len(ids))
+ copy(idsCopy, ids)
+ // Make sure they're sorted.
+ sort.Sort(common.Pgids(idsCopy))
+
+ t.Init(idsCopy)
+ }
+}
+
+func (t *shared) EstimatedWritePageSize() int {
+ n := t.Count()
+ if n >= 0xFFFF {
+ // The first element will be used to store the count. See freelist.write.
+ n++
+ }
+ return int(common.PageHeaderSize) + (int(unsafe.Sizeof(common.Pgid(0))) * n)
+}
+
+func (t *shared) Write(p *common.Page) {
+ // Combine the old free pgids and pgids waiting on an open transaction.
+
+ // Update the header flag.
+ p.SetFlags(common.FreelistPageFlag)
+
+ // The page.count can only hold up to 64k elements so if we overflow that
+ // number then we handle it by putting the size in the first element.
+ l := t.Count()
+ if l == 0 {
+ p.SetCount(uint16(l))
+ } else if l < 0xFFFF {
+ p.SetCount(uint16(l))
+ data := common.UnsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
+ ids := unsafe.Slice((*common.Pgid)(data), l)
+ t.Copyall(ids)
+ } else {
+ p.SetCount(0xFFFF)
+ data := common.UnsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
+ ids := unsafe.Slice((*common.Pgid)(data), l+1)
+ ids[0] = common.Pgid(l)
+ t.Copyall(ids[1:])
+ }
+}
diff --git a/vendor/go.etcd.io/bbolt/logger.go b/vendor/go.etcd.io/bbolt/logger.go
new file mode 100644
index 0000000000..fb250894a2
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/logger.go
@@ -0,0 +1,113 @@
+package bbolt
+
+// See https://github.com/etcd-io/raft/blob/main/logger.go
+import (
+ "fmt"
+ "io"
+ "log"
+ "os"
+)
+
+type Logger interface {
+ Debug(v ...interface{})
+ Debugf(format string, v ...interface{})
+
+ Error(v ...interface{})
+ Errorf(format string, v ...interface{})
+
+ Info(v ...interface{})
+ Infof(format string, v ...interface{})
+
+ Warning(v ...interface{})
+ Warningf(format string, v ...interface{})
+
+ Fatal(v ...interface{})
+ Fatalf(format string, v ...interface{})
+
+ Panic(v ...interface{})
+ Panicf(format string, v ...interface{})
+}
+
+func getDiscardLogger() Logger {
+ return discardLogger
+}
+
+var (
+ discardLogger = &DefaultLogger{Logger: log.New(io.Discard, "", 0)}
+)
+
+const (
+ calldepth = 2
+)
+
+// DefaultLogger is a default implementation of the Logger interface.
+type DefaultLogger struct {
+ *log.Logger
+ debug bool
+}
+
+func (l *DefaultLogger) EnableTimestamps() {
+ l.SetFlags(l.Flags() | log.Ldate | log.Ltime)
+}
+
+func (l *DefaultLogger) EnableDebug() {
+ l.debug = true
+}
+
+func (l *DefaultLogger) Debug(v ...interface{}) {
+ if l.debug {
+ _ = l.Output(calldepth, header("DEBUG", fmt.Sprint(v...)))
+ }
+}
+
+func (l *DefaultLogger) Debugf(format string, v ...interface{}) {
+ if l.debug {
+ _ = l.Output(calldepth, header("DEBUG", fmt.Sprintf(format, v...)))
+ }
+}
+
+func (l *DefaultLogger) Info(v ...interface{}) {
+ _ = l.Output(calldepth, header("INFO", fmt.Sprint(v...)))
+}
+
+func (l *DefaultLogger) Infof(format string, v ...interface{}) {
+ _ = l.Output(calldepth, header("INFO", fmt.Sprintf(format, v...)))
+}
+
+func (l *DefaultLogger) Error(v ...interface{}) {
+ _ = l.Output(calldepth, header("ERROR", fmt.Sprint(v...)))
+}
+
+func (l *DefaultLogger) Errorf(format string, v ...interface{}) {
+ _ = l.Output(calldepth, header("ERROR", fmt.Sprintf(format, v...)))
+}
+
+func (l *DefaultLogger) Warning(v ...interface{}) {
+ _ = l.Output(calldepth, header("WARN", fmt.Sprint(v...)))
+}
+
+func (l *DefaultLogger) Warningf(format string, v ...interface{}) {
+ _ = l.Output(calldepth, header("WARN", fmt.Sprintf(format, v...)))
+}
+
+func (l *DefaultLogger) Fatal(v ...interface{}) {
+ _ = l.Output(calldepth, header("FATAL", fmt.Sprint(v...)))
+ os.Exit(1)
+}
+
+func (l *DefaultLogger) Fatalf(format string, v ...interface{}) {
+ _ = l.Output(calldepth, header("FATAL", fmt.Sprintf(format, v...)))
+ os.Exit(1)
+}
+
+func (l *DefaultLogger) Panic(v ...interface{}) {
+ l.Logger.Panic(v...)
+}
+
+func (l *DefaultLogger) Panicf(format string, v ...interface{}) {
+ l.Logger.Panicf(format, v...)
+}
+
+func header(lvl, msg string) string {
+ return fmt.Sprintf("%s: %s", lvl, msg)
+}
diff --git a/vendor/go.etcd.io/bbolt/mlock_unix.go b/vendor/go.etcd.io/bbolt/mlock_unix.go
index 744a972f51..9a0fd332c9 100644
--- a/vendor/go.etcd.io/bbolt/mlock_unix.go
+++ b/vendor/go.etcd.io/bbolt/mlock_unix.go
@@ -1,5 +1,4 @@
//go:build !windows
-// +build !windows
package bbolt
diff --git a/vendor/go.etcd.io/bbolt/node.go b/vendor/go.etcd.io/bbolt/node.go
index 9c56150d88..022b1001e2 100644
--- a/vendor/go.etcd.io/bbolt/node.go
+++ b/vendor/go.etcd.io/bbolt/node.go
@@ -4,7 +4,8 @@ import (
"bytes"
"fmt"
"sort"
- "unsafe"
+
+ "go.etcd.io/bbolt/internal/common"
)
// node represents an in-memory, deserialized page.
@@ -14,10 +15,10 @@ type node struct {
unbalanced bool
spilled bool
key []byte
- pgid pgid
+ pgid common.Pgid
parent *node
children nodes
- inodes inodes
+ inodes common.Inodes
}
// root returns the top-level node this node is attached to.
@@ -38,10 +39,10 @@ func (n *node) minKeys() int {
// size returns the size of the node after serialization.
func (n *node) size() int {
- sz, elsz := pageHeaderSize, n.pageElementSize()
+ sz, elsz := common.PageHeaderSize, n.pageElementSize()
for i := 0; i < len(n.inodes); i++ {
item := &n.inodes[i]
- sz += elsz + uintptr(len(item.key)) + uintptr(len(item.value))
+ sz += elsz + uintptr(len(item.Key())) + uintptr(len(item.Value()))
}
return int(sz)
}
@@ -50,10 +51,10 @@ func (n *node) size() int {
// This is an optimization to avoid calculating a large node when we only need
// to know if it fits inside a certain page size.
func (n *node) sizeLessThan(v uintptr) bool {
- sz, elsz := pageHeaderSize, n.pageElementSize()
+ sz, elsz := common.PageHeaderSize, n.pageElementSize()
for i := 0; i < len(n.inodes); i++ {
item := &n.inodes[i]
- sz += elsz + uintptr(len(item.key)) + uintptr(len(item.value))
+ sz += elsz + uintptr(len(item.Key())) + uintptr(len(item.Value()))
if sz >= v {
return false
}
@@ -64,9 +65,9 @@ func (n *node) sizeLessThan(v uintptr) bool {
// pageElementSize returns the size of each page element based on the type of node.
func (n *node) pageElementSize() uintptr {
if n.isLeaf {
- return leafPageElementSize
+ return common.LeafPageElementSize
}
- return branchPageElementSize
+ return common.BranchPageElementSize
}
// childAt returns the child node at a given index.
@@ -74,12 +75,12 @@ func (n *node) childAt(index int) *node {
if n.isLeaf {
panic(fmt.Sprintf("invalid childAt(%d) on a leaf node", index))
}
- return n.bucket.node(n.inodes[index].pgid, n)
+ return n.bucket.node(n.inodes[index].Pgid(), n)
}
// childIndex returns the index of a given child node.
func (n *node) childIndex(child *node) int {
- index := sort.Search(len(n.inodes), func(i int) bool { return bytes.Compare(n.inodes[i].key, child.key) != -1 })
+ index := sort.Search(len(n.inodes), func(i int) bool { return bytes.Compare(n.inodes[i].Key(), child.key) != -1 })
return index
}
@@ -113,9 +114,9 @@ func (n *node) prevSibling() *node {
}
// put inserts a key/value.
-func (n *node) put(oldKey, newKey, value []byte, pgId pgid, flags uint32) {
- if pgId >= n.bucket.tx.meta.pgid {
- panic(fmt.Sprintf("pgId (%d) above high water mark (%d)", pgId, n.bucket.tx.meta.pgid))
+func (n *node) put(oldKey, newKey, value []byte, pgId common.Pgid, flags uint32) {
+ if pgId >= n.bucket.tx.meta.Pgid() {
+ panic(fmt.Sprintf("pgId (%d) above high water mark (%d)", pgId, n.bucket.tx.meta.Pgid()))
} else if len(oldKey) <= 0 {
panic("put: zero-length old key")
} else if len(newKey) <= 0 {
@@ -123,30 +124,30 @@ func (n *node) put(oldKey, newKey, value []byte, pgId pgid, flags uint32) {
}
// Find insertion index.
- index := sort.Search(len(n.inodes), func(i int) bool { return bytes.Compare(n.inodes[i].key, oldKey) != -1 })
+ index := sort.Search(len(n.inodes), func(i int) bool { return bytes.Compare(n.inodes[i].Key(), oldKey) != -1 })
// Add capacity and shift nodes if we don't have an exact match and need to insert.
- exact := (len(n.inodes) > 0 && index < len(n.inodes) && bytes.Equal(n.inodes[index].key, oldKey))
+ exact := len(n.inodes) > 0 && index < len(n.inodes) && bytes.Equal(n.inodes[index].Key(), oldKey)
if !exact {
- n.inodes = append(n.inodes, inode{})
+ n.inodes = append(n.inodes, common.Inode{})
copy(n.inodes[index+1:], n.inodes[index:])
}
inode := &n.inodes[index]
- inode.flags = flags
- inode.key = newKey
- inode.value = value
- inode.pgid = pgId
- _assert(len(inode.key) > 0, "put: zero-length inode key")
+ inode.SetFlags(flags)
+ inode.SetKey(newKey)
+ inode.SetValue(value)
+ inode.SetPgid(pgId)
+ common.Assert(len(inode.Key()) > 0, "put: zero-length inode key")
}
// del removes a key from the node.
func (n *node) del(key []byte) {
// Find index of key.
- index := sort.Search(len(n.inodes), func(i int) bool { return bytes.Compare(n.inodes[i].key, key) != -1 })
+ index := sort.Search(len(n.inodes), func(i int) bool { return bytes.Compare(n.inodes[i].Key(), key) != -1 })
// Exit if the key isn't found.
- if index >= len(n.inodes) || !bytes.Equal(n.inodes[index].key, key) {
+ if index >= len(n.inodes) || !bytes.Equal(n.inodes[index].Key(), key) {
return
}
@@ -158,30 +159,15 @@ func (n *node) del(key []byte) {
}
// read initializes the node from a page.
-func (n *node) read(p *page) {
- n.pgid = p.id
- n.isLeaf = ((p.flags & leafPageFlag) != 0)
- n.inodes = make(inodes, int(p.count))
-
- for i := 0; i < int(p.count); i++ {
- inode := &n.inodes[i]
- if n.isLeaf {
- elem := p.leafPageElement(uint16(i))
- inode.flags = elem.flags
- inode.key = elem.key()
- inode.value = elem.value()
- } else {
- elem := p.branchPageElement(uint16(i))
- inode.pgid = elem.pgid
- inode.key = elem.key()
- }
- _assert(len(inode.key) > 0, "read: zero-length inode key")
- }
+func (n *node) read(p *common.Page) {
+ n.pgid = p.Id()
+ n.isLeaf = p.IsLeafPage()
+ n.inodes = common.ReadInodeFromPage(p)
- // Save first key so we can find the node in the parent when we spill.
+ // Save first key, so we can find the node in the parent when we spill.
if len(n.inodes) > 0 {
- n.key = n.inodes[0].key
- _assert(len(n.key) > 0, "read: zero-length node key")
+ n.key = n.inodes[0].Key()
+ common.Assert(len(n.key) > 0, "read: zero-length node key")
} else {
n.key = nil
}
@@ -190,57 +176,27 @@ func (n *node) read(p *page) {
// write writes the items onto one or more pages.
// The page should have p.id (might be 0 for meta or bucket-inline page) and p.overflow set
// and the rest should be zeroed.
-func (n *node) write(p *page) {
- _assert(p.count == 0 && p.flags == 0, "node cannot be written into a not empty page")
+func (n *node) write(p *common.Page) {
+ common.Assert(p.Count() == 0 && p.Flags() == 0, "node cannot be written into a not empty page")
// Initialize page.
if n.isLeaf {
- p.flags = leafPageFlag
+ p.SetFlags(common.LeafPageFlag)
} else {
- p.flags = branchPageFlag
+ p.SetFlags(common.BranchPageFlag)
}
if len(n.inodes) >= 0xFFFF {
- panic(fmt.Sprintf("inode overflow: %d (pgid=%d)", len(n.inodes), p.id))
+ panic(fmt.Sprintf("inode overflow: %d (pgid=%d)", len(n.inodes), p.Id()))
}
- p.count = uint16(len(n.inodes))
+ p.SetCount(uint16(len(n.inodes)))
// Stop here if there are no items to write.
- if p.count == 0 {
+ if p.Count() == 0 {
return
}
- // Loop over each item and write it to the page.
- // off tracks the offset into p of the start of the next data.
- off := unsafe.Sizeof(*p) + n.pageElementSize()*uintptr(len(n.inodes))
- for i, item := range n.inodes {
- _assert(len(item.key) > 0, "write: zero-length inode key")
-
- // Create a slice to write into of needed size and advance
- // byte pointer for next iteration.
- sz := len(item.key) + len(item.value)
- b := unsafeByteSlice(unsafe.Pointer(p), off, 0, sz)
- off += uintptr(sz)
-
- // Write the page element.
- if n.isLeaf {
- elem := p.leafPageElement(uint16(i))
- elem.pos = uint32(uintptr(unsafe.Pointer(&b[0])) - uintptr(unsafe.Pointer(elem)))
- elem.flags = item.flags
- elem.ksize = uint32(len(item.key))
- elem.vsize = uint32(len(item.value))
- } else {
- elem := p.branchPageElement(uint16(i))
- elem.pos = uint32(uintptr(unsafe.Pointer(&b[0])) - uintptr(unsafe.Pointer(elem)))
- elem.ksize = uint32(len(item.key))
- elem.pgid = item.pgid
- _assert(elem.pgid != p.id, "write: circular dependency occurred")
- }
-
- // Write data for the element to the end of the page.
- l := copy(b, item.key)
- copy(b[l:], item.value)
- }
+ common.WriteInodeToPage(n.inodes, p)
// DEBUG ONLY: n.dump()
}
@@ -273,7 +229,7 @@ func (n *node) split(pageSize uintptr) []*node {
func (n *node) splitTwo(pageSize uintptr) (*node, *node) {
// Ignore the split if the page doesn't have at least enough nodes for
// two pages or if the nodes can fit in a single page.
- if len(n.inodes) <= (minKeysPerPage*2) || n.sizeLessThan(pageSize) {
+ if len(n.inodes) <= (common.MinKeysPerPage*2) || n.sizeLessThan(pageSize) {
return n, nil
}
@@ -313,17 +269,17 @@ func (n *node) splitTwo(pageSize uintptr) (*node, *node) {
// It returns the index as well as the size of the first page.
// This is only be called from split().
func (n *node) splitIndex(threshold int) (index, sz uintptr) {
- sz = pageHeaderSize
+ sz = common.PageHeaderSize
// Loop until we only have the minimum number of keys required for the second page.
- for i := 0; i < len(n.inodes)-minKeysPerPage; i++ {
+ for i := 0; i < len(n.inodes)-common.MinKeysPerPage; i++ {
index = uintptr(i)
inode := n.inodes[i]
- elsize := n.pageElementSize() + uintptr(len(inode.key)) + uintptr(len(inode.value))
+ elsize := n.pageElementSize() + uintptr(len(inode.Key())) + uintptr(len(inode.Value()))
// If we have at least the minimum number of keys and adding another
// node would put us over the threshold then exit and return.
- if index >= minKeysPerPage && sz+elsize > uintptr(threshold) {
+ if index >= common.MinKeysPerPage && sz+elsize > uintptr(threshold) {
break
}
@@ -360,7 +316,7 @@ func (n *node) spill() error {
for _, node := range nodes {
// Add node's page to the freelist if it's not new.
if node.pgid > 0 {
- tx.db.freelist.free(tx.meta.txid, tx.page(node.pgid))
+ tx.db.freelist.Free(tx.meta.Txid(), tx.page(node.pgid))
node.pgid = 0
}
@@ -371,10 +327,10 @@ func (n *node) spill() error {
}
// Write the node.
- if p.id >= tx.meta.pgid {
- panic(fmt.Sprintf("pgid (%d) above high water mark (%d)", p.id, tx.meta.pgid))
+ if p.Id() >= tx.meta.Pgid() {
+ panic(fmt.Sprintf("pgid (%d) above high water mark (%d)", p.Id(), tx.meta.Pgid()))
}
- node.pgid = p.id
+ node.pgid = p.Id()
node.write(p)
node.spilled = true
@@ -382,12 +338,12 @@ func (n *node) spill() error {
if node.parent != nil {
var key = node.key
if key == nil {
- key = node.inodes[0].key
+ key = node.inodes[0].Key()
}
- node.parent.put(key, node.inodes[0].key, nil, node.pgid, 0)
- node.key = node.inodes[0].key
- _assert(len(node.key) > 0, "spill: zero-length node key")
+ node.parent.put(key, node.inodes[0].Key(), nil, node.pgid, 0)
+ node.key = node.inodes[0].Key()
+ common.Assert(len(node.key) > 0, "spill: zero-length node key")
}
// Update the statistics.
@@ -415,8 +371,8 @@ func (n *node) rebalance() {
// Update statistics.
n.bucket.tx.stats.IncRebalance(1)
- // Ignore if node is above threshold (25%) and has enough keys.
- var threshold = n.bucket.tx.db.pageSize / 4
+ // Ignore if node is above threshold (25% when FillPercent is set to DefaultFillPercent) and has enough keys.
+ var threshold = int(float64(n.bucket.tx.db.pageSize)*n.bucket.FillPercent) / 2
if n.size() > threshold && len(n.inodes) > n.minKeys() {
return
}
@@ -426,14 +382,14 @@ func (n *node) rebalance() {
// If root node is a branch and only has one node then collapse it.
if !n.isLeaf && len(n.inodes) == 1 {
// Move root's child up.
- child := n.bucket.node(n.inodes[0].pgid, n)
+ child := n.bucket.node(n.inodes[0].Pgid(), n)
n.isLeaf = child.isLeaf
n.inodes = child.inodes[:]
n.children = child.children
// Reparent all child nodes being moved.
for _, inode := range n.inodes {
- if child, ok := n.bucket.nodes[inode.pgid]; ok {
+ if child, ok := n.bucket.nodes[inode.Pgid()]; ok {
child.parent = n
}
}
@@ -457,53 +413,37 @@ func (n *node) rebalance() {
return
}
- _assert(n.parent.numChildren() > 1, "parent must have at least 2 children")
+ common.Assert(n.parent.numChildren() > 1, "parent must have at least 2 children")
- // Destination node is right sibling if idx == 0, otherwise left sibling.
- var target *node
- var useNextSibling = (n.parent.childIndex(n) == 0)
+ // Merge with right sibling if idx == 0, otherwise left sibling.
+ var leftNode, rightNode *node
+ var useNextSibling = n.parent.childIndex(n) == 0
if useNextSibling {
- target = n.nextSibling()
+ leftNode = n
+ rightNode = n.nextSibling()
} else {
- target = n.prevSibling()
+ leftNode = n.prevSibling()
+ rightNode = n
}
- // If both this node and the target node are too small then merge them.
- if useNextSibling {
- // Reparent all child nodes being moved.
- for _, inode := range target.inodes {
- if child, ok := n.bucket.nodes[inode.pgid]; ok {
- child.parent.removeChild(child)
- child.parent = n
- child.parent.children = append(child.parent.children, child)
- }
+ // If both nodes are too small then merge them.
+ // Reparent all child nodes being moved.
+ for _, inode := range rightNode.inodes {
+ if child, ok := n.bucket.nodes[inode.Pgid()]; ok {
+ child.parent.removeChild(child)
+ child.parent = leftNode
+ child.parent.children = append(child.parent.children, child)
}
-
- // Copy over inodes from target and remove target.
- n.inodes = append(n.inodes, target.inodes...)
- n.parent.del(target.key)
- n.parent.removeChild(target)
- delete(n.bucket.nodes, target.pgid)
- target.free()
- } else {
- // Reparent all child nodes being moved.
- for _, inode := range n.inodes {
- if child, ok := n.bucket.nodes[inode.pgid]; ok {
- child.parent.removeChild(child)
- child.parent = target
- child.parent.children = append(child.parent.children, child)
- }
- }
-
- // Copy over inodes to target and remove node.
- target.inodes = append(target.inodes, n.inodes...)
- n.parent.del(n.key)
- n.parent.removeChild(n)
- delete(n.bucket.nodes, n.pgid)
- n.free()
}
- // Either this node or the target node was deleted from the parent so rebalance it.
+ // Copy over inodes from right node to left node and remove right node.
+ leftNode.inodes = append(leftNode.inodes, rightNode.inodes...)
+ n.parent.del(rightNode.key)
+ n.parent.removeChild(rightNode)
+ delete(n.bucket.nodes, rightNode.pgid)
+ rightNode.free()
+
+ // Either this node or the sibling node was deleted from the parent so rebalance it.
n.parent.rebalance()
}
@@ -525,20 +465,20 @@ func (n *node) dereference() {
key := make([]byte, len(n.key))
copy(key, n.key)
n.key = key
- _assert(n.pgid == 0 || len(n.key) > 0, "dereference: zero-length node key on existing node")
+ common.Assert(n.pgid == 0 || len(n.key) > 0, "dereference: zero-length node key on existing node")
}
for i := range n.inodes {
inode := &n.inodes[i]
- key := make([]byte, len(inode.key))
- copy(key, inode.key)
- inode.key = key
- _assert(len(inode.key) > 0, "dereference: zero-length inode key")
+ key := make([]byte, len(inode.Key()))
+ copy(key, inode.Key())
+ inode.SetKey(key)
+ common.Assert(len(inode.Key()) > 0, "dereference: zero-length inode key")
- value := make([]byte, len(inode.value))
- copy(value, inode.value)
- inode.value = value
+ value := make([]byte, len(inode.Value()))
+ copy(value, inode.Value())
+ inode.SetValue(value)
}
// Recursively dereference children.
@@ -553,7 +493,7 @@ func (n *node) dereference() {
// free adds the node's underlying page to the freelist.
func (n *node) free() {
if n.pgid != 0 {
- n.bucket.tx.db.freelist.free(n.bucket.tx.meta.txid, n.bucket.tx.page(n.pgid))
+ n.bucket.tx.db.freelist.Free(n.bucket.tx.meta.Txid(), n.bucket.tx.page(n.pgid))
n.pgid = 0
}
}
@@ -594,17 +534,5 @@ type nodes []*node
func (s nodes) Len() int { return len(s) }
func (s nodes) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
func (s nodes) Less(i, j int) bool {
- return bytes.Compare(s[i].inodes[0].key, s[j].inodes[0].key) == -1
+ return bytes.Compare(s[i].inodes[0].Key(), s[j].inodes[0].Key()) == -1
}
-
-// inode represents an internal node inside of a node.
-// It can be used to point to elements in a page or point
-// to an element which hasn't been added to a page yet.
-type inode struct {
- flags uint32
- pgid pgid
- key []byte
- value []byte
-}
-
-type inodes []inode
diff --git a/vendor/go.etcd.io/bbolt/page.go b/vendor/go.etcd.io/bbolt/page.go
deleted file mode 100644
index bb081b031e..0000000000
--- a/vendor/go.etcd.io/bbolt/page.go
+++ /dev/null
@@ -1,212 +0,0 @@
-package bbolt
-
-import (
- "fmt"
- "os"
- "sort"
- "unsafe"
-)
-
-const pageHeaderSize = unsafe.Sizeof(page{})
-
-const minKeysPerPage = 2
-
-const branchPageElementSize = unsafe.Sizeof(branchPageElement{})
-const leafPageElementSize = unsafe.Sizeof(leafPageElement{})
-
-const (
- branchPageFlag = 0x01
- leafPageFlag = 0x02
- metaPageFlag = 0x04
- freelistPageFlag = 0x10
-)
-
-const (
- bucketLeafFlag = 0x01
-)
-
-type pgid uint64
-
-type page struct {
- id pgid
- flags uint16
- count uint16
- overflow uint32
-}
-
-// typ returns a human readable page type string used for debugging.
-func (p *page) typ() string {
- if (p.flags & branchPageFlag) != 0 {
- return "branch"
- } else if (p.flags & leafPageFlag) != 0 {
- return "leaf"
- } else if (p.flags & metaPageFlag) != 0 {
- return "meta"
- } else if (p.flags & freelistPageFlag) != 0 {
- return "freelist"
- }
- return fmt.Sprintf("unknown<%02x>", p.flags)
-}
-
-// meta returns a pointer to the metadata section of the page.
-func (p *page) meta() *meta {
- return (*meta)(unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p)))
-}
-
-func (p *page) fastCheck(id pgid) {
- _assert(p.id == id, "Page expected to be: %v, but self identifies as %v", id, p.id)
- // Only one flag of page-type can be set.
- _assert(p.flags == branchPageFlag ||
- p.flags == leafPageFlag ||
- p.flags == metaPageFlag ||
- p.flags == freelistPageFlag,
- "page %v: has unexpected type/flags: %x", p.id, p.flags)
-}
-
-// leafPageElement retrieves the leaf node by index
-func (p *page) leafPageElement(index uint16) *leafPageElement {
- return (*leafPageElement)(unsafeIndex(unsafe.Pointer(p), unsafe.Sizeof(*p),
- leafPageElementSize, int(index)))
-}
-
-// leafPageElements retrieves a list of leaf nodes.
-func (p *page) leafPageElements() []leafPageElement {
- if p.count == 0 {
- return nil
- }
- data := unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
- elems := unsafe.Slice((*leafPageElement)(data), int(p.count))
- return elems
-}
-
-// branchPageElement retrieves the branch node by index
-func (p *page) branchPageElement(index uint16) *branchPageElement {
- return (*branchPageElement)(unsafeIndex(unsafe.Pointer(p), unsafe.Sizeof(*p),
- unsafe.Sizeof(branchPageElement{}), int(index)))
-}
-
-// branchPageElements retrieves a list of branch nodes.
-func (p *page) branchPageElements() []branchPageElement {
- if p.count == 0 {
- return nil
- }
- data := unsafeAdd(unsafe.Pointer(p), unsafe.Sizeof(*p))
- elems := unsafe.Slice((*branchPageElement)(data), int(p.count))
- return elems
-}
-
-// dump writes n bytes of the page to STDERR as hex output.
-func (p *page) hexdump(n int) {
- buf := unsafeByteSlice(unsafe.Pointer(p), 0, 0, n)
- fmt.Fprintf(os.Stderr, "%x\n", buf)
-}
-
-type pages []*page
-
-func (s pages) Len() int { return len(s) }
-func (s pages) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-func (s pages) Less(i, j int) bool { return s[i].id < s[j].id }
-
-// branchPageElement represents a node on a branch page.
-type branchPageElement struct {
- pos uint32
- ksize uint32
- pgid pgid
-}
-
-// key returns a byte slice of the node key.
-func (n *branchPageElement) key() []byte {
- return unsafeByteSlice(unsafe.Pointer(n), 0, int(n.pos), int(n.pos)+int(n.ksize))
-}
-
-// leafPageElement represents a node on a leaf page.
-type leafPageElement struct {
- flags uint32
- pos uint32
- ksize uint32
- vsize uint32
-}
-
-// key returns a byte slice of the node key.
-func (n *leafPageElement) key() []byte {
- i := int(n.pos)
- j := i + int(n.ksize)
- return unsafeByteSlice(unsafe.Pointer(n), 0, i, j)
-}
-
-// value returns a byte slice of the node value.
-func (n *leafPageElement) value() []byte {
- i := int(n.pos) + int(n.ksize)
- j := i + int(n.vsize)
- return unsafeByteSlice(unsafe.Pointer(n), 0, i, j)
-}
-
-// PageInfo represents human readable information about a page.
-type PageInfo struct {
- ID int
- Type string
- Count int
- OverflowCount int
-}
-
-type pgids []pgid
-
-func (s pgids) Len() int { return len(s) }
-func (s pgids) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-func (s pgids) Less(i, j int) bool { return s[i] < s[j] }
-
-// merge returns the sorted union of a and b.
-func (a pgids) merge(b pgids) pgids {
- // Return the opposite slice if one is nil.
- if len(a) == 0 {
- return b
- }
- if len(b) == 0 {
- return a
- }
- merged := make(pgids, len(a)+len(b))
- mergepgids(merged, a, b)
- return merged
-}
-
-// mergepgids copies the sorted union of a and b into dst.
-// If dst is too small, it panics.
-func mergepgids(dst, a, b pgids) {
- if len(dst) < len(a)+len(b) {
- panic(fmt.Errorf("mergepgids bad len %d < %d + %d", len(dst), len(a), len(b)))
- }
- // Copy in the opposite slice if one is nil.
- if len(a) == 0 {
- copy(dst, b)
- return
- }
- if len(b) == 0 {
- copy(dst, a)
- return
- }
-
- // Merged will hold all elements from both lists.
- merged := dst[:0]
-
- // Assign lead to the slice with a lower starting value, follow to the higher value.
- lead, follow := a, b
- if b[0] < a[0] {
- lead, follow = b, a
- }
-
- // Continue while there are elements in the lead.
- for len(lead) > 0 {
- // Merge largest prefix of lead that is ahead of follow[0].
- n := sort.Search(len(lead), func(i int) bool { return lead[i] > follow[0] })
- merged = append(merged, lead[:n]...)
- if n >= len(lead) {
- break
- }
-
- // Swap lead and follow.
- lead, follow = follow, lead[n:]
- }
-
- // Append what's left in follow.
- _ = append(merged, follow...)
-}
diff --git a/vendor/go.etcd.io/bbolt/tx.go b/vendor/go.etcd.io/bbolt/tx.go
index 2fac8c0a78..7b5db77278 100644
--- a/vendor/go.etcd.io/bbolt/tx.go
+++ b/vendor/go.etcd.io/bbolt/tx.go
@@ -1,18 +1,20 @@
package bbolt
import (
+ "errors"
"fmt"
"io"
"os"
+ "runtime"
"sort"
"strings"
"sync/atomic"
"time"
"unsafe"
-)
-// txid represents the internal transaction identifier.
-type txid uint64
+ berrors "go.etcd.io/bbolt/errors"
+ "go.etcd.io/bbolt/internal/common"
+)
// Tx represents a read-only or read/write transaction on the database.
// Read-only transactions can be used for retrieving values for keys and creating cursors.
@@ -26,9 +28,9 @@ type Tx struct {
writable bool
managed bool
db *DB
- meta *meta
+ meta *common.Meta
root Bucket
- pages map[pgid]*page
+ pages map[common.Pgid]*common.Page
stats TxStats
commitHandlers []func()
@@ -47,24 +49,27 @@ func (tx *Tx) init(db *DB) {
tx.pages = nil
// Copy the meta page since it can be changed by the writer.
- tx.meta = &meta{}
- db.meta().copy(tx.meta)
+ tx.meta = &common.Meta{}
+ db.meta().Copy(tx.meta)
// Copy over the root bucket.
tx.root = newBucket(tx)
- tx.root.bucket = &bucket{}
- *tx.root.bucket = tx.meta.root
+ tx.root.InBucket = &common.InBucket{}
+ *tx.root.InBucket = *(tx.meta.RootBucket())
// Increment the transaction id and add a page cache for writable transactions.
if tx.writable {
- tx.pages = make(map[pgid]*page)
- tx.meta.txid += txid(1)
+ tx.pages = make(map[common.Pgid]*common.Page)
+ tx.meta.IncTxid()
}
}
// ID returns the transaction id.
func (tx *Tx) ID() int {
- return int(tx.meta.txid)
+ if tx == nil || tx.meta == nil {
+ return -1
+ }
+ return int(tx.meta.Txid())
}
// DB returns a reference to the database that created the transaction.
@@ -74,7 +79,7 @@ func (tx *Tx) DB() *DB {
// Size returns current database size in bytes as seen by this transaction.
func (tx *Tx) Size() int64 {
- return int64(tx.meta.pgid) * int64(tx.db.pageSize)
+ return int64(tx.meta.Pgid()) * int64(tx.db.pageSize)
}
// Writable returns whether the transaction can perform write operations.
@@ -95,6 +100,11 @@ func (tx *Tx) Stats() TxStats {
return tx.stats
}
+// Inspect returns the structure of the database.
+func (tx *Tx) Inspect() BucketStructure {
+ return tx.root.Inspect()
+}
+
// Bucket retrieves a bucket by name.
// Returns nil if the bucket does not exist.
// The bucket instance is only valid for the lifetime of the transaction.
@@ -122,6 +132,24 @@ func (tx *Tx) DeleteBucket(name []byte) error {
return tx.root.DeleteBucket(name)
}
+// MoveBucket moves a sub-bucket from the source bucket to the destination bucket.
+// Returns an error if
+// 1. the sub-bucket cannot be found in the source bucket;
+// 2. or the key already exists in the destination bucket;
+// 3. the key represents a non-bucket value.
+//
+// If src is nil, it means moving a top level bucket into the target bucket.
+// If dst is nil, it means converting the child bucket into a top level bucket.
+func (tx *Tx) MoveBucket(child []byte, src *Bucket, dst *Bucket) error {
+ if src == nil {
+ src = &tx.root
+ }
+ if dst == nil {
+ dst = &tx.root
+ }
+ return src.MoveBucket(child, dst)
+}
+
// ForEach executes a function for each bucket in the root.
// If the provided function returns an error then the iteration is stopped and
// the error is returned to the caller.
@@ -136,15 +164,28 @@ func (tx *Tx) OnCommit(fn func()) {
tx.commitHandlers = append(tx.commitHandlers, fn)
}
-// Commit writes all changes to disk and updates the meta page.
+// Commit writes all changes to disk, updates the meta page and closes the transaction.
// Returns an error if a disk write error occurs, or if Commit is
// called on a read-only transaction.
-func (tx *Tx) Commit() error {
- _assert(!tx.managed, "managed tx commit not allowed")
+func (tx *Tx) Commit() (err error) {
+ txId := tx.ID()
+ lg := tx.db.Logger()
+ if lg != discardLogger {
+ lg.Debugf("Committing transaction %d", txId)
+ defer func() {
+ if err != nil {
+ lg.Errorf("Committing transaction failed: %v", err)
+ } else {
+ lg.Debugf("Committing transaction %d successfully", txId)
+ }
+ }()
+ }
+
+ common.Assert(!tx.managed, "managed tx commit not allowed")
if tx.db == nil {
- return ErrTxClosed
+ return berrors.ErrTxClosed
} else if !tx.writable {
- return ErrTxNotWritable
+ return berrors.ErrTxNotWritable
}
// TODO(benbjohnson): Use vectorized I/O to write out dirty pages.
@@ -156,36 +197,43 @@ func (tx *Tx) Commit() error {
tx.stats.IncRebalanceTime(time.Since(startTime))
}
- opgid := tx.meta.pgid
+ opgid := tx.meta.Pgid()
// spill data onto dirty pages.
startTime = time.Now()
- if err := tx.root.spill(); err != nil {
+ if err = tx.root.spill(); err != nil {
+ lg.Errorf("spilling data onto dirty pages failed: %v", err)
tx.rollback()
return err
}
tx.stats.IncSpillTime(time.Since(startTime))
// Free the old root bucket.
- tx.meta.root.root = tx.root.root
+ tx.meta.RootBucket().SetRootPage(tx.root.RootPage())
// Free the old freelist because commit writes out a fresh freelist.
- if tx.meta.freelist != pgidNoFreelist {
- tx.db.freelist.free(tx.meta.txid, tx.db.page(tx.meta.freelist))
+ if tx.meta.Freelist() != common.PgidNoFreelist {
+ tx.db.freelist.Free(tx.meta.Txid(), tx.db.page(tx.meta.Freelist()))
}
if !tx.db.NoFreelistSync {
- err := tx.commitFreelist()
+ err = tx.commitFreelist()
if err != nil {
+ lg.Errorf("committing freelist failed: %v", err)
return err
}
} else {
- tx.meta.freelist = pgidNoFreelist
+ tx.meta.SetFreelist(common.PgidNoFreelist)
}
// If the high water mark has moved up then attempt to grow the database.
- if tx.meta.pgid > opgid {
- if err := tx.db.grow(int(tx.meta.pgid+1) * tx.db.pageSize); err != nil {
+ if tx.meta.Pgid() > opgid {
+ _ = errors.New("")
+ // gofail: var lackOfDiskSpace string
+ // tx.rollback()
+ // return errors.New(lackOfDiskSpace)
+ if err = tx.db.grow(int(tx.meta.Pgid()+1) * tx.db.pageSize); err != nil {
+ lg.Errorf("growing db size failed, pgid: %d, pagesize: %d, error: %v", tx.meta.Pgid(), tx.db.pageSize, err)
tx.rollback()
return err
}
@@ -193,7 +241,8 @@ func (tx *Tx) Commit() error {
// Write dirty pages to disk.
startTime = time.Now()
- if err := tx.write(); err != nil {
+ if err = tx.write(); err != nil {
+ lg.Errorf("writing data failed: %v", err)
tx.rollback()
return err
}
@@ -203,11 +252,11 @@ func (tx *Tx) Commit() error {
ch := tx.Check()
var errs []string
for {
- err, ok := <-ch
+ chkErr, ok := <-ch
if !ok {
break
}
- errs = append(errs, err.Error())
+ errs = append(errs, chkErr.Error())
}
if len(errs) > 0 {
panic("check fail: " + strings.Join(errs, "\n"))
@@ -215,7 +264,8 @@ func (tx *Tx) Commit() error {
}
// Write meta to disk.
- if err := tx.writeMeta(); err != nil {
+ if err = tx.writeMeta(); err != nil {
+ lg.Errorf("writeMeta failed: %v", err)
tx.rollback()
return err
}
@@ -235,16 +285,14 @@ func (tx *Tx) Commit() error {
func (tx *Tx) commitFreelist() error {
// Allocate new pages for the new free list. This will overestimate
// the size of the freelist but not underestimate the size (which would be bad).
- p, err := tx.allocate((tx.db.freelist.size() / tx.db.pageSize) + 1)
+ p, err := tx.allocate((tx.db.freelist.EstimatedWritePageSize() / tx.db.pageSize) + 1)
if err != nil {
tx.rollback()
return err
}
- if err := tx.db.freelist.write(p); err != nil {
- tx.rollback()
- return err
- }
- tx.meta.freelist = p.id
+
+ tx.db.freelist.Write(p)
+ tx.meta.SetFreelist(p.Id())
return nil
}
@@ -252,9 +300,9 @@ func (tx *Tx) commitFreelist() error {
// Rollback closes the transaction and ignores all previous updates. Read-only
// transactions must be rolled back and not committed.
func (tx *Tx) Rollback() error {
- _assert(!tx.managed, "managed tx rollback not allowed")
+ common.Assert(!tx.managed, "managed tx rollback not allowed")
if tx.db == nil {
- return ErrTxClosed
+ return berrors.ErrTxClosed
}
tx.nonPhysicalRollback()
return nil
@@ -266,7 +314,7 @@ func (tx *Tx) nonPhysicalRollback() {
return
}
if tx.writable {
- tx.db.freelist.rollback(tx.meta.txid)
+ tx.db.freelist.Rollback(tx.meta.Txid())
}
tx.close()
}
@@ -277,17 +325,17 @@ func (tx *Tx) rollback() {
return
}
if tx.writable {
- tx.db.freelist.rollback(tx.meta.txid)
+ tx.db.freelist.Rollback(tx.meta.Txid())
// When mmap fails, the `data`, `dataref` and `datasz` may be reset to
// zero values, and there is no way to reload free page IDs in this case.
if tx.db.data != nil {
if !tx.db.hasSyncedFreelist() {
// Reconstruct free page list by scanning the DB to get the whole free page list.
- // Note: scaning the whole db is heavy if your db size is large in NoSyncFreeList mode.
- tx.db.freelist.noSyncReload(tx.db.freepages())
+ // Note: scanning the whole db is heavy if your db size is large in NoSyncFreeList mode.
+ tx.db.freelist.NoSyncReload(tx.db.freepages())
} else {
// Read free page list from freelist page.
- tx.db.freelist.reload(tx.db.page(tx.db.meta().freelist))
+ tx.db.freelist.Reload(tx.db.page(tx.db.meta().Freelist()))
}
}
}
@@ -300,9 +348,9 @@ func (tx *Tx) close() {
}
if tx.writable {
// Grab freelist stats.
- var freelistFreeN = tx.db.freelist.free_count()
- var freelistPendingN = tx.db.freelist.pending_count()
- var freelistAlloc = tx.db.freelist.size()
+ var freelistFreeN = tx.db.freelist.FreeCount()
+ var freelistPendingN = tx.db.freelist.PendingCount()
+ var freelistAlloc = tx.db.freelist.EstimatedWritePageSize()
// Remove transaction ref & writer lock.
tx.db.rwtx = nil
@@ -330,7 +378,7 @@ func (tx *Tx) close() {
// Copy writes the entire database to a writer.
// This function exists for backwards compatibility.
//
-// Deprecated; Use WriteTo() instead.
+// Deprecated: Use WriteTo() instead.
func (tx *Tx) Copy(w io.Writer) error {
_, err := tx.WriteTo(w)
return err
@@ -352,13 +400,13 @@ func (tx *Tx) WriteTo(w io.Writer) (n int64, err error) {
// Generate a meta page. We use the same page data for both meta pages.
buf := make([]byte, tx.db.pageSize)
- page := (*page)(unsafe.Pointer(&buf[0]))
- page.flags = metaPageFlag
- *page.meta() = *tx.meta
+ page := (*common.Page)(unsafe.Pointer(&buf[0]))
+ page.SetFlags(common.MetaPageFlag)
+ *page.Meta() = *tx.meta
// Write meta 0.
- page.id = 0
- page.meta().checksum = page.meta().sum64()
+ page.SetId(0)
+ page.Meta().SetChecksum(page.Meta().Sum64())
nn, err := w.Write(buf)
n += int64(nn)
if err != nil {
@@ -366,9 +414,9 @@ func (tx *Tx) WriteTo(w io.Writer) (n int64, err error) {
}
// Write meta 1 with a lower transaction id.
- page.id = 1
- page.meta().txid -= 1
- page.meta().checksum = page.meta().sum64()
+ page.SetId(1)
+ page.Meta().DecTxid()
+ page.Meta().SetChecksum(page.Meta().Sum64())
nn, err = w.Write(buf)
n += int64(nn)
if err != nil {
@@ -408,14 +456,16 @@ func (tx *Tx) CopyFile(path string, mode os.FileMode) error {
}
// allocate returns a contiguous block of memory starting at a given page.
-func (tx *Tx) allocate(count int) (*page, error) {
- p, err := tx.db.allocate(tx.meta.txid, count)
+func (tx *Tx) allocate(count int) (*common.Page, error) {
+ lg := tx.db.Logger()
+ p, err := tx.db.allocate(tx.meta.Txid(), count)
if err != nil {
+ lg.Errorf("allocating failed, txid: %d, count: %d, error: %v", tx.meta.Txid(), count, err)
return nil, err
}
// Save to our page cache.
- tx.pages[p.id] = p
+ tx.pages[p.Id()] = p
// Update statistics.
tx.stats.IncPageCount(int64(count))
@@ -427,18 +477,19 @@ func (tx *Tx) allocate(count int) (*page, error) {
// write writes any dirty pages to disk.
func (tx *Tx) write() error {
// Sort pages by id.
- pages := make(pages, 0, len(tx.pages))
+ lg := tx.db.Logger()
+ pages := make(common.Pages, 0, len(tx.pages))
for _, p := range tx.pages {
pages = append(pages, p)
}
// Clear out page cache early.
- tx.pages = make(map[pgid]*page)
+ tx.pages = make(map[common.Pgid]*common.Page)
sort.Sort(pages)
// Write pages to disk in order.
for _, p := range pages {
- rem := (uint64(p.overflow) + 1) * uint64(tx.db.pageSize)
- offset := int64(p.id) * int64(tx.db.pageSize)
+ rem := (uint64(p.Overflow()) + 1) * uint64(tx.db.pageSize)
+ offset := int64(p.Id()) * int64(tx.db.pageSize)
var written uintptr
// Write out page in "max allocation" sized chunks.
@@ -447,9 +498,10 @@ func (tx *Tx) write() error {
if sz > maxAllocSize-1 {
sz = maxAllocSize - 1
}
- buf := unsafeByteSlice(unsafe.Pointer(p), written, 0, int(sz))
+ buf := common.UnsafeByteSlice(unsafe.Pointer(p), written, 0, int(sz))
if _, err := tx.db.ops.writeAt(buf, offset); err != nil {
+ lg.Errorf("writeAt failed, offset: %d: %w", offset, err)
return err
}
@@ -469,8 +521,10 @@ func (tx *Tx) write() error {
}
// Ignore file sync if flag is set on DB.
- if !tx.db.NoSync || IgnoreNoSync {
+ if !tx.db.NoSync || common.IgnoreNoSync {
+ // gofail: var beforeSyncDataPages struct{}
if err := fdatasync(tx.db); err != nil {
+ lg.Errorf("[GOOS: %s, GOARCH: %s] fdatasync failed: %w", runtime.GOOS, runtime.GOARCH, err)
return err
}
}
@@ -479,11 +533,11 @@ func (tx *Tx) write() error {
for _, p := range pages {
// Ignore page sizes over 1 page.
// These are allocated using make() instead of the page pool.
- if int(p.overflow) != 0 {
+ if int(p.Overflow()) != 0 {
continue
}
- buf := unsafeByteSlice(unsafe.Pointer(p), 0, 0, tx.db.pageSize)
+ buf := common.UnsafeByteSlice(unsafe.Pointer(p), 0, 0, tx.db.pageSize)
// See https://go.googlesource.com/go/+/f03c9202c43e0abb130669852082117ca50aa9b1
for i := range buf {
@@ -497,17 +551,24 @@ func (tx *Tx) write() error {
// writeMeta writes the meta to the disk.
func (tx *Tx) writeMeta() error {
+ // gofail: var beforeWriteMetaError string
+ // return errors.New(beforeWriteMetaError)
+
// Create a temporary buffer for the meta page.
+ lg := tx.db.Logger()
buf := make([]byte, tx.db.pageSize)
p := tx.db.pageInBuffer(buf, 0)
- tx.meta.write(p)
+ tx.meta.Write(p)
// Write the meta page to file.
- if _, err := tx.db.ops.writeAt(buf, int64(p.id)*int64(tx.db.pageSize)); err != nil {
+ if _, err := tx.db.ops.writeAt(buf, int64(p.Id())*int64(tx.db.pageSize)); err != nil {
+ lg.Errorf("writeAt failed, pgid: %d, pageSize: %d, error: %v", p.Id(), tx.db.pageSize, err)
return err
}
- if !tx.db.NoSync || IgnoreNoSync {
+ if !tx.db.NoSync || common.IgnoreNoSync {
+ // gofail: var beforeSyncMetaPage struct{}
if err := fdatasync(tx.db); err != nil {
+ lg.Errorf("[GOOS: %s, GOARCH: %s] fdatasync failed: %w", runtime.GOOS, runtime.GOARCH, err)
return err
}
}
@@ -520,69 +581,69 @@ func (tx *Tx) writeMeta() error {
// page returns a reference to the page with a given id.
// If page has been written to then a temporary buffered page is returned.
-func (tx *Tx) page(id pgid) *page {
+func (tx *Tx) page(id common.Pgid) *common.Page {
// Check the dirty pages first.
if tx.pages != nil {
if p, ok := tx.pages[id]; ok {
- p.fastCheck(id)
+ p.FastCheck(id)
return p
}
}
// Otherwise return directly from the mmap.
p := tx.db.page(id)
- p.fastCheck(id)
+ p.FastCheck(id)
return p
}
// forEachPage iterates over every page within a given page and executes a function.
-func (tx *Tx) forEachPage(pgidnum pgid, fn func(*page, int, []pgid)) {
- stack := make([]pgid, 10)
+func (tx *Tx) forEachPage(pgidnum common.Pgid, fn func(*common.Page, int, []common.Pgid)) {
+ stack := make([]common.Pgid, 10)
stack[0] = pgidnum
tx.forEachPageInternal(stack[:1], fn)
}
-func (tx *Tx) forEachPageInternal(pgidstack []pgid, fn func(*page, int, []pgid)) {
+func (tx *Tx) forEachPageInternal(pgidstack []common.Pgid, fn func(*common.Page, int, []common.Pgid)) {
p := tx.page(pgidstack[len(pgidstack)-1])
// Execute function.
fn(p, len(pgidstack)-1, pgidstack)
// Recursively loop over children.
- if (p.flags & branchPageFlag) != 0 {
- for i := 0; i < int(p.count); i++ {
- elem := p.branchPageElement(uint16(i))
- tx.forEachPageInternal(append(pgidstack, elem.pgid), fn)
+ if p.IsBranchPage() {
+ for i := 0; i < int(p.Count()); i++ {
+ elem := p.BranchPageElement(uint16(i))
+ tx.forEachPageInternal(append(pgidstack, elem.Pgid()), fn)
}
}
}
// Page returns page information for a given page number.
// This is only safe for concurrent use when used by a writable transaction.
-func (tx *Tx) Page(id int) (*PageInfo, error) {
+func (tx *Tx) Page(id int) (*common.PageInfo, error) {
if tx.db == nil {
- return nil, ErrTxClosed
- } else if pgid(id) >= tx.meta.pgid {
+ return nil, berrors.ErrTxClosed
+ } else if common.Pgid(id) >= tx.meta.Pgid() {
return nil, nil
}
if tx.db.freelist == nil {
- return nil, ErrFreePagesNotLoaded
+ return nil, berrors.ErrFreePagesNotLoaded
}
// Build the page info.
- p := tx.db.page(pgid(id))
- info := &PageInfo{
+ p := tx.db.page(common.Pgid(id))
+ info := &common.PageInfo{
ID: id,
- Count: int(p.count),
- OverflowCount: int(p.overflow),
+ Count: int(p.Count()),
+ OverflowCount: int(p.Overflow()),
}
// Determine the type (or if it's free).
- if tx.db.freelist.freed(pgid(id)) {
+ if tx.db.freelist.Freed(common.Pgid(id)) {
info.Type = "free"
} else {
- info.Type = p.typ()
+ info.Type = p.Typ()
}
return info, nil
diff --git a/vendor/go.etcd.io/bbolt/tx_check.go b/vendor/go.etcd.io/bbolt/tx_check.go
index 75c7c08436..c3ecbb9750 100644
--- a/vendor/go.etcd.io/bbolt/tx_check.go
+++ b/vendor/go.etcd.io/bbolt/tx_check.go
@@ -3,6 +3,8 @@ package bbolt
import (
"encoding/hex"
"fmt"
+
+ "go.etcd.io/bbolt/internal/common"
)
// Check performs several consistency checks on the database for this transaction.
@@ -13,13 +15,10 @@ import (
// because of caching. This overhead can be removed if running on a read-only
// transaction, however, it is not safe to execute other writer transactions at
// the same time.
-func (tx *Tx) Check() <-chan error {
- return tx.CheckWithOptions()
-}
-
-// CheckWithOptions allows users to provide a customized `KVStringer` implementation,
+//
+// It also allows users to provide a customized `KVStringer` implementation,
// so that bolt can generate human-readable diagnostic messages.
-func (tx *Tx) CheckWithOptions(options ...CheckOption) <-chan error {
+func (tx *Tx) Check(options ...CheckOption) <-chan error {
chkConfig := checkConfig{
kvStringer: HexKVStringer(),
}
@@ -28,18 +27,22 @@ func (tx *Tx) CheckWithOptions(options ...CheckOption) <-chan error {
}
ch := make(chan error)
- go tx.check(chkConfig.kvStringer, ch)
+ go func() {
+ // Close the channel to signal completion.
+ defer close(ch)
+ tx.check(chkConfig, ch)
+ }()
return ch
}
-func (tx *Tx) check(kvStringer KVStringer, ch chan error) {
+func (tx *Tx) check(cfg checkConfig, ch chan error) {
// Force loading free list if opened in ReadOnly mode.
tx.db.loadFreelist()
// Check if any pages are double freed.
- freed := make(map[pgid]bool)
- all := make([]pgid, tx.db.freelist.count())
- tx.db.freelist.copyall(all)
+ freed := make(map[common.Pgid]bool)
+ all := make([]common.Pgid, tx.db.freelist.Count())
+ tx.db.freelist.Copyall(all)
for _, id := range all {
if freed[id] {
ch <- fmt.Errorf("page %d: already freed", id)
@@ -48,118 +51,171 @@ func (tx *Tx) check(kvStringer KVStringer, ch chan error) {
}
// Track every reachable page.
- reachable := make(map[pgid]*page)
+ reachable := make(map[common.Pgid]*common.Page)
reachable[0] = tx.page(0) // meta0
reachable[1] = tx.page(1) // meta1
- if tx.meta.freelist != pgidNoFreelist {
- for i := uint32(0); i <= tx.page(tx.meta.freelist).overflow; i++ {
- reachable[tx.meta.freelist+pgid(i)] = tx.page(tx.meta.freelist)
+ if tx.meta.Freelist() != common.PgidNoFreelist {
+ for i := uint32(0); i <= tx.page(tx.meta.Freelist()).Overflow(); i++ {
+ reachable[tx.meta.Freelist()+common.Pgid(i)] = tx.page(tx.meta.Freelist())
}
}
- // Recursively check buckets.
- tx.checkBucket(&tx.root, reachable, freed, kvStringer, ch)
+ if cfg.pageId == 0 {
+ // Check the whole db file, starting from the root bucket and
+ // recursively check all child buckets.
+ tx.recursivelyCheckBucket(&tx.root, reachable, freed, cfg.kvStringer, ch)
- // Ensure all pages below high water mark are either reachable or freed.
- for i := pgid(0); i < tx.meta.pgid; i++ {
- _, isReachable := reachable[i]
- if !isReachable && !freed[i] {
- ch <- fmt.Errorf("page %d: unreachable unfreed", int(i))
+ // Ensure all pages below high water mark are either reachable or freed.
+ for i := common.Pgid(0); i < tx.meta.Pgid(); i++ {
+ _, isReachable := reachable[i]
+ if !isReachable && !freed[i] {
+ ch <- fmt.Errorf("page %d: unreachable unfreed", int(i))
+ }
}
+ } else {
+ // Check the db file starting from a specified pageId.
+ if cfg.pageId < 2 || cfg.pageId >= uint64(tx.meta.Pgid()) {
+ ch <- fmt.Errorf("page ID (%d) out of range [%d, %d)", cfg.pageId, 2, tx.meta.Pgid())
+ return
+ }
+
+ tx.recursivelyCheckPage(common.Pgid(cfg.pageId), reachable, freed, cfg.kvStringer, ch)
}
+}
- // Close the channel to signal completion.
- close(ch)
+func (tx *Tx) recursivelyCheckPage(pageId common.Pgid, reachable map[common.Pgid]*common.Page, freed map[common.Pgid]bool,
+ kvStringer KVStringer, ch chan error) {
+ tx.checkInvariantProperties(pageId, reachable, freed, kvStringer, ch)
+ tx.recursivelyCheckBucketInPage(pageId, reachable, freed, kvStringer, ch)
}
-func (tx *Tx) checkBucket(b *Bucket, reachable map[pgid]*page, freed map[pgid]bool,
+func (tx *Tx) recursivelyCheckBucketInPage(pageId common.Pgid, reachable map[common.Pgid]*common.Page, freed map[common.Pgid]bool,
kvStringer KVStringer, ch chan error) {
- // Ignore inline buckets.
- if b.root == 0 {
- return
- }
+ p := tx.page(pageId)
- // Check every page used by this bucket.
- b.tx.forEachPage(b.root, func(p *page, _ int, stack []pgid) {
- if p.id > tx.meta.pgid {
- ch <- fmt.Errorf("page %d: out of bounds: %d (stack: %v)", int(p.id), int(b.tx.meta.pgid), stack)
+ switch {
+ case p.IsBranchPage():
+ for i := range p.BranchPageElements() {
+ elem := p.BranchPageElement(uint16(i))
+ tx.recursivelyCheckBucketInPage(elem.Pgid(), reachable, freed, kvStringer, ch)
}
-
- // Ensure each page is only referenced once.
- for i := pgid(0); i <= pgid(p.overflow); i++ {
- var id = p.id + i
- if _, ok := reachable[id]; ok {
- ch <- fmt.Errorf("page %d: multiple references (stack: %v)", int(id), stack)
+ case p.IsLeafPage():
+ for i := range p.LeafPageElements() {
+ elem := p.LeafPageElement(uint16(i))
+ if elem.IsBucketEntry() {
+ inBkt := common.NewInBucket(pageId, 0)
+ tmpBucket := Bucket{
+ InBucket: &inBkt,
+ rootNode: &node{isLeaf: p.IsLeafPage()},
+ FillPercent: DefaultFillPercent,
+ tx: tx,
+ }
+ if child := tmpBucket.Bucket(elem.Key()); child != nil {
+ tx.recursivelyCheckBucket(child, reachable, freed, kvStringer, ch)
+ }
}
- reachable[id] = p
}
+ default:
+ ch <- fmt.Errorf("unexpected page type (flags: %x) for pgId:%d", p.Flags(), pageId)
+ }
+}
- // We should only encounter un-freed leaf and branch pages.
- if freed[p.id] {
- ch <- fmt.Errorf("page %d: reachable freed", int(p.id))
- } else if (p.flags&branchPageFlag) == 0 && (p.flags&leafPageFlag) == 0 {
- ch <- fmt.Errorf("page %d: invalid type: %s (stack: %v)", int(p.id), p.typ(), stack)
- }
- })
+func (tx *Tx) recursivelyCheckBucket(b *Bucket, reachable map[common.Pgid]*common.Page, freed map[common.Pgid]bool,
+ kvStringer KVStringer, ch chan error) {
+ // Ignore inline buckets.
+ if b.RootPage() == 0 {
+ return
+ }
- tx.recursivelyCheckPages(b.root, kvStringer.KeyToString, ch)
+ tx.checkInvariantProperties(b.RootPage(), reachable, freed, kvStringer, ch)
// Check each bucket within this bucket.
_ = b.ForEachBucket(func(k []byte) error {
if child := b.Bucket(k); child != nil {
- tx.checkBucket(child, reachable, freed, kvStringer, ch)
+ tx.recursivelyCheckBucket(child, reachable, freed, kvStringer, ch)
}
return nil
})
}
-// recursivelyCheckPages confirms database consistency with respect to b-tree
+func (tx *Tx) checkInvariantProperties(pageId common.Pgid, reachable map[common.Pgid]*common.Page, freed map[common.Pgid]bool,
+ kvStringer KVStringer, ch chan error) {
+ tx.forEachPage(pageId, func(p *common.Page, _ int, stack []common.Pgid) {
+ verifyPageReachable(p, tx.meta.Pgid(), stack, reachable, freed, ch)
+ })
+
+ tx.recursivelyCheckPageKeyOrder(pageId, kvStringer.KeyToString, ch)
+}
+
+func verifyPageReachable(p *common.Page, hwm common.Pgid, stack []common.Pgid, reachable map[common.Pgid]*common.Page, freed map[common.Pgid]bool, ch chan error) {
+ if p.Id() > hwm {
+ ch <- fmt.Errorf("page %d: out of bounds: %d (stack: %v)", int(p.Id()), int(hwm), stack)
+ }
+
+ // Ensure each page is only referenced once.
+ for i := common.Pgid(0); i <= common.Pgid(p.Overflow()); i++ {
+ var id = p.Id() + i
+ if _, ok := reachable[id]; ok {
+ ch <- fmt.Errorf("page %d: multiple references (stack: %v)", int(id), stack)
+ }
+ reachable[id] = p
+ }
+
+ // We should only encounter un-freed leaf and branch pages.
+ if freed[p.Id()] {
+ ch <- fmt.Errorf("page %d: reachable freed", int(p.Id()))
+ } else if !p.IsBranchPage() && !p.IsLeafPage() {
+ ch <- fmt.Errorf("page %d: invalid type: %s (stack: %v)", int(p.Id()), p.Typ(), stack)
+ }
+}
+
+// recursivelyCheckPageKeyOrder verifies database consistency with respect to b-tree
// key order constraints:
// - keys on pages must be sorted
// - keys on children pages are between 2 consecutive keys on the parent's branch page).
-func (tx *Tx) recursivelyCheckPages(pgId pgid, keyToString func([]byte) string, ch chan error) {
- tx.recursivelyCheckPagesInternal(pgId, nil, nil, nil, keyToString, ch)
+func (tx *Tx) recursivelyCheckPageKeyOrder(pgId common.Pgid, keyToString func([]byte) string, ch chan error) {
+ tx.recursivelyCheckPageKeyOrderInternal(pgId, nil, nil, nil, keyToString, ch)
}
-// recursivelyCheckPagesInternal verifies that all keys in the subtree rooted at `pgid` are:
+// recursivelyCheckPageKeyOrderInternal verifies that all keys in the subtree rooted at `pgid` are:
// - >=`minKeyClosed` (can be nil)
// - <`maxKeyOpen` (can be nil)
// - Are in right ordering relationship to their parents.
// `pagesStack` is expected to contain IDs of pages from the tree root to `pgid` for the clean debugging message.
-func (tx *Tx) recursivelyCheckPagesInternal(
- pgId pgid, minKeyClosed, maxKeyOpen []byte, pagesStack []pgid,
+func (tx *Tx) recursivelyCheckPageKeyOrderInternal(
+ pgId common.Pgid, minKeyClosed, maxKeyOpen []byte, pagesStack []common.Pgid,
keyToString func([]byte) string, ch chan error) (maxKeyInSubtree []byte) {
p := tx.page(pgId)
pagesStack = append(pagesStack, pgId)
switch {
- case p.flags&branchPageFlag != 0:
+ case p.IsBranchPage():
// For branch page we navigate ranges of all subpages.
runningMin := minKeyClosed
- for i := range p.branchPageElements() {
- elem := p.branchPageElement(uint16(i))
- verifyKeyOrder(elem.pgid, "branch", i, elem.key(), runningMin, maxKeyOpen, ch, keyToString, pagesStack)
+ for i := range p.BranchPageElements() {
+ elem := p.BranchPageElement(uint16(i))
+ verifyKeyOrder(elem.Pgid(), "branch", i, elem.Key(), runningMin, maxKeyOpen, ch, keyToString, pagesStack)
maxKey := maxKeyOpen
- if i < len(p.branchPageElements())-1 {
- maxKey = p.branchPageElement(uint16(i + 1)).key()
+ if i < len(p.BranchPageElements())-1 {
+ maxKey = p.BranchPageElement(uint16(i + 1)).Key()
}
- maxKeyInSubtree = tx.recursivelyCheckPagesInternal(elem.pgid, elem.key(), maxKey, pagesStack, keyToString, ch)
+ maxKeyInSubtree = tx.recursivelyCheckPageKeyOrderInternal(elem.Pgid(), elem.Key(), maxKey, pagesStack, keyToString, ch)
runningMin = maxKeyInSubtree
}
return maxKeyInSubtree
- case p.flags&leafPageFlag != 0:
+ case p.IsLeafPage():
runningMin := minKeyClosed
- for i := range p.leafPageElements() {
- elem := p.leafPageElement(uint16(i))
- verifyKeyOrder(pgId, "leaf", i, elem.key(), runningMin, maxKeyOpen, ch, keyToString, pagesStack)
- runningMin = elem.key()
+ for i := range p.LeafPageElements() {
+ elem := p.LeafPageElement(uint16(i))
+ verifyKeyOrder(pgId, "leaf", i, elem.Key(), runningMin, maxKeyOpen, ch, keyToString, pagesStack)
+ runningMin = elem.Key()
}
- if p.count > 0 {
- return p.leafPageElement(p.count - 1).key()
+ if p.Count() > 0 {
+ return p.LeafPageElement(p.Count() - 1).Key()
}
default:
- ch <- fmt.Errorf("unexpected page type for pgId:%d", pgId)
+ ch <- fmt.Errorf("unexpected page type (flags: %x) for pgId:%d", p.Flags(), pgId)
}
return maxKeyInSubtree
}
@@ -168,7 +224,7 @@ func (tx *Tx) recursivelyCheckPagesInternal(
* verifyKeyOrder checks whether an entry with given #index on pgId (pageType: "branch|leaf") that has given "key",
* is within range determined by (previousKey..maxKeyOpen) and reports found violations to the channel (ch).
*/
-func verifyKeyOrder(pgId pgid, pageType string, index int, key []byte, previousKey []byte, maxKeyOpen []byte, ch chan error, keyToString func([]byte) string, pagesStack []pgid) {
+func verifyKeyOrder(pgId common.Pgid, pageType string, index int, key []byte, previousKey []byte, maxKeyOpen []byte, ch chan error, keyToString func([]byte) string, pagesStack []common.Pgid) {
if index == 0 && previousKey != nil && compareKeys(previousKey, key) > 0 {
ch <- fmt.Errorf("the first key[%d]=(hex)%s on %s page(%d) needs to be >= the key in the ancestor (%s). Stack: %v",
index, keyToString(key), pageType, pgId, keyToString(previousKey), pagesStack)
@@ -194,6 +250,7 @@ func verifyKeyOrder(pgId pgid, pageType string, index int, key []byte, previousK
type checkConfig struct {
kvStringer KVStringer
+ pageId uint64
}
type CheckOption func(options *checkConfig)
@@ -204,6 +261,13 @@ func WithKVStringer(kvStringer KVStringer) CheckOption {
}
}
+// WithPageId sets a page ID from which the check command starts to check
+func WithPageId(pageId uint64) CheckOption {
+ return func(c *checkConfig) {
+ c.pageId = pageId
+ }
+}
+
// KVStringer allows to prepare human-readable diagnostic messages.
type KVStringer interface {
KeyToString([]byte) string
diff --git a/vendor/go.opentelemetry.io/auto/sdk/CONTRIBUTING.md b/vendor/go.opentelemetry.io/auto/sdk/CONTRIBUTING.md
new file mode 100644
index 0000000000..773c9b6431
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/CONTRIBUTING.md
@@ -0,0 +1,27 @@
+# Contributing to go.opentelemetry.io/auto/sdk
+
+The `go.opentelemetry.io/auto/sdk` module is a purpose built OpenTelemetry SDK.
+It is designed to be:
+
+0. An OpenTelemetry compliant SDK
+1. Instrumented by auto-instrumentation (serializable into OTLP JSON)
+2. Lightweight
+3. User-friendly
+
+These design choices are listed in the order of their importance.
+
+The primary design goal of this module is to be an OpenTelemetry SDK.
+This means that it needs to implement the Go APIs found in `go.opentelemetry.io/otel`.
+
+Having met the requirement of SDK compliance, this module needs to provide code that the `go.opentelemetry.io/auto` module can instrument.
+The chosen approach to meet this goal is to ensure the telemetry from the SDK is serializable into JSON encoded OTLP.
+This ensures then that the serialized form is compatible with other OpenTelemetry systems, and the auto-instrumentation can use these systems to deserialize any telemetry it is sent.
+
+Outside of these first two goals, the intended use becomes relevant.
+This package is intended to be used in the `go.opentelemetry.io/otel` global API as a default when the auto-instrumentation is running.
+Because of this, this package needs to not add unnecessary dependencies to that API.
+Ideally, it adds none.
+It also needs to operate efficiently.
+
+Finally, this module is designed to be user-friendly to Go development.
+It hides complexity in order to provide simpler APIs when the previous goals can all still be met.
diff --git a/vendor/github.com/OneOfOne/xxhash/LICENSE b/vendor/go.opentelemetry.io/auto/sdk/LICENSE
similarity index 94%
rename from vendor/github.com/OneOfOne/xxhash/LICENSE
rename to vendor/go.opentelemetry.io/auto/sdk/LICENSE
index 9e30b4f342..261eeb9e9f 100644
--- a/vendor/github.com/OneOfOne/xxhash/LICENSE
+++ b/vendor/go.opentelemetry.io/auto/sdk/LICENSE
@@ -178,10 +178,24 @@
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "{}"
+ boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/go.opentelemetry.io/auto/sdk/VERSIONING.md b/vendor/go.opentelemetry.io/auto/sdk/VERSIONING.md
new file mode 100644
index 0000000000..088d19a6ce
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/VERSIONING.md
@@ -0,0 +1,15 @@
+# Versioning
+
+This document describes the versioning policy for this module.
+This policy is designed so the following goals can be achieved.
+
+**Users are provided a codebase of value that is stable and secure.**
+
+## Policy
+
+* Versioning of this module will be idiomatic of a Go project using [Go modules](https://github.com/golang/go/wiki/Modules).
+ * [Semantic import versioning](https://github.com/golang/go/wiki/Modules#semantic-import-versioning) will be used.
+ * Versions will comply with [semver 2.0](https://semver.org/spec/v2.0.0.html).
+ * Any `v2` or higher version of this module will be included as a `/vN` at the end of the module path used in `go.mod` files and in the package import path.
+
+* GitHub releases will be made for all releases.
diff --git a/vendor/go.opentelemetry.io/auto/sdk/doc.go b/vendor/go.opentelemetry.io/auto/sdk/doc.go
new file mode 100644
index 0000000000..ad73d8cb9d
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/doc.go
@@ -0,0 +1,14 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+/*
+Package sdk provides an auto-instrumentable OpenTelemetry SDK.
+
+An [go.opentelemetry.io/auto.Instrumentation] can be configured to target the
+process running this SDK. In that case, all telemetry the SDK produces will be
+processed and handled by that [go.opentelemetry.io/auto.Instrumentation].
+
+By default, if there is no [go.opentelemetry.io/auto.Instrumentation] set to
+auto-instrument the SDK, the SDK will not generate any telemetry.
+*/
+package sdk
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/attr.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/attr.go
new file mode 100644
index 0000000000..af6ef171f6
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/attr.go
@@ -0,0 +1,58 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry
+
+// Attr is a key-value pair.
+type Attr struct {
+ Key string `json:"key,omitempty"`
+ Value Value `json:"value,omitempty"`
+}
+
+// String returns an Attr for a string value.
+func String(key, value string) Attr {
+ return Attr{key, StringValue(value)}
+}
+
+// Int64 returns an Attr for an int64 value.
+func Int64(key string, value int64) Attr {
+ return Attr{key, Int64Value(value)}
+}
+
+// Int returns an Attr for an int value.
+func Int(key string, value int) Attr {
+ return Int64(key, int64(value))
+}
+
+// Float64 returns an Attr for a float64 value.
+func Float64(key string, value float64) Attr {
+ return Attr{key, Float64Value(value)}
+}
+
+// Bool returns an Attr for a bool value.
+func Bool(key string, value bool) Attr {
+ return Attr{key, BoolValue(value)}
+}
+
+// Bytes returns an Attr for a []byte value.
+// The passed slice must not be changed after it is passed.
+func Bytes(key string, value []byte) Attr {
+ return Attr{key, BytesValue(value)}
+}
+
+// Slice returns an Attr for a []Value value.
+// The passed slice must not be changed after it is passed.
+func Slice(key string, value ...Value) Attr {
+ return Attr{key, SliceValue(value...)}
+}
+
+// Map returns an Attr for a map value.
+// The passed slice must not be changed after it is passed.
+func Map(key string, value ...Attr) Attr {
+ return Attr{key, MapValue(value...)}
+}
+
+// Equal returns if a is equal to b.
+func (a Attr) Equal(b Attr) bool {
+ return a.Key == b.Key && a.Value.Equal(b.Value)
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/doc.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/doc.go
new file mode 100644
index 0000000000..949e2165c0
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/doc.go
@@ -0,0 +1,8 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+/*
+Package telemetry provides a lightweight representations of OpenTelemetry
+telemetry that is compatible with the OTLP JSON protobuf encoding.
+*/
+package telemetry
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go
new file mode 100644
index 0000000000..e854d7e84e
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go
@@ -0,0 +1,103 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry
+
+import (
+ "encoding/hex"
+ "errors"
+ "fmt"
+)
+
+const (
+ traceIDSize = 16
+ spanIDSize = 8
+)
+
+// TraceID is a custom data type that is used for all trace IDs.
+type TraceID [traceIDSize]byte
+
+// String returns the hex string representation form of a TraceID.
+func (tid TraceID) String() string {
+ return hex.EncodeToString(tid[:])
+}
+
+// IsEmpty returns false if id contains at least one non-zero byte.
+func (tid TraceID) IsEmpty() bool {
+ return tid == [traceIDSize]byte{}
+}
+
+// MarshalJSON converts the trace ID into a hex string enclosed in quotes.
+func (tid TraceID) MarshalJSON() ([]byte, error) {
+ if tid.IsEmpty() {
+ return []byte(`""`), nil
+ }
+ return marshalJSON(tid[:])
+}
+
+// UnmarshalJSON inflates the trace ID from hex string, possibly enclosed in
+// quotes.
+func (tid *TraceID) UnmarshalJSON(data []byte) error {
+ *tid = [traceIDSize]byte{}
+ return unmarshalJSON(tid[:], data)
+}
+
+// SpanID is a custom data type that is used for all span IDs.
+type SpanID [spanIDSize]byte
+
+// String returns the hex string representation form of a SpanID.
+func (sid SpanID) String() string {
+ return hex.EncodeToString(sid[:])
+}
+
+// IsEmpty returns true if the span ID contains at least one non-zero byte.
+func (sid SpanID) IsEmpty() bool {
+ return sid == [spanIDSize]byte{}
+}
+
+// MarshalJSON converts span ID into a hex string enclosed in quotes.
+func (sid SpanID) MarshalJSON() ([]byte, error) {
+ if sid.IsEmpty() {
+ return []byte(`""`), nil
+ }
+ return marshalJSON(sid[:])
+}
+
+// UnmarshalJSON decodes span ID from hex string, possibly enclosed in quotes.
+func (sid *SpanID) UnmarshalJSON(data []byte) error {
+ *sid = [spanIDSize]byte{}
+ return unmarshalJSON(sid[:], data)
+}
+
+// marshalJSON converts id into a hex string enclosed in quotes.
+func marshalJSON(id []byte) ([]byte, error) {
+ // Plus 2 quote chars at the start and end.
+ hexLen := hex.EncodedLen(len(id)) + 2
+
+ b := make([]byte, hexLen)
+ hex.Encode(b[1:hexLen-1], id)
+ b[0], b[hexLen-1] = '"', '"'
+
+ return b, nil
+}
+
+// unmarshalJSON inflates trace id from hex string, possibly enclosed in quotes.
+func unmarshalJSON(dst []byte, src []byte) error {
+ if l := len(src); l >= 2 && src[0] == '"' && src[l-1] == '"' {
+ src = src[1 : l-1]
+ }
+ nLen := len(src)
+ if nLen == 0 {
+ return nil
+ }
+
+ if len(dst) != hex.DecodedLen(nLen) {
+ return errors.New("invalid length for ID")
+ }
+
+ _, err := hex.Decode(dst, src)
+ if err != nil {
+ return fmt.Errorf("cannot unmarshal ID from string '%s': %w", string(src), err)
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go
new file mode 100644
index 0000000000..29e629d667
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go
@@ -0,0 +1,67 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry
+
+import (
+ "encoding/json"
+ "strconv"
+)
+
+// protoInt64 represents the protobuf encoding of integers which can be either
+// strings or integers.
+type protoInt64 int64
+
+// Int64 returns the protoInt64 as an int64.
+func (i *protoInt64) Int64() int64 { return int64(*i) }
+
+// UnmarshalJSON decodes both strings and integers.
+func (i *protoInt64) UnmarshalJSON(data []byte) error {
+ if data[0] == '"' {
+ var str string
+ if err := json.Unmarshal(data, &str); err != nil {
+ return err
+ }
+ parsedInt, err := strconv.ParseInt(str, 10, 64)
+ if err != nil {
+ return err
+ }
+ *i = protoInt64(parsedInt)
+ } else {
+ var parsedInt int64
+ if err := json.Unmarshal(data, &parsedInt); err != nil {
+ return err
+ }
+ *i = protoInt64(parsedInt)
+ }
+ return nil
+}
+
+// protoUint64 represents the protobuf encoding of integers which can be either
+// strings or integers.
+type protoUint64 uint64
+
+// Int64 returns the protoUint64 as a uint64.
+func (i *protoUint64) Uint64() uint64 { return uint64(*i) }
+
+// UnmarshalJSON decodes both strings and integers.
+func (i *protoUint64) UnmarshalJSON(data []byte) error {
+ if data[0] == '"' {
+ var str string
+ if err := json.Unmarshal(data, &str); err != nil {
+ return err
+ }
+ parsedUint, err := strconv.ParseUint(str, 10, 64)
+ if err != nil {
+ return err
+ }
+ *i = protoUint64(parsedUint)
+ } else {
+ var parsedUint uint64
+ if err := json.Unmarshal(data, &parsedUint); err != nil {
+ return err
+ }
+ *i = protoUint64(parsedUint)
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/resource.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/resource.go
new file mode 100644
index 0000000000..cecad8bae3
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/resource.go
@@ -0,0 +1,66 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+)
+
+// Resource information.
+type Resource struct {
+ // Attrs are the set of attributes that describe the resource. Attribute
+ // keys MUST be unique (it is not allowed to have more than one attribute
+ // with the same key).
+ Attrs []Attr `json:"attributes,omitempty"`
+ // DroppedAttrs is the number of dropped attributes. If the value
+ // is 0, then no attributes were dropped.
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into r.
+func (r *Resource) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid Resource type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid Resource field: %#v", keyIface)
+ }
+
+ switch key {
+ case "attributes":
+ err = decoder.Decode(&r.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&r.DroppedAttrs)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/scope.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/scope.go
new file mode 100644
index 0000000000..b6f2e28d40
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/scope.go
@@ -0,0 +1,67 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+)
+
+// Scope is the identifying values of the instrumentation scope.
+type Scope struct {
+ Name string `json:"name,omitempty"`
+ Version string `json:"version,omitempty"`
+ Attrs []Attr `json:"attributes,omitempty"`
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into r.
+func (s *Scope) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid Scope type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid Scope field: %#v", keyIface)
+ }
+
+ switch key {
+ case "name":
+ err = decoder.Decode(&s.Name)
+ case "version":
+ err = decoder.Decode(&s.Version)
+ case "attributes":
+ err = decoder.Decode(&s.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&s.DroppedAttrs)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go
new file mode 100644
index 0000000000..a13a6b733d
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go
@@ -0,0 +1,456 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry
+
+import (
+ "bytes"
+ "encoding/hex"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "time"
+)
+
+// A Span represents a single operation performed by a single component of the
+// system.
+type Span struct {
+ // A unique identifier for a trace. All spans from the same trace share
+ // the same `trace_id`. The ID is a 16-byte array. An ID with all zeroes OR
+ // of length other than 16 bytes is considered invalid (empty string in OTLP/JSON
+ // is zero-length and thus is also invalid).
+ //
+ // This field is required.
+ TraceID TraceID `json:"traceId,omitempty"`
+ // A unique identifier for a span within a trace, assigned when the span
+ // is created. The ID is an 8-byte array. An ID with all zeroes OR of length
+ // other than 8 bytes is considered invalid (empty string in OTLP/JSON
+ // is zero-length and thus is also invalid).
+ //
+ // This field is required.
+ SpanID SpanID `json:"spanId,omitempty"`
+ // trace_state conveys information about request position in multiple distributed tracing graphs.
+ // It is a trace_state in w3c-trace-context format: https://www.w3.org/TR/trace-context/#tracestate-header
+ // See also https://github.com/w3c/distributed-tracing for more details about this field.
+ TraceState string `json:"traceState,omitempty"`
+ // The `span_id` of this span's parent span. If this is a root span, then this
+ // field must be empty. The ID is an 8-byte array.
+ ParentSpanID SpanID `json:"parentSpanId,omitempty"`
+ // Flags, a bit field.
+ //
+ // Bits 0-7 (8 least significant bits) are the trace flags as defined in W3C Trace
+ // Context specification. To read the 8-bit W3C trace flag, use
+ // `flags & SPAN_FLAGS_TRACE_FLAGS_MASK`.
+ //
+ // See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions.
+ //
+ // Bits 8 and 9 represent the 3 states of whether a span's parent
+ // is remote. The states are (unknown, is not remote, is remote).
+ // To read whether the value is known, use `(flags & SPAN_FLAGS_CONTEXT_HAS_IS_REMOTE_MASK) != 0`.
+ // To read whether the span is remote, use `(flags & SPAN_FLAGS_CONTEXT_IS_REMOTE_MASK) != 0`.
+ //
+ // When creating span messages, if the message is logically forwarded from another source
+ // with an equivalent flags fields (i.e., usually another OTLP span message), the field SHOULD
+ // be copied as-is. If creating from a source that does not have an equivalent flags field
+ // (such as a runtime representation of an OpenTelemetry span), the high 22 bits MUST
+ // be set to zero.
+ // Readers MUST NOT assume that bits 10-31 (22 most significant bits) will be zero.
+ //
+ // [Optional].
+ Flags uint32 `json:"flags,omitempty"`
+ // A description of the span's operation.
+ //
+ // For example, the name can be a qualified method name or a file name
+ // and a line number where the operation is called. A best practice is to use
+ // the same display name at the same call point in an application.
+ // This makes it easier to correlate spans in different traces.
+ //
+ // This field is semantically required to be set to non-empty string.
+ // Empty value is equivalent to an unknown span name.
+ //
+ // This field is required.
+ Name string `json:"name"`
+ // Distinguishes between spans generated in a particular context. For example,
+ // two spans with the same name may be distinguished using `CLIENT` (caller)
+ // and `SERVER` (callee) to identify queueing latency associated with the span.
+ Kind SpanKind `json:"kind,omitempty"`
+ // start_time_unix_nano is the start time of the span. On the client side, this is the time
+ // kept by the local machine where the span execution starts. On the server side, this
+ // is the time when the server's application handler starts running.
+ // Value is UNIX Epoch time in nanoseconds since 00:00:00 UTC on 1 January 1970.
+ //
+ // This field is semantically required and it is expected that end_time >= start_time.
+ StartTime time.Time `json:"startTimeUnixNano,omitempty"`
+ // end_time_unix_nano is the end time of the span. On the client side, this is the time
+ // kept by the local machine where the span execution ends. On the server side, this
+ // is the time when the server application handler stops running.
+ // Value is UNIX Epoch time in nanoseconds since 00:00:00 UTC on 1 January 1970.
+ //
+ // This field is semantically required and it is expected that end_time >= start_time.
+ EndTime time.Time `json:"endTimeUnixNano,omitempty"`
+ // attributes is a collection of key/value pairs. Note, global attributes
+ // like server name can be set using the resource API. Examples of attributes:
+ //
+ // "/http/user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
+ // "/http/server_latency": 300
+ // "example.com/myattribute": true
+ // "example.com/score": 10.239
+ //
+ // The OpenTelemetry API specification further restricts the allowed value types:
+ // https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/common/README.md#attribute
+ // Attribute keys MUST be unique (it is not allowed to have more than one
+ // attribute with the same key).
+ Attrs []Attr `json:"attributes,omitempty"`
+ // dropped_attributes_count is the number of attributes that were discarded. Attributes
+ // can be discarded because their keys are too long or because there are too many
+ // attributes. If this value is 0, then no attributes were dropped.
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+ // events is a collection of Event items.
+ Events []*SpanEvent `json:"events,omitempty"`
+ // dropped_events_count is the number of dropped events. If the value is 0, then no
+ // events were dropped.
+ DroppedEvents uint32 `json:"droppedEventsCount,omitempty"`
+ // links is a collection of Links, which are references from this span to a span
+ // in the same or different trace.
+ Links []*SpanLink `json:"links,omitempty"`
+ // dropped_links_count is the number of dropped links after the maximum size was
+ // enforced. If this value is 0, then no links were dropped.
+ DroppedLinks uint32 `json:"droppedLinksCount,omitempty"`
+ // An optional final status for this span. Semantically when Status isn't set, it means
+ // span's status code is unset, i.e. assume STATUS_CODE_UNSET (code = 0).
+ Status *Status `json:"status,omitempty"`
+}
+
+// MarshalJSON encodes s into OTLP formatted JSON.
+func (s Span) MarshalJSON() ([]byte, error) {
+ startT := s.StartTime.UnixNano()
+ if s.StartTime.IsZero() || startT < 0 {
+ startT = 0
+ }
+
+ endT := s.EndTime.UnixNano()
+ if s.EndTime.IsZero() || endT < 0 {
+ endT = 0
+ }
+
+ // Override non-empty default SpanID marshal and omitempty.
+ var parentSpanId string
+ if !s.ParentSpanID.IsEmpty() {
+ b := make([]byte, hex.EncodedLen(spanIDSize))
+ hex.Encode(b, s.ParentSpanID[:])
+ parentSpanId = string(b)
+ }
+
+ type Alias Span
+ return json.Marshal(struct {
+ Alias
+ ParentSpanID string `json:"parentSpanId,omitempty"`
+ StartTime uint64 `json:"startTimeUnixNano,omitempty"`
+ EndTime uint64 `json:"endTimeUnixNano,omitempty"`
+ }{
+ Alias: Alias(s),
+ ParentSpanID: parentSpanId,
+ StartTime: uint64(startT),
+ EndTime: uint64(endT),
+ })
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into s.
+func (s *Span) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid Span type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid Span field: %#v", keyIface)
+ }
+
+ switch key {
+ case "traceId", "trace_id":
+ err = decoder.Decode(&s.TraceID)
+ case "spanId", "span_id":
+ err = decoder.Decode(&s.SpanID)
+ case "traceState", "trace_state":
+ err = decoder.Decode(&s.TraceState)
+ case "parentSpanId", "parent_span_id":
+ err = decoder.Decode(&s.ParentSpanID)
+ case "flags":
+ err = decoder.Decode(&s.Flags)
+ case "name":
+ err = decoder.Decode(&s.Name)
+ case "kind":
+ err = decoder.Decode(&s.Kind)
+ case "startTimeUnixNano", "start_time_unix_nano":
+ var val protoUint64
+ err = decoder.Decode(&val)
+ s.StartTime = time.Unix(0, int64(val.Uint64()))
+ case "endTimeUnixNano", "end_time_unix_nano":
+ var val protoUint64
+ err = decoder.Decode(&val)
+ s.EndTime = time.Unix(0, int64(val.Uint64()))
+ case "attributes":
+ err = decoder.Decode(&s.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&s.DroppedAttrs)
+ case "events":
+ err = decoder.Decode(&s.Events)
+ case "droppedEventsCount", "dropped_events_count":
+ err = decoder.Decode(&s.DroppedEvents)
+ case "links":
+ err = decoder.Decode(&s.Links)
+ case "droppedLinksCount", "dropped_links_count":
+ err = decoder.Decode(&s.DroppedLinks)
+ case "status":
+ err = decoder.Decode(&s.Status)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// SpanFlags represents constants used to interpret the
+// Span.flags field, which is protobuf 'fixed32' type and is to
+// be used as bit-fields. Each non-zero value defined in this enum is
+// a bit-mask. To extract the bit-field, for example, use an
+// expression like:
+//
+// (span.flags & SPAN_FLAGS_TRACE_FLAGS_MASK)
+//
+// See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions.
+//
+// Note that Span flags were introduced in version 1.1 of the
+// OpenTelemetry protocol. Older Span producers do not set this
+// field, consequently consumers should not rely on the absence of a
+// particular flag bit to indicate the presence of a particular feature.
+type SpanFlags int32
+
+const (
+ // Bits 0-7 are used for trace flags.
+ SpanFlagsTraceFlagsMask SpanFlags = 255
+ // Bits 8 and 9 are used to indicate that the parent span or link span is remote.
+ // Bit 8 (`HAS_IS_REMOTE`) indicates whether the value is known.
+ // Bit 9 (`IS_REMOTE`) indicates whether the span or link is remote.
+ SpanFlagsContextHasIsRemoteMask SpanFlags = 256
+ // SpanFlagsContextHasIsRemoteMask indicates the Span is remote.
+ SpanFlagsContextIsRemoteMask SpanFlags = 512
+)
+
+// SpanKind is the type of span. Can be used to specify additional relationships between spans
+// in addition to a parent/child relationship.
+type SpanKind int32
+
+const (
+ // Indicates that the span represents an internal operation within an application,
+ // as opposed to an operation happening at the boundaries. Default value.
+ SpanKindInternal SpanKind = 1
+ // Indicates that the span covers server-side handling of an RPC or other
+ // remote network request.
+ SpanKindServer SpanKind = 2
+ // Indicates that the span describes a request to some remote service.
+ SpanKindClient SpanKind = 3
+ // Indicates that the span describes a producer sending a message to a broker.
+ // Unlike CLIENT and SERVER, there is often no direct critical path latency relationship
+ // between producer and consumer spans. A PRODUCER span ends when the message was accepted
+ // by the broker while the logical processing of the message might span a much longer time.
+ SpanKindProducer SpanKind = 4
+ // Indicates that the span describes consumer receiving a message from a broker.
+ // Like the PRODUCER kind, there is often no direct critical path latency relationship
+ // between producer and consumer spans.
+ SpanKindConsumer SpanKind = 5
+)
+
+// Event is a time-stamped annotation of the span, consisting of user-supplied
+// text description and key-value pairs.
+type SpanEvent struct {
+ // time_unix_nano is the time the event occurred.
+ Time time.Time `json:"timeUnixNano,omitempty"`
+ // name of the event.
+ // This field is semantically required to be set to non-empty string.
+ Name string `json:"name,omitempty"`
+ // attributes is a collection of attribute key/value pairs on the event.
+ // Attribute keys MUST be unique (it is not allowed to have more than one
+ // attribute with the same key).
+ Attrs []Attr `json:"attributes,omitempty"`
+ // dropped_attributes_count is the number of dropped attributes. If the value is 0,
+ // then no attributes were dropped.
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+}
+
+// MarshalJSON encodes e into OTLP formatted JSON.
+func (e SpanEvent) MarshalJSON() ([]byte, error) {
+ t := e.Time.UnixNano()
+ if e.Time.IsZero() || t < 0 {
+ t = 0
+ }
+
+ type Alias SpanEvent
+ return json.Marshal(struct {
+ Alias
+ Time uint64 `json:"timeUnixNano,omitempty"`
+ }{
+ Alias: Alias(e),
+ Time: uint64(t),
+ })
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into se.
+func (se *SpanEvent) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid SpanEvent type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid SpanEvent field: %#v", keyIface)
+ }
+
+ switch key {
+ case "timeUnixNano", "time_unix_nano":
+ var val protoUint64
+ err = decoder.Decode(&val)
+ se.Time = time.Unix(0, int64(val.Uint64()))
+ case "name":
+ err = decoder.Decode(&se.Name)
+ case "attributes":
+ err = decoder.Decode(&se.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&se.DroppedAttrs)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// A pointer from the current span to another span in the same trace or in a
+// different trace. For example, this can be used in batching operations,
+// where a single batch handler processes multiple requests from different
+// traces or when the handler receives a request from a different project.
+type SpanLink struct {
+ // A unique identifier of a trace that this linked span is part of. The ID is a
+ // 16-byte array.
+ TraceID TraceID `json:"traceId,omitempty"`
+ // A unique identifier for the linked span. The ID is an 8-byte array.
+ SpanID SpanID `json:"spanId,omitempty"`
+ // The trace_state associated with the link.
+ TraceState string `json:"traceState,omitempty"`
+ // attributes is a collection of attribute key/value pairs on the link.
+ // Attribute keys MUST be unique (it is not allowed to have more than one
+ // attribute with the same key).
+ Attrs []Attr `json:"attributes,omitempty"`
+ // dropped_attributes_count is the number of dropped attributes. If the value is 0,
+ // then no attributes were dropped.
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+ // Flags, a bit field.
+ //
+ // Bits 0-7 (8 least significant bits) are the trace flags as defined in W3C Trace
+ // Context specification. To read the 8-bit W3C trace flag, use
+ // `flags & SPAN_FLAGS_TRACE_FLAGS_MASK`.
+ //
+ // See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions.
+ //
+ // Bits 8 and 9 represent the 3 states of whether the link is remote.
+ // The states are (unknown, is not remote, is remote).
+ // To read whether the value is known, use `(flags & SPAN_FLAGS_CONTEXT_HAS_IS_REMOTE_MASK) != 0`.
+ // To read whether the link is remote, use `(flags & SPAN_FLAGS_CONTEXT_IS_REMOTE_MASK) != 0`.
+ //
+ // Readers MUST NOT assume that bits 10-31 (22 most significant bits) will be zero.
+ // When creating new spans, bits 10-31 (most-significant 22-bits) MUST be zero.
+ //
+ // [Optional].
+ Flags uint32 `json:"flags,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into sl.
+func (sl *SpanLink) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid SpanLink type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid SpanLink field: %#v", keyIface)
+ }
+
+ switch key {
+ case "traceId", "trace_id":
+ err = decoder.Decode(&sl.TraceID)
+ case "spanId", "span_id":
+ err = decoder.Decode(&sl.SpanID)
+ case "traceState", "trace_state":
+ err = decoder.Decode(&sl.TraceState)
+ case "attributes":
+ err = decoder.Decode(&sl.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&sl.DroppedAttrs)
+ case "flags":
+ err = decoder.Decode(&sl.Flags)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go
new file mode 100644
index 0000000000..1217776ead
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go
@@ -0,0 +1,40 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry
+
+// For the semantics of status codes see
+// https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/api.md#set-status
+type StatusCode int32
+
+const (
+ // The default status.
+ StatusCodeUnset StatusCode = 0
+ // The Span has been validated by an Application developer or Operator to
+ // have completed successfully.
+ StatusCodeOK StatusCode = 1
+ // The Span contains an error.
+ StatusCodeError StatusCode = 2
+)
+
+var statusCodeStrings = []string{
+ "Unset",
+ "OK",
+ "Error",
+}
+
+func (s StatusCode) String() string {
+ if s >= 0 && int(s) < len(statusCodeStrings) {
+ return statusCodeStrings[s]
+ }
+ return ""
+}
+
+// The Status type defines a logical error model that is suitable for different
+// programming environments, including REST APIs and RPC APIs.
+type Status struct {
+ // A developer-facing human readable error message.
+ Message string `json:"message,omitempty"`
+ // The status code.
+ Code StatusCode `json:"code,omitempty"`
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go
new file mode 100644
index 0000000000..69a348f0f0
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go
@@ -0,0 +1,189 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+)
+
+// Traces represents the traces data that can be stored in a persistent storage,
+// OR can be embedded by other protocols that transfer OTLP traces data but do
+// not implement the OTLP protocol.
+//
+// The main difference between this message and collector protocol is that
+// in this message there will not be any "control" or "metadata" specific to
+// OTLP protocol.
+//
+// When new fields are added into this message, the OTLP request MUST be updated
+// as well.
+type Traces struct {
+ // An array of ResourceSpans.
+ // For data coming from a single resource this array will typically contain
+ // one element. Intermediary nodes that receive data from multiple origins
+ // typically batch the data before forwarding further and in that case this
+ // array will contain multiple elements.
+ ResourceSpans []*ResourceSpans `json:"resourceSpans,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into td.
+func (td *Traces) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid TracesData type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid TracesData field: %#v", keyIface)
+ }
+
+ switch key {
+ case "resourceSpans", "resource_spans":
+ err = decoder.Decode(&td.ResourceSpans)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// A collection of ScopeSpans from a Resource.
+type ResourceSpans struct {
+ // The resource for the spans in this message.
+ // If this field is not set then no resource info is known.
+ Resource Resource `json:"resource"`
+ // A list of ScopeSpans that originate from a resource.
+ ScopeSpans []*ScopeSpans `json:"scopeSpans,omitempty"`
+ // This schema_url applies to the data in the "resource" field. It does not apply
+ // to the data in the "scope_spans" field which have their own schema_url field.
+ SchemaURL string `json:"schemaUrl,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into rs.
+func (rs *ResourceSpans) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid ResourceSpans type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid ResourceSpans field: %#v", keyIface)
+ }
+
+ switch key {
+ case "resource":
+ err = decoder.Decode(&rs.Resource)
+ case "scopeSpans", "scope_spans":
+ err = decoder.Decode(&rs.ScopeSpans)
+ case "schemaUrl", "schema_url":
+ err = decoder.Decode(&rs.SchemaURL)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// A collection of Spans produced by an InstrumentationScope.
+type ScopeSpans struct {
+ // The instrumentation scope information for the spans in this message.
+ // Semantically when InstrumentationScope isn't set, it is equivalent with
+ // an empty instrumentation scope name (unknown).
+ Scope *Scope `json:"scope"`
+ // A list of Spans that originate from an instrumentation scope.
+ Spans []*Span `json:"spans,omitempty"`
+ // The Schema URL, if known. This is the identifier of the Schema that the span data
+ // is recorded in. To learn more about Schema URL see
+ // https://opentelemetry.io/docs/specs/otel/schemas/#schema-url
+ // This schema_url applies to all spans and span events in the "spans" field.
+ SchemaURL string `json:"schemaUrl,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into ss.
+func (ss *ScopeSpans) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid ScopeSpans type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid ScopeSpans field: %#v", keyIface)
+ }
+
+ switch key {
+ case "scope":
+ err = decoder.Decode(&ss.Scope)
+ case "spans":
+ err = decoder.Decode(&ss.Spans)
+ case "schemaUrl", "schema_url":
+ err = decoder.Decode(&ss.SchemaURL)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go
new file mode 100644
index 0000000000..0dd01b063a
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go
@@ -0,0 +1,452 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+//go:generate stringer -type=ValueKind -trimprefix=ValueKind
+
+package telemetry
+
+import (
+ "bytes"
+ "cmp"
+ "encoding/base64"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "math"
+ "slices"
+ "strconv"
+ "unsafe"
+)
+
+// A Value represents a structured value.
+// A zero value is valid and represents an empty value.
+type Value struct {
+ // Ensure forward compatibility by explicitly making this not comparable.
+ noCmp [0]func() //nolint: unused // This is indeed used.
+
+ // num holds the value for Int64, Float64, and Bool. It holds the length
+ // for String, Bytes, Slice, Map.
+ num uint64
+ // any holds either the KindBool, KindInt64, KindFloat64, stringptr,
+ // bytesptr, sliceptr, or mapptr. If KindBool, KindInt64, or KindFloat64
+ // then the value of Value is in num as described above. Otherwise, it
+ // contains the value wrapped in the appropriate type.
+ any any
+}
+
+type (
+ // sliceptr represents a value in Value.any for KindString Values.
+ stringptr *byte
+ // bytesptr represents a value in Value.any for KindBytes Values.
+ bytesptr *byte
+ // sliceptr represents a value in Value.any for KindSlice Values.
+ sliceptr *Value
+ // mapptr represents a value in Value.any for KindMap Values.
+ mapptr *Attr
+)
+
+// ValueKind is the kind of a [Value].
+type ValueKind int
+
+// ValueKind values.
+const (
+ ValueKindEmpty ValueKind = iota
+ ValueKindBool
+ ValueKindFloat64
+ ValueKindInt64
+ ValueKindString
+ ValueKindBytes
+ ValueKindSlice
+ ValueKindMap
+)
+
+var valueKindStrings = []string{
+ "Empty",
+ "Bool",
+ "Float64",
+ "Int64",
+ "String",
+ "Bytes",
+ "Slice",
+ "Map",
+}
+
+func (k ValueKind) String() string {
+ if k >= 0 && int(k) < len(valueKindStrings) {
+ return valueKindStrings[k]
+ }
+ return ""
+}
+
+// StringValue returns a new [Value] for a string.
+func StringValue(v string) Value {
+ return Value{
+ num: uint64(len(v)),
+ any: stringptr(unsafe.StringData(v)),
+ }
+}
+
+// IntValue returns a [Value] for an int.
+func IntValue(v int) Value { return Int64Value(int64(v)) }
+
+// Int64Value returns a [Value] for an int64.
+func Int64Value(v int64) Value {
+ return Value{num: uint64(v), any: ValueKindInt64}
+}
+
+// Float64Value returns a [Value] for a float64.
+func Float64Value(v float64) Value {
+ return Value{num: math.Float64bits(v), any: ValueKindFloat64}
+}
+
+// BoolValue returns a [Value] for a bool.
+func BoolValue(v bool) Value { //nolint:revive // Not a control flag.
+ var n uint64
+ if v {
+ n = 1
+ }
+ return Value{num: n, any: ValueKindBool}
+}
+
+// BytesValue returns a [Value] for a byte slice. The passed slice must not be
+// changed after it is passed.
+func BytesValue(v []byte) Value {
+ return Value{
+ num: uint64(len(v)),
+ any: bytesptr(unsafe.SliceData(v)),
+ }
+}
+
+// SliceValue returns a [Value] for a slice of [Value]. The passed slice must
+// not be changed after it is passed.
+func SliceValue(vs ...Value) Value {
+ return Value{
+ num: uint64(len(vs)),
+ any: sliceptr(unsafe.SliceData(vs)),
+ }
+}
+
+// MapValue returns a new [Value] for a slice of key-value pairs. The passed
+// slice must not be changed after it is passed.
+func MapValue(kvs ...Attr) Value {
+ return Value{
+ num: uint64(len(kvs)),
+ any: mapptr(unsafe.SliceData(kvs)),
+ }
+}
+
+// AsString returns the value held by v as a string.
+func (v Value) AsString() string {
+ if sp, ok := v.any.(stringptr); ok {
+ return unsafe.String(sp, v.num)
+ }
+ // TODO: error handle
+ return ""
+}
+
+// asString returns the value held by v as a string. It will panic if the Value
+// is not KindString.
+func (v Value) asString() string {
+ return unsafe.String(v.any.(stringptr), v.num)
+}
+
+// AsInt64 returns the value held by v as an int64.
+func (v Value) AsInt64() int64 {
+ if v.Kind() != ValueKindInt64 {
+ // TODO: error handle
+ return 0
+ }
+ return v.asInt64()
+}
+
+// asInt64 returns the value held by v as an int64. If v is not of KindInt64,
+// this will return garbage.
+func (v Value) asInt64() int64 {
+ // Assumes v.num was a valid int64 (overflow not checked).
+ return int64(v.num) // nolint: gosec
+}
+
+// AsBool returns the value held by v as a bool.
+func (v Value) AsBool() bool {
+ if v.Kind() != ValueKindBool {
+ // TODO: error handle
+ return false
+ }
+ return v.asBool()
+}
+
+// asBool returns the value held by v as a bool. If v is not of KindBool, this
+// will return garbage.
+func (v Value) asBool() bool { return v.num == 1 }
+
+// AsFloat64 returns the value held by v as a float64.
+func (v Value) AsFloat64() float64 {
+ if v.Kind() != ValueKindFloat64 {
+ // TODO: error handle
+ return 0
+ }
+ return v.asFloat64()
+}
+
+// asFloat64 returns the value held by v as a float64. If v is not of
+// KindFloat64, this will return garbage.
+func (v Value) asFloat64() float64 { return math.Float64frombits(v.num) }
+
+// AsBytes returns the value held by v as a []byte.
+func (v Value) AsBytes() []byte {
+ if sp, ok := v.any.(bytesptr); ok {
+ return unsafe.Slice((*byte)(sp), v.num)
+ }
+ // TODO: error handle
+ return nil
+}
+
+// asBytes returns the value held by v as a []byte. It will panic if the Value
+// is not KindBytes.
+func (v Value) asBytes() []byte {
+ return unsafe.Slice((*byte)(v.any.(bytesptr)), v.num)
+}
+
+// AsSlice returns the value held by v as a []Value.
+func (v Value) AsSlice() []Value {
+ if sp, ok := v.any.(sliceptr); ok {
+ return unsafe.Slice((*Value)(sp), v.num)
+ }
+ // TODO: error handle
+ return nil
+}
+
+// asSlice returns the value held by v as a []Value. It will panic if the Value
+// is not KindSlice.
+func (v Value) asSlice() []Value {
+ return unsafe.Slice((*Value)(v.any.(sliceptr)), v.num)
+}
+
+// AsMap returns the value held by v as a []Attr.
+func (v Value) AsMap() []Attr {
+ if sp, ok := v.any.(mapptr); ok {
+ return unsafe.Slice((*Attr)(sp), v.num)
+ }
+ // TODO: error handle
+ return nil
+}
+
+// asMap returns the value held by v as a []Attr. It will panic if the
+// Value is not KindMap.
+func (v Value) asMap() []Attr {
+ return unsafe.Slice((*Attr)(v.any.(mapptr)), v.num)
+}
+
+// Kind returns the Kind of v.
+func (v Value) Kind() ValueKind {
+ switch x := v.any.(type) {
+ case ValueKind:
+ return x
+ case stringptr:
+ return ValueKindString
+ case bytesptr:
+ return ValueKindBytes
+ case sliceptr:
+ return ValueKindSlice
+ case mapptr:
+ return ValueKindMap
+ default:
+ return ValueKindEmpty
+ }
+}
+
+// Empty returns if v does not hold any value.
+func (v Value) Empty() bool { return v.Kind() == ValueKindEmpty }
+
+// Equal returns if v is equal to w.
+func (v Value) Equal(w Value) bool {
+ k1 := v.Kind()
+ k2 := w.Kind()
+ if k1 != k2 {
+ return false
+ }
+ switch k1 {
+ case ValueKindInt64, ValueKindBool:
+ return v.num == w.num
+ case ValueKindString:
+ return v.asString() == w.asString()
+ case ValueKindFloat64:
+ return v.asFloat64() == w.asFloat64()
+ case ValueKindSlice:
+ return slices.EqualFunc(v.asSlice(), w.asSlice(), Value.Equal)
+ case ValueKindMap:
+ sv := sortMap(v.asMap())
+ sw := sortMap(w.asMap())
+ return slices.EqualFunc(sv, sw, Attr.Equal)
+ case ValueKindBytes:
+ return bytes.Equal(v.asBytes(), w.asBytes())
+ case ValueKindEmpty:
+ return true
+ default:
+ // TODO: error handle
+ return false
+ }
+}
+
+func sortMap(m []Attr) []Attr {
+ sm := make([]Attr, len(m))
+ copy(sm, m)
+ slices.SortFunc(sm, func(a, b Attr) int {
+ return cmp.Compare(a.Key, b.Key)
+ })
+
+ return sm
+}
+
+// String returns Value's value as a string, formatted like [fmt.Sprint].
+//
+// The returned string is meant for debugging;
+// the string representation is not stable.
+func (v Value) String() string {
+ switch v.Kind() {
+ case ValueKindString:
+ return v.asString()
+ case ValueKindInt64:
+ // Assumes v.num was a valid int64 (overflow not checked).
+ return strconv.FormatInt(int64(v.num), 10) // nolint: gosec
+ case ValueKindFloat64:
+ return strconv.FormatFloat(v.asFloat64(), 'g', -1, 64)
+ case ValueKindBool:
+ return strconv.FormatBool(v.asBool())
+ case ValueKindBytes:
+ return fmt.Sprint(v.asBytes())
+ case ValueKindMap:
+ return fmt.Sprint(v.asMap())
+ case ValueKindSlice:
+ return fmt.Sprint(v.asSlice())
+ case ValueKindEmpty:
+ return ""
+ default:
+ // Try to handle this as gracefully as possible.
+ //
+ // Don't panic here. The goal here is to have developers find this
+ // first if a slog.Kind is is not handled. It is
+ // preferable to have user's open issue asking why their attributes
+ // have a "unhandled: " prefix than say that their code is panicking.
+ return fmt.Sprintf("", v.Kind())
+ }
+}
+
+// MarshalJSON encodes v into OTLP formatted JSON.
+func (v *Value) MarshalJSON() ([]byte, error) {
+ switch v.Kind() {
+ case ValueKindString:
+ return json.Marshal(struct {
+ Value string `json:"stringValue"`
+ }{v.asString()})
+ case ValueKindInt64:
+ return json.Marshal(struct {
+ Value string `json:"intValue"`
+ }{strconv.FormatInt(int64(v.num), 10)})
+ case ValueKindFloat64:
+ return json.Marshal(struct {
+ Value float64 `json:"doubleValue"`
+ }{v.asFloat64()})
+ case ValueKindBool:
+ return json.Marshal(struct {
+ Value bool `json:"boolValue"`
+ }{v.asBool()})
+ case ValueKindBytes:
+ return json.Marshal(struct {
+ Value []byte `json:"bytesValue"`
+ }{v.asBytes()})
+ case ValueKindMap:
+ return json.Marshal(struct {
+ Value struct {
+ Values []Attr `json:"values"`
+ } `json:"kvlistValue"`
+ }{struct {
+ Values []Attr `json:"values"`
+ }{v.asMap()}})
+ case ValueKindSlice:
+ return json.Marshal(struct {
+ Value struct {
+ Values []Value `json:"values"`
+ } `json:"arrayValue"`
+ }{struct {
+ Values []Value `json:"values"`
+ }{v.asSlice()}})
+ case ValueKindEmpty:
+ return nil, nil
+ default:
+ return nil, fmt.Errorf("unknown Value kind: %s", v.Kind().String())
+ }
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into v.
+func (v *Value) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid Value type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid Value key: %#v", keyIface)
+ }
+
+ switch key {
+ case "stringValue", "string_value":
+ var val string
+ err = decoder.Decode(&val)
+ *v = StringValue(val)
+ case "boolValue", "bool_value":
+ var val bool
+ err = decoder.Decode(&val)
+ *v = BoolValue(val)
+ case "intValue", "int_value":
+ var val protoInt64
+ err = decoder.Decode(&val)
+ *v = Int64Value(val.Int64())
+ case "doubleValue", "double_value":
+ var val float64
+ err = decoder.Decode(&val)
+ *v = Float64Value(val)
+ case "bytesValue", "bytes_value":
+ var val64 string
+ if err := decoder.Decode(&val64); err != nil {
+ return err
+ }
+ var val []byte
+ val, err = base64.StdEncoding.DecodeString(val64)
+ *v = BytesValue(val)
+ case "arrayValue", "array_value":
+ var val struct{ Values []Value }
+ err = decoder.Decode(&val)
+ *v = SliceValue(val.Values...)
+ case "kvlistValue", "kvlist_value":
+ var val struct{ Values []Attr }
+ err = decoder.Decode(&val)
+ *v = MapValue(val.Values...)
+ default:
+ // Skip unknown.
+ continue
+ }
+ // Use first valid. Ignore the rest.
+ return err
+ }
+
+ // Only unknown fields. Return nil without unmarshaling any value.
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/limit.go b/vendor/go.opentelemetry.io/auto/sdk/limit.go
new file mode 100644
index 0000000000..86babf1a88
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/limit.go
@@ -0,0 +1,94 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package sdk
+
+import (
+ "log/slog"
+ "os"
+ "strconv"
+)
+
+// maxSpan are the span limits resolved during startup.
+var maxSpan = newSpanLimits()
+
+type spanLimits struct {
+ // Attrs is the number of allowed attributes for a span.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_SPAN_ATTRIBUTE_COUNT_LIMIT key if it exists. Otherwise, the
+ // environment variable value for OTEL_ATTRIBUTE_COUNT_LIMIT, or 128 if
+ // that is not set, is used.
+ Attrs int
+ // AttrValueLen is the maximum attribute value length allowed for a span.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_SPAN_ATTRIBUTE_VALUE_LENGTH_LIMIT key if it exists. Otherwise, the
+ // environment variable value for OTEL_ATTRIBUTE_VALUE_LENGTH_LIMIT, or -1
+ // if that is not set, is used.
+ AttrValueLen int
+ // Events is the number of allowed events for a span.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_SPAN_EVENT_COUNT_LIMIT key, or 128 is used if that is not set.
+ Events int
+ // EventAttrs is the number of allowed attributes for a span event.
+ //
+ // The is resolved from the environment variable value for the
+ // OTEL_EVENT_ATTRIBUTE_COUNT_LIMIT key, or 128 is used if that is not set.
+ EventAttrs int
+ // Links is the number of allowed Links for a span.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_SPAN_LINK_COUNT_LIMIT, or 128 is used if that is not set.
+ Links int
+ // LinkAttrs is the number of allowed attributes for a span link.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_LINK_ATTRIBUTE_COUNT_LIMIT, or 128 is used if that is not set.
+ LinkAttrs int
+}
+
+func newSpanLimits() spanLimits {
+ return spanLimits{
+ Attrs: firstEnv(
+ 128,
+ "OTEL_SPAN_ATTRIBUTE_COUNT_LIMIT",
+ "OTEL_ATTRIBUTE_COUNT_LIMIT",
+ ),
+ AttrValueLen: firstEnv(
+ -1, // Unlimited.
+ "OTEL_SPAN_ATTRIBUTE_VALUE_LENGTH_LIMIT",
+ "OTEL_ATTRIBUTE_VALUE_LENGTH_LIMIT",
+ ),
+ Events: firstEnv(128, "OTEL_SPAN_EVENT_COUNT_LIMIT"),
+ EventAttrs: firstEnv(128, "OTEL_EVENT_ATTRIBUTE_COUNT_LIMIT"),
+ Links: firstEnv(128, "OTEL_SPAN_LINK_COUNT_LIMIT"),
+ LinkAttrs: firstEnv(128, "OTEL_LINK_ATTRIBUTE_COUNT_LIMIT"),
+ }
+}
+
+// firstEnv returns the parsed integer value of the first matching environment
+// variable from keys. The defaultVal is returned if the value is not an
+// integer or no match is found.
+func firstEnv(defaultVal int, keys ...string) int {
+ for _, key := range keys {
+ strV := os.Getenv(key)
+ if strV == "" {
+ continue
+ }
+
+ v, err := strconv.Atoi(strV)
+ if err == nil {
+ return v
+ }
+ slog.Warn(
+ "invalid limit environment variable",
+ "error", err,
+ "key", key,
+ "value", strV,
+ )
+ }
+
+ return defaultVal
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/span.go b/vendor/go.opentelemetry.io/auto/sdk/span.go
new file mode 100644
index 0000000000..6ebea12a9e
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/span.go
@@ -0,0 +1,432 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package sdk
+
+import (
+ "encoding/json"
+ "fmt"
+ "reflect"
+ "runtime"
+ "strings"
+ "sync"
+ "sync/atomic"
+ "time"
+ "unicode/utf8"
+
+ "go.opentelemetry.io/otel/attribute"
+ "go.opentelemetry.io/otel/codes"
+ semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
+ "go.opentelemetry.io/otel/trace"
+ "go.opentelemetry.io/otel/trace/noop"
+
+ "go.opentelemetry.io/auto/sdk/internal/telemetry"
+)
+
+type span struct {
+ noop.Span
+
+ spanContext trace.SpanContext
+ sampled atomic.Bool
+
+ mu sync.Mutex
+ traces *telemetry.Traces
+ span *telemetry.Span
+}
+
+func (s *span) SpanContext() trace.SpanContext {
+ if s == nil {
+ return trace.SpanContext{}
+ }
+ // s.spanContext is immutable, do not acquire lock s.mu.
+ return s.spanContext
+}
+
+func (s *span) IsRecording() bool {
+ if s == nil {
+ return false
+ }
+
+ return s.sampled.Load()
+}
+
+func (s *span) SetStatus(c codes.Code, msg string) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ if s.span.Status == nil {
+ s.span.Status = new(telemetry.Status)
+ }
+
+ s.span.Status.Message = msg
+
+ switch c {
+ case codes.Unset:
+ s.span.Status.Code = telemetry.StatusCodeUnset
+ case codes.Error:
+ s.span.Status.Code = telemetry.StatusCodeError
+ case codes.Ok:
+ s.span.Status.Code = telemetry.StatusCodeOK
+ }
+}
+
+func (s *span) SetAttributes(attrs ...attribute.KeyValue) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ limit := maxSpan.Attrs
+ if limit == 0 {
+ // No attributes allowed.
+ s.span.DroppedAttrs += uint32(len(attrs))
+ return
+ }
+
+ m := make(map[string]int)
+ for i, a := range s.span.Attrs {
+ m[a.Key] = i
+ }
+
+ for _, a := range attrs {
+ val := convAttrValue(a.Value)
+ if val.Empty() {
+ s.span.DroppedAttrs++
+ continue
+ }
+
+ if idx, ok := m[string(a.Key)]; ok {
+ s.span.Attrs[idx] = telemetry.Attr{
+ Key: string(a.Key),
+ Value: val,
+ }
+ } else if limit < 0 || len(s.span.Attrs) < limit {
+ s.span.Attrs = append(s.span.Attrs, telemetry.Attr{
+ Key: string(a.Key),
+ Value: val,
+ })
+ m[string(a.Key)] = len(s.span.Attrs) - 1
+ } else {
+ s.span.DroppedAttrs++
+ }
+ }
+}
+
+// convCappedAttrs converts up to limit attrs into a []telemetry.Attr. The
+// number of dropped attributes is also returned.
+func convCappedAttrs(limit int, attrs []attribute.KeyValue) ([]telemetry.Attr, uint32) {
+ if limit == 0 {
+ return nil, uint32(len(attrs))
+ }
+
+ if limit < 0 {
+ // Unlimited.
+ return convAttrs(attrs), 0
+ }
+
+ limit = min(len(attrs), limit)
+ return convAttrs(attrs[:limit]), uint32(len(attrs) - limit)
+}
+
+func convAttrs(attrs []attribute.KeyValue) []telemetry.Attr {
+ if len(attrs) == 0 {
+ // Avoid allocations if not necessary.
+ return nil
+ }
+
+ out := make([]telemetry.Attr, 0, len(attrs))
+ for _, attr := range attrs {
+ key := string(attr.Key)
+ val := convAttrValue(attr.Value)
+ if val.Empty() {
+ continue
+ }
+ out = append(out, telemetry.Attr{Key: key, Value: val})
+ }
+ return out
+}
+
+func convAttrValue(value attribute.Value) telemetry.Value {
+ switch value.Type() {
+ case attribute.BOOL:
+ return telemetry.BoolValue(value.AsBool())
+ case attribute.INT64:
+ return telemetry.Int64Value(value.AsInt64())
+ case attribute.FLOAT64:
+ return telemetry.Float64Value(value.AsFloat64())
+ case attribute.STRING:
+ v := truncate(maxSpan.AttrValueLen, value.AsString())
+ return telemetry.StringValue(v)
+ case attribute.BOOLSLICE:
+ slice := value.AsBoolSlice()
+ out := make([]telemetry.Value, 0, len(slice))
+ for _, v := range slice {
+ out = append(out, telemetry.BoolValue(v))
+ }
+ return telemetry.SliceValue(out...)
+ case attribute.INT64SLICE:
+ slice := value.AsInt64Slice()
+ out := make([]telemetry.Value, 0, len(slice))
+ for _, v := range slice {
+ out = append(out, telemetry.Int64Value(v))
+ }
+ return telemetry.SliceValue(out...)
+ case attribute.FLOAT64SLICE:
+ slice := value.AsFloat64Slice()
+ out := make([]telemetry.Value, 0, len(slice))
+ for _, v := range slice {
+ out = append(out, telemetry.Float64Value(v))
+ }
+ return telemetry.SliceValue(out...)
+ case attribute.STRINGSLICE:
+ slice := value.AsStringSlice()
+ out := make([]telemetry.Value, 0, len(slice))
+ for _, v := range slice {
+ v = truncate(maxSpan.AttrValueLen, v)
+ out = append(out, telemetry.StringValue(v))
+ }
+ return telemetry.SliceValue(out...)
+ }
+ return telemetry.Value{}
+}
+
+// truncate returns a truncated version of s such that it contains less than
+// the limit number of characters. Truncation is applied by returning the limit
+// number of valid characters contained in s.
+//
+// If limit is negative, it returns the original string.
+//
+// UTF-8 is supported. When truncating, all invalid characters are dropped
+// before applying truncation.
+//
+// If s already contains less than the limit number of bytes, it is returned
+// unchanged. No invalid characters are removed.
+func truncate(limit int, s string) string {
+ // This prioritize performance in the following order based on the most
+ // common expected use-cases.
+ //
+ // - Short values less than the default limit (128).
+ // - Strings with valid encodings that exceed the limit.
+ // - No limit.
+ // - Strings with invalid encodings that exceed the limit.
+ if limit < 0 || len(s) <= limit {
+ return s
+ }
+
+ // Optimistically, assume all valid UTF-8.
+ var b strings.Builder
+ count := 0
+ for i, c := range s {
+ if c != utf8.RuneError {
+ count++
+ if count > limit {
+ return s[:i]
+ }
+ continue
+ }
+
+ _, size := utf8.DecodeRuneInString(s[i:])
+ if size == 1 {
+ // Invalid encoding.
+ b.Grow(len(s) - 1)
+ _, _ = b.WriteString(s[:i])
+ s = s[i:]
+ break
+ }
+ }
+
+ // Fast-path, no invalid input.
+ if b.Cap() == 0 {
+ return s
+ }
+
+ // Truncate while validating UTF-8.
+ for i := 0; i < len(s) && count < limit; {
+ c := s[i]
+ if c < utf8.RuneSelf {
+ // Optimization for single byte runes (common case).
+ _ = b.WriteByte(c)
+ i++
+ count++
+ continue
+ }
+
+ _, size := utf8.DecodeRuneInString(s[i:])
+ if size == 1 {
+ // We checked for all 1-byte runes above, this is a RuneError.
+ i++
+ continue
+ }
+
+ _, _ = b.WriteString(s[i : i+size])
+ i += size
+ count++
+ }
+
+ return b.String()
+}
+
+func (s *span) End(opts ...trace.SpanEndOption) {
+ if s == nil || !s.sampled.Swap(false) {
+ return
+ }
+
+ // s.end exists so the lock (s.mu) is not held while s.ended is called.
+ s.ended(s.end(opts))
+}
+
+func (s *span) end(opts []trace.SpanEndOption) []byte {
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ cfg := trace.NewSpanEndConfig(opts...)
+ if t := cfg.Timestamp(); !t.IsZero() {
+ s.span.EndTime = cfg.Timestamp()
+ } else {
+ s.span.EndTime = time.Now()
+ }
+
+ b, _ := json.Marshal(s.traces) // TODO: do not ignore this error.
+ return b
+}
+
+// Expected to be implemented in eBPF.
+//
+//go:noinline
+func (*span) ended(buf []byte) { ended(buf) }
+
+// ended is used for testing.
+var ended = func([]byte) {}
+
+func (s *span) RecordError(err error, opts ...trace.EventOption) {
+ if s == nil || err == nil || !s.sampled.Load() {
+ return
+ }
+
+ cfg := trace.NewEventConfig(opts...)
+
+ attrs := cfg.Attributes()
+ attrs = append(attrs,
+ semconv.ExceptionType(typeStr(err)),
+ semconv.ExceptionMessage(err.Error()),
+ )
+ if cfg.StackTrace() {
+ buf := make([]byte, 2048)
+ n := runtime.Stack(buf, false)
+ attrs = append(attrs, semconv.ExceptionStacktrace(string(buf[0:n])))
+ }
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ s.addEvent(semconv.ExceptionEventName, cfg.Timestamp(), attrs)
+}
+
+func typeStr(i any) string {
+ t := reflect.TypeOf(i)
+ if t.PkgPath() == "" && t.Name() == "" {
+ // Likely a builtin type.
+ return t.String()
+ }
+ return fmt.Sprintf("%s.%s", t.PkgPath(), t.Name())
+}
+
+func (s *span) AddEvent(name string, opts ...trace.EventOption) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ cfg := trace.NewEventConfig(opts...)
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ s.addEvent(name, cfg.Timestamp(), cfg.Attributes())
+}
+
+// addEvent adds an event with name and attrs at tStamp to the span. The span
+// lock (s.mu) needs to be held by the caller.
+func (s *span) addEvent(name string, tStamp time.Time, attrs []attribute.KeyValue) {
+ limit := maxSpan.Events
+
+ if limit == 0 {
+ s.span.DroppedEvents++
+ return
+ }
+
+ if limit > 0 && len(s.span.Events) == limit {
+ // Drop head while avoiding allocation of more capacity.
+ copy(s.span.Events[:limit-1], s.span.Events[1:])
+ s.span.Events = s.span.Events[:limit-1]
+ s.span.DroppedEvents++
+ }
+
+ e := &telemetry.SpanEvent{Time: tStamp, Name: name}
+ e.Attrs, e.DroppedAttrs = convCappedAttrs(maxSpan.EventAttrs, attrs)
+
+ s.span.Events = append(s.span.Events, e)
+}
+
+func (s *span) AddLink(link trace.Link) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ l := maxSpan.Links
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ if l == 0 {
+ s.span.DroppedLinks++
+ return
+ }
+
+ if l > 0 && len(s.span.Links) == l {
+ // Drop head while avoiding allocation of more capacity.
+ copy(s.span.Links[:l-1], s.span.Links[1:])
+ s.span.Links = s.span.Links[:l-1]
+ s.span.DroppedLinks++
+ }
+
+ s.span.Links = append(s.span.Links, convLink(link))
+}
+
+func convLinks(links []trace.Link) []*telemetry.SpanLink {
+ out := make([]*telemetry.SpanLink, 0, len(links))
+ for _, link := range links {
+ out = append(out, convLink(link))
+ }
+ return out
+}
+
+func convLink(link trace.Link) *telemetry.SpanLink {
+ l := &telemetry.SpanLink{
+ TraceID: telemetry.TraceID(link.SpanContext.TraceID()),
+ SpanID: telemetry.SpanID(link.SpanContext.SpanID()),
+ TraceState: link.SpanContext.TraceState().String(),
+ Flags: uint32(link.SpanContext.TraceFlags()),
+ }
+ l.Attrs, l.DroppedAttrs = convCappedAttrs(maxSpan.LinkAttrs, link.Attributes)
+
+ return l
+}
+
+func (s *span) SetName(name string) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ s.span.Name = name
+}
+
+func (*span) TracerProvider() trace.TracerProvider { return TracerProvider() }
diff --git a/vendor/go.opentelemetry.io/auto/sdk/tracer.go b/vendor/go.opentelemetry.io/auto/sdk/tracer.go
new file mode 100644
index 0000000000..cbcfabde3b
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/tracer.go
@@ -0,0 +1,124 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package sdk
+
+import (
+ "context"
+ "time"
+
+ "go.opentelemetry.io/otel/trace"
+ "go.opentelemetry.io/otel/trace/noop"
+
+ "go.opentelemetry.io/auto/sdk/internal/telemetry"
+)
+
+type tracer struct {
+ noop.Tracer
+
+ name, schemaURL, version string
+}
+
+var _ trace.Tracer = tracer{}
+
+func (t tracer) Start(ctx context.Context, name string, opts ...trace.SpanStartOption) (context.Context, trace.Span) {
+ var psc trace.SpanContext
+ sampled := true
+ span := new(span)
+
+ // Ask eBPF for sampling decision and span context info.
+ t.start(ctx, span, &psc, &sampled, &span.spanContext)
+
+ span.sampled.Store(sampled)
+
+ ctx = trace.ContextWithSpan(ctx, span)
+
+ if sampled {
+ // Only build traces if sampled.
+ cfg := trace.NewSpanStartConfig(opts...)
+ span.traces, span.span = t.traces(name, cfg, span.spanContext, psc)
+ }
+
+ return ctx, span
+}
+
+// Expected to be implemented in eBPF.
+//
+//go:noinline
+func (t *tracer) start(
+ ctx context.Context,
+ spanPtr *span,
+ psc *trace.SpanContext,
+ sampled *bool,
+ sc *trace.SpanContext,
+) {
+ start(ctx, spanPtr, psc, sampled, sc)
+}
+
+// start is used for testing.
+var start = func(context.Context, *span, *trace.SpanContext, *bool, *trace.SpanContext) {}
+
+func (t tracer) traces(name string, cfg trace.SpanConfig, sc, psc trace.SpanContext) (*telemetry.Traces, *telemetry.Span) {
+ span := &telemetry.Span{
+ TraceID: telemetry.TraceID(sc.TraceID()),
+ SpanID: telemetry.SpanID(sc.SpanID()),
+ Flags: uint32(sc.TraceFlags()),
+ TraceState: sc.TraceState().String(),
+ ParentSpanID: telemetry.SpanID(psc.SpanID()),
+ Name: name,
+ Kind: spanKind(cfg.SpanKind()),
+ }
+
+ span.Attrs, span.DroppedAttrs = convCappedAttrs(maxSpan.Attrs, cfg.Attributes())
+
+ links := cfg.Links()
+ if limit := maxSpan.Links; limit == 0 {
+ span.DroppedLinks = uint32(len(links))
+ } else {
+ if limit > 0 {
+ n := max(len(links)-limit, 0)
+ span.DroppedLinks = uint32(n)
+ links = links[n:]
+ }
+ span.Links = convLinks(links)
+ }
+
+ if t := cfg.Timestamp(); !t.IsZero() {
+ span.StartTime = cfg.Timestamp()
+ } else {
+ span.StartTime = time.Now()
+ }
+
+ return &telemetry.Traces{
+ ResourceSpans: []*telemetry.ResourceSpans{
+ {
+ ScopeSpans: []*telemetry.ScopeSpans{
+ {
+ Scope: &telemetry.Scope{
+ Name: t.name,
+ Version: t.version,
+ },
+ Spans: []*telemetry.Span{span},
+ SchemaURL: t.schemaURL,
+ },
+ },
+ },
+ },
+ }, span
+}
+
+func spanKind(kind trace.SpanKind) telemetry.SpanKind {
+ switch kind {
+ case trace.SpanKindInternal:
+ return telemetry.SpanKindInternal
+ case trace.SpanKindServer:
+ return telemetry.SpanKindServer
+ case trace.SpanKindClient:
+ return telemetry.SpanKindClient
+ case trace.SpanKindProducer:
+ return telemetry.SpanKindProducer
+ case trace.SpanKindConsumer:
+ return telemetry.SpanKindConsumer
+ }
+ return telemetry.SpanKind(0) // undefined.
+}
diff --git a/vendor/go.opentelemetry.io/auto/sdk/tracer_provider.go b/vendor/go.opentelemetry.io/auto/sdk/tracer_provider.go
new file mode 100644
index 0000000000..dbc477a59a
--- /dev/null
+++ b/vendor/go.opentelemetry.io/auto/sdk/tracer_provider.go
@@ -0,0 +1,33 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package sdk
+
+import (
+ "go.opentelemetry.io/otel/trace"
+ "go.opentelemetry.io/otel/trace/noop"
+)
+
+// TracerProvider returns an auto-instrumentable [trace.TracerProvider].
+//
+// If an [go.opentelemetry.io/auto.Instrumentation] is configured to instrument
+// the process using the returned TracerProvider, all of the telemetry it
+// produces will be processed and handled by that Instrumentation. By default,
+// if no Instrumentation instruments the TracerProvider it will not generate
+// any trace telemetry.
+func TracerProvider() trace.TracerProvider { return tracerProviderInstance }
+
+var tracerProviderInstance = new(tracerProvider)
+
+type tracerProvider struct{ noop.TracerProvider }
+
+var _ trace.TracerProvider = tracerProvider{}
+
+func (p tracerProvider) Tracer(name string, opts ...trace.TracerOption) trace.Tracer {
+ cfg := trace.NewTracerConfig(opts...)
+ return tracer{
+ name: name,
+ version: cfg.InstrumentationVersion(),
+ schemaURL: cfg.SchemaURL(),
+ }
+}
diff --git a/vendor/go.opentelemetry.io/otel/.gitignore b/vendor/go.opentelemetry.io/otel/.gitignore
index 895c7664be..749e8e881b 100644
--- a/vendor/go.opentelemetry.io/otel/.gitignore
+++ b/vendor/go.opentelemetry.io/otel/.gitignore
@@ -1,6 +1,7 @@
.DS_Store
Thumbs.db
+.cache/
.tools/
venv/
.idea/
@@ -12,11 +13,3 @@ go.work
go.work.sum
gen/
-
-/example/dice/dice
-/example/namedtracer/namedtracer
-/example/otel-collector/otel-collector
-/example/opencensus/opencensus
-/example/passthrough/passthrough
-/example/prometheus/prometheus
-/example/zipkin/zipkin
diff --git a/vendor/go.opentelemetry.io/otel/.golangci.yml b/vendor/go.opentelemetry.io/otel/.golangci.yml
index d09555506f..c58e48ab0c 100644
--- a/vendor/go.opentelemetry.io/otel/.golangci.yml
+++ b/vendor/go.opentelemetry.io/otel/.golangci.yml
@@ -22,14 +22,16 @@ linters:
- govet
- ineffassign
- misspell
+ - perfsprint
- revive
- staticcheck
- - tenv
- testifylint
- typecheck
- unconvert
- unused
- unparam
+ - usestdlibvars
+ - usetesting
issues:
# Maximum issues count per one linter.
@@ -61,10 +63,11 @@ issues:
text: "calls to (.+) only in main[(][)] or init[(][)] functions"
linters:
- revive
- # It's okay to not run gosec in a test.
+ # It's okay to not run gosec and perfsprint in a test.
- path: _test\.go
linters:
- gosec
+ - perfsprint
# Ignoring gosec G404: Use of weak random number generator (math/rand instead of crypto/rand)
# as we commonly use it in tests and examples.
- text: "G404:"
@@ -95,6 +98,13 @@ linters-settings:
- pkg: "crypto/md5"
- pkg: "crypto/sha1"
- pkg: "crypto/**/pkix"
+ auto/sdk:
+ files:
+ - "!internal/global/trace.go"
+ - "~internal/global/trace_test.go"
+ deny:
+ - pkg: "go.opentelemetry.io/auto/sdk"
+ desc: Do not use SDK from automatic instrumentation.
otlp-internal:
files:
- "!**/exporters/otlp/internal/**/*.go"
@@ -127,8 +137,6 @@ linters-settings:
- "**/metric/**/*.go"
- "**/bridge/*.go"
- "**/bridge/**/*.go"
- - "**/example/*.go"
- - "**/example/**/*.go"
- "**/trace/*.go"
- "**/trace/**/*.go"
- "**/log/*.go"
@@ -156,137 +164,71 @@ linters-settings:
locale: US
ignore-words:
- cancelled
+ perfsprint:
+ err-error: true
+ errorf: true
+ int-conversion: true
+ sprintf1: true
+ strconcat: true
revive:
# Sets the default failure confidence.
# This means that linting errors with less than 0.8 confidence will be ignored.
# Default: 0.8
confidence: 0.01
+ # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md
rules:
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#blank-imports
- name: blank-imports
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#bool-literal-in-expr
- name: bool-literal-in-expr
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#constant-logical-expr
- name: constant-logical-expr
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#context-as-argument
- # TODO (#3372) re-enable linter when it is compatible. https://github.com/golangci/golangci-lint/issues/3280
- name: context-as-argument
disabled: true
arguments:
- allowTypesBefore: "*testing.T"
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#context-keys-type
+ - allowTypesBefore: "*testing.T"
- name: context-keys-type
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#deep-exit
- name: deep-exit
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#defer
- name: defer
- disabled: false
arguments:
- ["call-chain", "loop"]
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#dot-imports
- name: dot-imports
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#duplicated-imports
- name: duplicated-imports
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#early-return
- name: early-return
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-block
+ arguments:
+ - "preserveScope"
- name: empty-block
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-lines
- name: empty-lines
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#error-naming
- name: error-naming
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#error-return
- name: error-return
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#error-strings
- name: error-strings
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#errorf
- name: errorf
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#exported
- name: exported
- disabled: false
arguments:
- "sayRepetitiveInsteadOfStutters"
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#flag-parameter
- name: flag-parameter
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#identical-branches
- name: identical-branches
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#if-return
- name: if-return
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#increment-decrement
+ - name: import-shadowing
- name: increment-decrement
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#indent-error-flow
- name: indent-error-flow
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#import-shadowing
- - name: import-shadowing
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#package-comments
+ arguments:
+ - "preserveScope"
- name: package-comments
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#range
- name: range
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#range-val-in-closure
- name: range-val-in-closure
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#range-val-address
- name: range-val-address
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#redefines-builtin-id
- name: redefines-builtin-id
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#string-format
- name: string-format
- disabled: false
arguments:
- - panic
- '/^[^\n]*$/'
- must not contain line breaks
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#struct-tag
- name: struct-tag
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#superfluous-else
- name: superfluous-else
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#time-equal
- - name: time-equal
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#var-naming
- - name: var-naming
- disabled: false
arguments:
- - ["ID"] # AllowList
- - ["Otel", "Aws", "Gcp"] # DenyList
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#var-declaration
- - name: var-declaration
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unconditional-recursion
+ - "preserveScope"
+ - name: time-equal
- name: unconditional-recursion
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unexported-return
- name: unexported-return
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unhandled-error
- name: unhandled-error
- disabled: false
arguments:
- "fmt.Fprint"
- "fmt.Fprintf"
@@ -294,15 +236,14 @@ linters-settings:
- "fmt.Print"
- "fmt.Printf"
- "fmt.Println"
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unnecessary-stmt
- name: unnecessary-stmt
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#useless-break
- name: useless-break
- disabled: false
- # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#waitgroup-by-value
+ - name: var-declaration
+ - name: var-naming
+ arguments:
+ - ["ID"] # AllowList
+ - ["Otel", "Aws", "Gcp"] # DenyList
- name: waitgroup-by-value
- disabled: false
testifylint:
enable-all: true
disable:
diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
index 4b361d0269..c076db2823 100644
--- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md
+++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
@@ -11,6 +11,133 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
+## [1.35.0/0.57.0/0.11.0] 2025-03-05
+
+This release is the last to support [Go 1.22].
+The next release will require at least [Go 1.23].
+
+### Added
+
+- Add `ValueFromAttribute` and `KeyValueFromAttribute` in `go.opentelemetry.io/otel/log`. (#6180)
+- Add `EventName` and `SetEventName` to `Record` in `go.opentelemetry.io/otel/log`. (#6187)
+- Add `EventName` to `RecordFactory` in `go.opentelemetry.io/otel/log/logtest`. (#6187)
+- `AssertRecordEqual` in `go.opentelemetry.io/otel/log/logtest` checks `Record.EventName`. (#6187)
+- Add `EventName` and `SetEventName` to `Record` in `go.opentelemetry.io/otel/sdk/log`. (#6193)
+- Add `EventName` to `RecordFactory` in `go.opentelemetry.io/otel/sdk/log/logtest`. (#6193)
+- Emit `Record.EventName` field in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. (#6211)
+- Emit `Record.EventName` field in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#6211)
+- Emit `Record.EventName` field in `go.opentelemetry.io/otel/exporters/stdout/stdoutlog` (#6210)
+- The `go.opentelemetry.io/otel/semconv/v1.28.0` package.
+ The package contains semantic conventions from the `v1.28.0` version of the OpenTelemetry Semantic Conventions.
+ See the [migration documentation](./semconv/v1.28.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.27.0`(#6236)
+- The `go.opentelemetry.io/otel/semconv/v1.30.0` package.
+ The package contains semantic conventions from the `v1.30.0` version of the OpenTelemetry Semantic Conventions.
+ See the [migration documentation](./semconv/v1.30.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.28.0`(#6240)
+- Document the pitfalls of using `Resource` as a comparable type.
+ `Resource.Equal` and `Resource.Equivalent` should be used instead. (#6272)
+- Support [Go 1.24]. (#6304)
+- Add `FilterProcessor` and `EnabledParameters` in `go.opentelemetry.io/otel/sdk/log`.
+ It replaces `go.opentelemetry.io/otel/sdk/log/internal/x.FilterProcessor`.
+ Compared to previous version it additionally gives the possibility to filter by resource and instrumentation scope. (#6317)
+
+### Changed
+
+- Update `github.com/prometheus/common` to `v0.62.0`, which changes the `NameValidationScheme` to `NoEscaping`.
+ This allows metrics names to keep original delimiters (e.g. `.`), rather than replacing with underscores.
+ This is controlled by the `Content-Type` header, or can be reverted by setting `NameValidationScheme` to `LegacyValidation` in `github.com/prometheus/common/model`. (#6198)
+
+### Fixes
+
+- Eliminate goroutine leak for the processor returned by `NewSimpleSpanProcessor` in `go.opentelemetry.io/otel/sdk/trace` when `Shutdown` is called and the passed `ctx` is canceled and `SpanExporter.Shutdown` has not returned. (#6368)
+- Eliminate goroutine leak for the processor returned by `NewBatchSpanProcessor` in `go.opentelemetry.io/otel/sdk/trace` when `ForceFlush` is called and the passed `ctx` is canceled and `SpanExporter.Export` has not returned. (#6369)
+
+## [1.34.0/0.56.0/0.10.0] 2025-01-17
+
+### Changed
+
+- Remove the notices from `Logger` to make the whole Logs API user-facing in `go.opentelemetry.io/otel/log`. (#6167)
+
+### Fixed
+
+- Relax minimum Go version to 1.22.0 in various modules. (#6073)
+- The `Type` name logged for the `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` client is corrected from `otlphttpgrpc` to `otlptracegrpc`. (#6143)
+- The `Type` name logged for the `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlphttpgrpc` client is corrected from `otlphttphttp` to `otlptracehttp`. (#6143)
+
+## [1.33.0/0.55.0/0.9.0/0.0.12] 2024-12-12
+
+### Added
+
+- Add `Reset` method to `SpanRecorder` in `go.opentelemetry.io/otel/sdk/trace/tracetest`. (#5994)
+- Add `EnabledInstrument` interface in `go.opentelemetry.io/otel/sdk/metric/internal/x`.
+ This is an experimental interface that is implemented by synchronous instruments provided by `go.opentelemetry.io/otel/sdk/metric`.
+ Users can use it to avoid performing computationally expensive operations when recording measurements.
+ It does not fall within the scope of the OpenTelemetry Go versioning and stability [policy](./VERSIONING.md) and it may be changed in backwards incompatible ways or removed in feature releases. (#6016)
+
+### Changed
+
+- The default global API now supports full auto-instrumentation from the `go.opentelemetry.io/auto` package.
+ See that package for more information. (#5920)
+- Propagate non-retryable error messages to client in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#5929)
+- Propagate non-retryable error messages to client in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#5929)
+- Propagate non-retryable error messages to client in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#5929)
+- Performance improvements for attribute value `AsStringSlice`, `AsFloat64Slice`, `AsInt64Slice`, `AsBoolSlice`. (#6011)
+- Change `EnabledParameters` to have a `Severity` field instead of a getter and setter in `go.opentelemetry.io/otel/log`. (#6009)
+
+### Fixed
+
+- Fix inconsistent request body closing in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#5954)
+- Fix inconsistent request body closing in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#5954)
+- Fix inconsistent request body closing in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#5954)
+- Fix invalid exemplar keys in `go.opentelemetry.io/otel/exporters/prometheus`. (#5995)
+- Fix attribute value truncation in `go.opentelemetry.io/otel/sdk/trace`. (#5997)
+- Fix attribute value truncation in `go.opentelemetry.io/otel/sdk/log`. (#6032)
+
+## [1.32.0/0.54.0/0.8.0/0.0.11] 2024-11-08
+
+### Added
+
+- Add `go.opentelemetry.io/otel/sdk/metric/exemplar.AlwaysOffFilter`, which can be used to disable exemplar recording. (#5850)
+- Add `go.opentelemetry.io/otel/sdk/metric.WithExemplarFilter`, which can be used to configure the exemplar filter used by the metrics SDK. (#5850)
+- Add `ExemplarReservoirProviderSelector` and `DefaultExemplarReservoirProviderSelector` to `go.opentelemetry.io/otel/sdk/metric`, which defines the exemplar reservoir to use based on the aggregation of the metric. (#5861)
+- Add `ExemplarReservoirProviderSelector` to `go.opentelemetry.io/otel/sdk/metric.Stream` to allow using views to configure the exemplar reservoir to use for a metric. (#5861)
+- Add `ReservoirProvider`, `HistogramReservoirProvider` and `FixedSizeReservoirProvider` to `go.opentelemetry.io/otel/sdk/metric/exemplar` to make it convenient to use providers of Reservoirs. (#5861)
+- The `go.opentelemetry.io/otel/semconv/v1.27.0` package.
+ The package contains semantic conventions from the `v1.27.0` version of the OpenTelemetry Semantic Conventions. (#5894)
+- Add `Attributes attribute.Set` field to `Scope` in `go.opentelemetry.io/otel/sdk/instrumentation`. (#5903)
+- Add `Attributes attribute.Set` field to `ScopeRecords` in `go.opentelemetry.io/otel/log/logtest`. (#5927)
+- `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` adds instrumentation scope attributes. (#5934)
+- `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` adds instrumentation scope attributes. (#5934)
+- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` adds instrumentation scope attributes. (#5935)
+- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` adds instrumentation scope attributes. (#5935)
+- `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc` adds instrumentation scope attributes. (#5933)
+- `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` adds instrumentation scope attributes. (#5933)
+- `go.opentelemetry.io/otel/exporters/prometheus` adds instrumentation scope attributes in `otel_scope_info` metric as labels. (#5932)
+
+### Changed
+
+- Support scope attributes and make them as identifying for `Tracer` in `go.opentelemetry.io/otel` and `go.opentelemetry.io/otel/sdk/trace`. (#5924)
+- Support scope attributes and make them as identifying for `Meter` in `go.opentelemetry.io/otel` and `go.opentelemetry.io/otel/sdk/metric`. (#5926)
+- Support scope attributes and make them as identifying for `Logger` in `go.opentelemetry.io/otel` and `go.opentelemetry.io/otel/sdk/log`. (#5925)
+- Make schema URL and scope attributes as identifying for `Tracer` in `go.opentelemetry.io/otel/bridge/opentracing`. (#5931)
+- Clear unneeded slice elements to allow GC to collect the objects in `go.opentelemetry.io/otel/sdk/metric` and `go.opentelemetry.io/otel/sdk/trace`. (#5804)
+
+### Fixed
+
+- Global MeterProvider registration unwraps global instrument Observers, the undocumented Unwrap() methods are now private. (#5881)
+- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` now keeps the metadata already present in the context when `WithHeaders` is used. (#5892)
+- `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc` now keeps the metadata already present in the context when `WithHeaders` is used. (#5911)
+- `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` now keeps the metadata already present in the context when `WithHeaders` is used. (#5915)
+- Fix `go.opentelemetry.io/otel/exporters/prometheus` trying to add exemplars to Gauge metrics, which is unsupported. (#5912)
+- Fix `WithEndpointURL` to always use a secure connection when an https URL is passed in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#5944)
+- Fix `WithEndpointURL` to always use a secure connection when an https URL is passed in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#5944)
+- Fix `WithEndpointURL` to always use a secure connection when an https URL is passed in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#5944)
+- Fix `WithEndpointURL` to always use a secure connection when an https URL is passed in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#5944)
+- Fix incorrect metrics generated from callbacks when multiple readers are used in `go.opentelemetry.io/otel/sdk/metric`. (#5900)
+
+### Removed
+
+- Remove all examples under `go.opentelemetry.io/otel/example` as they are moved to [Contrib repository](https://github.com/open-telemetry/opentelemetry-go-contrib/tree/main/examples). (#5930)
+
## [1.31.0/0.53.0/0.7.0/0.0.10] 2024-10-11
### Added
@@ -3110,7 +3237,11 @@ It contains api and sdk for trace and meter.
- CircleCI build CI manifest files.
- CODEOWNERS file to track owners of this project.
-[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...HEAD
+[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.35.0...HEAD
+[1.35.0/0.57.0/0.11.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.35.0
+[1.34.0/0.56.0/0.10.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.34.0
+[1.33.0/0.55.0/0.9.0/0.0.12]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.33.0
+[1.32.0/0.54.0/0.8.0/0.0.11]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.32.0
[1.31.0/0.53.0/0.7.0/0.0.10]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.31.0
[1.30.0/0.52.0/0.6.0/0.0.9]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.30.0
[1.29.0/0.51.0/0.5.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.29.0
@@ -3198,6 +3329,7 @@ It contains api and sdk for trace and meter.
+[Go 1.24]: https://go.dev/doc/go1.24
[Go 1.23]: https://go.dev/doc/go1.23
[Go 1.22]: https://go.dev/doc/go1.22
[Go 1.21]: https://go.dev/doc/go1.21
diff --git a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
index bb33965574..7b8af585aa 100644
--- a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
+++ b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
@@ -181,6 +181,18 @@ patterns in the spec.
For a deeper discussion, see
[this](https://github.com/open-telemetry/opentelemetry-specification/issues/165).
+## Tests
+
+Each functionality should be covered by tests.
+
+Performance-critical functionality should also be covered by benchmarks.
+
+- Pull requests adding a performance-critical functionality
+should have `go test -bench` output in their description.
+- Pull requests changing a performance-critical functionality
+should have [`benchstat`](https://pkg.go.dev/golang.org/x/perf/cmd/benchstat)
+output in their description.
+
## Documentation
Each (non-internal, non-test) package must be documented using
@@ -629,6 +641,10 @@ should be canceled.
## Approvers and Maintainers
+### Triagers
+
+- [Cheng-Zhen Yang](https://github.com/scorpionknifes), Independent
+
### Approvers
### Maintainers
@@ -641,13 +657,13 @@ should be canceled.
### Emeritus
-- [Aaron Clawson](https://github.com/MadVikingGod), LightStep
-- [Anthony Mirabella](https://github.com/Aneurysm9), AWS
-- [Chester Cheung](https://github.com/hanyuancheung), Tencent
-- [Evan Torrie](https://github.com/evantorrie), Yahoo
-- [Gustavo Silva Paiva](https://github.com/paivagustavo), LightStep
-- [Josh MacDonald](https://github.com/jmacd), LightStep
-- [Liz Fong-Jones](https://github.com/lizthegrey), Honeycomb
+- [Aaron Clawson](https://github.com/MadVikingGod)
+- [Anthony Mirabella](https://github.com/Aneurysm9)
+- [Chester Cheung](https://github.com/hanyuancheung)
+- [Evan Torrie](https://github.com/evantorrie)
+- [Gustavo Silva Paiva](https://github.com/paivagustavo)
+- [Josh MacDonald](https://github.com/jmacd)
+- [Liz Fong-Jones](https://github.com/lizthegrey)
### Become an Approver or a Maintainer
diff --git a/vendor/go.opentelemetry.io/otel/Makefile b/vendor/go.opentelemetry.io/otel/Makefile
index a1228a2124..226410d742 100644
--- a/vendor/go.opentelemetry.io/otel/Makefile
+++ b/vendor/go.opentelemetry.io/otel/Makefile
@@ -11,11 +11,15 @@ ALL_COVERAGE_MOD_DIRS := $(shell find . -type f -name 'go.mod' -exec dirname {}
GO = go
TIMEOUT = 60
+# User to run as in docker images.
+DOCKER_USER=$(shell id -u):$(shell id -g)
+DEPENDENCIES_DOCKERFILE=./dependencies.Dockerfile
+
.DEFAULT_GOAL := precommit
.PHONY: precommit ci
-precommit: generate license-check misspell go-mod-tidy golangci-lint-fix verify-readmes verify-mods test-default
-ci: generate license-check lint vanity-import-check verify-readmes verify-mods build test-default check-clean-work-tree test-coverage
+precommit: generate toolchain-check license-check misspell go-mod-tidy golangci-lint-fix verify-readmes verify-mods test-default
+ci: generate toolchain-check license-check lint vanity-import-check verify-readmes verify-mods build test-default check-clean-work-tree test-coverage
# Tools
@@ -81,20 +85,20 @@ PIP := $(PYTOOLS)/pip
WORKDIR := /workdir
# The python image to use for the virtual environment.
-PYTHONIMAGE := python:3.11.3-slim-bullseye
+PYTHONIMAGE := $(shell awk '$$4=="python" {print $$2}' $(DEPENDENCIES_DOCKERFILE))
# Run the python image with the current directory mounted.
-DOCKERPY := docker run --rm -v "$(CURDIR):$(WORKDIR)" -w $(WORKDIR) $(PYTHONIMAGE)
+DOCKERPY := docker run --rm -u $(DOCKER_USER) -v "$(CURDIR):$(WORKDIR)" -w $(WORKDIR) $(PYTHONIMAGE)
# Create a virtual environment for Python tools.
$(PYTOOLS):
# The `--upgrade` flag is needed to ensure that the virtual environment is
# created with the latest pip version.
- @$(DOCKERPY) bash -c "python3 -m venv $(VENVDIR) && $(PIP) install --upgrade pip"
+ @$(DOCKERPY) bash -c "python3 -m venv $(VENVDIR) && $(PIP) install --upgrade --cache-dir=$(WORKDIR)/.cache/pip pip"
# Install python packages into the virtual environment.
$(PYTOOLS)/%: $(PYTOOLS)
- @$(DOCKERPY) $(PIP) install -r requirements.txt
+ @$(DOCKERPY) $(PIP) install --cache-dir=$(WORKDIR)/.cache/pip -r requirements.txt
CODESPELL = $(PYTOOLS)/codespell
$(CODESPELL): PACKAGE=codespell
@@ -119,7 +123,7 @@ vanity-import-fix: $(PORTO)
# Generate go.work file for local development.
.PHONY: go-work
go-work: $(CROSSLINK)
- $(CROSSLINK) work --root=$(shell pwd)
+ $(CROSSLINK) work --root=$(shell pwd) --go=1.22.7
# Build
@@ -235,6 +239,16 @@ govulncheck/%: $(GOVULNCHECK)
codespell: $(CODESPELL)
@$(DOCKERPY) $(CODESPELL)
+.PHONY: toolchain-check
+toolchain-check:
+ @toolchainRes=$$(for f in $(ALL_GO_MOD_DIRS); do \
+ awk '/^toolchain/ { found=1; next } END { if (found) print FILENAME }' $$f/go.mod; \
+ done); \
+ if [ -n "$${toolchainRes}" ]; then \
+ echo "toolchain checking failed:"; echo "$${toolchainRes}"; \
+ exit 1; \
+ fi
+
.PHONY: license-check
license-check:
@licRes=$$(for f in $$(find . -type f \( -iname '*.go' -o -iname '*.sh' \) ! -path '**/third_party/*' ! -path './.git/*' ) ; do \
@@ -255,13 +269,30 @@ check-clean-work-tree:
exit 1; \
fi
+# The weaver docker image to use for semconv-generate.
+WEAVER_IMAGE := $(shell awk '$$4=="weaver" {print $$2}' $(DEPENDENCIES_DOCKERFILE))
+
SEMCONVPKG ?= "semconv/"
.PHONY: semconv-generate
-semconv-generate: $(SEMCONVGEN) $(SEMCONVKIT)
+semconv-generate: $(SEMCONVKIT)
[ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry semantic-conventions tag"; exit 1 )
- [ "$(OTEL_SEMCONV_REPO)" ] || ( echo "OTEL_SEMCONV_REPO unset: missing path to opentelemetry semantic-conventions repo"; exit 1 )
- $(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=attribute_group -p conventionType=trace -f attribute_group.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
- $(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=metric -f metric.go -t "$(SEMCONVPKG)/metric_template.j2" -s "$(TAG)"
+ # Ensure the target directory for source code is available.
+ mkdir -p $(PWD)/$(SEMCONVPKG)/${TAG}
+ # Note: We mount a home directory for downloading/storing the semconv repository.
+ # Weaver will automatically clean the cache when finished, but the directories will remain.
+ mkdir -p ~/.weaver
+ docker run --rm \
+ -u $(DOCKER_USER) \
+ --env HOME=/tmp/weaver \
+ --mount 'type=bind,source=$(PWD)/semconv,target=/home/weaver/templates/registry/go,readonly' \
+ --mount 'type=bind,source=$(PWD)/semconv/${TAG},target=/home/weaver/target' \
+ --mount 'type=bind,source=$(HOME)/.weaver,target=/tmp/weaver/.weaver' \
+ $(WEAVER_IMAGE) registry generate \
+ --registry=https://github.com/open-telemetry/semantic-conventions/archive/refs/tags/$(TAG).zip[model] \
+ --templates=/home/weaver/templates \
+ --param tag=$(TAG) \
+ go \
+ /home/weaver/target
$(SEMCONVKIT) -output "$(SEMCONVPKG)/$(TAG)" -tag "$(TAG)"
.PHONY: gorelease
diff --git a/vendor/go.opentelemetry.io/otel/README.md b/vendor/go.opentelemetry.io/otel/README.md
index efec278905..8421cd7e59 100644
--- a/vendor/go.opentelemetry.io/otel/README.md
+++ b/vendor/go.opentelemetry.io/otel/README.md
@@ -1,9 +1,11 @@
# OpenTelemetry-Go
-[](https://github.com/open-telemetry/opentelemetry-go/actions?query=workflow%3Aci+branch%3Amain)
+[](https://github.com/open-telemetry/opentelemetry-go/actions/workflows/ci.yml)
[](https://app.codecov.io/gh/open-telemetry/opentelemetry-go?branch=main)
[](https://pkg.go.dev/go.opentelemetry.io/otel)
[](https://goreportcard.com/report/go.opentelemetry.io/otel)
+[](https://scorecard.dev/viewer/?uri=github.com/open-telemetry/opentelemetry-go)
+[](https://www.bestpractices.dev/projects/9996)
[](https://cloud-native.slack.com/archives/C01NPAXACKT)
OpenTelemetry-Go is the [Go](https://golang.org/) implementation of [OpenTelemetry](https://opentelemetry.io/).
@@ -49,18 +51,25 @@ Currently, this project supports the following environments.
| OS | Go Version | Architecture |
|----------|------------|--------------|
+| Ubuntu | 1.24 | amd64 |
| Ubuntu | 1.23 | amd64 |
| Ubuntu | 1.22 | amd64 |
+| Ubuntu | 1.24 | 386 |
| Ubuntu | 1.23 | 386 |
| Ubuntu | 1.22 | 386 |
-| Linux | 1.23 | arm64 |
-| Linux | 1.22 | arm64 |
+| Ubuntu | 1.24 | arm64 |
+| Ubuntu | 1.23 | arm64 |
+| Ubuntu | 1.22 | arm64 |
+| macOS 13 | 1.24 | amd64 |
| macOS 13 | 1.23 | amd64 |
| macOS 13 | 1.22 | amd64 |
+| macOS | 1.24 | arm64 |
| macOS | 1.23 | arm64 |
| macOS | 1.22 | arm64 |
+| Windows | 1.24 | amd64 |
| Windows | 1.23 | amd64 |
| Windows | 1.22 | amd64 |
+| Windows | 1.24 | 386 |
| Windows | 1.23 | 386 |
| Windows | 1.22 | 386 |
diff --git a/vendor/go.opentelemetry.io/otel/RELEASING.md b/vendor/go.opentelemetry.io/otel/RELEASING.md
index ffa9b61258..1e13ae54f7 100644
--- a/vendor/go.opentelemetry.io/otel/RELEASING.md
+++ b/vendor/go.opentelemetry.io/otel/RELEASING.md
@@ -5,17 +5,14 @@
New versions of the [OpenTelemetry Semantic Conventions] mean new versions of the `semconv` package need to be generated.
The `semconv-generate` make target is used for this.
-1. Checkout a local copy of the [OpenTelemetry Semantic Conventions] to the desired release tag.
-2. Pull the latest `otel/semconvgen` image: `docker pull otel/semconvgen:latest`
-3. Run the `make semconv-generate ...` target from this repository.
+1. Set the `TAG` environment variable to the semantic convention tag you want to generate.
+2. Run the `make semconv-generate ...` target from this repository.
For example,
```sh
-export TAG="v1.21.0" # Change to the release version you are generating.
-export OTEL_SEMCONV_REPO="/absolute/path/to/opentelemetry/semantic-conventions"
-docker pull otel/semconvgen:latest
-make semconv-generate # Uses the exported TAG and OTEL_SEMCONV_REPO.
+export TAG="v1.30.0" # Change to the release version you are generating.
+make semconv-generate # Uses the exported TAG.
```
This should create a new sub-package of [`semconv`](./semconv).
@@ -130,6 +127,6 @@ Importantly, bump any package versions referenced to be the latest one you just
Bump the dependencies in the following Go services:
-- [`accountingservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/accountingservice)
-- [`checkoutservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/checkoutservice)
-- [`productcatalogservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/productcatalogservice)
+- [`accounting`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/accounting)
+- [`checkoutservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/checkout)
+- [`productcatalogservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/product-catalog)
diff --git a/vendor/go.opentelemetry.io/otel/VERSIONING.md b/vendor/go.opentelemetry.io/otel/VERSIONING.md
index 412f1e362b..b8cb605c16 100644
--- a/vendor/go.opentelemetry.io/otel/VERSIONING.md
+++ b/vendor/go.opentelemetry.io/otel/VERSIONING.md
@@ -26,7 +26,7 @@ is designed so the following goals can be achieved.
go.opentelemetry.io/otel/v2 v2.0.1`) and in the package import path
(e.g., `import "go.opentelemetry.io/otel/v2/trace"`). This includes the
paths used in `go get` commands (e.g., `go get
- go.opentelemetry.io/otel/v2@v2.0.1`. Note there is both a `/v2` and a
+ go.opentelemetry.io/otel/v2@v2.0.1`). Note there is both a `/v2` and a
`@v2.0.1` in that example. One way to think about it is that the module
name now includes the `/v2`, so include `/v2` whenever you are using the
module name).
diff --git a/vendor/go.opentelemetry.io/otel/baggage/baggage.go b/vendor/go.opentelemetry.io/otel/baggage/baggage.go
index 36f5367030..0e1fe24220 100644
--- a/vendor/go.opentelemetry.io/otel/baggage/baggage.go
+++ b/vendor/go.opentelemetry.io/otel/baggage/baggage.go
@@ -355,7 +355,7 @@ func parseMember(member string) (Member, error) {
}
// replaceInvalidUTF8Sequences replaces invalid UTF-8 sequences with '�'.
-func replaceInvalidUTF8Sequences(cap int, unescapeVal string) string {
+func replaceInvalidUTF8Sequences(c int, unescapeVal string) string {
if utf8.ValidString(unescapeVal) {
return unescapeVal
}
@@ -363,7 +363,7 @@ func replaceInvalidUTF8Sequences(cap int, unescapeVal string) string {
// https://github.com/w3c/baggage/blob/8c215efbeebd3fa4b1aceb937a747e56444f22f3/baggage/HTTP_HEADER_FORMAT.md?plain=1#L69
var b strings.Builder
- b.Grow(cap)
+ b.Grow(c)
for i := 0; i < len(unescapeVal); {
r, size := utf8.DecodeRuneInString(unescapeVal[i:])
if r == utf8.RuneError && size == 1 {
diff --git a/vendor/go.opentelemetry.io/otel/codes/codes.go b/vendor/go.opentelemetry.io/otel/codes/codes.go
index 2acbac3546..49a35b1225 100644
--- a/vendor/go.opentelemetry.io/otel/codes/codes.go
+++ b/vendor/go.opentelemetry.io/otel/codes/codes.go
@@ -5,6 +5,7 @@ package codes // import "go.opentelemetry.io/otel/codes"
import (
"encoding/json"
+ "errors"
"fmt"
"strconv"
)
@@ -63,7 +64,7 @@ func (c *Code) UnmarshalJSON(b []byte) error {
return nil
}
if c == nil {
- return fmt.Errorf("nil receiver passed to UnmarshalJSON")
+ return errors.New("nil receiver passed to UnmarshalJSON")
}
var x interface{}
diff --git a/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile b/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile
new file mode 100644
index 0000000000..e4c4a753c8
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile
@@ -0,0 +1,3 @@
+# This is a renovate-friendly source of Docker images.
+FROM python:3.13.2-slim-bullseye@sha256:31b581c8218e1f3c58672481b3b7dba8e898852866b408c6a984c22832523935 AS python
+FROM otel/weaver:v0.13.2@sha256:ae7346b992e477f629ea327e0979e8a416a97f7956ab1f7e95ac1f44edf1a893 AS weaver
diff --git a/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go b/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go
index 822d847947..691d96c755 100644
--- a/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go
+++ b/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go
@@ -49,12 +49,11 @@ func AsBoolSlice(v interface{}) []bool {
if rv.Type().Kind() != reflect.Array {
return nil
}
- var zero bool
- correctLen := rv.Len()
- correctType := reflect.ArrayOf(correctLen, reflect.TypeOf(zero))
- cpy := reflect.New(correctType)
- _ = reflect.Copy(cpy.Elem(), rv)
- return cpy.Elem().Slice(0, correctLen).Interface().([]bool)
+ cpy := make([]bool, rv.Len())
+ if len(cpy) > 0 {
+ _ = reflect.Copy(reflect.ValueOf(cpy), rv)
+ }
+ return cpy
}
// AsInt64Slice converts an int64 array into a slice into with same elements as array.
@@ -63,12 +62,11 @@ func AsInt64Slice(v interface{}) []int64 {
if rv.Type().Kind() != reflect.Array {
return nil
}
- var zero int64
- correctLen := rv.Len()
- correctType := reflect.ArrayOf(correctLen, reflect.TypeOf(zero))
- cpy := reflect.New(correctType)
- _ = reflect.Copy(cpy.Elem(), rv)
- return cpy.Elem().Slice(0, correctLen).Interface().([]int64)
+ cpy := make([]int64, rv.Len())
+ if len(cpy) > 0 {
+ _ = reflect.Copy(reflect.ValueOf(cpy), rv)
+ }
+ return cpy
}
// AsFloat64Slice converts a float64 array into a slice into with same elements as array.
@@ -77,12 +75,11 @@ func AsFloat64Slice(v interface{}) []float64 {
if rv.Type().Kind() != reflect.Array {
return nil
}
- var zero float64
- correctLen := rv.Len()
- correctType := reflect.ArrayOf(correctLen, reflect.TypeOf(zero))
- cpy := reflect.New(correctType)
- _ = reflect.Copy(cpy.Elem(), rv)
- return cpy.Elem().Slice(0, correctLen).Interface().([]float64)
+ cpy := make([]float64, rv.Len())
+ if len(cpy) > 0 {
+ _ = reflect.Copy(reflect.ValueOf(cpy), rv)
+ }
+ return cpy
}
// AsStringSlice converts a string array into a slice into with same elements as array.
@@ -91,10 +88,9 @@ func AsStringSlice(v interface{}) []string {
if rv.Type().Kind() != reflect.Array {
return nil
}
- var zero string
- correctLen := rv.Len()
- correctType := reflect.ArrayOf(correctLen, reflect.TypeOf(zero))
- cpy := reflect.New(correctType)
- _ = reflect.Copy(cpy.Elem(), rv)
- return cpy.Elem().Slice(0, correctLen).Interface().([]string)
+ cpy := make([]string, rv.Len())
+ if len(cpy) > 0 {
+ _ = reflect.Copy(reflect.ValueOf(cpy), rv)
+ }
+ return cpy
}
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/instruments.go b/vendor/go.opentelemetry.io/otel/internal/global/instruments.go
index 3a0cc42f6a..ae92a42516 100644
--- a/vendor/go.opentelemetry.io/otel/internal/global/instruments.go
+++ b/vendor/go.opentelemetry.io/otel/internal/global/instruments.go
@@ -13,7 +13,7 @@ import (
// unwrapper unwraps to return the underlying instrument implementation.
type unwrapper interface {
- Unwrap() metric.Observable
+ unwrap() metric.Observable
}
type afCounter struct {
@@ -40,7 +40,7 @@ func (i *afCounter) setDelegate(m metric.Meter) {
i.delegate.Store(ctr)
}
-func (i *afCounter) Unwrap() metric.Observable {
+func (i *afCounter) unwrap() metric.Observable {
if ctr := i.delegate.Load(); ctr != nil {
return ctr.(metric.Float64ObservableCounter)
}
@@ -71,7 +71,7 @@ func (i *afUpDownCounter) setDelegate(m metric.Meter) {
i.delegate.Store(ctr)
}
-func (i *afUpDownCounter) Unwrap() metric.Observable {
+func (i *afUpDownCounter) unwrap() metric.Observable {
if ctr := i.delegate.Load(); ctr != nil {
return ctr.(metric.Float64ObservableUpDownCounter)
}
@@ -102,7 +102,7 @@ func (i *afGauge) setDelegate(m metric.Meter) {
i.delegate.Store(ctr)
}
-func (i *afGauge) Unwrap() metric.Observable {
+func (i *afGauge) unwrap() metric.Observable {
if ctr := i.delegate.Load(); ctr != nil {
return ctr.(metric.Float64ObservableGauge)
}
@@ -133,7 +133,7 @@ func (i *aiCounter) setDelegate(m metric.Meter) {
i.delegate.Store(ctr)
}
-func (i *aiCounter) Unwrap() metric.Observable {
+func (i *aiCounter) unwrap() metric.Observable {
if ctr := i.delegate.Load(); ctr != nil {
return ctr.(metric.Int64ObservableCounter)
}
@@ -164,7 +164,7 @@ func (i *aiUpDownCounter) setDelegate(m metric.Meter) {
i.delegate.Store(ctr)
}
-func (i *aiUpDownCounter) Unwrap() metric.Observable {
+func (i *aiUpDownCounter) unwrap() metric.Observable {
if ctr := i.delegate.Load(); ctr != nil {
return ctr.(metric.Int64ObservableUpDownCounter)
}
@@ -195,7 +195,7 @@ func (i *aiGauge) setDelegate(m metric.Meter) {
i.delegate.Store(ctr)
}
-func (i *aiGauge) Unwrap() metric.Observable {
+func (i *aiGauge) unwrap() metric.Observable {
if ctr := i.delegate.Load(); ctr != nil {
return ctr.(metric.Int64ObservableGauge)
}
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/meter.go b/vendor/go.opentelemetry.io/otel/internal/global/meter.go
index e3db438a09..a6acd8dca6 100644
--- a/vendor/go.opentelemetry.io/otel/internal/global/meter.go
+++ b/vendor/go.opentelemetry.io/otel/internal/global/meter.go
@@ -5,6 +5,7 @@ package global // import "go.opentelemetry.io/otel/internal/global"
import (
"container/list"
+ "context"
"reflect"
"sync"
@@ -66,6 +67,7 @@ func (p *meterProvider) Meter(name string, opts ...metric.MeterOption) metric.Me
name: name,
version: c.InstrumentationVersion(),
schema: c.SchemaURL(),
+ attrs: c.InstrumentationAttributes(),
}
if p.meters == nil {
@@ -472,8 +474,7 @@ func (m *meter) RegisterCallback(f metric.Callback, insts ...metric.Observable)
defer m.mtx.Unlock()
if m.delegate != nil {
- insts = unwrapInstruments(insts)
- return m.delegate.RegisterCallback(f, insts...)
+ return m.delegate.RegisterCallback(unwrapCallback(f), unwrapInstruments(insts)...)
}
reg := ®istration{instruments: insts, function: f}
@@ -487,15 +488,11 @@ func (m *meter) RegisterCallback(f metric.Callback, insts ...metric.Observable)
return reg, nil
}
-type wrapped interface {
- unwrap() metric.Observable
-}
-
func unwrapInstruments(instruments []metric.Observable) []metric.Observable {
out := make([]metric.Observable, 0, len(instruments))
for _, inst := range instruments {
- if in, ok := inst.(wrapped); ok {
+ if in, ok := inst.(unwrapper); ok {
out = append(out, in.unwrap())
} else {
out = append(out, inst)
@@ -515,9 +512,61 @@ type registration struct {
unregMu sync.Mutex
}
-func (c *registration) setDelegate(m metric.Meter) {
- insts := unwrapInstruments(c.instruments)
+type unwrapObs struct {
+ embedded.Observer
+ obs metric.Observer
+}
+
+// unwrapFloat64Observable returns an expected metric.Float64Observable after
+// unwrapping the global object.
+func unwrapFloat64Observable(inst metric.Float64Observable) metric.Float64Observable {
+ if unwrapped, ok := inst.(unwrapper); ok {
+ if floatObs, ok := unwrapped.unwrap().(metric.Float64Observable); ok {
+ // Note: if the unwrapped object does not
+ // unwrap as an observable for either of the
+ // predicates here, it means an internal bug in
+ // this package. We avoid logging an error in
+ // this case, because the SDK has to try its
+ // own type conversion on the object. The SDK
+ // will see this and be forced to respond with
+ // its own error.
+ //
+ // This code uses a double-nested if statement
+ // to avoid creating a branch that is
+ // impossible to cover.
+ inst = floatObs
+ }
+ }
+ return inst
+}
+
+// unwrapInt64Observable returns an expected metric.Int64Observable after
+// unwrapping the global object.
+func unwrapInt64Observable(inst metric.Int64Observable) metric.Int64Observable {
+ if unwrapped, ok := inst.(unwrapper); ok {
+ if unint, ok := unwrapped.unwrap().(metric.Int64Observable); ok {
+ // See the comment in unwrapFloat64Observable().
+ inst = unint
+ }
+ }
+ return inst
+}
+
+func (uo *unwrapObs) ObserveFloat64(inst metric.Float64Observable, value float64, opts ...metric.ObserveOption) {
+ uo.obs.ObserveFloat64(unwrapFloat64Observable(inst), value, opts...)
+}
+
+func (uo *unwrapObs) ObserveInt64(inst metric.Int64Observable, value int64, opts ...metric.ObserveOption) {
+ uo.obs.ObserveInt64(unwrapInt64Observable(inst), value, opts...)
+}
+func unwrapCallback(f metric.Callback) metric.Callback {
+ return func(ctx context.Context, obs metric.Observer) error {
+ return f(ctx, &unwrapObs{obs: obs})
+ }
+}
+
+func (c *registration) setDelegate(m metric.Meter) {
c.unregMu.Lock()
defer c.unregMu.Unlock()
@@ -526,7 +575,7 @@ func (c *registration) setDelegate(m metric.Meter) {
return
}
- reg, err := m.RegisterCallback(c.function, insts...)
+ reg, err := m.RegisterCallback(unwrapCallback(c.function), unwrapInstruments(c.instruments)...)
if err != nil {
GetErrorHandler().Handle(err)
return
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/trace.go b/vendor/go.opentelemetry.io/otel/internal/global/trace.go
index e31f442b48..8982aa0dc5 100644
--- a/vendor/go.opentelemetry.io/otel/internal/global/trace.go
+++ b/vendor/go.opentelemetry.io/otel/internal/global/trace.go
@@ -25,6 +25,7 @@ import (
"sync"
"sync/atomic"
+ "go.opentelemetry.io/auto/sdk"
"go.opentelemetry.io/otel/attribute"
"go.opentelemetry.io/otel/codes"
"go.opentelemetry.io/otel/trace"
@@ -87,6 +88,7 @@ func (p *tracerProvider) Tracer(name string, opts ...trace.TracerOption) trace.T
name: name,
version: c.InstrumentationVersion(),
schema: c.SchemaURL(),
+ attrs: c.InstrumentationAttributes(),
}
if p.tracers == nil {
@@ -102,7 +104,12 @@ func (p *tracerProvider) Tracer(name string, opts ...trace.TracerOption) trace.T
return t
}
-type il struct{ name, version, schema string }
+type il struct {
+ name string
+ version string
+ schema string
+ attrs attribute.Set
+}
// tracer is a placeholder for a trace.Tracer.
//
@@ -139,6 +146,30 @@ func (t *tracer) Start(ctx context.Context, name string, opts ...trace.SpanStart
return delegate.(trace.Tracer).Start(ctx, name, opts...)
}
+ return t.newSpan(ctx, autoInstEnabled, name, opts)
+}
+
+// autoInstEnabled determines if the auto-instrumentation SDK span is returned
+// from the tracer when not backed by a delegate and auto-instrumentation has
+// attached to this process.
+//
+// The auto-instrumentation is expected to overwrite this value to true when it
+// attaches. By default, this will point to false and mean a tracer will return
+// a nonRecordingSpan by default.
+var autoInstEnabled = new(bool)
+
+func (t *tracer) newSpan(ctx context.Context, autoSpan *bool, name string, opts []trace.SpanStartOption) (context.Context, trace.Span) {
+ // autoInstEnabled is passed to newSpan via the autoSpan parameter. This is
+ // so the auto-instrumentation can define a uprobe for (*t).newSpan and be
+ // provided with the address of the bool autoInstEnabled points to. It
+ // needs to be a parameter so that pointer can be reliably determined, it
+ // should not be read from the global.
+
+ if *autoSpan {
+ tracer := sdk.TracerProvider().Tracer(t.name, t.opts...)
+ return tracer.Start(ctx, name, opts...)
+ }
+
s := nonRecordingSpan{sc: trace.SpanContextFromContext(ctx), tracer: t}
ctx = trace.ContextWithSpan(ctx, s)
return ctx, s
diff --git a/vendor/go.opentelemetry.io/otel/renovate.json b/vendor/go.opentelemetry.io/otel/renovate.json
index 0a29a2f13d..a6fa353f95 100644
--- a/vendor/go.opentelemetry.io/otel/renovate.json
+++ b/vendor/go.opentelemetry.io/otel/renovate.json
@@ -1,7 +1,7 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
- "config:recommended"
+ "config:best-practices"
],
"ignorePaths": [],
"labels": ["Skip Changelog", "dependencies"],
@@ -15,10 +15,8 @@
"enabled": true
},
{
- "matchFileNames": ["internal/tools/**"],
- "matchManagers": ["gomod"],
- "matchDepTypes": ["indirect"],
- "enabled": false
+ "matchPackageNames": ["go.opentelemetry.io/build-tools/**"],
+ "groupName": "build-tools"
},
{
"matchPackageNames": ["google.golang.org/genproto/googleapis/**"],
diff --git a/vendor/go.opentelemetry.io/otel/requirements.txt b/vendor/go.opentelemetry.io/otel/requirements.txt
index ab09daf9d5..1bb55fb1cc 100644
--- a/vendor/go.opentelemetry.io/otel/requirements.txt
+++ b/vendor/go.opentelemetry.io/otel/requirements.txt
@@ -1 +1 @@
-codespell==2.3.0
+codespell==2.4.1
diff --git a/vendor/go.opentelemetry.io/otel/sdk/instrumentation/scope.go b/vendor/go.opentelemetry.io/otel/sdk/instrumentation/scope.go
index 728115045b..34852a47b2 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/instrumentation/scope.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/instrumentation/scope.go
@@ -3,6 +3,8 @@
package instrumentation // import "go.opentelemetry.io/otel/sdk/instrumentation"
+import "go.opentelemetry.io/otel/attribute"
+
// Scope represents the instrumentation scope.
type Scope struct {
// Name is the name of the instrumentation scope. This should be the
@@ -12,4 +14,6 @@ type Scope struct {
Version string
// SchemaURL of the telemetry emitted by the scope.
SchemaURL string
+ // Attributes of the telemetry emitted by the scope.
+ Attributes attribute.Set
}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/auto.go b/vendor/go.opentelemetry.io/otel/sdk/resource/auto.go
index 95a61d61d4..c02aeefdde 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/auto.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/auto.go
@@ -7,7 +7,6 @@ import (
"context"
"errors"
"fmt"
- "strings"
)
// ErrPartialResource is returned by a detector when complete source
@@ -57,62 +56,37 @@ func Detect(ctx context.Context, detectors ...Detector) (*Resource, error) {
// these errors will be returned. Otherwise, nil is returned.
func detect(ctx context.Context, res *Resource, detectors []Detector) error {
var (
- r *Resource
- errs detectErrs
- err error
+ r *Resource
+ err error
+ e error
)
for _, detector := range detectors {
if detector == nil {
continue
}
- r, err = detector.Detect(ctx)
- if err != nil {
- errs = append(errs, err)
- if !errors.Is(err, ErrPartialResource) {
+ r, e = detector.Detect(ctx)
+ if e != nil {
+ err = errors.Join(err, e)
+ if !errors.Is(e, ErrPartialResource) {
continue
}
}
- r, err = Merge(res, r)
- if err != nil {
- errs = append(errs, err)
+ r, e = Merge(res, r)
+ if e != nil {
+ err = errors.Join(err, e)
}
*res = *r
}
- if len(errs) == 0 {
- return nil
- }
- if errors.Is(errs, ErrSchemaURLConflict) {
- // If there has been a merge conflict, ensure the resource has no
- // schema URL.
- res.schemaURL = ""
- }
- return errs
-}
-
-type detectErrs []error
-
-func (e detectErrs) Error() string {
- errStr := make([]string, len(e))
- for i, err := range e {
- errStr[i] = fmt.Sprintf("* %s", err)
- }
-
- format := "%d errors occurred detecting resource:\n\t%s"
- return fmt.Sprintf(format, len(e), strings.Join(errStr, "\n\t"))
-}
+ if err != nil {
+ if errors.Is(err, ErrSchemaURLConflict) {
+ // If there has been a merge conflict, ensure the resource has no
+ // schema URL.
+ res.schemaURL = ""
+ }
-func (e detectErrs) Unwrap() error {
- switch len(e) {
- case 0:
- return nil
- case 1:
- return e[0]
+ err = fmt.Errorf("error detecting resource: %w", err)
}
- return e[1:]
-}
-
-func (e detectErrs) Is(target error) bool {
- return len(e) != 0 && errors.Is(e[0], target)
+ return err
}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go b/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go
index 6ac1cdbf7b..cf3c88e15c 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go
@@ -20,15 +20,13 @@ type (
// telemetrySDK is a Detector that provides information about
// the OpenTelemetry SDK used. This Detector is included as a
// builtin. If these resource attributes are not wanted, use
- // the WithTelemetrySDK(nil) or WithoutBuiltin() options to
- // explicitly disable them.
+ // resource.New() to explicitly disable them.
telemetrySDK struct{}
// host is a Detector that provides information about the host
// being run on. This Detector is included as a builtin. If
// these resource attributes are not wanted, use the
- // WithHost(nil) or WithoutBuiltin() options to explicitly
- // disable them.
+ // resource.New() to explicitly disable them.
host struct{}
stringDetector struct {
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_darwin.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_darwin.go
index ce455dc544..3d703c5d98 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_darwin.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_darwin.go
@@ -5,6 +5,7 @@ package resource // import "go.opentelemetry.io/otel/sdk/resource"
import (
"encoding/xml"
+ "errors"
"fmt"
"io"
"os"
@@ -63,7 +64,7 @@ func parsePlistFile(file io.Reader) (map[string]string, error) {
}
if len(v.Dict.Key) != len(v.Dict.String) {
- return nil, fmt.Errorf("the number of and elements doesn't match")
+ return nil, errors.New("the number of and elements doesn't match")
}
properties := make(map[string]string, len(v.Dict.Key))
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go b/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go
index ad4b50df40..09b91e1e1b 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go
@@ -21,11 +21,22 @@ import (
// Resources should be passed and stored as pointers
// (`*resource.Resource`). The `nil` value is equivalent to an empty
// Resource.
+//
+// Note that the Go == operator compares not just the resource attributes but
+// also all other internals of the Resource type. Therefore, Resource values
+// should not be used as map or database keys. In general, the [Resource.Equal]
+// method should be used instead of direct comparison with ==, since that
+// method ensures the correct comparison of resource attributes, and the
+// [attribute.Distinct] returned from [Resource.Equivalent] should be used for
+// map and database keys instead.
type Resource struct {
attrs attribute.Set
schemaURL string
}
+// Compile-time check that the Resource remains comparable.
+var _ map[Resource]struct{} = nil
+
var (
defaultResource *Resource
defaultResourceOnce sync.Once
@@ -137,15 +148,19 @@ func (r *Resource) Iter() attribute.Iterator {
return r.attrs.Iter()
}
-// Equal returns true when a Resource is equivalent to this Resource.
-func (r *Resource) Equal(eq *Resource) bool {
+// Equal returns whether r and o represent the same resource. Two resources can
+// be equal even if they have different schema URLs.
+//
+// See the documentation on the [Resource] type for the pitfalls of using ==
+// with Resource values; most code should use Equal instead.
+func (r *Resource) Equal(o *Resource) bool {
if r == nil {
r = Empty()
}
- if eq == nil {
- eq = Empty()
+ if o == nil {
+ o = Empty()
}
- return r.Equivalent() == eq.Equivalent()
+ return r.Equivalent() == o.Equivalent()
}
// Merge creates a new [Resource] by merging a and b.
diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go b/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go
index 4ce757dfd6..6872cbb4e7 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go
@@ -201,10 +201,9 @@ func (bsp *batchSpanProcessor) ForceFlush(ctx context.Context) error {
}
}
- wait := make(chan error)
+ wait := make(chan error, 1)
go func() {
wait <- bsp.exportSpans(ctx)
- close(wait)
}()
// Wait until the export is finished or the context is cancelled/timed out
select {
@@ -280,6 +279,7 @@ func (bsp *batchSpanProcessor) exportSpans(ctx context.Context) error {
//
// It is up to the exporter to implement any type of retry logic if a batch is failing
// to be exported, since it is specific to the protocol and backend being sent to.
+ clear(bsp.batch) // Erase elements to let GC collect objects
bsp.batch = bsp.batch[:0]
if err != nil {
diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go b/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go
index 14c2e5bebd..185aa7c08f 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go
@@ -139,9 +139,10 @@ func (p *TracerProvider) Tracer(name string, opts ...trace.TracerOption) trace.T
name = defaultTracerName
}
is := instrumentation.Scope{
- Name: name,
- Version: c.InstrumentationVersion(),
- SchemaURL: c.SchemaURL(),
+ Name: name,
+ Version: c.InstrumentationVersion(),
+ SchemaURL: c.SchemaURL(),
+ Attributes: c.InstrumentationAttributes(),
}
t, ok := func() (trace.Tracer, bool) {
@@ -168,7 +169,7 @@ func (p *TracerProvider) Tracer(name string, opts ...trace.TracerOption) trace.T
// slowing down all tracing consumers.
// - Logging code may be instrumented with tracing and deadlock because it could try
// acquiring the same non-reentrant mutex.
- global.Info("Tracer created", "name", name, "version", is.Version, "schemaURL", is.SchemaURL)
+ global.Info("Tracer created", "name", name, "version", is.Version, "schemaURL", is.SchemaURL, "attributes", is.Attributes)
}
return t
}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/sampler_env.go b/vendor/go.opentelemetry.io/otel/sdk/trace/sampler_env.go
index d2d1f72466..9b672a1d70 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/trace/sampler_env.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/trace/sampler_env.go
@@ -5,7 +5,6 @@ package trace // import "go.opentelemetry.io/otel/sdk/trace"
import (
"errors"
- "fmt"
"os"
"strconv"
"strings"
@@ -26,7 +25,7 @@ const (
type errUnsupportedSampler string
func (e errUnsupportedSampler) Error() string {
- return fmt.Sprintf("unsupported sampler: %s", string(e))
+ return "unsupported sampler: " + string(e)
}
var (
@@ -39,7 +38,7 @@ type samplerArgParseError struct {
}
func (e samplerArgParseError) Error() string {
- return fmt.Sprintf("parsing sampler argument: %s", e.parseErr.Error())
+ return "parsing sampler argument: " + e.parseErr.Error()
}
func (e samplerArgParseError) Unwrap() error {
diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go b/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go
index ebb6df6c90..aa7b262d0d 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go
@@ -47,12 +47,12 @@ const (
// Drop will not record the span and all attributes/events will be dropped.
Drop SamplingDecision = iota
- // Record indicates the span's `IsRecording() == true`, but `Sampled` flag
- // *must not* be set.
+ // RecordOnly indicates the span's IsRecording method returns true, but trace.FlagsSampled flag
+ // must not be set.
RecordOnly
- // RecordAndSample has span's `IsRecording() == true` and `Sampled` flag
- // *must* be set.
+ // RecordAndSample indicates the span's IsRecording method returns true and trace.FlagsSampled flag
+ // must be set.
RecordAndSample
)
diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go b/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go
index 554111bb4a..664e13e03f 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go
@@ -58,7 +58,7 @@ func (ssp *simpleSpanProcessor) Shutdown(ctx context.Context) error {
var err error
ssp.stopOnce.Do(func() {
stopFunc := func(exp SpanExporter) (<-chan error, func()) {
- done := make(chan error)
+ done := make(chan error, 1)
return done, func() { done <- exp.Shutdown(ctx) }
}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/span.go b/vendor/go.opentelemetry.io/otel/sdk/trace/span.go
index 730fb85c3e..8f4fc38508 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/trace/span.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/trace/span.go
@@ -347,54 +347,99 @@ func truncateAttr(limit int, attr attribute.KeyValue) attribute.KeyValue {
}
switch attr.Value.Type() {
case attribute.STRING:
- if v := attr.Value.AsString(); len(v) > limit {
- return attr.Key.String(safeTruncate(v, limit))
- }
+ v := attr.Value.AsString()
+ return attr.Key.String(truncate(limit, v))
case attribute.STRINGSLICE:
v := attr.Value.AsStringSlice()
for i := range v {
- if len(v[i]) > limit {
- v[i] = safeTruncate(v[i], limit)
- }
+ v[i] = truncate(limit, v[i])
}
return attr.Key.StringSlice(v)
}
return attr
}
-// safeTruncate truncates the string and guarantees valid UTF-8 is returned.
-func safeTruncate(input string, limit int) string {
- if trunc, ok := safeTruncateValidUTF8(input, limit); ok {
- return trunc
+// truncate returns a truncated version of s such that it contains less than
+// the limit number of characters. Truncation is applied by returning the limit
+// number of valid characters contained in s.
+//
+// If limit is negative, it returns the original string.
+//
+// UTF-8 is supported. When truncating, all invalid characters are dropped
+// before applying truncation.
+//
+// If s already contains less than the limit number of bytes, it is returned
+// unchanged. No invalid characters are removed.
+func truncate(limit int, s string) string {
+ // This prioritize performance in the following order based on the most
+ // common expected use-cases.
+ //
+ // - Short values less than the default limit (128).
+ // - Strings with valid encodings that exceed the limit.
+ // - No limit.
+ // - Strings with invalid encodings that exceed the limit.
+ if limit < 0 || len(s) <= limit {
+ return s
+ }
+
+ // Optimistically, assume all valid UTF-8.
+ var b strings.Builder
+ count := 0
+ for i, c := range s {
+ if c != utf8.RuneError {
+ count++
+ if count > limit {
+ return s[:i]
+ }
+ continue
+ }
+
+ _, size := utf8.DecodeRuneInString(s[i:])
+ if size == 1 {
+ // Invalid encoding.
+ b.Grow(len(s) - 1)
+ _, _ = b.WriteString(s[:i])
+ s = s[i:]
+ break
+ }
+ }
+
+ // Fast-path, no invalid input.
+ if b.Cap() == 0 {
+ return s
}
- trunc, _ := safeTruncateValidUTF8(strings.ToValidUTF8(input, ""), limit)
- return trunc
-}
-// safeTruncateValidUTF8 returns a copy of the input string safely truncated to
-// limit. The truncation is ensured to occur at the bounds of complete UTF-8
-// characters. If invalid encoding of UTF-8 is encountered, input is returned
-// with false, otherwise, the truncated input will be returned with true.
-func safeTruncateValidUTF8(input string, limit int) (string, bool) {
- for cnt := 0; cnt <= limit; {
- r, size := utf8.DecodeRuneInString(input[cnt:])
- if r == utf8.RuneError {
- return input, false
+ // Truncate while validating UTF-8.
+ for i := 0; i < len(s) && count < limit; {
+ c := s[i]
+ if c < utf8.RuneSelf {
+ // Optimization for single byte runes (common case).
+ _ = b.WriteByte(c)
+ i++
+ count++
+ continue
}
- if cnt+size > limit {
- return input[:cnt], true
+ _, size := utf8.DecodeRuneInString(s[i:])
+ if size == 1 {
+ // We checked for all 1-byte runes above, this is a RuneError.
+ i++
+ continue
}
- cnt += size
+
+ _, _ = b.WriteString(s[i : i+size])
+ i += size
+ count++
}
- return input, true
+
+ return b.String()
}
// End ends the span. This method does nothing if the span is already ended or
// is not being recorded.
//
-// The only SpanOption currently supported is WithTimestamp which will set the
-// end time for a Span's life-cycle.
+// The only SpanEndOption currently supported are [trace.WithTimestamp], and
+// [trace.WithStackTrace].
//
// If this method is called while panicking an error event is added to the
// Span before ending it and the panic is continued.
@@ -639,10 +684,7 @@ func (s *recordingSpan) dedupeAttrsFromRecord(record map[attribute.Key]int) {
record[a.Key] = len(unique) - 1
}
}
- // s.attributes have element types of attribute.KeyValue. These types are
- // not pointers and they themselves do not contain pointer fields,
- // therefore the duplicate values do not need to be zeroed for them to be
- // garbage collected.
+ clear(s.attributes[len(unique):]) // Erase unneeded elements to let GC collect objects.
s.attributes = unique
}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/version.go b/vendor/go.opentelemetry.io/otel/sdk/version.go
index dc1eaa8e9d..2b797fbdea 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/version.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/version.go
@@ -5,5 +5,5 @@ package sdk // import "go.opentelemetry.io/otel/sdk"
// Version is the current release version of the OpenTelemetry SDK in use.
func Version() string {
- return "1.31.0"
+ return "1.35.0"
}
diff --git a/vendor/go.opentelemetry.io/otel/trace/auto.go b/vendor/go.opentelemetry.io/otel/trace/auto.go
new file mode 100644
index 0000000000..7e2910025a
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/auto.go
@@ -0,0 +1,661 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package trace // import "go.opentelemetry.io/otel/trace"
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "math"
+ "os"
+ "reflect"
+ "runtime"
+ "strconv"
+ "strings"
+ "sync"
+ "sync/atomic"
+ "time"
+ "unicode/utf8"
+
+ "go.opentelemetry.io/otel/attribute"
+ "go.opentelemetry.io/otel/codes"
+ semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
+ "go.opentelemetry.io/otel/trace/embedded"
+ "go.opentelemetry.io/otel/trace/internal/telemetry"
+)
+
+// newAutoTracerProvider returns an auto-instrumentable [trace.TracerProvider].
+// If an [go.opentelemetry.io/auto.Instrumentation] is configured to instrument
+// the process using the returned TracerProvider, all of the telemetry it
+// produces will be processed and handled by that Instrumentation. By default,
+// if no Instrumentation instruments the TracerProvider it will not generate
+// any trace telemetry.
+func newAutoTracerProvider() TracerProvider { return tracerProviderInstance }
+
+var tracerProviderInstance = new(autoTracerProvider)
+
+type autoTracerProvider struct{ embedded.TracerProvider }
+
+var _ TracerProvider = autoTracerProvider{}
+
+func (p autoTracerProvider) Tracer(name string, opts ...TracerOption) Tracer {
+ cfg := NewTracerConfig(opts...)
+ return autoTracer{
+ name: name,
+ version: cfg.InstrumentationVersion(),
+ schemaURL: cfg.SchemaURL(),
+ }
+}
+
+type autoTracer struct {
+ embedded.Tracer
+
+ name, schemaURL, version string
+}
+
+var _ Tracer = autoTracer{}
+
+func (t autoTracer) Start(ctx context.Context, name string, opts ...SpanStartOption) (context.Context, Span) {
+ var psc SpanContext
+ sampled := true
+ span := new(autoSpan)
+
+ // Ask eBPF for sampling decision and span context info.
+ t.start(ctx, span, &psc, &sampled, &span.spanContext)
+
+ span.sampled.Store(sampled)
+
+ ctx = ContextWithSpan(ctx, span)
+
+ if sampled {
+ // Only build traces if sampled.
+ cfg := NewSpanStartConfig(opts...)
+ span.traces, span.span = t.traces(name, cfg, span.spanContext, psc)
+ }
+
+ return ctx, span
+}
+
+// Expected to be implemented in eBPF.
+//
+//go:noinline
+func (t *autoTracer) start(
+ ctx context.Context,
+ spanPtr *autoSpan,
+ psc *SpanContext,
+ sampled *bool,
+ sc *SpanContext,
+) {
+ start(ctx, spanPtr, psc, sampled, sc)
+}
+
+// start is used for testing.
+var start = func(context.Context, *autoSpan, *SpanContext, *bool, *SpanContext) {}
+
+func (t autoTracer) traces(name string, cfg SpanConfig, sc, psc SpanContext) (*telemetry.Traces, *telemetry.Span) {
+ span := &telemetry.Span{
+ TraceID: telemetry.TraceID(sc.TraceID()),
+ SpanID: telemetry.SpanID(sc.SpanID()),
+ Flags: uint32(sc.TraceFlags()),
+ TraceState: sc.TraceState().String(),
+ ParentSpanID: telemetry.SpanID(psc.SpanID()),
+ Name: name,
+ Kind: spanKind(cfg.SpanKind()),
+ }
+
+ span.Attrs, span.DroppedAttrs = convCappedAttrs(maxSpan.Attrs, cfg.Attributes())
+
+ links := cfg.Links()
+ if limit := maxSpan.Links; limit == 0 {
+ n := int64(len(links))
+ if n > 0 {
+ span.DroppedLinks = uint32(min(n, math.MaxUint32)) // nolint: gosec // Bounds checked.
+ }
+ } else {
+ if limit > 0 {
+ n := int64(max(len(links)-limit, 0))
+ span.DroppedLinks = uint32(min(n, math.MaxUint32)) // nolint: gosec // Bounds checked.
+ links = links[n:]
+ }
+ span.Links = convLinks(links)
+ }
+
+ if t := cfg.Timestamp(); !t.IsZero() {
+ span.StartTime = cfg.Timestamp()
+ } else {
+ span.StartTime = time.Now()
+ }
+
+ return &telemetry.Traces{
+ ResourceSpans: []*telemetry.ResourceSpans{
+ {
+ ScopeSpans: []*telemetry.ScopeSpans{
+ {
+ Scope: &telemetry.Scope{
+ Name: t.name,
+ Version: t.version,
+ },
+ Spans: []*telemetry.Span{span},
+ SchemaURL: t.schemaURL,
+ },
+ },
+ },
+ },
+ }, span
+}
+
+func spanKind(kind SpanKind) telemetry.SpanKind {
+ switch kind {
+ case SpanKindInternal:
+ return telemetry.SpanKindInternal
+ case SpanKindServer:
+ return telemetry.SpanKindServer
+ case SpanKindClient:
+ return telemetry.SpanKindClient
+ case SpanKindProducer:
+ return telemetry.SpanKindProducer
+ case SpanKindConsumer:
+ return telemetry.SpanKindConsumer
+ }
+ return telemetry.SpanKind(0) // undefined.
+}
+
+type autoSpan struct {
+ embedded.Span
+
+ spanContext SpanContext
+ sampled atomic.Bool
+
+ mu sync.Mutex
+ traces *telemetry.Traces
+ span *telemetry.Span
+}
+
+func (s *autoSpan) SpanContext() SpanContext {
+ if s == nil {
+ return SpanContext{}
+ }
+ // s.spanContext is immutable, do not acquire lock s.mu.
+ return s.spanContext
+}
+
+func (s *autoSpan) IsRecording() bool {
+ if s == nil {
+ return false
+ }
+
+ return s.sampled.Load()
+}
+
+func (s *autoSpan) SetStatus(c codes.Code, msg string) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ if s.span.Status == nil {
+ s.span.Status = new(telemetry.Status)
+ }
+
+ s.span.Status.Message = msg
+
+ switch c {
+ case codes.Unset:
+ s.span.Status.Code = telemetry.StatusCodeUnset
+ case codes.Error:
+ s.span.Status.Code = telemetry.StatusCodeError
+ case codes.Ok:
+ s.span.Status.Code = telemetry.StatusCodeOK
+ }
+}
+
+func (s *autoSpan) SetAttributes(attrs ...attribute.KeyValue) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ limit := maxSpan.Attrs
+ if limit == 0 {
+ // No attributes allowed.
+ n := int64(len(attrs))
+ if n > 0 {
+ s.span.DroppedAttrs += uint32(min(n, math.MaxUint32)) // nolint: gosec // Bounds checked.
+ }
+ return
+ }
+
+ m := make(map[string]int)
+ for i, a := range s.span.Attrs {
+ m[a.Key] = i
+ }
+
+ for _, a := range attrs {
+ val := convAttrValue(a.Value)
+ if val.Empty() {
+ s.span.DroppedAttrs++
+ continue
+ }
+
+ if idx, ok := m[string(a.Key)]; ok {
+ s.span.Attrs[idx] = telemetry.Attr{
+ Key: string(a.Key),
+ Value: val,
+ }
+ } else if limit < 0 || len(s.span.Attrs) < limit {
+ s.span.Attrs = append(s.span.Attrs, telemetry.Attr{
+ Key: string(a.Key),
+ Value: val,
+ })
+ m[string(a.Key)] = len(s.span.Attrs) - 1
+ } else {
+ s.span.DroppedAttrs++
+ }
+ }
+}
+
+// convCappedAttrs converts up to limit attrs into a []telemetry.Attr. The
+// number of dropped attributes is also returned.
+func convCappedAttrs(limit int, attrs []attribute.KeyValue) ([]telemetry.Attr, uint32) {
+ n := len(attrs)
+ if limit == 0 {
+ var out uint32
+ if n > 0 {
+ out = uint32(min(int64(n), math.MaxUint32)) // nolint: gosec // Bounds checked.
+ }
+ return nil, out
+ }
+
+ if limit < 0 {
+ // Unlimited.
+ return convAttrs(attrs), 0
+ }
+
+ if n < 0 {
+ n = 0
+ }
+
+ limit = min(n, limit)
+ return convAttrs(attrs[:limit]), uint32(n - limit) // nolint: gosec // Bounds checked.
+}
+
+func convAttrs(attrs []attribute.KeyValue) []telemetry.Attr {
+ if len(attrs) == 0 {
+ // Avoid allocations if not necessary.
+ return nil
+ }
+
+ out := make([]telemetry.Attr, 0, len(attrs))
+ for _, attr := range attrs {
+ key := string(attr.Key)
+ val := convAttrValue(attr.Value)
+ if val.Empty() {
+ continue
+ }
+ out = append(out, telemetry.Attr{Key: key, Value: val})
+ }
+ return out
+}
+
+func convAttrValue(value attribute.Value) telemetry.Value {
+ switch value.Type() {
+ case attribute.BOOL:
+ return telemetry.BoolValue(value.AsBool())
+ case attribute.INT64:
+ return telemetry.Int64Value(value.AsInt64())
+ case attribute.FLOAT64:
+ return telemetry.Float64Value(value.AsFloat64())
+ case attribute.STRING:
+ v := truncate(maxSpan.AttrValueLen, value.AsString())
+ return telemetry.StringValue(v)
+ case attribute.BOOLSLICE:
+ slice := value.AsBoolSlice()
+ out := make([]telemetry.Value, 0, len(slice))
+ for _, v := range slice {
+ out = append(out, telemetry.BoolValue(v))
+ }
+ return telemetry.SliceValue(out...)
+ case attribute.INT64SLICE:
+ slice := value.AsInt64Slice()
+ out := make([]telemetry.Value, 0, len(slice))
+ for _, v := range slice {
+ out = append(out, telemetry.Int64Value(v))
+ }
+ return telemetry.SliceValue(out...)
+ case attribute.FLOAT64SLICE:
+ slice := value.AsFloat64Slice()
+ out := make([]telemetry.Value, 0, len(slice))
+ for _, v := range slice {
+ out = append(out, telemetry.Float64Value(v))
+ }
+ return telemetry.SliceValue(out...)
+ case attribute.STRINGSLICE:
+ slice := value.AsStringSlice()
+ out := make([]telemetry.Value, 0, len(slice))
+ for _, v := range slice {
+ v = truncate(maxSpan.AttrValueLen, v)
+ out = append(out, telemetry.StringValue(v))
+ }
+ return telemetry.SliceValue(out...)
+ }
+ return telemetry.Value{}
+}
+
+// truncate returns a truncated version of s such that it contains less than
+// the limit number of characters. Truncation is applied by returning the limit
+// number of valid characters contained in s.
+//
+// If limit is negative, it returns the original string.
+//
+// UTF-8 is supported. When truncating, all invalid characters are dropped
+// before applying truncation.
+//
+// If s already contains less than the limit number of bytes, it is returned
+// unchanged. No invalid characters are removed.
+func truncate(limit int, s string) string {
+ // This prioritize performance in the following order based on the most
+ // common expected use-cases.
+ //
+ // - Short values less than the default limit (128).
+ // - Strings with valid encodings that exceed the limit.
+ // - No limit.
+ // - Strings with invalid encodings that exceed the limit.
+ if limit < 0 || len(s) <= limit {
+ return s
+ }
+
+ // Optimistically, assume all valid UTF-8.
+ var b strings.Builder
+ count := 0
+ for i, c := range s {
+ if c != utf8.RuneError {
+ count++
+ if count > limit {
+ return s[:i]
+ }
+ continue
+ }
+
+ _, size := utf8.DecodeRuneInString(s[i:])
+ if size == 1 {
+ // Invalid encoding.
+ b.Grow(len(s) - 1)
+ _, _ = b.WriteString(s[:i])
+ s = s[i:]
+ break
+ }
+ }
+
+ // Fast-path, no invalid input.
+ if b.Cap() == 0 {
+ return s
+ }
+
+ // Truncate while validating UTF-8.
+ for i := 0; i < len(s) && count < limit; {
+ c := s[i]
+ if c < utf8.RuneSelf {
+ // Optimization for single byte runes (common case).
+ _ = b.WriteByte(c)
+ i++
+ count++
+ continue
+ }
+
+ _, size := utf8.DecodeRuneInString(s[i:])
+ if size == 1 {
+ // We checked for all 1-byte runes above, this is a RuneError.
+ i++
+ continue
+ }
+
+ _, _ = b.WriteString(s[i : i+size])
+ i += size
+ count++
+ }
+
+ return b.String()
+}
+
+func (s *autoSpan) End(opts ...SpanEndOption) {
+ if s == nil || !s.sampled.Swap(false) {
+ return
+ }
+
+ // s.end exists so the lock (s.mu) is not held while s.ended is called.
+ s.ended(s.end(opts))
+}
+
+func (s *autoSpan) end(opts []SpanEndOption) []byte {
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ cfg := NewSpanEndConfig(opts...)
+ if t := cfg.Timestamp(); !t.IsZero() {
+ s.span.EndTime = cfg.Timestamp()
+ } else {
+ s.span.EndTime = time.Now()
+ }
+
+ b, _ := json.Marshal(s.traces) // TODO: do not ignore this error.
+ return b
+}
+
+// Expected to be implemented in eBPF.
+//
+//go:noinline
+func (*autoSpan) ended(buf []byte) { ended(buf) }
+
+// ended is used for testing.
+var ended = func([]byte) {}
+
+func (s *autoSpan) RecordError(err error, opts ...EventOption) {
+ if s == nil || err == nil || !s.sampled.Load() {
+ return
+ }
+
+ cfg := NewEventConfig(opts...)
+
+ attrs := cfg.Attributes()
+ attrs = append(attrs,
+ semconv.ExceptionType(typeStr(err)),
+ semconv.ExceptionMessage(err.Error()),
+ )
+ if cfg.StackTrace() {
+ buf := make([]byte, 2048)
+ n := runtime.Stack(buf, false)
+ attrs = append(attrs, semconv.ExceptionStacktrace(string(buf[0:n])))
+ }
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ s.addEvent(semconv.ExceptionEventName, cfg.Timestamp(), attrs)
+}
+
+func typeStr(i any) string {
+ t := reflect.TypeOf(i)
+ if t.PkgPath() == "" && t.Name() == "" {
+ // Likely a builtin type.
+ return t.String()
+ }
+ return fmt.Sprintf("%s.%s", t.PkgPath(), t.Name())
+}
+
+func (s *autoSpan) AddEvent(name string, opts ...EventOption) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ cfg := NewEventConfig(opts...)
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ s.addEvent(name, cfg.Timestamp(), cfg.Attributes())
+}
+
+// addEvent adds an event with name and attrs at tStamp to the span. The span
+// lock (s.mu) needs to be held by the caller.
+func (s *autoSpan) addEvent(name string, tStamp time.Time, attrs []attribute.KeyValue) {
+ limit := maxSpan.Events
+
+ if limit == 0 {
+ s.span.DroppedEvents++
+ return
+ }
+
+ if limit > 0 && len(s.span.Events) == limit {
+ // Drop head while avoiding allocation of more capacity.
+ copy(s.span.Events[:limit-1], s.span.Events[1:])
+ s.span.Events = s.span.Events[:limit-1]
+ s.span.DroppedEvents++
+ }
+
+ e := &telemetry.SpanEvent{Time: tStamp, Name: name}
+ e.Attrs, e.DroppedAttrs = convCappedAttrs(maxSpan.EventAttrs, attrs)
+
+ s.span.Events = append(s.span.Events, e)
+}
+
+func (s *autoSpan) AddLink(link Link) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ l := maxSpan.Links
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ if l == 0 {
+ s.span.DroppedLinks++
+ return
+ }
+
+ if l > 0 && len(s.span.Links) == l {
+ // Drop head while avoiding allocation of more capacity.
+ copy(s.span.Links[:l-1], s.span.Links[1:])
+ s.span.Links = s.span.Links[:l-1]
+ s.span.DroppedLinks++
+ }
+
+ s.span.Links = append(s.span.Links, convLink(link))
+}
+
+func convLinks(links []Link) []*telemetry.SpanLink {
+ out := make([]*telemetry.SpanLink, 0, len(links))
+ for _, link := range links {
+ out = append(out, convLink(link))
+ }
+ return out
+}
+
+func convLink(link Link) *telemetry.SpanLink {
+ l := &telemetry.SpanLink{
+ TraceID: telemetry.TraceID(link.SpanContext.TraceID()),
+ SpanID: telemetry.SpanID(link.SpanContext.SpanID()),
+ TraceState: link.SpanContext.TraceState().String(),
+ Flags: uint32(link.SpanContext.TraceFlags()),
+ }
+ l.Attrs, l.DroppedAttrs = convCappedAttrs(maxSpan.LinkAttrs, link.Attributes)
+
+ return l
+}
+
+func (s *autoSpan) SetName(name string) {
+ if s == nil || !s.sampled.Load() {
+ return
+ }
+
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ s.span.Name = name
+}
+
+func (*autoSpan) TracerProvider() TracerProvider { return newAutoTracerProvider() }
+
+// maxSpan are the span limits resolved during startup.
+var maxSpan = newSpanLimits()
+
+type spanLimits struct {
+ // Attrs is the number of allowed attributes for a span.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_SPAN_ATTRIBUTE_COUNT_LIMIT key if it exists. Otherwise, the
+ // environment variable value for OTEL_ATTRIBUTE_COUNT_LIMIT, or 128 if
+ // that is not set, is used.
+ Attrs int
+ // AttrValueLen is the maximum attribute value length allowed for a span.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_SPAN_ATTRIBUTE_VALUE_LENGTH_LIMIT key if it exists. Otherwise, the
+ // environment variable value for OTEL_ATTRIBUTE_VALUE_LENGTH_LIMIT, or -1
+ // if that is not set, is used.
+ AttrValueLen int
+ // Events is the number of allowed events for a span.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_SPAN_EVENT_COUNT_LIMIT key, or 128 is used if that is not set.
+ Events int
+ // EventAttrs is the number of allowed attributes for a span event.
+ //
+ // The is resolved from the environment variable value for the
+ // OTEL_EVENT_ATTRIBUTE_COUNT_LIMIT key, or 128 is used if that is not set.
+ EventAttrs int
+ // Links is the number of allowed Links for a span.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_SPAN_LINK_COUNT_LIMIT, or 128 is used if that is not set.
+ Links int
+ // LinkAttrs is the number of allowed attributes for a span link.
+ //
+ // This is resolved from the environment variable value for the
+ // OTEL_LINK_ATTRIBUTE_COUNT_LIMIT, or 128 is used if that is not set.
+ LinkAttrs int
+}
+
+func newSpanLimits() spanLimits {
+ return spanLimits{
+ Attrs: firstEnv(
+ 128,
+ "OTEL_SPAN_ATTRIBUTE_COUNT_LIMIT",
+ "OTEL_ATTRIBUTE_COUNT_LIMIT",
+ ),
+ AttrValueLen: firstEnv(
+ -1, // Unlimited.
+ "OTEL_SPAN_ATTRIBUTE_VALUE_LENGTH_LIMIT",
+ "OTEL_ATTRIBUTE_VALUE_LENGTH_LIMIT",
+ ),
+ Events: firstEnv(128, "OTEL_SPAN_EVENT_COUNT_LIMIT"),
+ EventAttrs: firstEnv(128, "OTEL_EVENT_ATTRIBUTE_COUNT_LIMIT"),
+ Links: firstEnv(128, "OTEL_SPAN_LINK_COUNT_LIMIT"),
+ LinkAttrs: firstEnv(128, "OTEL_LINK_ATTRIBUTE_COUNT_LIMIT"),
+ }
+}
+
+// firstEnv returns the parsed integer value of the first matching environment
+// variable from keys. The defaultVal is returned if the value is not an
+// integer or no match is found.
+func firstEnv(defaultVal int, keys ...string) int {
+ for _, key := range keys {
+ strV := os.Getenv(key)
+ if strV == "" {
+ continue
+ }
+
+ v, err := strconv.Atoi(strV)
+ if err == nil {
+ return v
+ }
+ // Ignore invalid environment variable.
+ }
+
+ return defaultVal
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/config.go b/vendor/go.opentelemetry.io/otel/trace/config.go
index 273d58e001..9c0b720a4d 100644
--- a/vendor/go.opentelemetry.io/otel/trace/config.go
+++ b/vendor/go.opentelemetry.io/otel/trace/config.go
@@ -213,7 +213,7 @@ var _ SpanStartEventOption = attributeOption{}
// WithAttributes adds the attributes related to a span life-cycle event.
// These attributes are used to describe the work a Span represents when this
-// option is provided to a Span's start or end events. Otherwise, these
+// option is provided to a Span's start event. Otherwise, these
// attributes provide additional information about the event being recorded
// (e.g. error, state change, processing progress, system event).
//
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/attr.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/attr.go
new file mode 100644
index 0000000000..f663547b4e
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/attr.go
@@ -0,0 +1,58 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
+
+// Attr is a key-value pair.
+type Attr struct {
+ Key string `json:"key,omitempty"`
+ Value Value `json:"value,omitempty"`
+}
+
+// String returns an Attr for a string value.
+func String(key, value string) Attr {
+ return Attr{key, StringValue(value)}
+}
+
+// Int64 returns an Attr for an int64 value.
+func Int64(key string, value int64) Attr {
+ return Attr{key, Int64Value(value)}
+}
+
+// Int returns an Attr for an int value.
+func Int(key string, value int) Attr {
+ return Int64(key, int64(value))
+}
+
+// Float64 returns an Attr for a float64 value.
+func Float64(key string, value float64) Attr {
+ return Attr{key, Float64Value(value)}
+}
+
+// Bool returns an Attr for a bool value.
+func Bool(key string, value bool) Attr {
+ return Attr{key, BoolValue(value)}
+}
+
+// Bytes returns an Attr for a []byte value.
+// The passed slice must not be changed after it is passed.
+func Bytes(key string, value []byte) Attr {
+ return Attr{key, BytesValue(value)}
+}
+
+// Slice returns an Attr for a []Value value.
+// The passed slice must not be changed after it is passed.
+func Slice(key string, value ...Value) Attr {
+ return Attr{key, SliceValue(value...)}
+}
+
+// Map returns an Attr for a map value.
+// The passed slice must not be changed after it is passed.
+func Map(key string, value ...Attr) Attr {
+ return Attr{key, MapValue(value...)}
+}
+
+// Equal returns if a is equal to b.
+func (a Attr) Equal(b Attr) bool {
+ return a.Key == b.Key && a.Value.Equal(b.Value)
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/doc.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/doc.go
new file mode 100644
index 0000000000..5debe90bbb
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/doc.go
@@ -0,0 +1,8 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+/*
+Package telemetry provides a lightweight representations of OpenTelemetry
+telemetry that is compatible with the OTLP JSON protobuf encoding.
+*/
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/id.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/id.go
new file mode 100644
index 0000000000..7b1ae3c4ea
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/id.go
@@ -0,0 +1,103 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
+
+import (
+ "encoding/hex"
+ "errors"
+ "fmt"
+)
+
+const (
+ traceIDSize = 16
+ spanIDSize = 8
+)
+
+// TraceID is a custom data type that is used for all trace IDs.
+type TraceID [traceIDSize]byte
+
+// String returns the hex string representation form of a TraceID.
+func (tid TraceID) String() string {
+ return hex.EncodeToString(tid[:])
+}
+
+// IsEmpty returns false if id contains at least one non-zero byte.
+func (tid TraceID) IsEmpty() bool {
+ return tid == [traceIDSize]byte{}
+}
+
+// MarshalJSON converts the trace ID into a hex string enclosed in quotes.
+func (tid TraceID) MarshalJSON() ([]byte, error) {
+ if tid.IsEmpty() {
+ return []byte(`""`), nil
+ }
+ return marshalJSON(tid[:])
+}
+
+// UnmarshalJSON inflates the trace ID from hex string, possibly enclosed in
+// quotes.
+func (tid *TraceID) UnmarshalJSON(data []byte) error {
+ *tid = [traceIDSize]byte{}
+ return unmarshalJSON(tid[:], data)
+}
+
+// SpanID is a custom data type that is used for all span IDs.
+type SpanID [spanIDSize]byte
+
+// String returns the hex string representation form of a SpanID.
+func (sid SpanID) String() string {
+ return hex.EncodeToString(sid[:])
+}
+
+// IsEmpty returns true if the span ID contains at least one non-zero byte.
+func (sid SpanID) IsEmpty() bool {
+ return sid == [spanIDSize]byte{}
+}
+
+// MarshalJSON converts span ID into a hex string enclosed in quotes.
+func (sid SpanID) MarshalJSON() ([]byte, error) {
+ if sid.IsEmpty() {
+ return []byte(`""`), nil
+ }
+ return marshalJSON(sid[:])
+}
+
+// UnmarshalJSON decodes span ID from hex string, possibly enclosed in quotes.
+func (sid *SpanID) UnmarshalJSON(data []byte) error {
+ *sid = [spanIDSize]byte{}
+ return unmarshalJSON(sid[:], data)
+}
+
+// marshalJSON converts id into a hex string enclosed in quotes.
+func marshalJSON(id []byte) ([]byte, error) {
+ // Plus 2 quote chars at the start and end.
+ hexLen := hex.EncodedLen(len(id)) + 2
+
+ b := make([]byte, hexLen)
+ hex.Encode(b[1:hexLen-1], id)
+ b[0], b[hexLen-1] = '"', '"'
+
+ return b, nil
+}
+
+// unmarshalJSON inflates trace id from hex string, possibly enclosed in quotes.
+func unmarshalJSON(dst []byte, src []byte) error {
+ if l := len(src); l >= 2 && src[0] == '"' && src[l-1] == '"' {
+ src = src[1 : l-1]
+ }
+ nLen := len(src)
+ if nLen == 0 {
+ return nil
+ }
+
+ if len(dst) != hex.DecodedLen(nLen) {
+ return errors.New("invalid length for ID")
+ }
+
+ _, err := hex.Decode(dst, src)
+ if err != nil {
+ return fmt.Errorf("cannot unmarshal ID from string '%s': %w", string(src), err)
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/number.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/number.go
new file mode 100644
index 0000000000..f5e3a8cec9
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/number.go
@@ -0,0 +1,67 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
+
+import (
+ "encoding/json"
+ "strconv"
+)
+
+// protoInt64 represents the protobuf encoding of integers which can be either
+// strings or integers.
+type protoInt64 int64
+
+// Int64 returns the protoInt64 as an int64.
+func (i *protoInt64) Int64() int64 { return int64(*i) }
+
+// UnmarshalJSON decodes both strings and integers.
+func (i *protoInt64) UnmarshalJSON(data []byte) error {
+ if data[0] == '"' {
+ var str string
+ if err := json.Unmarshal(data, &str); err != nil {
+ return err
+ }
+ parsedInt, err := strconv.ParseInt(str, 10, 64)
+ if err != nil {
+ return err
+ }
+ *i = protoInt64(parsedInt)
+ } else {
+ var parsedInt int64
+ if err := json.Unmarshal(data, &parsedInt); err != nil {
+ return err
+ }
+ *i = protoInt64(parsedInt)
+ }
+ return nil
+}
+
+// protoUint64 represents the protobuf encoding of integers which can be either
+// strings or integers.
+type protoUint64 uint64
+
+// Int64 returns the protoUint64 as a uint64.
+func (i *protoUint64) Uint64() uint64 { return uint64(*i) }
+
+// UnmarshalJSON decodes both strings and integers.
+func (i *protoUint64) UnmarshalJSON(data []byte) error {
+ if data[0] == '"' {
+ var str string
+ if err := json.Unmarshal(data, &str); err != nil {
+ return err
+ }
+ parsedUint, err := strconv.ParseUint(str, 10, 64)
+ if err != nil {
+ return err
+ }
+ *i = protoUint64(parsedUint)
+ } else {
+ var parsedUint uint64
+ if err := json.Unmarshal(data, &parsedUint); err != nil {
+ return err
+ }
+ *i = protoUint64(parsedUint)
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/resource.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/resource.go
new file mode 100644
index 0000000000..1798a702d4
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/resource.go
@@ -0,0 +1,66 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+)
+
+// Resource information.
+type Resource struct {
+ // Attrs are the set of attributes that describe the resource. Attribute
+ // keys MUST be unique (it is not allowed to have more than one attribute
+ // with the same key).
+ Attrs []Attr `json:"attributes,omitempty"`
+ // DroppedAttrs is the number of dropped attributes. If the value
+ // is 0, then no attributes were dropped.
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into r.
+func (r *Resource) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid Resource type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid Resource field: %#v", keyIface)
+ }
+
+ switch key {
+ case "attributes":
+ err = decoder.Decode(&r.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&r.DroppedAttrs)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/scope.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/scope.go
new file mode 100644
index 0000000000..c2b4c635b7
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/scope.go
@@ -0,0 +1,67 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+)
+
+// Scope is the identifying values of the instrumentation scope.
+type Scope struct {
+ Name string `json:"name,omitempty"`
+ Version string `json:"version,omitempty"`
+ Attrs []Attr `json:"attributes,omitempty"`
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into r.
+func (s *Scope) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid Scope type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid Scope field: %#v", keyIface)
+ }
+
+ switch key {
+ case "name":
+ err = decoder.Decode(&s.Name)
+ case "version":
+ err = decoder.Decode(&s.Version)
+ case "attributes":
+ err = decoder.Decode(&s.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&s.DroppedAttrs)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go
new file mode 100644
index 0000000000..3c5e1cdb1b
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go
@@ -0,0 +1,460 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
+
+import (
+ "bytes"
+ "encoding/hex"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "math"
+ "time"
+)
+
+// A Span represents a single operation performed by a single component of the
+// system.
+type Span struct {
+ // A unique identifier for a trace. All spans from the same trace share
+ // the same `trace_id`. The ID is a 16-byte array. An ID with all zeroes OR
+ // of length other than 16 bytes is considered invalid (empty string in OTLP/JSON
+ // is zero-length and thus is also invalid).
+ //
+ // This field is required.
+ TraceID TraceID `json:"traceId,omitempty"`
+ // A unique identifier for a span within a trace, assigned when the span
+ // is created. The ID is an 8-byte array. An ID with all zeroes OR of length
+ // other than 8 bytes is considered invalid (empty string in OTLP/JSON
+ // is zero-length and thus is also invalid).
+ //
+ // This field is required.
+ SpanID SpanID `json:"spanId,omitempty"`
+ // trace_state conveys information about request position in multiple distributed tracing graphs.
+ // It is a trace_state in w3c-trace-context format: https://www.w3.org/TR/trace-context/#tracestate-header
+ // See also https://github.com/w3c/distributed-tracing for more details about this field.
+ TraceState string `json:"traceState,omitempty"`
+ // The `span_id` of this span's parent span. If this is a root span, then this
+ // field must be empty. The ID is an 8-byte array.
+ ParentSpanID SpanID `json:"parentSpanId,omitempty"`
+ // Flags, a bit field.
+ //
+ // Bits 0-7 (8 least significant bits) are the trace flags as defined in W3C Trace
+ // Context specification. To read the 8-bit W3C trace flag, use
+ // `flags & SPAN_FLAGS_TRACE_FLAGS_MASK`.
+ //
+ // See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions.
+ //
+ // Bits 8 and 9 represent the 3 states of whether a span's parent
+ // is remote. The states are (unknown, is not remote, is remote).
+ // To read whether the value is known, use `(flags & SPAN_FLAGS_CONTEXT_HAS_IS_REMOTE_MASK) != 0`.
+ // To read whether the span is remote, use `(flags & SPAN_FLAGS_CONTEXT_IS_REMOTE_MASK) != 0`.
+ //
+ // When creating span messages, if the message is logically forwarded from another source
+ // with an equivalent flags fields (i.e., usually another OTLP span message), the field SHOULD
+ // be copied as-is. If creating from a source that does not have an equivalent flags field
+ // (such as a runtime representation of an OpenTelemetry span), the high 22 bits MUST
+ // be set to zero.
+ // Readers MUST NOT assume that bits 10-31 (22 most significant bits) will be zero.
+ //
+ // [Optional].
+ Flags uint32 `json:"flags,omitempty"`
+ // A description of the span's operation.
+ //
+ // For example, the name can be a qualified method name or a file name
+ // and a line number where the operation is called. A best practice is to use
+ // the same display name at the same call point in an application.
+ // This makes it easier to correlate spans in different traces.
+ //
+ // This field is semantically required to be set to non-empty string.
+ // Empty value is equivalent to an unknown span name.
+ //
+ // This field is required.
+ Name string `json:"name"`
+ // Distinguishes between spans generated in a particular context. For example,
+ // two spans with the same name may be distinguished using `CLIENT` (caller)
+ // and `SERVER` (callee) to identify queueing latency associated with the span.
+ Kind SpanKind `json:"kind,omitempty"`
+ // start_time_unix_nano is the start time of the span. On the client side, this is the time
+ // kept by the local machine where the span execution starts. On the server side, this
+ // is the time when the server's application handler starts running.
+ // Value is UNIX Epoch time in nanoseconds since 00:00:00 UTC on 1 January 1970.
+ //
+ // This field is semantically required and it is expected that end_time >= start_time.
+ StartTime time.Time `json:"startTimeUnixNano,omitempty"`
+ // end_time_unix_nano is the end time of the span. On the client side, this is the time
+ // kept by the local machine where the span execution ends. On the server side, this
+ // is the time when the server application handler stops running.
+ // Value is UNIX Epoch time in nanoseconds since 00:00:00 UTC on 1 January 1970.
+ //
+ // This field is semantically required and it is expected that end_time >= start_time.
+ EndTime time.Time `json:"endTimeUnixNano,omitempty"`
+ // attributes is a collection of key/value pairs. Note, global attributes
+ // like server name can be set using the resource API. Examples of attributes:
+ //
+ // "/http/user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
+ // "/http/server_latency": 300
+ // "example.com/myattribute": true
+ // "example.com/score": 10.239
+ //
+ // The OpenTelemetry API specification further restricts the allowed value types:
+ // https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/common/README.md#attribute
+ // Attribute keys MUST be unique (it is not allowed to have more than one
+ // attribute with the same key).
+ Attrs []Attr `json:"attributes,omitempty"`
+ // dropped_attributes_count is the number of attributes that were discarded. Attributes
+ // can be discarded because their keys are too long or because there are too many
+ // attributes. If this value is 0, then no attributes were dropped.
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+ // events is a collection of Event items.
+ Events []*SpanEvent `json:"events,omitempty"`
+ // dropped_events_count is the number of dropped events. If the value is 0, then no
+ // events were dropped.
+ DroppedEvents uint32 `json:"droppedEventsCount,omitempty"`
+ // links is a collection of Links, which are references from this span to a span
+ // in the same or different trace.
+ Links []*SpanLink `json:"links,omitempty"`
+ // dropped_links_count is the number of dropped links after the maximum size was
+ // enforced. If this value is 0, then no links were dropped.
+ DroppedLinks uint32 `json:"droppedLinksCount,omitempty"`
+ // An optional final status for this span. Semantically when Status isn't set, it means
+ // span's status code is unset, i.e. assume STATUS_CODE_UNSET (code = 0).
+ Status *Status `json:"status,omitempty"`
+}
+
+// MarshalJSON encodes s into OTLP formatted JSON.
+func (s Span) MarshalJSON() ([]byte, error) {
+ startT := s.StartTime.UnixNano()
+ if s.StartTime.IsZero() || startT < 0 {
+ startT = 0
+ }
+
+ endT := s.EndTime.UnixNano()
+ if s.EndTime.IsZero() || endT < 0 {
+ endT = 0
+ }
+
+ // Override non-empty default SpanID marshal and omitempty.
+ var parentSpanId string
+ if !s.ParentSpanID.IsEmpty() {
+ b := make([]byte, hex.EncodedLen(spanIDSize))
+ hex.Encode(b, s.ParentSpanID[:])
+ parentSpanId = string(b)
+ }
+
+ type Alias Span
+ return json.Marshal(struct {
+ Alias
+ ParentSpanID string `json:"parentSpanId,omitempty"`
+ StartTime uint64 `json:"startTimeUnixNano,omitempty"`
+ EndTime uint64 `json:"endTimeUnixNano,omitempty"`
+ }{
+ Alias: Alias(s),
+ ParentSpanID: parentSpanId,
+ StartTime: uint64(startT), // nolint:gosec // >0 checked above.
+ EndTime: uint64(endT), // nolint:gosec // >0 checked above.
+ })
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into s.
+func (s *Span) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid Span type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid Span field: %#v", keyIface)
+ }
+
+ switch key {
+ case "traceId", "trace_id":
+ err = decoder.Decode(&s.TraceID)
+ case "spanId", "span_id":
+ err = decoder.Decode(&s.SpanID)
+ case "traceState", "trace_state":
+ err = decoder.Decode(&s.TraceState)
+ case "parentSpanId", "parent_span_id":
+ err = decoder.Decode(&s.ParentSpanID)
+ case "flags":
+ err = decoder.Decode(&s.Flags)
+ case "name":
+ err = decoder.Decode(&s.Name)
+ case "kind":
+ err = decoder.Decode(&s.Kind)
+ case "startTimeUnixNano", "start_time_unix_nano":
+ var val protoUint64
+ err = decoder.Decode(&val)
+ v := int64(min(val.Uint64(), math.MaxInt64)) // nolint: gosec // Overflow checked.
+ s.StartTime = time.Unix(0, v)
+ case "endTimeUnixNano", "end_time_unix_nano":
+ var val protoUint64
+ err = decoder.Decode(&val)
+ v := int64(min(val.Uint64(), math.MaxInt64)) // nolint: gosec // Overflow checked.
+ s.EndTime = time.Unix(0, v)
+ case "attributes":
+ err = decoder.Decode(&s.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&s.DroppedAttrs)
+ case "events":
+ err = decoder.Decode(&s.Events)
+ case "droppedEventsCount", "dropped_events_count":
+ err = decoder.Decode(&s.DroppedEvents)
+ case "links":
+ err = decoder.Decode(&s.Links)
+ case "droppedLinksCount", "dropped_links_count":
+ err = decoder.Decode(&s.DroppedLinks)
+ case "status":
+ err = decoder.Decode(&s.Status)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// SpanFlags represents constants used to interpret the
+// Span.flags field, which is protobuf 'fixed32' type and is to
+// be used as bit-fields. Each non-zero value defined in this enum is
+// a bit-mask. To extract the bit-field, for example, use an
+// expression like:
+//
+// (span.flags & SPAN_FLAGS_TRACE_FLAGS_MASK)
+//
+// See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions.
+//
+// Note that Span flags were introduced in version 1.1 of the
+// OpenTelemetry protocol. Older Span producers do not set this
+// field, consequently consumers should not rely on the absence of a
+// particular flag bit to indicate the presence of a particular feature.
+type SpanFlags int32
+
+const (
+ // Bits 0-7 are used for trace flags.
+ SpanFlagsTraceFlagsMask SpanFlags = 255
+ // Bits 8 and 9 are used to indicate that the parent span or link span is remote.
+ // Bit 8 (`HAS_IS_REMOTE`) indicates whether the value is known.
+ // Bit 9 (`IS_REMOTE`) indicates whether the span or link is remote.
+ SpanFlagsContextHasIsRemoteMask SpanFlags = 256
+ // SpanFlagsContextHasIsRemoteMask indicates the Span is remote.
+ SpanFlagsContextIsRemoteMask SpanFlags = 512
+)
+
+// SpanKind is the type of span. Can be used to specify additional relationships between spans
+// in addition to a parent/child relationship.
+type SpanKind int32
+
+const (
+ // Indicates that the span represents an internal operation within an application,
+ // as opposed to an operation happening at the boundaries. Default value.
+ SpanKindInternal SpanKind = 1
+ // Indicates that the span covers server-side handling of an RPC or other
+ // remote network request.
+ SpanKindServer SpanKind = 2
+ // Indicates that the span describes a request to some remote service.
+ SpanKindClient SpanKind = 3
+ // Indicates that the span describes a producer sending a message to a broker.
+ // Unlike CLIENT and SERVER, there is often no direct critical path latency relationship
+ // between producer and consumer spans. A PRODUCER span ends when the message was accepted
+ // by the broker while the logical processing of the message might span a much longer time.
+ SpanKindProducer SpanKind = 4
+ // Indicates that the span describes consumer receiving a message from a broker.
+ // Like the PRODUCER kind, there is often no direct critical path latency relationship
+ // between producer and consumer spans.
+ SpanKindConsumer SpanKind = 5
+)
+
+// Event is a time-stamped annotation of the span, consisting of user-supplied
+// text description and key-value pairs.
+type SpanEvent struct {
+ // time_unix_nano is the time the event occurred.
+ Time time.Time `json:"timeUnixNano,omitempty"`
+ // name of the event.
+ // This field is semantically required to be set to non-empty string.
+ Name string `json:"name,omitempty"`
+ // attributes is a collection of attribute key/value pairs on the event.
+ // Attribute keys MUST be unique (it is not allowed to have more than one
+ // attribute with the same key).
+ Attrs []Attr `json:"attributes,omitempty"`
+ // dropped_attributes_count is the number of dropped attributes. If the value is 0,
+ // then no attributes were dropped.
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+}
+
+// MarshalJSON encodes e into OTLP formatted JSON.
+func (e SpanEvent) MarshalJSON() ([]byte, error) {
+ t := e.Time.UnixNano()
+ if e.Time.IsZero() || t < 0 {
+ t = 0
+ }
+
+ type Alias SpanEvent
+ return json.Marshal(struct {
+ Alias
+ Time uint64 `json:"timeUnixNano,omitempty"`
+ }{
+ Alias: Alias(e),
+ Time: uint64(t), // nolint: gosec // >0 checked above
+ })
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into se.
+func (se *SpanEvent) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid SpanEvent type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid SpanEvent field: %#v", keyIface)
+ }
+
+ switch key {
+ case "timeUnixNano", "time_unix_nano":
+ var val protoUint64
+ err = decoder.Decode(&val)
+ v := int64(min(val.Uint64(), math.MaxInt64)) // nolint: gosec // Overflow checked.
+ se.Time = time.Unix(0, v)
+ case "name":
+ err = decoder.Decode(&se.Name)
+ case "attributes":
+ err = decoder.Decode(&se.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&se.DroppedAttrs)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// A pointer from the current span to another span in the same trace or in a
+// different trace. For example, this can be used in batching operations,
+// where a single batch handler processes multiple requests from different
+// traces or when the handler receives a request from a different project.
+type SpanLink struct {
+ // A unique identifier of a trace that this linked span is part of. The ID is a
+ // 16-byte array.
+ TraceID TraceID `json:"traceId,omitempty"`
+ // A unique identifier for the linked span. The ID is an 8-byte array.
+ SpanID SpanID `json:"spanId,omitempty"`
+ // The trace_state associated with the link.
+ TraceState string `json:"traceState,omitempty"`
+ // attributes is a collection of attribute key/value pairs on the link.
+ // Attribute keys MUST be unique (it is not allowed to have more than one
+ // attribute with the same key).
+ Attrs []Attr `json:"attributes,omitempty"`
+ // dropped_attributes_count is the number of dropped attributes. If the value is 0,
+ // then no attributes were dropped.
+ DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"`
+ // Flags, a bit field.
+ //
+ // Bits 0-7 (8 least significant bits) are the trace flags as defined in W3C Trace
+ // Context specification. To read the 8-bit W3C trace flag, use
+ // `flags & SPAN_FLAGS_TRACE_FLAGS_MASK`.
+ //
+ // See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions.
+ //
+ // Bits 8 and 9 represent the 3 states of whether the link is remote.
+ // The states are (unknown, is not remote, is remote).
+ // To read whether the value is known, use `(flags & SPAN_FLAGS_CONTEXT_HAS_IS_REMOTE_MASK) != 0`.
+ // To read whether the link is remote, use `(flags & SPAN_FLAGS_CONTEXT_IS_REMOTE_MASK) != 0`.
+ //
+ // Readers MUST NOT assume that bits 10-31 (22 most significant bits) will be zero.
+ // When creating new spans, bits 10-31 (most-significant 22-bits) MUST be zero.
+ //
+ // [Optional].
+ Flags uint32 `json:"flags,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into sl.
+func (sl *SpanLink) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid SpanLink type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid SpanLink field: %#v", keyIface)
+ }
+
+ switch key {
+ case "traceId", "trace_id":
+ err = decoder.Decode(&sl.TraceID)
+ case "spanId", "span_id":
+ err = decoder.Decode(&sl.SpanID)
+ case "traceState", "trace_state":
+ err = decoder.Decode(&sl.TraceState)
+ case "attributes":
+ err = decoder.Decode(&sl.Attrs)
+ case "droppedAttributesCount", "dropped_attributes_count":
+ err = decoder.Decode(&sl.DroppedAttrs)
+ case "flags":
+ err = decoder.Decode(&sl.Flags)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/status.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/status.go
new file mode 100644
index 0000000000..1d013a8fa8
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/status.go
@@ -0,0 +1,40 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
+
+// For the semantics of status codes see
+// https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/api.md#set-status
+type StatusCode int32
+
+const (
+ // The default status.
+ StatusCodeUnset StatusCode = 0
+ // The Span has been validated by an Application developer or Operator to
+ // have completed successfully.
+ StatusCodeOK StatusCode = 1
+ // The Span contains an error.
+ StatusCodeError StatusCode = 2
+)
+
+var statusCodeStrings = []string{
+ "Unset",
+ "OK",
+ "Error",
+}
+
+func (s StatusCode) String() string {
+ if s >= 0 && int(s) < len(statusCodeStrings) {
+ return statusCodeStrings[s]
+ }
+ return ""
+}
+
+// The Status type defines a logical error model that is suitable for different
+// programming environments, including REST APIs and RPC APIs.
+type Status struct {
+ // A developer-facing human readable error message.
+ Message string `json:"message,omitempty"`
+ // The status code.
+ Code StatusCode `json:"code,omitempty"`
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/traces.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/traces.go
new file mode 100644
index 0000000000..b039407081
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/traces.go
@@ -0,0 +1,189 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+)
+
+// Traces represents the traces data that can be stored in a persistent storage,
+// OR can be embedded by other protocols that transfer OTLP traces data but do
+// not implement the OTLP protocol.
+//
+// The main difference between this message and collector protocol is that
+// in this message there will not be any "control" or "metadata" specific to
+// OTLP protocol.
+//
+// When new fields are added into this message, the OTLP request MUST be updated
+// as well.
+type Traces struct {
+ // An array of ResourceSpans.
+ // For data coming from a single resource this array will typically contain
+ // one element. Intermediary nodes that receive data from multiple origins
+ // typically batch the data before forwarding further and in that case this
+ // array will contain multiple elements.
+ ResourceSpans []*ResourceSpans `json:"resourceSpans,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into td.
+func (td *Traces) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid TracesData type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid TracesData field: %#v", keyIface)
+ }
+
+ switch key {
+ case "resourceSpans", "resource_spans":
+ err = decoder.Decode(&td.ResourceSpans)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// A collection of ScopeSpans from a Resource.
+type ResourceSpans struct {
+ // The resource for the spans in this message.
+ // If this field is not set then no resource info is known.
+ Resource Resource `json:"resource"`
+ // A list of ScopeSpans that originate from a resource.
+ ScopeSpans []*ScopeSpans `json:"scopeSpans,omitempty"`
+ // This schema_url applies to the data in the "resource" field. It does not apply
+ // to the data in the "scope_spans" field which have their own schema_url field.
+ SchemaURL string `json:"schemaUrl,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into rs.
+func (rs *ResourceSpans) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid ResourceSpans type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid ResourceSpans field: %#v", keyIface)
+ }
+
+ switch key {
+ case "resource":
+ err = decoder.Decode(&rs.Resource)
+ case "scopeSpans", "scope_spans":
+ err = decoder.Decode(&rs.ScopeSpans)
+ case "schemaUrl", "schema_url":
+ err = decoder.Decode(&rs.SchemaURL)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// A collection of Spans produced by an InstrumentationScope.
+type ScopeSpans struct {
+ // The instrumentation scope information for the spans in this message.
+ // Semantically when InstrumentationScope isn't set, it is equivalent with
+ // an empty instrumentation scope name (unknown).
+ Scope *Scope `json:"scope"`
+ // A list of Spans that originate from an instrumentation scope.
+ Spans []*Span `json:"spans,omitempty"`
+ // The Schema URL, if known. This is the identifier of the Schema that the span data
+ // is recorded in. To learn more about Schema URL see
+ // https://opentelemetry.io/docs/specs/otel/schemas/#schema-url
+ // This schema_url applies to all spans and span events in the "spans" field.
+ SchemaURL string `json:"schemaUrl,omitempty"`
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into ss.
+func (ss *ScopeSpans) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid ScopeSpans type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid ScopeSpans field: %#v", keyIface)
+ }
+
+ switch key {
+ case "scope":
+ err = decoder.Decode(&ss.Scope)
+ case "spans":
+ err = decoder.Decode(&ss.Spans)
+ case "schemaUrl", "schema_url":
+ err = decoder.Decode(&ss.SchemaURL)
+ default:
+ // Skip unknown.
+ }
+
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/value.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/value.go
new file mode 100644
index 0000000000..7251492da0
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/value.go
@@ -0,0 +1,453 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry"
+
+import (
+ "bytes"
+ "cmp"
+ "encoding/base64"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "math"
+ "slices"
+ "strconv"
+ "unsafe"
+)
+
+// A Value represents a structured value.
+// A zero value is valid and represents an empty value.
+type Value struct {
+ // Ensure forward compatibility by explicitly making this not comparable.
+ noCmp [0]func() //nolint: unused // This is indeed used.
+
+ // num holds the value for Int64, Float64, and Bool. It holds the length
+ // for String, Bytes, Slice, Map.
+ num uint64
+ // any holds either the KindBool, KindInt64, KindFloat64, stringptr,
+ // bytesptr, sliceptr, or mapptr. If KindBool, KindInt64, or KindFloat64
+ // then the value of Value is in num as described above. Otherwise, it
+ // contains the value wrapped in the appropriate type.
+ any any
+}
+
+type (
+ // sliceptr represents a value in Value.any for KindString Values.
+ stringptr *byte
+ // bytesptr represents a value in Value.any for KindBytes Values.
+ bytesptr *byte
+ // sliceptr represents a value in Value.any for KindSlice Values.
+ sliceptr *Value
+ // mapptr represents a value in Value.any for KindMap Values.
+ mapptr *Attr
+)
+
+// ValueKind is the kind of a [Value].
+type ValueKind int
+
+// ValueKind values.
+const (
+ ValueKindEmpty ValueKind = iota
+ ValueKindBool
+ ValueKindFloat64
+ ValueKindInt64
+ ValueKindString
+ ValueKindBytes
+ ValueKindSlice
+ ValueKindMap
+)
+
+var valueKindStrings = []string{
+ "Empty",
+ "Bool",
+ "Float64",
+ "Int64",
+ "String",
+ "Bytes",
+ "Slice",
+ "Map",
+}
+
+func (k ValueKind) String() string {
+ if k >= 0 && int(k) < len(valueKindStrings) {
+ return valueKindStrings[k]
+ }
+ return ""
+}
+
+// StringValue returns a new [Value] for a string.
+func StringValue(v string) Value {
+ return Value{
+ num: uint64(len(v)),
+ any: stringptr(unsafe.StringData(v)),
+ }
+}
+
+// IntValue returns a [Value] for an int.
+func IntValue(v int) Value { return Int64Value(int64(v)) }
+
+// Int64Value returns a [Value] for an int64.
+func Int64Value(v int64) Value {
+ return Value{
+ num: uint64(v), // nolint: gosec // Store raw bytes.
+ any: ValueKindInt64,
+ }
+}
+
+// Float64Value returns a [Value] for a float64.
+func Float64Value(v float64) Value {
+ return Value{num: math.Float64bits(v), any: ValueKindFloat64}
+}
+
+// BoolValue returns a [Value] for a bool.
+func BoolValue(v bool) Value { //nolint:revive // Not a control flag.
+ var n uint64
+ if v {
+ n = 1
+ }
+ return Value{num: n, any: ValueKindBool}
+}
+
+// BytesValue returns a [Value] for a byte slice. The passed slice must not be
+// changed after it is passed.
+func BytesValue(v []byte) Value {
+ return Value{
+ num: uint64(len(v)),
+ any: bytesptr(unsafe.SliceData(v)),
+ }
+}
+
+// SliceValue returns a [Value] for a slice of [Value]. The passed slice must
+// not be changed after it is passed.
+func SliceValue(vs ...Value) Value {
+ return Value{
+ num: uint64(len(vs)),
+ any: sliceptr(unsafe.SliceData(vs)),
+ }
+}
+
+// MapValue returns a new [Value] for a slice of key-value pairs. The passed
+// slice must not be changed after it is passed.
+func MapValue(kvs ...Attr) Value {
+ return Value{
+ num: uint64(len(kvs)),
+ any: mapptr(unsafe.SliceData(kvs)),
+ }
+}
+
+// AsString returns the value held by v as a string.
+func (v Value) AsString() string {
+ if sp, ok := v.any.(stringptr); ok {
+ return unsafe.String(sp, v.num)
+ }
+ // TODO: error handle
+ return ""
+}
+
+// asString returns the value held by v as a string. It will panic if the Value
+// is not KindString.
+func (v Value) asString() string {
+ return unsafe.String(v.any.(stringptr), v.num)
+}
+
+// AsInt64 returns the value held by v as an int64.
+func (v Value) AsInt64() int64 {
+ if v.Kind() != ValueKindInt64 {
+ // TODO: error handle
+ return 0
+ }
+ return v.asInt64()
+}
+
+// asInt64 returns the value held by v as an int64. If v is not of KindInt64,
+// this will return garbage.
+func (v Value) asInt64() int64 {
+ // Assumes v.num was a valid int64 (overflow not checked).
+ return int64(v.num) // nolint: gosec
+}
+
+// AsBool returns the value held by v as a bool.
+func (v Value) AsBool() bool {
+ if v.Kind() != ValueKindBool {
+ // TODO: error handle
+ return false
+ }
+ return v.asBool()
+}
+
+// asBool returns the value held by v as a bool. If v is not of KindBool, this
+// will return garbage.
+func (v Value) asBool() bool { return v.num == 1 }
+
+// AsFloat64 returns the value held by v as a float64.
+func (v Value) AsFloat64() float64 {
+ if v.Kind() != ValueKindFloat64 {
+ // TODO: error handle
+ return 0
+ }
+ return v.asFloat64()
+}
+
+// asFloat64 returns the value held by v as a float64. If v is not of
+// KindFloat64, this will return garbage.
+func (v Value) asFloat64() float64 { return math.Float64frombits(v.num) }
+
+// AsBytes returns the value held by v as a []byte.
+func (v Value) AsBytes() []byte {
+ if sp, ok := v.any.(bytesptr); ok {
+ return unsafe.Slice((*byte)(sp), v.num)
+ }
+ // TODO: error handle
+ return nil
+}
+
+// asBytes returns the value held by v as a []byte. It will panic if the Value
+// is not KindBytes.
+func (v Value) asBytes() []byte {
+ return unsafe.Slice((*byte)(v.any.(bytesptr)), v.num)
+}
+
+// AsSlice returns the value held by v as a []Value.
+func (v Value) AsSlice() []Value {
+ if sp, ok := v.any.(sliceptr); ok {
+ return unsafe.Slice((*Value)(sp), v.num)
+ }
+ // TODO: error handle
+ return nil
+}
+
+// asSlice returns the value held by v as a []Value. It will panic if the Value
+// is not KindSlice.
+func (v Value) asSlice() []Value {
+ return unsafe.Slice((*Value)(v.any.(sliceptr)), v.num)
+}
+
+// AsMap returns the value held by v as a []Attr.
+func (v Value) AsMap() []Attr {
+ if sp, ok := v.any.(mapptr); ok {
+ return unsafe.Slice((*Attr)(sp), v.num)
+ }
+ // TODO: error handle
+ return nil
+}
+
+// asMap returns the value held by v as a []Attr. It will panic if the
+// Value is not KindMap.
+func (v Value) asMap() []Attr {
+ return unsafe.Slice((*Attr)(v.any.(mapptr)), v.num)
+}
+
+// Kind returns the Kind of v.
+func (v Value) Kind() ValueKind {
+ switch x := v.any.(type) {
+ case ValueKind:
+ return x
+ case stringptr:
+ return ValueKindString
+ case bytesptr:
+ return ValueKindBytes
+ case sliceptr:
+ return ValueKindSlice
+ case mapptr:
+ return ValueKindMap
+ default:
+ return ValueKindEmpty
+ }
+}
+
+// Empty returns if v does not hold any value.
+func (v Value) Empty() bool { return v.Kind() == ValueKindEmpty }
+
+// Equal returns if v is equal to w.
+func (v Value) Equal(w Value) bool {
+ k1 := v.Kind()
+ k2 := w.Kind()
+ if k1 != k2 {
+ return false
+ }
+ switch k1 {
+ case ValueKindInt64, ValueKindBool:
+ return v.num == w.num
+ case ValueKindString:
+ return v.asString() == w.asString()
+ case ValueKindFloat64:
+ return v.asFloat64() == w.asFloat64()
+ case ValueKindSlice:
+ return slices.EqualFunc(v.asSlice(), w.asSlice(), Value.Equal)
+ case ValueKindMap:
+ sv := sortMap(v.asMap())
+ sw := sortMap(w.asMap())
+ return slices.EqualFunc(sv, sw, Attr.Equal)
+ case ValueKindBytes:
+ return bytes.Equal(v.asBytes(), w.asBytes())
+ case ValueKindEmpty:
+ return true
+ default:
+ // TODO: error handle
+ return false
+ }
+}
+
+func sortMap(m []Attr) []Attr {
+ sm := make([]Attr, len(m))
+ copy(sm, m)
+ slices.SortFunc(sm, func(a, b Attr) int {
+ return cmp.Compare(a.Key, b.Key)
+ })
+
+ return sm
+}
+
+// String returns Value's value as a string, formatted like [fmt.Sprint].
+//
+// The returned string is meant for debugging;
+// the string representation is not stable.
+func (v Value) String() string {
+ switch v.Kind() {
+ case ValueKindString:
+ return v.asString()
+ case ValueKindInt64:
+ // Assumes v.num was a valid int64 (overflow not checked).
+ return strconv.FormatInt(int64(v.num), 10) // nolint: gosec
+ case ValueKindFloat64:
+ return strconv.FormatFloat(v.asFloat64(), 'g', -1, 64)
+ case ValueKindBool:
+ return strconv.FormatBool(v.asBool())
+ case ValueKindBytes:
+ return fmt.Sprint(v.asBytes())
+ case ValueKindMap:
+ return fmt.Sprint(v.asMap())
+ case ValueKindSlice:
+ return fmt.Sprint(v.asSlice())
+ case ValueKindEmpty:
+ return ""
+ default:
+ // Try to handle this as gracefully as possible.
+ //
+ // Don't panic here. The goal here is to have developers find this
+ // first if a slog.Kind is is not handled. It is
+ // preferable to have user's open issue asking why their attributes
+ // have a "unhandled: " prefix than say that their code is panicking.
+ return fmt.Sprintf("", v.Kind())
+ }
+}
+
+// MarshalJSON encodes v into OTLP formatted JSON.
+func (v *Value) MarshalJSON() ([]byte, error) {
+ switch v.Kind() {
+ case ValueKindString:
+ return json.Marshal(struct {
+ Value string `json:"stringValue"`
+ }{v.asString()})
+ case ValueKindInt64:
+ return json.Marshal(struct {
+ Value string `json:"intValue"`
+ }{strconv.FormatInt(int64(v.num), 10)}) // nolint: gosec // From raw bytes.
+ case ValueKindFloat64:
+ return json.Marshal(struct {
+ Value float64 `json:"doubleValue"`
+ }{v.asFloat64()})
+ case ValueKindBool:
+ return json.Marshal(struct {
+ Value bool `json:"boolValue"`
+ }{v.asBool()})
+ case ValueKindBytes:
+ return json.Marshal(struct {
+ Value []byte `json:"bytesValue"`
+ }{v.asBytes()})
+ case ValueKindMap:
+ return json.Marshal(struct {
+ Value struct {
+ Values []Attr `json:"values"`
+ } `json:"kvlistValue"`
+ }{struct {
+ Values []Attr `json:"values"`
+ }{v.asMap()}})
+ case ValueKindSlice:
+ return json.Marshal(struct {
+ Value struct {
+ Values []Value `json:"values"`
+ } `json:"arrayValue"`
+ }{struct {
+ Values []Value `json:"values"`
+ }{v.asSlice()}})
+ case ValueKindEmpty:
+ return nil, nil
+ default:
+ return nil, fmt.Errorf("unknown Value kind: %s", v.Kind().String())
+ }
+}
+
+// UnmarshalJSON decodes the OTLP formatted JSON contained in data into v.
+func (v *Value) UnmarshalJSON(data []byte) error {
+ decoder := json.NewDecoder(bytes.NewReader(data))
+
+ t, err := decoder.Token()
+ if err != nil {
+ return err
+ }
+ if t != json.Delim('{') {
+ return errors.New("invalid Value type")
+ }
+
+ for decoder.More() {
+ keyIface, err := decoder.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ // Empty.
+ return nil
+ }
+ return err
+ }
+
+ key, ok := keyIface.(string)
+ if !ok {
+ return fmt.Errorf("invalid Value key: %#v", keyIface)
+ }
+
+ switch key {
+ case "stringValue", "string_value":
+ var val string
+ err = decoder.Decode(&val)
+ *v = StringValue(val)
+ case "boolValue", "bool_value":
+ var val bool
+ err = decoder.Decode(&val)
+ *v = BoolValue(val)
+ case "intValue", "int_value":
+ var val protoInt64
+ err = decoder.Decode(&val)
+ *v = Int64Value(val.Int64())
+ case "doubleValue", "double_value":
+ var val float64
+ err = decoder.Decode(&val)
+ *v = Float64Value(val)
+ case "bytesValue", "bytes_value":
+ var val64 string
+ if err := decoder.Decode(&val64); err != nil {
+ return err
+ }
+ var val []byte
+ val, err = base64.StdEncoding.DecodeString(val64)
+ *v = BytesValue(val)
+ case "arrayValue", "array_value":
+ var val struct{ Values []Value }
+ err = decoder.Decode(&val)
+ *v = SliceValue(val.Values...)
+ case "kvlistValue", "kvlist_value":
+ var val struct{ Values []Attr }
+ err = decoder.Decode(&val)
+ *v = MapValue(val.Values...)
+ default:
+ // Skip unknown.
+ continue
+ }
+ // Use first valid. Ignore the rest.
+ return err
+ }
+
+ // Only unknown fields. Return nil without unmarshaling any value.
+ return nil
+}
diff --git a/vendor/go.opentelemetry.io/otel/trace/noop.go b/vendor/go.opentelemetry.io/otel/trace/noop.go
index ca20e9997a..c8b1ae5d67 100644
--- a/vendor/go.opentelemetry.io/otel/trace/noop.go
+++ b/vendor/go.opentelemetry.io/otel/trace/noop.go
@@ -82,4 +82,22 @@ func (noopSpan) AddLink(Link) {}
func (noopSpan) SetName(string) {}
// TracerProvider returns a no-op TracerProvider.
-func (noopSpan) TracerProvider() TracerProvider { return noopTracerProvider{} }
+func (s noopSpan) TracerProvider() TracerProvider {
+ return s.tracerProvider(autoInstEnabled)
+}
+
+// autoInstEnabled defines if the auto-instrumentation SDK is enabled.
+//
+// The auto-instrumentation is expected to overwrite this value to true when it
+// attaches to the process.
+var autoInstEnabled = new(bool)
+
+// tracerProvider return a noopTracerProvider if autoEnabled is false,
+// otherwise it will return a TracerProvider from the sdk package used in
+// auto-instrumentation.
+func (noopSpan) tracerProvider(autoEnabled *bool) TracerProvider {
+ if *autoEnabled {
+ return newAutoTracerProvider()
+ }
+ return noopTracerProvider{}
+}
diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go
index 6d3c7b1f40..d5fa71f674 100644
--- a/vendor/go.opentelemetry.io/otel/version.go
+++ b/vendor/go.opentelemetry.io/otel/version.go
@@ -5,5 +5,5 @@ package otel // import "go.opentelemetry.io/otel"
// Version is the current release version of OpenTelemetry in use.
func Version() string {
- return "1.31.0"
+ return "1.35.0"
}
diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml
index cdebdb5eb7..2b4cb4b418 100644
--- a/vendor/go.opentelemetry.io/otel/versions.yaml
+++ b/vendor/go.opentelemetry.io/otel/versions.yaml
@@ -3,19 +3,13 @@
module-sets:
stable-v1:
- version: v1.31.0
+ version: v1.35.0
modules:
- go.opentelemetry.io/otel
- go.opentelemetry.io/otel/bridge/opencensus
- go.opentelemetry.io/otel/bridge/opencensus/test
- go.opentelemetry.io/otel/bridge/opentracing
- go.opentelemetry.io/otel/bridge/opentracing/test
- - go.opentelemetry.io/otel/example/dice
- - go.opentelemetry.io/otel/example/namedtracer
- - go.opentelemetry.io/otel/example/opencensus
- - go.opentelemetry.io/otel/example/otel-collector
- - go.opentelemetry.io/otel/example/passthrough
- - go.opentelemetry.io/otel/example/zipkin
- go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
- go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
- go.opentelemetry.io/otel/exporters/otlp/otlptrace
@@ -29,12 +23,11 @@ module-sets:
- go.opentelemetry.io/otel/sdk/metric
- go.opentelemetry.io/otel/trace
experimental-metrics:
- version: v0.53.0
+ version: v0.57.0
modules:
- - go.opentelemetry.io/otel/example/prometheus
- go.opentelemetry.io/otel/exporters/prometheus
experimental-logs:
- version: v0.7.0
+ version: v0.11.0
modules:
- go.opentelemetry.io/otel/log
- go.opentelemetry.io/otel/sdk/log
@@ -42,8 +35,9 @@ module-sets:
- go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
- go.opentelemetry.io/otel/exporters/stdout/stdoutlog
experimental-schema:
- version: v0.0.10
+ version: v0.0.12
modules:
- go.opentelemetry.io/otel/schema
excluded-modules:
- go.opentelemetry.io/otel/internal/tools
+ - go.opentelemetry.io/otel/trace/internal/telemetry/test
diff --git a/vendor/golang.org/x/mod/LICENSE b/vendor/golang.org/x/mod/LICENSE
index 6a66aea5ea..2a7cf70da6 100644
--- a/vendor/golang.org/x/mod/LICENSE
+++ b/vendor/golang.org/x/mod/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer.
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
- * Neither the name of Google Inc. nor the names of its
+ * Neither the name of Google LLC nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
diff --git a/vendor/golang.org/x/mod/modfile/read.go b/vendor/golang.org/x/mod/modfile/read.go
index 2205682591..2d7486804f 100644
--- a/vendor/golang.org/x/mod/modfile/read.go
+++ b/vendor/golang.org/x/mod/modfile/read.go
@@ -226,8 +226,9 @@ func (x *FileSyntax) Cleanup() {
continue
}
if ww == 1 && len(stmt.RParen.Comments.Before) == 0 {
- // Collapse block into single line.
- line := &Line{
+ // Collapse block into single line but keep the Line reference used by the
+ // parsed File structure.
+ *stmt.Line[0] = Line{
Comments: Comments{
Before: commentsAdd(stmt.Before, stmt.Line[0].Before),
Suffix: commentsAdd(stmt.Line[0].Suffix, stmt.Suffix),
@@ -235,7 +236,7 @@ func (x *FileSyntax) Cleanup() {
},
Token: stringsAdd(stmt.Token, stmt.Line[0].Token),
}
- x.Stmt[w] = line
+ x.Stmt[w] = stmt.Line[0]
w++
continue
}
@@ -876,6 +877,11 @@ func (in *input) parseLineBlock(start Position, token []string, lparen token) *L
in.Error(fmt.Sprintf("syntax error (unterminated block started at %s:%d:%d)", in.filename, x.Start.Line, x.Start.LineRune))
case ')':
rparen := in.lex()
+ // Don't preserve blank lines (denoted by a single empty comment, added above)
+ // at the end of the block.
+ if len(comments) == 1 && comments[0] == (Comment{}) {
+ comments = nil
+ }
x.RParen.Before = comments
x.RParen.Pos = rparen.pos
if !in.peek().isEOL() {
diff --git a/vendor/golang.org/x/mod/modfile/rule.go b/vendor/golang.org/x/mod/modfile/rule.go
index 66dcaf9803..3e4a1d0ab4 100644
--- a/vendor/golang.org/x/mod/modfile/rule.go
+++ b/vendor/golang.org/x/mod/modfile/rule.go
@@ -43,6 +43,7 @@ type File struct {
Exclude []*Exclude
Replace []*Replace
Retract []*Retract
+ Tool []*Tool
Syntax *FileSyntax
}
@@ -93,6 +94,12 @@ type Retract struct {
Syntax *Line
}
+// A Tool is a single tool statement.
+type Tool struct {
+ Path string
+ Syntax *Line
+}
+
// A VersionInterval represents a range of versions with upper and lower bounds.
// Intervals are closed: both bounds are included. When Low is equal to High,
// the interval may refer to a single version ('v1.2.3') or an interval
@@ -297,7 +304,7 @@ func parseToFile(file string, data []byte, fix VersionFixer, strict bool) (parse
})
}
continue
- case "module", "godebug", "require", "exclude", "replace", "retract":
+ case "module", "godebug", "require", "exclude", "replace", "retract", "tool":
for _, l := range x.Line {
f.add(&errs, x, l, x.Token[0], l.Token, fix, strict)
}
@@ -509,6 +516,21 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a
Syntax: line,
}
f.Retract = append(f.Retract, retract)
+
+ case "tool":
+ if len(args) != 1 {
+ errorf("tool directive expects exactly one argument")
+ return
+ }
+ s, err := parseString(&args[0])
+ if err != nil {
+ errorf("invalid quoted string: %v", err)
+ return
+ }
+ f.Tool = append(f.Tool, &Tool{
+ Path: s,
+ Syntax: line,
+ })
}
}
@@ -1567,6 +1589,36 @@ func (f *File) DropRetract(vi VersionInterval) error {
return nil
}
+// AddTool adds a new tool directive with the given path.
+// It does nothing if the tool line already exists.
+func (f *File) AddTool(path string) error {
+ for _, t := range f.Tool {
+ if t.Path == path {
+ return nil
+ }
+ }
+
+ f.Tool = append(f.Tool, &Tool{
+ Path: path,
+ Syntax: f.Syntax.addLine(nil, "tool", path),
+ })
+
+ f.SortBlocks()
+ return nil
+}
+
+// RemoveTool removes a tool directive with the given path.
+// It does nothing if no such tool directive exists.
+func (f *File) DropTool(path string) error {
+ for _, t := range f.Tool {
+ if t.Path == path {
+ t.Syntax.markRemoved()
+ *t = Tool{}
+ }
+ }
+ return nil
+}
+
func (f *File) SortBlocks() {
f.removeDups() // otherwise sorting is unsafe
@@ -1593,9 +1645,9 @@ func (f *File) SortBlocks() {
}
}
-// removeDups removes duplicate exclude and replace directives.
+// removeDups removes duplicate exclude, replace and tool directives.
//
-// Earlier exclude directives take priority.
+// Earlier exclude and tool directives take priority.
//
// Later replace directives take priority.
//
@@ -1605,10 +1657,10 @@ func (f *File) SortBlocks() {
// retract directives are not de-duplicated since comments are
// meaningful, and versions may be retracted multiple times.
func (f *File) removeDups() {
- removeDups(f.Syntax, &f.Exclude, &f.Replace)
+ removeDups(f.Syntax, &f.Exclude, &f.Replace, &f.Tool)
}
-func removeDups(syntax *FileSyntax, exclude *[]*Exclude, replace *[]*Replace) {
+func removeDups(syntax *FileSyntax, exclude *[]*Exclude, replace *[]*Replace, tool *[]*Tool) {
kill := make(map[*Line]bool)
// Remove duplicate excludes.
@@ -1649,6 +1701,24 @@ func removeDups(syntax *FileSyntax, exclude *[]*Exclude, replace *[]*Replace) {
}
*replace = repl
+ if tool != nil {
+ haveTool := make(map[string]bool)
+ for _, t := range *tool {
+ if haveTool[t.Path] {
+ kill[t.Syntax] = true
+ continue
+ }
+ haveTool[t.Path] = true
+ }
+ var newTool []*Tool
+ for _, t := range *tool {
+ if !kill[t.Syntax] {
+ newTool = append(newTool, t)
+ }
+ }
+ *tool = newTool
+ }
+
// Duplicate require and retract directives are not removed.
// Drop killed statements from the syntax tree.
diff --git a/vendor/golang.org/x/mod/modfile/work.go b/vendor/golang.org/x/mod/modfile/work.go
index 8f54897cf7..5387d0c265 100644
--- a/vendor/golang.org/x/mod/modfile/work.go
+++ b/vendor/golang.org/x/mod/modfile/work.go
@@ -331,5 +331,5 @@ func (f *WorkFile) SortBlocks() {
// retract directives are not de-duplicated since comments are
// meaningful, and versions may be retracted multiple times.
func (f *WorkFile) removeDups() {
- removeDups(f.Syntax, nil, &f.Replace)
+ removeDups(f.Syntax, nil, &f.Replace, nil)
}
diff --git a/vendor/golang.org/x/mod/module/module.go b/vendor/golang.org/x/mod/module/module.go
index cac1a899e9..2a364b229b 100644
--- a/vendor/golang.org/x/mod/module/module.go
+++ b/vendor/golang.org/x/mod/module/module.go
@@ -506,7 +506,6 @@ var badWindowsNames = []string{
"PRN",
"AUX",
"NUL",
- "COM0",
"COM1",
"COM2",
"COM3",
@@ -516,7 +515,6 @@ var badWindowsNames = []string{
"COM7",
"COM8",
"COM9",
- "LPT0",
"LPT1",
"LPT2",
"LPT3",
diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go
index f8c3c09265..cfafed5b54 100644
--- a/vendor/golang.org/x/sync/errgroup/errgroup.go
+++ b/vendor/golang.org/x/sync/errgroup/errgroup.go
@@ -12,6 +12,8 @@ package errgroup
import (
"context"
"fmt"
+ "runtime"
+ "runtime/debug"
"sync"
)
@@ -31,6 +33,10 @@ type Group struct {
errOnce sync.Once
err error
+
+ mu sync.Mutex
+ panicValue any // = PanicError | PanicValue; non-nil if some Group.Go goroutine panicked.
+ abnormal bool // some Group.Go goroutine terminated abnormally (panic or goexit).
}
func (g *Group) done() {
@@ -50,13 +56,22 @@ func WithContext(ctx context.Context) (*Group, context.Context) {
return &Group{cancel: cancel}, ctx
}
-// Wait blocks until all function calls from the Go method have returned, then
-// returns the first non-nil error (if any) from them.
+// Wait blocks until all function calls from the Go method have returned
+// normally, then returns the first non-nil error (if any) from them.
+//
+// If any of the calls panics, Wait panics with a [PanicValue];
+// and if any of them calls [runtime.Goexit], Wait calls runtime.Goexit.
func (g *Group) Wait() error {
g.wg.Wait()
if g.cancel != nil {
g.cancel(g.err)
}
+ if g.panicValue != nil {
+ panic(g.panicValue)
+ }
+ if g.abnormal {
+ runtime.Goexit()
+ }
return g.err
}
@@ -65,18 +80,56 @@ func (g *Group) Wait() error {
// It blocks until the new goroutine can be added without the number of
// active goroutines in the group exceeding the configured limit.
//
-// The first call to return a non-nil error cancels the group's context, if the
-// group was created by calling WithContext. The error will be returned by Wait.
+// It blocks until the new goroutine can be added without the number of
+// goroutines in the group exceeding the configured limit.
+//
+// The first goroutine in the group that returns a non-nil error, panics, or
+// invokes [runtime.Goexit] will cancel the associated Context, if any.
func (g *Group) Go(f func() error) {
if g.sem != nil {
g.sem <- token{}
}
+ g.add(f)
+}
+
+func (g *Group) add(f func() error) {
g.wg.Add(1)
go func() {
defer g.done()
+ normalReturn := false
+ defer func() {
+ if normalReturn {
+ return
+ }
+ v := recover()
+ g.mu.Lock()
+ defer g.mu.Unlock()
+ if !g.abnormal {
+ if g.cancel != nil {
+ g.cancel(g.err)
+ }
+ g.abnormal = true
+ }
+ if v != nil && g.panicValue == nil {
+ switch v := v.(type) {
+ case error:
+ g.panicValue = PanicError{
+ Recovered: v,
+ Stack: debug.Stack(),
+ }
+ default:
+ g.panicValue = PanicValue{
+ Recovered: v,
+ Stack: debug.Stack(),
+ }
+ }
+ }
+ }()
- if err := f(); err != nil {
+ err := f()
+ normalReturn = true
+ if err != nil {
g.errOnce.Do(func() {
g.err = err
if g.cancel != nil {
@@ -101,19 +154,7 @@ func (g *Group) TryGo(f func() error) bool {
}
}
- g.wg.Add(1)
- go func() {
- defer g.done()
-
- if err := f(); err != nil {
- g.errOnce.Do(func() {
- g.err = err
- if g.cancel != nil {
- g.cancel(g.err)
- }
- })
- }
- }()
+ g.add(f)
return true
}
@@ -135,3 +176,33 @@ func (g *Group) SetLimit(n int) {
}
g.sem = make(chan token, n)
}
+
+// PanicError wraps an error recovered from an unhandled panic
+// when calling a function passed to Go or TryGo.
+type PanicError struct {
+ Recovered error
+ Stack []byte // result of call to [debug.Stack]
+}
+
+func (p PanicError) Error() string {
+ // A Go Error method conventionally does not include a stack dump, so omit it
+ // here. (Callers who care can extract it from the Stack field.)
+ return fmt.Sprintf("recovered from errgroup.Group: %v", p.Recovered)
+}
+
+func (p PanicError) Unwrap() error { return p.Recovered }
+
+// PanicValue wraps a value that does not implement the error interface,
+// recovered from an unhandled panic when calling a function passed to Go or
+// TryGo.
+type PanicValue struct {
+ Recovered any
+ Stack []byte // result of call to [debug.Stack]
+}
+
+func (p PanicValue) String() string {
+ if len(p.Stack) > 0 {
+ return fmt.Sprintf("recovered from errgroup.Group: %v\n%s", p.Recovered, p.Stack)
+ }
+ return fmt.Sprintf("recovered from errgroup.Group: %v", p.Recovered)
+}
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index b6e1ab76f8..a8b0364c7c 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -1303,7 +1303,10 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DE
return nil, err
}
if absoluteSDSize > 0 {
- absoluteSD = (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&make([]byte, absoluteSDSize)[0]))
+ absoluteSD = new(SECURITY_DESCRIPTOR)
+ if unsafe.Sizeof(*absoluteSD) < uintptr(absoluteSDSize) {
+ panic("sizeof(SECURITY_DESCRIPTOR) too small")
+ }
}
var (
dacl *ACL
@@ -1312,19 +1315,55 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DE
group *SID
)
if daclSize > 0 {
- dacl = (*ACL)(unsafe.Pointer(&make([]byte, daclSize)[0]))
+ dacl = (*ACL)(unsafe.Pointer(unsafe.SliceData(make([]byte, daclSize))))
}
if saclSize > 0 {
- sacl = (*ACL)(unsafe.Pointer(&make([]byte, saclSize)[0]))
+ sacl = (*ACL)(unsafe.Pointer(unsafe.SliceData(make([]byte, saclSize))))
}
if ownerSize > 0 {
- owner = (*SID)(unsafe.Pointer(&make([]byte, ownerSize)[0]))
+ owner = (*SID)(unsafe.Pointer(unsafe.SliceData(make([]byte, ownerSize))))
}
if groupSize > 0 {
- group = (*SID)(unsafe.Pointer(&make([]byte, groupSize)[0]))
+ group = (*SID)(unsafe.Pointer(unsafe.SliceData(make([]byte, groupSize))))
}
+ // We call into Windows via makeAbsoluteSD, which sets up
+ // pointers within absoluteSD that point to other chunks of memory
+ // we pass into makeAbsoluteSD, and that happens outside the view of the GC.
+ // We therefore take some care here to then verify the pointers are as we expect
+ // and set them explicitly in view of the GC. See https://go.dev/issue/73199.
+ // TODO: consider weak pointers once Go 1.24 is appropriate. See suggestion in https://go.dev/cl/663575.
err = makeAbsoluteSD(selfRelativeSD, absoluteSD, &absoluteSDSize,
dacl, &daclSize, sacl, &saclSize, owner, &ownerSize, group, &groupSize)
+ if err != nil {
+ // Don't return absoluteSD, which might be partially initialized.
+ return nil, err
+ }
+ // Before using any fields, verify absoluteSD is in the format we expect according to Windows.
+ // See https://learn.microsoft.com/en-us/windows/win32/secauthz/absolute-and-self-relative-security-descriptors
+ absControl, _, err := absoluteSD.Control()
+ if err != nil {
+ panic("absoluteSD: " + err.Error())
+ }
+ if absControl&SE_SELF_RELATIVE != 0 {
+ panic("absoluteSD not in absolute format")
+ }
+ if absoluteSD.dacl != dacl {
+ panic("dacl pointer mismatch")
+ }
+ if absoluteSD.sacl != sacl {
+ panic("sacl pointer mismatch")
+ }
+ if absoluteSD.owner != owner {
+ panic("owner pointer mismatch")
+ }
+ if absoluteSD.group != group {
+ panic("group pointer mismatch")
+ }
+ absoluteSD.dacl = dacl
+ absoluteSD.sacl = sacl
+ absoluteSD.owner = owner
+ absoluteSD.group = group
+
return
}
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 4a32543868..640f6b153f 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -870,6 +870,7 @@ const socket_error = uintptr(^uint32(0))
//sys WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSARecvFrom
//sys WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSASendTo
//sys WSASocket(af int32, typ int32, protocol int32, protoInfo *WSAProtocolInfo, group uint32, flags uint32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.WSASocketW
+//sys WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err error) [failretval!=0] = ws2_32.WSADuplicateSocketW
//sys GetHostByName(name string) (h *Hostent, err error) [failretval==nil] = ws2_32.gethostbyname
//sys GetServByName(name string, proto string) (s *Servent, err error) [failretval==nil] = ws2_32.getservbyname
//sys Ntohs(netshort uint16) (u uint16) = ws2_32.ntohs
@@ -1698,8 +1699,9 @@ func NewNTUnicodeString(s string) (*NTUnicodeString, error) {
// Slice returns a uint16 slice that aliases the data in the NTUnicodeString.
func (s *NTUnicodeString) Slice() []uint16 {
- slice := unsafe.Slice(s.Buffer, s.MaximumLength)
- return slice[:s.Length]
+ // Note: this rounds the length down, if it happens
+ // to (incorrectly) be odd. Probably safer than rounding up.
+ return unsafe.Slice(s.Buffer, s.MaximumLength/2)[:s.Length/2]
}
func (s *NTUnicodeString) String() string {
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index ad67df2fdb..958bcf47a3 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -2700,6 +2700,8 @@ type CommTimeouts struct {
// NTUnicodeString is a UTF-16 string for NT native APIs, corresponding to UNICODE_STRING.
type NTUnicodeString struct {
+ // Note: Length and MaximumLength are in *bytes*, not uint16s.
+ // They should always be even.
Length uint16
MaximumLength uint16
Buffer *uint16
@@ -3628,3 +3630,213 @@ const (
KLF_NOTELLSHELL = 0x00000080
KLF_SETFORPROCESS = 0x00000100
)
+
+// Virtual Key codes
+// https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes
+const (
+ VK_LBUTTON = 0x01
+ VK_RBUTTON = 0x02
+ VK_CANCEL = 0x03
+ VK_MBUTTON = 0x04
+ VK_XBUTTON1 = 0x05
+ VK_XBUTTON2 = 0x06
+ VK_BACK = 0x08
+ VK_TAB = 0x09
+ VK_CLEAR = 0x0C
+ VK_RETURN = 0x0D
+ VK_SHIFT = 0x10
+ VK_CONTROL = 0x11
+ VK_MENU = 0x12
+ VK_PAUSE = 0x13
+ VK_CAPITAL = 0x14
+ VK_KANA = 0x15
+ VK_HANGEUL = 0x15
+ VK_HANGUL = 0x15
+ VK_IME_ON = 0x16
+ VK_JUNJA = 0x17
+ VK_FINAL = 0x18
+ VK_HANJA = 0x19
+ VK_KANJI = 0x19
+ VK_IME_OFF = 0x1A
+ VK_ESCAPE = 0x1B
+ VK_CONVERT = 0x1C
+ VK_NONCONVERT = 0x1D
+ VK_ACCEPT = 0x1E
+ VK_MODECHANGE = 0x1F
+ VK_SPACE = 0x20
+ VK_PRIOR = 0x21
+ VK_NEXT = 0x22
+ VK_END = 0x23
+ VK_HOME = 0x24
+ VK_LEFT = 0x25
+ VK_UP = 0x26
+ VK_RIGHT = 0x27
+ VK_DOWN = 0x28
+ VK_SELECT = 0x29
+ VK_PRINT = 0x2A
+ VK_EXECUTE = 0x2B
+ VK_SNAPSHOT = 0x2C
+ VK_INSERT = 0x2D
+ VK_DELETE = 0x2E
+ VK_HELP = 0x2F
+ VK_LWIN = 0x5B
+ VK_RWIN = 0x5C
+ VK_APPS = 0x5D
+ VK_SLEEP = 0x5F
+ VK_NUMPAD0 = 0x60
+ VK_NUMPAD1 = 0x61
+ VK_NUMPAD2 = 0x62
+ VK_NUMPAD3 = 0x63
+ VK_NUMPAD4 = 0x64
+ VK_NUMPAD5 = 0x65
+ VK_NUMPAD6 = 0x66
+ VK_NUMPAD7 = 0x67
+ VK_NUMPAD8 = 0x68
+ VK_NUMPAD9 = 0x69
+ VK_MULTIPLY = 0x6A
+ VK_ADD = 0x6B
+ VK_SEPARATOR = 0x6C
+ VK_SUBTRACT = 0x6D
+ VK_DECIMAL = 0x6E
+ VK_DIVIDE = 0x6F
+ VK_F1 = 0x70
+ VK_F2 = 0x71
+ VK_F3 = 0x72
+ VK_F4 = 0x73
+ VK_F5 = 0x74
+ VK_F6 = 0x75
+ VK_F7 = 0x76
+ VK_F8 = 0x77
+ VK_F9 = 0x78
+ VK_F10 = 0x79
+ VK_F11 = 0x7A
+ VK_F12 = 0x7B
+ VK_F13 = 0x7C
+ VK_F14 = 0x7D
+ VK_F15 = 0x7E
+ VK_F16 = 0x7F
+ VK_F17 = 0x80
+ VK_F18 = 0x81
+ VK_F19 = 0x82
+ VK_F20 = 0x83
+ VK_F21 = 0x84
+ VK_F22 = 0x85
+ VK_F23 = 0x86
+ VK_F24 = 0x87
+ VK_NUMLOCK = 0x90
+ VK_SCROLL = 0x91
+ VK_OEM_NEC_EQUAL = 0x92
+ VK_OEM_FJ_JISHO = 0x92
+ VK_OEM_FJ_MASSHOU = 0x93
+ VK_OEM_FJ_TOUROKU = 0x94
+ VK_OEM_FJ_LOYA = 0x95
+ VK_OEM_FJ_ROYA = 0x96
+ VK_LSHIFT = 0xA0
+ VK_RSHIFT = 0xA1
+ VK_LCONTROL = 0xA2
+ VK_RCONTROL = 0xA3
+ VK_LMENU = 0xA4
+ VK_RMENU = 0xA5
+ VK_BROWSER_BACK = 0xA6
+ VK_BROWSER_FORWARD = 0xA7
+ VK_BROWSER_REFRESH = 0xA8
+ VK_BROWSER_STOP = 0xA9
+ VK_BROWSER_SEARCH = 0xAA
+ VK_BROWSER_FAVORITES = 0xAB
+ VK_BROWSER_HOME = 0xAC
+ VK_VOLUME_MUTE = 0xAD
+ VK_VOLUME_DOWN = 0xAE
+ VK_VOLUME_UP = 0xAF
+ VK_MEDIA_NEXT_TRACK = 0xB0
+ VK_MEDIA_PREV_TRACK = 0xB1
+ VK_MEDIA_STOP = 0xB2
+ VK_MEDIA_PLAY_PAUSE = 0xB3
+ VK_LAUNCH_MAIL = 0xB4
+ VK_LAUNCH_MEDIA_SELECT = 0xB5
+ VK_LAUNCH_APP1 = 0xB6
+ VK_LAUNCH_APP2 = 0xB7
+ VK_OEM_1 = 0xBA
+ VK_OEM_PLUS = 0xBB
+ VK_OEM_COMMA = 0xBC
+ VK_OEM_MINUS = 0xBD
+ VK_OEM_PERIOD = 0xBE
+ VK_OEM_2 = 0xBF
+ VK_OEM_3 = 0xC0
+ VK_OEM_4 = 0xDB
+ VK_OEM_5 = 0xDC
+ VK_OEM_6 = 0xDD
+ VK_OEM_7 = 0xDE
+ VK_OEM_8 = 0xDF
+ VK_OEM_AX = 0xE1
+ VK_OEM_102 = 0xE2
+ VK_ICO_HELP = 0xE3
+ VK_ICO_00 = 0xE4
+ VK_PROCESSKEY = 0xE5
+ VK_ICO_CLEAR = 0xE6
+ VK_OEM_RESET = 0xE9
+ VK_OEM_JUMP = 0xEA
+ VK_OEM_PA1 = 0xEB
+ VK_OEM_PA2 = 0xEC
+ VK_OEM_PA3 = 0xED
+ VK_OEM_WSCTRL = 0xEE
+ VK_OEM_CUSEL = 0xEF
+ VK_OEM_ATTN = 0xF0
+ VK_OEM_FINISH = 0xF1
+ VK_OEM_COPY = 0xF2
+ VK_OEM_AUTO = 0xF3
+ VK_OEM_ENLW = 0xF4
+ VK_OEM_BACKTAB = 0xF5
+ VK_ATTN = 0xF6
+ VK_CRSEL = 0xF7
+ VK_EXSEL = 0xF8
+ VK_EREOF = 0xF9
+ VK_PLAY = 0xFA
+ VK_ZOOM = 0xFB
+ VK_NONAME = 0xFC
+ VK_PA1 = 0xFD
+ VK_OEM_CLEAR = 0xFE
+)
+
+// Mouse button constants.
+// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str
+const (
+ FROM_LEFT_1ST_BUTTON_PRESSED = 0x0001
+ RIGHTMOST_BUTTON_PRESSED = 0x0002
+ FROM_LEFT_2ND_BUTTON_PRESSED = 0x0004
+ FROM_LEFT_3RD_BUTTON_PRESSED = 0x0008
+ FROM_LEFT_4TH_BUTTON_PRESSED = 0x0010
+)
+
+// Control key state constaints.
+// https://docs.microsoft.com/en-us/windows/console/key-event-record-str
+// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str
+const (
+ CAPSLOCK_ON = 0x0080
+ ENHANCED_KEY = 0x0100
+ LEFT_ALT_PRESSED = 0x0002
+ LEFT_CTRL_PRESSED = 0x0008
+ NUMLOCK_ON = 0x0020
+ RIGHT_ALT_PRESSED = 0x0001
+ RIGHT_CTRL_PRESSED = 0x0004
+ SCROLLLOCK_ON = 0x0040
+ SHIFT_PRESSED = 0x0010
+)
+
+// Mouse event record event flags.
+// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str
+const (
+ MOUSE_MOVED = 0x0001
+ DOUBLE_CLICK = 0x0002
+ MOUSE_WHEELED = 0x0004
+ MOUSE_HWHEELED = 0x0008
+)
+
+// Input Record Event Types
+// https://learn.microsoft.com/en-us/windows/console/input-record-str
+const (
+ FOCUS_EVENT = 0x0010
+ KEY_EVENT = 0x0001
+ MENU_EVENT = 0x0008
+ MOUSE_EVENT = 0x0002
+ WINDOW_BUFFER_SIZE_EVENT = 0x0004
+)
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 01c0716c2c..a58bc48b8e 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -511,6 +511,7 @@ var (
procFreeAddrInfoW = modws2_32.NewProc("FreeAddrInfoW")
procGetAddrInfoW = modws2_32.NewProc("GetAddrInfoW")
procWSACleanup = modws2_32.NewProc("WSACleanup")
+ procWSADuplicateSocketW = modws2_32.NewProc("WSADuplicateSocketW")
procWSAEnumProtocolsW = modws2_32.NewProc("WSAEnumProtocolsW")
procWSAGetOverlappedResult = modws2_32.NewProc("WSAGetOverlappedResult")
procWSAIoctl = modws2_32.NewProc("WSAIoctl")
@@ -4391,6 +4392,14 @@ func WSACleanup() (err error) {
return
}
+func WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err error) {
+ r1, _, e1 := syscall.Syscall(procWSADuplicateSocketW.Addr(), 3, uintptr(s), uintptr(processID), uintptr(unsafe.Pointer(info)))
+ if r1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) {
r0, _, e1 := syscall.Syscall(procWSAEnumProtocolsW.Addr(), 3, uintptr(unsafe.Pointer(protocols)), uintptr(unsafe.Pointer(protocolBuffer)), uintptr(unsafe.Pointer(bufferLength)))
n = int32(r0)
diff --git a/vendor/google.golang.org/grpc/balancer/balancer.go b/vendor/google.golang.org/grpc/balancer/balancer.go
index 382ad69411..c9b343c715 100644
--- a/vendor/google.golang.org/grpc/balancer/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/balancer.go
@@ -129,6 +129,13 @@ type State struct {
// brand new implementation of this interface. For the situations like
// testing, the new implementation should embed this interface. This allows
// gRPC to add new methods to this interface.
+//
+// NOTICE: This interface is intended to be implemented by gRPC, or intercepted
+// by custom load balancing polices. Users should not need their own complete
+// implementation of this interface -- they should always delegate to a
+// ClientConn passed to Builder.Build() by embedding it in their
+// implementations. An embedded ClientConn must never be nil, or runtime panics
+// will occur.
type ClientConn interface {
// NewSubConn is called by balancer to create a new SubConn.
// It doesn't block and wait for the connections to be established.
@@ -167,6 +174,17 @@ type ClientConn interface {
//
// Deprecated: Use the Target field in the BuildOptions instead.
Target() string
+
+ // MetricsRecorder provides the metrics recorder that balancers can use to
+ // record metrics. Balancer implementations which do not register metrics on
+ // metrics registry and record on them can ignore this method. The returned
+ // MetricsRecorder is guaranteed to never be nil.
+ MetricsRecorder() estats.MetricsRecorder
+
+ // EnforceClientConnEmbedding is included to force implementers to embed
+ // another implementation of this interface, allowing gRPC to add methods
+ // without breaking users.
+ internal.EnforceClientConnEmbedding
}
// BuildOptions contains additional information for Build.
@@ -198,10 +216,6 @@ type BuildOptions struct {
// same resolver.Target as passed to the resolver. See the documentation for
// the resolver.Target type for details about what it contains.
Target resolver.Target
- // MetricsRecorder is the metrics recorder that balancers can use to record
- // metrics. Balancer implementations which do not register metrics on
- // metrics registry and record on them can ignore this field.
- MetricsRecorder estats.MetricsRecorder
}
// Builder creates a balancer.
diff --git a/vendor/google.golang.org/grpc/balancer/base/balancer.go b/vendor/google.golang.org/grpc/balancer/base/balancer.go
index d5ed172ae6..4d576876d8 100644
--- a/vendor/google.golang.org/grpc/balancer/base/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/base/balancer.go
@@ -41,7 +41,7 @@ func (bb *baseBuilder) Build(cc balancer.ClientConn, _ balancer.BuildOptions) ba
cc: cc,
pickerBuilder: bb.pickerBuilder,
- subConns: resolver.NewAddressMap(),
+ subConns: resolver.NewAddressMapV2[balancer.SubConn](),
scStates: make(map[balancer.SubConn]connectivity.State),
csEvltr: &balancer.ConnectivityStateEvaluator{},
config: bb.config,
@@ -65,7 +65,7 @@ type baseBalancer struct {
csEvltr *balancer.ConnectivityStateEvaluator
state connectivity.State
- subConns *resolver.AddressMap
+ subConns *resolver.AddressMapV2[balancer.SubConn]
scStates map[balancer.SubConn]connectivity.State
picker balancer.Picker
config Config
@@ -100,7 +100,7 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
// Successful resolution; clear resolver error and ensure we return nil.
b.resolverErr = nil
// addrsSet is the set converted from addrs, it's used for quick lookup of an address.
- addrsSet := resolver.NewAddressMap()
+ addrsSet := resolver.NewAddressMapV2[any]()
for _, a := range s.ResolverState.Addresses {
addrsSet.Set(a, nil)
if _, ok := b.subConns.Get(a); !ok {
@@ -122,8 +122,7 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
}
}
for _, a := range b.subConns.Keys() {
- sci, _ := b.subConns.Get(a)
- sc := sci.(balancer.SubConn)
+ sc, _ := b.subConns.Get(a)
// a was removed by resolver.
if _, ok := addrsSet.Get(a); !ok {
sc.Shutdown()
@@ -173,8 +172,7 @@ func (b *baseBalancer) regeneratePicker() {
// Filter out all ready SCs from full subConn map.
for _, addr := range b.subConns.Keys() {
- sci, _ := b.subConns.Get(addr)
- sc := sci.(balancer.SubConn)
+ sc, _ := b.subConns.Get(addr)
if st, ok := b.scStates[sc]; ok && st == connectivity.Ready {
readySCs[sc] = SubConnInfo{Address: addr}
}
diff --git a/vendor/google.golang.org/grpc/balancer/endpointsharding/endpointsharding.go b/vendor/google.golang.org/grpc/balancer/endpointsharding/endpointsharding.go
new file mode 100644
index 0000000000..cc606f4dae
--- /dev/null
+++ b/vendor/google.golang.org/grpc/balancer/endpointsharding/endpointsharding.go
@@ -0,0 +1,356 @@
+/*
+ *
+ * Copyright 2024 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package endpointsharding implements a load balancing policy that manages
+// homogeneous child policies each owning a single endpoint.
+//
+// # Experimental
+//
+// Notice: This package is EXPERIMENTAL and may be changed or removed in a
+// later release.
+package endpointsharding
+
+import (
+ "errors"
+ rand "math/rand/v2"
+ "sync"
+ "sync/atomic"
+
+ "google.golang.org/grpc/balancer"
+ "google.golang.org/grpc/balancer/base"
+ "google.golang.org/grpc/connectivity"
+ "google.golang.org/grpc/resolver"
+)
+
+// ChildState is the balancer state of a child along with the endpoint which
+// identifies the child balancer.
+type ChildState struct {
+ Endpoint resolver.Endpoint
+ State balancer.State
+
+ // Balancer exposes only the ExitIdler interface of the child LB policy.
+ // Other methods of the child policy are called only by endpointsharding.
+ Balancer balancer.ExitIdler
+}
+
+// Options are the options to configure the behaviour of the
+// endpointsharding balancer.
+type Options struct {
+ // DisableAutoReconnect allows the balancer to keep child balancer in the
+ // IDLE state until they are explicitly triggered to exit using the
+ // ChildState obtained from the endpointsharding picker. When set to false,
+ // the endpointsharding balancer will automatically call ExitIdle on child
+ // connections that report IDLE.
+ DisableAutoReconnect bool
+}
+
+// ChildBuilderFunc creates a new balancer with the ClientConn. It has the same
+// type as the balancer.Builder.Build method.
+type ChildBuilderFunc func(cc balancer.ClientConn, opts balancer.BuildOptions) balancer.Balancer
+
+// NewBalancer returns a load balancing policy that manages homogeneous child
+// policies each owning a single endpoint. The endpointsharding balancer
+// forwards the LoadBalancingConfig in ClientConn state updates to its children.
+func NewBalancer(cc balancer.ClientConn, opts balancer.BuildOptions, childBuilder ChildBuilderFunc, esOpts Options) balancer.Balancer {
+ es := &endpointSharding{
+ cc: cc,
+ bOpts: opts,
+ esOpts: esOpts,
+ childBuilder: childBuilder,
+ }
+ es.children.Store(resolver.NewEndpointMap[*balancerWrapper]())
+ return es
+}
+
+// endpointSharding is a balancer that wraps child balancers. It creates a child
+// balancer with child config for every unique Endpoint received. It updates the
+// child states on any update from parent or child.
+type endpointSharding struct {
+ cc balancer.ClientConn
+ bOpts balancer.BuildOptions
+ esOpts Options
+ childBuilder ChildBuilderFunc
+
+ // childMu synchronizes calls to any single child. It must be held for all
+ // calls into a child. To avoid deadlocks, do not acquire childMu while
+ // holding mu.
+ childMu sync.Mutex
+ children atomic.Pointer[resolver.EndpointMap[*balancerWrapper]]
+
+ // inhibitChildUpdates is set during UpdateClientConnState/ResolverError
+ // calls (calls to children will each produce an update, only want one
+ // update).
+ inhibitChildUpdates atomic.Bool
+
+ // mu synchronizes access to the state stored in balancerWrappers in the
+ // children field. mu must not be held during calls into a child since
+ // synchronous calls back from the child may require taking mu, causing a
+ // deadlock. To avoid deadlocks, do not acquire childMu while holding mu.
+ mu sync.Mutex
+}
+
+// UpdateClientConnState creates a child for new endpoints and deletes children
+// for endpoints that are no longer present. It also updates all the children,
+// and sends a single synchronous update of the childrens' aggregated state at
+// the end of the UpdateClientConnState operation. If any endpoint has no
+// addresses it will ignore that endpoint. Otherwise, returns first error found
+// from a child, but fully processes the new update.
+func (es *endpointSharding) UpdateClientConnState(state balancer.ClientConnState) error {
+ es.childMu.Lock()
+ defer es.childMu.Unlock()
+
+ es.inhibitChildUpdates.Store(true)
+ defer func() {
+ es.inhibitChildUpdates.Store(false)
+ es.updateState()
+ }()
+ var ret error
+
+ children := es.children.Load()
+ newChildren := resolver.NewEndpointMap[*balancerWrapper]()
+
+ // Update/Create new children.
+ for _, endpoint := range state.ResolverState.Endpoints {
+ if _, ok := newChildren.Get(endpoint); ok {
+ // Endpoint child was already created, continue to avoid duplicate
+ // update.
+ continue
+ }
+ childBalancer, ok := children.Get(endpoint)
+ if ok {
+ // Endpoint attributes may have changed, update the stored endpoint.
+ es.mu.Lock()
+ childBalancer.childState.Endpoint = endpoint
+ es.mu.Unlock()
+ } else {
+ childBalancer = &balancerWrapper{
+ childState: ChildState{Endpoint: endpoint},
+ ClientConn: es.cc,
+ es: es,
+ }
+ childBalancer.childState.Balancer = childBalancer
+ childBalancer.child = es.childBuilder(childBalancer, es.bOpts)
+ }
+ newChildren.Set(endpoint, childBalancer)
+ if err := childBalancer.updateClientConnStateLocked(balancer.ClientConnState{
+ BalancerConfig: state.BalancerConfig,
+ ResolverState: resolver.State{
+ Endpoints: []resolver.Endpoint{endpoint},
+ Attributes: state.ResolverState.Attributes,
+ },
+ }); err != nil && ret == nil {
+ // Return first error found, and always commit full processing of
+ // updating children. If desired to process more specific errors
+ // across all endpoints, caller should make these specific
+ // validations, this is a current limitation for simplicity sake.
+ ret = err
+ }
+ }
+ // Delete old children that are no longer present.
+ for _, e := range children.Keys() {
+ child, _ := children.Get(e)
+ if _, ok := newChildren.Get(e); !ok {
+ child.closeLocked()
+ }
+ }
+ es.children.Store(newChildren)
+ if newChildren.Len() == 0 {
+ return balancer.ErrBadResolverState
+ }
+ return ret
+}
+
+// ResolverError forwards the resolver error to all of the endpointSharding's
+// children and sends a single synchronous update of the childStates at the end
+// of the ResolverError operation.
+func (es *endpointSharding) ResolverError(err error) {
+ es.childMu.Lock()
+ defer es.childMu.Unlock()
+ es.inhibitChildUpdates.Store(true)
+ defer func() {
+ es.inhibitChildUpdates.Store(false)
+ es.updateState()
+ }()
+ children := es.children.Load()
+ for _, child := range children.Values() {
+ child.resolverErrorLocked(err)
+ }
+}
+
+func (es *endpointSharding) UpdateSubConnState(balancer.SubConn, balancer.SubConnState) {
+ // UpdateSubConnState is deprecated.
+}
+
+func (es *endpointSharding) Close() {
+ es.childMu.Lock()
+ defer es.childMu.Unlock()
+ children := es.children.Load()
+ for _, child := range children.Values() {
+ child.closeLocked()
+ }
+}
+
+// updateState updates this component's state. It sends the aggregated state,
+// and a picker with round robin behavior with all the child states present if
+// needed.
+func (es *endpointSharding) updateState() {
+ if es.inhibitChildUpdates.Load() {
+ return
+ }
+ var readyPickers, connectingPickers, idlePickers, transientFailurePickers []balancer.Picker
+
+ es.mu.Lock()
+ defer es.mu.Unlock()
+
+ children := es.children.Load()
+ childStates := make([]ChildState, 0, children.Len())
+
+ for _, child := range children.Values() {
+ childState := child.childState
+ childStates = append(childStates, childState)
+ childPicker := childState.State.Picker
+ switch childState.State.ConnectivityState {
+ case connectivity.Ready:
+ readyPickers = append(readyPickers, childPicker)
+ case connectivity.Connecting:
+ connectingPickers = append(connectingPickers, childPicker)
+ case connectivity.Idle:
+ idlePickers = append(idlePickers, childPicker)
+ case connectivity.TransientFailure:
+ transientFailurePickers = append(transientFailurePickers, childPicker)
+ // connectivity.Shutdown shouldn't appear.
+ }
+ }
+
+ // Construct the round robin picker based off the aggregated state. Whatever
+ // the aggregated state, use the pickers present that are currently in that
+ // state only.
+ var aggState connectivity.State
+ var pickers []balancer.Picker
+ if len(readyPickers) >= 1 {
+ aggState = connectivity.Ready
+ pickers = readyPickers
+ } else if len(connectingPickers) >= 1 {
+ aggState = connectivity.Connecting
+ pickers = connectingPickers
+ } else if len(idlePickers) >= 1 {
+ aggState = connectivity.Idle
+ pickers = idlePickers
+ } else if len(transientFailurePickers) >= 1 {
+ aggState = connectivity.TransientFailure
+ pickers = transientFailurePickers
+ } else {
+ aggState = connectivity.TransientFailure
+ pickers = []balancer.Picker{base.NewErrPicker(errors.New("no children to pick from"))}
+ } // No children (resolver error before valid update).
+ p := &pickerWithChildStates{
+ pickers: pickers,
+ childStates: childStates,
+ next: uint32(rand.IntN(len(pickers))),
+ }
+ es.cc.UpdateState(balancer.State{
+ ConnectivityState: aggState,
+ Picker: p,
+ })
+}
+
+// pickerWithChildStates delegates to the pickers it holds in a round robin
+// fashion. It also contains the childStates of all the endpointSharding's
+// children.
+type pickerWithChildStates struct {
+ pickers []balancer.Picker
+ childStates []ChildState
+ next uint32
+}
+
+func (p *pickerWithChildStates) Pick(info balancer.PickInfo) (balancer.PickResult, error) {
+ nextIndex := atomic.AddUint32(&p.next, 1)
+ picker := p.pickers[nextIndex%uint32(len(p.pickers))]
+ return picker.Pick(info)
+}
+
+// ChildStatesFromPicker returns the state of all the children managed by the
+// endpoint sharding balancer that created this picker.
+func ChildStatesFromPicker(picker balancer.Picker) []ChildState {
+ p, ok := picker.(*pickerWithChildStates)
+ if !ok {
+ return nil
+ }
+ return p.childStates
+}
+
+// balancerWrapper is a wrapper of a balancer. It ID's a child balancer by
+// endpoint, and persists recent child balancer state.
+type balancerWrapper struct {
+ // The following fields are initialized at build time and read-only after
+ // that and therefore do not need to be guarded by a mutex.
+
+ // child contains the wrapped balancer. Access its methods only through
+ // methods on balancerWrapper to ensure proper synchronization
+ child balancer.Balancer
+ balancer.ClientConn // embed to intercept UpdateState, doesn't deal with SubConns
+
+ es *endpointSharding
+
+ // Access to the following fields is guarded by es.mu.
+
+ childState ChildState
+ isClosed bool
+}
+
+func (bw *balancerWrapper) UpdateState(state balancer.State) {
+ bw.es.mu.Lock()
+ bw.childState.State = state
+ bw.es.mu.Unlock()
+ if state.ConnectivityState == connectivity.Idle && !bw.es.esOpts.DisableAutoReconnect {
+ bw.ExitIdle()
+ }
+ bw.es.updateState()
+}
+
+// ExitIdle pings an IDLE child balancer to exit idle in a new goroutine to
+// avoid deadlocks due to synchronous balancer state updates.
+func (bw *balancerWrapper) ExitIdle() {
+ if ei, ok := bw.child.(balancer.ExitIdler); ok {
+ go func() {
+ bw.es.childMu.Lock()
+ if !bw.isClosed {
+ ei.ExitIdle()
+ }
+ bw.es.childMu.Unlock()
+ }()
+ }
+}
+
+// updateClientConnStateLocked delivers the ClientConnState to the child
+// balancer. Callers must hold the child mutex of the parent endpointsharding
+// balancer.
+func (bw *balancerWrapper) updateClientConnStateLocked(ccs balancer.ClientConnState) error {
+ return bw.child.UpdateClientConnState(ccs)
+}
+
+// closeLocked closes the child balancer. Callers must hold the child mutext of
+// the parent endpointsharding balancer.
+func (bw *balancerWrapper) closeLocked() {
+ bw.child.Close()
+ bw.isClosed = true
+}
+
+func (bw *balancerWrapper) resolverErrorLocked(err error) {
+ bw.child.ResolverError(err)
+}
diff --git a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go b/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go
index 2fc0a71f94..494314f235 100644
--- a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go
+++ b/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go
@@ -54,9 +54,18 @@ func init() {
balancer.Register(pickfirstBuilder{})
}
-// enableHealthListenerKeyType is a unique key type used in resolver attributes
-// to indicate whether the health listener usage is enabled.
-type enableHealthListenerKeyType struct{}
+type (
+ // enableHealthListenerKeyType is a unique key type used in resolver
+ // attributes to indicate whether the health listener usage is enabled.
+ enableHealthListenerKeyType struct{}
+ // managedByPickfirstKeyType is an attribute key type to inform Outlier
+ // Detection that the generic health listener is being used.
+ // TODO: https://github.com/grpc/grpc-go/issues/7915 - Remove this when
+ // implementing the dualstack design. This is a hack. Once Dualstack is
+ // completed, outlier detection will stop sending ejection updates through
+ // the connectivity listener.
+ managedByPickfirstKeyType struct{}
+)
var (
logger = grpclog.Component("pick-first-leaf-lb")
@@ -111,9 +120,9 @@ func (pickfirstBuilder) Build(cc balancer.ClientConn, bo balancer.BuildOptions)
b := &pickfirstBalancer{
cc: cc,
target: bo.Target.String(),
- metricsRecorder: bo.MetricsRecorder, // ClientConn will always create a Metrics Recorder.
+ metricsRecorder: cc.MetricsRecorder(),
- subConns: resolver.NewAddressMap(),
+ subConns: resolver.NewAddressMapV2[*scData](),
state: connectivity.Connecting,
cancelConnectionTimer: func() {},
}
@@ -140,6 +149,17 @@ func EnableHealthListener(state resolver.State) resolver.State {
return state
}
+// IsManagedByPickfirst returns whether an address belongs to a SubConn
+// managed by the pickfirst LB policy.
+// TODO: https://github.com/grpc/grpc-go/issues/7915 - This is a hack to disable
+// outlier_detection via the with connectivity listener when using pick_first.
+// Once Dualstack changes are complete, all SubConns will be created by
+// pick_first and outlier detection will only use the health listener for
+// ejection. This hack can then be removed.
+func IsManagedByPickfirst(addr resolver.Address) bool {
+ return addr.BalancerAttributes.Value(managedByPickfirstKeyType{}) != nil
+}
+
type pfConfig struct {
serviceconfig.LoadBalancingConfig `json:"-"`
@@ -166,6 +186,7 @@ type scData struct {
}
func (b *pickfirstBalancer) newSCData(addr resolver.Address) (*scData, error) {
+ addr.BalancerAttributes = addr.BalancerAttributes.WithValue(managedByPickfirstKeyType{}, true)
sd := &scData{
rawConnectivityState: connectivity.Idle,
effectiveState: connectivity.Idle,
@@ -199,7 +220,7 @@ type pickfirstBalancer struct {
// updates.
state connectivity.State
// scData for active subonns mapped by address.
- subConns *resolver.AddressMap
+ subConns *resolver.AddressMapV2[*scData]
addressList addressList
firstPass bool
numTF int
@@ -298,7 +319,7 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState
prevAddr := b.addressList.currentAddress()
prevSCData, found := b.subConns.Get(prevAddr)
prevAddrsCount := b.addressList.size()
- isPrevRawConnectivityStateReady := found && prevSCData.(*scData).rawConnectivityState == connectivity.Ready
+ isPrevRawConnectivityStateReady := found && prevSCData.rawConnectivityState == connectivity.Ready
b.addressList.updateAddrs(newAddrs)
// If the previous ready SubConn exists in new address list,
@@ -360,21 +381,21 @@ func (b *pickfirstBalancer) startFirstPassLocked() {
b.numTF = 0
// Reset the connection attempt record for existing SubConns.
for _, sd := range b.subConns.Values() {
- sd.(*scData).connectionFailedInFirstPass = false
+ sd.connectionFailedInFirstPass = false
}
b.requestConnectionLocked()
}
func (b *pickfirstBalancer) closeSubConnsLocked() {
for _, sd := range b.subConns.Values() {
- sd.(*scData).subConn.Shutdown()
+ sd.subConn.Shutdown()
}
- b.subConns = resolver.NewAddressMap()
+ b.subConns = resolver.NewAddressMapV2[*scData]()
}
// deDupAddresses ensures that each address appears only once in the slice.
func deDupAddresses(addrs []resolver.Address) []resolver.Address {
- seenAddrs := resolver.NewAddressMap()
+ seenAddrs := resolver.NewAddressMapV2[*scData]()
retAddrs := []resolver.Address{}
for _, addr := range addrs {
@@ -460,7 +481,7 @@ func addressFamily(address string) ipAddrFamily {
// This ensures that the subchannel map accurately reflects the current set of
// addresses received from the name resolver.
func (b *pickfirstBalancer) reconcileSubConnsLocked(newAddrs []resolver.Address) {
- newAddrsMap := resolver.NewAddressMap()
+ newAddrsMap := resolver.NewAddressMapV2[bool]()
for _, addr := range newAddrs {
newAddrsMap.Set(addr, true)
}
@@ -470,7 +491,7 @@ func (b *pickfirstBalancer) reconcileSubConnsLocked(newAddrs []resolver.Address)
continue
}
val, _ := b.subConns.Get(oldAddr)
- val.(*scData).subConn.Shutdown()
+ val.subConn.Shutdown()
b.subConns.Delete(oldAddr)
}
}
@@ -479,13 +500,12 @@ func (b *pickfirstBalancer) reconcileSubConnsLocked(newAddrs []resolver.Address)
// becomes ready, which means that all other subConn must be shutdown.
func (b *pickfirstBalancer) shutdownRemainingLocked(selected *scData) {
b.cancelConnectionTimer()
- for _, v := range b.subConns.Values() {
- sd := v.(*scData)
+ for _, sd := range b.subConns.Values() {
if sd.subConn != selected.subConn {
sd.subConn.Shutdown()
}
}
- b.subConns = resolver.NewAddressMap()
+ b.subConns = resolver.NewAddressMapV2[*scData]()
b.subConns.Set(selected.addr, selected)
}
@@ -518,18 +538,17 @@ func (b *pickfirstBalancer) requestConnectionLocked() {
b.subConns.Set(curAddr, sd)
}
- scd := sd.(*scData)
- switch scd.rawConnectivityState {
+ switch sd.rawConnectivityState {
case connectivity.Idle:
- scd.subConn.Connect()
+ sd.subConn.Connect()
b.scheduleNextConnectionLocked()
return
case connectivity.TransientFailure:
// The SubConn is being re-used and failed during a previous pass
// over the addressList. It has not completed backoff yet.
// Mark it as having failed and try the next address.
- scd.connectionFailedInFirstPass = true
- lastErr = scd.lastErr
+ sd.connectionFailedInFirstPass = true
+ lastErr = sd.lastErr
continue
case connectivity.Connecting:
// Wait for the connection attempt to complete or the timer to fire
@@ -537,7 +556,7 @@ func (b *pickfirstBalancer) requestConnectionLocked() {
b.scheduleNextConnectionLocked()
return
default:
- b.logger.Errorf("SubConn with unexpected state %v present in SubConns map.", scd.rawConnectivityState)
+ b.logger.Errorf("SubConn with unexpected state %v present in SubConns map.", sd.rawConnectivityState)
return
}
@@ -732,8 +751,7 @@ func (b *pickfirstBalancer) endFirstPassIfPossibleLocked(lastErr error) {
}
// Connect() has been called on all the SubConns. The first pass can be
// ended if all the SubConns have reported a failure.
- for _, v := range b.subConns.Values() {
- sd := v.(*scData)
+ for _, sd := range b.subConns.Values() {
if !sd.connectionFailedInFirstPass {
return
}
@@ -744,8 +762,7 @@ func (b *pickfirstBalancer) endFirstPassIfPossibleLocked(lastErr error) {
Picker: &picker{err: lastErr},
})
// Start re-connecting all the SubConns that are already in IDLE.
- for _, v := range b.subConns.Values() {
- sd := v.(*scData)
+ for _, sd := range b.subConns.Values() {
if sd.rawConnectivityState == connectivity.Idle {
sd.subConn.Connect()
}
@@ -906,6 +923,5 @@ func (al *addressList) hasNext() bool {
// fields that are meaningful to the SubConn.
func equalAddressIgnoringBalAttributes(a, b *resolver.Address) bool {
return a.Addr == b.Addr && a.ServerName == b.ServerName &&
- a.Attributes.Equal(b.Attributes) &&
- a.Metadata == b.Metadata
+ a.Attributes.Equal(b.Attributes)
}
diff --git a/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go b/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go
index 80a42d2251..35da5d1ec9 100644
--- a/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go
+++ b/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go
@@ -22,12 +22,13 @@
package roundrobin
import (
- rand "math/rand/v2"
- "sync/atomic"
+ "fmt"
"google.golang.org/grpc/balancer"
- "google.golang.org/grpc/balancer/base"
+ "google.golang.org/grpc/balancer/endpointsharding"
+ "google.golang.org/grpc/balancer/pickfirst/pickfirstleaf"
"google.golang.org/grpc/grpclog"
+ internalgrpclog "google.golang.org/grpc/internal/grpclog"
)
// Name is the name of round_robin balancer.
@@ -35,47 +36,44 @@ const Name = "round_robin"
var logger = grpclog.Component("roundrobin")
-// newBuilder creates a new roundrobin balancer builder.
-func newBuilder() balancer.Builder {
- return base.NewBalancerBuilder(Name, &rrPickerBuilder{}, base.Config{HealthCheck: true})
-}
-
func init() {
- balancer.Register(newBuilder())
+ balancer.Register(builder{})
}
-type rrPickerBuilder struct{}
+type builder struct{}
-func (*rrPickerBuilder) Build(info base.PickerBuildInfo) balancer.Picker {
- logger.Infof("roundrobinPicker: Build called with info: %v", info)
- if len(info.ReadySCs) == 0 {
- return base.NewErrPicker(balancer.ErrNoSubConnAvailable)
- }
- scs := make([]balancer.SubConn, 0, len(info.ReadySCs))
- for sc := range info.ReadySCs {
- scs = append(scs, sc)
- }
- return &rrPicker{
- subConns: scs,
- // Start at a random index, as the same RR balancer rebuilds a new
- // picker when SubConn states change, and we don't want to apply excess
- // load to the first server in the list.
- next: uint32(rand.IntN(len(scs))),
+func (bb builder) Name() string {
+ return Name
+}
+
+func (bb builder) Build(cc balancer.ClientConn, opts balancer.BuildOptions) balancer.Balancer {
+ childBuilder := balancer.Get(pickfirstleaf.Name).Build
+ bal := &rrBalancer{
+ cc: cc,
+ Balancer: endpointsharding.NewBalancer(cc, opts, childBuilder, endpointsharding.Options{}),
}
+ bal.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf("[%p] ", bal))
+ bal.logger.Infof("Created")
+ return bal
}
-type rrPicker struct {
- // subConns is the snapshot of the roundrobin balancer when this picker was
- // created. The slice is immutable. Each Get() will do a round robin
- // selection from it and return the selected SubConn.
- subConns []balancer.SubConn
- next uint32
+type rrBalancer struct {
+ balancer.Balancer
+ cc balancer.ClientConn
+ logger *internalgrpclog.PrefixLogger
}
-func (p *rrPicker) Pick(balancer.PickInfo) (balancer.PickResult, error) {
- subConnsLen := uint32(len(p.subConns))
- nextIndex := atomic.AddUint32(&p.next, 1)
+func (b *rrBalancer) UpdateClientConnState(ccs balancer.ClientConnState) error {
+ return b.Balancer.UpdateClientConnState(balancer.ClientConnState{
+ // Enable the health listener in pickfirst children for client side health
+ // checks and outlier detection, if configured.
+ ResolverState: pickfirstleaf.EnableHealthListener(ccs.ResolverState),
+ })
+}
- sc := p.subConns[nextIndex%subConnsLen]
- return balancer.PickResult{SubConn: sc}, nil
+func (b *rrBalancer) ExitIdle() {
+ // Should always be ok, as child is endpoint sharding.
+ if ei, ok := b.Balancer.(balancer.ExitIdler); ok {
+ ei.ExitIdle()
+ }
}
diff --git a/vendor/google.golang.org/grpc/balancer/subconn.go b/vendor/google.golang.org/grpc/balancer/subconn.go
index ea27c4fa76..9ee44d4af0 100644
--- a/vendor/google.golang.org/grpc/balancer/subconn.go
+++ b/vendor/google.golang.org/grpc/balancer/subconn.go
@@ -44,7 +44,7 @@ import (
// should only use a single address.
//
// NOTICE: This interface is intended to be implemented by gRPC, or intercepted
-// by custom load balancing poilices. Users should not need their own complete
+// by custom load balancing polices. Users should not need their own complete
// implementation of this interface -- they should always delegate to a SubConn
// returned by ClientConn.NewSubConn() by embedding it in their implementations.
// An embedded SubConn must never be nil, or runtime panics will occur.
diff --git a/vendor/google.golang.org/grpc/balancer_wrapper.go b/vendor/google.golang.org/grpc/balancer_wrapper.go
index 905817b5fc..948a21ef68 100644
--- a/vendor/google.golang.org/grpc/balancer_wrapper.go
+++ b/vendor/google.golang.org/grpc/balancer_wrapper.go
@@ -26,6 +26,7 @@ import (
"google.golang.org/grpc/balancer"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/connectivity"
+ "google.golang.org/grpc/experimental/stats"
"google.golang.org/grpc/internal"
"google.golang.org/grpc/internal/balancer/gracefulswitch"
"google.golang.org/grpc/internal/channelz"
@@ -34,7 +35,15 @@ import (
"google.golang.org/grpc/status"
)
-var setConnectedAddress = internal.SetConnectedAddress.(func(*balancer.SubConnState, resolver.Address))
+var (
+ setConnectedAddress = internal.SetConnectedAddress.(func(*balancer.SubConnState, resolver.Address))
+ // noOpRegisterHealthListenerFn is used when client side health checking is
+ // disabled. It sends a single READY update on the registered listener.
+ noOpRegisterHealthListenerFn = func(_ context.Context, listener func(balancer.SubConnState)) func() {
+ listener(balancer.SubConnState{ConnectivityState: connectivity.Ready})
+ return func() {}
+ }
+)
// ccBalancerWrapper sits between the ClientConn and the Balancer.
//
@@ -51,6 +60,7 @@ var setConnectedAddress = internal.SetConnectedAddress.(func(*balancer.SubConnSt
// It uses the gracefulswitch.Balancer internally to ensure that balancer
// switches happen in a graceful manner.
type ccBalancerWrapper struct {
+ internal.EnforceClientConnEmbedding
// The following fields are initialized when the wrapper is created and are
// read-only afterwards, and therefore can be accessed without a mutex.
cc *ClientConn
@@ -84,7 +94,6 @@ func newCCBalancerWrapper(cc *ClientConn) *ccBalancerWrapper {
CustomUserAgent: cc.dopts.copts.UserAgent,
ChannelzParent: cc.channelz,
Target: cc.parsedTarget,
- MetricsRecorder: cc.metricsRecorderList,
},
serializer: grpcsync.NewCallbackSerializer(ctx),
serializerCancel: cancel,
@@ -93,6 +102,10 @@ func newCCBalancerWrapper(cc *ClientConn) *ccBalancerWrapper {
return ccb
}
+func (ccb *ccBalancerWrapper) MetricsRecorder() stats.MetricsRecorder {
+ return ccb.cc.metricsRecorderList
+}
+
// updateClientConnState is invoked by grpc to push a ClientConnState update to
// the underlying balancer. This is always executed from the serializer, so
// it is safe to call into the balancer here.
@@ -277,10 +290,17 @@ type healthData struct {
// to the LB policy. This is stored to avoid sending updates when the
// SubConn has already exited connectivity state READY.
connectivityState connectivity.State
+ // closeHealthProducer stores function to close the ref counted health
+ // producer. The health producer is automatically closed when the SubConn
+ // state changes.
+ closeHealthProducer func()
}
func newHealthData(s connectivity.State) *healthData {
- return &healthData{connectivityState: s}
+ return &healthData{
+ connectivityState: s,
+ closeHealthProducer: func() {},
+ }
}
// updateState is invoked by grpc to push a subConn state update to the
@@ -400,7 +420,7 @@ func (acbw *acBalancerWrapper) GetOrBuildProducer(pb balancer.ProducerBuilder) (
}
acbw.producersMu.Unlock()
}
- return pData.producer, grpcsync.OnceFunc(unref)
+ return pData.producer, sync.OnceFunc(unref)
}
func (acbw *acBalancerWrapper) closeProducers() {
@@ -413,6 +433,37 @@ func (acbw *acBalancerWrapper) closeProducers() {
}
}
+// healthProducerRegisterFn is a type alias for the health producer's function
+// for registering listeners.
+type healthProducerRegisterFn = func(context.Context, balancer.SubConn, string, func(balancer.SubConnState)) func()
+
+// healthListenerRegFn returns a function to register a listener for health
+// updates. If client side health checks are disabled, the registered listener
+// will get a single READY (raw connectivity state) update.
+//
+// Client side health checking is enabled when all the following
+// conditions are satisfied:
+// 1. Health checking is not disabled using the dial option.
+// 2. The health package is imported.
+// 3. The health check config is present in the service config.
+func (acbw *acBalancerWrapper) healthListenerRegFn() func(context.Context, func(balancer.SubConnState)) func() {
+ if acbw.ccb.cc.dopts.disableHealthCheck {
+ return noOpRegisterHealthListenerFn
+ }
+ regHealthLisFn := internal.RegisterClientHealthCheckListener
+ if regHealthLisFn == nil {
+ // The health package is not imported.
+ return noOpRegisterHealthListenerFn
+ }
+ cfg := acbw.ac.cc.healthCheckConfig()
+ if cfg == nil {
+ return noOpRegisterHealthListenerFn
+ }
+ return func(ctx context.Context, listener func(balancer.SubConnState)) func() {
+ return regHealthLisFn.(healthProducerRegisterFn)(ctx, acbw, cfg.ServiceName, listener)
+ }
+}
+
// RegisterHealthListener accepts a health listener from the LB policy. It sends
// updates to the health listener as long as the SubConn's connectivity state
// doesn't change and a new health listener is not registered. To invalidate
@@ -421,6 +472,7 @@ func (acbw *acBalancerWrapper) closeProducers() {
func (acbw *acBalancerWrapper) RegisterHealthListener(listener func(balancer.SubConnState)) {
acbw.healthMu.Lock()
defer acbw.healthMu.Unlock()
+ acbw.healthData.closeHealthProducer()
// listeners should not be registered when the connectivity state
// isn't Ready. This may happen when the balancer registers a listener
// after the connectivityState is updated, but before it is notified
@@ -436,6 +488,7 @@ func (acbw *acBalancerWrapper) RegisterHealthListener(listener func(balancer.Sub
return
}
+ registerFn := acbw.healthListenerRegFn()
acbw.ccb.serializer.TrySchedule(func(ctx context.Context) {
if ctx.Err() != nil || acbw.ccb.balancer == nil {
return
@@ -443,10 +496,25 @@ func (acbw *acBalancerWrapper) RegisterHealthListener(listener func(balancer.Sub
// Don't send updates if a new listener is registered.
acbw.healthMu.Lock()
defer acbw.healthMu.Unlock()
- curHD := acbw.healthData
- if curHD != hd {
+ if acbw.healthData != hd {
return
}
- listener(balancer.SubConnState{ConnectivityState: connectivity.Ready})
+ // Serialize the health updates from the health producer with
+ // other calls into the LB policy.
+ listenerWrapper := func(scs balancer.SubConnState) {
+ acbw.ccb.serializer.TrySchedule(func(ctx context.Context) {
+ if ctx.Err() != nil || acbw.ccb.balancer == nil {
+ return
+ }
+ acbw.healthMu.Lock()
+ defer acbw.healthMu.Unlock()
+ if acbw.healthData != hd {
+ return
+ }
+ listener(scs)
+ })
+ }
+
+ hd.closeHealthProducer = registerFn(ctx, listenerWrapper)
})
}
diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
index 9e9d080699..825c31795f 100644
--- a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
+++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
@@ -18,7 +18,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.35.1
+// protoc-gen-go v1.36.5
// protoc v5.27.1
// source: grpc/binlog/v1/binarylog.proto
@@ -31,6 +31,7 @@ import (
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
+ unsafe "unsafe"
)
const (
@@ -233,10 +234,7 @@ func (Address_Type) EnumDescriptor() ([]byte, []int) {
// Log entry we store in binary logs
type GrpcLogEntry struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// The timestamp of the binary log message
Timestamp *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
// Uniquely identifies a call. The value must not be 0 in order to disambiguate
@@ -255,7 +253,7 @@ type GrpcLogEntry struct {
// The logger uses one of the following fields to record the payload,
// according to the type of the log entry.
//
- // Types that are assignable to Payload:
+ // Types that are valid to be assigned to Payload:
//
// *GrpcLogEntry_ClientHeader
// *GrpcLogEntry_ServerHeader
@@ -269,7 +267,9 @@ type GrpcLogEntry struct {
// EVENT_TYPE_SERVER_HEADER normally or EVENT_TYPE_SERVER_TRAILER in
// the case of trailers-only. On server side, peer is always
// logged on EVENT_TYPE_CLIENT_HEADER.
- Peer *Address `protobuf:"bytes,11,opt,name=peer,proto3" json:"peer,omitempty"`
+ Peer *Address `protobuf:"bytes,11,opt,name=peer,proto3" json:"peer,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *GrpcLogEntry) Reset() {
@@ -337,37 +337,45 @@ func (x *GrpcLogEntry) GetLogger() GrpcLogEntry_Logger {
return GrpcLogEntry_LOGGER_UNKNOWN
}
-func (m *GrpcLogEntry) GetPayload() isGrpcLogEntry_Payload {
- if m != nil {
- return m.Payload
+func (x *GrpcLogEntry) GetPayload() isGrpcLogEntry_Payload {
+ if x != nil {
+ return x.Payload
}
return nil
}
func (x *GrpcLogEntry) GetClientHeader() *ClientHeader {
- if x, ok := x.GetPayload().(*GrpcLogEntry_ClientHeader); ok {
- return x.ClientHeader
+ if x != nil {
+ if x, ok := x.Payload.(*GrpcLogEntry_ClientHeader); ok {
+ return x.ClientHeader
+ }
}
return nil
}
func (x *GrpcLogEntry) GetServerHeader() *ServerHeader {
- if x, ok := x.GetPayload().(*GrpcLogEntry_ServerHeader); ok {
- return x.ServerHeader
+ if x != nil {
+ if x, ok := x.Payload.(*GrpcLogEntry_ServerHeader); ok {
+ return x.ServerHeader
+ }
}
return nil
}
func (x *GrpcLogEntry) GetMessage() *Message {
- if x, ok := x.GetPayload().(*GrpcLogEntry_Message); ok {
- return x.Message
+ if x != nil {
+ if x, ok := x.Payload.(*GrpcLogEntry_Message); ok {
+ return x.Message
+ }
}
return nil
}
func (x *GrpcLogEntry) GetTrailer() *Trailer {
- if x, ok := x.GetPayload().(*GrpcLogEntry_Trailer); ok {
- return x.Trailer
+ if x != nil {
+ if x, ok := x.Payload.(*GrpcLogEntry_Trailer); ok {
+ return x.Trailer
+ }
}
return nil
}
@@ -416,10 +424,7 @@ func (*GrpcLogEntry_Message) isGrpcLogEntry_Payload() {}
func (*GrpcLogEntry_Trailer) isGrpcLogEntry_Payload() {}
type ClientHeader struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// This contains only the metadata from the application.
Metadata *Metadata `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"`
// The name of the RPC method, which looks something like:
@@ -433,7 +438,9 @@ type ClientHeader struct {
// or : .
Authority string `protobuf:"bytes,3,opt,name=authority,proto3" json:"authority,omitempty"`
// the RPC timeout
- Timeout *durationpb.Duration `protobuf:"bytes,4,opt,name=timeout,proto3" json:"timeout,omitempty"`
+ Timeout *durationpb.Duration `protobuf:"bytes,4,opt,name=timeout,proto3" json:"timeout,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *ClientHeader) Reset() {
@@ -495,12 +502,11 @@ func (x *ClientHeader) GetTimeout() *durationpb.Duration {
}
type ServerHeader struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// This contains only the metadata from the application.
- Metadata *Metadata `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"`
+ Metadata *Metadata `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *ServerHeader) Reset() {
@@ -541,10 +547,7 @@ func (x *ServerHeader) GetMetadata() *Metadata {
}
type Trailer struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// This contains only the metadata from the application.
Metadata *Metadata `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"`
// The gRPC status code.
@@ -555,6 +558,8 @@ type Trailer struct {
// The value of the 'grpc-status-details-bin' metadata key. If
// present, this is always an encoded 'google.rpc.Status' message.
StatusDetails []byte `protobuf:"bytes,4,opt,name=status_details,json=statusDetails,proto3" json:"status_details,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *Trailer) Reset() {
@@ -617,15 +622,14 @@ func (x *Trailer) GetStatusDetails() []byte {
// Message payload, used by CLIENT_MESSAGE and SERVER_MESSAGE
type Message struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Length of the message. It may not be the same as the length of the
// data field, as the logging payload can be truncated or omitted.
Length uint32 `protobuf:"varint,1,opt,name=length,proto3" json:"length,omitempty"`
// May be truncated or omitted.
- Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+ Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *Message) Reset() {
@@ -694,11 +698,10 @@ func (x *Message) GetData() []byte {
// header is just a normal metadata key.
// The pair will not count towards the size limit.
type Metadata struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Entry []*MetadataEntry `protobuf:"bytes,1,rep,name=entry,proto3" json:"entry,omitempty"`
unknownFields protoimpl.UnknownFields
-
- Entry []*MetadataEntry `protobuf:"bytes,1,rep,name=entry,proto3" json:"entry,omitempty"`
+ sizeCache protoimpl.SizeCache
}
func (x *Metadata) Reset() {
@@ -740,12 +743,11 @@ func (x *Metadata) GetEntry() []*MetadataEntry {
// A metadata key value pair
type MetadataEntry struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+ Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
unknownFields protoimpl.UnknownFields
-
- Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
- Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+ sizeCache protoimpl.SizeCache
}
func (x *MetadataEntry) Reset() {
@@ -794,14 +796,13 @@ func (x *MetadataEntry) GetValue() []byte {
// Address information
type Address struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
- Type Address_Type `protobuf:"varint,1,opt,name=type,proto3,enum=grpc.binarylog.v1.Address_Type" json:"type,omitempty"`
- Address string `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"`
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Type Address_Type `protobuf:"varint,1,opt,name=type,proto3,enum=grpc.binarylog.v1.Address_Type" json:"type,omitempty"`
+ Address string `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"`
// only for TYPE_IPV4 and TYPE_IPV6
- IpPort uint32 `protobuf:"varint,3,opt,name=ip_port,json=ipPort,proto3" json:"ip_port,omitempty"`
+ IpPort uint32 `protobuf:"varint,3,opt,name=ip_port,json=ipPort,proto3" json:"ip_port,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *Address) Reset() {
@@ -857,7 +858,7 @@ func (x *Address) GetIpPort() uint32 {
var File_grpc_binlog_v1_binarylog_proto protoreflect.FileDescriptor
-var file_grpc_binlog_v1_binarylog_proto_rawDesc = []byte{
+var file_grpc_binlog_v1_binarylog_proto_rawDesc = string([]byte{
0x0a, 0x1e, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x62, 0x69, 0x6e, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31,
0x2f, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x12, 0x11, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67,
@@ -983,16 +984,16 @@ var file_grpc_binlog_v1_binarylog_proto_rawDesc = []byte{
0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x62, 0x69,
0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x5f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x33,
-}
+})
var (
file_grpc_binlog_v1_binarylog_proto_rawDescOnce sync.Once
- file_grpc_binlog_v1_binarylog_proto_rawDescData = file_grpc_binlog_v1_binarylog_proto_rawDesc
+ file_grpc_binlog_v1_binarylog_proto_rawDescData []byte
)
func file_grpc_binlog_v1_binarylog_proto_rawDescGZIP() []byte {
file_grpc_binlog_v1_binarylog_proto_rawDescOnce.Do(func() {
- file_grpc_binlog_v1_binarylog_proto_rawDescData = protoimpl.X.CompressGZIP(file_grpc_binlog_v1_binarylog_proto_rawDescData)
+ file_grpc_binlog_v1_binarylog_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_grpc_binlog_v1_binarylog_proto_rawDesc), len(file_grpc_binlog_v1_binarylog_proto_rawDesc)))
})
return file_grpc_binlog_v1_binarylog_proto_rawDescData
}
@@ -1051,7 +1052,7 @@ func file_grpc_binlog_v1_binarylog_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_grpc_binlog_v1_binarylog_proto_rawDesc,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_grpc_binlog_v1_binarylog_proto_rawDesc), len(file_grpc_binlog_v1_binarylog_proto_rawDesc)),
NumEnums: 3,
NumMessages: 8,
NumExtensions: 0,
@@ -1063,7 +1064,6 @@ func file_grpc_binlog_v1_binarylog_proto_init() {
MessageInfos: file_grpc_binlog_v1_binarylog_proto_msgTypes,
}.Build()
File_grpc_binlog_v1_binarylog_proto = out.File
- file_grpc_binlog_v1_binarylog_proto_rawDesc = nil
file_grpc_binlog_v1_binarylog_proto_goTypes = nil
file_grpc_binlog_v1_binarylog_proto_depIdxs = nil
}
diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go
index 4f57b55434..4f350ca56a 100644
--- a/vendor/google.golang.org/grpc/clientconn.go
+++ b/vendor/google.golang.org/grpc/clientconn.go
@@ -118,12 +118,26 @@ func (dcs *defaultConfigSelector) SelectConfig(rpcInfo iresolver.RPCInfo) (*ires
// NewClient creates a new gRPC "channel" for the target URI provided. No I/O
// is performed. Use of the ClientConn for RPCs will automatically cause it to
-// connect. Connect may be used to manually create a connection, but for most
-// users this is unnecessary.
+// connect. The Connect method may be called to manually create a connection,
+// but for most users this should be unnecessary.
//
// The target name syntax is defined in
-// https://github.com/grpc/grpc/blob/master/doc/naming.md. e.g. to use dns
-// resolver, a "dns:///" prefix should be applied to the target.
+// https://github.com/grpc/grpc/blob/master/doc/naming.md. E.g. to use the dns
+// name resolver, a "dns:///" prefix may be applied to the target. The default
+// name resolver will be used if no scheme is detected, or if the parsed scheme
+// is not a registered name resolver. The default resolver is "dns" but can be
+// overridden using the resolver package's SetDefaultScheme.
+//
+// Examples:
+//
+// - "foo.googleapis.com:8080"
+// - "dns:///foo.googleapis.com:8080"
+// - "dns:///foo.googleapis.com"
+// - "dns:///10.0.0.213:8080"
+// - "dns:///%5B2001:db8:85a3:8d3:1319:8a2e:370:7348%5D:443"
+// - "dns://8.8.8.8/foo.googleapis.com:8080"
+// - "dns://8.8.8.8/foo.googleapis.com"
+// - "zookeeper://zk.example.com:9900/example_service"
//
// The DialOptions returned by WithBlock, WithTimeout,
// WithReturnConnectionError, and FailOnNonTempDialError are ignored by this
@@ -181,7 +195,7 @@ func NewClient(target string, opts ...DialOption) (conn *ClientConn, err error)
}
cc.dopts.defaultServiceConfig, _ = scpr.Config.(*ServiceConfig)
}
- cc.mkp = cc.dopts.copts.KeepaliveParams
+ cc.keepaliveParams = cc.dopts.copts.KeepaliveParams
if err = cc.initAuthority(); err != nil {
return nil, err
@@ -225,7 +239,12 @@ func Dial(target string, opts ...DialOption) (*ClientConn, error) {
func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *ClientConn, err error) {
// At the end of this method, we kick the channel out of idle, rather than
// waiting for the first rpc.
- opts = append([]DialOption{withDefaultScheme("passthrough")}, opts...)
+ //
+ // WithLocalDNSResolution dial option in `grpc.Dial` ensures that it
+ // preserves behavior: when default scheme passthrough is used, skip
+ // hostname resolution, when "dns" is used for resolution, perform
+ // resolution on the client.
+ opts = append([]DialOption{withDefaultScheme("passthrough"), WithLocalDNSResolution()}, opts...)
cc, err := NewClient(target, opts...)
if err != nil {
return nil, err
@@ -618,7 +637,7 @@ type ClientConn struct {
balancerWrapper *ccBalancerWrapper // Always recreated whenever entering idle to simplify Close.
sc *ServiceConfig // Latest service config received from the resolver.
conns map[*addrConn]struct{} // Set to nil on close.
- mkp keepalive.ClientParameters // May be updated upon receipt of a GoAway.
+ keepaliveParams keepalive.ClientParameters // May be updated upon receipt of a GoAway.
// firstResolveEvent is used to track whether the name resolver sent us at
// least one update. RPCs block on this event. May be accessed without mu
// if we know we cannot be asked to enter idle mode while accessing it (e.g.
@@ -867,7 +886,13 @@ func (cc *ClientConn) Target() string {
return cc.target
}
-// CanonicalTarget returns the canonical target string of the ClientConn.
+// CanonicalTarget returns the canonical target string used when creating cc.
+//
+// This always has the form "://[authority]/". For example:
+//
+// - "dns:///example.com:42"
+// - "dns://8.8.8.8/example.com:42"
+// - "unix:///path/to/socket"
func (cc *ClientConn) CanonicalTarget() string {
return cc.parsedTarget.String()
}
@@ -1206,12 +1231,11 @@ func (ac *addrConn) updateConnectivityState(s connectivity.State, lastErr error)
// adjustParams updates parameters used to create transports upon
// receiving a GoAway.
func (ac *addrConn) adjustParams(r transport.GoAwayReason) {
- switch r {
- case transport.GoAwayTooManyPings:
+ if r == transport.GoAwayTooManyPings {
v := 2 * ac.dopts.copts.KeepaliveParams.Time
ac.cc.mu.Lock()
- if v > ac.cc.mkp.Time {
- ac.cc.mkp.Time = v
+ if v > ac.cc.keepaliveParams.Time {
+ ac.cc.keepaliveParams.Time = v
}
ac.cc.mu.Unlock()
}
@@ -1307,7 +1331,7 @@ func (ac *addrConn) tryAllAddrs(ctx context.Context, addrs []resolver.Address, c
ac.mu.Lock()
ac.cc.mu.RLock()
- ac.dopts.copts.KeepaliveParams = ac.cc.mkp
+ ac.dopts.copts.KeepaliveParams = ac.cc.keepaliveParams
ac.cc.mu.RUnlock()
copts := ac.dopts.copts
diff --git a/vendor/google.golang.org/grpc/credentials/tls.go b/vendor/google.golang.org/grpc/credentials/tls.go
index e163a473df..bd5fe22b6a 100644
--- a/vendor/google.golang.org/grpc/credentials/tls.go
+++ b/vendor/google.golang.org/grpc/credentials/tls.go
@@ -32,6 +32,8 @@ import (
"google.golang.org/grpc/internal/envconfig"
)
+const alpnFailureHelpMessage = "If you upgraded from a grpc-go version earlier than 1.67, your TLS connections may have stopped working due to ALPN enforcement. For more details, see: https://github.com/grpc/grpc-go/issues/434"
+
var logger = grpclog.Component("credentials")
// TLSInfo contains the auth information for a TLS authenticated connection.
@@ -128,7 +130,7 @@ func (c *tlsCreds) ClientHandshake(ctx context.Context, authority string, rawCon
if np == "" {
if envconfig.EnforceALPNEnabled {
conn.Close()
- return nil, nil, fmt.Errorf("credentials: cannot check peer: missing selected ALPN property")
+ return nil, nil, fmt.Errorf("credentials: cannot check peer: missing selected ALPN property. %s", alpnFailureHelpMessage)
}
logger.Warningf("Allowing TLS connection to server %q with ALPN disabled. TLS connections to servers with ALPN disabled will be disallowed in future grpc-go releases", cfg.ServerName)
}
@@ -158,7 +160,7 @@ func (c *tlsCreds) ServerHandshake(rawConn net.Conn) (net.Conn, AuthInfo, error)
if cs.NegotiatedProtocol == "" {
if envconfig.EnforceALPNEnabled {
conn.Close()
- return nil, nil, fmt.Errorf("credentials: cannot check peer: missing selected ALPN property")
+ return nil, nil, fmt.Errorf("credentials: cannot check peer: missing selected ALPN property. %s", alpnFailureHelpMessage)
} else if logger.V(2) {
logger.Info("Allowing TLS connection from client with ALPN disabled. TLS connections with ALPN disabled will be disallowed in future grpc-go releases")
}
diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go
index 7494ae591f..405a2ffeb3 100644
--- a/vendor/google.golang.org/grpc/dialoptions.go
+++ b/vendor/google.golang.org/grpc/dialoptions.go
@@ -73,7 +73,7 @@ type dialOptions struct {
chainUnaryInts []UnaryClientInterceptor
chainStreamInts []StreamClientInterceptor
- cp Compressor
+ compressorV0 Compressor
dc Decompressor
bs internalbackoff.Strategy
block bool
@@ -94,6 +94,8 @@ type dialOptions struct {
idleTimeout time.Duration
defaultScheme string
maxCallAttempts int
+ enableLocalDNSResolution bool // Specifies if target hostnames should be resolved when proxying is enabled.
+ useProxy bool // Specifies if a server should be connected via proxy.
}
// DialOption configures how we set up the connection.
@@ -256,7 +258,7 @@ func WithCodec(c Codec) DialOption {
// Deprecated: use UseCompressor instead. Will be supported throughout 1.x.
func WithCompressor(cp Compressor) DialOption {
return newFuncDialOption(func(o *dialOptions) {
- o.cp = cp
+ o.compressorV0 = cp
})
}
@@ -377,7 +379,22 @@ func WithInsecure() DialOption {
// later release.
func WithNoProxy() DialOption {
return newFuncDialOption(func(o *dialOptions) {
- o.copts.UseProxy = false
+ o.useProxy = false
+ })
+}
+
+// WithLocalDNSResolution forces local DNS name resolution even when a proxy is
+// specified in the environment. By default, the server name is provided
+// directly to the proxy as part of the CONNECT handshake. This is ignored if
+// WithNoProxy is used.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func WithLocalDNSResolution() DialOption {
+ return newFuncDialOption(func(o *dialOptions) {
+ o.enableLocalDNSResolution = true
})
}
@@ -428,6 +445,11 @@ func WithTimeout(d time.Duration) DialOption {
// returned by f, gRPC checks the error's Temporary() method to decide if it
// should try to reconnect to the network address.
//
+// Note that gRPC by default performs name resolution on the target passed to
+// NewClient. To bypass name resolution and cause the target string to be
+// passed directly to the dialer here instead, use the "passthrough" resolver
+// by specifying it in the target string, e.g. "passthrough:target".
+//
// Note: All supported releases of Go (as of December 2023) override the OS
// defaults for TCP keepalive time and interval to 15s. To enable TCP keepalive
// with OS defaults for keepalive time and interval, use a net.Dialer that sets
@@ -662,14 +684,15 @@ func defaultDialOptions() dialOptions {
copts: transport.ConnectOptions{
ReadBufferSize: defaultReadBufSize,
WriteBufferSize: defaultWriteBufSize,
- UseProxy: true,
UserAgent: grpcUA,
BufferPool: mem.DefaultBufferPool(),
},
- bs: internalbackoff.DefaultExponential,
- idleTimeout: 30 * time.Minute,
- defaultScheme: "dns",
- maxCallAttempts: defaultMaxCallAttempts,
+ bs: internalbackoff.DefaultExponential,
+ idleTimeout: 30 * time.Minute,
+ defaultScheme: "dns",
+ maxCallAttempts: defaultMaxCallAttempts,
+ useProxy: true,
+ enableLocalDNSResolution: false,
}
}
diff --git a/vendor/google.golang.org/grpc/experimental/stats/metrics.go b/vendor/google.golang.org/grpc/experimental/stats/metrics.go
index bf9e7f987b..ee1423605a 100644
--- a/vendor/google.golang.org/grpc/experimental/stats/metrics.go
+++ b/vendor/google.golang.org/grpc/experimental/stats/metrics.go
@@ -19,6 +19,8 @@
// Package stats contains experimental metrics/stats API's.
package stats
+import "google.golang.org/grpc/stats"
+
// MetricsRecorder records on metrics derived from metric registry.
type MetricsRecorder interface {
// RecordInt64Count records the measurement alongside labels on the int
@@ -37,3 +39,16 @@ type MetricsRecorder interface {
// gauge associated with the provided handle.
RecordInt64Gauge(handle *Int64GaugeHandle, incr int64, labels ...string)
}
+
+// Metrics is an experimental legacy alias of the now-stable stats.MetricSet.
+// Metrics will be deleted in a future release.
+type Metrics = stats.MetricSet
+
+// Metric was replaced by direct usage of strings.
+type Metric = string
+
+// NewMetrics is an experimental legacy alias of the now-stable
+// stats.NewMetricSet. NewMetrics will be deleted in a future release.
+func NewMetrics(metrics ...Metric) *Metrics {
+ return stats.NewMetricSet(metrics...)
+}
diff --git a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
index 73bb4c4ee9..fbc1ca356a 100644
--- a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
+++ b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
@@ -109,8 +109,9 @@ func (gsb *Balancer) switchTo(builder balancer.Builder) (*balancerWrapper, error
return nil, errBalancerClosed
}
bw := &balancerWrapper{
- builder: builder,
- gsb: gsb,
+ ClientConn: gsb.cc,
+ builder: builder,
+ gsb: gsb,
lastState: balancer.State{
ConnectivityState: connectivity.Connecting,
Picker: base.NewErrPicker(balancer.ErrNoSubConnAvailable),
@@ -293,6 +294,7 @@ func (gsb *Balancer) Close() {
// State updates from the wrapped balancer can result in invocation of the
// graceful switch logic.
type balancerWrapper struct {
+ balancer.ClientConn
balancer.Balancer
gsb *Balancer
builder balancer.Builder
@@ -413,7 +415,3 @@ func (bw *balancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver
bw.gsb.mu.Unlock()
bw.gsb.cc.UpdateAddresses(sc, addrs)
}
-
-func (bw *balancerWrapper) Target() string {
- return bw.gsb.cc.Target()
-}
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
index 6e7dd6b772..cc5713fd9d 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
@@ -49,12 +49,26 @@ var (
// XDSFallbackSupport is the env variable that controls whether support for
// xDS fallback is turned on. If this is unset or is false, only the first
// xDS server in the list of server configs will be used.
- XDSFallbackSupport = boolFromEnv("GRPC_EXPERIMENTAL_XDS_FALLBACK", false)
+ XDSFallbackSupport = boolFromEnv("GRPC_EXPERIMENTAL_XDS_FALLBACK", true)
// NewPickFirstEnabled is set if the new pickfirst leaf policy is to be used
- // instead of the exiting pickfirst implementation. This can be enabled by
+ // instead of the exiting pickfirst implementation. This can be disabled by
// setting the environment variable "GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST"
- // to "true".
- NewPickFirstEnabled = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST", false)
+ // to "false".
+ NewPickFirstEnabled = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST", true)
+
+ // XDSEndpointHashKeyBackwardCompat controls the parsing of the endpoint hash
+ // key from EDS LbEndpoint metadata. Endpoint hash keys can be disabled by
+ // setting "GRPC_XDS_ENDPOINT_HASH_KEY_BACKWARD_COMPAT" to "true". When the
+ // implementation of A76 is stable, we will flip the default value to false
+ // in a subsequent release. A final release will remove this environment
+ // variable, enabling the new behavior unconditionally.
+ XDSEndpointHashKeyBackwardCompat = boolFromEnv("GRPC_XDS_ENDPOINT_HASH_KEY_BACKWARD_COMPAT", true)
+
+ // RingHashSetRequestHashKey is set if the ring hash balancer can get the
+ // request hash header by setting the "requestHashHeader" field, according
+ // to gRFC A76. It can be enabled by setting the environment variable
+ // "GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY" to "true".
+ RingHashSetRequestHashKey = boolFromEnv("GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY", false)
)
func boolFromEnv(envVar string, def bool) bool {
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
index 29f234acb1..2eb97f832b 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
@@ -53,4 +53,14 @@ var (
// C2PResolverTestOnlyTrafficDirectorURI is the TD URI for testing.
C2PResolverTestOnlyTrafficDirectorURI = os.Getenv("GRPC_TEST_ONLY_GOOGLE_C2P_RESOLVER_TRAFFIC_DIRECTOR_URI")
+
+ // XDSDualstackEndpointsEnabled is true if gRPC should read the
+ // "additional addresses" in the xDS endpoint resource.
+ XDSDualstackEndpointsEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS", true)
+
+ // XDSSystemRootCertsEnabled is true when xDS enabled gRPC clients can use
+ // the system's default root certificates for TLS certificate validation.
+ // For more details, see:
+ // https://github.com/grpc/proposal/blob/master/A82-xds-system-root-certs.md.
+ XDSSystemRootCertsEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_SYSTEM_ROOT_CERTS", false)
)
diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/oncefunc.go b/vendor/google.golang.org/grpc/internal/grpcsync/oncefunc.go
deleted file mode 100644
index 6635f7bca9..0000000000
--- a/vendor/google.golang.org/grpc/internal/grpcsync/oncefunc.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- *
- * Copyright 2022 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package grpcsync
-
-import (
- "sync"
-)
-
-// OnceFunc returns a function wrapping f which ensures f is only executed
-// once even if the returned function is executed multiple times.
-func OnceFunc(f func()) func() {
- var once sync.Once
- return func() {
- once.Do(f)
- }
-}
diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go
index 3afc181344..2ce012cda1 100644
--- a/vendor/google.golang.org/grpc/internal/internal.go
+++ b/vendor/google.golang.org/grpc/internal/internal.go
@@ -31,6 +31,10 @@ import (
var (
// HealthCheckFunc is used to provide client-side LB channel health checking
HealthCheckFunc HealthChecker
+ // RegisterClientHealthCheckListener is used to provide a listener for
+ // updates from the client-side health checking service. It returns a
+ // function that can be called to stop the health producer.
+ RegisterClientHealthCheckListener any // func(ctx context.Context, sc balancer.SubConn, serviceName string, listener func(balancer.SubConnState)) func()
// BalancerUnregister is exported by package balancer to unregister a balancer.
BalancerUnregister func(name string)
// KeepaliveMinPingTime is the minimum ping interval. This must be 10s by
@@ -60,6 +64,9 @@ var (
// gRPC server. An xDS-enabled server needs to know what type of credentials
// is configured on the underlying gRPC server. This is set by server.go.
GetServerCredentials any // func (*grpc.Server) credentials.TransportCredentials
+ // MetricsRecorderForServer returns the MetricsRecorderList derived from a
+ // server's stats handlers.
+ MetricsRecorderForServer any // func (*grpc.Server) estats.MetricsRecorder
// CanonicalString returns the canonical string of the code defined here:
// https://github.com/grpc/grpc/blob/master/doc/statuscodes.md.
//
@@ -147,6 +154,20 @@ var (
// other features, including the CSDS service.
NewXDSResolverWithConfigForTesting any // func([]byte) (resolver.Builder, error)
+ // NewXDSResolverWithPoolForTesting creates a new xDS resolver builder
+ // using the provided xDS pool instead of creating a new one using the
+ // bootstrap configuration specified by the supported environment variables.
+ // The resolver.Builder is meant to be used in conjunction with the
+ // grpc.WithResolvers DialOption. The resolver.Builder does not take
+ // ownership of the provided xDS client and it is the responsibility of the
+ // caller to close the client when no longer required.
+ //
+ // Testing Only
+ //
+ // This function should ONLY be used for testing and may not work with some
+ // other features, including the CSDS service.
+ NewXDSResolverWithPoolForTesting any // func(*xdsclient.Pool) (resolver.Builder, error)
+
// NewXDSResolverWithClientForTesting creates a new xDS resolver builder
// using the provided xDS client instead of creating a new one using the
// bootstrap configuration specified by the supported environment variables.
@@ -238,6 +259,13 @@ var (
// SetBufferPoolingThresholdForTesting updates the buffer pooling threshold, for
// testing purposes.
SetBufferPoolingThresholdForTesting any // func(int)
+
+ // TimeAfterFunc is used to create timers. During tests the function is
+ // replaced to track allocated timers and fail the test if a timer isn't
+ // cancelled.
+ TimeAfterFunc = func(d time.Duration, f func()) Timer {
+ return time.AfterFunc(d, f)
+ }
)
// HealthChecker defines the signature of the client-side LB channel health
@@ -273,3 +301,15 @@ const RLSLoadBalancingPolicyName = "rls_experimental"
type EnforceSubConnEmbedding interface {
enforceSubConnEmbedding()
}
+
+// EnforceClientConnEmbedding is used to enforce proper ClientConn implementation
+// embedding.
+type EnforceClientConnEmbedding interface {
+ enforceClientConnEmbedding()
+}
+
+// Timer is an interface to allow injecting different time.Timer implementations
+// during tests.
+type Timer interface {
+ Stop() bool
+}
diff --git a/vendor/google.golang.org/grpc/internal/metadata/metadata.go b/vendor/google.golang.org/grpc/internal/metadata/metadata.go
index 900bfb7160..c4055bc00e 100644
--- a/vendor/google.golang.org/grpc/internal/metadata/metadata.go
+++ b/vendor/google.golang.org/grpc/internal/metadata/metadata.go
@@ -97,13 +97,11 @@ func hasNotPrintable(msg string) bool {
return false
}
-// ValidatePair validate a key-value pair with the following rules (the pseudo-header will be skipped) :
-//
-// - key must contain one or more characters.
-// - the characters in the key must be contained in [0-9 a-z _ - .].
-// - if the key ends with a "-bin" suffix, no validation of the corresponding value is performed.
-// - the characters in the every value must be printable (in [%x20-%x7E]).
-func ValidatePair(key string, vals ...string) error {
+// ValidateKey validates a key with the following rules (pseudo-headers are
+// skipped):
+// - the key must contain one or more characters.
+// - the characters in the key must be in [0-9 a-z _ - .].
+func ValidateKey(key string) error {
// key should not be empty
if key == "" {
return fmt.Errorf("there is an empty key in the header")
@@ -119,6 +117,20 @@ func ValidatePair(key string, vals ...string) error {
return fmt.Errorf("header key %q contains illegal characters not in [0-9a-z-_.]", key)
}
}
+ return nil
+}
+
+// ValidatePair validates a key-value pair with the following rules
+// (pseudo-header are skipped):
+// - the key must contain one or more characters.
+// - the characters in the key must be in [0-9 a-z _ - .].
+// - if the key ends with a "-bin" suffix, no validation of the corresponding
+// value is performed.
+// - the characters in every value must be printable (in [%x20-%x7E]).
+func ValidatePair(key string, vals ...string) error {
+ if err := ValidateKey(key); err != nil {
+ return err
+ }
if strings.HasSuffix(key, "-bin") {
return nil
}
diff --git a/vendor/google.golang.org/grpc/internal/proxyattributes/proxyattributes.go b/vendor/google.golang.org/grpc/internal/proxyattributes/proxyattributes.go
new file mode 100644
index 0000000000..1f61f1a49d
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/proxyattributes/proxyattributes.go
@@ -0,0 +1,54 @@
+/*
+ *
+ * Copyright 2024 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package proxyattributes contains functions for getting and setting proxy
+// attributes like the CONNECT address and user info.
+package proxyattributes
+
+import (
+ "net/url"
+
+ "google.golang.org/grpc/resolver"
+)
+
+type keyType string
+
+const proxyOptionsKey = keyType("grpc.resolver.delegatingresolver.proxyOptions")
+
+// Options holds the proxy connection details needed during the CONNECT
+// handshake.
+type Options struct {
+ User *url.Userinfo
+ ConnectAddr string
+}
+
+// Set returns a copy of addr with opts set in its attributes.
+func Set(addr resolver.Address, opts Options) resolver.Address {
+ addr.Attributes = addr.Attributes.WithValue(proxyOptionsKey, opts)
+ return addr
+}
+
+// Get returns the Options for the proxy [resolver.Address] and a boolean
+// value representing if the attribute is present or not. The returned data
+// should not be mutated.
+func Get(addr resolver.Address) (Options, bool) {
+ if a := addr.Attributes.Value(proxyOptionsKey); a != nil {
+ return a.(Options), true
+ }
+ return Options{}, false
+}
diff --git a/vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go b/vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go
new file mode 100644
index 0000000000..7b93f692be
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go
@@ -0,0 +1,353 @@
+/*
+ *
+ * Copyright 2024 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package delegatingresolver implements a resolver capable of resolving both
+// target URIs and proxy addresses.
+package delegatingresolver
+
+import (
+ "fmt"
+ "net/http"
+ "net/url"
+ "sync"
+
+ "google.golang.org/grpc/grpclog"
+ "google.golang.org/grpc/internal/proxyattributes"
+ "google.golang.org/grpc/resolver"
+ "google.golang.org/grpc/serviceconfig"
+)
+
+var (
+ logger = grpclog.Component("delegating-resolver")
+ // HTTPSProxyFromEnvironment will be overwritten in the tests
+ HTTPSProxyFromEnvironment = http.ProxyFromEnvironment
+)
+
+// delegatingResolver manages both target URI and proxy address resolution by
+// delegating these tasks to separate child resolvers. Essentially, it acts as
+// a intermediary between the gRPC ClientConn and the child resolvers.
+//
+// It implements the [resolver.Resolver] interface.
+type delegatingResolver struct {
+ target resolver.Target // parsed target URI to be resolved
+ cc resolver.ClientConn // gRPC ClientConn
+ proxyURL *url.URL // proxy URL, derived from proxy environment and target
+
+ mu sync.Mutex // protects all the fields below
+ targetResolverState *resolver.State // state of the target resolver
+ proxyAddrs []resolver.Address // resolved proxy addresses; empty if no proxy is configured
+
+ // childMu serializes calls into child resolvers. It also protects access to
+ // the following fields.
+ childMu sync.Mutex
+ targetResolver resolver.Resolver // resolver for the target URI, based on its scheme
+ proxyResolver resolver.Resolver // resolver for the proxy URI; nil if no proxy is configured
+}
+
+// nopResolver is a resolver that does nothing.
+type nopResolver struct{}
+
+func (nopResolver) ResolveNow(resolver.ResolveNowOptions) {}
+
+func (nopResolver) Close() {}
+
+// proxyURLForTarget determines the proxy URL for the given address based on
+// the environment. It can return the following:
+// - nil URL, nil error: No proxy is configured or the address is excluded
+// using the `NO_PROXY` environment variable or if req.URL.Host is
+// "localhost" (with or without // a port number)
+// - nil URL, non-nil error: An error occurred while retrieving the proxy URL.
+// - non-nil URL, nil error: A proxy is configured, and the proxy URL was
+// retrieved successfully without any errors.
+func proxyURLForTarget(address string) (*url.URL, error) {
+ req := &http.Request{URL: &url.URL{
+ Scheme: "https",
+ Host: address,
+ }}
+ return HTTPSProxyFromEnvironment(req)
+}
+
+// New creates a new delegating resolver that can create up to two child
+// resolvers:
+// - one to resolve the proxy address specified using the supported
+// environment variables. This uses the registered resolver for the "dns"
+// scheme.
+// - one to resolve the target URI using the resolver specified by the scheme
+// in the target URI or specified by the user using the WithResolvers dial
+// option. As a special case, if the target URI's scheme is "dns" and a
+// proxy is specified using the supported environment variables, the target
+// URI's path portion is used as the resolved address unless target
+// resolution is enabled using the dial option.
+func New(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions, targetResolverBuilder resolver.Builder, targetResolutionEnabled bool) (resolver.Resolver, error) {
+ r := &delegatingResolver{
+ target: target,
+ cc: cc,
+ }
+
+ var err error
+ r.proxyURL, err = proxyURLForTarget(target.Endpoint())
+ if err != nil {
+ return nil, fmt.Errorf("delegating_resolver: failed to determine proxy URL for target %s: %v", target, err)
+ }
+
+ // proxy is not configured or proxy address excluded using `NO_PROXY` env
+ // var, so only target resolver is used.
+ if r.proxyURL == nil {
+ return targetResolverBuilder.Build(target, cc, opts)
+ }
+
+ if logger.V(2) {
+ logger.Infof("Proxy URL detected : %s", r.proxyURL)
+ }
+
+ // Resolver updates from one child may trigger calls into the other. Block
+ // updates until the children are initialized.
+ r.childMu.Lock()
+ defer r.childMu.Unlock()
+ // When the scheme is 'dns' and target resolution on client is not enabled,
+ // resolution should be handled by the proxy, not the client. Therefore, we
+ // bypass the target resolver and store the unresolved target address.
+ if target.URL.Scheme == "dns" && !targetResolutionEnabled {
+ state := resolver.State{
+ Addresses: []resolver.Address{{Addr: target.Endpoint()}},
+ Endpoints: []resolver.Endpoint{{Addresses: []resolver.Address{{Addr: target.Endpoint()}}}},
+ }
+ r.targetResolverState = &state
+ } else {
+ wcc := &wrappingClientConn{
+ stateListener: r.updateTargetResolverState,
+ parent: r,
+ }
+ if r.targetResolver, err = targetResolverBuilder.Build(target, wcc, opts); err != nil {
+ return nil, fmt.Errorf("delegating_resolver: unable to build the resolver for target %s: %v", target, err)
+ }
+ }
+
+ if r.proxyResolver, err = r.proxyURIResolver(opts); err != nil {
+ return nil, fmt.Errorf("delegating_resolver: failed to build resolver for proxy URL %q: %v", r.proxyURL, err)
+ }
+
+ if r.targetResolver == nil {
+ r.targetResolver = nopResolver{}
+ }
+ if r.proxyResolver == nil {
+ r.proxyResolver = nopResolver{}
+ }
+ return r, nil
+}
+
+// proxyURIResolver creates a resolver for resolving proxy URIs using the
+// "dns" scheme. It adjusts the proxyURL to conform to the "dns:///" format and
+// builds a resolver with a wrappingClientConn to capture resolved addresses.
+func (r *delegatingResolver) proxyURIResolver(opts resolver.BuildOptions) (resolver.Resolver, error) {
+ proxyBuilder := resolver.Get("dns")
+ if proxyBuilder == nil {
+ panic("delegating_resolver: resolver for proxy not found for scheme dns")
+ }
+ url := *r.proxyURL
+ url.Scheme = "dns"
+ url.Path = "/" + r.proxyURL.Host
+ url.Host = "" // Clear the Host field to conform to the "dns:///" format
+
+ proxyTarget := resolver.Target{URL: url}
+ wcc := &wrappingClientConn{
+ stateListener: r.updateProxyResolverState,
+ parent: r,
+ }
+ return proxyBuilder.Build(proxyTarget, wcc, opts)
+}
+
+func (r *delegatingResolver) ResolveNow(o resolver.ResolveNowOptions) {
+ r.childMu.Lock()
+ defer r.childMu.Unlock()
+ r.targetResolver.ResolveNow(o)
+ r.proxyResolver.ResolveNow(o)
+}
+
+func (r *delegatingResolver) Close() {
+ r.childMu.Lock()
+ defer r.childMu.Unlock()
+ r.targetResolver.Close()
+ r.targetResolver = nil
+
+ r.proxyResolver.Close()
+ r.proxyResolver = nil
+}
+
+// updateClientConnStateLocked creates a list of combined addresses by
+// pairing each proxy address with every target address. For each pair, it
+// generates a new [resolver.Address] using the proxy address, and adding the
+// target address as the attribute along with user info. It returns nil if
+// either resolver has not sent update even once and returns the error from
+// ClientConn update once both resolvers have sent update atleast once.
+func (r *delegatingResolver) updateClientConnStateLocked() error {
+ if r.targetResolverState == nil || r.proxyAddrs == nil {
+ return nil
+ }
+
+ curState := *r.targetResolverState
+ // If multiple resolved proxy addresses are present, we send only the
+ // unresolved proxy host and let net.Dial handle the proxy host name
+ // resolution when creating the transport. Sending all resolved addresses
+ // would increase the number of addresses passed to the ClientConn and
+ // subsequently to load balancing (LB) policies like Round Robin, leading
+ // to additional TCP connections. However, if there's only one resolved
+ // proxy address, we send it directly, as it doesn't affect the address
+ // count returned by the target resolver and the address count sent to the
+ // ClientConn.
+ var proxyAddr resolver.Address
+ if len(r.proxyAddrs) == 1 {
+ proxyAddr = r.proxyAddrs[0]
+ } else {
+ proxyAddr = resolver.Address{Addr: r.proxyURL.Host}
+ }
+ var addresses []resolver.Address
+ for _, targetAddr := range (*r.targetResolverState).Addresses {
+ addresses = append(addresses, proxyattributes.Set(proxyAddr, proxyattributes.Options{
+ User: r.proxyURL.User,
+ ConnectAddr: targetAddr.Addr,
+ }))
+ }
+
+ // Create a list of combined endpoints by pairing all proxy endpoints
+ // with every target endpoint. Each time, it constructs a new
+ // [resolver.Endpoint] using the all addresses from all the proxy endpoint
+ // and the target addresses from one endpoint. The target address and user
+ // information from the proxy URL are added as attributes to the proxy
+ // address.The resulting list of addresses is then grouped into endpoints,
+ // covering all combinations of proxy and target endpoints.
+ var endpoints []resolver.Endpoint
+ for _, endpt := range (*r.targetResolverState).Endpoints {
+ var addrs []resolver.Address
+ for _, proxyAddr := range r.proxyAddrs {
+ for _, targetAddr := range endpt.Addresses {
+ addrs = append(addrs, proxyattributes.Set(proxyAddr, proxyattributes.Options{
+ User: r.proxyURL.User,
+ ConnectAddr: targetAddr.Addr,
+ }))
+ }
+ }
+ endpoints = append(endpoints, resolver.Endpoint{Addresses: addrs})
+ }
+ // Use the targetResolverState for its service config and attributes
+ // contents. The state update is only sent after both the target and proxy
+ // resolvers have sent their updates, and curState has been updated with
+ // the combined addresses.
+ curState.Addresses = addresses
+ curState.Endpoints = endpoints
+ return r.cc.UpdateState(curState)
+}
+
+// updateProxyResolverState updates the proxy resolver state by storing proxy
+// addresses and endpoints, marking the resolver as ready, and triggering a
+// state update if both proxy and target resolvers are ready. If the ClientConn
+// returns a non-nil error, it calls `ResolveNow()` on the target resolver. It
+// is a StateListener function of wrappingClientConn passed to the proxy resolver.
+func (r *delegatingResolver) updateProxyResolverState(state resolver.State) error {
+ r.mu.Lock()
+ defer r.mu.Unlock()
+ if logger.V(2) {
+ logger.Infof("Addresses received from proxy resolver: %s", state.Addresses)
+ }
+ if len(state.Endpoints) > 0 {
+ // We expect exactly one address per endpoint because the proxy
+ // resolver uses "dns" resolution.
+ r.proxyAddrs = make([]resolver.Address, 0, len(state.Endpoints))
+ for _, endpoint := range state.Endpoints {
+ r.proxyAddrs = append(r.proxyAddrs, endpoint.Addresses...)
+ }
+ } else if state.Addresses != nil {
+ r.proxyAddrs = state.Addresses
+ } else {
+ r.proxyAddrs = []resolver.Address{} // ensure proxyAddrs is non-nil to indicate an update has been received
+ }
+ err := r.updateClientConnStateLocked()
+ // Another possible approach was to block until updates are received from
+ // both resolvers. But this is not used because calling `New()` triggers
+ // `Build()` for the first resolver, which calls `UpdateState()`. And the
+ // second resolver hasn't sent an update yet, so it would cause `New()` to
+ // block indefinitely.
+ if err != nil {
+ go func() {
+ r.childMu.Lock()
+ defer r.childMu.Unlock()
+ if r.targetResolver != nil {
+ r.targetResolver.ResolveNow(resolver.ResolveNowOptions{})
+ }
+ }()
+ }
+ return err
+}
+
+// updateTargetResolverState updates the target resolver state by storing target
+// addresses, endpoints, and service config, marking the resolver as ready, and
+// triggering a state update if both resolvers are ready. If the ClientConn
+// returns a non-nil error, it calls `ResolveNow()` on the proxy resolver. It
+// is a StateListener function of wrappingClientConn passed to the target resolver.
+func (r *delegatingResolver) updateTargetResolverState(state resolver.State) error {
+ r.mu.Lock()
+ defer r.mu.Unlock()
+
+ if logger.V(2) {
+ logger.Infof("Addresses received from target resolver: %v", state.Addresses)
+ }
+ r.targetResolverState = &state
+ err := r.updateClientConnStateLocked()
+ if err != nil {
+ go func() {
+ r.childMu.Lock()
+ defer r.childMu.Unlock()
+ if r.proxyResolver != nil {
+ r.proxyResolver.ResolveNow(resolver.ResolveNowOptions{})
+ }
+ }()
+ }
+ return nil
+}
+
+// wrappingClientConn serves as an intermediary between the parent ClientConn
+// and the child resolvers created here. It implements the resolver.ClientConn
+// interface and is passed in that capacity to the child resolvers.
+type wrappingClientConn struct {
+ // Callback to deliver resolver state updates
+ stateListener func(state resolver.State) error
+ parent *delegatingResolver
+}
+
+// UpdateState receives resolver state updates and forwards them to the
+// appropriate listener function (either for the proxy or target resolver).
+func (wcc *wrappingClientConn) UpdateState(state resolver.State) error {
+ return wcc.stateListener(state)
+}
+
+// ReportError intercepts errors from the child resolvers and passes them to ClientConn.
+func (wcc *wrappingClientConn) ReportError(err error) {
+ wcc.parent.cc.ReportError(err)
+}
+
+// NewAddress intercepts the new resolved address from the child resolvers and
+// passes them to ClientConn.
+func (wcc *wrappingClientConn) NewAddress(addrs []resolver.Address) {
+ wcc.UpdateState(resolver.State{Addresses: addrs})
+}
+
+// ParseServiceConfig parses the provided service config and returns an
+// object that provides the parsed config.
+func (wcc *wrappingClientConn) ParseServiceConfig(serviceConfigJSON string) *serviceconfig.ParseResult {
+ return wcc.parent.cc.ParseServiceConfig(serviceConfigJSON)
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/client_stream.go b/vendor/google.golang.org/grpc/internal/transport/client_stream.go
index 8ed347c541..ccc0e017e5 100644
--- a/vendor/google.golang.org/grpc/internal/transport/client_stream.go
+++ b/vendor/google.golang.org/grpc/internal/transport/client_stream.go
@@ -59,7 +59,7 @@ func (s *ClientStream) Read(n int) (mem.BufferSlice, error) {
return b, err
}
-// Close closes the stream and popagates err to any readers.
+// Close closes the stream and propagates err to any readers.
func (s *ClientStream) Close(err error) {
var (
rst bool
diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
index d9305a65d8..3dea235735 100644
--- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
@@ -498,5 +498,5 @@ func mapRecvMsgError(err error) error {
if strings.Contains(err.Error(), "body closed by handler") {
return status.Error(codes.Canceled, err.Error())
}
- return connectionErrorf(true, err, err.Error())
+ return connectionErrorf(true, err, "%s", err.Error())
}
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
index f323ab7f45..ae9316662e 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
@@ -43,6 +43,7 @@ import (
"google.golang.org/grpc/internal/grpcsync"
"google.golang.org/grpc/internal/grpcutil"
imetadata "google.golang.org/grpc/internal/metadata"
+ "google.golang.org/grpc/internal/proxyattributes"
istatus "google.golang.org/grpc/internal/status"
isyscall "google.golang.org/grpc/internal/syscall"
"google.golang.org/grpc/internal/transport/networktype"
@@ -153,7 +154,7 @@ type http2Client struct {
logger *grpclog.PrefixLogger
}
-func dial(ctx context.Context, fn func(context.Context, string) (net.Conn, error), addr resolver.Address, useProxy bool, grpcUA string) (net.Conn, error) {
+func dial(ctx context.Context, fn func(context.Context, string) (net.Conn, error), addr resolver.Address, grpcUA string) (net.Conn, error) {
address := addr.Addr
networkType, ok := networktype.Get(addr)
if fn != nil {
@@ -177,8 +178,8 @@ func dial(ctx context.Context, fn func(context.Context, string) (net.Conn, error
if !ok {
networkType, address = parseDialTarget(address)
}
- if networkType == "tcp" && useProxy {
- return proxyDial(ctx, address, grpcUA)
+ if opts, present := proxyattributes.Get(addr); present {
+ return proxyDial(ctx, addr, grpcUA, opts)
}
return internal.NetDialerWithTCPKeepalive().DialContext(ctx, networkType, address)
}
@@ -217,7 +218,7 @@ func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
// address specific arbitrary data to reach custom dialers and credential handshakers.
connectCtx = icredentials.NewClientHandshakeInfoContext(connectCtx, credentials.ClientHandshakeInfo{Attributes: addr.Attributes})
- conn, err := dial(connectCtx, opts.Dialer, addr, opts.UseProxy, opts.UserAgent)
+ conn, err := dial(connectCtx, opts.Dialer, addr, opts.UserAgent)
if err != nil {
if opts.FailOnNonTempDialError {
return nil, connectionErrorf(isTemporary(err), err, "transport: error while dialing: %v", err)
@@ -1389,8 +1390,7 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) error {
// the caller.
func (t *http2Client) setGoAwayReason(f *http2.GoAwayFrame) {
t.goAwayReason = GoAwayNoReason
- switch f.ErrCode {
- case http2.ErrCodeEnhanceYourCalm:
+ if f.ErrCode == http2.ErrCodeEnhanceYourCalm {
if string(f.DebugData()) == "too_many_pings" {
t.goAwayReason = GoAwayTooManyPings
}
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
index 0055fddd7e..7e53eb1735 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
@@ -35,6 +35,7 @@ import (
"golang.org/x/net/http2"
"golang.org/x/net/http2/hpack"
+ "google.golang.org/grpc/internal"
"google.golang.org/grpc/internal/grpclog"
"google.golang.org/grpc/internal/grpcutil"
"google.golang.org/grpc/internal/pretty"
@@ -564,7 +565,7 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade
t.logger.Infof("Aborting the stream early: %v", errMsg)
}
t.controlBuf.put(&earlyAbortStream{
- httpStatus: 405,
+ httpStatus: http.StatusMethodNotAllowed,
streamID: streamID,
contentSubtype: s.contentSubtype,
status: status.New(codes.Internal, errMsg),
@@ -585,7 +586,7 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade
stat = status.New(codes.PermissionDenied, err.Error())
}
t.controlBuf.put(&earlyAbortStream{
- httpStatus: 200,
+ httpStatus: http.StatusOK,
streamID: s.id,
contentSubtype: s.contentSubtype,
status: stat,
@@ -598,6 +599,22 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade
if len(t.activeStreams) == 1 {
t.idle = time.Time{}
}
+ // Start a timer to close the stream on reaching the deadline.
+ if timeoutSet {
+ // We need to wait for s.cancel to be updated before calling
+ // t.closeStream to avoid data races.
+ cancelUpdated := make(chan struct{})
+ timer := internal.TimeAfterFunc(timeout, func() {
+ <-cancelUpdated
+ t.closeStream(s, true, http2.ErrCodeCancel, false)
+ })
+ oldCancel := s.cancel
+ s.cancel = func() {
+ oldCancel()
+ timer.Stop()
+ }
+ close(cancelUpdated)
+ }
t.mu.Unlock()
if channelz.IsOn() {
t.channelz.SocketMetrics.StreamsStarted.Add(1)
@@ -1274,7 +1291,6 @@ func (t *http2Server) Close(err error) {
// deleteStream deletes the stream s from transport's active streams.
func (t *http2Server) deleteStream(s *ServerStream, eosReceived bool) {
-
t.mu.Lock()
if _, ok := t.activeStreams[s.id]; ok {
delete(t.activeStreams, s.id)
@@ -1324,7 +1340,10 @@ func (t *http2Server) closeStream(s *ServerStream, rst bool, rstCode http2.ErrCo
// called to interrupt the potential blocking on other goroutines.
s.cancel()
- s.swapState(streamDone)
+ oldState := s.swapState(streamDone)
+ if oldState == streamDone {
+ return
+ }
t.deleteStream(s, eosReceived)
t.controlBuf.put(&cleanupStream{
diff --git a/vendor/google.golang.org/grpc/internal/transport/proxy.go b/vendor/google.golang.org/grpc/internal/transport/proxy.go
index 54b2244365..d773845955 100644
--- a/vendor/google.golang.org/grpc/internal/transport/proxy.go
+++ b/vendor/google.golang.org/grpc/internal/transport/proxy.go
@@ -30,34 +30,16 @@ import (
"net/url"
"google.golang.org/grpc/internal"
+ "google.golang.org/grpc/internal/proxyattributes"
+ "google.golang.org/grpc/resolver"
)
const proxyAuthHeaderKey = "Proxy-Authorization"
-var (
- // The following variable will be overwritten in the tests.
- httpProxyFromEnvironment = http.ProxyFromEnvironment
-)
-
-func mapAddress(address string) (*url.URL, error) {
- req := &http.Request{
- URL: &url.URL{
- Scheme: "https",
- Host: address,
- },
- }
- url, err := httpProxyFromEnvironment(req)
- if err != nil {
- return nil, err
- }
- return url, nil
-}
-
// To read a response from a net.Conn, http.ReadResponse() takes a bufio.Reader.
-// It's possible that this reader reads more than what's need for the response and stores
-// those bytes in the buffer.
-// bufConn wraps the original net.Conn and the bufio.Reader to make sure we don't lose the
-// bytes in the buffer.
+// It's possible that this reader reads more than what's need for the response
+// and stores those bytes in the buffer. bufConn wraps the original net.Conn
+// and the bufio.Reader to make sure we don't lose the bytes in the buffer.
type bufConn struct {
net.Conn
r io.Reader
@@ -72,7 +54,7 @@ func basicAuth(username, password string) string {
return base64.StdEncoding.EncodeToString([]byte(auth))
}
-func doHTTPConnectHandshake(ctx context.Context, conn net.Conn, backendAddr string, proxyURL *url.URL, grpcUA string) (_ net.Conn, err error) {
+func doHTTPConnectHandshake(ctx context.Context, conn net.Conn, grpcUA string, opts proxyattributes.Options) (_ net.Conn, err error) {
defer func() {
if err != nil {
conn.Close()
@@ -81,15 +63,14 @@ func doHTTPConnectHandshake(ctx context.Context, conn net.Conn, backendAddr stri
req := &http.Request{
Method: http.MethodConnect,
- URL: &url.URL{Host: backendAddr},
+ URL: &url.URL{Host: opts.ConnectAddr},
Header: map[string][]string{"User-Agent": {grpcUA}},
}
- if t := proxyURL.User; t != nil {
- u := t.Username()
- p, _ := t.Password()
+ if user := opts.User; user != nil {
+ u := user.Username()
+ p, _ := user.Password()
req.Header.Add(proxyAuthHeaderKey, "Basic "+basicAuth(u, p))
}
-
if err := sendHTTPRequest(ctx, req, conn); err != nil {
return nil, fmt.Errorf("failed to write the HTTP request: %v", err)
}
@@ -117,28 +98,13 @@ func doHTTPConnectHandshake(ctx context.Context, conn net.Conn, backendAddr stri
return conn, nil
}
-// proxyDial dials, connecting to a proxy first if necessary. Checks if a proxy
-// is necessary, dials, does the HTTP CONNECT handshake, and returns the
-// connection.
-func proxyDial(ctx context.Context, addr string, grpcUA string) (net.Conn, error) {
- newAddr := addr
- proxyURL, err := mapAddress(addr)
- if err != nil {
- return nil, err
- }
- if proxyURL != nil {
- newAddr = proxyURL.Host
- }
-
- conn, err := internal.NetDialerWithTCPKeepalive().DialContext(ctx, "tcp", newAddr)
+// proxyDial establishes a TCP connection to the specified address and performs an HTTP CONNECT handshake.
+func proxyDial(ctx context.Context, addr resolver.Address, grpcUA string, opts proxyattributes.Options) (net.Conn, error) {
+ conn, err := internal.NetDialerWithTCPKeepalive().DialContext(ctx, "tcp", addr.Addr)
if err != nil {
return nil, err
}
- if proxyURL == nil {
- // proxy is disabled if proxyURL is nil.
- return conn, err
- }
- return doHTTPConnectHandshake(ctx, conn, addr, proxyURL, grpcUA)
+ return doHTTPConnectHandshake(ctx, conn, grpcUA, opts)
}
func sendHTTPRequest(ctx context.Context, req *http.Request, conn net.Conn) error {
diff --git a/vendor/google.golang.org/grpc/internal/transport/server_stream.go b/vendor/google.golang.org/grpc/internal/transport/server_stream.go
index a22a901514..cf8da0b52d 100644
--- a/vendor/google.golang.org/grpc/internal/transport/server_stream.go
+++ b/vendor/google.golang.org/grpc/internal/transport/server_stream.go
@@ -35,8 +35,10 @@ type ServerStream struct {
*Stream // Embed for common stream functionality.
st internalServerTransport
- ctxDone <-chan struct{} // closed at the end of stream. Cache of ctx.Done() (for performance)
- cancel context.CancelFunc // invoked at the end of stream to cancel ctx.
+ ctxDone <-chan struct{} // closed at the end of stream. Cache of ctx.Done() (for performance)
+ // cancel is invoked at the end of stream to cancel ctx. It also stops the
+ // timer for monitoring the rpc deadline if configured.
+ cancel func()
// Holds compressor names passed in grpc-accept-encoding metadata from the
// client.
diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go
index 2859b87755..af4a4aeab1 100644
--- a/vendor/google.golang.org/grpc/internal/transport/transport.go
+++ b/vendor/google.golang.org/grpc/internal/transport/transport.go
@@ -502,8 +502,6 @@ type ConnectOptions struct {
ChannelzParent *channelz.SubChannel
// MaxHeaderListSize sets the max (uncompressed) size of header list that is prepared to be received.
MaxHeaderListSize *uint32
- // UseProxy specifies if a proxy should be used.
- UseProxy bool
// The mem.BufferPool to use when reading/writing to the wire.
BufferPool mem.BufferPool
}
diff --git a/vendor/google.golang.org/grpc/picker_wrapper.go b/vendor/google.golang.org/grpc/picker_wrapper.go
index bdaa2130e4..a2d2a798d4 100644
--- a/vendor/google.golang.org/grpc/picker_wrapper.go
+++ b/vendor/google.golang.org/grpc/picker_wrapper.go
@@ -123,7 +123,7 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.
if lastPickErr != nil {
errStr = "latest balancer error: " + lastPickErr.Error()
} else {
- errStr = fmt.Sprintf("received context error while waiting for new LB policy update: %s", ctx.Err().Error())
+ errStr = fmt.Sprintf("%v while waiting for connections to become ready", ctx.Err())
}
switch ctx.Err() {
case context.DeadlineExceeded:
diff --git a/vendor/google.golang.org/grpc/resolver/map.go b/vendor/google.golang.org/grpc/resolver/map.go
index ada5b9bb79..c3c15ac96f 100644
--- a/vendor/google.golang.org/grpc/resolver/map.go
+++ b/vendor/google.golang.org/grpc/resolver/map.go
@@ -18,16 +18,28 @@
package resolver
-type addressMapEntry struct {
+import (
+ "encoding/base64"
+ "sort"
+ "strings"
+)
+
+type addressMapEntry[T any] struct {
addr Address
- value any
+ value T
}
-// AddressMap is a map of addresses to arbitrary values taking into account
+// AddressMap is an AddressMapV2[any]. It will be deleted in an upcoming
+// release of grpc-go.
+//
+// Deprecated: use the generic AddressMapV2 type instead.
+type AddressMap = AddressMapV2[any]
+
+// AddressMapV2 is a map of addresses to arbitrary values taking into account
// Attributes. BalancerAttributes are ignored, as are Metadata and Type.
// Multiple accesses may not be performed concurrently. Must be created via
// NewAddressMap; do not construct directly.
-type AddressMap struct {
+type AddressMapV2[T any] struct {
// The underlying map is keyed by an Address with fields that we don't care
// about being set to their zero values. The only fields that we care about
// are `Addr`, `ServerName` and `Attributes`. Since we need to be able to
@@ -41,23 +53,30 @@ type AddressMap struct {
// The value type of the map contains a slice of addresses which match the key
// in their `Addr` and `ServerName` fields and contain the corresponding value
// associated with them.
- m map[Address]addressMapEntryList
+ m map[Address]addressMapEntryList[T]
}
func toMapKey(addr *Address) Address {
return Address{Addr: addr.Addr, ServerName: addr.ServerName}
}
-type addressMapEntryList []*addressMapEntry
+type addressMapEntryList[T any] []*addressMapEntry[T]
-// NewAddressMap creates a new AddressMap.
+// NewAddressMap creates a new AddressMapV2[any].
+//
+// Deprecated: use the generic NewAddressMapV2 constructor instead.
func NewAddressMap() *AddressMap {
- return &AddressMap{m: make(map[Address]addressMapEntryList)}
+ return NewAddressMapV2[any]()
+}
+
+// NewAddressMapV2 creates a new AddressMapV2.
+func NewAddressMapV2[T any]() *AddressMapV2[T] {
+ return &AddressMapV2[T]{m: make(map[Address]addressMapEntryList[T])}
}
// find returns the index of addr in the addressMapEntry slice, or -1 if not
// present.
-func (l addressMapEntryList) find(addr Address) int {
+func (l addressMapEntryList[T]) find(addr Address) int {
for i, entry := range l {
// Attributes are the only thing to match on here, since `Addr` and
// `ServerName` are already equal.
@@ -69,28 +88,28 @@ func (l addressMapEntryList) find(addr Address) int {
}
// Get returns the value for the address in the map, if present.
-func (a *AddressMap) Get(addr Address) (value any, ok bool) {
+func (a *AddressMapV2[T]) Get(addr Address) (value T, ok bool) {
addrKey := toMapKey(&addr)
entryList := a.m[addrKey]
if entry := entryList.find(addr); entry != -1 {
return entryList[entry].value, true
}
- return nil, false
+ return value, false
}
// Set updates or adds the value to the address in the map.
-func (a *AddressMap) Set(addr Address, value any) {
+func (a *AddressMapV2[T]) Set(addr Address, value T) {
addrKey := toMapKey(&addr)
entryList := a.m[addrKey]
if entry := entryList.find(addr); entry != -1 {
entryList[entry].value = value
return
}
- a.m[addrKey] = append(entryList, &addressMapEntry{addr: addr, value: value})
+ a.m[addrKey] = append(entryList, &addressMapEntry[T]{addr: addr, value: value})
}
// Delete removes addr from the map.
-func (a *AddressMap) Delete(addr Address) {
+func (a *AddressMapV2[T]) Delete(addr Address) {
addrKey := toMapKey(&addr)
entryList := a.m[addrKey]
entry := entryList.find(addr)
@@ -107,7 +126,7 @@ func (a *AddressMap) Delete(addr Address) {
}
// Len returns the number of entries in the map.
-func (a *AddressMap) Len() int {
+func (a *AddressMapV2[T]) Len() int {
ret := 0
for _, entryList := range a.m {
ret += len(entryList)
@@ -116,7 +135,7 @@ func (a *AddressMap) Len() int {
}
// Keys returns a slice of all current map keys.
-func (a *AddressMap) Keys() []Address {
+func (a *AddressMapV2[T]) Keys() []Address {
ret := make([]Address, 0, a.Len())
for _, entryList := range a.m {
for _, entry := range entryList {
@@ -127,8 +146,8 @@ func (a *AddressMap) Keys() []Address {
}
// Values returns a slice of all current map values.
-func (a *AddressMap) Values() []any {
- ret := make([]any, 0, a.Len())
+func (a *AddressMapV2[T]) Values() []T {
+ ret := make([]T, 0, a.Len())
for _, entryList := range a.m {
for _, entry := range entryList {
ret = append(ret, entry.value)
@@ -137,70 +156,65 @@ func (a *AddressMap) Values() []any {
return ret
}
-type endpointNode struct {
- addrs map[string]struct{}
-}
-
-// Equal returns whether the unordered set of addrs are the same between the
-// endpoint nodes.
-func (en *endpointNode) Equal(en2 *endpointNode) bool {
- if len(en.addrs) != len(en2.addrs) {
- return false
- }
- for addr := range en.addrs {
- if _, ok := en2.addrs[addr]; !ok {
- return false
- }
- }
- return true
-}
-
-func toEndpointNode(endpoint Endpoint) endpointNode {
- en := make(map[string]struct{})
- for _, addr := range endpoint.Addresses {
- en[addr.Addr] = struct{}{}
- }
- return endpointNode{
- addrs: en,
- }
-}
+type endpointMapKey string
// EndpointMap is a map of endpoints to arbitrary values keyed on only the
// unordered set of address strings within an endpoint. This map is not thread
// safe, thus it is unsafe to access concurrently. Must be created via
// NewEndpointMap; do not construct directly.
-type EndpointMap struct {
- endpoints map[*endpointNode]any
+type EndpointMap[T any] struct {
+ endpoints map[endpointMapKey]endpointData[T]
+}
+
+type endpointData[T any] struct {
+ // decodedKey stores the original key to avoid decoding when iterating on
+ // EndpointMap keys.
+ decodedKey Endpoint
+ value T
}
// NewEndpointMap creates a new EndpointMap.
-func NewEndpointMap() *EndpointMap {
- return &EndpointMap{
- endpoints: make(map[*endpointNode]any),
+func NewEndpointMap[T any]() *EndpointMap[T] {
+ return &EndpointMap[T]{
+ endpoints: make(map[endpointMapKey]endpointData[T]),
}
}
+// encodeEndpoint returns a string that uniquely identifies the unordered set of
+// addresses within an endpoint.
+func encodeEndpoint(e Endpoint) endpointMapKey {
+ addrs := make([]string, 0, len(e.Addresses))
+ // base64 encoding the address strings restricts the characters present
+ // within the strings. This allows us to use a delimiter without the need of
+ // escape characters.
+ for _, addr := range e.Addresses {
+ addrs = append(addrs, base64.StdEncoding.EncodeToString([]byte(addr.Addr)))
+ }
+ sort.Strings(addrs)
+ // " " should not appear in base64 encoded strings.
+ return endpointMapKey(strings.Join(addrs, " "))
+}
+
// Get returns the value for the address in the map, if present.
-func (em *EndpointMap) Get(e Endpoint) (value any, ok bool) {
- en := toEndpointNode(e)
- if endpoint := em.find(en); endpoint != nil {
- return em.endpoints[endpoint], true
+func (em *EndpointMap[T]) Get(e Endpoint) (value T, ok bool) {
+ val, found := em.endpoints[encodeEndpoint(e)]
+ if found {
+ return val.value, true
}
- return nil, false
+ return value, false
}
// Set updates or adds the value to the address in the map.
-func (em *EndpointMap) Set(e Endpoint, value any) {
- en := toEndpointNode(e)
- if endpoint := em.find(en); endpoint != nil {
- em.endpoints[endpoint] = value
- return
+func (em *EndpointMap[T]) Set(e Endpoint, value T) {
+ en := encodeEndpoint(e)
+ em.endpoints[en] = endpointData[T]{
+ decodedKey: Endpoint{Addresses: e.Addresses},
+ value: value,
}
- em.endpoints[&en] = value
}
// Len returns the number of entries in the map.
-func (em *EndpointMap) Len() int {
+func (em *EndpointMap[T]) Len() int {
return len(em.endpoints)
}
@@ -209,43 +223,25 @@ func (em *EndpointMap) Len() int {
// the unordered set of addresses. Thus, endpoint information returned is not
// the full endpoint data (drops duplicated addresses and attributes) but can be
// used for EndpointMap accesses.
-func (em *EndpointMap) Keys() []Endpoint {
+func (em *EndpointMap[T]) Keys() []Endpoint {
ret := make([]Endpoint, 0, len(em.endpoints))
- for en := range em.endpoints {
- var endpoint Endpoint
- for addr := range en.addrs {
- endpoint.Addresses = append(endpoint.Addresses, Address{Addr: addr})
- }
- ret = append(ret, endpoint)
+ for _, en := range em.endpoints {
+ ret = append(ret, en.decodedKey)
}
return ret
}
// Values returns a slice of all current map values.
-func (em *EndpointMap) Values() []any {
- ret := make([]any, 0, len(em.endpoints))
+func (em *EndpointMap[T]) Values() []T {
+ ret := make([]T, 0, len(em.endpoints))
for _, val := range em.endpoints {
- ret = append(ret, val)
+ ret = append(ret, val.value)
}
return ret
}
-// find returns a pointer to the endpoint node in em if the endpoint node is
-// already present. If not found, nil is returned. The comparisons are done on
-// the unordered set of addresses within an endpoint.
-func (em EndpointMap) find(e endpointNode) *endpointNode {
- for endpoint := range em.endpoints {
- if e.Equal(endpoint) {
- return endpoint
- }
- }
- return nil
-}
-
// Delete removes the specified endpoint from the map.
-func (em *EndpointMap) Delete(e Endpoint) {
- en := toEndpointNode(e)
- if entry := em.find(en); entry != nil {
- delete(em.endpoints, entry)
- }
+func (em *EndpointMap[T]) Delete(e Endpoint) {
+ en := encodeEndpoint(e)
+ delete(em.endpoints, en)
}
diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go
index 8eb1cf3bcf..b84ef26d46 100644
--- a/vendor/google.golang.org/grpc/resolver/resolver.go
+++ b/vendor/google.golang.org/grpc/resolver/resolver.go
@@ -30,6 +30,7 @@ import (
"google.golang.org/grpc/attributes"
"google.golang.org/grpc/credentials"
+ "google.golang.org/grpc/experimental/stats"
"google.golang.org/grpc/internal"
"google.golang.org/grpc/serviceconfig"
)
@@ -175,6 +176,8 @@ type BuildOptions struct {
// Authority is the effective authority of the clientconn for which the
// resolver is built.
Authority string
+ // MetricsRecorder is the metrics recorder to do recording.
+ MetricsRecorder stats.MetricsRecorder
}
// An Endpoint is one network endpoint, or server, which may have multiple
diff --git a/vendor/google.golang.org/grpc/resolver_wrapper.go b/vendor/google.golang.org/grpc/resolver_wrapper.go
index 23bb3fb258..80e16a327c 100644
--- a/vendor/google.golang.org/grpc/resolver_wrapper.go
+++ b/vendor/google.golang.org/grpc/resolver_wrapper.go
@@ -26,6 +26,7 @@ import (
"google.golang.org/grpc/internal/channelz"
"google.golang.org/grpc/internal/grpcsync"
"google.golang.org/grpc/internal/pretty"
+ "google.golang.org/grpc/internal/resolver/delegatingresolver"
"google.golang.org/grpc/resolver"
"google.golang.org/grpc/serviceconfig"
)
@@ -76,9 +77,19 @@ func (ccr *ccResolverWrapper) start() error {
CredsBundle: ccr.cc.dopts.copts.CredsBundle,
Dialer: ccr.cc.dopts.copts.Dialer,
Authority: ccr.cc.authority,
+ MetricsRecorder: ccr.cc.metricsRecorderList,
}
var err error
- ccr.resolver, err = ccr.cc.resolverBuilder.Build(ccr.cc.parsedTarget, ccr, opts)
+ // The delegating resolver is used unless:
+ // - A custom dialer is provided via WithContextDialer dialoption or
+ // - Proxy usage is disabled through WithNoProxy dialoption.
+ // In these cases, the resolver is built based on the scheme of target,
+ // using the appropriate resolver builder.
+ if ccr.cc.dopts.copts.Dialer != nil || !ccr.cc.dopts.useProxy {
+ ccr.resolver, err = ccr.cc.resolverBuilder.Build(ccr.cc.parsedTarget, ccr, opts)
+ } else {
+ ccr.resolver, err = delegatingresolver.New(ccr.cc.parsedTarget, ccr, opts, ccr.cc.resolverBuilder, ccr.cc.dopts.enableLocalDNSResolution)
+ }
errCh <- err
})
return <-errCh
@@ -123,12 +134,7 @@ func (ccr *ccResolverWrapper) UpdateState(s resolver.State) error {
return nil
}
if s.Endpoints == nil {
- s.Endpoints = make([]resolver.Endpoint, 0, len(s.Addresses))
- for _, a := range s.Addresses {
- ep := resolver.Endpoint{Addresses: []resolver.Address{a}, Attributes: a.BalancerAttributes}
- ep.Addresses[0].BalancerAttributes = nil
- s.Endpoints = append(s.Endpoints, ep)
- }
+ s.Endpoints = addressesToEndpoints(s.Addresses)
}
ccr.addChannelzTraceEvent(s)
ccr.curState = s
@@ -161,7 +167,11 @@ func (ccr *ccResolverWrapper) NewAddress(addrs []resolver.Address) {
ccr.cc.mu.Unlock()
return
}
- s := resolver.State{Addresses: addrs, ServiceConfig: ccr.curState.ServiceConfig}
+ s := resolver.State{
+ Addresses: addrs,
+ ServiceConfig: ccr.curState.ServiceConfig,
+ Endpoints: addressesToEndpoints(addrs),
+ }
ccr.addChannelzTraceEvent(s)
ccr.curState = s
ccr.mu.Unlock()
@@ -199,3 +209,13 @@ func (ccr *ccResolverWrapper) addChannelzTraceEvent(s resolver.State) {
}
channelz.Infof(logger, ccr.cc.channelz, "Resolver state updated: %s (%v)", pretty.ToJSON(s), strings.Join(updates, "; "))
}
+
+func addressesToEndpoints(addrs []resolver.Address) []resolver.Endpoint {
+ endpoints := make([]resolver.Endpoint, 0, len(addrs))
+ for _, a := range addrs {
+ ep := resolver.Endpoint{Addresses: []resolver.Address{a}, Attributes: a.BalancerAttributes}
+ ep.Addresses[0].BalancerAttributes = nil
+ endpoints = append(endpoints, ep)
+ }
+ return endpoints
+}
diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go
index 9fac2b08b4..ad20e9dff2 100644
--- a/vendor/google.golang.org/grpc/rpc_util.go
+++ b/vendor/google.golang.org/grpc/rpc_util.go
@@ -151,7 +151,7 @@ func (d *gzipDecompressor) Type() string {
// callInfo contains all related configuration and information about an RPC.
type callInfo struct {
- compressorType string
+ compressorName string
failFast bool
maxReceiveMessageSize *int
maxSendMessageSize *int
@@ -222,7 +222,7 @@ type HeaderCallOption struct {
func (o HeaderCallOption) before(*callInfo) error { return nil }
func (o HeaderCallOption) after(_ *callInfo, attempt *csAttempt) {
- *o.HeaderAddr, _ = attempt.s.Header()
+ *o.HeaderAddr, _ = attempt.transportStream.Header()
}
// Trailer returns a CallOptions that retrieves the trailer metadata
@@ -244,7 +244,7 @@ type TrailerCallOption struct {
func (o TrailerCallOption) before(*callInfo) error { return nil }
func (o TrailerCallOption) after(_ *callInfo, attempt *csAttempt) {
- *o.TrailerAddr = attempt.s.Trailer()
+ *o.TrailerAddr = attempt.transportStream.Trailer()
}
// Peer returns a CallOption that retrieves peer information for a unary RPC.
@@ -266,7 +266,7 @@ type PeerCallOption struct {
func (o PeerCallOption) before(*callInfo) error { return nil }
func (o PeerCallOption) after(_ *callInfo, attempt *csAttempt) {
- if x, ok := peer.FromContext(attempt.s.Context()); ok {
+ if x, ok := peer.FromContext(attempt.transportStream.Context()); ok {
*o.PeerAddr = *x
}
}
@@ -435,7 +435,7 @@ type CompressorCallOption struct {
}
func (o CompressorCallOption) before(c *callInfo) error {
- c.compressorType = o.CompressorType
+ c.compressorName = o.CompressorType
return nil
}
func (o CompressorCallOption) after(*callInfo, *csAttempt) {}
@@ -692,9 +692,9 @@ func encode(c baseCodec, msg any) (mem.BufferSlice, error) {
if err != nil {
return nil, status.Errorf(codes.Internal, "grpc: error while marshaling: %v", err.Error())
}
- if uint(b.Len()) > math.MaxUint32 {
+ if bufSize := uint(b.Len()); bufSize > math.MaxUint32 {
b.Free()
- return nil, status.Errorf(codes.ResourceExhausted, "grpc: message too large (%d bytes)", len(b))
+ return nil, status.Errorf(codes.ResourceExhausted, "grpc: message too large (%d bytes)", bufSize)
}
return b, nil
}
@@ -828,30 +828,13 @@ func recvAndDecompress(p *parser, s recvCompressor, dc Decompressor, maxReceiveM
return nil, st.Err()
}
- var size int
if pf.isCompressed() {
defer compressed.Free()
-
// To match legacy behavior, if the decompressor is set by WithDecompressor or RPCDecompressor,
// use this decompressor as the default.
- if dc != nil {
- var uncompressedBuf []byte
- uncompressedBuf, err = dc.Do(compressed.Reader())
- if err == nil {
- out = mem.BufferSlice{mem.SliceBuffer(uncompressedBuf)}
- }
- size = len(uncompressedBuf)
- } else {
- out, size, err = decompress(compressor, compressed, maxReceiveMessageSize, p.bufferPool)
- }
+ out, err = decompress(compressor, compressed, dc, maxReceiveMessageSize, p.bufferPool)
if err != nil {
- return nil, status.Errorf(codes.Internal, "grpc: failed to decompress the received message: %v", err)
- }
- if size > maxReceiveMessageSize {
- out.Free()
- // TODO: Revisit the error code. Currently keep it consistent with java
- // implementation.
- return nil, status.Errorf(codes.ResourceExhausted, "grpc: received message after decompression larger than max (%d vs. %d)", size, maxReceiveMessageSize)
+ return nil, err
}
} else {
out = compressed
@@ -866,20 +849,46 @@ func recvAndDecompress(p *parser, s recvCompressor, dc Decompressor, maxReceiveM
return out, nil
}
-// Using compressor, decompress d, returning data and size.
-// Optionally, if data will be over maxReceiveMessageSize, just return the size.
-func decompress(compressor encoding.Compressor, d mem.BufferSlice, maxReceiveMessageSize int, pool mem.BufferPool) (mem.BufferSlice, int, error) {
- dcReader, err := compressor.Decompress(d.Reader())
- if err != nil {
- return nil, 0, err
+// decompress processes the given data by decompressing it using either a custom decompressor or a standard compressor.
+// If a custom decompressor is provided, it takes precedence. The function validates that the decompressed data
+// does not exceed the specified maximum size and returns an error if this limit is exceeded.
+// On success, it returns the decompressed data. Otherwise, it returns an error if decompression fails or the data exceeds the size limit.
+func decompress(compressor encoding.Compressor, d mem.BufferSlice, dc Decompressor, maxReceiveMessageSize int, pool mem.BufferPool) (mem.BufferSlice, error) {
+ if dc != nil {
+ uncompressed, err := dc.Do(d.Reader())
+ if err != nil {
+ return nil, status.Errorf(codes.Internal, "grpc: failed to decompress the received message: %v", err)
+ }
+ if len(uncompressed) > maxReceiveMessageSize {
+ return nil, status.Errorf(codes.ResourceExhausted, "grpc: message after decompression larger than max (%d vs. %d)", len(uncompressed), maxReceiveMessageSize)
+ }
+ return mem.BufferSlice{mem.SliceBuffer(uncompressed)}, nil
}
+ if compressor != nil {
+ dcReader, err := compressor.Decompress(d.Reader())
+ if err != nil {
+ return nil, status.Errorf(codes.Internal, "grpc: failed to decompress the message: %v", err)
+ }
- out, err := mem.ReadAll(io.LimitReader(dcReader, int64(maxReceiveMessageSize)+1), pool)
- if err != nil {
- out.Free()
- return nil, 0, err
+ // Read at most one byte more than the limit from the decompressor.
+ // Unless the limit is MaxInt64, in which case, that's impossible, so
+ // apply no limit.
+ if limit := int64(maxReceiveMessageSize); limit < math.MaxInt64 {
+ dcReader = io.LimitReader(dcReader, limit+1)
+ }
+ out, err := mem.ReadAll(dcReader, pool)
+ if err != nil {
+ out.Free()
+ return nil, status.Errorf(codes.Internal, "grpc: failed to read decompressed data: %v", err)
+ }
+
+ if out.Len() > maxReceiveMessageSize {
+ out.Free()
+ return nil, status.Errorf(codes.ResourceExhausted, "grpc: received message after decompression larger than max %d", maxReceiveMessageSize)
+ }
+ return out, nil
}
- return out, out.Len(), nil
+ return nil, status.Errorf(codes.Internal, "grpc: no decompressor available for compressed payload")
}
type recvCompressor interface {
diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go
index 16065a027a..976e70ae06 100644
--- a/vendor/google.golang.org/grpc/server.go
+++ b/vendor/google.golang.org/grpc/server.go
@@ -37,12 +37,14 @@ import (
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/encoding"
"google.golang.org/grpc/encoding/proto"
+ estats "google.golang.org/grpc/experimental/stats"
"google.golang.org/grpc/grpclog"
"google.golang.org/grpc/internal"
"google.golang.org/grpc/internal/binarylog"
"google.golang.org/grpc/internal/channelz"
"google.golang.org/grpc/internal/grpcsync"
"google.golang.org/grpc/internal/grpcutil"
+ istats "google.golang.org/grpc/internal/stats"
"google.golang.org/grpc/internal/transport"
"google.golang.org/grpc/keepalive"
"google.golang.org/grpc/mem"
@@ -82,6 +84,9 @@ func init() {
internal.BinaryLogger = binaryLogger
internal.JoinServerOptions = newJoinServerOption
internal.BufferPool = bufferPool
+ internal.MetricsRecorderForServer = func(srv *Server) estats.MetricsRecorder {
+ return istats.NewMetricsRecorderList(srv.opts.statsHandlers)
+ }
}
var statusOK = status.New(codes.OK, "")
@@ -643,7 +648,7 @@ func (s *Server) serverWorker() {
// connections to reduce the time spent overall on runtime.morestack.
func (s *Server) initServerWorkers() {
s.serverWorkerChannel = make(chan func())
- s.serverWorkerChannelClose = grpcsync.OnceFunc(func() {
+ s.serverWorkerChannelClose = sync.OnceFunc(func() {
close(s.serverWorkerChannel)
})
for i := uint32(0); i < s.opts.numServerWorkers; i++ {
@@ -1360,8 +1365,16 @@ func (s *Server) processUnaryRPC(ctx context.Context, stream *transport.ServerSt
}
return err
}
- defer d.Free()
+ freed := false
+ dataFree := func() {
+ if !freed {
+ d.Free()
+ freed = true
+ }
+ }
+ defer dataFree()
df := func(v any) error {
+ defer dataFree()
if err := s.getCodec(stream.ContentSubtype()).Unmarshal(d, v); err != nil {
return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err)
}
@@ -1637,10 +1650,10 @@ func (s *Server) processStreamingRPC(ctx context.Context, stream *transport.Serv
// If dc is set and matches the stream's compression, use it. Otherwise, try
// to find a matching registered compressor for decomp.
if rc := stream.RecvCompress(); s.opts.dc != nil && s.opts.dc.Type() == rc {
- ss.dc = s.opts.dc
+ ss.decompressorV0 = s.opts.dc
} else if rc != "" && rc != encoding.Identity {
- ss.decomp = encoding.GetCompressor(rc)
- if ss.decomp == nil {
+ ss.decompressorV1 = encoding.GetCompressor(rc)
+ if ss.decompressorV1 == nil {
st := status.Newf(codes.Unimplemented, "grpc: Decompressor is not installed for grpc-encoding %q", rc)
ss.s.WriteStatus(st)
return st.Err()
@@ -1652,12 +1665,12 @@ func (s *Server) processStreamingRPC(ctx context.Context, stream *transport.Serv
//
// NOTE: this needs to be ahead of all handling, https://github.com/grpc/grpc-go/issues/686.
if s.opts.cp != nil {
- ss.cp = s.opts.cp
+ ss.compressorV0 = s.opts.cp
ss.sendCompressorName = s.opts.cp.Type()
} else if rc := stream.RecvCompress(); rc != "" && rc != encoding.Identity {
// Legacy compressor not specified; attempt to respond with same encoding.
- ss.comp = encoding.GetCompressor(rc)
- if ss.comp != nil {
+ ss.compressorV1 = encoding.GetCompressor(rc)
+ if ss.compressorV1 != nil {
ss.sendCompressorName = rc
}
}
@@ -1668,7 +1681,7 @@ func (s *Server) processStreamingRPC(ctx context.Context, stream *transport.Serv
}
}
- ss.ctx = newContextWithRPCInfo(ss.ctx, false, ss.codec, ss.cp, ss.comp)
+ ss.ctx = newContextWithRPCInfo(ss.ctx, false, ss.codec, ss.compressorV0, ss.compressorV1)
if trInfo != nil {
trInfo.tr.LazyLog(&trInfo.firstLine, false)
@@ -1922,7 +1935,7 @@ func (s *Server) stop(graceful bool) {
s.conns = nil
if s.opts.numServerWorkers > 0 {
- // Closing the channel (only once, via grpcsync.OnceFunc) after all the
+ // Closing the channel (only once, via sync.OnceFunc) after all the
// connections have been closed above ensures that there are no
// goroutines executing the callback passed to st.HandleStreams (where
// the channel is written to).
diff --git a/vendor/google.golang.org/grpc/service_config.go b/vendor/google.golang.org/grpc/service_config.go
index 7e83027d19..8d451e07c7 100644
--- a/vendor/google.golang.org/grpc/service_config.go
+++ b/vendor/google.golang.org/grpc/service_config.go
@@ -268,18 +268,21 @@ func parseServiceConfig(js string, maxAttempts int) *serviceconfig.ParseResult {
return &serviceconfig.ParseResult{Config: &sc}
}
+func isValidRetryPolicy(jrp *jsonRetryPolicy) bool {
+ return jrp.MaxAttempts > 1 &&
+ jrp.InitialBackoff > 0 &&
+ jrp.MaxBackoff > 0 &&
+ jrp.BackoffMultiplier > 0 &&
+ len(jrp.RetryableStatusCodes) > 0
+}
+
func convertRetryPolicy(jrp *jsonRetryPolicy, maxAttempts int) (p *internalserviceconfig.RetryPolicy, err error) {
if jrp == nil {
return nil, nil
}
- if jrp.MaxAttempts <= 1 ||
- jrp.InitialBackoff <= 0 ||
- jrp.MaxBackoff <= 0 ||
- jrp.BackoffMultiplier <= 0 ||
- len(jrp.RetryableStatusCodes) == 0 {
- logger.Warningf("grpc: ignoring retry policy %v due to illegal configuration", jrp)
- return nil, nil
+ if !isValidRetryPolicy(jrp) {
+ return nil, fmt.Errorf("invalid retry policy (%+v): ", jrp)
}
if jrp.MaxAttempts < maxAttempts {
diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go
index 6f20d2d548..baf7740efb 100644
--- a/vendor/google.golang.org/grpc/stats/stats.go
+++ b/vendor/google.golang.org/grpc/stats/stats.go
@@ -36,7 +36,12 @@ type RPCStats interface {
IsClient() bool
}
-// Begin contains stats when an RPC attempt begins.
+// Begin contains stats for the start of an RPC attempt.
+//
+// - Server-side: Triggered after `InHeader`, as headers are processed
+// before the RPC lifecycle begins.
+// - Client-side: The first stats event recorded.
+//
// FailFast is only valid if this Begin is from client side.
type Begin struct {
// Client is true if this Begin is from client side.
@@ -69,7 +74,7 @@ func (*PickerUpdated) IsClient() bool { return true }
func (*PickerUpdated) isRPCStats() {}
-// InPayload contains the information for an incoming payload.
+// InPayload contains stats about an incoming payload.
type InPayload struct {
// Client is true if this InPayload is from client side.
Client bool
@@ -98,7 +103,9 @@ func (s *InPayload) IsClient() bool { return s.Client }
func (s *InPayload) isRPCStats() {}
-// InHeader contains stats when a header is received.
+// InHeader contains stats about header reception.
+//
+// - Server-side: The first stats event after the RPC request is received.
type InHeader struct {
// Client is true if this InHeader is from client side.
Client bool
@@ -123,7 +130,7 @@ func (s *InHeader) IsClient() bool { return s.Client }
func (s *InHeader) isRPCStats() {}
-// InTrailer contains stats when a trailer is received.
+// InTrailer contains stats about trailer reception.
type InTrailer struct {
// Client is true if this InTrailer is from client side.
Client bool
@@ -139,7 +146,7 @@ func (s *InTrailer) IsClient() bool { return s.Client }
func (s *InTrailer) isRPCStats() {}
-// OutPayload contains the information for an outgoing payload.
+// OutPayload contains stats about an outgoing payload.
type OutPayload struct {
// Client is true if this OutPayload is from client side.
Client bool
@@ -166,7 +173,10 @@ func (s *OutPayload) IsClient() bool { return s.Client }
func (s *OutPayload) isRPCStats() {}
-// OutHeader contains stats when a header is sent.
+// OutHeader contains stats about header transmission.
+//
+// - Client-side: Only occurs after 'Begin', as headers are always the first
+// thing sent on a stream.
type OutHeader struct {
// Client is true if this OutHeader is from client side.
Client bool
@@ -189,14 +199,15 @@ func (s *OutHeader) IsClient() bool { return s.Client }
func (s *OutHeader) isRPCStats() {}
-// OutTrailer contains stats when a trailer is sent.
+// OutTrailer contains stats about trailer transmission.
type OutTrailer struct {
// Client is true if this OutTrailer is from client side.
Client bool
// WireLength is the wire length of trailer.
//
- // Deprecated: This field is never set. The length is not known when this message is
- // emitted because the trailer fields are compressed with hpack after that.
+ // Deprecated: This field is never set. The length is not known when this
+ // message is emitted because the trailer fields are compressed with hpack
+ // after that.
WireLength int
// Trailer contains the trailer metadata sent to the client. This
// field is only valid if this OutTrailer is from the server side.
@@ -208,7 +219,7 @@ func (s *OutTrailer) IsClient() bool { return s.Client }
func (s *OutTrailer) isRPCStats() {}
-// End contains stats when an RPC ends.
+// End contains stats about RPC completion.
type End struct {
// Client is true if this End is from client side.
Client bool
@@ -238,7 +249,7 @@ type ConnStats interface {
IsClient() bool
}
-// ConnBegin contains the stats of a connection when it is established.
+// ConnBegin contains stats about connection establishment.
type ConnBegin struct {
// Client is true if this ConnBegin is from client side.
Client bool
@@ -249,7 +260,7 @@ func (s *ConnBegin) IsClient() bool { return s.Client }
func (s *ConnBegin) isConnStats() {}
-// ConnEnd contains the stats of a connection when it ends.
+// ConnEnd contains stats about connection termination.
type ConnEnd struct {
// Client is true if this ConnEnd is from client side.
Client bool
diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go
index 17e2267b33..12163150ba 100644
--- a/vendor/google.golang.org/grpc/stream.go
+++ b/vendor/google.golang.org/grpc/stream.go
@@ -258,9 +258,9 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
}
func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, mc serviceconfig.MethodConfig, onCommit, doneFunc func(), opts ...CallOption) (_ iresolver.ClientStream, err error) {
- c := defaultCallInfo()
+ callInfo := defaultCallInfo()
if mc.WaitForReady != nil {
- c.failFast = !*mc.WaitForReady
+ callInfo.failFast = !*mc.WaitForReady
}
// Possible context leak:
@@ -281,20 +281,20 @@ func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *Client
}()
for _, o := range opts {
- if err := o.before(c); err != nil {
+ if err := o.before(callInfo); err != nil {
return nil, toRPCErr(err)
}
}
- c.maxSendMessageSize = getMaxSize(mc.MaxReqSize, c.maxSendMessageSize, defaultClientMaxSendMessageSize)
- c.maxReceiveMessageSize = getMaxSize(mc.MaxRespSize, c.maxReceiveMessageSize, defaultClientMaxReceiveMessageSize)
- if err := setCallInfoCodec(c); err != nil {
+ callInfo.maxSendMessageSize = getMaxSize(mc.MaxReqSize, callInfo.maxSendMessageSize, defaultClientMaxSendMessageSize)
+ callInfo.maxReceiveMessageSize = getMaxSize(mc.MaxRespSize, callInfo.maxReceiveMessageSize, defaultClientMaxReceiveMessageSize)
+ if err := setCallInfoCodec(callInfo); err != nil {
return nil, err
}
callHdr := &transport.CallHdr{
Host: cc.authority,
Method: method,
- ContentSubtype: c.contentSubtype,
+ ContentSubtype: callInfo.contentSubtype,
DoneFunc: doneFunc,
}
@@ -302,22 +302,22 @@ func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *Client
// set. In that case, also find the compressor from the encoding package.
// Otherwise, use the compressor configured by the WithCompressor DialOption,
// if set.
- var cp Compressor
- var comp encoding.Compressor
- if ct := c.compressorType; ct != "" {
+ var compressorV0 Compressor
+ var compressorV1 encoding.Compressor
+ if ct := callInfo.compressorName; ct != "" {
callHdr.SendCompress = ct
if ct != encoding.Identity {
- comp = encoding.GetCompressor(ct)
- if comp == nil {
+ compressorV1 = encoding.GetCompressor(ct)
+ if compressorV1 == nil {
return nil, status.Errorf(codes.Internal, "grpc: Compressor is not installed for requested grpc-encoding %q", ct)
}
}
- } else if cc.dopts.cp != nil {
- callHdr.SendCompress = cc.dopts.cp.Type()
- cp = cc.dopts.cp
+ } else if cc.dopts.compressorV0 != nil {
+ callHdr.SendCompress = cc.dopts.compressorV0.Type()
+ compressorV0 = cc.dopts.compressorV0
}
- if c.creds != nil {
- callHdr.Creds = c.creds
+ if callInfo.creds != nil {
+ callHdr.Creds = callInfo.creds
}
cs := &clientStream{
@@ -325,12 +325,12 @@ func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *Client
ctx: ctx,
methodConfig: &mc,
opts: opts,
- callInfo: c,
+ callInfo: callInfo,
cc: cc,
desc: desc,
- codec: c.codec,
- cp: cp,
- comp: comp,
+ codec: callInfo.codec,
+ compressorV0: compressorV0,
+ compressorV1: compressorV1,
cancel: cancel,
firstAttempt: true,
onCommit: onCommit,
@@ -412,7 +412,7 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error)
return nil, ErrClientConnClosing
}
- ctx := newContextWithRPCInfo(cs.ctx, cs.callInfo.failFast, cs.callInfo.codec, cs.cp, cs.comp)
+ ctx := newContextWithRPCInfo(cs.ctx, cs.callInfo.failFast, cs.callInfo.codec, cs.compressorV0, cs.compressorV1)
method := cs.callHdr.Method
var beginTime time.Time
shs := cs.cc.dopts.copts.StatsHandlers
@@ -454,12 +454,12 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error)
}
return &csAttempt{
- ctx: ctx,
- beginTime: beginTime,
- cs: cs,
- dc: cs.cc.dopts.dc,
- statsHandlers: shs,
- trInfo: trInfo,
+ ctx: ctx,
+ beginTime: beginTime,
+ cs: cs,
+ decompressorV0: cs.cc.dopts.dc,
+ statsHandlers: shs,
+ trInfo: trInfo,
}, nil
}
@@ -467,7 +467,7 @@ func (a *csAttempt) getTransport() error {
cs := a.cs
var err error
- a.t, a.pickResult, err = cs.cc.getTransport(a.ctx, cs.callInfo.failFast, cs.callHdr.Method)
+ a.transport, a.pickResult, err = cs.cc.getTransport(a.ctx, cs.callInfo.failFast, cs.callHdr.Method)
if err != nil {
if de, ok := err.(dropError); ok {
err = de.error
@@ -476,7 +476,7 @@ func (a *csAttempt) getTransport() error {
return err
}
if a.trInfo != nil {
- a.trInfo.firstLine.SetRemoteAddr(a.t.RemoteAddr())
+ a.trInfo.firstLine.SetRemoteAddr(a.transport.RemoteAddr())
}
return nil
}
@@ -503,7 +503,7 @@ func (a *csAttempt) newStream() error {
a.ctx = metadata.NewOutgoingContext(a.ctx, md)
}
- s, err := a.t.NewStream(a.ctx, cs.callHdr)
+ s, err := a.transport.NewStream(a.ctx, cs.callHdr)
if err != nil {
nse, ok := err.(*transport.NewStreamError)
if !ok {
@@ -518,9 +518,9 @@ func (a *csAttempt) newStream() error {
// Unwrap and convert error.
return toRPCErr(nse.Err)
}
- a.s = s
+ a.transportStream = s
a.ctx = s.Context()
- a.p = &parser{r: s, bufferPool: a.cs.cc.dopts.copts.BufferPool}
+ a.parser = &parser{r: s, bufferPool: a.cs.cc.dopts.copts.BufferPool}
return nil
}
@@ -532,9 +532,9 @@ type clientStream struct {
cc *ClientConn
desc *StreamDesc
- codec baseCodec
- cp Compressor
- comp encoding.Compressor
+ codec baseCodec
+ compressorV0 Compressor
+ compressorV1 encoding.Compressor
cancel context.CancelFunc // cancels all attempts
@@ -583,17 +583,17 @@ type replayOp struct {
// csAttempt implements a single transport stream attempt within a
// clientStream.
type csAttempt struct {
- ctx context.Context
- cs *clientStream
- t transport.ClientTransport
- s *transport.ClientStream
- p *parser
- pickResult balancer.PickResult
-
- finished bool
- dc Decompressor
- decomp encoding.Compressor
- decompSet bool
+ ctx context.Context
+ cs *clientStream
+ transport transport.ClientTransport
+ transportStream *transport.ClientStream
+ parser *parser
+ pickResult balancer.PickResult
+
+ finished bool
+ decompressorV0 Decompressor
+ decompressorV1 encoding.Compressor
+ decompressorSet bool
mu sync.Mutex // guards trInfo.tr
// trInfo may be nil (if EnableTracing is false).
@@ -639,14 +639,14 @@ func (a *csAttempt) shouldRetry(err error) (bool, error) {
// RPC is finished or committed or was dropped by the picker; cannot retry.
return false, err
}
- if a.s == nil && a.allowTransparentRetry {
+ if a.transportStream == nil && a.allowTransparentRetry {
return true, nil
}
// Wait for the trailers.
unprocessed := false
- if a.s != nil {
- <-a.s.Done()
- unprocessed = a.s.Unprocessed()
+ if a.transportStream != nil {
+ <-a.transportStream.Done()
+ unprocessed = a.transportStream.Unprocessed()
}
if cs.firstAttempt && unprocessed {
// First attempt, stream unprocessed: transparently retry.
@@ -658,14 +658,14 @@ func (a *csAttempt) shouldRetry(err error) (bool, error) {
pushback := 0
hasPushback := false
- if a.s != nil {
- if !a.s.TrailersOnly() {
+ if a.transportStream != nil {
+ if !a.transportStream.TrailersOnly() {
return false, err
}
// TODO(retry): Move down if the spec changes to not check server pushback
// before considering this a failure for throttling.
- sps := a.s.Trailer()["grpc-retry-pushback-ms"]
+ sps := a.transportStream.Trailer()["grpc-retry-pushback-ms"]
if len(sps) == 1 {
var e error
if pushback, e = strconv.Atoi(sps[0]); e != nil || pushback < 0 {
@@ -682,8 +682,8 @@ func (a *csAttempt) shouldRetry(err error) (bool, error) {
}
var code codes.Code
- if a.s != nil {
- code = a.s.Status().Code()
+ if a.transportStream != nil {
+ code = a.transportStream.Status().Code()
} else {
code = status.Code(err)
}
@@ -756,8 +756,8 @@ func (cs *clientStream) Context() context.Context {
cs.commitAttempt()
// No need to lock before using attempt, since we know it is committed and
// cannot change.
- if cs.attempt.s != nil {
- return cs.attempt.s.Context()
+ if cs.attempt.transportStream != nil {
+ return cs.attempt.transportStream.Context()
}
return cs.ctx
}
@@ -794,9 +794,9 @@ func (cs *clientStream) withRetry(op func(a *csAttempt) error, onSuccess func())
continue
}
if err == io.EOF {
- <-a.s.Done()
+ <-a.transportStream.Done()
}
- if err == nil || (err == io.EOF && a.s.Status().Code() == codes.OK) {
+ if err == nil || (err == io.EOF && a.transportStream.Status().Code() == codes.OK) {
onSuccess()
cs.mu.Unlock()
return err
@@ -812,7 +812,7 @@ func (cs *clientStream) Header() (metadata.MD, error) {
var m metadata.MD
err := cs.withRetry(func(a *csAttempt) error {
var err error
- m, err = a.s.Header()
+ m, err = a.transportStream.Header()
return toRPCErr(err)
}, cs.commitAttemptLocked)
@@ -856,10 +856,10 @@ func (cs *clientStream) Trailer() metadata.MD {
// directions -- it will prevent races and should not meaningfully impact
// performance.
cs.commitAttempt()
- if cs.attempt.s == nil {
+ if cs.attempt.transportStream == nil {
return nil
}
- return cs.attempt.s.Trailer()
+ return cs.attempt.transportStream.Trailer()
}
func (cs *clientStream) replayBufferLocked(attempt *csAttempt) error {
@@ -904,7 +904,7 @@ func (cs *clientStream) SendMsg(m any) (err error) {
}
// load hdr, payload, data
- hdr, data, payload, pf, err := prepareMsg(m, cs.codec, cs.cp, cs.comp, cs.cc.dopts.copts.BufferPool)
+ hdr, data, payload, pf, err := prepareMsg(m, cs.codec, cs.compressorV0, cs.compressorV1, cs.cc.dopts.copts.BufferPool)
if err != nil {
return err
}
@@ -992,7 +992,7 @@ func (cs *clientStream) CloseSend() error {
}
cs.sentLast = true
op := func(a *csAttempt) error {
- a.s.Write(nil, nil, &transport.WriteOptions{Last: true})
+ a.transportStream.Write(nil, nil, &transport.WriteOptions{Last: true})
// Always return nil; io.EOF is the only error that might make sense
// instead, but there is no need to signal the client to call RecvMsg
// as the only use left for the stream after CloseSend is to call
@@ -1030,7 +1030,7 @@ func (cs *clientStream) finish(err error) {
if cs.attempt != nil {
cs.attempt.finish(err)
// after functions all rely upon having a stream.
- if cs.attempt.s != nil {
+ if cs.attempt.transportStream != nil {
for _, o := range cs.opts {
o.after(cs.callInfo, cs.attempt)
}
@@ -1084,7 +1084,7 @@ func (a *csAttempt) sendMsg(m any, hdr []byte, payld mem.BufferSlice, dataLength
}
a.mu.Unlock()
}
- if err := a.s.Write(hdr, payld, &transport.WriteOptions{Last: !cs.desc.ClientStreams}); err != nil {
+ if err := a.transportStream.Write(hdr, payld, &transport.WriteOptions{Last: !cs.desc.ClientStreams}); err != nil {
if !cs.desc.ClientStreams {
// For non-client-streaming RPCs, we return nil instead of EOF on error
// because the generated code requires it. finish is not called; RecvMsg()
@@ -1108,25 +1108,25 @@ func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) {
defer payInfo.free()
}
- if !a.decompSet {
+ if !a.decompressorSet {
// Block until we receive headers containing received message encoding.
- if ct := a.s.RecvCompress(); ct != "" && ct != encoding.Identity {
- if a.dc == nil || a.dc.Type() != ct {
+ if ct := a.transportStream.RecvCompress(); ct != "" && ct != encoding.Identity {
+ if a.decompressorV0 == nil || a.decompressorV0.Type() != ct {
// No configured decompressor, or it does not match the incoming
// message encoding; attempt to find a registered compressor that does.
- a.dc = nil
- a.decomp = encoding.GetCompressor(ct)
+ a.decompressorV0 = nil
+ a.decompressorV1 = encoding.GetCompressor(ct)
}
} else {
// No compression is used; disable our decompressor.
- a.dc = nil
+ a.decompressorV0 = nil
}
// Only initialize this state once per stream.
- a.decompSet = true
+ a.decompressorSet = true
}
- if err := recv(a.p, cs.codec, a.s, a.dc, m, *cs.callInfo.maxReceiveMessageSize, payInfo, a.decomp, false); err != nil {
+ if err := recv(a.parser, cs.codec, a.transportStream, a.decompressorV0, m, *cs.callInfo.maxReceiveMessageSize, payInfo, a.decompressorV1, false); err != nil {
if err == io.EOF {
- if statusErr := a.s.Status().Err(); statusErr != nil {
+ if statusErr := a.transportStream.Status().Err(); statusErr != nil {
return statusErr
}
return io.EOF // indicates successful end of stream.
@@ -1157,8 +1157,8 @@ func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) {
}
// Special handling for non-server-stream rpcs.
// This recv expects EOF or errors, so we don't collect inPayload.
- if err := recv(a.p, cs.codec, a.s, a.dc, m, *cs.callInfo.maxReceiveMessageSize, nil, a.decomp, false); err == io.EOF {
- return a.s.Status().Err() // non-server streaming Recv returns nil on success
+ if err := recv(a.parser, cs.codec, a.transportStream, a.decompressorV0, m, *cs.callInfo.maxReceiveMessageSize, nil, a.decompressorV1, false); err == io.EOF {
+ return a.transportStream.Status().Err() // non-server streaming Recv returns nil on success
} else if err != nil {
return toRPCErr(err)
}
@@ -1177,20 +1177,20 @@ func (a *csAttempt) finish(err error) {
err = nil
}
var tr metadata.MD
- if a.s != nil {
- a.s.Close(err)
- tr = a.s.Trailer()
+ if a.transportStream != nil {
+ a.transportStream.Close(err)
+ tr = a.transportStream.Trailer()
}
if a.pickResult.Done != nil {
br := false
- if a.s != nil {
- br = a.s.BytesReceived()
+ if a.transportStream != nil {
+ br = a.transportStream.BytesReceived()
}
a.pickResult.Done(balancer.DoneInfo{
Err: err,
Trailer: tr,
- BytesSent: a.s != nil,
+ BytesSent: a.transportStream != nil,
BytesReceived: br,
ServerLoad: balancerload.Parse(tr),
})
@@ -1272,7 +1272,7 @@ func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method strin
// if set.
var cp Compressor
var comp encoding.Compressor
- if ct := c.compressorType; ct != "" {
+ if ct := c.compressorName; ct != "" {
callHdr.SendCompress = ct
if ct != encoding.Identity {
comp = encoding.GetCompressor(ct)
@@ -1280,9 +1280,9 @@ func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method strin
return nil, status.Errorf(codes.Internal, "grpc: Compressor is not installed for requested grpc-encoding %q", ct)
}
}
- } else if ac.cc.dopts.cp != nil {
- callHdr.SendCompress = ac.cc.dopts.cp.Type()
- cp = ac.cc.dopts.cp
+ } else if ac.cc.dopts.compressorV0 != nil {
+ callHdr.SendCompress = ac.cc.dopts.compressorV0.Type()
+ cp = ac.cc.dopts.compressorV0
}
if c.creds != nil {
callHdr.Creds = c.creds
@@ -1290,26 +1290,26 @@ func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method strin
// Use a special addrConnStream to avoid retry.
as := &addrConnStream{
- callHdr: callHdr,
- ac: ac,
- ctx: ctx,
- cancel: cancel,
- opts: opts,
- callInfo: c,
- desc: desc,
- codec: c.codec,
- cp: cp,
- comp: comp,
- t: t,
- }
-
- s, err := as.t.NewStream(as.ctx, as.callHdr)
+ callHdr: callHdr,
+ ac: ac,
+ ctx: ctx,
+ cancel: cancel,
+ opts: opts,
+ callInfo: c,
+ desc: desc,
+ codec: c.codec,
+ sendCompressorV0: cp,
+ sendCompressorV1: comp,
+ transport: t,
+ }
+
+ s, err := as.transport.NewStream(as.ctx, as.callHdr)
if err != nil {
err = toRPCErr(err)
return nil, err
}
- as.s = s
- as.p = &parser{r: s, bufferPool: ac.dopts.copts.BufferPool}
+ as.transportStream = s
+ as.parser = &parser{r: s, bufferPool: ac.dopts.copts.BufferPool}
ac.incrCallsStarted()
if desc != unaryStreamDesc {
// Listen on stream context to cleanup when the stream context is
@@ -1335,29 +1335,31 @@ func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method strin
}
type addrConnStream struct {
- s *transport.ClientStream
- ac *addrConn
- callHdr *transport.CallHdr
- cancel context.CancelFunc
- opts []CallOption
- callInfo *callInfo
- t transport.ClientTransport
- ctx context.Context
- sentLast bool
- desc *StreamDesc
- codec baseCodec
- cp Compressor
- comp encoding.Compressor
- decompSet bool
- dc Decompressor
- decomp encoding.Compressor
- p *parser
- mu sync.Mutex
- finished bool
+ transportStream *transport.ClientStream
+ ac *addrConn
+ callHdr *transport.CallHdr
+ cancel context.CancelFunc
+ opts []CallOption
+ callInfo *callInfo
+ transport transport.ClientTransport
+ ctx context.Context
+ sentLast bool
+ desc *StreamDesc
+ codec baseCodec
+ sendCompressorV0 Compressor
+ sendCompressorV1 encoding.Compressor
+ decompressorSet bool
+ decompressorV0 Decompressor
+ decompressorV1 encoding.Compressor
+ parser *parser
+
+ // mu guards finished and is held for the entire finish method.
+ mu sync.Mutex
+ finished bool
}
func (as *addrConnStream) Header() (metadata.MD, error) {
- m, err := as.s.Header()
+ m, err := as.transportStream.Header()
if err != nil {
as.finish(toRPCErr(err))
}
@@ -1365,7 +1367,7 @@ func (as *addrConnStream) Header() (metadata.MD, error) {
}
func (as *addrConnStream) Trailer() metadata.MD {
- return as.s.Trailer()
+ return as.transportStream.Trailer()
}
func (as *addrConnStream) CloseSend() error {
@@ -1375,7 +1377,7 @@ func (as *addrConnStream) CloseSend() error {
}
as.sentLast = true
- as.s.Write(nil, nil, &transport.WriteOptions{Last: true})
+ as.transportStream.Write(nil, nil, &transport.WriteOptions{Last: true})
// Always return nil; io.EOF is the only error that might make sense
// instead, but there is no need to signal the client to call RecvMsg
// as the only use left for the stream after CloseSend is to call
@@ -1384,7 +1386,7 @@ func (as *addrConnStream) CloseSend() error {
}
func (as *addrConnStream) Context() context.Context {
- return as.s.Context()
+ return as.transportStream.Context()
}
func (as *addrConnStream) SendMsg(m any) (err error) {
@@ -1406,7 +1408,7 @@ func (as *addrConnStream) SendMsg(m any) (err error) {
}
// load hdr, payload, data
- hdr, data, payload, pf, err := prepareMsg(m, as.codec, as.cp, as.comp, as.ac.dopts.copts.BufferPool)
+ hdr, data, payload, pf, err := prepareMsg(m, as.codec, as.sendCompressorV0, as.sendCompressorV1, as.ac.dopts.copts.BufferPool)
if err != nil {
return err
}
@@ -1425,7 +1427,7 @@ func (as *addrConnStream) SendMsg(m any) (err error) {
return status.Errorf(codes.ResourceExhausted, "trying to send message larger than max (%d vs. %d)", payload.Len(), *as.callInfo.maxSendMessageSize)
}
- if err := as.s.Write(hdr, payload, &transport.WriteOptions{Last: !as.desc.ClientStreams}); err != nil {
+ if err := as.transportStream.Write(hdr, payload, &transport.WriteOptions{Last: !as.desc.ClientStreams}); err != nil {
if !as.desc.ClientStreams {
// For non-client-streaming RPCs, we return nil instead of EOF on error
// because the generated code requires it. finish is not called; RecvMsg()
@@ -1446,25 +1448,25 @@ func (as *addrConnStream) RecvMsg(m any) (err error) {
}
}()
- if !as.decompSet {
+ if !as.decompressorSet {
// Block until we receive headers containing received message encoding.
- if ct := as.s.RecvCompress(); ct != "" && ct != encoding.Identity {
- if as.dc == nil || as.dc.Type() != ct {
+ if ct := as.transportStream.RecvCompress(); ct != "" && ct != encoding.Identity {
+ if as.decompressorV0 == nil || as.decompressorV0.Type() != ct {
// No configured decompressor, or it does not match the incoming
// message encoding; attempt to find a registered compressor that does.
- as.dc = nil
- as.decomp = encoding.GetCompressor(ct)
+ as.decompressorV0 = nil
+ as.decompressorV1 = encoding.GetCompressor(ct)
}
} else {
// No compression is used; disable our decompressor.
- as.dc = nil
+ as.decompressorV0 = nil
}
// Only initialize this state once per stream.
- as.decompSet = true
+ as.decompressorSet = true
}
- if err := recv(as.p, as.codec, as.s, as.dc, m, *as.callInfo.maxReceiveMessageSize, nil, as.decomp, false); err != nil {
+ if err := recv(as.parser, as.codec, as.transportStream, as.decompressorV0, m, *as.callInfo.maxReceiveMessageSize, nil, as.decompressorV1, false); err != nil {
if err == io.EOF {
- if statusErr := as.s.Status().Err(); statusErr != nil {
+ if statusErr := as.transportStream.Status().Err(); statusErr != nil {
return statusErr
}
return io.EOF // indicates successful end of stream.
@@ -1479,8 +1481,8 @@ func (as *addrConnStream) RecvMsg(m any) (err error) {
// Special handling for non-server-stream rpcs.
// This recv expects EOF or errors, so we don't collect inPayload.
- if err := recv(as.p, as.codec, as.s, as.dc, m, *as.callInfo.maxReceiveMessageSize, nil, as.decomp, false); err == io.EOF {
- return as.s.Status().Err() // non-server streaming Recv returns nil on success
+ if err := recv(as.parser, as.codec, as.transportStream, as.decompressorV0, m, *as.callInfo.maxReceiveMessageSize, nil, as.decompressorV1, false); err == io.EOF {
+ return as.transportStream.Status().Err() // non-server streaming Recv returns nil on success
} else if err != nil {
return toRPCErr(err)
}
@@ -1498,8 +1500,8 @@ func (as *addrConnStream) finish(err error) {
// Ending a stream with EOF indicates a success.
err = nil
}
- if as.s != nil {
- as.s.Close(err)
+ if as.transportStream != nil {
+ as.transportStream.Close(err)
}
if err != nil {
@@ -1570,10 +1572,10 @@ type serverStream struct {
p *parser
codec baseCodec
- cp Compressor
- dc Decompressor
- comp encoding.Compressor
- decomp encoding.Compressor
+ compressorV0 Compressor
+ compressorV1 encoding.Compressor
+ decompressorV0 Decompressor
+ decompressorV1 encoding.Compressor
sendCompressorName string
@@ -1669,12 +1671,12 @@ func (ss *serverStream) SendMsg(m any) (err error) {
// Server handler could have set new compressor by calling SetSendCompressor.
// In case it is set, we need to use it for compressing outbound message.
if sendCompressorsName := ss.s.SendCompress(); sendCompressorsName != ss.sendCompressorName {
- ss.comp = encoding.GetCompressor(sendCompressorsName)
+ ss.compressorV1 = encoding.GetCompressor(sendCompressorsName)
ss.sendCompressorName = sendCompressorsName
}
// load hdr, payload, data
- hdr, data, payload, pf, err := prepareMsg(m, ss.codec, ss.cp, ss.comp, ss.p.bufferPool)
+ hdr, data, payload, pf, err := prepareMsg(m, ss.codec, ss.compressorV0, ss.compressorV1, ss.p.bufferPool)
if err != nil {
return err
}
@@ -1755,7 +1757,7 @@ func (ss *serverStream) RecvMsg(m any) (err error) {
payInfo = &payloadInfo{}
defer payInfo.free()
}
- if err := recv(ss.p, ss.codec, ss.s, ss.dc, m, ss.maxReceiveMessageSize, payInfo, ss.decomp, true); err != nil {
+ if err := recv(ss.p, ss.codec, ss.s, ss.decompressorV0, m, ss.maxReceiveMessageSize, payInfo, ss.decompressorV1, true); err != nil {
if err == io.EOF {
if len(ss.binlogs) != 0 {
chc := &binarylog.ClientHalfClose{}
@@ -1766,7 +1768,7 @@ func (ss *serverStream) RecvMsg(m any) (err error) {
return err
}
if err == io.ErrUnexpectedEOF {
- err = status.Errorf(codes.Internal, io.ErrUnexpectedEOF.Error())
+ err = status.Error(codes.Internal, io.ErrUnexpectedEOF.Error())
}
return toRPCErr(err)
}
diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go
index a5b038829d..90237b1dbb 100644
--- a/vendor/google.golang.org/grpc/version.go
+++ b/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
package grpc
// Version is the current grpc version.
-const Version = "1.69.0-dev"
+const Version = "1.72.0"
diff --git a/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/init.go b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/init.go
index 369df13da2..e9a8e69a50 100644
--- a/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/init.go
+++ b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/init.go
@@ -114,6 +114,7 @@ func newEnumInfo(f *fileInfo, enum *protogen.Enum) *enumInfo {
e := &enumInfo{Enum: enum}
e.genJSONMethod = true
e.genRawDescMethod = true
+ opaqueNewEnumInfoHook(f, e)
return e
}
@@ -123,8 +124,8 @@ type messageInfo struct {
genRawDescMethod bool
genExtRangeMethod bool
- isTracked bool
- hasWeak bool
+ isTracked bool
+ noInterface bool
}
func newMessageInfo(f *fileInfo, message *protogen.Message) *messageInfo {
@@ -132,9 +133,7 @@ func newMessageInfo(f *fileInfo, message *protogen.Message) *messageInfo {
m.genRawDescMethod = true
m.genExtRangeMethod = true
m.isTracked = isTrackedMessage(m)
- for _, field := range m.Fields {
- m.hasWeak = m.hasWeak || field.Desc.IsWeak()
- }
+ opaqueNewMessageInfoHook(f, m)
return m
}
diff --git a/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/init_opaque.go b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/init_opaque.go
new file mode 100644
index 0000000000..221176a228
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/init_opaque.go
@@ -0,0 +1,33 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal_gengo
+
+import "google.golang.org/protobuf/types/gofeaturespb"
+
+func (m *messageInfo) isOpen() bool {
+ return m.Message.APILevel == gofeaturespb.GoFeatures_API_OPEN
+}
+
+func (m *messageInfo) isHybrid() bool {
+ return m.Message.APILevel == gofeaturespb.GoFeatures_API_HYBRID
+}
+
+func (m *messageInfo) isOpaque() bool {
+ return m.Message.APILevel == gofeaturespb.GoFeatures_API_OPAQUE
+}
+
+func opaqueNewEnumInfoHook(f *fileInfo, e *enumInfo) {
+ if f.File.APILevel != gofeaturespb.GoFeatures_API_OPEN {
+ e.genJSONMethod = false
+ e.genRawDescMethod = false
+ }
+}
+
+func opaqueNewMessageInfoHook(f *fileInfo, m *messageInfo) {
+ if !m.isOpen() {
+ m.genRawDescMethod = false
+ m.genExtRangeMethod = false
+ }
+}
diff --git a/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/main.go b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/main.go
index a4c4595ec1..e29f52bebc 100644
--- a/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/main.go
+++ b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/main.go
@@ -26,6 +26,7 @@ import (
"google.golang.org/protobuf/runtime/protoimpl"
"google.golang.org/protobuf/types/descriptorpb"
+ "google.golang.org/protobuf/types/gofeaturespb"
"google.golang.org/protobuf/types/pluginpb"
)
@@ -49,6 +50,7 @@ const (
syncPackage = protogen.GoImportPath("sync")
timePackage = protogen.GoImportPath("time")
utf8Package = protogen.GoImportPath("unicode/utf8")
+ unsafePackage = protogen.GoImportPath("unsafe")
)
// Protobuf library dependencies.
@@ -70,11 +72,41 @@ type goImportPath interface {
Ident(string) protogen.GoIdent
}
+func setToOpaque(msg *protogen.Message) {
+ msg.APILevel = gofeaturespb.GoFeatures_API_OPAQUE
+ for _, nested := range msg.Messages {
+ nested.APILevel = gofeaturespb.GoFeatures_API_OPAQUE
+ setToOpaque(nested)
+ }
+}
+
// GenerateFile generates the contents of a .pb.go file.
+//
+// With the Hybrid API, multiple files are generated (_protoopaque.pb.go variant),
+// but only the first file (regular, not a variant) is returned.
func GenerateFile(gen *protogen.Plugin, file *protogen.File) *protogen.GeneratedFile {
- filename := file.GeneratedFilenamePrefix + ".pb.go"
- g := gen.NewGeneratedFile(filename, file.GoImportPath)
+ return generateFiles(gen, file)[0]
+}
+
+func generateFiles(gen *protogen.Plugin, file *protogen.File) []*protogen.GeneratedFile {
f := newFileInfo(file)
+ generated := []*protogen.GeneratedFile{
+ generateOneFile(gen, file, f, ""),
+ }
+ if f.APILevel == gofeaturespb.GoFeatures_API_HYBRID {
+ // Update all APILevel fields to OPAQUE
+ f.APILevel = gofeaturespb.GoFeatures_API_OPAQUE
+ for _, msg := range f.Messages {
+ setToOpaque(msg)
+ }
+ generated = append(generated, generateOneFile(gen, file, f, "_protoopaque"))
+ }
+ return generated
+}
+
+func generateOneFile(gen *protogen.Plugin, file *protogen.File, f *fileInfo, variant string) *protogen.GeneratedFile {
+ filename := file.GeneratedFilenamePrefix + variant + ".pb.go"
+ g := gen.NewGeneratedFile(filename, file.GoImportPath)
var packageDoc protogen.Comments
if !gen.InternalStripForEditionsDiff() {
@@ -84,6 +116,11 @@ func GenerateFile(gen *protogen.Plugin, file *protogen.File) *protogen.Generated
packageDoc = genPackageKnownComment(f)
}
+ if variant == "_protoopaque" {
+ g.P("//go:build protoopaque")
+ } else if f.APILevel == gofeaturespb.GoFeatures_API_HYBRID {
+ g.P("//go:build !protoopaque")
+ }
g.P(packageDoc, "package ", f.GoPackageName)
g.P()
@@ -178,21 +215,21 @@ func genImport(gen *protogen.Plugin, g *protogen.GeneratedFile, f *fileInfo, imp
// Don't generate imports or aliases for types in the same Go package.
return
}
- // Generate imports for all non-weak dependencies, even if they are not
+ // Generate imports for all dependencies, even if they are not
// referenced, because other code and tools depend on having the
// full transitive closure of protocol buffer types in the binary.
- if !imp.IsWeak {
- g.Import(impFile.GoImportPath)
- }
+ g.Import(impFile.GoImportPath)
if !imp.IsPublic {
return
}
// Generate public imports by generating the imported file, parsing it,
// and extracting every symbol that should receive a forwarding declaration.
- impGen := GenerateFile(gen, impFile)
- impGen.Skip()
- b, err := impGen.Content()
+ impGens := generateFiles(gen, impFile)
+ for _, impGen := range impGens {
+ impGen.Skip()
+ }
+ b, err := impGens[0].Content()
if err != nil {
gen.Error(err)
return
@@ -367,6 +404,9 @@ func genMessage(g *protogen.GeneratedFile, f *fileInfo, m *messageInfo) {
if m.Desc.IsMapEntry() {
return
}
+ if opaqueGenMessageHook(g, f, m) {
+ return
+ }
// Message type declaration.
g.AnnotateSymbol(m.GoIdent.GoName, protogen.Annotation{Location: m.Location})
@@ -398,10 +438,6 @@ func genMessageInternalFields(g *protogen.GeneratedFile, f *fileInfo, m *message
sf.append(genid.State_goname)
g.P(genid.SizeCache_goname, " ", protoimplPackage.Ident("SizeCache"))
sf.append(genid.SizeCache_goname)
- if m.hasWeak {
- g.P(genid.WeakFields_goname, " ", protoimplPackage.Ident("WeakFields"))
- sf.append(genid.WeakFields_goname)
- }
g.P(genid.UnknownFields_goname, " ", protoimplPackage.Ident("UnknownFields"))
sf.append(genid.UnknownFields_goname)
if m.Desc.ExtensionRanges().Len() > 0 {
@@ -466,9 +502,6 @@ func genMessageField(g *protogen.GeneratedFile, f *fileInfo, m *messageInfo, fie
}
name := field.GoName
- if field.Desc.IsWeak() {
- name = genid.WeakFieldPrefix_goname + name
- }
g.AnnotateSymbol(m.GoIdent.GoName+"."+name, protogen.Annotation{Location: field.Location})
leadingComments := appendDeprecationSuffix(field.Comments.Leading,
field.Desc.ParentFile(),
@@ -548,7 +581,6 @@ func genMessageDefaultDecls(g *protogen.GeneratedFile, f *fileInfo, m *messageIn
func genMessageMethods(g *protogen.GeneratedFile, f *fileInfo, m *messageInfo) {
genMessageBaseMethods(g, f, m)
genMessageGetterMethods(g, f, m)
- genMessageSetterMethods(g, f, m)
}
func genMessageBaseMethods(g *protogen.GeneratedFile, f *fileInfo, m *messageInfo) {
@@ -613,17 +645,6 @@ func genMessageGetterMethods(g *protogen.GeneratedFile, f *fileInfo, m *messageI
field.Desc.ParentFile(),
field.Desc.Options().(*descriptorpb.FieldOptions).GetDeprecated())
switch {
- case field.Desc.IsWeak():
- g.P(leadingComments, "func (x *", m.GoIdent, ") Get", field.GoName, "() ", protoPackage.Ident("Message"), "{")
- g.P("var w ", protoimplPackage.Ident("WeakFields"))
- g.P("if x != nil {")
- g.P("w = x.", genid.WeakFields_goname)
- if m.isTracked {
- g.P("_ = x.", genid.WeakFieldPrefix_goname+field.GoName)
- }
- g.P("}")
- g.P("return ", protoimplPackage.Ident("X"), ".GetWeak(w, ", field.Desc.Number(), ", ", strconv.Quote(string(field.Message.Desc.FullName())), ")")
- g.P("}")
case field.Oneof != nil && !field.Oneof.Desc.IsSynthetic():
g.P(leadingComments, "func (x *", m.GoIdent, ") Get", field.GoName, "() ", goType, " {")
g.P("if x, ok := x.Get", field.Oneof.GoName, "().(*", field.GoIdent, "); ok {")
@@ -651,43 +672,10 @@ func genMessageGetterMethods(g *protogen.GeneratedFile, f *fileInfo, m *messageI
}
}
-func genMessageSetterMethods(g *protogen.GeneratedFile, f *fileInfo, m *messageInfo) {
- for _, field := range m.Fields {
- if !field.Desc.IsWeak() {
- continue
- }
-
- genNoInterfacePragma(g, m.isTracked)
-
- g.AnnotateSymbol(m.GoIdent.GoName+".Set"+field.GoName, protogen.Annotation{
- Location: field.Location,
- Semantic: descriptorpb.GeneratedCodeInfo_Annotation_SET.Enum(),
- })
- leadingComments := appendDeprecationSuffix("",
- field.Desc.ParentFile(),
- field.Desc.Options().(*descriptorpb.FieldOptions).GetDeprecated())
- g.P(leadingComments, "func (x *", m.GoIdent, ") Set", field.GoName, "(v ", protoPackage.Ident("Message"), ") {")
- g.P("var w *", protoimplPackage.Ident("WeakFields"))
- g.P("if x != nil {")
- g.P("w = &x.", genid.WeakFields_goname)
- if m.isTracked {
- g.P("_ = x.", genid.WeakFieldPrefix_goname+field.GoName)
- }
- g.P("}")
- g.P(protoimplPackage.Ident("X"), ".SetWeak(w, ", field.Desc.Number(), ", ", strconv.Quote(string(field.Message.Desc.FullName())), ", v)")
- g.P("}")
- g.P()
- }
-}
-
// fieldGoType returns the Go type used for a field.
//
// If it returns pointer=true, the struct field is a pointer to the type.
func fieldGoType(g *protogen.GeneratedFile, f *fileInfo, field *protogen.Field) (goType string, pointer bool) {
- if field.Desc.IsWeak() {
- return "struct{}", false
- }
-
pointer = field.Desc.HasPresence()
switch field.Desc.Kind() {
case protoreflect.BoolKind:
diff --git a/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/opaque.go b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/opaque.go
new file mode 100644
index 0000000000..999a251595
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/opaque.go
@@ -0,0 +1,1226 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal_gengo
+
+import (
+ "fmt"
+ "strings"
+ "unicode"
+ "unicode/utf8"
+
+ "google.golang.org/protobuf/compiler/protogen"
+ "google.golang.org/protobuf/internal/genid"
+ "google.golang.org/protobuf/reflect/protoreflect"
+
+ "google.golang.org/protobuf/types/descriptorpb"
+)
+
+func opaqueGenMessageHook(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo) bool {
+ opaqueGenMessage(g, f, message)
+ return true
+}
+
+func opaqueGenMessage(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo) {
+ // Message type declaration.
+ g.AnnotateSymbol(message.GoIdent.GoName, protogen.Annotation{Location: message.Location})
+ leadingComments := appendDeprecationSuffix(message.Comments.Leading,
+ message.Desc.ParentFile(),
+ message.Desc.Options().(*descriptorpb.MessageOptions).GetDeprecated())
+ g.P(leadingComments,
+ "type ", message.GoIdent, " struct {")
+
+ sf := f.allMessageFieldsByPtr[message]
+ if sf == nil {
+ sf = new(structFields)
+ f.allMessageFieldsByPtr[message] = sf
+ }
+
+ var tags structTags
+ switch {
+ case message.isOpen():
+ tags = structTags{{"protogen", "open.v1"}}
+ case message.isHybrid():
+ tags = structTags{{"protogen", "hybrid.v1"}}
+ case message.isOpaque():
+ tags = structTags{{"protogen", "opaque.v1"}}
+ }
+
+ g.P(genid.State_goname, " ", protoimplPackage.Ident("MessageState"), tags)
+ sf.append(genid.State_goname)
+ fields := message.Fields
+ for _, field := range fields {
+ opaqueGenMessageField(g, f, message, field, sf)
+ }
+ opaqueGenMessageInternalFields(g, f, message, sf)
+ g.P("}")
+ g.P()
+
+ genMessageKnownFunctions(g, f, message)
+ genMessageDefaultDecls(g, f, message)
+ opaqueGenMessageMethods(g, f, message)
+ opaqueGenMessageBuilder(g, f, message)
+ opaqueGenOneofWrapperTypes(g, f, message)
+}
+
+// opaqueGenMessageField generates a struct field.
+func opaqueGenMessageField(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, field *protogen.Field, sf *structFields) {
+ if oneof := field.Oneof; oneof != nil && !oneof.Desc.IsSynthetic() {
+ // It would be a bit simpler to iterate over the oneofs below,
+ // but generating the field here keeps the contents of the Go
+ // struct in the same order as the contents of the source
+ // .proto file.
+ if field != oneof.Fields[0] {
+ return
+ }
+ opaqueGenOneofFields(g, f, message, oneof, sf)
+ return
+ }
+
+ goType, pointer := opaqueFieldGoType(g, f, message, field)
+ if pointer {
+ goType = "*" + goType
+ }
+ protobufTagValue := fieldProtobufTagValue(field)
+ jsonTagValue := fieldJSONTagValue(field)
+ if g.InternalStripForEditionsDiff() {
+ if field.Desc.ContainingOneof() != nil && field.Desc.ContainingOneof().IsSynthetic() {
+ protobufTagValue = strings.ReplaceAll(protobufTagValue, ",oneof", "")
+ }
+ protobufTagValue = strings.ReplaceAll(protobufTagValue, ",proto3", "")
+ }
+ tags := structTags{
+ {"protobuf", protobufTagValue},
+ }
+ if !message.isOpaque() {
+ tags = append(tags, structTags{{"json", jsonTagValue}}...)
+ }
+ if field.Desc.IsMap() {
+ keyTagValue := fieldProtobufTagValue(field.Message.Fields[0])
+ valTagValue := fieldProtobufTagValue(field.Message.Fields[1])
+ keyTagValue = strings.ReplaceAll(keyTagValue, ",proto3", "")
+ valTagValue = strings.ReplaceAll(valTagValue, ",proto3", "")
+ tags = append(tags, structTags{
+ {"protobuf_key", keyTagValue},
+ {"protobuf_val", valTagValue},
+ }...)
+ }
+
+ name := field.GoName
+ if message.isOpaque() {
+ name = "xxx_hidden_" + name
+ }
+
+ if message.isOpaque() {
+ g.P(name, " ", goType, tags)
+ sf.append(name)
+ if message.isTracked {
+ g.P("// Deprecated: Do not use. This will be deleted in the near future.")
+ g.P("XXX_ft_", field.GoName, " struct{} `go:\"track\"`")
+ sf.append("XXX_ft_" + field.GoName)
+ }
+ } else {
+ if message.isTracked {
+ tags = append(tags, structTags{
+ {"go", "track"},
+ }...)
+ }
+ g.AnnotateSymbol(field.Parent.GoIdent.GoName+"."+name, protogen.Annotation{Location: field.Location})
+ leadingComments := appendDeprecationSuffix(field.Comments.Leading,
+ field.Desc.ParentFile(),
+ field.Desc.Options().(*descriptorpb.FieldOptions).GetDeprecated())
+ g.P(leadingComments,
+ name, " ", goType, tags,
+ trailingComment(field.Comments.Trailing))
+ sf.append(name)
+ }
+}
+
+// opaqueGenOneofFields generates the message fields for a oneof.
+func opaqueGenOneofFields(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, oneof *protogen.Oneof, sf *structFields) {
+ tags := structTags{
+ {"protobuf_oneof", string(oneof.Desc.Name())},
+ }
+ if message.isTracked {
+ tags = append(tags, structTags{
+ {"go", "track"},
+ }...)
+ }
+
+ oneofName := opaqueOneofFieldName(oneof, message.isOpaque())
+ goType := opaqueOneofInterfaceName(oneof)
+
+ if message.isOpaque() {
+ g.P(oneofName, " ", goType, tags)
+ sf.append(oneofName)
+ if message.isTracked {
+ g.P("// Deprecated: Do not use. This will be deleted in the near future.")
+ g.P("XXX_ft_", oneof.GoName, " struct{} `go:\"track\"`")
+ sf.append("XXX_ft_" + oneof.GoName)
+ }
+ return
+ }
+
+ leadingComments := oneof.Comments.Leading
+ if leadingComments != "" {
+ leadingComments += "\n"
+ }
+ // NOTE(rsc): The extra \n here is working around #52605,
+ // making the comment be in Go 1.19 doc comment format
+ // even though it's not really a doc comment.
+ ss := []string{" Types that are valid to be assigned to ", oneofName, ":\n\n"}
+ for _, field := range oneof.Fields {
+ ss = append(ss, "\t*"+opaqueFieldOneofType(field, message.isOpaque()).GoName+"\n")
+ }
+ leadingComments += protogen.Comments(strings.Join(ss, ""))
+ g.P(leadingComments, oneofName, " ", goType, tags)
+ sf.append(oneofName)
+}
+
+// opaqueGenMessageInternalFields adds additional XXX_ fields to a message struct.
+func opaqueGenMessageInternalFields(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, sf *structFields) {
+ if opaqueNeedsPresenceArray(message) {
+ if opaqueNeedsLazyStruct(message) {
+ g.P("// Deprecated: Do not use. This will be deleted in the near future.")
+ g.P("XXX_lazyUnmarshalInfo ", protoimplPackage.Ident("LazyUnmarshalInfo"))
+ sf.append("XXX_lazyUnmarshalInfo")
+ }
+ g.P("XXX_raceDetectHookData ", protoimplPackage.Ident("RaceDetectHookData"))
+ sf.append("XXX_raceDetectHookData")
+
+ // Presence must be stored in a data type no larger than 32 bit:
+ //
+ // Presence used to be a uint64, accessed with atomic.LoadUint64, but it
+ // turns out that on 32-bit platforms like GOARCH=arm, the struct field
+ // was 32-bit aligned (not 64-bit aligned) and hence atomic accesses
+ // failed.
+ //
+ // The easiest solution was to switch to a uint32 on all platforms,
+ // which did not come with a performance penalty.
+ g.P("XXX_presence [", (opaqueNumPresenceFields(message)+31)/32, "]uint32")
+ sf.append("XXX_presence")
+ }
+ if message.Desc.ExtensionRanges().Len() > 0 {
+ g.P(genid.ExtensionFields_goname, " ", protoimplPackage.Ident("ExtensionFields"))
+ sf.append(genid.ExtensionFields_goname)
+ }
+ g.P(genid.UnknownFields_goname, " ", protoimplPackage.Ident("UnknownFields"))
+ sf.append(genid.UnknownFields_goname)
+ g.P(genid.SizeCache_goname, " ", protoimplPackage.Ident("SizeCache"))
+ sf.append(genid.SizeCache_goname)
+}
+
+func opaqueGenMessageMethods(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo) {
+ genMessageBaseMethods(g, f, message)
+
+ isRepeated := func(field *protogen.Field) bool {
+ return field.Desc.Cardinality() == protoreflect.Repeated
+ }
+
+ for _, field := range message.Fields {
+ if isFirstOneofField(field) && !message.isOpaque() {
+ opaqueGenGetOneof(g, f, message, field.Oneof)
+ }
+ opaqueGenGet(g, f, message, field)
+ }
+ for _, field := range message.Fields {
+ // For the plain open mode, we do not have setters.
+ if message.isOpen() {
+ continue
+ }
+ opaqueGenSet(g, f, message, field)
+ }
+ for _, field := range message.Fields {
+ // Open API does not have Has method.
+ // Repeated (includes map) fields do not have Has method.
+ if message.isOpen() || isRepeated(field) {
+ continue
+ }
+
+ if !field.Desc.HasPresence() {
+ continue
+ }
+
+ if isFirstOneofField(field) {
+ opaqueGenHasOneof(g, f, message, field.Oneof)
+ }
+ opaqueGenHas(g, f, message, field)
+ }
+ for _, field := range message.Fields {
+ // Open API does not have Clear method.
+ // Repeated (includes map) fields do not have Clear method.
+ if message.isOpen() || isRepeated(field) {
+ continue
+ }
+ if !field.Desc.HasPresence() {
+ continue
+ }
+
+ if isFirstOneofField(field) {
+ opaqueGenClearOneof(g, f, message, field.Oneof)
+ }
+ opaqueGenClear(g, f, message, field)
+ }
+ // Plain open protos do not have which methods.
+ if !message.isOpen() {
+ opaqueGenWhichOneof(g, f, message)
+ }
+
+ if g.InternalStripForEditionsDiff() {
+ return
+ }
+}
+
+func isLazy(field *protogen.Field) bool {
+ // Prerequisite: field is of kind message
+ if field.Message == nil {
+ return false
+ }
+
+ // Was the field marked as [lazy = true] in the .proto file?
+ fopts := field.Desc.Options().(*descriptorpb.FieldOptions)
+ return fopts.GetLazy()
+}
+
+// opaqueGenGet generates a Get method for a field.
+func opaqueGenGet(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, field *protogen.Field) {
+ goType, pointer := opaqueFieldGoType(g, f, message, field)
+ getterName, bcName := field.MethodName("Get")
+
+ // If we need a backwards compatible getter name, we add it now.
+ if bcName != "" {
+ defer func() {
+ g.P("// Deprecated: Use ", getterName, " instead.")
+ g.P("func (x *", message.GoIdent, ") ", bcName, "() ", goType, " {")
+ g.P("return x.", getterName, "()")
+ g.P("}")
+ g.P()
+ }()
+ }
+
+ leadingComments := appendDeprecationSuffix("",
+ field.Desc.ParentFile(),
+ field.Desc.Options().(*descriptorpb.FieldOptions).GetDeprecated())
+ fieldtrackNoInterface(g, message.isTracked)
+ g.AnnotateSymbol(message.GoIdent.GoName+"."+getterName, protogen.Annotation{Location: field.Location})
+
+ defaultValue := fieldDefaultValue(g, f, message, field)
+
+ // Oneof field.
+ if oneof := field.Oneof; oneof != nil && !oneof.Desc.IsSynthetic() {
+ structPtr := "x"
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", getterName, "() ", goType, " {")
+ g.P("if x != nil {")
+ if message.isOpaque() && message.isTracked {
+ g.P("_ = ", structPtr, ".XXX_ft_", field.Oneof.GoName)
+ }
+ g.P("if x, ok := ", structPtr, ".", opaqueOneofFieldName(oneof, message.isOpaque()), ".(*", opaqueFieldOneofType(field, message.isOpaque()), "); ok {")
+ g.P("return x.", field.GoName)
+ g.P("}")
+ // End if m != nil {.
+ g.P("}")
+ g.P("return ", defaultValue)
+ g.P("}")
+ g.P()
+ return
+ }
+
+ // Non-oneof field for open type message.
+ if !message.isOpaque() {
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", getterName, "() ", goType, " {")
+ if !field.Desc.HasPresence() || defaultValue == "nil" {
+ g.P("if x != nil {")
+ } else {
+ g.P("if x != nil && x.", field.GoName, " != nil {")
+ }
+ star := ""
+ if pointer {
+ star = "*"
+ }
+ g.P("return ", star, " x.", field.GoName)
+ g.P("}")
+ g.P("return ", defaultValue)
+ g.P("}")
+ g.P()
+ return
+ }
+
+ // Non-oneof field for opaque type message.
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", getterName, "() ", goType, "{")
+ structPtr := "x"
+ g.P("if x != nil {")
+ if message.isTracked {
+ g.P("_ = ", structPtr, ".XXX_ft_", field.GoName)
+ }
+ if usePresence(message, field) {
+ pi := opaqueFieldPresenceIndex(field)
+ ai := pi / 32
+ // For
+ //
+ // 1. Message fields of lazy messages (unmarshalled lazily),
+ // 2. Fields with a default value,
+ // 3. Closed enums
+ //
+ // ...we check presence, but for other fields using presence, we can return
+ // whatever is there and it should be correct regardless of presence, which
+ // saves us an atomic operation.
+ isEnum := field.Desc.Kind() == protoreflect.EnumKind
+ usePresenceForRead := (isLazy(field)) ||
+ field.Desc.HasDefault() || isEnum
+
+ if usePresenceForRead {
+ g.P("if ", protoimplPackage.Ident("X"), ".Present(&(", structPtr, ".XXX_presence[", ai, "]),", pi, ") {")
+ }
+ // For lazy, check if pointer is nil and optionally unmarshal
+ if isLazy(field) {
+ // Since pointer to lazily unmarshaled sub-message can be written during a conceptual
+ // "read" operation, all read/write accesses to the pointer must be atomic. This
+ // function gets inlined on x86 as just a simple get and compare. Still need to make the
+ // slice accesses be atomic.
+ g.P("if ", protoimplPackage.Ident("X"), ".AtomicCheckPointerIsNil(&", structPtr, ".xxx_hidden_", field.GoName, ") {")
+ g.P(protoimplPackage.Ident("X"), ".UnmarshalField(", structPtr, ", ", field.Desc.Number(), ")")
+ g.P("}")
+ }
+ if field.Message == nil || field.Desc.IsMap() {
+ star := ""
+ if pointer {
+ star = "*"
+ }
+ if pointer {
+ g.P("if ", structPtr, ".xxx_hidden_", field.GoName, "!= nil {")
+ }
+
+ g.P("return ", star, structPtr, ".xxx_hidden_", field.GoName)
+ if pointer {
+ g.P("}")
+ g.P("return ", defaultValue)
+ }
+ } else {
+ // We need to do an atomic load of the msg pointer field, but cannot explicitly use
+ // unsafe pointers here. We load the value and store into rv, via protoimpl.Pointer,
+ // which is aliased to unsafe.Pointer in pointer_unsafe.go, but is aliased to
+ // interface{} in pointer_reflect.go
+ star := ""
+ if pointer {
+ star = "*"
+ }
+ if isLazy(field) {
+ g.P("var rv ", star, goType)
+ g.P(protoimplPackage.Ident("X"), ".AtomicLoadPointer(", protoimplPackage.Ident("Pointer"), "(&", structPtr, ".xxx_hidden_", field.GoName, "), ", protoimplPackage.Ident("Pointer"), "(&rv))")
+ g.P("return ", star, "rv")
+ } else {
+ if pointer {
+ g.P("if ", structPtr, ".xxx_hidden_", field.GoName, "!= nil {")
+ }
+ g.P("return ", star, structPtr, ".xxx_hidden_", field.GoName)
+ if pointer {
+ g.P("}")
+ }
+ }
+ }
+ if usePresenceForRead {
+ g.P("}")
+ }
+ } else if pointer {
+ g.P("if ", structPtr, ".xxx_hidden_", field.GoName, " != nil {")
+ g.P("return *", structPtr, ".xxx_hidden_", field.GoName)
+ g.P("}")
+ } else {
+ g.P("return ", structPtr, ".xxx_hidden_", field.GoName)
+ }
+ // End if m != nil {.
+ g.P("}")
+ g.P("return ", defaultValue)
+ g.P("}")
+ g.P()
+}
+
+// opaqueGenSet generates a Set method for a field.
+func opaqueGenSet(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, field *protogen.Field) {
+ goType, pointer := opaqueFieldGoType(g, f, message, field)
+ setterName, bcName := field.MethodName("Set")
+
+ // If we need a backwards compatible setter name, we add it now.
+ if bcName != "" {
+ defer func() {
+ g.P("// Deprecated: Use ", setterName, " instead.")
+ g.P("func (x *", message.GoIdent, ") ", bcName, "(v ", goType, ") {")
+ g.P("x.", setterName, "(v)")
+ g.P("}")
+ g.P()
+ }()
+ }
+
+ leadingComments := appendDeprecationSuffix("",
+ field.Desc.ParentFile(),
+ field.Desc.Options().(*descriptorpb.FieldOptions).GetDeprecated())
+ g.AnnotateSymbol(message.GoIdent.GoName+"."+setterName, protogen.Annotation{
+ Location: field.Location,
+ Semantic: descriptorpb.GeneratedCodeInfo_Annotation_SET.Enum(),
+ })
+ fieldtrackNoInterface(g, message.noInterface)
+
+ // Oneof field.
+ if oneof := field.Oneof; oneof != nil && !oneof.Desc.IsSynthetic() {
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", setterName, "(v ", goType, ") {")
+ structPtr := "x"
+ if message.isOpaque() && message.isTracked {
+ // Add access to zero field for tracking
+ g.P(structPtr, ".XXX_ft_", oneof.GoName, " = struct{}{}")
+ }
+ if field.Desc.Kind() == protoreflect.BytesKind {
+ g.P("if v == nil { v = []byte{} }")
+ } else if field.Message != nil {
+ g.P("if v == nil {")
+ g.P(structPtr, ".", opaqueOneofFieldName(oneof, message.isOpaque()), "= nil")
+ g.P("return")
+ g.P("}")
+ }
+ g.P(structPtr, ".", opaqueOneofFieldName(oneof, message.isOpaque()), "= &", opaqueFieldOneofType(field, message.isOpaque()), "{v}")
+ g.P("}")
+ g.P()
+ return
+ }
+
+ // Non-oneof field for open type message.
+ if !message.isOpaque() {
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", setterName, "(v ", goType, ") {")
+ if field.Desc.Cardinality() != protoreflect.Repeated && field.Desc.Kind() == protoreflect.BytesKind {
+ g.P("if v == nil { v = []byte{} }")
+ }
+ amp := ""
+ if pointer {
+ amp = "&"
+ }
+
+ v := "v"
+ g.P("x.", field.GoName, " = ", amp, v)
+ g.P("}")
+ g.P()
+ return
+ }
+
+ // Non-oneof field for opaque type message.
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", setterName, "(v ", goType, ") {")
+ structPtr := "x"
+ if message.isTracked {
+ // Add access to zero field for tracking
+ g.P(structPtr, ".XXX_ft_", field.GoName, " = struct{}{}")
+ }
+ if field.Desc.Cardinality() != protoreflect.Repeated && field.Desc.Kind() == protoreflect.BytesKind {
+ g.P("if v == nil { v = []byte{} }")
+ }
+ amp := ""
+ if pointer {
+ amp = "&"
+ }
+ if usePresence(message, field) {
+ pi := opaqueFieldPresenceIndex(field)
+ ai := pi / 32
+
+ if field.Message != nil && field.Desc.IsList() {
+ g.P("var sv *", goType)
+ g.P(protoimplPackage.Ident("X"), ".AtomicLoadPointer(", protoimplPackage.Ident("Pointer"), "(&", structPtr, ".xxx_hidden_", field.GoName, "), ", protoimplPackage.Ident("Pointer"), "(&sv))")
+ g.P("if sv == nil {")
+ g.P("sv = &", goType, "{}")
+ g.P(protoimplPackage.Ident("X"), ".AtomicInitializePointer(", protoimplPackage.Ident("Pointer"), "(&", structPtr, ".xxx_hidden_", field.GoName, "), ", protoimplPackage.Ident("Pointer"), "(&sv))")
+ g.P("}")
+ g.P("*sv = v")
+ g.P(protoimplPackage.Ident("X"), ".SetPresent(&(", structPtr, ".XXX_presence[", ai, "]),", pi, ",", opaqueNumPresenceFields(message), ")")
+ } else if field.Message != nil && !field.Desc.IsMap() {
+ // Only for lazy messages do we need to set pointers atomically
+ if isLazy(field) {
+ g.P(protoimplPackage.Ident("X"), ".AtomicSetPointer(&", structPtr, ".xxx_hidden_", field.GoName, ", ", amp, "v)")
+ } else {
+ g.P(structPtr, ".xxx_hidden_", field.GoName, " = ", amp, "v")
+ }
+ // When setting a message or slice of messages to a nil
+ // value, we must clear the presence bit, else we will
+ // later think that this field still needs to be lazily decoded.
+ g.P("if v == nil {")
+ g.P(protoimplPackage.Ident("X"), ".ClearPresent(&(", structPtr, ".XXX_presence[", ai, "]),", pi, ")")
+ g.P("} else {")
+ g.P(protoimplPackage.Ident("X"), ".SetPresent(&(", structPtr, ".XXX_presence[", ai, "]),", pi, ",", opaqueNumPresenceFields(message), ")")
+ g.P("}")
+ } else {
+ // Any map or non-message, possibly repeated, field that uses presence (proto2 only)
+ g.P(structPtr, ".xxx_hidden_", field.GoName, " = ", amp, "v")
+ // For consistent behaviour with lazy fields, non-map repeated fields should be cleared when
+ // the last object is removed. Maps are cleared when set to a nil map.
+ if field.Desc.Cardinality() == protoreflect.Repeated { // Includes maps.
+ g.P("if v == nil {")
+ g.P(protoimplPackage.Ident("X"), ".ClearPresent(&(", structPtr, ".XXX_presence[", ai, "]),", pi, ")")
+ g.P("} else {")
+ }
+ g.P(protoimplPackage.Ident("X"), ".SetPresent(&(", structPtr, ".XXX_presence[", ai, "]),", pi, ",", opaqueNumPresenceFields(message), ")")
+ if field.Desc.Cardinality() == protoreflect.Repeated {
+ g.P("}")
+ }
+ }
+ } else {
+ // proto3 non-lazy fields
+ g.P(structPtr, ".xxx_hidden_", field.GoName, " = ", amp, "v")
+ }
+ g.P("}")
+ g.P()
+}
+
+// usePresence returns true if the presence map should be used for a field. It
+// is always true for lazy message types. It is also true for all scalar fields.
+// repeated, map or message fields are not using the presence map.
+func usePresence(message *messageInfo, field *protogen.Field) bool {
+ if !message.isOpaque() {
+ return false
+ }
+ return opaqueFieldNeedsPresenceArray(message, field)
+}
+
+func opaqueFieldNeedsPresenceArray(message *messageInfo, field *protogen.Field) bool {
+ // Non optional fields need presence if truly lazy field, i.e. are message fields.
+ if isLazy(field) {
+ return true
+ }
+ isNotOneof := field.Desc.ContainingOneof() == nil || field.Desc.ContainingOneof().IsSynthetic()
+ return field.Desc.HasPresence() && field.Message == nil && isNotOneof
+}
+
+// opaqueGenHas generates a Has method for a field.
+func opaqueGenHas(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, field *protogen.Field) {
+ hasserName, _ := field.MethodName("Has")
+
+ leadingComments := appendDeprecationSuffix("",
+ field.Desc.ParentFile(),
+ field.Desc.Options().(*descriptorpb.FieldOptions).GetDeprecated())
+ g.AnnotateSymbol(message.GoIdent.GoName+"."+hasserName, protogen.Annotation{Location: field.Location})
+ fieldtrackNoInterface(g, message.noInterface)
+
+ // Oneof field.
+ if oneof := field.Oneof; oneof != nil && !oneof.Desc.IsSynthetic() {
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", hasserName, "() bool {")
+ structPtr := "x"
+ g.P("if ", structPtr, " == nil {")
+ g.P("return false")
+ g.P("}")
+ if message.isOpaque() && message.isTracked {
+ // Add access to zero field for tracking
+ g.P("_ = ", structPtr, ".", "XXX_ft_", oneof.GoName)
+ }
+ g.P("_, ok := ", structPtr, ".", opaqueOneofFieldName(oneof, message.isOpaque()), ".(*", opaqueFieldOneofType(field, message.isOpaque()), ")")
+ g.P("return ok")
+ g.P("}")
+ g.P()
+ return
+ }
+
+ // Non-oneof field in open message.
+ if !message.isOpaque() {
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", hasserName, "() bool {")
+ g.P("if x == nil {")
+ g.P("return false")
+ g.P("}")
+ g.P("return ", "x.", field.GoName, " != nil")
+ g.P("}")
+ g.P()
+ return
+ }
+
+ // Non-oneof field in opaque message.
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", hasserName, "() bool {")
+ g.P("if x == nil {")
+ g.P("return false")
+ g.P("}")
+ structPtr := "x"
+ if message.isTracked {
+ // Add access to zero field for tracking
+ g.P("_ = ", structPtr, ".", "XXX_ft_"+field.GoName)
+ }
+ if usePresence(message, field) {
+ pi := opaqueFieldPresenceIndex(field)
+ ai := pi / 32
+ g.P("return ", protoimplPackage.Ident("X"), ".Present(&(", structPtr, ".XXX_presence[", ai, "]),", pi, ")")
+ } else {
+ // Has for proto3 message without presence
+ g.P("return ", structPtr, ".xxx_hidden_", field.GoName, " != nil")
+ }
+
+ g.P("}")
+ g.P()
+}
+
+// opaqueGenClear generates a Clear method for a field.
+func opaqueGenClear(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, field *protogen.Field) {
+ clearerName, _ := field.MethodName("Clear")
+ pi := opaqueFieldPresenceIndex(field)
+ ai := pi / 32
+
+ leadingComments := appendDeprecationSuffix("",
+ field.Desc.ParentFile(),
+ field.Desc.Options().(*descriptorpb.FieldOptions).GetDeprecated())
+ g.AnnotateSymbol(message.GoIdent.GoName+"."+clearerName, protogen.Annotation{
+ Location: field.Location,
+ Semantic: descriptorpb.GeneratedCodeInfo_Annotation_SET.Enum(),
+ })
+ fieldtrackNoInterface(g, message.noInterface)
+
+ // Oneof field.
+ if oneof := field.Oneof; oneof != nil && !oneof.Desc.IsSynthetic() {
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", clearerName, "() {")
+ structPtr := "x"
+ if message.isOpaque() && message.isTracked {
+ // Add access to zero field for tracking
+ g.P(structPtr, ".", "XXX_ft_", oneof.GoName, " = struct{}{}")
+ }
+ g.P("if _, ok := ", structPtr, ".", opaqueOneofFieldName(oneof, message.isOpaque()), ".(*", opaqueFieldOneofType(field, message.isOpaque()), "); ok {")
+ g.P(structPtr, ".", opaqueOneofFieldName(oneof, message.isOpaque()), " = nil")
+ g.P("}")
+ g.P("}")
+ g.P()
+ return
+ }
+
+ // Non-oneof field in open message.
+ if !message.isOpaque() {
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", clearerName, "() {")
+ g.P("x.", field.GoName, " = nil")
+ g.P("}")
+ g.P()
+ return
+ }
+
+ // Non-oneof field in opaque message.
+ g.P(leadingComments, "func (x *", message.GoIdent, ") ", clearerName, "() {")
+ structPtr := "x"
+ if message.isTracked {
+ // Add access to zero field for tracking
+ g.P(structPtr, ".", "XXX_ft_", field.GoName, " = struct{}{}")
+ }
+
+ if usePresence(message, field) {
+ g.P(protoimplPackage.Ident("X"), ".ClearPresent(&(", structPtr, ".XXX_presence[", ai, "]),", pi, ")")
+ }
+
+ // Avoid needing to read the presence value in Get by ensuring that we set the
+ // right zero value (unless we have an explicit default, in which case we
+ // revert to presence checking in Get). Rationale: Get is called far more
+ // frequently than Clear, it should be as lean as possible.
+ zv := opaqueZeroValueForField(g, field)
+ // For lazy, (repeated) message fields are unmarshalled lazily. Hence they are
+ // assigned atomically in Getters (which are allowed to be called
+ // concurrently). Due to this, historically, the code generator would use
+ // atomic operations everywhere.
+ //
+ // TODO(b/291588964): Stop using atomic operations for non-presence fields in
+ // write calls (Set/Clear). Concurrent reads are allowed,
+ // but concurrent read/write or write/write are not, we
+ // shouldn't cater to it.
+ if isLazy(field) {
+ goType, _ := opaqueFieldGoType(g, f, message, field)
+ g.P(protoimplPackage.Ident("X"), ".AtomicSetPointer(&", structPtr, ".xxx_hidden_", field.GoName, ",(", goType, ")(", zv, "))")
+ } else if !field.Desc.HasDefault() {
+ g.P(structPtr, ".xxx_hidden_", field.GoName, " = ", zv)
+ }
+ g.P("}")
+ g.P()
+}
+
+// Determine what value to set a cleared field to.
+func opaqueZeroValueForField(g *protogen.GeneratedFile, field *protogen.Field) string {
+ if field.Desc.Cardinality() == protoreflect.Repeated {
+ return "nil"
+ }
+ switch field.Desc.Kind() {
+ case protoreflect.StringKind:
+ return "nil"
+ case protoreflect.MessageKind, protoreflect.GroupKind, protoreflect.BytesKind:
+ return "nil"
+ case protoreflect.BoolKind:
+ return "false"
+ case protoreflect.EnumKind:
+ return g.QualifiedGoIdent(field.Enum.Values[0].GoIdent)
+ default:
+ return "0"
+ }
+}
+
+// opaqueGenGetOneof generates a Get function for a oneof union.
+func opaqueGenGetOneof(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, oneof *protogen.Oneof) {
+ ifName := opaqueOneofInterfaceName(oneof)
+ g.AnnotateSymbol(message.GoIdent.GoName+".Get"+oneof.GoName, protogen.Annotation{Location: oneof.Location})
+ fieldtrackNoInterface(g, message.isTracked)
+ g.P("func (x *", message.GoIdent.GoName, ") Get", oneof.GoName, "() ", ifName, " {")
+ g.P("if x != nil {")
+ g.P("return x.", opaqueOneofFieldName(oneof, message.isOpaque()))
+ g.P("}")
+ g.P("return nil")
+ g.P("}")
+ g.P()
+}
+
+// opaqueGenHasOneof generates a Has function for a oneof union.
+func opaqueGenHasOneof(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, oneof *protogen.Oneof) {
+ fieldtrackNoInterface(g, message.noInterface)
+ hasserName := oneof.MethodName("Has")
+ g.P("func (x *", message.GoIdent, ") ", hasserName, "() bool {")
+ g.P("if x == nil {")
+ g.P("return false")
+ g.P("}")
+ structPtr := "x"
+ if message.isOpaque() && message.isTracked {
+ // Add access to zero field for tracking
+ g.P("_ = ", structPtr, ".XXX_ft_", oneof.GoName)
+ }
+ g.P("return ", structPtr, ".", opaqueOneofFieldName(oneof, message.isOpaque()), " != nil")
+ g.P("}")
+ g.P()
+}
+
+// opaqueGenClearOneof generates a Clear function for a oneof union.
+func opaqueGenClearOneof(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, oneof *protogen.Oneof) {
+ fieldtrackNoInterface(g, message.noInterface)
+ clearerName := oneof.MethodName("Clear")
+ g.P("func (x *", message.GoIdent, ") ", clearerName, "() {")
+ structPtr := "x"
+ if message.isOpaque() && message.isTracked {
+ // Add access to zero field for tracking
+ g.P(structPtr, ".", "XXX_ft_", oneof.GoName, " = struct{}{}")
+ }
+ g.P(structPtr, ".", opaqueOneofFieldName(oneof, message.isOpaque()), " = nil")
+ g.P("}")
+ g.P()
+}
+
+// opaqueGenWhichOneof generates the Which method for each oneof union, as well as the case values for each member
+// of that union.
+func opaqueGenWhichOneof(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo) {
+ // Go through the message, and for each field that is the first of a oneof field, dig down
+ // and generate constants + the actual which method.
+ oneofIndex := 0
+ for _, field := range message.Fields {
+ if oneof := field.Oneof; oneof != nil {
+ if !isFirstOneofField(field) {
+ continue
+ }
+ caseType := opaqueOneofCaseTypeName(oneof)
+ g.P("const ", message.GoIdent.GoName, "_", oneof.GoName, "_not_set_case ", caseType, " = ", 0)
+ for _, f := range oneof.Fields {
+ g.P("const ", message.GoIdent.GoName, "_", f.GoName, "_case ", caseType, " = ", f.Desc.Number())
+ }
+ fieldtrackNoInterface(g, message.noInterface)
+ whicherName := oneof.MethodName("Which")
+ g.P("func (x *", message.GoIdent, ") ", whicherName, "() ", caseType, " {")
+ g.P("if x == nil {")
+ g.P("return ", message.GoIdent.GoName, "_", oneof.GoName, "_not_set_case ")
+ g.P("}")
+ g.P("switch x.", opaqueOneofFieldName(oneof, message.isOpaque()), ".(type) {")
+ for _, f := range oneof.Fields {
+ g.P("case *", opaqueFieldOneofType(f, message.isOpaque()), ":")
+ g.P("return ", message.GoIdent.GoName, "_", f.GoName, "_case")
+ }
+ g.P("default", ":")
+ g.P("return ", message.GoIdent.GoName, "_", oneof.GoName, "_not_set_case ")
+ g.P("}")
+ g.P("}")
+ g.P()
+ oneofIndex++
+ }
+ }
+}
+
+func opaqueNeedsPresenceArray(message *messageInfo) bool {
+ if !message.isOpaque() {
+ return false
+ }
+ for _, field := range message.Fields {
+ if opaqueFieldNeedsPresenceArray(message, field) {
+ return true
+ }
+ }
+ return false
+}
+
+func opaqueNeedsLazyStruct(message *messageInfo) bool {
+ for _, field := range message.Fields {
+ if isLazy(field) {
+ return true
+ }
+ }
+ return false
+}
+
+// opaqueGenMessageBuilder generates a Builder type for a message.
+func opaqueGenMessageBuilder(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo) {
+ if message.isOpen() {
+ return
+ }
+ // Builder type.
+ bName := g.QualifiedGoIdent(message.GoIdent) + genid.BuilderSuffix_goname
+ g.AnnotateSymbol(message.GoIdent.GoName+genid.BuilderSuffix_goname, protogen.Annotation{Location: message.Location})
+
+ leadingComments := appendDeprecationSuffix("",
+ message.Desc.ParentFile(),
+ message.Desc.Options().(*descriptorpb.MessageOptions).GetDeprecated())
+ g.P(leadingComments, "type ", bName, " struct {")
+ g.P("_ [0]func() // Prevents comparability and use of unkeyed literals for the builder.")
+ g.P()
+ for _, field := range message.Fields {
+ oneof := field.Oneof
+
+ goType, pointer := opaqueBuilderFieldGoType(g, f, message, field)
+ if pointer {
+ goType = "*" + goType
+ } else if oneof != nil && fieldDefaultValue(g, f, message, field) != "nil" {
+ goType = "*" + goType
+ }
+ // Track all non-oneof fields. Note: synthetic oneofs are an
+ // implementation detail of proto3 optional fields:
+ // go/proto-proposals/proto3-presence.md, which should be tracked.
+ tag := ""
+ if (oneof == nil || oneof.Desc.IsSynthetic()) && message.isTracked {
+ tag = "`go:\"track\"`"
+ }
+ if oneof != nil && oneof.Fields[0] == field && !oneof.Desc.IsSynthetic() {
+ if oneof.Comments.Leading != "" {
+ g.P(oneof.Comments.Leading)
+ g.P()
+ }
+ g.P("// Fields of oneof ", opaqueOneofFieldName(oneof, message.isOpaque()), ":")
+ }
+ g.AnnotateSymbol(field.Parent.GoIdent.GoName+genid.BuilderSuffix_goname+"."+field.BuilderFieldName(), protogen.Annotation{Location: field.Location})
+ leadingComments := appendDeprecationSuffix(field.Comments.Leading,
+ field.Desc.ParentFile(),
+ field.Desc.Options().(*descriptorpb.FieldOptions).GetDeprecated())
+ g.P(leadingComments,
+ field.BuilderFieldName(), " ", goType, " ", tag)
+ if oneof != nil && oneof.Fields[len(oneof.Fields)-1] == field && !oneof.Desc.IsSynthetic() {
+ g.P("// -- end of ", opaqueOneofFieldName(oneof, message.isOpaque()))
+ }
+ }
+ g.P("}")
+ g.P()
+
+ opaqueGenBuildMethod(g, f, message, bName)
+}
+
+// opaqueGenBuildMethod generates the actual Build method for the builder
+func opaqueGenBuildMethod(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, bName string) {
+ // Build method on the builder type.
+ fieldtrackNoInterface(g, message.noInterface)
+ g.P("func (b0 ", bName, ") Build() *", message.GoIdent, " {")
+ g.P("m0 := &", message.GoIdent, "{}")
+
+ if message.isTracked {
+ // Redeclare the builder and message types as local
+ // defined types, so that field tracking records the
+ // field uses against these types instead of the
+ // original struct types.
+ //
+ // TODO: Actually redeclare the struct types
+ // without `go:"track"` tags?
+ g.P("type (notrackB ", bName, "; notrackM ", message.GoIdent, ")")
+ g.P("b, x := (*notrackB)(&b0), (*notrackM)(m0)")
+ } else {
+ g.P("b, x := &b0, m0")
+ }
+ g.P("_, _ = b, x")
+
+ for _, field := range message.Fields {
+ oneof := field.Oneof
+ if oneof != nil && !oneof.Desc.IsSynthetic() {
+ qual := ""
+ if fieldDefaultValue(g, f, message, field) != "nil" {
+ qual = "*"
+ }
+
+ g.P("if b.", field.BuilderFieldName(), " != nil {")
+ oneofName := opaqueOneofFieldName(oneof, message.isOpaque())
+ oneofType := opaqueFieldOneofType(field, message.isOpaque())
+ g.P("x.", oneofName, " = &", oneofType, "{", qual, "b.", field.BuilderFieldName(), "}")
+ g.P("}")
+ } else { // proto3 optional ends up here (synthetic oneof)
+ qual := ""
+ _, pointer := opaqueBuilderFieldGoType(g, f, message, field)
+ if pointer && message.isOpaque() && !field.Desc.IsList() && field.Desc.Kind() != protoreflect.StringKind {
+ qual = "*"
+ } else if message.isOpaque() && field.Desc.IsList() && field.Desc.Message() != nil {
+ qual = "&"
+ }
+ presence := usePresence(message, field)
+ if presence {
+ g.P("if b.", field.BuilderFieldName(), " != nil {")
+ }
+ if presence {
+ pi := opaqueFieldPresenceIndex(field)
+ g.P(protoimplPackage.Ident("X"), ".SetPresentNonAtomic(&(x.XXX_presence[", pi/32, "]),", pi, ",", opaqueNumPresenceFields(message), ")")
+ }
+ goName := field.GoName
+ if message.isOpaque() {
+ goName = "xxx_hidden_" + goName
+ }
+ g.P("x.", goName, " = ", qual, "b.", field.BuilderFieldName())
+ if presence {
+ g.P("}")
+ }
+ }
+ }
+
+ g.P("return m0")
+ g.P("}")
+ g.P()
+}
+
+// opaqueBuilderFieldGoType does the same as opaqueFieldGoType, but corrects for
+// types that are different in a builder
+func opaqueBuilderFieldGoType(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, field *protogen.Field) (goType string, pointer bool) {
+ goType, pointer = opaqueFieldGoType(g, f, message, field)
+ kind := field.Desc.Kind()
+
+ // Use []T instead of *[]T for opaque repeated lists.
+ if message.isOpaque() && field.Desc.IsList() {
+ pointer = false
+ }
+
+ // Use *T for optional fields.
+ optional := field.Desc.HasPresence()
+ if optional &&
+ kind != protoreflect.GroupKind &&
+ kind != protoreflect.MessageKind &&
+ kind != protoreflect.BytesKind &&
+ field.Desc.Cardinality() != protoreflect.Repeated {
+ pointer = true
+ }
+
+ return goType, pointer
+}
+
+func opaqueGenOneofWrapperTypes(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo) {
+ // TODO: We should avoid generating these wrapper types in pure-opaque mode.
+ if !message.isOpen() {
+ for _, oneof := range message.Oneofs {
+ if oneof.Desc.IsSynthetic() {
+ continue
+ }
+ caseTypeName := opaqueOneofCaseTypeName(oneof)
+ g.P("type ", caseTypeName, " ", protoreflectPackage.Ident("FieldNumber"))
+ g.P("")
+
+ idx := f.allMessagesByPtr[message]
+ typesVar := messageTypesVarName(f)
+ g.P("func (x ", caseTypeName, ") String() string {")
+ g.P("md := ", typesVar, "[", idx, "].Descriptor()")
+ g.P("if x == 0 {")
+ g.P(`return "not set"`)
+ g.P("}")
+ g.P("return ", protoimplPackage.Ident("X"), ".MessageFieldStringOf(md, ", protoreflectPackage.Ident("FieldNumber"), "(x))")
+ g.P("}")
+ g.P()
+ }
+ }
+ for _, oneof := range message.Oneofs {
+ if oneof.Desc.IsSynthetic() {
+ continue
+ }
+ ifName := opaqueOneofInterfaceName(oneof)
+ g.P("type ", ifName, " interface {")
+ g.P(ifName, "()")
+ g.P("}")
+ g.P()
+ for _, field := range oneof.Fields {
+ name := opaqueFieldOneofType(field, message.isOpaque())
+ g.AnnotateSymbol(name.GoName, protogen.Annotation{Location: field.Location})
+ g.AnnotateSymbol(name.GoName+"."+field.GoName, protogen.Annotation{Location: field.Location})
+ g.P("type ", name, " struct {")
+ goType, _ := opaqueFieldGoType(g, f, message, field)
+ protobufTagValue := fieldProtobufTagValue(field)
+ if g.InternalStripForEditionsDiff() {
+ protobufTagValue = strings.ReplaceAll(protobufTagValue, ",proto3", "")
+ }
+ tags := structTags{
+ {"protobuf", protobufTagValue},
+ }
+ leadingComments := appendDeprecationSuffix(field.Comments.Leading,
+ field.Desc.ParentFile(),
+ field.Desc.Options().(*descriptorpb.FieldOptions).GetDeprecated())
+ g.P(leadingComments,
+ field.GoName, " ", goType, tags,
+ trailingComment(field.Comments.Trailing))
+ g.P("}")
+ g.P()
+ }
+ for _, field := range oneof.Fields {
+ g.P("func (*", opaqueFieldOneofType(field, message.isOpaque()), ") ", ifName, "() {}")
+ g.P()
+ }
+ }
+}
+
+// opaqueFieldGoType returns the Go type used for a field.
+//
+// If it returns pointer=true, the struct field is a pointer to the type.
+func opaqueFieldGoType(g *protogen.GeneratedFile, f *fileInfo, message *messageInfo, field *protogen.Field) (goType string, pointer bool) {
+ pointer = true
+ switch field.Desc.Kind() {
+ case protoreflect.BoolKind:
+ goType = "bool"
+ case protoreflect.EnumKind:
+ goType = g.QualifiedGoIdent(field.Enum.GoIdent)
+ case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind:
+ goType = "int32"
+ case protoreflect.Uint32Kind, protoreflect.Fixed32Kind:
+ goType = "uint32"
+ case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind:
+ goType = "int64"
+ case protoreflect.Uint64Kind, protoreflect.Fixed64Kind:
+ goType = "uint64"
+ case protoreflect.FloatKind:
+ goType = "float32"
+ case protoreflect.DoubleKind:
+ goType = "float64"
+ case protoreflect.StringKind:
+ goType = "string"
+ case protoreflect.BytesKind:
+ goType = "[]byte"
+ pointer = false
+ case protoreflect.MessageKind, protoreflect.GroupKind:
+ goType = opaqueMessageFieldGoType(g, f, field, message.isOpaque())
+ pointer = false
+ }
+ switch {
+ case field.Desc.IsList():
+ goType = "[]" + goType
+ pointer = false
+ case field.Desc.IsMap():
+ keyType, _ := opaqueFieldGoType(g, f, message, field.Message.Fields[0])
+ valType, _ := opaqueFieldGoType(g, f, message, field.Message.Fields[1])
+ return fmt.Sprintf("map[%v]%v", keyType, valType), false
+ }
+
+ // Extension fields always have pointer type, even when defined in a proto3 file.
+ if !field.Desc.IsExtension() && !field.Desc.HasPresence() {
+ pointer = false
+ }
+
+ if message.isOpaque() {
+ switch {
+ case field.Desc.IsList() && field.Desc.Message() != nil:
+ pointer = true
+ case !field.Desc.IsList() && field.Desc.Kind() == protoreflect.StringKind:
+ switch {
+ case field.Desc.HasPresence():
+ pointer = true
+ default:
+ pointer = false
+ }
+ default:
+ pointer = false
+ }
+ }
+
+ return goType, pointer
+}
+
+func opaqueMessageFieldGoType(g *protogen.GeneratedFile, f *fileInfo, field *protogen.Field, isOpaque bool) string {
+ return "*" + g.QualifiedGoIdent(field.Message.GoIdent)
+}
+
+// opaqueFieldPresenceIndex returns the index to pass to presence functions.
+//
+// TODO: field.Desc.Index() would be simpler, and would give space to record the presence of oneof fields.
+func opaqueFieldPresenceIndex(field *protogen.Field) int {
+ structFieldIndex := 0
+ for _, f := range field.Parent.Fields {
+ if field == f {
+ break
+ }
+ if f.Oneof == nil || isLastOneofField(f) {
+ structFieldIndex++
+ }
+ }
+ return structFieldIndex
+}
+
+// opaqueNumPresenceFields returns the number of fields that may be passed to presence functions.
+//
+// Since all fields in a oneof currently share a single entry in the presence bitmap,
+// this is not just len(message.Fields).
+func opaqueNumPresenceFields(message *messageInfo) int {
+ if len(message.Fields) == 0 {
+ return 0
+ }
+ return opaqueFieldPresenceIndex(message.Fields[len(message.Fields)-1]) + 1
+}
+
+func fieldtrackNoInterface(g *protogen.GeneratedFile, isTracked bool) {
+ if isTracked {
+ g.P("//go:nointerface")
+ }
+}
+
+// opaqueOneofFieldName returns the name of the struct field that holds
+// the value of a oneof.
+func opaqueOneofFieldName(oneof *protogen.Oneof, isOpaque bool) string {
+ if isOpaque {
+ return "xxx_hidden_" + oneof.GoName
+ }
+ return oneof.GoName
+}
+
+func opaqueFieldOneofType(field *protogen.Field, isOpaque bool) protogen.GoIdent {
+ ident := protogen.GoIdent{
+ GoImportPath: field.Parent.GoIdent.GoImportPath,
+ GoName: field.Parent.GoIdent.GoName + "_" + field.GoName,
+ }
+ // Check for collisions with nested messages or enums.
+ //
+ // This conflict resolution is incomplete: Among other things, it
+ // does not consider collisions with other oneof field types.
+Loop:
+ for {
+ for _, message := range field.Parent.Messages {
+ if message.GoIdent == ident {
+ ident.GoName += "_"
+ continue Loop
+ }
+ }
+ for _, enum := range field.Parent.Enums {
+ if enum.GoIdent == ident {
+ ident.GoName += "_"
+ continue Loop
+ }
+ }
+ return unexportIdent(ident, isOpaque)
+ }
+}
+
+// unexportIdent turns id into its unexported version (by lower-casing), but
+// only if isOpaque is set. This function is used for oneof wrapper types,
+// which remain exported in the non-opaque API for now.
+func unexportIdent(id protogen.GoIdent, isOpaque bool) protogen.GoIdent {
+ if !isOpaque {
+ return id
+ }
+ r, sz := utf8.DecodeRuneInString(id.GoName)
+ if r == utf8.RuneError {
+ panic(fmt.Sprintf("Go identifier %q contains invalid UTF8?!", id.GoName))
+ }
+ r = unicode.ToLower(r)
+ id.GoName = string(r) + id.GoName[sz:]
+ return id
+}
+
+func opaqueOneofInterfaceName(oneof *protogen.Oneof) string {
+ return fmt.Sprintf("is%s_%s", oneof.Parent.GoIdent.GoName, oneof.GoName)
+}
+func opaqueOneofCaseTypeName(oneof *protogen.Oneof) string {
+ return fmt.Sprintf("case_%s_%s", oneof.Parent.GoIdent.GoName, oneof.GoName)
+}
+
+// isFirstOneofField reports whether this is the first field in a oneof.
+func isFirstOneofField(field *protogen.Field) bool {
+ return field.Oneof != nil && field == field.Oneof.Fields[0] && !field.Oneof.Desc.IsSynthetic()
+}
+
+// isLastOneofField returns true if this is the last field in a oneof.
+func isLastOneofField(field *protogen.Field) bool {
+ return field.Oneof != nil && field == field.Oneof.Fields[len(field.Oneof.Fields)-1]
+}
diff --git a/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/reflect.go b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/reflect.go
index 75939d96f1..4e0b7ad198 100644
--- a/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/reflect.go
+++ b/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo/reflect.go
@@ -5,6 +5,7 @@
package internal_gengo
import (
+ "bytes"
"fmt"
"math"
"strings"
@@ -89,9 +90,6 @@ func genReflectFileDescriptor(gen *protogen.Plugin, g *protogen.GeneratedFile, f
depOffsets = append(depOffsets, offsetEntry{len(depIdxs), "field type_name"})
for _, message := range f.allMessages {
for _, field := range message.Fields {
- if field.Desc.IsWeak() {
- continue
- }
source := string(field.Desc.FullName())
genEnum(field.Enum, source+":type_name")
genMessage(field.Message, source+":type_name")
@@ -174,7 +172,7 @@ func genReflectFileDescriptor(gen *protogen.Plugin, g *protogen.GeneratedFile, f
for _, oneof := range message.Oneofs {
if !oneof.Desc.IsSynthetic() {
for _, field := range oneof.Fields {
- g.P("(*", field.GoIdent, ")(nil),")
+ g.P("(*", unexportIdent(field.GoIdent, message.isOpaque()), ")(nil),")
}
}
}
@@ -187,7 +185,10 @@ func genReflectFileDescriptor(gen *protogen.Plugin, g *protogen.GeneratedFile, f
g.P("out := ", protoimplPackage.Ident("TypeBuilder"), "{")
g.P("File: ", protoimplPackage.Ident("DescBuilder"), "{")
g.P("GoPackagePath: ", reflectPackage.Ident("TypeOf"), "(x{}).PkgPath(),")
- g.P("RawDescriptor: ", rawDescVarName(f), ",")
+ // Avoid a copy of the descriptor. This means modification of the
+ // RawDescriptor byte slice will crash the program. But generated
+ // RawDescriptors are never supposed to be modified anyway.
+ g.P("RawDescriptor: ", unsafeBytesRawDesc(g, f), ",")
g.P("NumEnums: ", len(f.allEnums), ",")
g.P("NumMessages: ", len(f.allMessages), ",")
g.P("NumExtensions: ", len(f.allExtensions), ",")
@@ -208,7 +209,6 @@ func genReflectFileDescriptor(gen *protogen.Plugin, g *protogen.GeneratedFile, f
g.P(f.GoDescriptorIdent, " = out.File")
// Set inputs to nil to allow GC to reclaim resources.
- g.P(rawDescVarName(f), " = nil")
g.P(goTypesVarName(f), " = nil")
g.P(depIdxsVarName(f), " = nil")
g.P("}")
@@ -243,22 +243,22 @@ func genFileDescriptor(gen *protogen.Plugin, g *protogen.GeneratedFile, f *fileI
return
}
- g.P("var ", rawDescVarName(f), " = []byte{")
- for len(b) > 0 {
- n := 16
- if n > len(b) {
- n = len(b)
- }
-
- s := ""
- for _, c := range b[:n] {
- s += fmt.Sprintf("0x%02x,", c)
- }
- g.P(s)
-
- b = b[n:]
+ // Generate the raw descriptor as a kind-of readable const string.
+ // To not generate a single potentially very long line, we use the 0x0a
+ // byte to split the string into multiple "lines" and concatenate
+ // them with "+".
+ // The 0x0a comes from the observation that the FileDescriptorProto,
+ // and many of the messages it includes (for example
+ // DescriptorProto, EnumDescriptorProto, etc.), define a string
+ // (which is LEN encoded) as field with field_number=1.
+ // That makes all these messages start with (1<<3 + 2[:LEN])=0x0a
+ // in the wire-format.
+ // See also https://protobuf.dev/programming-guides/encoding/#structure.
+ fmt.Fprint(g, "const ", rawDescVarName(f), `=""`)
+ for _, line := range bytes.SplitAfter(b, []byte{'\x0a'}) {
+ g.P("+")
+ fmt.Fprintf(g, "%q", line)
}
- g.P("}")
g.P()
if f.needRawDesc {
@@ -266,13 +266,13 @@ func genFileDescriptor(gen *protogen.Plugin, g *protogen.GeneratedFile, f *fileI
dataVar := rawDescVarName(f) + "Data"
g.P("var (")
g.P(onceVar, " ", syncPackage.Ident("Once"))
- g.P(dataVar, " = ", rawDescVarName(f))
+ g.P(dataVar, " []byte")
g.P(")")
g.P()
g.P("func ", rawDescVarName(f), "GZIP() []byte {")
g.P(onceVar, ".Do(func() {")
- g.P(dataVar, " = ", protoimplPackage.Ident("X"), ".CompressGZIP(", dataVar, ")")
+ g.P(dataVar, " = ", protoimplPackage.Ident("X"), ".CompressGZIP(", unsafeBytesRawDesc(g, f), ")")
g.P("})")
g.P("return ", dataVar)
g.P("}")
@@ -280,6 +280,16 @@ func genFileDescriptor(gen *protogen.Plugin, g *protogen.GeneratedFile, f *fileI
}
}
+// unsafeBytesRawDesc returns an inlined version of [strs.UnsafeBytes]
+// (gencode cannot depend on internal/strs). Modification of this byte
+// slice will crash the program.
+func unsafeBytesRawDesc(g *protogen.GeneratedFile, f *fileInfo) string {
+ return fmt.Sprintf("%s(%s(%[3]s), len(%[3]s))",
+ g.QualifiedGoIdent(unsafePackage.Ident("Slice")),
+ g.QualifiedGoIdent(unsafePackage.Ident("StringData")),
+ rawDescVarName(f))
+}
+
func genEnumReflectMethods(g *protogen.GeneratedFile, f *fileInfo, e *enumInfo) {
idx := f.allEnumsByPtr[e]
typesVar := enumTypesVarName(f)
diff --git a/vendor/google.golang.org/protobuf/compiler/protogen/protogen.go b/vendor/google.golang.org/protobuf/compiler/protogen/protogen.go
index c2c9e9da7c..f7f295aa55 100644
--- a/vendor/google.golang.org/protobuf/compiler/protogen/protogen.go
+++ b/vendor/google.golang.org/protobuf/compiler/protogen/protogen.go
@@ -35,9 +35,9 @@ import (
"google.golang.org/protobuf/reflect/protodesc"
"google.golang.org/protobuf/reflect/protoreflect"
"google.golang.org/protobuf/reflect/protoregistry"
+ "google.golang.org/protobuf/types/dynamicpb"
"google.golang.org/protobuf/types/descriptorpb"
- "google.golang.org/protobuf/types/dynamicpb"
"google.golang.org/protobuf/types/gofeaturespb"
"google.golang.org/protobuf/types/pluginpb"
)
@@ -166,6 +166,10 @@ type Options struct {
// This struct field is for internal use by Go Protobuf only. Do not use it,
// we might remove it at any time.
InternalStripForEditionsDiff *bool
+
+ // DefaultAPILevel overrides which API to generate by default (despite what
+ // the editions feature default specifies). One of OPEN, HYBRID or OPAQUE.
+ DefaultAPILevel gofeaturespb.GoFeatures_APILevel
}
// New returns a new Plugin.
@@ -179,8 +183,9 @@ func (opts Options) New(req *pluginpb.CodeGeneratorRequest) (*Plugin, error) {
opts: opts,
}
- packageNames := make(map[string]GoPackageName) // filename -> package name
- importPaths := make(map[string]GoImportPath) // filename -> import path
+ packageNames := make(map[string]GoPackageName) // filename -> package name
+ importPaths := make(map[string]GoImportPath) // filename -> import path
+ apiLevel := make(map[string]gofeaturespb.GoFeatures_APILevel) // filename -> api level
for _, param := range strings.Split(req.GetParameter(), ",") {
var value string
if i := strings.Index(param, "="); i >= 0 {
@@ -209,6 +214,18 @@ func (opts Options) New(req *pluginpb.CodeGeneratorRequest) (*Plugin, error) {
default:
return nil, fmt.Errorf(`bad value for parameter %q: want "true" or "false"`, param)
}
+ case "default_api_level":
+ switch value {
+ case "API_OPEN":
+ opts.DefaultAPILevel = gofeaturespb.GoFeatures_API_OPEN
+ case "API_HYBRID":
+ opts.DefaultAPILevel = gofeaturespb.GoFeatures_API_HYBRID
+ case "API_OPAQUE":
+ opts.DefaultAPILevel = gofeaturespb.GoFeatures_API_OPAQUE
+ default:
+ return nil, fmt.Errorf(`unknown API level %q for parameter %q: want "API_OPEN", "API_HYBRID" or "API_OPAQUE"`, value, param)
+ }
+ gen.opts = opts
default:
if param[0] == 'M' {
impPath, pkgName := splitImportPathAndPackageName(value)
@@ -220,6 +237,21 @@ func (opts Options) New(req *pluginpb.CodeGeneratorRequest) (*Plugin, error) {
}
continue
}
+ if strings.HasPrefix(param, "apilevelM") {
+ var level gofeaturespb.GoFeatures_APILevel
+ switch value {
+ case "API_OPEN":
+ level = gofeaturespb.GoFeatures_API_OPEN
+ case "API_HYBRID":
+ level = gofeaturespb.GoFeatures_API_HYBRID
+ case "API_OPAQUE":
+ level = gofeaturespb.GoFeatures_API_OPAQUE
+ default:
+ return nil, fmt.Errorf(`unknown API level %q for parameter %q: want "API_OPEN", "API_HYBRID" or "API_OPAQUE"`, value, param)
+ }
+ apiLevel[strings.TrimPrefix(param, "apilevelM")] = level
+ continue
+ }
if opts.ParamFunc != nil {
if err := opts.ParamFunc(param, value); err != nil {
return nil, err
@@ -250,9 +282,9 @@ func (opts Options) New(req *pluginpb.CodeGeneratorRequest) (*Plugin, error) {
// Alternatively, build systems which want to exert full control over
// import paths may specify M= flags.
for _, fdesc := range gen.Request.ProtoFile {
+ filename := fdesc.GetName()
// The "M" command-line flags take precedence over
// the "go_package" option in the .proto source file.
- filename := fdesc.GetName()
impPath, pkgName := splitImportPathAndPackageName(fdesc.GetOptions().GetGoPackage())
if importPaths[filename] == "" && impPath != "" {
importPaths[filename] = impPath
@@ -324,7 +356,7 @@ func (opts Options) New(req *pluginpb.CodeGeneratorRequest) (*Plugin, error) {
if gen.FilesByPath[filename] != nil {
return nil, fmt.Errorf("duplicate file name: %q", filename)
}
- f, err := newFile(gen, fdesc, packageNames[filename], importPaths[filename])
+ f, err := newFile(gen, fdesc, packageNames[filename], importPaths[filename], apiLevel[filename])
if err != nil {
return nil, err
}
@@ -460,9 +492,12 @@ type File struct {
GeneratedFilenamePrefix string
location Location
+
+ // APILevel specifies which API to generate. One of OPEN, HYBRID or OPAQUE.
+ APILevel gofeaturespb.GoFeatures_APILevel
}
-func newFile(gen *Plugin, p *descriptorpb.FileDescriptorProto, packageName GoPackageName, importPath GoImportPath) (*File, error) {
+func newFile(gen *Plugin, p *descriptorpb.FileDescriptorProto, packageName GoPackageName, importPath GoImportPath, apiLevel gofeaturespb.GoFeatures_APILevel) (*File, error) {
desc, err := protodesc.NewFile(p, gen.fileReg)
if err != nil {
return nil, fmt.Errorf("invalid FileDescriptorProto %q: %v", p.GetName(), err)
@@ -470,12 +505,18 @@ func newFile(gen *Plugin, p *descriptorpb.FileDescriptorProto, packageName GoPac
if err := gen.fileReg.RegisterFile(desc); err != nil {
return nil, fmt.Errorf("cannot register descriptor %q: %v", p.GetName(), err)
}
+ defaultAPILevel := gen.defaultAPILevel()
+ if apiLevel != gofeaturespb.GoFeatures_API_LEVEL_UNSPECIFIED {
+ defaultAPILevel = apiLevel
+ }
f := &File{
Desc: desc,
Proto: p,
GoPackageName: packageName,
GoImportPath: importPath,
location: Location{SourceFile: desc.Path()},
+
+ APILevel: fileAPILevel(desc, defaultAPILevel),
}
// Determine the prefix for generated Go files.
@@ -655,6 +696,9 @@ type Message struct {
Location Location // location of this message
Comments CommentSet // comments associated with this message
+
+ // APILevel specifies which API to generate. One of OPEN, HYBRID or OPAQUE.
+ APILevel gofeaturespb.GoFeatures_APILevel
}
func newMessage(gen *Plugin, f *File, parent *Message, desc protoreflect.MessageDescriptor) *Message {
@@ -664,11 +708,20 @@ func newMessage(gen *Plugin, f *File, parent *Message, desc protoreflect.Message
} else {
loc = f.location.appendPath(genid.FileDescriptorProto_MessageType_field_number, desc.Index())
}
+
+ def := f.APILevel
+ if parent != nil {
+ // editions feature semantics: applies to nested messages.
+ def = parent.APILevel
+ }
+
message := &Message{
Desc: desc,
GoIdent: newGoIdent(f, desc),
Location: loc,
Comments: makeCommentSet(gen, f.Desc.SourceLocations().ByDescriptor(desc)),
+
+ APILevel: messageAPILevel(desc, def),
}
gen.messagesByName[desc.FullName()] = message
for i, eds := 0, desc.Enums(); i < eds.Len(); i++ {
@@ -766,6 +819,8 @@ func newMessage(gen *Plugin, f *File, parent *Message, desc protoreflect.Message
}
}
+ opaqueNewMessageHook(message)
+
return message
}
@@ -812,6 +867,18 @@ type Field struct {
Location Location // location of this field
Comments CommentSet // comments associated with this field
+
+ // camelCase is the same as GoName, but without the name
+ // mangling. This is used in builders, where only the single
+ // name "Build" needs to be mangled.
+ camelCase string
+
+ // hasConflictHybrid tells us if we are to insert an '_' into
+ // the method names, (e.g. SetFoo becomes Set_Foo). This will
+ // be set even if we generate opaque protos, as we will want
+ // to potentially generate these method names anyway
+ // (opaque-v0).
+ hasConflictHybrid bool
}
func newField(gen *Plugin, f *File, message *Message, desc protoreflect.FieldDescriptor) *Field {
@@ -840,6 +907,9 @@ func newField(gen *Plugin, f *File, message *Message, desc protoreflect.FieldDes
Location: loc,
Comments: makeCommentSet(gen, f.Desc.SourceLocations().ByDescriptor(desc)),
}
+
+ opaqueNewFieldHook(desc, field)
+
return field
}
@@ -890,13 +960,24 @@ type Oneof struct {
Location Location // location of this oneof
Comments CommentSet // comments associated with this oneof
+
+ // camelCase is the same as GoName, but without the name mangling.
+ // This is used in builders, which never have their names mangled
+ camelCase string
+
+ // hasConflictHybrid tells us if we are to insert an '_' into
+ // the method names, (e.g. SetFoo becomes Set_Foo). This will
+ // be set even if we generate opaque protos, as we will want
+ // to potentially generate these method names anyway
+ // (opaque-v0).
+ hasConflictHybrid bool
}
func newOneof(gen *Plugin, f *File, message *Message, desc protoreflect.OneofDescriptor) *Oneof {
loc := message.Location.appendPath(genid.DescriptorProto_OneofDecl_field_number, desc.Index())
camelCased := strs.GoCamelCase(string(desc.Name()))
parentPrefix := message.GoIdent.GoName + "_"
- return &Oneof{
+ oneof := &Oneof{
Desc: desc,
Parent: message,
GoName: camelCased,
@@ -907,6 +988,10 @@ func newOneof(gen *Plugin, f *File, message *Message, desc protoreflect.OneofDes
Location: loc,
Comments: makeCommentSet(gen, f.Desc.SourceLocations().ByDescriptor(desc)),
}
+
+ opaqueNewOneofHook(desc, oneof)
+
+ return oneof
}
// Extension is an alias of [Field] for documentation.
diff --git a/vendor/google.golang.org/protobuf/compiler/protogen/protogen_apilevel.go b/vendor/google.golang.org/protobuf/compiler/protogen/protogen_apilevel.go
new file mode 100644
index 0000000000..99086691a0
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/compiler/protogen/protogen_apilevel.go
@@ -0,0 +1,173 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package protogen
+
+import (
+ "fmt"
+
+ "google.golang.org/protobuf/internal/filedesc"
+ "google.golang.org/protobuf/internal/genid"
+ "google.golang.org/protobuf/reflect/protoreflect"
+ "google.golang.org/protobuf/types/gofeaturespb"
+)
+
+func fileAPILevel(fd protoreflect.FileDescriptor, def gofeaturespb.GoFeatures_APILevel) gofeaturespb.GoFeatures_APILevel {
+ level := gofeaturespb.GoFeatures_API_OPEN
+ level = def
+ if fd, ok := fd.(*filedesc.File); ok {
+ al := fd.L1.EditionFeatures.APILevel
+ if al != genid.GoFeatures_API_LEVEL_UNSPECIFIED_enum_value {
+ level = gofeaturespb.GoFeatures_APILevel(al)
+ }
+ }
+
+ return level
+}
+
+func messageAPILevel(md protoreflect.MessageDescriptor, def gofeaturespb.GoFeatures_APILevel) gofeaturespb.GoFeatures_APILevel {
+ level := def
+ if md, ok := md.(*filedesc.Message); ok {
+ al := md.L1.EditionFeatures.APILevel
+ if al != genid.GoFeatures_API_LEVEL_UNSPECIFIED_enum_value {
+ level = gofeaturespb.GoFeatures_APILevel(al)
+ }
+ }
+
+ return level
+}
+
+func (p *Plugin) defaultAPILevel() gofeaturespb.GoFeatures_APILevel {
+ if p.opts.DefaultAPILevel != gofeaturespb.GoFeatures_API_LEVEL_UNSPECIFIED {
+ return p.opts.DefaultAPILevel
+ }
+
+ return gofeaturespb.GoFeatures_API_OPEN
+}
+
+// MethodName returns the (possibly mangled) name of the generated accessor
+// method, along with the backwards-compatible name (if needed).
+//
+// method must be one of Get, Set, Has, Clear. MethodName panics otherwise.
+func (field *Field) MethodName(method string) (name, compat string) {
+ switch method {
+ case "Get":
+ return field.getterName()
+
+ case "Set":
+ return field.setterName()
+
+ case "Has", "Clear":
+ return field.methodName(method), ""
+
+ default:
+ panic(fmt.Sprintf("Field.MethodName called for unknown method %q", method))
+ }
+}
+
+// methodName returns the (possibly mangled) name of the generated method with
+// the given prefix.
+//
+// For the Open API, the return value is "".
+func (field *Field) methodName(prefix string) string {
+ switch field.Parent.APILevel {
+ case gofeaturespb.GoFeatures_API_OPEN:
+ // In the Open API, only generate getters (no Has or Clear methods).
+ return ""
+
+ case gofeaturespb.GoFeatures_API_HYBRID:
+ var infix string
+ if field.hasConflictHybrid {
+ infix = "_"
+ }
+ return prefix + infix + field.camelCase
+
+ case gofeaturespb.GoFeatures_API_OPAQUE:
+ return prefix + field.camelCase
+
+ default:
+ panic("BUG: message is neither open, nor hybrid, nor opaque?!")
+ }
+}
+
+// getterName returns the (possibly mangled) name of the generated Get method,
+// along with the backwards-compatible name (if needed).
+func (field *Field) getterName() (getter, compat string) {
+ switch field.Parent.APILevel {
+ case gofeaturespb.GoFeatures_API_OPEN:
+ // In the Open API, only generate a getter with the old style mangled name.
+ return "Get" + field.GoName, ""
+
+ case gofeaturespb.GoFeatures_API_HYBRID:
+ // In the Hybrid API, return the mangled getter name and the old style
+ // name if needed, for backwards compatibility with the Open API.
+ var infix string
+ if field.hasConflictHybrid {
+ infix = "_"
+ }
+ orig := "Get" + infix + field.camelCase
+ mangled := "Get" + field.GoName
+ if mangled == orig {
+ mangled = ""
+ }
+ return orig, mangled
+
+ case gofeaturespb.GoFeatures_API_OPAQUE:
+ return field.methodName("Get"), ""
+
+ default:
+ panic("BUG: message is neither open, nor hybrid, nor opaque?!")
+ }
+}
+
+// setterName returns the (possibly mangled) name of the generated Set method,
+// along with the backwards-compatible name (if needed).
+func (field *Field) setterName() (setter, compat string) {
+ return field.methodName("Set"), ""
+}
+
+// BuilderFieldName returns the name of this field in the corresponding _builder
+// struct.
+func (field *Field) BuilderFieldName() string {
+ return field.camelCase
+}
+
+// MethodName returns the (possibly mangled) name of the generated accessor
+// method.
+//
+// method must be one of Has, Clear, Which. MethodName panics otherwise.
+func (oneof *Oneof) MethodName(method string) string {
+ switch method {
+ case "Has", "Clear", "Which":
+ return oneof.methodName(method)
+
+ default:
+ panic(fmt.Sprintf("Oneof.MethodName called for unknown method %q", method))
+ }
+}
+
+// methodName returns the (possibly mangled) name of the generated method with
+// the given prefix.
+//
+// For the Open API, the return value is "".
+func (oneof *Oneof) methodName(prefix string) string {
+ switch oneof.Parent.APILevel {
+ case gofeaturespb.GoFeatures_API_OPEN:
+ // In the Open API, only generate getters.
+ return ""
+
+ case gofeaturespb.GoFeatures_API_HYBRID:
+ var infix string
+ if oneof.hasConflictHybrid {
+ infix = "_"
+ }
+ return prefix + infix + oneof.camelCase
+
+ case gofeaturespb.GoFeatures_API_OPAQUE:
+ return prefix + oneof.camelCase
+
+ default:
+ panic("BUG: message is neither open, nor hybrid, nor opaque?!")
+ }
+}
diff --git a/vendor/google.golang.org/protobuf/compiler/protogen/protogen_opaque.go b/vendor/google.golang.org/protobuf/compiler/protogen/protogen_opaque.go
new file mode 100644
index 0000000000..1c84b0cd41
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/compiler/protogen/protogen_opaque.go
@@ -0,0 +1,110 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package protogen
+
+import (
+ "strconv"
+
+ "google.golang.org/protobuf/internal/strs"
+ "google.golang.org/protobuf/reflect/protoreflect"
+)
+
+func opaqueNewFieldHook(desc protoreflect.FieldDescriptor, field *Field) {
+ field.camelCase = strs.GoCamelCase(string(desc.Name()))
+}
+
+func opaqueNewOneofHook(desc protoreflect.OneofDescriptor, oneof *Oneof) {
+ oneof.camelCase = strs.GoCamelCase(string(desc.Name()))
+}
+
+func resolveCamelCaseConflict(f *Field) {
+ suffix := "_" + strconv.Itoa(int(f.Desc.Number()))
+ f.camelCase += suffix
+ if f.Oneof != nil {
+ f.Oneof.camelCase += suffix
+ }
+}
+
+// This function finds fields with different names whose GoCamelCase() is
+// identical, for example _foo and X_foo, for both of which camelCase == "XFoo",
+// and resolves the resulting conflict by appending a _ suffix,
+// like the Java implementation does.
+func resolveCamelCaseConflicts(message *Message) {
+ camel2field := make(map[string]*Field)
+ for _, field := range message.Fields {
+ other, conflicting := camel2field[field.camelCase]
+ if conflicting {
+ resolveCamelCaseConflict(other)
+ resolveCamelCaseConflict(field)
+ // Assumption: at most two fields can have the same camelCase.
+ // Otherwise, the first field ends up with another suffix.
+ continue
+ }
+ camel2field[field.camelCase] = field
+ }
+}
+
+func opaqueNewMessageHook(message *Message) {
+ // New name mangling scheme: Add a '_' between method base
+ // name (Get, Set, Clear etc) and original field name if
+ // needed. As a special case, there is one globally reserved
+ // name, e.g. "Build" thet still results in actual renaming of
+ // the builder field like in the old scheme. We begin by
+ // taking care of this special case.
+ for _, field := range message.Fields {
+ if field.camelCase == "Build" {
+ field.camelCase += "_"
+ }
+ }
+
+ // Then find all names of the original field names, we do not want the old scheme to affect
+ // how we name things.
+
+ resolveCamelCaseConflicts(message)
+
+ camelCases := map[string]bool{}
+ for _, field := range message.Fields {
+ if field.Oneof != nil {
+ // We add the name of the union here (potentially many times).
+ camelCases[field.Oneof.camelCase] = true
+ // fallthrough: The member fields of the oneof are considered fields
+ // in the struct although they are not technically there. This is to
+ // allow changing a proto2 optional to a oneof with source code
+ // compatibility.
+ }
+ camelCases[field.camelCase] = true
+ }
+ // For each field, check if any of it's methods would clash with an original field name
+ for _, field := range message.Fields {
+ // Every field (except the union fields, that are taken care of separately) has
+ // a Get and a Set method.
+ methods := []string{"Set", "Get"}
+ // For explicit presence fields, we also have Has and Clear.
+ if field.Desc.HasPresence() {
+ methods = append(methods, "Has", "Clear")
+ }
+ for _, method := range methods {
+ // If any method name clashes with a field name, all methods get a
+ // "_" inserted between the operation and the field name.
+ if camelCases[method+field.camelCase] {
+ field.hasConflictHybrid = true
+ }
+ }
+ }
+ // The union names for oneofs need only have a methods prefix if there is a clash with Has, Clear or Which in
+ // hybrid and opaque-v0.
+ for _, field := range message.Fields {
+ if field.Oneof == nil {
+ continue
+ }
+ for _, method := range []string{"Has", "Clear", "Which"} {
+ // Same logic as for regular fields - all methods get the "_" if one needs it.
+ if camelCases[method+field.Oneof.camelCase] {
+ field.Oneof.hasConflictHybrid = true
+ }
+ }
+ }
+
+}
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/decode.go b/vendor/google.golang.org/protobuf/encoding/protojson/decode.go
index 8f9e592f87..737d6876d5 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/decode.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/decode.go
@@ -192,11 +192,6 @@ func (d decoder) unmarshalMessage(m protoreflect.Message, skipTypeURL bool) erro
fd = fieldDescs.ByTextName(name)
}
}
- if flags.ProtoLegacy {
- if fd != nil && fd.IsWeak() && fd.Message().IsPlaceholder() {
- fd = nil // reset since the weak reference is not linked in
- }
- }
if fd == nil {
// Field is unknown.
diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go
index 24bc98ac42..b53805056a 100644
--- a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go
+++ b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go
@@ -185,11 +185,6 @@ func (d decoder) unmarshalMessage(m protoreflect.Message, checkDelims bool) erro
} else if xtErr != nil && xtErr != protoregistry.NotFound {
return d.newError(tok.Pos(), "unable to resolve [%s]: %v", tok.RawString(), xtErr)
}
- if flags.ProtoLegacy {
- if fd != nil && fd.IsWeak() && fd.Message().IsPlaceholder() {
- fd = nil // reset since the weak reference is not linked in
- }
- }
// Handle unknown fields.
if fd == nil {
diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb
index 2c0693d7ab..323829da14 100644
Binary files a/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb and b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb differ
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go
index 7e87c76044..669133d04d 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go
@@ -26,7 +26,7 @@ var byteType = reflect.TypeOf(byte(0))
// The type is the underlying field type (e.g., a repeated field may be
// represented by []T, but the Go type passed in is just T).
// A list of enum value descriptors must be provided for enum fields.
-// This does not populate the Enum or Message (except for weak message).
+// This does not populate the Enum or Message.
//
// This function is a best effort attempt; parsing errors are ignored.
func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescriptors) protoreflect.FieldDescriptor {
@@ -109,9 +109,6 @@ func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescri
}
case s == "packed":
f.L1.EditionFeatures.IsPacked = true
- case strings.HasPrefix(s, "weak="):
- f.L1.IsWeak = true
- f.L1.Message = filedesc.PlaceholderMessage(protoreflect.FullName(s[len("weak="):]))
case strings.HasPrefix(s, "def="):
// The default tag is special in that everything afterwards is the
// default regardless of the presence of commas.
@@ -183,9 +180,6 @@ func Marshal(fd protoreflect.FieldDescriptor, enumName string) string {
// the exact same semantics from the previous generator.
tag = append(tag, "json="+jsonName)
}
- if fd.IsWeak() {
- tag = append(tag, "weak="+string(fd.Message().FullName()))
- }
// The previous implementation does not tag extension fields as proto3,
// even when the field is defined in a proto3 file. Match that behavior
// for consistency.
diff --git a/vendor/google.golang.org/protobuf/internal/errors/is_go112.go b/vendor/google.golang.org/protobuf/internal/errors/is_go112.go
deleted file mode 100644
index fbcd349207..0000000000
--- a/vendor/google.golang.org/protobuf/internal/errors/is_go112.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.13
-// +build !go1.13
-
-package errors
-
-import "reflect"
-
-// Is is a copy of Go 1.13's errors.Is for use with older Go versions.
-func Is(err, target error) bool {
- if target == nil {
- return err == target
- }
-
- isComparable := reflect.TypeOf(target).Comparable()
- for {
- if isComparable && err == target {
- return true
- }
- if x, ok := err.(interface{ Is(error) bool }); ok && x.Is(target) {
- return true
- }
- if err = unwrap(err); err == nil {
- return false
- }
- }
-}
-
-func unwrap(err error) error {
- u, ok := err.(interface {
- Unwrap() error
- })
- if !ok {
- return nil
- }
- return u.Unwrap()
-}
diff --git a/vendor/google.golang.org/protobuf/internal/errors/is_go113.go b/vendor/google.golang.org/protobuf/internal/errors/is_go113.go
deleted file mode 100644
index 5e72f1cde9..0000000000
--- a/vendor/google.golang.org/protobuf/internal/errors/is_go113.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.13
-// +build go1.13
-
-package errors
-
-import "errors"
-
-// Is is errors.Is.
-func Is(err, target error) bool { return errors.Is(err, target) }
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
index f325298564..688aabe434 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
@@ -19,7 +19,6 @@ import (
"google.golang.org/protobuf/internal/pragma"
"google.golang.org/protobuf/internal/strs"
"google.golang.org/protobuf/reflect/protoreflect"
- "google.golang.org/protobuf/reflect/protoregistry"
)
// Edition is an Enum for proto2.Edition
@@ -117,6 +116,9 @@ type (
// GenerateLegacyUnmarshalJSON determines if the plugin generates the
// UnmarshalJSON([]byte) error method for enums.
GenerateLegacyUnmarshalJSON bool
+ // APILevel controls which API (Open, Hybrid or Opaque) should be used
+ // for generated code (.pb.go files).
+ APILevel int
}
)
@@ -272,7 +274,6 @@ type (
Kind protoreflect.Kind
StringName stringName
IsProto3Optional bool // promoted from google.protobuf.FieldDescriptorProto
- IsWeak bool // promoted from google.protobuf.FieldOptions
IsLazy bool // promoted from google.protobuf.FieldOptions
Default defaultValue
ContainingOneof protoreflect.OneofDescriptor // must be consistent with Message.Oneofs.Fields
@@ -366,7 +367,7 @@ func (fd *Field) IsPacked() bool {
return fd.L1.EditionFeatures.IsPacked
}
func (fd *Field) IsExtension() bool { return false }
-func (fd *Field) IsWeak() bool { return fd.L1.IsWeak }
+func (fd *Field) IsWeak() bool { return false }
func (fd *Field) IsLazy() bool { return fd.L1.IsLazy }
func (fd *Field) IsList() bool { return fd.Cardinality() == protoreflect.Repeated && !fd.IsMap() }
func (fd *Field) IsMap() bool { return fd.Message() != nil && fd.Message().IsMapEntry() }
@@ -393,11 +394,6 @@ func (fd *Field) Enum() protoreflect.EnumDescriptor {
return fd.L1.Enum
}
func (fd *Field) Message() protoreflect.MessageDescriptor {
- if fd.L1.IsWeak {
- if d, _ := protoregistry.GlobalFiles.FindDescriptorByName(fd.L1.Message.FullName()); d != nil {
- return d.(protoreflect.MessageDescriptor)
- }
- }
return fd.L1.Message
}
func (fd *Field) IsMapEntry() bool {
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
index 67a51b327c..d4c94458bd 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
@@ -32,11 +32,6 @@ func (file *File) resolveMessages() {
for j := range md.L2.Fields.List {
fd := &md.L2.Fields.List[j]
- // Weak fields are resolved upon actual use.
- if fd.L1.IsWeak {
- continue
- }
-
// Resolve message field dependency.
switch fd.L1.Kind {
case protoreflect.EnumKind:
@@ -150,8 +145,6 @@ func (fd *File) unmarshalFull(b []byte) {
switch num {
case genid.FileDescriptorProto_PublicDependency_field_number:
fd.L2.Imports[v].IsPublic = true
- case genid.FileDescriptorProto_WeakDependency_field_number:
- fd.L2.Imports[v].IsWeak = true
}
case protowire.BytesType:
v, m := protowire.ConsumeBytes(b)
@@ -502,8 +495,6 @@ func (fd *Field) unmarshalOptions(b []byte) {
switch num {
case genid.FieldOptions_Packed_field_number:
fd.L1.EditionFeatures.IsPacked = protowire.DecodeBool(v)
- case genid.FieldOptions_Weak_field_number:
- fd.L1.IsWeak = protowire.DecodeBool(v)
case genid.FieldOptions_Lazy_field_number:
fd.L1.IsLazy = protowire.DecodeBool(v)
case FieldOptions_EnforceUTF8:
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go
index 7611796e86..b08b71830c 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go
@@ -32,6 +32,10 @@ func unmarshalGoFeature(b []byte, parent EditionFeatures) EditionFeatures {
v, m := protowire.ConsumeVarint(b)
b = b[m:]
parent.GenerateLegacyUnmarshalJSON = protowire.DecodeBool(v)
+ case genid.GoFeatures_ApiLevel_field_number:
+ v, m := protowire.ConsumeVarint(b)
+ b = b[m:]
+ parent.APILevel = int(v)
case genid.GoFeatures_StripEnumPrefix_field_number:
v, m := protowire.ConsumeVarint(b)
b = b[m:]
@@ -65,6 +69,9 @@ func unmarshalFeatureSet(b []byte, parent EditionFeatures) EditionFeatures {
parent.IsDelimitedEncoded = v == genid.FeatureSet_DELIMITED_enum_value
case genid.FeatureSet_JsonFormat_field_number:
parent.IsJSONCompliant = v == genid.FeatureSet_ALLOW_enum_value
+ case genid.FeatureSet_EnforceNamingStyle_field_number:
+ // EnforceNamingStyle is enforced in protoc, languages other than C++
+ // are not supposed to do anything with this feature.
default:
panic(fmt.Sprintf("unkown field number %d while unmarshalling FeatureSet", num))
}
diff --git a/vendor/google.golang.org/protobuf/internal/filetype/build.go b/vendor/google.golang.org/protobuf/internal/filetype/build.go
index ba83fea44c..e1b4130bd2 100644
--- a/vendor/google.golang.org/protobuf/internal/filetype/build.go
+++ b/vendor/google.golang.org/protobuf/internal/filetype/build.go
@@ -63,7 +63,7 @@ type Builder struct {
// message declarations in "flattened ordering".
//
// Dependencies are Go types for enums or messages referenced by
- // message fields (excluding weak fields), for parent extended messages of
+ // message fields, for parent extended messages of
// extension fields, for enums or messages referenced by extension fields,
// and for input and output messages referenced by service methods.
// Dependencies must come after declarations, but the ordering of
diff --git a/vendor/google.golang.org/protobuf/internal/flags/flags.go b/vendor/google.golang.org/protobuf/internal/flags/flags.go
index 58372dd348..a06ccabc2f 100644
--- a/vendor/google.golang.org/protobuf/internal/flags/flags.go
+++ b/vendor/google.golang.org/protobuf/internal/flags/flags.go
@@ -6,7 +6,7 @@
package flags
// ProtoLegacy specifies whether to enable support for legacy functionality
-// such as MessageSets, weak fields, and various other obscure behavior
+// such as MessageSets, and various other obscure behavior
// that is necessary to maintain backwards compatibility with proto1 or
// the pre-release variants of proto2 and proto3.
//
diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
index f30ab6b586..39524782ad 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
@@ -1014,6 +1014,7 @@ const (
FeatureSet_Utf8Validation_field_name protoreflect.Name = "utf8_validation"
FeatureSet_MessageEncoding_field_name protoreflect.Name = "message_encoding"
FeatureSet_JsonFormat_field_name protoreflect.Name = "json_format"
+ FeatureSet_EnforceNamingStyle_field_name protoreflect.Name = "enforce_naming_style"
FeatureSet_FieldPresence_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.field_presence"
FeatureSet_EnumType_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enum_type"
@@ -1021,6 +1022,7 @@ const (
FeatureSet_Utf8Validation_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.utf8_validation"
FeatureSet_MessageEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.message_encoding"
FeatureSet_JsonFormat_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.json_format"
+ FeatureSet_EnforceNamingStyle_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enforce_naming_style"
)
// Field numbers for google.protobuf.FeatureSet.
@@ -1031,6 +1033,7 @@ const (
FeatureSet_Utf8Validation_field_number protoreflect.FieldNumber = 4
FeatureSet_MessageEncoding_field_number protoreflect.FieldNumber = 5
FeatureSet_JsonFormat_field_number protoreflect.FieldNumber = 6
+ FeatureSet_EnforceNamingStyle_field_number protoreflect.FieldNumber = 7
)
// Full and short names for google.protobuf.FeatureSet.FieldPresence.
@@ -1112,6 +1115,19 @@ const (
FeatureSet_LEGACY_BEST_EFFORT_enum_value = 2
)
+// Full and short names for google.protobuf.FeatureSet.EnforceNamingStyle.
+const (
+ FeatureSet_EnforceNamingStyle_enum_fullname = "google.protobuf.FeatureSet.EnforceNamingStyle"
+ FeatureSet_EnforceNamingStyle_enum_name = "EnforceNamingStyle"
+)
+
+// Enum values for google.protobuf.FeatureSet.EnforceNamingStyle.
+const (
+ FeatureSet_ENFORCE_NAMING_STYLE_UNKNOWN_enum_value = 0
+ FeatureSet_STYLE2024_enum_value = 1
+ FeatureSet_STYLE_LEGACY_enum_value = 2
+)
+
// Names for google.protobuf.FeatureSetDefaults.
const (
FeatureSetDefaults_message_name protoreflect.Name = "FeatureSetDefaults"
diff --git a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go
index 09792d96f6..f5ee7f5c2b 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go
@@ -21,18 +21,35 @@ const (
// Field names for pb.GoFeatures.
const (
GoFeatures_LegacyUnmarshalJsonEnum_field_name protoreflect.Name = "legacy_unmarshal_json_enum"
+ GoFeatures_ApiLevel_field_name protoreflect.Name = "api_level"
GoFeatures_StripEnumPrefix_field_name protoreflect.Name = "strip_enum_prefix"
GoFeatures_LegacyUnmarshalJsonEnum_field_fullname protoreflect.FullName = "pb.GoFeatures.legacy_unmarshal_json_enum"
+ GoFeatures_ApiLevel_field_fullname protoreflect.FullName = "pb.GoFeatures.api_level"
GoFeatures_StripEnumPrefix_field_fullname protoreflect.FullName = "pb.GoFeatures.strip_enum_prefix"
)
// Field numbers for pb.GoFeatures.
const (
GoFeatures_LegacyUnmarshalJsonEnum_field_number protoreflect.FieldNumber = 1
+ GoFeatures_ApiLevel_field_number protoreflect.FieldNumber = 2
GoFeatures_StripEnumPrefix_field_number protoreflect.FieldNumber = 3
)
+// Full and short names for pb.GoFeatures.APILevel.
+const (
+ GoFeatures_APILevel_enum_fullname = "pb.GoFeatures.APILevel"
+ GoFeatures_APILevel_enum_name = "APILevel"
+)
+
+// Enum values for pb.GoFeatures.APILevel.
+const (
+ GoFeatures_API_LEVEL_UNSPECIFIED_enum_value = 0
+ GoFeatures_API_OPEN_enum_value = 1
+ GoFeatures_API_HYBRID_enum_value = 2
+ GoFeatures_API_OPAQUE_enum_value = 3
+)
+
// Full and short names for pb.GoFeatures.StripEnumPrefix.
const (
GoFeatures_StripEnumPrefix_enum_fullname = "pb.GoFeatures.StripEnumPrefix"
diff --git a/vendor/google.golang.org/protobuf/internal/genid/goname.go b/vendor/google.golang.org/protobuf/internal/genid/goname.go
index 693d2e9e1f..99bb95bafd 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/goname.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/goname.go
@@ -11,15 +11,10 @@ const (
SizeCache_goname = "sizeCache"
SizeCacheA_goname = "XXX_sizecache"
- WeakFields_goname = "weakFields"
- WeakFieldsA_goname = "XXX_weak"
-
UnknownFields_goname = "unknownFields"
UnknownFieldsA_goname = "XXX_unrecognized"
ExtensionFields_goname = "extensionFields"
ExtensionFieldsA_goname = "XXX_InternalExtensions"
ExtensionFieldsB_goname = "XXX_extensions"
-
- WeakFieldPrefix_goname = "XXX_weak_"
)
diff --git a/vendor/google.golang.org/protobuf/internal/genid/name.go b/vendor/google.golang.org/protobuf/internal/genid/name.go
new file mode 100644
index 0000000000..224f339302
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/genid/name.go
@@ -0,0 +1,12 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package genid
+
+const (
+ NoUnkeyedLiteral_goname = "noUnkeyedLiteral"
+ NoUnkeyedLiteralA_goname = "XXX_NoUnkeyedLiteral"
+
+ BuilderSuffix_goname = "_builder"
+)
diff --git a/vendor/google.golang.org/protobuf/internal/impl/api_export_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/api_export_opaque.go
new file mode 100644
index 0000000000..6075d6f696
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/api_export_opaque.go
@@ -0,0 +1,128 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+import (
+ "strconv"
+ "sync/atomic"
+ "unsafe"
+
+ "google.golang.org/protobuf/reflect/protoreflect"
+)
+
+func (Export) UnmarshalField(msg any, fieldNum int32) {
+ UnmarshalField(msg.(protoreflect.ProtoMessage).ProtoReflect(), protoreflect.FieldNumber(fieldNum))
+}
+
+// Present checks the presence set for a certain field number (zero
+// based, ordered by appearance in original proto file). part is
+// a pointer to the correct element in the bitmask array, num is the
+// field number unaltered. Example (field number 70 -> part =
+// &m.XXX_presence[1], num = 70)
+func (Export) Present(part *uint32, num uint32) bool {
+ // This hook will read an unprotected shadow presence set if
+ // we're unning under the race detector
+ raceDetectHookPresent(part, num)
+ return atomic.LoadUint32(part)&(1<<(num%32)) > 0
+}
+
+// SetPresent adds a field to the presence set. part is a pointer to
+// the relevant element in the array and num is the field number
+// unaltered. size is the number of fields in the protocol
+// buffer.
+func (Export) SetPresent(part *uint32, num uint32, size uint32) {
+ // This hook will mutate an unprotected shadow presence set if
+ // we're running under the race detector
+ raceDetectHookSetPresent(part, num, presenceSize(size))
+ for {
+ old := atomic.LoadUint32(part)
+ if atomic.CompareAndSwapUint32(part, old, old|(1<<(num%32))) {
+ return
+ }
+ }
+}
+
+// SetPresentNonAtomic is like SetPresent, but operates non-atomically.
+// It is meant for use by builder methods, where the message is known not
+// to be accessible yet by other goroutines.
+func (Export) SetPresentNonAtomic(part *uint32, num uint32, size uint32) {
+ // This hook will mutate an unprotected shadow presence set if
+ // we're running under the race detector
+ raceDetectHookSetPresent(part, num, presenceSize(size))
+ *part |= 1 << (num % 32)
+}
+
+// ClearPresence removes a field from the presence set. part is a
+// pointer to the relevant element in the presence array and num is
+// the field number unaltered.
+func (Export) ClearPresent(part *uint32, num uint32) {
+ // This hook will mutate an unprotected shadow presence set if
+ // we're running under the race detector
+ raceDetectHookClearPresent(part, num)
+ for {
+ old := atomic.LoadUint32(part)
+ if atomic.CompareAndSwapUint32(part, old, old&^(1<<(num%32))) {
+ return
+ }
+ }
+}
+
+// interfaceToPointer takes a pointer to an empty interface whose value is a
+// pointer type, and converts it into a "pointer" that points to the same
+// target
+func interfaceToPointer(i *any) pointer {
+ return pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]}
+}
+
+func (p pointer) atomicGetPointer() pointer {
+ return pointer{p: atomic.LoadPointer((*unsafe.Pointer)(p.p))}
+}
+
+func (p pointer) atomicSetPointer(q pointer) {
+ atomic.StorePointer((*unsafe.Pointer)(p.p), q.p)
+}
+
+// AtomicCheckPointerIsNil takes an interface (which is a pointer to a
+// pointer) and returns true if the pointed-to pointer is nil (using an
+// atomic load). This function is inlineable and, on x86, just becomes a
+// simple load and compare.
+func (Export) AtomicCheckPointerIsNil(ptr any) bool {
+ return interfaceToPointer(&ptr).atomicGetPointer().IsNil()
+}
+
+// AtomicSetPointer takes two interfaces (first is a pointer to a pointer,
+// second is a pointer) and atomically sets the second pointer into location
+// referenced by first pointer. Unfortunately, atomicSetPointer() does not inline
+// (even on x86), so this does not become a simple store on x86.
+func (Export) AtomicSetPointer(dstPtr, valPtr any) {
+ interfaceToPointer(&dstPtr).atomicSetPointer(interfaceToPointer(&valPtr))
+}
+
+// AtomicLoadPointer loads the pointer at the location pointed at by src,
+// and stores that pointer value into the location pointed at by dst.
+func (Export) AtomicLoadPointer(ptr Pointer, dst Pointer) {
+ *(*unsafe.Pointer)(unsafe.Pointer(dst)) = atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(ptr)))
+}
+
+// AtomicInitializePointer makes ptr and dst point to the same value.
+//
+// If *ptr is a nil pointer, it sets *ptr = *dst.
+//
+// If *ptr is a non-nil pointer, it sets *dst = *ptr.
+func (Export) AtomicInitializePointer(ptr Pointer, dst Pointer) {
+ if !atomic.CompareAndSwapPointer((*unsafe.Pointer)(ptr), unsafe.Pointer(nil), *(*unsafe.Pointer)(dst)) {
+ *(*unsafe.Pointer)(unsafe.Pointer(dst)) = atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(ptr)))
+ }
+}
+
+// MessageFieldStringOf returns the field formatted as a string,
+// either as the field name if resolvable otherwise as a decimal string.
+func (Export) MessageFieldStringOf(md protoreflect.MessageDescriptor, n protoreflect.FieldNumber) string {
+ fd := md.Fields().ByNumber(n)
+ if fd != nil {
+ return string(fd.Name())
+ }
+ return strconv.Itoa(int(n))
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/bitmap.go b/vendor/google.golang.org/protobuf/internal/impl/bitmap.go
new file mode 100644
index 0000000000..ea276547cd
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/bitmap.go
@@ -0,0 +1,34 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !race
+
+package impl
+
+// There is no additional data as we're not running under race detector.
+type RaceDetectHookData struct{}
+
+// Empty stubs for when not using the race detector. Calls to these from index.go should be optimized away.
+func (presence) raceDetectHookPresent(num uint32) {}
+func (presence) raceDetectHookSetPresent(num uint32, size presenceSize) {}
+func (presence) raceDetectHookClearPresent(num uint32) {}
+func (presence) raceDetectHookAllocAndCopy(src presence) {}
+
+// raceDetectHookPresent is called by the generated file interface
+// (*proto.internalFuncs) Present to optionally read an unprotected
+// shadow bitmap when race detection is enabled. In regular code it is
+// a noop.
+func raceDetectHookPresent(field *uint32, num uint32) {}
+
+// raceDetectHookSetPresent is called by the generated file interface
+// (*proto.internalFuncs) SetPresent to optionally write an unprotected
+// shadow bitmap when race detection is enabled. In regular code it is
+// a noop.
+func raceDetectHookSetPresent(field *uint32, num uint32, size presenceSize) {}
+
+// raceDetectHookClearPresent is called by the generated file interface
+// (*proto.internalFuncs) ClearPresent to optionally write an unprotected
+// shadow bitmap when race detection is enabled. In regular code it is
+// a noop.
+func raceDetectHookClearPresent(field *uint32, num uint32) {}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/bitmap_race.go b/vendor/google.golang.org/protobuf/internal/impl/bitmap_race.go
new file mode 100644
index 0000000000..e9a27583ae
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/bitmap_race.go
@@ -0,0 +1,126 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build race
+
+package impl
+
+// When running under race detector, we add a presence map of bytes, that we can access
+// in the hook functions so that we trigger the race detection whenever we have concurrent
+// Read-Writes or Write-Writes. The race detector does not otherwise detect invalid concurrent
+// access to lazy fields as all updates of bitmaps and pointers are done using atomic operations.
+type RaceDetectHookData struct {
+ shadowPresence *[]byte
+}
+
+// Hooks for presence bitmap operations that allocate, read and write the shadowPresence
+// using non-atomic operations.
+func (data *RaceDetectHookData) raceDetectHookAlloc(size presenceSize) {
+ sp := make([]byte, size)
+ atomicStoreShadowPresence(&data.shadowPresence, &sp)
+}
+
+func (p presence) raceDetectHookPresent(num uint32) {
+ data := p.toRaceDetectData()
+ if data == nil {
+ return
+ }
+ sp := atomicLoadShadowPresence(&data.shadowPresence)
+ if sp != nil {
+ _ = (*sp)[num]
+ }
+}
+
+func (p presence) raceDetectHookSetPresent(num uint32, size presenceSize) {
+ data := p.toRaceDetectData()
+ if data == nil {
+ return
+ }
+ sp := atomicLoadShadowPresence(&data.shadowPresence)
+ if sp == nil {
+ data.raceDetectHookAlloc(size)
+ sp = atomicLoadShadowPresence(&data.shadowPresence)
+ }
+ (*sp)[num] = 1
+}
+
+func (p presence) raceDetectHookClearPresent(num uint32) {
+ data := p.toRaceDetectData()
+ if data == nil {
+ return
+ }
+ sp := atomicLoadShadowPresence(&data.shadowPresence)
+ if sp != nil {
+ (*sp)[num] = 0
+
+ }
+}
+
+// raceDetectHookAllocAndCopy allocates a new shadowPresence slice at lazy and copies
+// shadowPresence bytes from src to lazy.
+func (p presence) raceDetectHookAllocAndCopy(q presence) {
+ sData := q.toRaceDetectData()
+ dData := p.toRaceDetectData()
+ if sData == nil {
+ return
+ }
+ srcSp := atomicLoadShadowPresence(&sData.shadowPresence)
+ if srcSp == nil {
+ atomicStoreShadowPresence(&dData.shadowPresence, nil)
+ return
+ }
+ n := len(*srcSp)
+ dSlice := make([]byte, n)
+ atomicStoreShadowPresence(&dData.shadowPresence, &dSlice)
+ for i := 0; i < n; i++ {
+ dSlice[i] = (*srcSp)[i]
+ }
+}
+
+// raceDetectHookPresent is called by the generated file interface
+// (*proto.internalFuncs) Present to optionally read an unprotected
+// shadow bitmap when race detection is enabled. In regular code it is
+// a noop.
+func raceDetectHookPresent(field *uint32, num uint32) {
+ data := findPointerToRaceDetectData(field, num)
+ if data == nil {
+ return
+ }
+ sp := atomicLoadShadowPresence(&data.shadowPresence)
+ if sp != nil {
+ _ = (*sp)[num]
+ }
+}
+
+// raceDetectHookSetPresent is called by the generated file interface
+// (*proto.internalFuncs) SetPresent to optionally write an unprotected
+// shadow bitmap when race detection is enabled. In regular code it is
+// a noop.
+func raceDetectHookSetPresent(field *uint32, num uint32, size presenceSize) {
+ data := findPointerToRaceDetectData(field, num)
+ if data == nil {
+ return
+ }
+ sp := atomicLoadShadowPresence(&data.shadowPresence)
+ if sp == nil {
+ data.raceDetectHookAlloc(size)
+ sp = atomicLoadShadowPresence(&data.shadowPresence)
+ }
+ (*sp)[num] = 1
+}
+
+// raceDetectHookClearPresent is called by the generated file interface
+// (*proto.internalFuncs) ClearPresent to optionally write an unprotected
+// shadow bitmap when race detection is enabled. In regular code it is
+// a noop.
+func raceDetectHookClearPresent(field *uint32, num uint32) {
+ data := findPointerToRaceDetectData(field, num)
+ if data == nil {
+ return
+ }
+ sp := atomicLoadShadowPresence(&data.shadowPresence)
+ if sp != nil {
+ (*sp)[num] = 0
+ }
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/checkinit.go b/vendor/google.golang.org/protobuf/internal/impl/checkinit.go
index f29e6a8fa8..fe2c719ce4 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/checkinit.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/checkinit.go
@@ -35,6 +35,12 @@ func (mi *MessageInfo) checkInitializedPointer(p pointer) error {
}
return nil
}
+
+ var presence presence
+ if mi.presenceOffset.IsValid() {
+ presence = p.Apply(mi.presenceOffset).PresenceInfo()
+ }
+
if mi.extensionOffset.IsValid() {
e := p.Apply(mi.extensionOffset).Extensions()
if err := mi.isInitExtensions(e); err != nil {
@@ -45,6 +51,33 @@ func (mi *MessageInfo) checkInitializedPointer(p pointer) error {
if !f.isRequired && f.funcs.isInit == nil {
continue
}
+
+ if f.presenceIndex != noPresence {
+ if !presence.Present(f.presenceIndex) {
+ if f.isRequired {
+ return errors.RequiredNotSet(string(mi.Desc.Fields().ByNumber(f.num).FullName()))
+ }
+ continue
+ }
+ if f.funcs.isInit != nil {
+ f.mi.init()
+ if f.mi.needsInitCheck {
+ if f.isLazy && p.Apply(f.offset).AtomicGetPointer().IsNil() {
+ lazy := *p.Apply(mi.lazyOffset).LazyInfoPtr()
+ if !lazy.AllowedPartial() {
+ // Nothing to see here, it was checked on unmarshal
+ continue
+ }
+ mi.lazyUnmarshal(p, f.num)
+ }
+ if err := f.funcs.isInit(p.Apply(f.offset), f); err != nil {
+ return err
+ }
+ }
+ }
+ continue
+ }
+
fptr := p.Apply(f.offset)
if f.isPointer && fptr.Elem().IsNil() {
if f.isRequired {
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go
index 7c1f66c8c1..d14d7d93cc 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go
@@ -5,15 +5,12 @@
package impl
import (
- "fmt"
"reflect"
- "sync"
"google.golang.org/protobuf/encoding/protowire"
"google.golang.org/protobuf/internal/errors"
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/reflect/protoreflect"
- "google.golang.org/protobuf/reflect/protoregistry"
"google.golang.org/protobuf/runtime/protoiface"
)
@@ -121,78 +118,6 @@ func (mi *MessageInfo) initOneofFieldCoders(od protoreflect.OneofDescriptor, si
}
}
-func makeWeakMessageFieldCoder(fd protoreflect.FieldDescriptor) pointerCoderFuncs {
- var once sync.Once
- var messageType protoreflect.MessageType
- lazyInit := func() {
- once.Do(func() {
- messageName := fd.Message().FullName()
- messageType, _ = protoregistry.GlobalTypes.FindMessageByName(messageName)
- })
- }
-
- return pointerCoderFuncs{
- size: func(p pointer, f *coderFieldInfo, opts marshalOptions) int {
- m, ok := p.WeakFields().get(f.num)
- if !ok {
- return 0
- }
- lazyInit()
- if messageType == nil {
- panic(fmt.Sprintf("weak message %v is not linked in", fd.Message().FullName()))
- }
- return sizeMessage(m, f.tagsize, opts)
- },
- marshal: func(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
- m, ok := p.WeakFields().get(f.num)
- if !ok {
- return b, nil
- }
- lazyInit()
- if messageType == nil {
- panic(fmt.Sprintf("weak message %v is not linked in", fd.Message().FullName()))
- }
- return appendMessage(b, m, f.wiretag, opts)
- },
- unmarshal: func(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (unmarshalOutput, error) {
- fs := p.WeakFields()
- m, ok := fs.get(f.num)
- if !ok {
- lazyInit()
- if messageType == nil {
- return unmarshalOutput{}, errUnknown
- }
- m = messageType.New().Interface()
- fs.set(f.num, m)
- }
- return consumeMessage(b, m, wtyp, opts)
- },
- isInit: func(p pointer, f *coderFieldInfo) error {
- m, ok := p.WeakFields().get(f.num)
- if !ok {
- return nil
- }
- return proto.CheckInitialized(m)
- },
- merge: func(dst, src pointer, f *coderFieldInfo, opts mergeOptions) {
- sm, ok := src.WeakFields().get(f.num)
- if !ok {
- return
- }
- dm, ok := dst.WeakFields().get(f.num)
- if !ok {
- lazyInit()
- if messageType == nil {
- panic(fmt.Sprintf("weak message %v is not linked in", fd.Message().FullName()))
- }
- dm = messageType.New().Interface()
- dst.WeakFields().set(f.num, dm)
- }
- opts.Merge(dm, sm)
- },
- }
-}
-
func makeMessageFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) pointerCoderFuncs {
if mi := getMessageInfo(ft); mi != nil {
funcs := pointerCoderFuncs{
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_field_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/codec_field_opaque.go
new file mode 100644
index 0000000000..76818ea252
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_field_opaque.go
@@ -0,0 +1,264 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+import (
+ "fmt"
+ "reflect"
+
+ "google.golang.org/protobuf/encoding/protowire"
+ "google.golang.org/protobuf/internal/errors"
+ "google.golang.org/protobuf/reflect/protoreflect"
+)
+
+func makeOpaqueMessageFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointerCoderFuncs) {
+ mi := getMessageInfo(ft)
+ if mi == nil {
+ panic(fmt.Sprintf("invalid field: %v: unsupported message type %v", fd.FullName(), ft))
+ }
+ switch fd.Kind() {
+ case protoreflect.MessageKind:
+ return mi, pointerCoderFuncs{
+ size: sizeOpaqueMessage,
+ marshal: appendOpaqueMessage,
+ unmarshal: consumeOpaqueMessage,
+ isInit: isInitOpaqueMessage,
+ merge: mergeOpaqueMessage,
+ }
+ case protoreflect.GroupKind:
+ return mi, pointerCoderFuncs{
+ size: sizeOpaqueGroup,
+ marshal: appendOpaqueGroup,
+ unmarshal: consumeOpaqueGroup,
+ isInit: isInitOpaqueMessage,
+ merge: mergeOpaqueMessage,
+ }
+ }
+ panic("unexpected field kind")
+}
+
+func sizeOpaqueMessage(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) {
+ return protowire.SizeBytes(f.mi.sizePointer(p.AtomicGetPointer(), opts)) + f.tagsize
+}
+
+func appendOpaqueMessage(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
+ mp := p.AtomicGetPointer()
+ calculatedSize := f.mi.sizePointer(mp, opts)
+ b = protowire.AppendVarint(b, f.wiretag)
+ b = protowire.AppendVarint(b, uint64(calculatedSize))
+ before := len(b)
+ b, err := f.mi.marshalAppendPointer(b, mp, opts)
+ if measuredSize := len(b) - before; calculatedSize != measuredSize && err == nil {
+ return nil, errors.MismatchedSizeCalculation(calculatedSize, measuredSize)
+ }
+ return b, err
+}
+
+func consumeOpaqueMessage(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) {
+ if wtyp != protowire.BytesType {
+ return out, errUnknown
+ }
+ v, n := protowire.ConsumeBytes(b)
+ if n < 0 {
+ return out, errDecode
+ }
+ mp := p.AtomicGetPointer()
+ if mp.IsNil() {
+ mp = p.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.mi.GoReflectType.Elem())))
+ }
+ o, err := f.mi.unmarshalPointer(v, mp, 0, opts)
+ if err != nil {
+ return out, err
+ }
+ out.n = n
+ out.initialized = o.initialized
+ return out, nil
+}
+
+func isInitOpaqueMessage(p pointer, f *coderFieldInfo) error {
+ mp := p.AtomicGetPointer()
+ if mp.IsNil() {
+ return nil
+ }
+ return f.mi.checkInitializedPointer(mp)
+}
+
+func mergeOpaqueMessage(dst, src pointer, f *coderFieldInfo, opts mergeOptions) {
+ dstmp := dst.AtomicGetPointer()
+ if dstmp.IsNil() {
+ dstmp = dst.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.mi.GoReflectType.Elem())))
+ }
+ f.mi.mergePointer(dstmp, src.AtomicGetPointer(), opts)
+}
+
+func sizeOpaqueGroup(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) {
+ return 2*f.tagsize + f.mi.sizePointer(p.AtomicGetPointer(), opts)
+}
+
+func appendOpaqueGroup(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
+ b = protowire.AppendVarint(b, f.wiretag) // start group
+ b, err := f.mi.marshalAppendPointer(b, p.AtomicGetPointer(), opts)
+ b = protowire.AppendVarint(b, f.wiretag+1) // end group
+ return b, err
+}
+
+func consumeOpaqueGroup(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) {
+ if wtyp != protowire.StartGroupType {
+ return out, errUnknown
+ }
+ mp := p.AtomicGetPointer()
+ if mp.IsNil() {
+ mp = p.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.mi.GoReflectType.Elem())))
+ }
+ o, e := f.mi.unmarshalPointer(b, mp, f.num, opts)
+ return o, e
+}
+
+func makeOpaqueRepeatedMessageFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointerCoderFuncs) {
+ if ft.Kind() != reflect.Ptr || ft.Elem().Kind() != reflect.Slice {
+ panic(fmt.Sprintf("invalid field: %v: unsupported type for opaque repeated message: %v", fd.FullName(), ft))
+ }
+ mt := ft.Elem().Elem() // *[]*T -> *T
+ mi := getMessageInfo(mt)
+ if mi == nil {
+ panic(fmt.Sprintf("invalid field: %v: unsupported message type %v", fd.FullName(), mt))
+ }
+ switch fd.Kind() {
+ case protoreflect.MessageKind:
+ return mi, pointerCoderFuncs{
+ size: sizeOpaqueMessageSlice,
+ marshal: appendOpaqueMessageSlice,
+ unmarshal: consumeOpaqueMessageSlice,
+ isInit: isInitOpaqueMessageSlice,
+ merge: mergeOpaqueMessageSlice,
+ }
+ case protoreflect.GroupKind:
+ return mi, pointerCoderFuncs{
+ size: sizeOpaqueGroupSlice,
+ marshal: appendOpaqueGroupSlice,
+ unmarshal: consumeOpaqueGroupSlice,
+ isInit: isInitOpaqueMessageSlice,
+ merge: mergeOpaqueMessageSlice,
+ }
+ }
+ panic("unexpected field kind")
+}
+
+func sizeOpaqueMessageSlice(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) {
+ s := p.AtomicGetPointer().PointerSlice()
+ n := 0
+ for _, v := range s {
+ n += protowire.SizeBytes(f.mi.sizePointer(v, opts)) + f.tagsize
+ }
+ return n
+}
+
+func appendOpaqueMessageSlice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
+ s := p.AtomicGetPointer().PointerSlice()
+ var err error
+ for _, v := range s {
+ b = protowire.AppendVarint(b, f.wiretag)
+ siz := f.mi.sizePointer(v, opts)
+ b = protowire.AppendVarint(b, uint64(siz))
+ before := len(b)
+ b, err = f.mi.marshalAppendPointer(b, v, opts)
+ if err != nil {
+ return b, err
+ }
+ if measuredSize := len(b) - before; siz != measuredSize {
+ return nil, errors.MismatchedSizeCalculation(siz, measuredSize)
+ }
+ }
+ return b, nil
+}
+
+func consumeOpaqueMessageSlice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) {
+ if wtyp != protowire.BytesType {
+ return out, errUnknown
+ }
+ v, n := protowire.ConsumeBytes(b)
+ if n < 0 {
+ return out, errDecode
+ }
+ mp := pointerOfValue(reflect.New(f.mi.GoReflectType.Elem()))
+ o, err := f.mi.unmarshalPointer(v, mp, 0, opts)
+ if err != nil {
+ return out, err
+ }
+ sp := p.AtomicGetPointer()
+ if sp.IsNil() {
+ sp = p.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.ft.Elem())))
+ }
+ sp.AppendPointerSlice(mp)
+ out.n = n
+ out.initialized = o.initialized
+ return out, nil
+}
+
+func isInitOpaqueMessageSlice(p pointer, f *coderFieldInfo) error {
+ sp := p.AtomicGetPointer()
+ if sp.IsNil() {
+ return nil
+ }
+ s := sp.PointerSlice()
+ for _, v := range s {
+ if err := f.mi.checkInitializedPointer(v); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func mergeOpaqueMessageSlice(dst, src pointer, f *coderFieldInfo, opts mergeOptions) {
+ ds := dst.AtomicGetPointer()
+ if ds.IsNil() {
+ ds = dst.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.ft.Elem())))
+ }
+ for _, sp := range src.AtomicGetPointer().PointerSlice() {
+ dm := pointerOfValue(reflect.New(f.mi.GoReflectType.Elem()))
+ f.mi.mergePointer(dm, sp, opts)
+ ds.AppendPointerSlice(dm)
+ }
+}
+
+func sizeOpaqueGroupSlice(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) {
+ s := p.AtomicGetPointer().PointerSlice()
+ n := 0
+ for _, v := range s {
+ n += 2*f.tagsize + f.mi.sizePointer(v, opts)
+ }
+ return n
+}
+
+func appendOpaqueGroupSlice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
+ s := p.AtomicGetPointer().PointerSlice()
+ var err error
+ for _, v := range s {
+ b = protowire.AppendVarint(b, f.wiretag) // start group
+ b, err = f.mi.marshalAppendPointer(b, v, opts)
+ if err != nil {
+ return b, err
+ }
+ b = protowire.AppendVarint(b, f.wiretag+1) // end group
+ }
+ return b, nil
+}
+
+func consumeOpaqueGroupSlice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) {
+ if wtyp != protowire.StartGroupType {
+ return out, errUnknown
+ }
+ mp := pointerOfValue(reflect.New(f.mi.GoReflectType.Elem()))
+ out, err = f.mi.unmarshalPointer(b, mp, f.num, opts)
+ if err != nil {
+ return out, err
+ }
+ sp := p.AtomicGetPointer()
+ if sp.IsNil() {
+ sp = p.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.ft.Elem())))
+ }
+ sp.AppendPointerSlice(mp)
+ return out, err
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go
index fb35f0bae9..229c698013 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go
@@ -94,7 +94,7 @@ func sizeMap(mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo, opts marshalO
return 0
}
n := 0
- iter := mapRange(mapv)
+ iter := mapv.MapRange()
for iter.Next() {
key := mapi.conv.keyConv.PBValueOf(iter.Key()).MapKey()
keySize := mapi.keyFuncs.size(key.Value(), mapKeyTagSize, opts)
@@ -281,7 +281,7 @@ func appendMap(b []byte, mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo, o
if opts.Deterministic() {
return appendMapDeterministic(b, mapv, mapi, f, opts)
}
- iter := mapRange(mapv)
+ iter := mapv.MapRange()
for iter.Next() {
var err error
b = protowire.AppendVarint(b, f.wiretag)
@@ -328,7 +328,7 @@ func isInitMap(mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo) error {
if !mi.needsInitCheck {
return nil
}
- iter := mapRange(mapv)
+ iter := mapv.MapRange()
for iter.Next() {
val := pointerOfValue(iter.Value())
if err := mi.checkInitializedPointer(val); err != nil {
@@ -336,7 +336,7 @@ func isInitMap(mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo) error {
}
}
} else {
- iter := mapRange(mapv)
+ iter := mapv.MapRange()
for iter.Next() {
val := mapi.conv.valConv.PBValueOf(iter.Value())
if err := mapi.valFuncs.isInit(val); err != nil {
@@ -356,7 +356,7 @@ func mergeMap(dst, src pointer, f *coderFieldInfo, opts mergeOptions) {
if dstm.IsNil() {
dstm.Set(reflect.MakeMap(f.ft))
}
- iter := mapRange(srcm)
+ iter := srcm.MapRange()
for iter.Next() {
dstm.SetMapIndex(iter.Key(), iter.Value())
}
@@ -371,7 +371,7 @@ func mergeMapOfBytes(dst, src pointer, f *coderFieldInfo, opts mergeOptions) {
if dstm.IsNil() {
dstm.Set(reflect.MakeMap(f.ft))
}
- iter := mapRange(srcm)
+ iter := srcm.MapRange()
for iter.Next() {
dstm.SetMapIndex(iter.Key(), reflect.ValueOf(append(emptyBuf[:], iter.Value().Bytes()...)))
}
@@ -386,7 +386,7 @@ func mergeMapOfMessage(dst, src pointer, f *coderFieldInfo, opts mergeOptions) {
if dstm.IsNil() {
dstm.Set(reflect.MakeMap(f.ft))
}
- iter := mapRange(srcm)
+ iter := srcm.MapRange()
for iter.Next() {
val := reflect.New(f.ft.Elem().Elem())
if f.mi != nil {
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map_go111.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map_go111.go
deleted file mode 100644
index 4b15493f2f..0000000000
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_map_go111.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.12
-// +build !go1.12
-
-package impl
-
-import "reflect"
-
-type mapIter struct {
- v reflect.Value
- keys []reflect.Value
-}
-
-// mapRange provides a less-efficient equivalent to
-// the Go 1.12 reflect.Value.MapRange method.
-func mapRange(v reflect.Value) *mapIter {
- return &mapIter{v: v}
-}
-
-func (i *mapIter) Next() bool {
- if i.keys == nil {
- i.keys = i.v.MapKeys()
- } else {
- i.keys = i.keys[1:]
- }
- return len(i.keys) > 0
-}
-
-func (i *mapIter) Key() reflect.Value {
- return i.keys[0]
-}
-
-func (i *mapIter) Value() reflect.Value {
- return i.v.MapIndex(i.keys[0])
-}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map_go112.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map_go112.go
deleted file mode 100644
index 0b31b66eaf..0000000000
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_map_go112.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.12
-// +build go1.12
-
-package impl
-
-import "reflect"
-
-func mapRange(v reflect.Value) *reflect.MapIter { return v.MapRange() }
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go
index 78be9df342..f78b57b046 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go
@@ -32,6 +32,10 @@ type coderMessageInfo struct {
needsInitCheck bool
isMessageSet bool
numRequiredFields uint8
+
+ lazyOffset offset
+ presenceOffset offset
+ presenceSize presenceSize
}
type coderFieldInfo struct {
@@ -45,12 +49,19 @@ type coderFieldInfo struct {
tagsize int // size of the varint-encoded tag
isPointer bool // true if IsNil may be called on the struct field
isRequired bool // true if field is required
+
+ isLazy bool
+ presenceIndex uint32
}
+const noPresence = 0xffffffff
+
func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) {
mi.sizecacheOffset = invalidOffset
mi.unknownOffset = invalidOffset
mi.extensionOffset = invalidOffset
+ mi.lazyOffset = invalidOffset
+ mi.presenceOffset = si.presenceOffset
if si.sizecacheOffset.IsValid() && si.sizecacheType == sizecacheType {
mi.sizecacheOffset = si.sizecacheOffset
@@ -107,12 +118,9 @@ func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) {
},
}
case isOneof:
- fieldOffset = offsetOf(fs, mi.Exporter)
- case fd.IsWeak():
- fieldOffset = si.weakOffset
- funcs = makeWeakMessageFieldCoder(fd)
+ fieldOffset = offsetOf(fs)
default:
- fieldOffset = offsetOf(fs, mi.Exporter)
+ fieldOffset = offsetOf(fs)
childMessage, funcs = fieldCoder(fd, ft)
}
cf := &preallocFields[i]
@@ -127,6 +135,8 @@ func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) {
validation: newFieldValidationInfo(mi, si, fd, ft),
isPointer: fd.Cardinality() == protoreflect.Repeated || fd.HasPresence(),
isRequired: fd.Cardinality() == protoreflect.Required,
+
+ presenceIndex: noPresence,
}
mi.orderedCoderFields = append(mi.orderedCoderFields, cf)
mi.coderFields[cf.num] = cf
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go
new file mode 100644
index 0000000000..41c1f74ef8
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go
@@ -0,0 +1,153 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+import (
+ "fmt"
+ "reflect"
+ "sort"
+
+ "google.golang.org/protobuf/encoding/protowire"
+ "google.golang.org/protobuf/internal/encoding/messageset"
+ "google.golang.org/protobuf/internal/order"
+ "google.golang.org/protobuf/reflect/protoreflect"
+ piface "google.golang.org/protobuf/runtime/protoiface"
+)
+
+func (mi *MessageInfo) makeOpaqueCoderMethods(t reflect.Type, si opaqueStructInfo) {
+ mi.sizecacheOffset = si.sizecacheOffset
+ mi.unknownOffset = si.unknownOffset
+ mi.unknownPtrKind = si.unknownType.Kind() == reflect.Ptr
+ mi.extensionOffset = si.extensionOffset
+ mi.lazyOffset = si.lazyOffset
+ mi.presenceOffset = si.presenceOffset
+
+ mi.coderFields = make(map[protowire.Number]*coderFieldInfo)
+ fields := mi.Desc.Fields()
+ for i := 0; i < fields.Len(); i++ {
+ fd := fields.Get(i)
+
+ fs := si.fieldsByNumber[fd.Number()]
+ if fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic() {
+ fs = si.oneofsByName[fd.ContainingOneof().Name()]
+ }
+ ft := fs.Type
+ var wiretag uint64
+ if !fd.IsPacked() {
+ wiretag = protowire.EncodeTag(fd.Number(), wireTypes[fd.Kind()])
+ } else {
+ wiretag = protowire.EncodeTag(fd.Number(), protowire.BytesType)
+ }
+ var fieldOffset offset
+ var funcs pointerCoderFuncs
+ var childMessage *MessageInfo
+ switch {
+ case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic():
+ fieldOffset = offsetOf(fs)
+ case fd.Message() != nil && !fd.IsMap():
+ fieldOffset = offsetOf(fs)
+ if fd.IsList() {
+ childMessage, funcs = makeOpaqueRepeatedMessageFieldCoder(fd, ft)
+ } else {
+ childMessage, funcs = makeOpaqueMessageFieldCoder(fd, ft)
+ }
+ default:
+ fieldOffset = offsetOf(fs)
+ childMessage, funcs = fieldCoder(fd, ft)
+ }
+ cf := &coderFieldInfo{
+ num: fd.Number(),
+ offset: fieldOffset,
+ wiretag: wiretag,
+ ft: ft,
+ tagsize: protowire.SizeVarint(wiretag),
+ funcs: funcs,
+ mi: childMessage,
+ validation: newFieldValidationInfo(mi, si.structInfo, fd, ft),
+ isPointer: (fd.Cardinality() == protoreflect.Repeated ||
+ fd.Kind() == protoreflect.MessageKind ||
+ fd.Kind() == protoreflect.GroupKind),
+ isRequired: fd.Cardinality() == protoreflect.Required,
+ presenceIndex: noPresence,
+ }
+
+ // TODO: Use presence for all fields.
+ //
+ // In some cases, such as maps, presence means only "might be set" rather
+ // than "is definitely set", but every field should have a presence bit to
+ // permit us to skip over definitely-unset fields at marshal time.
+
+ var hasPresence bool
+ hasPresence, cf.isLazy = usePresenceForField(si, fd)
+
+ if hasPresence {
+ cf.presenceIndex, mi.presenceSize = presenceIndex(mi.Desc, fd)
+ }
+
+ mi.orderedCoderFields = append(mi.orderedCoderFields, cf)
+ mi.coderFields[cf.num] = cf
+ }
+ for i, oneofs := 0, mi.Desc.Oneofs(); i < oneofs.Len(); i++ {
+ if od := oneofs.Get(i); !od.IsSynthetic() {
+ mi.initOneofFieldCoders(od, si.structInfo)
+ }
+ }
+ if messageset.IsMessageSet(mi.Desc) {
+ if !mi.extensionOffset.IsValid() {
+ panic(fmt.Sprintf("%v: MessageSet with no extensions field", mi.Desc.FullName()))
+ }
+ if !mi.unknownOffset.IsValid() {
+ panic(fmt.Sprintf("%v: MessageSet with no unknown field", mi.Desc.FullName()))
+ }
+ mi.isMessageSet = true
+ }
+ sort.Slice(mi.orderedCoderFields, func(i, j int) bool {
+ return mi.orderedCoderFields[i].num < mi.orderedCoderFields[j].num
+ })
+
+ var maxDense protoreflect.FieldNumber
+ for _, cf := range mi.orderedCoderFields {
+ if cf.num >= 16 && cf.num >= 2*maxDense {
+ break
+ }
+ maxDense = cf.num
+ }
+ mi.denseCoderFields = make([]*coderFieldInfo, maxDense+1)
+ for _, cf := range mi.orderedCoderFields {
+ if int(cf.num) > len(mi.denseCoderFields) {
+ break
+ }
+ mi.denseCoderFields[cf.num] = cf
+ }
+
+ // To preserve compatibility with historic wire output, marshal oneofs last.
+ if mi.Desc.Oneofs().Len() > 0 {
+ sort.Slice(mi.orderedCoderFields, func(i, j int) bool {
+ fi := fields.ByNumber(mi.orderedCoderFields[i].num)
+ fj := fields.ByNumber(mi.orderedCoderFields[j].num)
+ return order.LegacyFieldOrder(fi, fj)
+ })
+ }
+
+ mi.needsInitCheck = needsInitCheck(mi.Desc)
+ if mi.methods.Marshal == nil && mi.methods.Size == nil {
+ mi.methods.Flags |= piface.SupportMarshalDeterministic
+ mi.methods.Marshal = mi.marshal
+ mi.methods.Size = mi.size
+ }
+ if mi.methods.Unmarshal == nil {
+ mi.methods.Flags |= piface.SupportUnmarshalDiscardUnknown
+ mi.methods.Unmarshal = mi.unmarshal
+ }
+ if mi.methods.CheckInitialized == nil {
+ mi.methods.CheckInitialized = mi.checkInitialized
+ }
+ if mi.methods.Merge == nil {
+ mi.methods.Merge = mi.merge
+ }
+ if mi.methods.Equal == nil {
+ mi.methods.Equal = equal
+ }
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert_map.go b/vendor/google.golang.org/protobuf/internal/impl/convert_map.go
index 304244a651..e4580b3ac2 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/convert_map.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/convert_map.go
@@ -101,7 +101,7 @@ func (ms *mapReflect) Mutable(k protoreflect.MapKey) protoreflect.Value {
return v
}
func (ms *mapReflect) Range(f func(protoreflect.MapKey, protoreflect.Value) bool) {
- iter := mapRange(ms.v)
+ iter := ms.v.MapRange()
for iter.Next() {
k := ms.keyConv.PBValueOf(iter.Key()).MapKey()
v := ms.valConv.PBValueOf(iter.Value())
diff --git a/vendor/google.golang.org/protobuf/internal/impl/decode.go b/vendor/google.golang.org/protobuf/internal/impl/decode.go
index cda0520c27..e0dd21fa5f 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/decode.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/decode.go
@@ -34,6 +34,8 @@ func (o unmarshalOptions) Options() proto.UnmarshalOptions {
AllowPartial: true,
DiscardUnknown: o.DiscardUnknown(),
Resolver: o.resolver,
+
+ NoLazyDecoding: o.NoLazyDecoding(),
}
}
@@ -41,13 +43,26 @@ func (o unmarshalOptions) DiscardUnknown() bool {
return o.flags&protoiface.UnmarshalDiscardUnknown != 0
}
-func (o unmarshalOptions) IsDefault() bool {
- return o.flags == 0 && o.resolver == protoregistry.GlobalTypes
+func (o unmarshalOptions) AliasBuffer() bool { return o.flags&protoiface.UnmarshalAliasBuffer != 0 }
+func (o unmarshalOptions) Validated() bool { return o.flags&protoiface.UnmarshalValidated != 0 }
+func (o unmarshalOptions) NoLazyDecoding() bool {
+ return o.flags&protoiface.UnmarshalNoLazyDecoding != 0
+}
+
+func (o unmarshalOptions) CanBeLazy() bool {
+ if o.resolver != protoregistry.GlobalTypes {
+ return false
+ }
+ // We ignore the UnmarshalInvalidateSizeCache even though it's not in the default set
+ return (o.flags & ^(protoiface.UnmarshalAliasBuffer | protoiface.UnmarshalValidated | protoiface.UnmarshalCheckRequired)) == 0
}
var lazyUnmarshalOptions = unmarshalOptions{
resolver: protoregistry.GlobalTypes,
- depth: protowire.DefaultRecursionLimit,
+
+ flags: protoiface.UnmarshalAliasBuffer | protoiface.UnmarshalValidated,
+
+ depth: protowire.DefaultRecursionLimit,
}
type unmarshalOutput struct {
@@ -94,9 +109,30 @@ func (mi *MessageInfo) unmarshalPointer(b []byte, p pointer, groupTag protowire.
if flags.ProtoLegacy && mi.isMessageSet {
return unmarshalMessageSet(mi, b, p, opts)
}
+
+ lazyDecoding := LazyEnabled() // default
+ if opts.NoLazyDecoding() {
+ lazyDecoding = false // explicitly disabled
+ }
+ if mi.lazyOffset.IsValid() && lazyDecoding {
+ return mi.unmarshalPointerLazy(b, p, groupTag, opts)
+ }
+ return mi.unmarshalPointerEager(b, p, groupTag, opts)
+}
+
+// unmarshalPointerEager is the message unmarshalling function for all messages that are not lazy.
+// The corresponding function for Lazy is in google_lazy.go.
+func (mi *MessageInfo) unmarshalPointerEager(b []byte, p pointer, groupTag protowire.Number, opts unmarshalOptions) (out unmarshalOutput, err error) {
+
initialized := true
var requiredMask uint64
var exts *map[int32]ExtensionField
+
+ var presence presence
+ if mi.presenceOffset.IsValid() {
+ presence = p.Apply(mi.presenceOffset).PresenceInfo()
+ }
+
start := len(b)
for len(b) > 0 {
// Parse the tag (field number and wire type).
@@ -154,6 +190,11 @@ func (mi *MessageInfo) unmarshalPointer(b []byte, p pointer, groupTag protowire.
if f.funcs.isInit != nil && !o.initialized {
initialized = false
}
+
+ if f.presenceIndex != noPresence {
+ presence.SetPresentUnatomic(f.presenceIndex, mi.presenceSize)
+ }
+
default:
// Possible extension.
if exts == nil && mi.extensionOffset.IsValid() {
@@ -222,7 +263,7 @@ func (mi *MessageInfo) unmarshalExtension(b []byte, num protowire.Number, wtyp p
return out, errUnknown
}
if flags.LazyUnmarshalExtensions {
- if opts.IsDefault() && x.canLazy(xt) {
+ if opts.CanBeLazy() && x.canLazy(xt) {
out, valid := skipExtension(b, xi, num, wtyp, opts)
switch valid {
case ValidationValid:
@@ -270,6 +311,13 @@ func skipExtension(b []byte, xi *extensionFieldInfo, num protowire.Number, wtyp
if n < 0 {
return out, ValidationUnknown
}
+
+ if opts.Validated() {
+ out.initialized = true
+ out.n = n
+ return out, ValidationValid
+ }
+
out, st := xi.validation.mi.validate(v, 0, opts)
out.n = n
return out, st
diff --git a/vendor/google.golang.org/protobuf/internal/impl/encode.go b/vendor/google.golang.org/protobuf/internal/impl/encode.go
index 6254f5de41..b2e212291d 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/encode.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/encode.go
@@ -10,6 +10,7 @@ import (
"sync/atomic"
"google.golang.org/protobuf/internal/flags"
+ "google.golang.org/protobuf/internal/protolazy"
"google.golang.org/protobuf/proto"
piface "google.golang.org/protobuf/runtime/protoiface"
)
@@ -71,11 +72,39 @@ func (mi *MessageInfo) sizePointerSlow(p pointer, opts marshalOptions) (size int
e := p.Apply(mi.extensionOffset).Extensions()
size += mi.sizeExtensions(e, opts)
}
+
+ var lazy **protolazy.XXX_lazyUnmarshalInfo
+ var presence presence
+ if mi.presenceOffset.IsValid() {
+ presence = p.Apply(mi.presenceOffset).PresenceInfo()
+ if mi.lazyOffset.IsValid() {
+ lazy = p.Apply(mi.lazyOffset).LazyInfoPtr()
+ }
+ }
+
for _, f := range mi.orderedCoderFields {
if f.funcs.size == nil {
continue
}
fptr := p.Apply(f.offset)
+
+ if f.presenceIndex != noPresence {
+ if !presence.Present(f.presenceIndex) {
+ continue
+ }
+
+ if f.isLazy && fptr.AtomicGetPointer().IsNil() {
+ if lazyFields(opts) {
+ size += (*lazy).SizeField(uint32(f.num))
+ continue
+ } else {
+ mi.lazyUnmarshal(p, f.num)
+ }
+ }
+ size += f.funcs.size(fptr, f, opts)
+ continue
+ }
+
if f.isPointer && fptr.Elem().IsNil() {
continue
}
@@ -134,11 +163,52 @@ func (mi *MessageInfo) marshalAppendPointer(b []byte, p pointer, opts marshalOpt
return b, err
}
}
+
+ var lazy **protolazy.XXX_lazyUnmarshalInfo
+ var presence presence
+ if mi.presenceOffset.IsValid() {
+ presence = p.Apply(mi.presenceOffset).PresenceInfo()
+ if mi.lazyOffset.IsValid() {
+ lazy = p.Apply(mi.lazyOffset).LazyInfoPtr()
+ }
+ }
+
for _, f := range mi.orderedCoderFields {
if f.funcs.marshal == nil {
continue
}
fptr := p.Apply(f.offset)
+
+ if f.presenceIndex != noPresence {
+ if !presence.Present(f.presenceIndex) {
+ continue
+ }
+ if f.isLazy {
+ // Be careful, this field needs to be read atomically, like for a get
+ if f.isPointer && fptr.AtomicGetPointer().IsNil() {
+ if lazyFields(opts) {
+ b, _ = (*lazy).AppendField(b, uint32(f.num))
+ continue
+ } else {
+ mi.lazyUnmarshal(p, f.num)
+ }
+ }
+
+ b, err = f.funcs.marshal(b, fptr, f, opts)
+ if err != nil {
+ return b, err
+ }
+ continue
+ } else if f.isPointer && fptr.Elem().IsNil() {
+ continue
+ }
+ b, err = f.funcs.marshal(b, fptr, f, opts)
+ if err != nil {
+ return b, err
+ }
+ continue
+ }
+
if f.isPointer && fptr.Elem().IsNil() {
continue
}
@@ -163,6 +233,14 @@ func fullyLazyExtensions(opts marshalOptions) bool {
return opts.flags&piface.MarshalDeterministic == 0
}
+// lazyFields returns true if we should attempt to keep fields lazy over size and marshal.
+func lazyFields(opts marshalOptions) bool {
+ // When deterministic marshaling is requested, force an unmarshal for lazy
+ // fields to produce a deterministic result, instead of passing through
+ // bytes lazily that may or may not match what Go Protobuf would produce.
+ return opts.flags&piface.MarshalDeterministic == 0
+}
+
func (mi *MessageInfo) sizeExtensions(ext *map[int32]ExtensionField, opts marshalOptions) (n int) {
if ext == nil {
return 0
diff --git a/vendor/google.golang.org/protobuf/internal/impl/lazy.go b/vendor/google.golang.org/protobuf/internal/impl/lazy.go
new file mode 100644
index 0000000000..c7de31e243
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/lazy.go
@@ -0,0 +1,433 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+import (
+ "fmt"
+ "math/bits"
+ "os"
+ "reflect"
+ "sort"
+ "sync/atomic"
+
+ "google.golang.org/protobuf/encoding/protowire"
+ "google.golang.org/protobuf/internal/errors"
+ "google.golang.org/protobuf/internal/protolazy"
+ "google.golang.org/protobuf/reflect/protoreflect"
+ preg "google.golang.org/protobuf/reflect/protoregistry"
+ piface "google.golang.org/protobuf/runtime/protoiface"
+)
+
+var enableLazy int32 = func() int32 {
+ if os.Getenv("GOPROTODEBUG") == "nolazy" {
+ return 0
+ }
+ return 1
+}()
+
+// EnableLazyUnmarshal enables lazy unmarshaling.
+func EnableLazyUnmarshal(enable bool) {
+ if enable {
+ atomic.StoreInt32(&enableLazy, 1)
+ return
+ }
+ atomic.StoreInt32(&enableLazy, 0)
+}
+
+// LazyEnabled reports whether lazy unmarshalling is currently enabled.
+func LazyEnabled() bool {
+ return atomic.LoadInt32(&enableLazy) != 0
+}
+
+// UnmarshalField unmarshals a field in a message.
+func UnmarshalField(m interface{}, num protowire.Number) {
+ switch m := m.(type) {
+ case *messageState:
+ m.messageInfo().lazyUnmarshal(m.pointer(), num)
+ case *messageReflectWrapper:
+ m.messageInfo().lazyUnmarshal(m.pointer(), num)
+ default:
+ panic(fmt.Sprintf("unsupported wrapper type %T", m))
+ }
+}
+
+func (mi *MessageInfo) lazyUnmarshal(p pointer, num protoreflect.FieldNumber) {
+ var f *coderFieldInfo
+ if int(num) < len(mi.denseCoderFields) {
+ f = mi.denseCoderFields[num]
+ } else {
+ f = mi.coderFields[num]
+ }
+ if f == nil {
+ panic(fmt.Sprintf("lazyUnmarshal: field info for %v.%v", mi.Desc.FullName(), num))
+ }
+ lazy := *p.Apply(mi.lazyOffset).LazyInfoPtr()
+ start, end, found, _, multipleEntries := lazy.FindFieldInProto(uint32(num))
+ if !found && multipleEntries == nil {
+ panic(fmt.Sprintf("lazyUnmarshal: can't find field data for %v.%v", mi.Desc.FullName(), num))
+ }
+ // The actual pointer in the message can not be set until the whole struct is filled in, otherwise we will have races.
+ // Create another pointer and set it atomically, if we won the race and the pointer in the original message is still nil.
+ fp := pointerOfValue(reflect.New(f.ft))
+ if multipleEntries != nil {
+ for _, entry := range multipleEntries {
+ mi.unmarshalField(lazy.Buffer()[entry.Start:entry.End], fp, f, lazy, lazy.UnmarshalFlags())
+ }
+ } else {
+ mi.unmarshalField(lazy.Buffer()[start:end], fp, f, lazy, lazy.UnmarshalFlags())
+ }
+ p.Apply(f.offset).AtomicSetPointerIfNil(fp.Elem())
+}
+
+func (mi *MessageInfo) unmarshalField(b []byte, p pointer, f *coderFieldInfo, lazyInfo *protolazy.XXX_lazyUnmarshalInfo, flags piface.UnmarshalInputFlags) error {
+ opts := lazyUnmarshalOptions
+ opts.flags |= flags
+ for len(b) > 0 {
+ // Parse the tag (field number and wire type).
+ var tag uint64
+ if b[0] < 0x80 {
+ tag = uint64(b[0])
+ b = b[1:]
+ } else if len(b) >= 2 && b[1] < 128 {
+ tag = uint64(b[0]&0x7f) + uint64(b[1])<<7
+ b = b[2:]
+ } else {
+ var n int
+ tag, n = protowire.ConsumeVarint(b)
+ if n < 0 {
+ return errors.New("invalid wire data")
+ }
+ b = b[n:]
+ }
+ var num protowire.Number
+ if n := tag >> 3; n < uint64(protowire.MinValidNumber) || n > uint64(protowire.MaxValidNumber) {
+ return errors.New("invalid wire data")
+ } else {
+ num = protowire.Number(n)
+ }
+ wtyp := protowire.Type(tag & 7)
+ if num == f.num {
+ o, err := f.funcs.unmarshal(b, p, wtyp, f, opts)
+ if err == nil {
+ b = b[o.n:]
+ continue
+ }
+ if err != errUnknown {
+ return err
+ }
+ }
+ n := protowire.ConsumeFieldValue(num, wtyp, b)
+ if n < 0 {
+ return errors.New("invalid wire data")
+ }
+ b = b[n:]
+ }
+ return nil
+}
+
+func (mi *MessageInfo) skipField(b []byte, f *coderFieldInfo, wtyp protowire.Type, opts unmarshalOptions) (out unmarshalOutput, _ ValidationStatus) {
+ fmi := f.validation.mi
+ if fmi == nil {
+ fd := mi.Desc.Fields().ByNumber(f.num)
+ if fd == nil {
+ return out, ValidationUnknown
+ }
+ messageName := fd.Message().FullName()
+ messageType, err := preg.GlobalTypes.FindMessageByName(messageName)
+ if err != nil {
+ return out, ValidationUnknown
+ }
+ var ok bool
+ fmi, ok = messageType.(*MessageInfo)
+ if !ok {
+ return out, ValidationUnknown
+ }
+ }
+ fmi.init()
+ switch f.validation.typ {
+ case validationTypeMessage:
+ if wtyp != protowire.BytesType {
+ return out, ValidationWrongWireType
+ }
+ v, n := protowire.ConsumeBytes(b)
+ if n < 0 {
+ return out, ValidationInvalid
+ }
+ out, st := fmi.validate(v, 0, opts)
+ out.n = n
+ return out, st
+ case validationTypeGroup:
+ if wtyp != protowire.StartGroupType {
+ return out, ValidationWrongWireType
+ }
+ out, st := fmi.validate(b, f.num, opts)
+ return out, st
+ default:
+ return out, ValidationUnknown
+ }
+}
+
+// unmarshalPointerLazy is similar to unmarshalPointerEager, but it
+// specifically handles lazy unmarshalling. it expects lazyOffset and
+// presenceOffset to both be valid.
+func (mi *MessageInfo) unmarshalPointerLazy(b []byte, p pointer, groupTag protowire.Number, opts unmarshalOptions) (out unmarshalOutput, err error) {
+ initialized := true
+ var requiredMask uint64
+ var lazy **protolazy.XXX_lazyUnmarshalInfo
+ var presence presence
+ var lazyIndex []protolazy.IndexEntry
+ var lastNum protowire.Number
+ outOfOrder := false
+ lazyDecode := false
+ presence = p.Apply(mi.presenceOffset).PresenceInfo()
+ lazy = p.Apply(mi.lazyOffset).LazyInfoPtr()
+ if !presence.AnyPresent(mi.presenceSize) {
+ if opts.CanBeLazy() {
+ // If the message contains existing data, we need to merge into it.
+ // Lazy unmarshaling doesn't merge, so only enable it when the
+ // message is empty (has no presence bitmap).
+ lazyDecode = true
+ if *lazy == nil {
+ *lazy = &protolazy.XXX_lazyUnmarshalInfo{}
+ }
+ (*lazy).SetUnmarshalFlags(opts.flags)
+ if !opts.AliasBuffer() {
+ // Make a copy of the buffer for lazy unmarshaling.
+ // Set the AliasBuffer flag so recursive unmarshal
+ // operations reuse the copy.
+ b = append([]byte{}, b...)
+ opts.flags |= piface.UnmarshalAliasBuffer
+ }
+ (*lazy).SetBuffer(b)
+ }
+ }
+ // Track special handling of lazy fields.
+ //
+ // In the common case, all fields are lazyValidateOnly (and lazyFields remains nil).
+ // In the event that validation for a field fails, this map tracks handling of the field.
+ type lazyAction uint8
+ const (
+ lazyValidateOnly lazyAction = iota // validate the field only
+ lazyUnmarshalNow // eagerly unmarshal the field
+ lazyUnmarshalLater // unmarshal the field after the message is fully processed
+ )
+ var lazyFields map[*coderFieldInfo]lazyAction
+ var exts *map[int32]ExtensionField
+ start := len(b)
+ pos := 0
+ for len(b) > 0 {
+ // Parse the tag (field number and wire type).
+ var tag uint64
+ if b[0] < 0x80 {
+ tag = uint64(b[0])
+ b = b[1:]
+ } else if len(b) >= 2 && b[1] < 128 {
+ tag = uint64(b[0]&0x7f) + uint64(b[1])<<7
+ b = b[2:]
+ } else {
+ var n int
+ tag, n = protowire.ConsumeVarint(b)
+ if n < 0 {
+ return out, errDecode
+ }
+ b = b[n:]
+ }
+ var num protowire.Number
+ if n := tag >> 3; n < uint64(protowire.MinValidNumber) || n > uint64(protowire.MaxValidNumber) {
+ return out, errors.New("invalid field number")
+ } else {
+ num = protowire.Number(n)
+ }
+ wtyp := protowire.Type(tag & 7)
+
+ if wtyp == protowire.EndGroupType {
+ if num != groupTag {
+ return out, errors.New("mismatching end group marker")
+ }
+ groupTag = 0
+ break
+ }
+
+ var f *coderFieldInfo
+ if int(num) < len(mi.denseCoderFields) {
+ f = mi.denseCoderFields[num]
+ } else {
+ f = mi.coderFields[num]
+ }
+ var n int
+ err := errUnknown
+ discardUnknown := false
+ Field:
+ switch {
+ case f != nil:
+ if f.funcs.unmarshal == nil {
+ break
+ }
+ if f.isLazy && lazyDecode {
+ switch {
+ case lazyFields == nil || lazyFields[f] == lazyValidateOnly:
+ // Attempt to validate this field and leave it for later lazy unmarshaling.
+ o, valid := mi.skipField(b, f, wtyp, opts)
+ switch valid {
+ case ValidationValid:
+ // Skip over the valid field and continue.
+ err = nil
+ presence.SetPresentUnatomic(f.presenceIndex, mi.presenceSize)
+ requiredMask |= f.validation.requiredBit
+ if !o.initialized {
+ initialized = false
+ }
+ n = o.n
+ break Field
+ case ValidationInvalid:
+ return out, errors.New("invalid proto wire format")
+ case ValidationWrongWireType:
+ break Field
+ case ValidationUnknown:
+ if lazyFields == nil {
+ lazyFields = make(map[*coderFieldInfo]lazyAction)
+ }
+ if presence.Present(f.presenceIndex) {
+ // We were unable to determine if the field is valid or not,
+ // and we've already skipped over at least one instance of this
+ // field. Clear the presence bit (so if we stop decoding early,
+ // we don't leave a partially-initialized field around) and flag
+ // the field for unmarshaling before we return.
+ presence.ClearPresent(f.presenceIndex)
+ lazyFields[f] = lazyUnmarshalLater
+ discardUnknown = true
+ break Field
+ } else {
+ // We were unable to determine if the field is valid or not,
+ // but this is the first time we've seen it. Flag it as needing
+ // eager unmarshaling and fall through to the eager unmarshal case below.
+ lazyFields[f] = lazyUnmarshalNow
+ }
+ }
+ case lazyFields[f] == lazyUnmarshalLater:
+ // This field will be unmarshaled in a separate pass below.
+ // Skip over it here.
+ discardUnknown = true
+ break Field
+ default:
+ // Eagerly unmarshal the field.
+ }
+ }
+ if f.isLazy && !lazyDecode && presence.Present(f.presenceIndex) {
+ if p.Apply(f.offset).AtomicGetPointer().IsNil() {
+ mi.lazyUnmarshal(p, f.num)
+ }
+ }
+ var o unmarshalOutput
+ o, err = f.funcs.unmarshal(b, p.Apply(f.offset), wtyp, f, opts)
+ n = o.n
+ if err != nil {
+ break
+ }
+ requiredMask |= f.validation.requiredBit
+ if f.funcs.isInit != nil && !o.initialized {
+ initialized = false
+ }
+ if f.presenceIndex != noPresence {
+ presence.SetPresentUnatomic(f.presenceIndex, mi.presenceSize)
+ }
+ default:
+ // Possible extension.
+ if exts == nil && mi.extensionOffset.IsValid() {
+ exts = p.Apply(mi.extensionOffset).Extensions()
+ if *exts == nil {
+ *exts = make(map[int32]ExtensionField)
+ }
+ }
+ if exts == nil {
+ break
+ }
+ var o unmarshalOutput
+ o, err = mi.unmarshalExtension(b, num, wtyp, *exts, opts)
+ if err != nil {
+ break
+ }
+ n = o.n
+ if !o.initialized {
+ initialized = false
+ }
+ }
+ if err != nil {
+ if err != errUnknown {
+ return out, err
+ }
+ n = protowire.ConsumeFieldValue(num, wtyp, b)
+ if n < 0 {
+ return out, errDecode
+ }
+ if !discardUnknown && !opts.DiscardUnknown() && mi.unknownOffset.IsValid() {
+ u := mi.mutableUnknownBytes(p)
+ *u = protowire.AppendTag(*u, num, wtyp)
+ *u = append(*u, b[:n]...)
+ }
+ }
+ b = b[n:]
+ end := start - len(b)
+ if lazyDecode && f != nil && f.isLazy {
+ if num != lastNum {
+ lazyIndex = append(lazyIndex, protolazy.IndexEntry{
+ FieldNum: uint32(num),
+ Start: uint32(pos),
+ End: uint32(end),
+ })
+ } else {
+ i := len(lazyIndex) - 1
+ lazyIndex[i].End = uint32(end)
+ lazyIndex[i].MultipleContiguous = true
+ }
+ }
+ if num < lastNum {
+ outOfOrder = true
+ }
+ pos = end
+ lastNum = num
+ }
+ if groupTag != 0 {
+ return out, errors.New("missing end group marker")
+ }
+ if lazyFields != nil {
+ // Some fields failed validation, and now need to be unmarshaled.
+ for f, action := range lazyFields {
+ if action != lazyUnmarshalLater {
+ continue
+ }
+ initialized = false
+ if *lazy == nil {
+ *lazy = &protolazy.XXX_lazyUnmarshalInfo{}
+ }
+ if err := mi.unmarshalField((*lazy).Buffer(), p.Apply(f.offset), f, *lazy, opts.flags); err != nil {
+ return out, err
+ }
+ presence.SetPresentUnatomic(f.presenceIndex, mi.presenceSize)
+ }
+ }
+ if lazyDecode {
+ if outOfOrder {
+ sort.Slice(lazyIndex, func(i, j int) bool {
+ return lazyIndex[i].FieldNum < lazyIndex[j].FieldNum ||
+ (lazyIndex[i].FieldNum == lazyIndex[j].FieldNum &&
+ lazyIndex[i].Start < lazyIndex[j].Start)
+ })
+ }
+ if *lazy == nil {
+ *lazy = &protolazy.XXX_lazyUnmarshalInfo{}
+ }
+
+ (*lazy).SetIndex(lazyIndex)
+ }
+ if mi.numRequiredFields > 0 && bits.OnesCount64(requiredMask) != int(mi.numRequiredFields) {
+ initialized = false
+ }
+ if initialized {
+ out.initialized = true
+ }
+ out.n = start - len(b)
+ return out, nil
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go
index bf0b6049b4..a51dffbe29 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go
@@ -310,12 +310,9 @@ func aberrantAppendField(md *filedesc.Message, goType reflect.Type, tag, tagKey,
fd.L0.Parent = md
fd.L0.Index = n
- if fd.L1.IsWeak || fd.L1.EditionFeatures.IsPacked {
+ if fd.L1.EditionFeatures.IsPacked {
fd.L1.Options = func() protoreflect.ProtoMessage {
opts := descopts.Field.ProtoReflect().New()
- if fd.L1.IsWeak {
- opts.Set(opts.Descriptor().Fields().ByName("weak"), protoreflect.ValueOfBool(true))
- }
if fd.L1.EditionFeatures.IsPacked {
opts.Set(opts.Descriptor().Fields().ByName("packed"), protoreflect.ValueOfBool(fd.L1.EditionFeatures.IsPacked))
}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/merge.go b/vendor/google.golang.org/protobuf/internal/impl/merge.go
index 7e65f64f28..8ffdce67d3 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/merge.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/merge.go
@@ -41,11 +41,38 @@ func (mi *MessageInfo) mergePointer(dst, src pointer, opts mergeOptions) {
if src.IsNil() {
return
}
+
+ var presenceSrc presence
+ var presenceDst presence
+ if mi.presenceOffset.IsValid() {
+ presenceSrc = src.Apply(mi.presenceOffset).PresenceInfo()
+ presenceDst = dst.Apply(mi.presenceOffset).PresenceInfo()
+ }
+
for _, f := range mi.orderedCoderFields {
if f.funcs.merge == nil {
continue
}
sfptr := src.Apply(f.offset)
+
+ if f.presenceIndex != noPresence {
+ if !presenceSrc.Present(f.presenceIndex) {
+ continue
+ }
+ dfptr := dst.Apply(f.offset)
+ if f.isLazy {
+ if sfptr.AtomicGetPointer().IsNil() {
+ mi.lazyUnmarshal(src, f.num)
+ }
+ if presenceDst.Present(f.presenceIndex) && dfptr.AtomicGetPointer().IsNil() {
+ mi.lazyUnmarshal(dst, f.num)
+ }
+ }
+ f.funcs.merge(dst.Apply(f.offset), sfptr, f, opts)
+ presenceDst.SetPresentUnatomic(f.presenceIndex, mi.presenceSize)
+ continue
+ }
+
if f.isPointer && sfptr.Elem().IsNil() {
continue
}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message.go b/vendor/google.golang.org/protobuf/internal/impl/message.go
index 741b5ed29c..d50423dcb7 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/message.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/message.go
@@ -14,7 +14,6 @@ import (
"google.golang.org/protobuf/internal/genid"
"google.golang.org/protobuf/reflect/protoreflect"
- "google.golang.org/protobuf/reflect/protoregistry"
)
// MessageInfo provides protobuf related functionality for a given Go type
@@ -79,6 +78,9 @@ func (mi *MessageInfo) initOnce() {
if mi.initDone == 1 {
return
}
+ if opaqueInitHook(mi) {
+ return
+ }
t := mi.GoReflectType
if t.Kind() != reflect.Ptr && t.Elem().Kind() != reflect.Struct {
@@ -117,7 +119,6 @@ type (
var (
sizecacheType = reflect.TypeOf(SizeCache(0))
- weakFieldsType = reflect.TypeOf(WeakFields(nil))
unknownFieldsAType = reflect.TypeOf(unknownFieldsA(nil))
unknownFieldsBType = reflect.TypeOf(unknownFieldsB(nil))
extensionFieldsType = reflect.TypeOf(ExtensionFields(nil))
@@ -126,13 +127,14 @@ var (
type structInfo struct {
sizecacheOffset offset
sizecacheType reflect.Type
- weakOffset offset
- weakType reflect.Type
unknownOffset offset
unknownType reflect.Type
extensionOffset offset
extensionType reflect.Type
+ lazyOffset offset
+ presenceOffset offset
+
fieldsByNumber map[protoreflect.FieldNumber]reflect.StructField
oneofsByName map[protoreflect.Name]reflect.StructField
oneofWrappersByType map[reflect.Type]protoreflect.FieldNumber
@@ -142,9 +144,10 @@ type structInfo struct {
func (mi *MessageInfo) makeStructInfo(t reflect.Type) structInfo {
si := structInfo{
sizecacheOffset: invalidOffset,
- weakOffset: invalidOffset,
unknownOffset: invalidOffset,
extensionOffset: invalidOffset,
+ lazyOffset: invalidOffset,
+ presenceOffset: invalidOffset,
fieldsByNumber: map[protoreflect.FieldNumber]reflect.StructField{},
oneofsByName: map[protoreflect.Name]reflect.StructField{},
@@ -157,24 +160,23 @@ fieldLoop:
switch f := t.Field(i); f.Name {
case genid.SizeCache_goname, genid.SizeCacheA_goname:
if f.Type == sizecacheType {
- si.sizecacheOffset = offsetOf(f, mi.Exporter)
+ si.sizecacheOffset = offsetOf(f)
si.sizecacheType = f.Type
}
- case genid.WeakFields_goname, genid.WeakFieldsA_goname:
- if f.Type == weakFieldsType {
- si.weakOffset = offsetOf(f, mi.Exporter)
- si.weakType = f.Type
- }
case genid.UnknownFields_goname, genid.UnknownFieldsA_goname:
if f.Type == unknownFieldsAType || f.Type == unknownFieldsBType {
- si.unknownOffset = offsetOf(f, mi.Exporter)
+ si.unknownOffset = offsetOf(f)
si.unknownType = f.Type
}
case genid.ExtensionFields_goname, genid.ExtensionFieldsA_goname, genid.ExtensionFieldsB_goname:
if f.Type == extensionFieldsType {
- si.extensionOffset = offsetOf(f, mi.Exporter)
+ si.extensionOffset = offsetOf(f)
si.extensionType = f.Type
}
+ case "lazyFields", "XXX_lazyUnmarshalInfo":
+ si.lazyOffset = offsetOf(f)
+ case "XXX_presence":
+ si.presenceOffset = offsetOf(f)
default:
for _, s := range strings.Split(f.Tag.Get("protobuf"), ",") {
if len(s) > 0 && strings.Trim(s, "0123456789") == "" {
@@ -244,9 +246,6 @@ func (mi *MessageInfo) Message(i int) protoreflect.MessageType {
mi.init()
fd := mi.Desc.Fields().Get(i)
switch {
- case fd.IsWeak():
- mt, _ := protoregistry.GlobalTypes.FindMessageByName(fd.Message().FullName())
- return mt
case fd.IsMap():
return mapEntryType{fd.Message(), mi.fieldTypes[fd.Number()]}
default:
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go
new file mode 100644
index 0000000000..dd55e8e009
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go
@@ -0,0 +1,627 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+import (
+ "fmt"
+ "math"
+ "reflect"
+ "strings"
+ "sync/atomic"
+
+ "google.golang.org/protobuf/reflect/protoreflect"
+)
+
+type opaqueStructInfo struct {
+ structInfo
+}
+
+// isOpaque determines whether a protobuf message type is on the Opaque API. It
+// checks whether the type is a Go struct that protoc-gen-go would generate.
+//
+// This function only detects newly generated messages from the v2
+// implementation of protoc-gen-go. It is unable to classify generated messages
+// that are too old or those that are generated by a different generator
+// such as protoc-gen-gogo.
+func isOpaque(t reflect.Type) bool {
+ // The current detection mechanism is to simply check the first field
+ // for a struct tag with the "protogen" key.
+ if t.Kind() == reflect.Struct && t.NumField() > 0 {
+ pgt := t.Field(0).Tag.Get("protogen")
+ return strings.HasPrefix(pgt, "opaque.")
+ }
+ return false
+}
+
+func opaqueInitHook(mi *MessageInfo) bool {
+ mt := mi.GoReflectType.Elem()
+ si := opaqueStructInfo{
+ structInfo: mi.makeStructInfo(mt),
+ }
+
+ if !isOpaque(mt) {
+ return false
+ }
+
+ defer atomic.StoreUint32(&mi.initDone, 1)
+
+ mi.fields = map[protoreflect.FieldNumber]*fieldInfo{}
+ fds := mi.Desc.Fields()
+ for i := 0; i < fds.Len(); i++ {
+ fd := fds.Get(i)
+ fs := si.fieldsByNumber[fd.Number()]
+ var fi fieldInfo
+ usePresence, _ := usePresenceForField(si, fd)
+
+ switch {
+ case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic():
+ // Oneofs are no different for opaque.
+ fi = fieldInfoForOneof(fd, si.oneofsByName[fd.ContainingOneof().Name()], mi.Exporter, si.oneofWrappersByNumber[fd.Number()])
+ case fd.IsMap():
+ fi = mi.fieldInfoForMapOpaque(si, fd, fs)
+ case fd.IsList() && fd.Message() == nil && usePresence:
+ fi = mi.fieldInfoForScalarListOpaque(si, fd, fs)
+ case fd.IsList() && fd.Message() == nil:
+ // Proto3 lists without presence can use same access methods as open
+ fi = fieldInfoForList(fd, fs, mi.Exporter)
+ case fd.IsList() && usePresence:
+ fi = mi.fieldInfoForMessageListOpaque(si, fd, fs)
+ case fd.IsList():
+ // Proto3 opaque messages that does not need presence bitmap.
+ // Different representation than open struct, but same logic
+ fi = mi.fieldInfoForMessageListOpaqueNoPresence(si, fd, fs)
+ case fd.Message() != nil && usePresence:
+ fi = mi.fieldInfoForMessageOpaque(si, fd, fs)
+ case fd.Message() != nil:
+ // Proto3 messages without presence can use same access methods as open
+ fi = fieldInfoForMessage(fd, fs, mi.Exporter)
+ default:
+ fi = mi.fieldInfoForScalarOpaque(si, fd, fs)
+ }
+ mi.fields[fd.Number()] = &fi
+ }
+ mi.oneofs = map[protoreflect.Name]*oneofInfo{}
+ for i := 0; i < mi.Desc.Oneofs().Len(); i++ {
+ od := mi.Desc.Oneofs().Get(i)
+ mi.oneofs[od.Name()] = makeOneofInfoOpaque(mi, od, si.structInfo, mi.Exporter)
+ }
+
+ mi.denseFields = make([]*fieldInfo, fds.Len()*2)
+ for i := 0; i < fds.Len(); i++ {
+ if fd := fds.Get(i); int(fd.Number()) < len(mi.denseFields) {
+ mi.denseFields[fd.Number()] = mi.fields[fd.Number()]
+ }
+ }
+
+ for i := 0; i < fds.Len(); {
+ fd := fds.Get(i)
+ if od := fd.ContainingOneof(); od != nil && !fd.ContainingOneof().IsSynthetic() {
+ mi.rangeInfos = append(mi.rangeInfos, mi.oneofs[od.Name()])
+ i += od.Fields().Len()
+ } else {
+ mi.rangeInfos = append(mi.rangeInfos, mi.fields[fd.Number()])
+ i++
+ }
+ }
+
+ mi.makeExtensionFieldsFunc(mt, si.structInfo)
+ mi.makeUnknownFieldsFunc(mt, si.structInfo)
+ mi.makeOpaqueCoderMethods(mt, si)
+ mi.makeFieldTypes(si.structInfo)
+
+ return true
+}
+
+func makeOneofInfoOpaque(mi *MessageInfo, od protoreflect.OneofDescriptor, si structInfo, x exporter) *oneofInfo {
+ oi := &oneofInfo{oneofDesc: od}
+ if od.IsSynthetic() {
+ fd := od.Fields().Get(0)
+ index, _ := presenceIndex(mi.Desc, fd)
+ oi.which = func(p pointer) protoreflect.FieldNumber {
+ if p.IsNil() {
+ return 0
+ }
+ if !mi.present(p, index) {
+ return 0
+ }
+ return od.Fields().Get(0).Number()
+ }
+ return oi
+ }
+ // Dispatch to non-opaque oneof implementation for non-synthetic oneofs.
+ return makeOneofInfo(od, si, x)
+}
+
+func (mi *MessageInfo) fieldInfoForMapOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo {
+ ft := fs.Type
+ if ft.Kind() != reflect.Map {
+ panic(fmt.Sprintf("invalid type: got %v, want map kind", ft))
+ }
+ fieldOffset := offsetOf(fs)
+ conv := NewConverter(ft, fd)
+ return fieldInfo{
+ fieldDesc: fd,
+ has: func(p pointer) bool {
+ if p.IsNil() {
+ return false
+ }
+ // Don't bother checking presence bits, since we need to
+ // look at the map length even if the presence bit is set.
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ return rv.Len() > 0
+ },
+ clear: func(p pointer) {
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ rv.Set(reflect.Zero(rv.Type()))
+ },
+ get: func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ if rv.Len() == 0 {
+ return conv.Zero()
+ }
+ return conv.PBValueOf(rv)
+ },
+ set: func(p pointer, v protoreflect.Value) {
+ pv := conv.GoValueOf(v)
+ if pv.IsNil() {
+ panic(fmt.Sprintf("invalid value: setting map field to read-only value"))
+ }
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ rv.Set(pv)
+ },
+ mutable: func(p pointer) protoreflect.Value {
+ v := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ if v.IsNil() {
+ v.Set(reflect.MakeMap(fs.Type))
+ }
+ return conv.PBValueOf(v)
+ },
+ newField: func() protoreflect.Value {
+ return conv.New()
+ },
+ }
+}
+
+func (mi *MessageInfo) fieldInfoForScalarListOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo {
+ ft := fs.Type
+ if ft.Kind() != reflect.Slice {
+ panic(fmt.Sprintf("invalid type: got %v, want slice kind", ft))
+ }
+ conv := NewConverter(reflect.PtrTo(ft), fd)
+ fieldOffset := offsetOf(fs)
+ index, _ := presenceIndex(mi.Desc, fd)
+ return fieldInfo{
+ fieldDesc: fd,
+ has: func(p pointer) bool {
+ if p.IsNil() {
+ return false
+ }
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ return rv.Len() > 0
+ },
+ clear: func(p pointer) {
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ rv.Set(reflect.Zero(rv.Type()))
+ },
+ get: func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type)
+ if rv.Elem().Len() == 0 {
+ return conv.Zero()
+ }
+ return conv.PBValueOf(rv)
+ },
+ set: func(p pointer, v protoreflect.Value) {
+ pv := conv.GoValueOf(v)
+ if pv.IsNil() {
+ panic(fmt.Sprintf("invalid value: setting repeated field to read-only value"))
+ }
+ mi.setPresent(p, index)
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ rv.Set(pv.Elem())
+ },
+ mutable: func(p pointer) protoreflect.Value {
+ mi.setPresent(p, index)
+ return conv.PBValueOf(p.Apply(fieldOffset).AsValueOf(fs.Type))
+ },
+ newField: func() protoreflect.Value {
+ return conv.New()
+ },
+ }
+}
+
+func (mi *MessageInfo) fieldInfoForMessageListOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo {
+ ft := fs.Type
+ if ft.Kind() != reflect.Ptr || ft.Elem().Kind() != reflect.Slice {
+ panic(fmt.Sprintf("invalid type: got %v, want slice kind", ft))
+ }
+ conv := NewConverter(ft, fd)
+ fieldOffset := offsetOf(fs)
+ index, _ := presenceIndex(mi.Desc, fd)
+ fieldNumber := fd.Number()
+ return fieldInfo{
+ fieldDesc: fd,
+ has: func(p pointer) bool {
+ if p.IsNil() {
+ return false
+ }
+ if !mi.present(p, index) {
+ return false
+ }
+ sp := p.Apply(fieldOffset).AtomicGetPointer()
+ if sp.IsNil() {
+ // Lazily unmarshal this field.
+ mi.lazyUnmarshal(p, fieldNumber)
+ sp = p.Apply(fieldOffset).AtomicGetPointer()
+ }
+ rv := sp.AsValueOf(fs.Type.Elem())
+ return rv.Elem().Len() > 0
+ },
+ clear: func(p pointer) {
+ fp := p.Apply(fieldOffset)
+ sp := fp.AtomicGetPointer()
+ if sp.IsNil() {
+ sp = fp.AtomicSetPointerIfNil(pointerOfValue(reflect.New(fs.Type.Elem())))
+ mi.setPresent(p, index)
+ }
+ rv := sp.AsValueOf(fs.Type.Elem())
+ rv.Elem().Set(reflect.Zero(rv.Type().Elem()))
+ },
+ get: func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ if !mi.present(p, index) {
+ return conv.Zero()
+ }
+ sp := p.Apply(fieldOffset).AtomicGetPointer()
+ if sp.IsNil() {
+ // Lazily unmarshal this field.
+ mi.lazyUnmarshal(p, fieldNumber)
+ sp = p.Apply(fieldOffset).AtomicGetPointer()
+ }
+ rv := sp.AsValueOf(fs.Type.Elem())
+ if rv.Elem().Len() == 0 {
+ return conv.Zero()
+ }
+ return conv.PBValueOf(rv)
+ },
+ set: func(p pointer, v protoreflect.Value) {
+ fp := p.Apply(fieldOffset)
+ sp := fp.AtomicGetPointer()
+ if sp.IsNil() {
+ sp = fp.AtomicSetPointerIfNil(pointerOfValue(reflect.New(fs.Type.Elem())))
+ mi.setPresent(p, index)
+ }
+ rv := sp.AsValueOf(fs.Type.Elem())
+ val := conv.GoValueOf(v)
+ if val.IsNil() {
+ panic(fmt.Sprintf("invalid value: setting repeated field to read-only value"))
+ } else {
+ rv.Elem().Set(val.Elem())
+ }
+ },
+ mutable: func(p pointer) protoreflect.Value {
+ fp := p.Apply(fieldOffset)
+ sp := fp.AtomicGetPointer()
+ if sp.IsNil() {
+ if mi.present(p, index) {
+ // Lazily unmarshal this field.
+ mi.lazyUnmarshal(p, fieldNumber)
+ sp = p.Apply(fieldOffset).AtomicGetPointer()
+ } else {
+ sp = fp.AtomicSetPointerIfNil(pointerOfValue(reflect.New(fs.Type.Elem())))
+ mi.setPresent(p, index)
+ }
+ }
+ rv := sp.AsValueOf(fs.Type.Elem())
+ return conv.PBValueOf(rv)
+ },
+ newField: func() protoreflect.Value {
+ return conv.New()
+ },
+ }
+}
+
+func (mi *MessageInfo) fieldInfoForMessageListOpaqueNoPresence(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo {
+ ft := fs.Type
+ if ft.Kind() != reflect.Ptr || ft.Elem().Kind() != reflect.Slice {
+ panic(fmt.Sprintf("invalid type: got %v, want slice kind", ft))
+ }
+ conv := NewConverter(ft, fd)
+ fieldOffset := offsetOf(fs)
+ return fieldInfo{
+ fieldDesc: fd,
+ has: func(p pointer) bool {
+ if p.IsNil() {
+ return false
+ }
+ sp := p.Apply(fieldOffset).AtomicGetPointer()
+ if sp.IsNil() {
+ return false
+ }
+ rv := sp.AsValueOf(fs.Type.Elem())
+ return rv.Elem().Len() > 0
+ },
+ clear: func(p pointer) {
+ sp := p.Apply(fieldOffset).AtomicGetPointer()
+ if !sp.IsNil() {
+ rv := sp.AsValueOf(fs.Type.Elem())
+ rv.Elem().Set(reflect.Zero(rv.Type().Elem()))
+ }
+ },
+ get: func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ sp := p.Apply(fieldOffset).AtomicGetPointer()
+ if sp.IsNil() {
+ return conv.Zero()
+ }
+ rv := sp.AsValueOf(fs.Type.Elem())
+ if rv.Elem().Len() == 0 {
+ return conv.Zero()
+ }
+ return conv.PBValueOf(rv)
+ },
+ set: func(p pointer, v protoreflect.Value) {
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ if rv.IsNil() {
+ rv.Set(reflect.New(fs.Type.Elem()))
+ }
+ val := conv.GoValueOf(v)
+ if val.IsNil() {
+ panic(fmt.Sprintf("invalid value: setting repeated field to read-only value"))
+ } else {
+ rv.Elem().Set(val.Elem())
+ }
+ },
+ mutable: func(p pointer) protoreflect.Value {
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ if rv.IsNil() {
+ rv.Set(reflect.New(fs.Type.Elem()))
+ }
+ return conv.PBValueOf(rv)
+ },
+ newField: func() protoreflect.Value {
+ return conv.New()
+ },
+ }
+}
+
+func (mi *MessageInfo) fieldInfoForScalarOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo {
+ ft := fs.Type
+ nullable := fd.HasPresence()
+ if oneof := fd.ContainingOneof(); oneof != nil && oneof.IsSynthetic() {
+ nullable = true
+ }
+ deref := false
+ if nullable && ft.Kind() == reflect.Ptr {
+ ft = ft.Elem()
+ deref = true
+ }
+ conv := NewConverter(ft, fd)
+ fieldOffset := offsetOf(fs)
+ index, _ := presenceIndex(mi.Desc, fd)
+ var getter func(p pointer) protoreflect.Value
+ if !nullable {
+ getter = getterForDirectScalar(fd, fs, conv, fieldOffset)
+ } else {
+ getter = getterForOpaqueNullableScalar(mi, index, fd, fs, conv, fieldOffset)
+ }
+ return fieldInfo{
+ fieldDesc: fd,
+ has: func(p pointer) bool {
+ if p.IsNil() {
+ return false
+ }
+ if nullable {
+ return mi.present(p, index)
+ }
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ switch rv.Kind() {
+ case reflect.Bool:
+ return rv.Bool()
+ case reflect.Int32, reflect.Int64:
+ return rv.Int() != 0
+ case reflect.Uint32, reflect.Uint64:
+ return rv.Uint() != 0
+ case reflect.Float32, reflect.Float64:
+ return rv.Float() != 0 || math.Signbit(rv.Float())
+ case reflect.String, reflect.Slice:
+ return rv.Len() > 0
+ default:
+ panic(fmt.Sprintf("invalid type: %v", rv.Type())) // should never happen
+ }
+ },
+ clear: func(p pointer) {
+ if nullable {
+ mi.clearPresent(p, index)
+ }
+ // This is only valuable for bytes and strings, but we do it unconditionally.
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ rv.Set(reflect.Zero(rv.Type()))
+ },
+ get: getter,
+ // TODO: Implement unsafe fast path for set?
+ set: func(p pointer, v protoreflect.Value) {
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ if deref {
+ if rv.IsNil() {
+ rv.Set(reflect.New(ft))
+ }
+ rv = rv.Elem()
+ }
+
+ rv.Set(conv.GoValueOf(v))
+ if nullable && rv.Kind() == reflect.Slice && rv.IsNil() {
+ rv.Set(emptyBytes)
+ }
+ if nullable {
+ mi.setPresent(p, index)
+ }
+ },
+ newField: func() protoreflect.Value {
+ return conv.New()
+ },
+ }
+}
+
+func (mi *MessageInfo) fieldInfoForMessageOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo {
+ ft := fs.Type
+ conv := NewConverter(ft, fd)
+ fieldOffset := offsetOf(fs)
+ index, _ := presenceIndex(mi.Desc, fd)
+ fieldNumber := fd.Number()
+ elemType := fs.Type.Elem()
+ return fieldInfo{
+ fieldDesc: fd,
+ has: func(p pointer) bool {
+ if p.IsNil() {
+ return false
+ }
+ return mi.present(p, index)
+ },
+ clear: func(p pointer) {
+ mi.clearPresent(p, index)
+ p.Apply(fieldOffset).AtomicSetNilPointer()
+ },
+ get: func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ fp := p.Apply(fieldOffset)
+ mp := fp.AtomicGetPointer()
+ if mp.IsNil() {
+ // Lazily unmarshal this field.
+ mi.lazyUnmarshal(p, fieldNumber)
+ mp = fp.AtomicGetPointer()
+ }
+ rv := mp.AsValueOf(elemType)
+ return conv.PBValueOf(rv)
+ },
+ set: func(p pointer, v protoreflect.Value) {
+ val := pointerOfValue(conv.GoValueOf(v))
+ if val.IsNil() {
+ panic("invalid nil pointer")
+ }
+ p.Apply(fieldOffset).AtomicSetPointer(val)
+ mi.setPresent(p, index)
+ },
+ mutable: func(p pointer) protoreflect.Value {
+ fp := p.Apply(fieldOffset)
+ mp := fp.AtomicGetPointer()
+ if mp.IsNil() {
+ if mi.present(p, index) {
+ // Lazily unmarshal this field.
+ mi.lazyUnmarshal(p, fieldNumber)
+ mp = fp.AtomicGetPointer()
+ } else {
+ mp = pointerOfValue(conv.GoValueOf(conv.New()))
+ fp.AtomicSetPointer(mp)
+ mi.setPresent(p, index)
+ }
+ }
+ return conv.PBValueOf(mp.AsValueOf(fs.Type.Elem()))
+ },
+ newMessage: func() protoreflect.Message {
+ return conv.New().Message()
+ },
+ newField: func() protoreflect.Value {
+ return conv.New()
+ },
+ }
+}
+
+// A presenceList wraps a List, updating presence bits as necessary when the
+// list contents change.
+type presenceList struct {
+ pvalueList
+ setPresence func(bool)
+}
+type pvalueList interface {
+ protoreflect.List
+ //Unwrapper
+}
+
+func (list presenceList) Append(v protoreflect.Value) {
+ list.pvalueList.Append(v)
+ list.setPresence(true)
+}
+func (list presenceList) Truncate(i int) {
+ list.pvalueList.Truncate(i)
+ list.setPresence(i > 0)
+}
+
+// presenceIndex returns the index to pass to presence functions.
+//
+// TODO: field.Desc.Index() would be simpler, and would give space to record the presence of oneof fields.
+func presenceIndex(md protoreflect.MessageDescriptor, fd protoreflect.FieldDescriptor) (uint32, presenceSize) {
+ found := false
+ var index, numIndices uint32
+ for i := 0; i < md.Fields().Len(); i++ {
+ f := md.Fields().Get(i)
+ if f == fd {
+ found = true
+ index = numIndices
+ }
+ if f.ContainingOneof() == nil || isLastOneofField(f) {
+ numIndices++
+ }
+ }
+ if !found {
+ panic(fmt.Sprintf("BUG: %v not in %v", fd.Name(), md.FullName()))
+ }
+ return index, presenceSize(numIndices)
+}
+
+func isLastOneofField(fd protoreflect.FieldDescriptor) bool {
+ fields := fd.ContainingOneof().Fields()
+ return fields.Get(fields.Len()-1) == fd
+}
+
+func (mi *MessageInfo) setPresent(p pointer, index uint32) {
+ p.Apply(mi.presenceOffset).PresenceInfo().SetPresent(index, mi.presenceSize)
+}
+
+func (mi *MessageInfo) clearPresent(p pointer, index uint32) {
+ p.Apply(mi.presenceOffset).PresenceInfo().ClearPresent(index)
+}
+
+func (mi *MessageInfo) present(p pointer, index uint32) bool {
+ return p.Apply(mi.presenceOffset).PresenceInfo().Present(index)
+}
+
+// usePresenceForField implements the somewhat intricate logic of when
+// the presence bitmap is used for a field. The main logic is that a
+// field that is optional or that can be lazy will use the presence
+// bit, but for proto2, also maps have a presence bit. It also records
+// if the field can ever be lazy, which is true if we have a
+// lazyOffset and the field is a message or a slice of messages. A
+// field that is lazy will always need a presence bit. Oneofs are not
+// lazy and do not use presence, unless they are a synthetic oneof,
+// which is a proto3 optional field. For proto3 optionals, we use the
+// presence and they can also be lazy when applicable (a message).
+func usePresenceForField(si opaqueStructInfo, fd protoreflect.FieldDescriptor) (usePresence, canBeLazy bool) {
+ hasLazyField := fd.(interface{ IsLazy() bool }).IsLazy()
+
+ // Non-oneof scalar fields with explicit field presence use the presence array.
+ usesPresenceArray := fd.HasPresence() && fd.Message() == nil && (fd.ContainingOneof() == nil || fd.ContainingOneof().IsSynthetic())
+ switch {
+ case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic():
+ return false, false
+ case fd.IsMap():
+ return false, false
+ case fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind:
+ return hasLazyField, hasLazyField
+ default:
+ return usesPresenceArray || (hasLazyField && fd.HasPresence()), false
+ }
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_opaque_gen.go b/vendor/google.golang.org/protobuf/internal/impl/message_opaque_gen.go
new file mode 100644
index 0000000000..a69825699a
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/message_opaque_gen.go
@@ -0,0 +1,132 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Code generated by generate-types. DO NOT EDIT.
+
+package impl
+
+import (
+ "reflect"
+
+ "google.golang.org/protobuf/reflect/protoreflect"
+)
+
+func getterForOpaqueNullableScalar(mi *MessageInfo, index uint32, fd protoreflect.FieldDescriptor, fs reflect.StructField, conv Converter, fieldOffset offset) func(p pointer) protoreflect.Value {
+ ft := fs.Type
+ if ft.Kind() == reflect.Ptr {
+ ft = ft.Elem()
+ }
+ if fd.Kind() == protoreflect.EnumKind {
+ // Enums for nullable opaque types.
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ return conv.PBValueOf(rv)
+ }
+ }
+ switch ft.Kind() {
+ case reflect.Bool:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Bool()
+ return protoreflect.ValueOfBool(*x)
+ }
+ case reflect.Int32:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Int32()
+ return protoreflect.ValueOfInt32(*x)
+ }
+ case reflect.Uint32:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Uint32()
+ return protoreflect.ValueOfUint32(*x)
+ }
+ case reflect.Int64:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Int64()
+ return protoreflect.ValueOfInt64(*x)
+ }
+ case reflect.Uint64:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Uint64()
+ return protoreflect.ValueOfUint64(*x)
+ }
+ case reflect.Float32:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Float32()
+ return protoreflect.ValueOfFloat32(*x)
+ }
+ case reflect.Float64:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Float64()
+ return protoreflect.ValueOfFloat64(*x)
+ }
+ case reflect.String:
+ if fd.Kind() == protoreflect.BytesKind {
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).StringPtr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ if len(**x) == 0 {
+ return protoreflect.ValueOfBytes(nil)
+ }
+ return protoreflect.ValueOfBytes([]byte(**x))
+ }
+ }
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).StringPtr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfString(**x)
+ }
+ case reflect.Slice:
+ if fd.Kind() == protoreflect.StringKind {
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Bytes()
+ return protoreflect.ValueOfString(string(*x))
+ }
+ }
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() || !mi.present(p, index) {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Bytes()
+ return protoreflect.ValueOfBytes(*x)
+ }
+ }
+ panic("unexpected protobuf kind: " + ft.Kind().String())
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go
index ecb4623d70..0d20132fa2 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go
@@ -72,8 +72,6 @@ func (mi *MessageInfo) makeKnownFieldsFunc(si structInfo) {
fi = fieldInfoForMap(fd, fs, mi.Exporter)
case fd.IsList():
fi = fieldInfoForList(fd, fs, mi.Exporter)
- case fd.IsWeak():
- fi = fieldInfoForWeakMessage(fd, si.weakOffset)
case fd.Message() != nil:
fi = fieldInfoForMessage(fd, fs, mi.Exporter)
default:
@@ -205,6 +203,11 @@ func (mi *MessageInfo) makeFieldTypes(si structInfo) {
case fd.IsList():
if fd.Enum() != nil || fd.Message() != nil {
ft = fs.Type.Elem()
+
+ if ft.Kind() == reflect.Slice {
+ ft = ft.Elem()
+ }
+
}
isMessage = fd.Message() != nil
case fd.Enum() != nil:
@@ -214,9 +217,6 @@ func (mi *MessageInfo) makeFieldTypes(si structInfo) {
}
case fd.Message() != nil:
ft = fs.Type
- if fd.IsWeak() {
- ft = nil
- }
isMessage = true
}
if isMessage && ft != nil && ft.Kind() != reflect.Ptr {
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go
index 986322b195..68d4ae32ec 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go
@@ -8,11 +8,8 @@ import (
"fmt"
"math"
"reflect"
- "sync"
- "google.golang.org/protobuf/internal/flags"
"google.golang.org/protobuf/reflect/protoreflect"
- "google.golang.org/protobuf/reflect/protoregistry"
)
type fieldInfo struct {
@@ -76,7 +73,7 @@ func fieldInfoForOneof(fd protoreflect.FieldDescriptor, fs reflect.StructField,
isMessage := fd.Message() != nil
// TODO: Implement unsafe fast path?
- fieldOffset := offsetOf(fs, x)
+ fieldOffset := offsetOf(fs)
return fieldInfo{
// NOTE: The logic below intentionally assumes that oneof fields are
// well-formatted. That is, the oneof interface never contains a
@@ -152,7 +149,7 @@ func fieldInfoForMap(fd protoreflect.FieldDescriptor, fs reflect.StructField, x
conv := NewConverter(ft, fd)
// TODO: Implement unsafe fast path?
- fieldOffset := offsetOf(fs, x)
+ fieldOffset := offsetOf(fs)
return fieldInfo{
fieldDesc: fd,
has: func(p pointer) bool {
@@ -205,7 +202,7 @@ func fieldInfoForList(fd protoreflect.FieldDescriptor, fs reflect.StructField, x
conv := NewConverter(reflect.PtrTo(ft), fd)
// TODO: Implement unsafe fast path?
- fieldOffset := offsetOf(fs, x)
+ fieldOffset := offsetOf(fs)
return fieldInfo{
fieldDesc: fd,
has: func(p pointer) bool {
@@ -256,6 +253,7 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField,
ft := fs.Type
nullable := fd.HasPresence()
isBytes := ft.Kind() == reflect.Slice && ft.Elem().Kind() == reflect.Uint8
+ var getter func(p pointer) protoreflect.Value
if nullable {
if ft.Kind() != reflect.Ptr && ft.Kind() != reflect.Slice {
// This never occurs for generated message types.
@@ -268,19 +266,25 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField,
}
}
conv := NewConverter(ft, fd)
+ fieldOffset := offsetOf(fs)
+
+ // Generate specialized getter functions to avoid going through reflect.Value
+ if nullable {
+ getter = getterForNullableScalar(fd, fs, conv, fieldOffset)
+ } else {
+ getter = getterForDirectScalar(fd, fs, conv, fieldOffset)
+ }
- // TODO: Implement unsafe fast path?
- fieldOffset := offsetOf(fs, x)
return fieldInfo{
fieldDesc: fd,
has: func(p pointer) bool {
if p.IsNil() {
return false
}
- rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
if nullable {
- return !rv.IsNil()
+ return !p.Apply(fieldOffset).Elem().IsNil()
}
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
switch rv.Kind() {
case reflect.Bool:
return rv.Bool()
@@ -300,21 +304,8 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField,
rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
rv.Set(reflect.Zero(rv.Type()))
},
- get: func(p pointer) protoreflect.Value {
- if p.IsNil() {
- return conv.Zero()
- }
- rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
- if nullable {
- if rv.IsNil() {
- return conv.Zero()
- }
- if rv.Kind() == reflect.Ptr {
- rv = rv.Elem()
- }
- }
- return conv.PBValueOf(rv)
- },
+ get: getter,
+ // TODO: Implement unsafe fast path for set?
set: func(p pointer, v protoreflect.Value) {
rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
if nullable && rv.Kind() == reflect.Ptr {
@@ -338,85 +329,12 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField,
}
}
-func fieldInfoForWeakMessage(fd protoreflect.FieldDescriptor, weakOffset offset) fieldInfo {
- if !flags.ProtoLegacy {
- panic("no support for proto1 weak fields")
- }
-
- var once sync.Once
- var messageType protoreflect.MessageType
- lazyInit := func() {
- once.Do(func() {
- messageName := fd.Message().FullName()
- messageType, _ = protoregistry.GlobalTypes.FindMessageByName(messageName)
- if messageType == nil {
- panic(fmt.Sprintf("weak message %v for field %v is not linked in", messageName, fd.FullName()))
- }
- })
- }
-
- num := fd.Number()
- return fieldInfo{
- fieldDesc: fd,
- has: func(p pointer) bool {
- if p.IsNil() {
- return false
- }
- _, ok := p.Apply(weakOffset).WeakFields().get(num)
- return ok
- },
- clear: func(p pointer) {
- p.Apply(weakOffset).WeakFields().clear(num)
- },
- get: func(p pointer) protoreflect.Value {
- lazyInit()
- if p.IsNil() {
- return protoreflect.ValueOfMessage(messageType.Zero())
- }
- m, ok := p.Apply(weakOffset).WeakFields().get(num)
- if !ok {
- return protoreflect.ValueOfMessage(messageType.Zero())
- }
- return protoreflect.ValueOfMessage(m.ProtoReflect())
- },
- set: func(p pointer, v protoreflect.Value) {
- lazyInit()
- m := v.Message()
- if m.Descriptor() != messageType.Descriptor() {
- if got, want := m.Descriptor().FullName(), messageType.Descriptor().FullName(); got != want {
- panic(fmt.Sprintf("field %v has mismatching message descriptor: got %v, want %v", fd.FullName(), got, want))
- }
- panic(fmt.Sprintf("field %v has mismatching message descriptor: %v", fd.FullName(), m.Descriptor().FullName()))
- }
- p.Apply(weakOffset).WeakFields().set(num, m.Interface())
- },
- mutable: func(p pointer) protoreflect.Value {
- lazyInit()
- fs := p.Apply(weakOffset).WeakFields()
- m, ok := fs.get(num)
- if !ok {
- m = messageType.New().Interface()
- fs.set(num, m)
- }
- return protoreflect.ValueOfMessage(m.ProtoReflect())
- },
- newMessage: func() protoreflect.Message {
- lazyInit()
- return messageType.New()
- },
- newField: func() protoreflect.Value {
- lazyInit()
- return protoreflect.ValueOfMessage(messageType.New())
- },
- }
-}
-
func fieldInfoForMessage(fd protoreflect.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo {
ft := fs.Type
conv := NewConverter(ft, fd)
// TODO: Implement unsafe fast path?
- fieldOffset := offsetOf(fs, x)
+ fieldOffset := offsetOf(fs)
return fieldInfo{
fieldDesc: fd,
has: func(p pointer) bool {
@@ -425,7 +343,7 @@ func fieldInfoForMessage(fd protoreflect.FieldDescriptor, fs reflect.StructField
}
rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
if fs.Type.Kind() != reflect.Ptr {
- return !isZero(rv)
+ return !rv.IsZero()
}
return !rv.IsNil()
},
@@ -472,7 +390,7 @@ func makeOneofInfo(od protoreflect.OneofDescriptor, si structInfo, x exporter) *
oi := &oneofInfo{oneofDesc: od}
if od.IsSynthetic() {
fs := si.fieldsByNumber[od.Fields().Get(0).Number()]
- fieldOffset := offsetOf(fs, x)
+ fieldOffset := offsetOf(fs)
oi.which = func(p pointer) protoreflect.FieldNumber {
if p.IsNil() {
return 0
@@ -485,7 +403,7 @@ func makeOneofInfo(od protoreflect.OneofDescriptor, si structInfo, x exporter) *
}
} else {
fs := si.oneofsByName[od.Name()]
- fieldOffset := offsetOf(fs, x)
+ fieldOffset := offsetOf(fs)
oi.which = func(p pointer) protoreflect.FieldNumber {
if p.IsNil() {
return 0
@@ -503,41 +421,3 @@ func makeOneofInfo(od protoreflect.OneofDescriptor, si structInfo, x exporter) *
}
return oi
}
-
-// isZero is identical to reflect.Value.IsZero.
-// TODO: Remove this when Go1.13 is the minimally supported Go version.
-func isZero(v reflect.Value) bool {
- switch v.Kind() {
- case reflect.Bool:
- return !v.Bool()
- case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
- return v.Int() == 0
- case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
- return v.Uint() == 0
- case reflect.Float32, reflect.Float64:
- return math.Float64bits(v.Float()) == 0
- case reflect.Complex64, reflect.Complex128:
- c := v.Complex()
- return math.Float64bits(real(c)) == 0 && math.Float64bits(imag(c)) == 0
- case reflect.Array:
- for i := 0; i < v.Len(); i++ {
- if !isZero(v.Index(i)) {
- return false
- }
- }
- return true
- case reflect.Chan, reflect.Func, reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice, reflect.UnsafePointer:
- return v.IsNil()
- case reflect.String:
- return v.Len() == 0
- case reflect.Struct:
- for i := 0; i < v.NumField(); i++ {
- if !isZero(v.Field(i)) {
- return false
- }
- }
- return true
- default:
- panic(&reflect.ValueError{Method: "reflect.Value.IsZero", Kind: v.Kind()})
- }
-}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field_gen.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field_gen.go
new file mode 100644
index 0000000000..af5e063a1e
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field_gen.go
@@ -0,0 +1,273 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Code generated by generate-types. DO NOT EDIT.
+
+package impl
+
+import (
+ "reflect"
+
+ "google.golang.org/protobuf/reflect/protoreflect"
+)
+
+func getterForNullableScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, conv Converter, fieldOffset offset) func(p pointer) protoreflect.Value {
+ ft := fs.Type
+ if ft.Kind() == reflect.Ptr {
+ ft = ft.Elem()
+ }
+ if fd.Kind() == protoreflect.EnumKind {
+ elemType := fs.Type.Elem()
+ // Enums for nullable types.
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ rv := p.Apply(fieldOffset).Elem().AsValueOf(elemType)
+ if rv.IsNil() {
+ return conv.Zero()
+ }
+ return conv.PBValueOf(rv.Elem())
+ }
+ }
+ switch ft.Kind() {
+ case reflect.Bool:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).BoolPtr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfBool(**x)
+ }
+ case reflect.Int32:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Int32Ptr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfInt32(**x)
+ }
+ case reflect.Uint32:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Uint32Ptr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfUint32(**x)
+ }
+ case reflect.Int64:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Int64Ptr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfInt64(**x)
+ }
+ case reflect.Uint64:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Uint64Ptr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfUint64(**x)
+ }
+ case reflect.Float32:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Float32Ptr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfFloat32(**x)
+ }
+ case reflect.Float64:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Float64Ptr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfFloat64(**x)
+ }
+ case reflect.String:
+ if fd.Kind() == protoreflect.BytesKind {
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).StringPtr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ if len(**x) == 0 {
+ return protoreflect.ValueOfBytes(nil)
+ }
+ return protoreflect.ValueOfBytes([]byte(**x))
+ }
+ }
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).StringPtr()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfString(**x)
+ }
+ case reflect.Slice:
+ if fd.Kind() == protoreflect.StringKind {
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Bytes()
+ if len(*x) == 0 {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfString(string(*x))
+ }
+ }
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Bytes()
+ if *x == nil {
+ return conv.Zero()
+ }
+ return protoreflect.ValueOfBytes(*x)
+ }
+ }
+ panic("unexpected protobuf kind: " + ft.Kind().String())
+}
+
+func getterForDirectScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, conv Converter, fieldOffset offset) func(p pointer) protoreflect.Value {
+ ft := fs.Type
+ if fd.Kind() == protoreflect.EnumKind {
+ // Enums for non nullable types.
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem()
+ return conv.PBValueOf(rv)
+ }
+ }
+ switch ft.Kind() {
+ case reflect.Bool:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Bool()
+ return protoreflect.ValueOfBool(*x)
+ }
+ case reflect.Int32:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Int32()
+ return protoreflect.ValueOfInt32(*x)
+ }
+ case reflect.Uint32:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Uint32()
+ return protoreflect.ValueOfUint32(*x)
+ }
+ case reflect.Int64:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Int64()
+ return protoreflect.ValueOfInt64(*x)
+ }
+ case reflect.Uint64:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Uint64()
+ return protoreflect.ValueOfUint64(*x)
+ }
+ case reflect.Float32:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Float32()
+ return protoreflect.ValueOfFloat32(*x)
+ }
+ case reflect.Float64:
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Float64()
+ return protoreflect.ValueOfFloat64(*x)
+ }
+ case reflect.String:
+ if fd.Kind() == protoreflect.BytesKind {
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).String()
+ if len(*x) == 0 {
+ return protoreflect.ValueOfBytes(nil)
+ }
+ return protoreflect.ValueOfBytes([]byte(*x))
+ }
+ }
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).String()
+ return protoreflect.ValueOfString(*x)
+ }
+ case reflect.Slice:
+ if fd.Kind() == protoreflect.StringKind {
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Bytes()
+ return protoreflect.ValueOfString(string(*x))
+ }
+ }
+ return func(p pointer) protoreflect.Value {
+ if p.IsNil() {
+ return conv.Zero()
+ }
+ x := p.Apply(fieldOffset).Bytes()
+ return protoreflect.ValueOfBytes(*x)
+ }
+ }
+ panic("unexpected protobuf kind: " + ft.Kind().String())
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go
index 79e186667b..62f8bf663e 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go
@@ -8,6 +8,8 @@ import (
"reflect"
"sync/atomic"
"unsafe"
+
+ "google.golang.org/protobuf/internal/protolazy"
)
const UnsafeEnabled = true
@@ -20,7 +22,7 @@ type Pointer unsafe.Pointer
type offset uintptr
// offsetOf returns a field offset for the struct field.
-func offsetOf(f reflect.StructField, x exporter) offset {
+func offsetOf(f reflect.StructField) offset {
return offset(f.Offset)
}
@@ -109,8 +111,14 @@ func (p pointer) StringSlice() *[]string { return (*[]string)(p.p
func (p pointer) Bytes() *[]byte { return (*[]byte)(p.p) }
func (p pointer) BytesPtr() **[]byte { return (**[]byte)(p.p) }
func (p pointer) BytesSlice() *[][]byte { return (*[][]byte)(p.p) }
-func (p pointer) WeakFields() *weakFields { return (*weakFields)(p.p) }
func (p pointer) Extensions() *map[int32]ExtensionField { return (*map[int32]ExtensionField)(p.p) }
+func (p pointer) LazyInfoPtr() **protolazy.XXX_lazyUnmarshalInfo {
+ return (**protolazy.XXX_lazyUnmarshalInfo)(p.p)
+}
+
+func (p pointer) PresenceInfo() presence {
+ return presence{P: p.p}
+}
func (p pointer) Elem() pointer {
return pointer{p: *(*unsafe.Pointer)(p.p)}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe_opaque.go
new file mode 100644
index 0000000000..38aa7b7dcf
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe_opaque.go
@@ -0,0 +1,42 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+import (
+ "sync/atomic"
+ "unsafe"
+)
+
+func (p pointer) AtomicGetPointer() pointer {
+ return pointer{p: atomic.LoadPointer((*unsafe.Pointer)(p.p))}
+}
+
+func (p pointer) AtomicSetPointer(v pointer) {
+ atomic.StorePointer((*unsafe.Pointer)(p.p), v.p)
+}
+
+func (p pointer) AtomicSetNilPointer() {
+ atomic.StorePointer((*unsafe.Pointer)(p.p), unsafe.Pointer(nil))
+}
+
+func (p pointer) AtomicSetPointerIfNil(v pointer) pointer {
+ if atomic.CompareAndSwapPointer((*unsafe.Pointer)(p.p), unsafe.Pointer(nil), v.p) {
+ return v
+ }
+ return pointer{p: atomic.LoadPointer((*unsafe.Pointer)(p.p))}
+}
+
+type atomicV1MessageInfo struct{ p Pointer }
+
+func (mi *atomicV1MessageInfo) Get() Pointer {
+ return Pointer(atomic.LoadPointer((*unsafe.Pointer)(&mi.p)))
+}
+
+func (mi *atomicV1MessageInfo) SetIfNil(p Pointer) Pointer {
+ if atomic.CompareAndSwapPointer((*unsafe.Pointer)(&mi.p), nil, unsafe.Pointer(p)) {
+ return p
+ }
+ return mi.Get()
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/presence.go b/vendor/google.golang.org/protobuf/internal/impl/presence.go
new file mode 100644
index 0000000000..914cb1deda
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/presence.go
@@ -0,0 +1,142 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+import (
+ "sync/atomic"
+ "unsafe"
+)
+
+// presenceSize represents the size of a presence set, which should be the largest index of the set+1
+type presenceSize uint32
+
+// presence is the internal representation of the bitmap array in a generated protobuf
+type presence struct {
+ // This is a pointer to the beginning of an array of uint32
+ P unsafe.Pointer
+}
+
+func (p presence) toElem(num uint32) (ret *uint32) {
+ const (
+ bitsPerByte = 8
+ siz = unsafe.Sizeof(*ret)
+ )
+ // p.P points to an array of uint32, num is the bit in this array that the
+ // caller wants to check/manipulate. Calculate the index in the array that
+ // contains this specific bit. E.g.: 76 / 32 = 2 (integer division).
+ offset := uintptr(num) / (siz * bitsPerByte) * siz
+ return (*uint32)(unsafe.Pointer(uintptr(p.P) + offset))
+}
+
+// Present checks for the presence of a specific field number in a presence set.
+func (p presence) Present(num uint32) bool {
+ if p.P == nil {
+ return false
+ }
+ return Export{}.Present(p.toElem(num), num)
+}
+
+// SetPresent adds presence for a specific field number in a presence set.
+func (p presence) SetPresent(num uint32, size presenceSize) {
+ Export{}.SetPresent(p.toElem(num), num, uint32(size))
+}
+
+// SetPresentUnatomic adds presence for a specific field number in a presence set without using
+// atomic operations. Only to be called during unmarshaling.
+func (p presence) SetPresentUnatomic(num uint32, size presenceSize) {
+ Export{}.SetPresentNonAtomic(p.toElem(num), num, uint32(size))
+}
+
+// ClearPresent removes presence for a specific field number in a presence set.
+func (p presence) ClearPresent(num uint32) {
+ Export{}.ClearPresent(p.toElem(num), num)
+}
+
+// LoadPresenceCache (together with PresentInCache) allows for a
+// cached version of checking for presence without re-reading the word
+// for every field. It is optimized for efficiency and assumes no
+// simltaneous mutation of the presence set (or at least does not have
+// a problem with simultaneous mutation giving inconsistent results).
+func (p presence) LoadPresenceCache() (current uint32) {
+ if p.P == nil {
+ return 0
+ }
+ return atomic.LoadUint32((*uint32)(p.P))
+}
+
+// PresentInCache reads presence from a cached word in the presence
+// bitmap. It caches up a new word if the bit is outside the
+// word. This is for really fast iteration through bitmaps in cases
+// where we either know that the bitmap will not be altered, or we
+// don't care about inconsistencies caused by simultaneous writes.
+func (p presence) PresentInCache(num uint32, cachedElement *uint32, current *uint32) bool {
+ if num/32 != *cachedElement {
+ o := uintptr(num/32) * unsafe.Sizeof(uint32(0))
+ q := (*uint32)(unsafe.Pointer(uintptr(p.P) + o))
+ *current = atomic.LoadUint32(q)
+ *cachedElement = num / 32
+ }
+ return (*current & (1 << (num % 32))) > 0
+}
+
+// AnyPresent checks if any field is marked as present in the bitmap.
+func (p presence) AnyPresent(size presenceSize) bool {
+ n := uintptr((size + 31) / 32)
+ for j := uintptr(0); j < n; j++ {
+ o := j * unsafe.Sizeof(uint32(0))
+ q := (*uint32)(unsafe.Pointer(uintptr(p.P) + o))
+ b := atomic.LoadUint32(q)
+ if b > 0 {
+ return true
+ }
+ }
+ return false
+}
+
+// toRaceDetectData finds the preceding RaceDetectHookData in a
+// message by using pointer arithmetic. As the type of the presence
+// set (bitmap) varies with the number of fields in the protobuf, we
+// can not have a struct type containing the array and the
+// RaceDetectHookData. instead the RaceDetectHookData is placed
+// immediately before the bitmap array, and we find it by walking
+// backwards in the struct.
+//
+// This method is only called from the race-detect version of the code,
+// so RaceDetectHookData is never an empty struct.
+func (p presence) toRaceDetectData() *RaceDetectHookData {
+ var template struct {
+ d RaceDetectHookData
+ a [1]uint32
+ }
+ o := (uintptr(unsafe.Pointer(&template.a)) - uintptr(unsafe.Pointer(&template.d)))
+ return (*RaceDetectHookData)(unsafe.Pointer(uintptr(p.P) - o))
+}
+
+func atomicLoadShadowPresence(p **[]byte) *[]byte {
+ return (*[]byte)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
+}
+func atomicStoreShadowPresence(p **[]byte, v *[]byte) {
+ atomic.CompareAndSwapPointer((*unsafe.Pointer)(unsafe.Pointer(p)), nil, unsafe.Pointer(v))
+}
+
+// findPointerToRaceDetectData finds the preceding RaceDetectHookData
+// in a message by using pointer arithmetic. For the methods called
+// directy from generated code, we don't have a pointer to the
+// beginning of the presence set, but a pointer inside the array. As
+// we know the index of the bit we're manipulating (num), we can
+// calculate which element of the array ptr is pointing to. With that
+// information we find the preceding RaceDetectHookData and can
+// manipulate the shadow bitmap.
+//
+// This method is only called from the race-detect version of the
+// code, so RaceDetectHookData is never an empty struct.
+func findPointerToRaceDetectData(ptr *uint32, num uint32) *RaceDetectHookData {
+ var template struct {
+ d RaceDetectHookData
+ a [1]uint32
+ }
+ o := (uintptr(unsafe.Pointer(&template.a)) - uintptr(unsafe.Pointer(&template.d))) + uintptr(num/32)*unsafe.Sizeof(uint32(0))
+ return (*RaceDetectHookData)(unsafe.Pointer(uintptr(unsafe.Pointer(ptr)) - o))
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/validate.go b/vendor/google.golang.org/protobuf/internal/impl/validate.go
index a24e6bbd7a..7b2995dde5 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/validate.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/validate.go
@@ -37,6 +37,10 @@ const (
// ValidationValid indicates that unmarshaling the message will succeed.
ValidationValid
+
+ // ValidationWrongWireType indicates that a validated field does not have
+ // the expected wire type.
+ ValidationWrongWireType
)
func (v ValidationStatus) String() string {
@@ -149,11 +153,23 @@ func newValidationInfo(fd protoreflect.FieldDescriptor, ft reflect.Type) validat
switch fd.Kind() {
case protoreflect.MessageKind:
vi.typ = validationTypeMessage
+
+ if ft.Kind() == reflect.Ptr {
+ // Repeated opaque message fields are *[]*T.
+ ft = ft.Elem()
+ }
+
if ft.Kind() == reflect.Slice {
vi.mi = getMessageInfo(ft.Elem())
}
case protoreflect.GroupKind:
vi.typ = validationTypeGroup
+
+ if ft.Kind() == reflect.Ptr {
+ // Repeated opaque message fields are *[]*T.
+ ft = ft.Elem()
+ }
+
if ft.Kind() == reflect.Slice {
vi.mi = getMessageInfo(ft.Elem())
}
@@ -195,9 +211,7 @@ func newValidationInfo(fd protoreflect.FieldDescriptor, ft reflect.Type) validat
switch fd.Kind() {
case protoreflect.MessageKind:
vi.typ = validationTypeMessage
- if !fd.IsWeak() {
- vi.mi = getMessageInfo(ft)
- }
+ vi.mi = getMessageInfo(ft)
case protoreflect.GroupKind:
vi.typ = validationTypeGroup
vi.mi = getMessageInfo(ft)
@@ -304,26 +318,6 @@ State:
}
if f != nil {
vi = f.validation
- if vi.typ == validationTypeMessage && vi.mi == nil {
- // Probable weak field.
- //
- // TODO: Consider storing the results of this lookup somewhere
- // rather than recomputing it on every validation.
- fd := st.mi.Desc.Fields().ByNumber(num)
- if fd == nil || !fd.IsWeak() {
- break
- }
- messageName := fd.Message().FullName()
- messageType, err := protoregistry.GlobalTypes.FindMessageByName(messageName)
- switch err {
- case nil:
- vi.mi, _ = messageType.(*MessageInfo)
- case protoregistry.NotFound:
- vi.typ = validationTypeBytes
- default:
- return out, ValidationUnknown
- }
- }
break
}
// Possible extension field.
diff --git a/vendor/google.golang.org/protobuf/internal/impl/weak.go b/vendor/google.golang.org/protobuf/internal/impl/weak.go
deleted file mode 100644
index eb79a7ba94..0000000000
--- a/vendor/google.golang.org/protobuf/internal/impl/weak.go
+++ /dev/null
@@ -1,74 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package impl
-
-import (
- "fmt"
-
- "google.golang.org/protobuf/reflect/protoreflect"
- "google.golang.org/protobuf/reflect/protoregistry"
-)
-
-// weakFields adds methods to the exported WeakFields type for internal use.
-//
-// The exported type is an alias to an unnamed type, so methods can't be
-// defined directly on it.
-type weakFields WeakFields
-
-func (w weakFields) get(num protoreflect.FieldNumber) (protoreflect.ProtoMessage, bool) {
- m, ok := w[int32(num)]
- return m, ok
-}
-
-func (w *weakFields) set(num protoreflect.FieldNumber, m protoreflect.ProtoMessage) {
- if *w == nil {
- *w = make(weakFields)
- }
- (*w)[int32(num)] = m
-}
-
-func (w *weakFields) clear(num protoreflect.FieldNumber) {
- delete(*w, int32(num))
-}
-
-func (Export) HasWeak(w WeakFields, num protoreflect.FieldNumber) bool {
- _, ok := w[int32(num)]
- return ok
-}
-
-func (Export) ClearWeak(w *WeakFields, num protoreflect.FieldNumber) {
- delete(*w, int32(num))
-}
-
-func (Export) GetWeak(w WeakFields, num protoreflect.FieldNumber, name protoreflect.FullName) protoreflect.ProtoMessage {
- if m, ok := w[int32(num)]; ok {
- return m
- }
- mt, _ := protoregistry.GlobalTypes.FindMessageByName(name)
- if mt == nil {
- panic(fmt.Sprintf("message %v for weak field is not linked in", name))
- }
- return mt.Zero().Interface()
-}
-
-func (Export) SetWeak(w *WeakFields, num protoreflect.FieldNumber, name protoreflect.FullName, m protoreflect.ProtoMessage) {
- if m != nil {
- mt, _ := protoregistry.GlobalTypes.FindMessageByName(name)
- if mt == nil {
- panic(fmt.Sprintf("message %v for weak field is not linked in", name))
- }
- if mt != m.ProtoReflect().Type() {
- panic(fmt.Sprintf("invalid message type for weak field: got %T, want %T", m, mt.Zero().Interface()))
- }
- }
- if m == nil || !m.ProtoReflect().IsValid() {
- delete(*w, int32(num))
- return
- }
- if *w == nil {
- *w = make(weakFields)
- }
- (*w)[int32(num)] = m
-}
diff --git a/vendor/google.golang.org/protobuf/internal/protolazy/bufferreader.go b/vendor/google.golang.org/protobuf/internal/protolazy/bufferreader.go
new file mode 100644
index 0000000000..82e5cab4aa
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/protolazy/bufferreader.go
@@ -0,0 +1,364 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Helper code for parsing a protocol buffer
+
+package protolazy
+
+import (
+ "errors"
+ "fmt"
+ "io"
+
+ "google.golang.org/protobuf/encoding/protowire"
+)
+
+// BufferReader is a structure encapsulating a protobuf and a current position
+type BufferReader struct {
+ Buf []byte
+ Pos int
+}
+
+// NewBufferReader creates a new BufferRead from a protobuf
+func NewBufferReader(buf []byte) BufferReader {
+ return BufferReader{Buf: buf, Pos: 0}
+}
+
+var errOutOfBounds = errors.New("protobuf decoding: out of bounds")
+var errOverflow = errors.New("proto: integer overflow")
+
+func (b *BufferReader) DecodeVarintSlow() (x uint64, err error) {
+ i := b.Pos
+ l := len(b.Buf)
+
+ for shift := uint(0); shift < 64; shift += 7 {
+ if i >= l {
+ err = io.ErrUnexpectedEOF
+ return
+ }
+ v := b.Buf[i]
+ i++
+ x |= (uint64(v) & 0x7F) << shift
+ if v < 0x80 {
+ b.Pos = i
+ return
+ }
+ }
+
+ // The number is too large to represent in a 64-bit value.
+ err = errOverflow
+ return
+}
+
+// decodeVarint decodes a varint at the current position
+func (b *BufferReader) DecodeVarint() (x uint64, err error) {
+ i := b.Pos
+ buf := b.Buf
+
+ if i >= len(buf) {
+ return 0, io.ErrUnexpectedEOF
+ } else if buf[i] < 0x80 {
+ b.Pos++
+ return uint64(buf[i]), nil
+ } else if len(buf)-i < 10 {
+ return b.DecodeVarintSlow()
+ }
+
+ var v uint64
+ // we already checked the first byte
+ x = uint64(buf[i]) & 127
+ i++
+
+ v = uint64(buf[i])
+ i++
+ x |= (v & 127) << 7
+ if v < 128 {
+ goto done
+ }
+
+ v = uint64(buf[i])
+ i++
+ x |= (v & 127) << 14
+ if v < 128 {
+ goto done
+ }
+
+ v = uint64(buf[i])
+ i++
+ x |= (v & 127) << 21
+ if v < 128 {
+ goto done
+ }
+
+ v = uint64(buf[i])
+ i++
+ x |= (v & 127) << 28
+ if v < 128 {
+ goto done
+ }
+
+ v = uint64(buf[i])
+ i++
+ x |= (v & 127) << 35
+ if v < 128 {
+ goto done
+ }
+
+ v = uint64(buf[i])
+ i++
+ x |= (v & 127) << 42
+ if v < 128 {
+ goto done
+ }
+
+ v = uint64(buf[i])
+ i++
+ x |= (v & 127) << 49
+ if v < 128 {
+ goto done
+ }
+
+ v = uint64(buf[i])
+ i++
+ x |= (v & 127) << 56
+ if v < 128 {
+ goto done
+ }
+
+ v = uint64(buf[i])
+ i++
+ x |= (v & 127) << 63
+ if v < 128 {
+ goto done
+ }
+
+ return 0, errOverflow
+
+done:
+ b.Pos = i
+ return
+}
+
+// decodeVarint32 decodes a varint32 at the current position
+func (b *BufferReader) DecodeVarint32() (x uint32, err error) {
+ i := b.Pos
+ buf := b.Buf
+
+ if i >= len(buf) {
+ return 0, io.ErrUnexpectedEOF
+ } else if buf[i] < 0x80 {
+ b.Pos++
+ return uint32(buf[i]), nil
+ } else if len(buf)-i < 5 {
+ v, err := b.DecodeVarintSlow()
+ return uint32(v), err
+ }
+
+ var v uint32
+ // we already checked the first byte
+ x = uint32(buf[i]) & 127
+ i++
+
+ v = uint32(buf[i])
+ i++
+ x |= (v & 127) << 7
+ if v < 128 {
+ goto done
+ }
+
+ v = uint32(buf[i])
+ i++
+ x |= (v & 127) << 14
+ if v < 128 {
+ goto done
+ }
+
+ v = uint32(buf[i])
+ i++
+ x |= (v & 127) << 21
+ if v < 128 {
+ goto done
+ }
+
+ v = uint32(buf[i])
+ i++
+ x |= (v & 127) << 28
+ if v < 128 {
+ goto done
+ }
+
+ return 0, errOverflow
+
+done:
+ b.Pos = i
+ return
+}
+
+// skipValue skips a value in the protobuf, based on the specified tag
+func (b *BufferReader) SkipValue(tag uint32) (err error) {
+ wireType := tag & 0x7
+ switch protowire.Type(wireType) {
+ case protowire.VarintType:
+ err = b.SkipVarint()
+ case protowire.Fixed64Type:
+ err = b.SkipFixed64()
+ case protowire.BytesType:
+ var n uint32
+ n, err = b.DecodeVarint32()
+ if err == nil {
+ err = b.Skip(int(n))
+ }
+ case protowire.StartGroupType:
+ err = b.SkipGroup(tag)
+ case protowire.Fixed32Type:
+ err = b.SkipFixed32()
+ default:
+ err = fmt.Errorf("Unexpected wire type (%d)", wireType)
+ }
+ return
+}
+
+// skipGroup skips a group with the specified tag. It executes efficiently using a tag stack
+func (b *BufferReader) SkipGroup(tag uint32) (err error) {
+ tagStack := make([]uint32, 0, 16)
+ tagStack = append(tagStack, tag)
+ var n uint32
+ for len(tagStack) > 0 {
+ tag, err = b.DecodeVarint32()
+ if err != nil {
+ return err
+ }
+ switch protowire.Type(tag & 0x7) {
+ case protowire.VarintType:
+ err = b.SkipVarint()
+ case protowire.Fixed64Type:
+ err = b.Skip(8)
+ case protowire.BytesType:
+ n, err = b.DecodeVarint32()
+ if err == nil {
+ err = b.Skip(int(n))
+ }
+ case protowire.StartGroupType:
+ tagStack = append(tagStack, tag)
+ case protowire.Fixed32Type:
+ err = b.SkipFixed32()
+ case protowire.EndGroupType:
+ if protoFieldNumber(tagStack[len(tagStack)-1]) == protoFieldNumber(tag) {
+ tagStack = tagStack[:len(tagStack)-1]
+ } else {
+ err = fmt.Errorf("end group tag %d does not match begin group tag %d at pos %d",
+ protoFieldNumber(tag), protoFieldNumber(tagStack[len(tagStack)-1]), b.Pos)
+ }
+ }
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// skipVarint effiently skips a varint
+func (b *BufferReader) SkipVarint() (err error) {
+ i := b.Pos
+
+ if len(b.Buf)-i < 10 {
+ // Use DecodeVarintSlow() to check for buffer overflow, but ignore result
+ if _, err := b.DecodeVarintSlow(); err != nil {
+ return err
+ }
+ return nil
+ }
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if b.Buf[i] < 0x80 {
+ goto out
+ }
+ return errOverflow
+
+out:
+ b.Pos = i + 1
+ return nil
+}
+
+// skip skips the specified number of bytes
+func (b *BufferReader) Skip(n int) (err error) {
+ if len(b.Buf) < b.Pos+n {
+ return io.ErrUnexpectedEOF
+ }
+ b.Pos += n
+ return
+}
+
+// skipFixed64 skips a fixed64
+func (b *BufferReader) SkipFixed64() (err error) {
+ return b.Skip(8)
+}
+
+// skipFixed32 skips a fixed32
+func (b *BufferReader) SkipFixed32() (err error) {
+ return b.Skip(4)
+}
+
+// skipBytes skips a set of bytes
+func (b *BufferReader) SkipBytes() (err error) {
+ n, err := b.DecodeVarint32()
+ if err != nil {
+ return err
+ }
+ return b.Skip(int(n))
+}
+
+// Done returns whether we are at the end of the protobuf
+func (b *BufferReader) Done() bool {
+ return b.Pos == len(b.Buf)
+}
+
+// Remaining returns how many bytes remain
+func (b *BufferReader) Remaining() int {
+ return len(b.Buf) - b.Pos
+}
diff --git a/vendor/google.golang.org/protobuf/internal/protolazy/lazy.go b/vendor/google.golang.org/protobuf/internal/protolazy/lazy.go
new file mode 100644
index 0000000000..ff4d4834bb
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/protolazy/lazy.go
@@ -0,0 +1,359 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package protolazy contains internal data structures for lazy message decoding.
+package protolazy
+
+import (
+ "fmt"
+ "sort"
+
+ "google.golang.org/protobuf/encoding/protowire"
+ piface "google.golang.org/protobuf/runtime/protoiface"
+)
+
+// IndexEntry is the structure for an index of the fields in a message of a
+// proto (not descending to sub-messages)
+type IndexEntry struct {
+ FieldNum uint32
+ // first byte of this tag/field
+ Start uint32
+ // first byte after a contiguous sequence of bytes for this tag/field, which could
+ // include a single encoding of the field, or multiple encodings for the field
+ End uint32
+ // True if this protobuf segment includes multiple encodings of the field
+ MultipleContiguous bool
+}
+
+// XXX_lazyUnmarshalInfo has information about a particular lazily decoded message
+//
+// Deprecated: Do not use. This will be deleted in the near future.
+type XXX_lazyUnmarshalInfo struct {
+ // Index of fields and their positions in the protobuf for this
+ // message. Make index be a pointer to a slice so it can be updated
+ // atomically. The index pointer is only set once (lazily when/if
+ // the index is first needed), and must always be SET and LOADED
+ // ATOMICALLY.
+ index *[]IndexEntry
+ // The protobuf associated with this lazily decoded message. It is
+ // only set during proto.Unmarshal(). It doesn't need to be set and
+ // loaded atomically, since any simultaneous set (Unmarshal) and read
+ // (during a get) would already be a race in the app code.
+ Protobuf []byte
+ // The flags present when Unmarshal was originally called for this particular message
+ unmarshalFlags piface.UnmarshalInputFlags
+}
+
+// The Buffer and SetBuffer methods let v2/internal/impl interact with
+// XXX_lazyUnmarshalInfo via an interface, to avoid an import cycle.
+
+// Buffer returns the lazy unmarshal buffer.
+//
+// Deprecated: Do not use. This will be deleted in the near future.
+func (lazy *XXX_lazyUnmarshalInfo) Buffer() []byte {
+ return lazy.Protobuf
+}
+
+// SetBuffer sets the lazy unmarshal buffer.
+//
+// Deprecated: Do not use. This will be deleted in the near future.
+func (lazy *XXX_lazyUnmarshalInfo) SetBuffer(b []byte) {
+ lazy.Protobuf = b
+}
+
+// SetUnmarshalFlags is called to set a copy of the original unmarshalInputFlags.
+// The flags should reflect how Unmarshal was called.
+func (lazy *XXX_lazyUnmarshalInfo) SetUnmarshalFlags(f piface.UnmarshalInputFlags) {
+ lazy.unmarshalFlags = f
+}
+
+// UnmarshalFlags returns the original unmarshalInputFlags.
+func (lazy *XXX_lazyUnmarshalInfo) UnmarshalFlags() piface.UnmarshalInputFlags {
+ return lazy.unmarshalFlags
+}
+
+// AllowedPartial returns true if the user originally unmarshalled this message with
+// AllowPartial set to true
+func (lazy *XXX_lazyUnmarshalInfo) AllowedPartial() bool {
+ return (lazy.unmarshalFlags & piface.UnmarshalCheckRequired) == 0
+}
+
+func protoFieldNumber(tag uint32) uint32 {
+ return tag >> 3
+}
+
+// buildIndex builds an index of the specified protobuf, return the index
+// array and an error.
+func buildIndex(buf []byte) ([]IndexEntry, error) {
+ index := make([]IndexEntry, 0, 16)
+ var lastProtoFieldNum uint32
+ var outOfOrder bool
+
+ var r BufferReader = NewBufferReader(buf)
+
+ for !r.Done() {
+ var tag uint32
+ var err error
+ var curPos = r.Pos
+ // INLINED: tag, err = r.DecodeVarint32()
+ {
+ i := r.Pos
+ buf := r.Buf
+
+ if i >= len(buf) {
+ return nil, errOutOfBounds
+ } else if buf[i] < 0x80 {
+ r.Pos++
+ tag = uint32(buf[i])
+ } else if r.Remaining() < 5 {
+ var v uint64
+ v, err = r.DecodeVarintSlow()
+ tag = uint32(v)
+ } else {
+ var v uint32
+ // we already checked the first byte
+ tag = uint32(buf[i]) & 127
+ i++
+
+ v = uint32(buf[i])
+ i++
+ tag |= (v & 127) << 7
+ if v < 128 {
+ goto done
+ }
+
+ v = uint32(buf[i])
+ i++
+ tag |= (v & 127) << 14
+ if v < 128 {
+ goto done
+ }
+
+ v = uint32(buf[i])
+ i++
+ tag |= (v & 127) << 21
+ if v < 128 {
+ goto done
+ }
+
+ v = uint32(buf[i])
+ i++
+ tag |= (v & 127) << 28
+ if v < 128 {
+ goto done
+ }
+
+ return nil, errOutOfBounds
+
+ done:
+ r.Pos = i
+ }
+ }
+ // DONE: tag, err = r.DecodeVarint32()
+
+ fieldNum := protoFieldNumber(tag)
+ if fieldNum < lastProtoFieldNum {
+ outOfOrder = true
+ }
+
+ // Skip the current value -- will skip over an entire group as well.
+ // INLINED: err = r.SkipValue(tag)
+ wireType := tag & 0x7
+ switch protowire.Type(wireType) {
+ case protowire.VarintType:
+ // INLINED: err = r.SkipVarint()
+ i := r.Pos
+
+ if len(r.Buf)-i < 10 {
+ // Use DecodeVarintSlow() to skip while
+ // checking for buffer overflow, but ignore result
+ _, err = r.DecodeVarintSlow()
+ goto out2
+ }
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ i++
+
+ if r.Buf[i] < 0x80 {
+ goto out
+ }
+ return nil, errOverflow
+ out:
+ r.Pos = i + 1
+ // DONE: err = r.SkipVarint()
+ case protowire.Fixed64Type:
+ err = r.SkipFixed64()
+ case protowire.BytesType:
+ var n uint32
+ n, err = r.DecodeVarint32()
+ if err == nil {
+ err = r.Skip(int(n))
+ }
+ case protowire.StartGroupType:
+ err = r.SkipGroup(tag)
+ case protowire.Fixed32Type:
+ err = r.SkipFixed32()
+ default:
+ err = fmt.Errorf("Unexpected wire type (%d)", wireType)
+ }
+ // DONE: err = r.SkipValue(tag)
+
+ out2:
+ if err != nil {
+ return nil, err
+ }
+ if fieldNum != lastProtoFieldNum {
+ index = append(index, IndexEntry{FieldNum: fieldNum,
+ Start: uint32(curPos),
+ End: uint32(r.Pos)},
+ )
+ } else {
+ index[len(index)-1].End = uint32(r.Pos)
+ index[len(index)-1].MultipleContiguous = true
+ }
+ lastProtoFieldNum = fieldNum
+ }
+ if outOfOrder {
+ sort.Slice(index, func(i, j int) bool {
+ return index[i].FieldNum < index[j].FieldNum ||
+ (index[i].FieldNum == index[j].FieldNum &&
+ index[i].Start < index[j].Start)
+ })
+ }
+ return index, nil
+}
+
+func (lazy *XXX_lazyUnmarshalInfo) SizeField(num uint32) (size int) {
+ start, end, found, _, multipleEntries := lazy.FindFieldInProto(num)
+ if multipleEntries != nil {
+ for _, entry := range multipleEntries {
+ size += int(entry.End - entry.Start)
+ }
+ return size
+ }
+ if !found {
+ return 0
+ }
+ return int(end - start)
+}
+
+func (lazy *XXX_lazyUnmarshalInfo) AppendField(b []byte, num uint32) ([]byte, bool) {
+ start, end, found, _, multipleEntries := lazy.FindFieldInProto(num)
+ if multipleEntries != nil {
+ for _, entry := range multipleEntries {
+ b = append(b, lazy.Protobuf[entry.Start:entry.End]...)
+ }
+ return b, true
+ }
+ if !found {
+ return nil, false
+ }
+ b = append(b, lazy.Protobuf[start:end]...)
+ return b, true
+}
+
+func (lazy *XXX_lazyUnmarshalInfo) SetIndex(index []IndexEntry) {
+ atomicStoreIndex(&lazy.index, &index)
+}
+
+// FindFieldInProto looks for field fieldNum in lazyUnmarshalInfo information
+// (including protobuf), returns startOffset/endOffset/found.
+func (lazy *XXX_lazyUnmarshalInfo) FindFieldInProto(fieldNum uint32) (start, end uint32, found, multipleContiguous bool, multipleEntries []IndexEntry) {
+ if lazy.Protobuf == nil {
+ // There is no backing protobuf for this message -- it was made from a builder
+ return 0, 0, false, false, nil
+ }
+ index := atomicLoadIndex(&lazy.index)
+ if index == nil {
+ r, err := buildIndex(lazy.Protobuf)
+ if err != nil {
+ panic(fmt.Sprintf("findFieldInfo: error building index when looking for field %d: %v", fieldNum, err))
+ }
+ // lazy.index is a pointer to the slice returned by BuildIndex
+ index = &r
+ atomicStoreIndex(&lazy.index, index)
+ }
+ return lookupField(index, fieldNum)
+}
+
+// lookupField returns the offset at which the indicated field starts using
+// the index, offset immediately after field ends (including all instances of
+// a repeated field), and bools indicating if field was found and if there
+// are multiple encodings of the field in the byte range.
+//
+// To hande the uncommon case where there are repeated encodings for the same
+// field which are not consecutive in the protobuf (so we need to returns
+// multiple start/end offsets), we also return a slice multipleEntries. If
+// multipleEntries is non-nil, then multiple entries were found, and the
+// values in the slice should be used, rather than start/end/found.
+func lookupField(indexp *[]IndexEntry, fieldNum uint32) (start, end uint32, found bool, multipleContiguous bool, multipleEntries []IndexEntry) {
+ // The pointer indexp to the index was already loaded atomically.
+ // The slice is uniquely associated with the pointer, so it doesn't
+ // need to be loaded atomically.
+ index := *indexp
+ for i, entry := range index {
+ if fieldNum == entry.FieldNum {
+ if i < len(index)-1 && entry.FieldNum == index[i+1].FieldNum {
+ // Handle the uncommon case where there are
+ // repeated entries for the same field which
+ // are not contiguous in the protobuf.
+ multiple := make([]IndexEntry, 1, 2)
+ multiple[0] = IndexEntry{fieldNum, entry.Start, entry.End, entry.MultipleContiguous}
+ i++
+ for i < len(index) && index[i].FieldNum == fieldNum {
+ multiple = append(multiple, IndexEntry{fieldNum, index[i].Start, index[i].End, index[i].MultipleContiguous})
+ i++
+ }
+ return 0, 0, false, false, multiple
+
+ }
+ return entry.Start, entry.End, true, entry.MultipleContiguous, nil
+ }
+ if fieldNum < entry.FieldNum {
+ return 0, 0, false, false, nil
+ }
+ }
+ return 0, 0, false, false, nil
+}
diff --git a/vendor/google.golang.org/protobuf/internal/protolazy/pointer_unsafe.go b/vendor/google.golang.org/protobuf/internal/protolazy/pointer_unsafe.go
new file mode 100644
index 0000000000..dc2a64ca64
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/protolazy/pointer_unsafe.go
@@ -0,0 +1,17 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package protolazy
+
+import (
+ "sync/atomic"
+ "unsafe"
+)
+
+func atomicLoadIndex(p **[]IndexEntry) *[]IndexEntry {
+ return (*[]IndexEntry)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
+}
+func atomicStoreIndex(p **[]IndexEntry, v *[]IndexEntry) {
+ atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
+}
diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go
similarity index 99%
rename from vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go
rename to vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go
index 1ffddf6877..42dd6f70c6 100644
--- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go
+++ b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go
@@ -2,8 +2,6 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build go1.21
-
package strs
import (
diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go
deleted file mode 100644
index 832a7988f1..0000000000
--- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go
+++ /dev/null
@@ -1,94 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.21
-
-package strs
-
-import (
- "unsafe"
-
- "google.golang.org/protobuf/reflect/protoreflect"
-)
-
-type (
- stringHeader struct {
- Data unsafe.Pointer
- Len int
- }
- sliceHeader struct {
- Data unsafe.Pointer
- Len int
- Cap int
- }
-)
-
-// UnsafeString returns an unsafe string reference of b.
-// The caller must treat the input slice as immutable.
-//
-// WARNING: Use carefully. The returned result must not leak to the end user
-// unless the input slice is provably immutable.
-func UnsafeString(b []byte) (s string) {
- src := (*sliceHeader)(unsafe.Pointer(&b))
- dst := (*stringHeader)(unsafe.Pointer(&s))
- dst.Data = src.Data
- dst.Len = src.Len
- return s
-}
-
-// UnsafeBytes returns an unsafe bytes slice reference of s.
-// The caller must treat returned slice as immutable.
-//
-// WARNING: Use carefully. The returned result must not leak to the end user.
-func UnsafeBytes(s string) (b []byte) {
- src := (*stringHeader)(unsafe.Pointer(&s))
- dst := (*sliceHeader)(unsafe.Pointer(&b))
- dst.Data = src.Data
- dst.Len = src.Len
- dst.Cap = src.Len
- return b
-}
-
-// Builder builds a set of strings with shared lifetime.
-// This differs from strings.Builder, which is for building a single string.
-type Builder struct {
- buf []byte
-}
-
-// AppendFullName is equivalent to protoreflect.FullName.Append,
-// but optimized for large batches where each name has a shared lifetime.
-func (sb *Builder) AppendFullName(prefix protoreflect.FullName, name protoreflect.Name) protoreflect.FullName {
- n := len(prefix) + len(".") + len(name)
- if len(prefix) == 0 {
- n -= len(".")
- }
- sb.grow(n)
- sb.buf = append(sb.buf, prefix...)
- sb.buf = append(sb.buf, '.')
- sb.buf = append(sb.buf, name...)
- return protoreflect.FullName(sb.last(n))
-}
-
-// MakeString is equivalent to string(b), but optimized for large batches
-// with a shared lifetime.
-func (sb *Builder) MakeString(b []byte) string {
- sb.grow(len(b))
- sb.buf = append(sb.buf, b...)
- return sb.last(len(b))
-}
-
-func (sb *Builder) grow(n int) {
- if cap(sb.buf)-len(sb.buf) >= n {
- return
- }
-
- // Unlike strings.Builder, we do not need to copy over the contents
- // of the old buffer since our builder provides no API for
- // retrieving previously created strings.
- sb.buf = make([]byte, 0, 2*(cap(sb.buf)+n))
-}
-
-func (sb *Builder) last(n int) string {
- return UnsafeString(sb.buf[len(sb.buf)-n:])
-}
diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go
index 62a52a40a3..aac1cb18a7 100644
--- a/vendor/google.golang.org/protobuf/internal/version/version.go
+++ b/vendor/google.golang.org/protobuf/internal/version/version.go
@@ -51,8 +51,8 @@ import (
// 10. Send out the CL for review and submit it.
const (
Major = 1
- Minor = 35
- Patch = 2
+ Minor = 36
+ Patch = 6
PreRelease = ""
)
diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go
index d75a6534c1..4cbf1aeaf7 100644
--- a/vendor/google.golang.org/protobuf/proto/decode.go
+++ b/vendor/google.golang.org/protobuf/proto/decode.go
@@ -8,7 +8,6 @@ import (
"google.golang.org/protobuf/encoding/protowire"
"google.golang.org/protobuf/internal/encoding/messageset"
"google.golang.org/protobuf/internal/errors"
- "google.golang.org/protobuf/internal/flags"
"google.golang.org/protobuf/internal/genid"
"google.golang.org/protobuf/internal/pragma"
"google.golang.org/protobuf/reflect/protoreflect"
@@ -47,6 +46,12 @@ type UnmarshalOptions struct {
// RecursionLimit limits how deeply messages may be nested.
// If zero, a default limit is applied.
RecursionLimit int
+
+ //
+ // NoLazyDecoding turns off lazy decoding, which otherwise is enabled by
+ // default. Lazy decoding only affects submessages (annotated with [lazy =
+ // true] in the .proto file) within messages that use the Opaque API.
+ NoLazyDecoding bool
}
// Unmarshal parses the wire-format message in b and places the result in m.
@@ -104,6 +109,16 @@ func (o UnmarshalOptions) unmarshal(b []byte, m protoreflect.Message) (out proto
if o.DiscardUnknown {
in.Flags |= protoiface.UnmarshalDiscardUnknown
}
+
+ if !allowPartial {
+ // This does not affect how current unmarshal functions work, it just allows them
+ // to record this for lazy the decoding case.
+ in.Flags |= protoiface.UnmarshalCheckRequired
+ }
+ if o.NoLazyDecoding {
+ in.Flags |= protoiface.UnmarshalNoLazyDecoding
+ }
+
out, err = methods.Unmarshal(in)
} else {
o.RecursionLimit--
@@ -156,10 +171,6 @@ func (o UnmarshalOptions) unmarshalMessageSlow(b []byte, m protoreflect.Message)
var err error
if fd == nil {
err = errUnknown
- } else if flags.ProtoLegacy {
- if fd.IsWeak() && fd.Message().IsPlaceholder() {
- err = errUnknown // weak referent is not linked in
- }
}
// Parse the field value.
diff --git a/vendor/google.golang.org/protobuf/proto/encode.go b/vendor/google.golang.org/protobuf/proto/encode.go
index 1f847bcc35..f0473c5869 100644
--- a/vendor/google.golang.org/protobuf/proto/encode.go
+++ b/vendor/google.golang.org/protobuf/proto/encode.go
@@ -63,7 +63,8 @@ type MarshalOptions struct {
// options (except for UseCachedSize itself).
//
// 2. The message and all its submessages have not changed in any
- // way since the Size call.
+ // way since the Size call. For lazily decoded messages, accessing
+ // a message results in decoding the message, which is a change.
//
// If either of these invariants is violated,
// the results are undefined and may include panics or corrupted output.
diff --git a/vendor/google.golang.org/protobuf/proto/merge.go b/vendor/google.golang.org/protobuf/proto/merge.go
index 3c6fe57807..ef55b97dde 100644
--- a/vendor/google.golang.org/protobuf/proto/merge.go
+++ b/vendor/google.golang.org/protobuf/proto/merge.go
@@ -59,6 +59,12 @@ func Clone(m Message) Message {
return dst.Interface()
}
+// CloneOf returns a deep copy of m. If the top-level message is invalid,
+// it returns an invalid message as well.
+func CloneOf[M Message](m M) M {
+ return Clone(m).(M)
+}
+
// mergeOptions provides a namespace for merge functions, and can be
// exported in the future if we add user-visible merge options.
type mergeOptions struct{}
diff --git a/vendor/google.golang.org/protobuf/proto/size.go b/vendor/google.golang.org/protobuf/proto/size.go
index 052fb5ae31..c8675806c6 100644
--- a/vendor/google.golang.org/protobuf/proto/size.go
+++ b/vendor/google.golang.org/protobuf/proto/size.go
@@ -12,11 +12,19 @@ import (
)
// Size returns the size in bytes of the wire-format encoding of m.
+//
+// Note that Size might return more bytes than Marshal will write in the case of
+// lazily decoded messages that arrive in non-minimal wire format: see
+// https://protobuf.dev/reference/go/size/ for more details.
func Size(m Message) int {
return MarshalOptions{}.Size(m)
}
// Size returns the size in bytes of the wire-format encoding of m.
+//
+// Note that Size might return more bytes than Marshal will write in the case of
+// lazily decoded messages that arrive in non-minimal wire format: see
+// https://protobuf.dev/reference/go/size/ for more details.
func (o MarshalOptions) Size(m Message) int {
// Treat a nil message interface as an empty message; nothing to output.
if m == nil {
diff --git a/vendor/google.golang.org/protobuf/proto/wrapperopaque.go b/vendor/google.golang.org/protobuf/proto/wrapperopaque.go
new file mode 100644
index 0000000000..267fd0f1f6
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/proto/wrapperopaque.go
@@ -0,0 +1,80 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proto
+
+// ValueOrNil returns nil if has is false, or a pointer to a new variable
+// containing the value returned by the specified getter.
+//
+// This function is similar to the wrappers (proto.Int32(), proto.String(),
+// etc.), but is generic (works for any field type) and works with the hasser
+// and getter of a field, as opposed to a value.
+//
+// This is convenient when populating builder fields.
+//
+// Example:
+//
+// hop := attr.GetDirectHop()
+// injectedRoute := ripb.InjectedRoute_builder{
+// Prefixes: route.GetPrefixes(),
+// NextHop: proto.ValueOrNil(hop.HasAddress(), hop.GetAddress),
+// }
+func ValueOrNil[T any](has bool, getter func() T) *T {
+ if !has {
+ return nil
+ }
+ v := getter()
+ return &v
+}
+
+// ValueOrDefault returns the protobuf message val if val is not nil, otherwise
+// it returns a pointer to an empty val message.
+//
+// This function allows for translating code from the old Open Struct API to the
+// new Opaque API.
+//
+// The old Open Struct API represented oneof fields with a wrapper struct:
+//
+// var signedImg *accountpb.SignedImage
+// profile := &accountpb.Profile{
+// // The Avatar oneof will be set, with an empty SignedImage.
+// Avatar: &accountpb.Profile_SignedImage{signedImg},
+// }
+//
+// The new Opaque API treats oneof fields like regular fields, there are no more
+// wrapper structs:
+//
+// var signedImg *accountpb.SignedImage
+// profile := &accountpb.Profile{}
+// profile.SetSignedImage(signedImg)
+//
+// For convenience, the Opaque API also offers Builders, which allow for a
+// direct translation of struct initialization. However, because Builders use
+// nilness to represent field presence (but there is no non-nil wrapper struct
+// anymore), Builders cannot distinguish between an unset oneof and a set oneof
+// with nil message. The above code would need to be translated with help of the
+// ValueOrDefault function to retain the same behavior:
+//
+// var signedImg *accountpb.SignedImage
+// return &accountpb.Profile_builder{
+// SignedImage: proto.ValueOrDefault(signedImg),
+// }.Build()
+func ValueOrDefault[T interface {
+ *P
+ Message
+}, P any](val T) T {
+ if val == nil {
+ return T(new(P))
+ }
+ return val
+}
+
+// ValueOrDefaultBytes is like ValueOrDefault but for working with fields of
+// type []byte.
+func ValueOrDefaultBytes(val []byte) []byte {
+ if val == nil {
+ return []byte{}
+ }
+ return val
+}
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go
index 69a0505091..823dbf3ba6 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go
@@ -132,17 +132,11 @@ func (o FileOptions) New(fd *descriptorpb.FileDescriptorProto, r Resolver) (prot
}
f.L2.Imports[i].IsPublic = true
}
- for _, i := range fd.GetWeakDependency() {
- if !(0 <= i && int(i) < len(f.L2.Imports)) || f.L2.Imports[i].IsWeak {
- return nil, errors.New("invalid or duplicate weak import index: %d", i)
- }
- f.L2.Imports[i].IsWeak = true
- }
imps := importSet{f.Path(): true}
for i, path := range fd.GetDependency() {
imp := &f.L2.Imports[i]
f, err := r.FindFileByPath(path)
- if err == protoregistry.NotFound && (o.AllowUnresolvable || imp.IsWeak) {
+ if err == protoregistry.NotFound && o.AllowUnresolvable {
f = filedesc.PlaceholderFile(path)
} else if err != nil {
return nil, errors.New("could not resolve import %q: %v", path, err)
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
index ebcb4a8ab1..9da34998b1 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
@@ -149,7 +149,6 @@ func (r descsByName) initFieldsFromDescriptorProto(fds []*descriptorpb.FieldDesc
if opts := fd.GetOptions(); opts != nil {
opts = proto.Clone(opts).(*descriptorpb.FieldOptions)
f.L1.Options = func() protoreflect.ProtoMessage { return opts }
- f.L1.IsWeak = opts.GetWeak()
f.L1.IsLazy = opts.GetLazy()
if opts.Packed != nil {
f.L1.EditionFeatures.IsPacked = opts.GetPacked()
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go
index f3cebab29c..ff692436e9 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go
@@ -43,7 +43,7 @@ func (r *resolver) resolveMessageDependencies(ms []filedesc.Message, mds []*desc
o.L1.Fields.List = append(o.L1.Fields.List, f)
}
- if f.L1.Kind, f.L1.Enum, f.L1.Message, err = r.findTarget(f.Kind(), f.Parent().FullName(), partialName(fd.GetTypeName()), f.IsWeak()); err != nil {
+ if f.L1.Kind, f.L1.Enum, f.L1.Message, err = r.findTarget(f.Kind(), f.Parent().FullName(), partialName(fd.GetTypeName())); err != nil {
return errors.New("message field %q cannot resolve type: %v", f.FullName(), err)
}
if f.L1.Kind == protoreflect.GroupKind && (f.IsMap() || f.IsMapEntry()) {
@@ -73,10 +73,10 @@ func (r *resolver) resolveMessageDependencies(ms []filedesc.Message, mds []*desc
func (r *resolver) resolveExtensionDependencies(xs []filedesc.Extension, xds []*descriptorpb.FieldDescriptorProto) (err error) {
for i, xd := range xds {
x := &xs[i]
- if x.L1.Extendee, err = r.findMessageDescriptor(x.Parent().FullName(), partialName(xd.GetExtendee()), false); err != nil {
+ if x.L1.Extendee, err = r.findMessageDescriptor(x.Parent().FullName(), partialName(xd.GetExtendee())); err != nil {
return errors.New("extension field %q cannot resolve extendee: %v", x.FullName(), err)
}
- if x.L1.Kind, x.L2.Enum, x.L2.Message, err = r.findTarget(x.Kind(), x.Parent().FullName(), partialName(xd.GetTypeName()), false); err != nil {
+ if x.L1.Kind, x.L2.Enum, x.L2.Message, err = r.findTarget(x.Kind(), x.Parent().FullName(), partialName(xd.GetTypeName())); err != nil {
return errors.New("extension field %q cannot resolve type: %v", x.FullName(), err)
}
if xd.DefaultValue != nil {
@@ -95,11 +95,11 @@ func (r *resolver) resolveServiceDependencies(ss []filedesc.Service, sds []*desc
s := &ss[i]
for j, md := range sd.GetMethod() {
m := &s.L2.Methods.List[j]
- m.L1.Input, err = r.findMessageDescriptor(m.Parent().FullName(), partialName(md.GetInputType()), false)
+ m.L1.Input, err = r.findMessageDescriptor(m.Parent().FullName(), partialName(md.GetInputType()))
if err != nil {
return errors.New("service method %q cannot resolve input: %v", m.FullName(), err)
}
- m.L1.Output, err = r.findMessageDescriptor(s.FullName(), partialName(md.GetOutputType()), false)
+ m.L1.Output, err = r.findMessageDescriptor(s.FullName(), partialName(md.GetOutputType()))
if err != nil {
return errors.New("service method %q cannot resolve output: %v", m.FullName(), err)
}
@@ -111,16 +111,16 @@ func (r *resolver) resolveServiceDependencies(ss []filedesc.Service, sds []*desc
// findTarget finds an enum or message descriptor if k is an enum, message,
// group, or unknown. If unknown, and the name could be resolved, the kind
// returned kind is set based on the type of the resolved descriptor.
-func (r *resolver) findTarget(k protoreflect.Kind, scope protoreflect.FullName, ref partialName, isWeak bool) (protoreflect.Kind, protoreflect.EnumDescriptor, protoreflect.MessageDescriptor, error) {
+func (r *resolver) findTarget(k protoreflect.Kind, scope protoreflect.FullName, ref partialName) (protoreflect.Kind, protoreflect.EnumDescriptor, protoreflect.MessageDescriptor, error) {
switch k {
case protoreflect.EnumKind:
- ed, err := r.findEnumDescriptor(scope, ref, isWeak)
+ ed, err := r.findEnumDescriptor(scope, ref)
if err != nil {
return 0, nil, nil, err
}
return k, ed, nil, nil
case protoreflect.MessageKind, protoreflect.GroupKind:
- md, err := r.findMessageDescriptor(scope, ref, isWeak)
+ md, err := r.findMessageDescriptor(scope, ref)
if err != nil {
return 0, nil, nil, err
}
@@ -129,7 +129,7 @@ func (r *resolver) findTarget(k protoreflect.Kind, scope protoreflect.FullName,
// Handle unspecified kinds (possible with parsers that operate
// on a per-file basis without knowledge of dependencies).
d, err := r.findDescriptor(scope, ref)
- if err == protoregistry.NotFound && (r.allowUnresolvable || isWeak) {
+ if err == protoregistry.NotFound && r.allowUnresolvable {
return k, filedesc.PlaceholderEnum(ref.FullName()), filedesc.PlaceholderMessage(ref.FullName()), nil
} else if err == protoregistry.NotFound {
return 0, nil, nil, errors.New("%q not found", ref.FullName())
@@ -206,9 +206,9 @@ func (r *resolver) findDescriptor(scope protoreflect.FullName, ref partialName)
}
}
-func (r *resolver) findEnumDescriptor(scope protoreflect.FullName, ref partialName, isWeak bool) (protoreflect.EnumDescriptor, error) {
+func (r *resolver) findEnumDescriptor(scope protoreflect.FullName, ref partialName) (protoreflect.EnumDescriptor, error) {
d, err := r.findDescriptor(scope, ref)
- if err == protoregistry.NotFound && (r.allowUnresolvable || isWeak) {
+ if err == protoregistry.NotFound && r.allowUnresolvable {
return filedesc.PlaceholderEnum(ref.FullName()), nil
} else if err == protoregistry.NotFound {
return nil, errors.New("%q not found", ref.FullName())
@@ -222,9 +222,9 @@ func (r *resolver) findEnumDescriptor(scope protoreflect.FullName, ref partialNa
return ed, nil
}
-func (r *resolver) findMessageDescriptor(scope protoreflect.FullName, ref partialName, isWeak bool) (protoreflect.MessageDescriptor, error) {
+func (r *resolver) findMessageDescriptor(scope protoreflect.FullName, ref partialName) (protoreflect.MessageDescriptor, error) {
d, err := r.findDescriptor(scope, ref)
- if err == protoregistry.NotFound && (r.allowUnresolvable || isWeak) {
+ if err == protoregistry.NotFound && r.allowUnresolvable {
return filedesc.PlaceholderMessage(ref.FullName()), nil
} else if err == protoregistry.NotFound {
return nil, errors.New("%q not found", ref.FullName())
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go
index 6de31c2ebd..c343d9227b 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go
@@ -149,12 +149,6 @@ func validateMessageDeclarations(file *filedesc.File, ms []filedesc.Message, mds
return errors.New("message field %q under proto3 optional semantics must be within a single element oneof", f.FullName())
}
}
- if f.IsWeak() && !flags.ProtoLegacy {
- return errors.New("message field %q is a weak field, which is a legacy proto1 feature that is no longer supported", f.FullName())
- }
- if f.IsWeak() && (!f.HasPresence() || !isOptionalMessage(f) || f.ContainingOneof() != nil) {
- return errors.New("message field %q may only be weak for an optional message", f.FullName())
- }
if f.IsPacked() && !isPackable(f) {
return errors.New("message field %q is not packable", f.FullName())
}
@@ -199,9 +193,6 @@ func validateMessageDeclarations(file *filedesc.File, ms []filedesc.Message, mds
if f.Cardinality() != protoreflect.Optional {
return errors.New("message field %q belongs in a oneof and must be optional", f.FullName())
}
- if f.IsWeak() {
- return errors.New("message field %q belongs in a oneof and must not be a weak reference", f.FullName())
- }
}
}
@@ -254,9 +245,6 @@ func validateExtensionDeclarations(f *filedesc.File, xs []filedesc.Extension, xd
return errors.New("extension field %q has an invalid number: %d", x.FullName(), x.Number())
}
}
- if xd.GetOptions().GetWeak() {
- return errors.New("extension field %q cannot be a weak reference", x.FullName())
- }
if x.IsPacked() && !isPackable(x) {
return errors.New("extension field %q is not packable", x.FullName())
}
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go b/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go
index d0aeab9585..697a61b290 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go
@@ -11,6 +11,7 @@ import (
"google.golang.org/protobuf/internal/editiondefaults"
"google.golang.org/protobuf/internal/filedesc"
+ "google.golang.org/protobuf/internal/genid"
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/reflect/protoreflect"
"google.golang.org/protobuf/types/descriptorpb"
@@ -125,13 +126,43 @@ func mergeEditionFeatures(parentDesc protoreflect.Descriptor, child *descriptorp
parentFS.IsJSONCompliant = *jf == descriptorpb.FeatureSet_ALLOW
}
- if goFeatures, ok := proto.GetExtension(child, gofeaturespb.E_Go).(*gofeaturespb.GoFeatures); ok && goFeatures != nil {
- if luje := goFeatures.LegacyUnmarshalJsonEnum; luje != nil {
- parentFS.GenerateLegacyUnmarshalJSON = *luje
- }
- if sep := goFeatures.StripEnumPrefix; sep != nil {
- parentFS.StripEnumPrefix = int(*sep)
- }
+ // We must not use proto.GetExtension(child, gofeaturespb.E_Go)
+ // because that only works for messages we generated, but not for
+ // dynamicpb messages. See golang/protobuf#1669.
+ //
+ // Further, we harden this code against adversarial inputs: a
+ // service which accepts descriptors from a possibly malicious
+ // source shouldn't crash.
+ goFeatures := child.ProtoReflect().Get(gofeaturespb.E_Go.TypeDescriptor())
+ if !goFeatures.IsValid() {
+ return parentFS
+ }
+ gf, ok := goFeatures.Interface().(protoreflect.Message)
+ if !ok {
+ return parentFS
+ }
+ // gf.Interface() could be *dynamicpb.Message or *gofeaturespb.GoFeatures.
+ fields := gf.Descriptor().Fields()
+
+ if fd := fields.ByNumber(genid.GoFeatures_LegacyUnmarshalJsonEnum_field_number); fd != nil &&
+ !fd.IsList() &&
+ fd.Kind() == protoreflect.BoolKind &&
+ gf.Has(fd) {
+ parentFS.GenerateLegacyUnmarshalJSON = gf.Get(fd).Bool()
+ }
+
+ if fd := fields.ByNumber(genid.GoFeatures_StripEnumPrefix_field_number); fd != nil &&
+ !fd.IsList() &&
+ fd.Kind() == protoreflect.EnumKind &&
+ gf.Has(fd) {
+ parentFS.StripEnumPrefix = int(gf.Get(fd).Enum())
+ }
+
+ if fd := fields.ByNumber(genid.GoFeatures_ApiLevel_field_number); fd != nil &&
+ !fd.IsList() &&
+ fd.Kind() == protoreflect.EnumKind &&
+ gf.Has(fd) {
+ parentFS.APILevel = int(gf.Get(fd).Enum())
}
return parentFS
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go b/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go
index a5de8d4001..9b880aa8c9 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go
@@ -32,9 +32,6 @@ func ToFileDescriptorProto(file protoreflect.FileDescriptor) *descriptorpb.FileD
if imp.IsPublic {
p.PublicDependency = append(p.PublicDependency, int32(i))
}
- if imp.IsWeak {
- p.WeakDependency = append(p.WeakDependency, int32(i))
- }
}
for i, locs := 0, file.SourceLocations(); i < locs.Len(); i++ {
loc := locs.Get(i)
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
index ea154eec44..a4a0a2971d 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
@@ -398,6 +398,8 @@ func (p *SourcePath) appendFeatureSet(b []byte) []byte {
b = p.appendSingularField(b, "message_encoding", nil)
case 6:
b = p.appendSingularField(b, "json_format", nil)
+ case 7:
+ b = p.appendSingularField(b, "enforce_naming_style", nil)
}
return b
}
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go
index cd8fadbaf8..cd7fbc87a4 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go
@@ -68,7 +68,7 @@ type Descriptor interface {
// dependency is not resolved, in which case only name information is known.
//
// Placeholder types may only be returned by the following accessors
- // as a result of unresolved dependencies or weak imports:
+ // as a result of unresolved dependencies:
//
// ╔═══════════════════════════════════╤═════════════════════╗
// ║ Accessor │ Descriptor ║
@@ -168,11 +168,7 @@ type FileImport struct {
// The current file and the imported file must be within proto package.
IsPublic bool
- // IsWeak reports whether this is a weak import, which does not impose
- // a direct dependency on the target file.
- //
- // Weak imports are a legacy proto1 feature. Equivalent behavior is
- // achieved using proto2 extension fields or proto3 Any messages.
+ // Deprecated: support for weak fields has been removed.
IsWeak bool
}
@@ -325,9 +321,7 @@ type FieldDescriptor interface {
// specified in the source .proto file.
HasOptionalKeyword() bool
- // IsWeak reports whether this is a weak field, which does not impose a
- // direct dependency on the target type.
- // If true, then Message returns a placeholder type.
+ // Deprecated: support for weak fields has been removed.
IsWeak() bool
// IsPacked reports whether repeated primitive numeric kinds should be
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go
index a7b0d06ff3..a4b78acef6 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go
@@ -152,7 +152,7 @@ type Message interface {
// This method may return nil.
//
// The returned methods type is identical to
- // google.golang.org/protobuf/runtime/protoiface.Methods.
+ // [google.golang.org/protobuf/runtime/protoiface.Methods].
// Consult the protoiface package documentation for details.
ProtoMethods() *methods
}
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go
similarity index 99%
rename from vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go
rename to vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go
index 479527b58d..fe17f37220 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go
@@ -2,8 +2,6 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build go1.21
-
package protoreflect
import (
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go
deleted file mode 100644
index 0015fcb35d..0000000000
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go
+++ /dev/null
@@ -1,98 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.21
-
-package protoreflect
-
-import (
- "unsafe"
-
- "google.golang.org/protobuf/internal/pragma"
-)
-
-type (
- stringHeader struct {
- Data unsafe.Pointer
- Len int
- }
- sliceHeader struct {
- Data unsafe.Pointer
- Len int
- Cap int
- }
- ifaceHeader struct {
- Type unsafe.Pointer
- Data unsafe.Pointer
- }
-)
-
-var (
- nilType = typeOf(nil)
- boolType = typeOf(*new(bool))
- int32Type = typeOf(*new(int32))
- int64Type = typeOf(*new(int64))
- uint32Type = typeOf(*new(uint32))
- uint64Type = typeOf(*new(uint64))
- float32Type = typeOf(*new(float32))
- float64Type = typeOf(*new(float64))
- stringType = typeOf(*new(string))
- bytesType = typeOf(*new([]byte))
- enumType = typeOf(*new(EnumNumber))
-)
-
-// typeOf returns a pointer to the Go type information.
-// The pointer is comparable and equal if and only if the types are identical.
-func typeOf(t any) unsafe.Pointer {
- return (*ifaceHeader)(unsafe.Pointer(&t)).Type
-}
-
-// value is a union where only one type can be represented at a time.
-// The struct is 24B large on 64-bit systems and requires the minimum storage
-// necessary to represent each possible type.
-//
-// The Go GC needs to be able to scan variables containing pointers.
-// As such, pointers and non-pointers cannot be intermixed.
-type value struct {
- pragma.DoNotCompare // 0B
-
- // typ stores the type of the value as a pointer to the Go type.
- typ unsafe.Pointer // 8B
-
- // ptr stores the data pointer for a String, Bytes, or interface value.
- ptr unsafe.Pointer // 8B
-
- // num stores a Bool, Int32, Int64, Uint32, Uint64, Float32, Float64, or
- // Enum value as a raw uint64.
- //
- // It is also used to store the length of a String or Bytes value;
- // the capacity is ignored.
- num uint64 // 8B
-}
-
-func valueOfString(v string) Value {
- p := (*stringHeader)(unsafe.Pointer(&v))
- return Value{typ: stringType, ptr: p.Data, num: uint64(len(v))}
-}
-func valueOfBytes(v []byte) Value {
- p := (*sliceHeader)(unsafe.Pointer(&v))
- return Value{typ: bytesType, ptr: p.Data, num: uint64(len(v))}
-}
-func valueOfIface(v any) Value {
- p := (*ifaceHeader)(unsafe.Pointer(&v))
- return Value{typ: p.Type, ptr: p.Data}
-}
-
-func (v Value) getString() (x string) {
- *(*stringHeader)(unsafe.Pointer(&x)) = stringHeader{Data: v.ptr, Len: int(v.num)}
- return x
-}
-func (v Value) getBytes() (x []byte) {
- *(*sliceHeader)(unsafe.Pointer(&x)) = sliceHeader{Data: v.ptr, Len: int(v.num), Cap: int(v.num)}
- return x
-}
-func (v Value) getIface() (x any) {
- *(*ifaceHeader)(unsafe.Pointer(&x)) = ifaceHeader{Type: v.typ, Data: v.ptr}
- return x
-}
diff --git a/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go b/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go
index 246156561c..28e9e9f039 100644
--- a/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go
+++ b/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go
@@ -122,6 +122,22 @@ type UnmarshalInputFlags = uint8
const (
UnmarshalDiscardUnknown UnmarshalInputFlags = 1 << iota
+
+ // UnmarshalAliasBuffer permits unmarshal operations to alias the input buffer.
+ // The unmarshaller must not modify the contents of the buffer.
+ UnmarshalAliasBuffer
+
+ // UnmarshalValidated indicates that validation has already been
+ // performed on the input buffer.
+ UnmarshalValidated
+
+ // UnmarshalCheckRequired is set if this unmarshal operation ultimately will care if required fields are
+ // initialized.
+ UnmarshalCheckRequired
+
+ // UnmarshalNoLazyDecoding is set if this unmarshal operation should not use
+ // lazy decoding, even when otherwise available.
+ UnmarshalNoLazyDecoding
)
// UnmarshalOutputFlags are output from the Unmarshal method.
diff --git a/vendor/google.golang.org/protobuf/runtime/protoimpl/impl.go b/vendor/google.golang.org/protobuf/runtime/protoimpl/impl.go
index 4a1ab7fb3d..93df1b569b 100644
--- a/vendor/google.golang.org/protobuf/runtime/protoimpl/impl.go
+++ b/vendor/google.golang.org/protobuf/runtime/protoimpl/impl.go
@@ -15,6 +15,7 @@ import (
"google.golang.org/protobuf/internal/filedesc"
"google.golang.org/protobuf/internal/filetype"
"google.golang.org/protobuf/internal/impl"
+ "google.golang.org/protobuf/internal/protolazy"
)
// UnsafeEnabled specifies whether package unsafe can be used.
@@ -39,6 +40,9 @@ type (
ExtensionFieldV1 = impl.ExtensionField
Pointer = impl.Pointer
+
+ LazyUnmarshalInfo = *protolazy.XXX_lazyUnmarshalInfo
+ RaceDetectHookData = impl.RaceDetectHookData
)
var X impl.Export
diff --git a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
index 6dea75cd5b..7fe280f194 100644
--- a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
+++ b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
@@ -46,6 +46,7 @@ import (
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
+ unsafe "unsafe"
)
// The full set of known editions.
@@ -69,7 +70,7 @@ const (
Edition_EDITION_2023 Edition = 1000
Edition_EDITION_2024 Edition = 1001
// Placeholder editions for testing feature resolution. These should not be
- // used or relyed on outside of tests.
+ // used or relied on outside of tests.
Edition_EDITION_1_TEST_ONLY Edition = 1
Edition_EDITION_2_TEST_ONLY Edition = 2
Edition_EDITION_99997_TEST_ONLY Edition = 99997
@@ -577,8 +578,6 @@ func (FieldOptions_JSType) EnumDescriptor() ([]byte, []int) {
}
// If set to RETENTION_SOURCE, the option will be omitted from the binary.
-// Note: as of January 2023, support for this is in progress and does not yet
-// have an effect (b/264593489).
type FieldOptions_OptionRetention int32
const (
@@ -640,8 +639,7 @@ func (FieldOptions_OptionRetention) EnumDescriptor() ([]byte, []int) {
// This indicates the types of entities that the field may apply to when used
// as an option. If it is unset, then the field may be freely used as an
-// option on any kind of entity. Note: as of January 2023, support for this is
-// in progress and does not yet have an effect (b/264593489).
+// option on any kind of entity.
type FieldOptions_OptionTargetType int32
const (
@@ -1141,6 +1139,65 @@ func (FeatureSet_JsonFormat) EnumDescriptor() ([]byte, []int) {
return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19, 5}
}
+type FeatureSet_EnforceNamingStyle int32
+
+const (
+ FeatureSet_ENFORCE_NAMING_STYLE_UNKNOWN FeatureSet_EnforceNamingStyle = 0
+ FeatureSet_STYLE2024 FeatureSet_EnforceNamingStyle = 1
+ FeatureSet_STYLE_LEGACY FeatureSet_EnforceNamingStyle = 2
+)
+
+// Enum value maps for FeatureSet_EnforceNamingStyle.
+var (
+ FeatureSet_EnforceNamingStyle_name = map[int32]string{
+ 0: "ENFORCE_NAMING_STYLE_UNKNOWN",
+ 1: "STYLE2024",
+ 2: "STYLE_LEGACY",
+ }
+ FeatureSet_EnforceNamingStyle_value = map[string]int32{
+ "ENFORCE_NAMING_STYLE_UNKNOWN": 0,
+ "STYLE2024": 1,
+ "STYLE_LEGACY": 2,
+ }
+)
+
+func (x FeatureSet_EnforceNamingStyle) Enum() *FeatureSet_EnforceNamingStyle {
+ p := new(FeatureSet_EnforceNamingStyle)
+ *p = x
+ return p
+}
+
+func (x FeatureSet_EnforceNamingStyle) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FeatureSet_EnforceNamingStyle) Descriptor() protoreflect.EnumDescriptor {
+ return file_google_protobuf_descriptor_proto_enumTypes[16].Descriptor()
+}
+
+func (FeatureSet_EnforceNamingStyle) Type() protoreflect.EnumType {
+ return &file_google_protobuf_descriptor_proto_enumTypes[16]
+}
+
+func (x FeatureSet_EnforceNamingStyle) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *FeatureSet_EnforceNamingStyle) UnmarshalJSON(b []byte) error {
+ num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+ if err != nil {
+ return err
+ }
+ *x = FeatureSet_EnforceNamingStyle(num)
+ return nil
+}
+
+// Deprecated: Use FeatureSet_EnforceNamingStyle.Descriptor instead.
+func (FeatureSet_EnforceNamingStyle) EnumDescriptor() ([]byte, []int) {
+ return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19, 6}
+}
+
// Represents the identified object's effect on the element in the original
// .proto file.
type GeneratedCodeInfo_Annotation_Semantic int32
@@ -1179,11 +1236,11 @@ func (x GeneratedCodeInfo_Annotation_Semantic) String() string {
}
func (GeneratedCodeInfo_Annotation_Semantic) Descriptor() protoreflect.EnumDescriptor {
- return file_google_protobuf_descriptor_proto_enumTypes[16].Descriptor()
+ return file_google_protobuf_descriptor_proto_enumTypes[17].Descriptor()
}
func (GeneratedCodeInfo_Annotation_Semantic) Type() protoreflect.EnumType {
- return &file_google_protobuf_descriptor_proto_enumTypes[16]
+ return &file_google_protobuf_descriptor_proto_enumTypes[17]
}
func (x GeneratedCodeInfo_Annotation_Semantic) Number() protoreflect.EnumNumber {
@@ -1208,11 +1265,11 @@ func (GeneratedCodeInfo_Annotation_Semantic) EnumDescriptor() ([]byte, []int) {
// The protocol compiler can output a FileDescriptorSet containing the .proto
// files it parses.
type FileDescriptorSet struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
- File []*FileDescriptorProto `protobuf:"bytes,1,rep,name=file" json:"file,omitempty"`
+ state protoimpl.MessageState `protogen:"open.v1"`
+ File []*FileDescriptorProto `protobuf:"bytes,1,rep,name=file" json:"file,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *FileDescriptorSet) Reset() {
@@ -1254,12 +1311,9 @@ func (x *FileDescriptorSet) GetFile() []*FileDescriptorProto {
// Describes a complete .proto file.
type FileDescriptorProto struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
- Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` // file name, relative to root of source tree
- Package *string `protobuf:"bytes,2,opt,name=package" json:"package,omitempty"` // e.g. "foo", "foo.bar", etc.
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` // file name, relative to root of source tree
+ Package *string `protobuf:"bytes,2,opt,name=package" json:"package,omitempty"` // e.g. "foo", "foo.bar", etc.
// Names of files imported by this file.
Dependency []string `protobuf:"bytes,3,rep,name=dependency" json:"dependency,omitempty"`
// Indexes of the public imported files in the dependency list above.
@@ -1282,9 +1336,17 @@ type FileDescriptorProto struct {
// The supported values are "proto2", "proto3", and "editions".
//
// If `edition` is present, this value must be "editions".
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
Syntax *string `protobuf:"bytes,12,opt,name=syntax" json:"syntax,omitempty"`
// The edition of the proto file.
- Edition *Edition `protobuf:"varint,14,opt,name=edition,enum=google.protobuf.Edition" json:"edition,omitempty"`
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
+ Edition *Edition `protobuf:"varint,14,opt,name=edition,enum=google.protobuf.Edition" json:"edition,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *FileDescriptorProto) Reset() {
@@ -1410,10 +1472,7 @@ func (x *FileDescriptorProto) GetEdition() Edition {
// Describes a message type.
type DescriptorProto struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
Field []*FieldDescriptorProto `protobuf:"bytes,2,rep,name=field" json:"field,omitempty"`
Extension []*FieldDescriptorProto `protobuf:"bytes,6,rep,name=extension" json:"extension,omitempty"`
@@ -1425,7 +1484,9 @@ type DescriptorProto struct {
ReservedRange []*DescriptorProto_ReservedRange `protobuf:"bytes,9,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"`
// Reserved field names, which may not be used by fields in the same message.
// A given name may only be reserved once.
- ReservedName []string `protobuf:"bytes,10,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
+ ReservedName []string `protobuf:"bytes,10,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *DescriptorProto) Reset() {
@@ -1529,11 +1590,7 @@ func (x *DescriptorProto) GetReservedName() []string {
}
type ExtensionRangeOptions struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// The parser stores options it doesn't recognize here. See above.
UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
// For external users: DO NOT USE. We are in the process of open sourcing
@@ -1545,7 +1602,10 @@ type ExtensionRangeOptions struct {
// The verification state of the range.
// TODO: flip the default to DECLARATION once all empty ranges
// are marked as UNVERIFIED.
- Verification *ExtensionRangeOptions_VerificationState `protobuf:"varint,3,opt,name=verification,enum=google.protobuf.ExtensionRangeOptions_VerificationState,def=1" json:"verification,omitempty"`
+ Verification *ExtensionRangeOptions_VerificationState `protobuf:"varint,3,opt,name=verification,enum=google.protobuf.ExtensionRangeOptions_VerificationState,def=1" json:"verification,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Default values for ExtensionRangeOptions fields.
@@ -1613,10 +1673,7 @@ func (x *ExtensionRangeOptions) GetVerification() ExtensionRangeOptions_Verifica
// Describes a field within a message.
type FieldDescriptorProto struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
Number *int32 `protobuf:"varint,3,opt,name=number" json:"number,omitempty"`
Label *FieldDescriptorProto_Label `protobuf:"varint,4,opt,name=label,enum=google.protobuf.FieldDescriptorProto_Label" json:"label,omitempty"`
@@ -1668,6 +1725,8 @@ type FieldDescriptorProto struct {
// Proto2 optional fields do not set this flag, because they already indicate
// optional with `LABEL_OPTIONAL`.
Proto3Optional *bool `protobuf:"varint,17,opt,name=proto3_optional,json=proto3Optional" json:"proto3_optional,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *FieldDescriptorProto) Reset() {
@@ -1779,12 +1838,11 @@ func (x *FieldDescriptorProto) GetProto3Optional() bool {
// Describes a oneof.
type OneofDescriptorProto struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+ Options *OneofOptions `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"`
unknownFields protoimpl.UnknownFields
-
- Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
- Options *OneofOptions `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"`
+ sizeCache protoimpl.SizeCache
}
func (x *OneofDescriptorProto) Reset() {
@@ -1833,10 +1891,7 @@ func (x *OneofDescriptorProto) GetOptions() *OneofOptions {
// Describes an enum type.
type EnumDescriptorProto struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
Value []*EnumValueDescriptorProto `protobuf:"bytes,2,rep,name=value" json:"value,omitempty"`
Options *EnumOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
@@ -1846,7 +1901,9 @@ type EnumDescriptorProto struct {
ReservedRange []*EnumDescriptorProto_EnumReservedRange `protobuf:"bytes,4,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"`
// Reserved enum value names, which may not be reused. A given name may only
// be reserved once.
- ReservedName []string `protobuf:"bytes,5,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
+ ReservedName []string `protobuf:"bytes,5,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *EnumDescriptorProto) Reset() {
@@ -1916,13 +1973,12 @@ func (x *EnumDescriptorProto) GetReservedName() []string {
// Describes a value within an enum.
type EnumValueDescriptorProto struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+ Number *int32 `protobuf:"varint,2,opt,name=number" json:"number,omitempty"`
+ Options *EnumValueOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
unknownFields protoimpl.UnknownFields
-
- Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
- Number *int32 `protobuf:"varint,2,opt,name=number" json:"number,omitempty"`
- Options *EnumValueOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+ sizeCache protoimpl.SizeCache
}
func (x *EnumValueDescriptorProto) Reset() {
@@ -1978,13 +2034,12 @@ func (x *EnumValueDescriptorProto) GetOptions() *EnumValueOptions {
// Describes a service.
type ServiceDescriptorProto struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+ Method []*MethodDescriptorProto `protobuf:"bytes,2,rep,name=method" json:"method,omitempty"`
+ Options *ServiceOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
unknownFields protoimpl.UnknownFields
-
- Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
- Method []*MethodDescriptorProto `protobuf:"bytes,2,rep,name=method" json:"method,omitempty"`
- Options *ServiceOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+ sizeCache protoimpl.SizeCache
}
func (x *ServiceDescriptorProto) Reset() {
@@ -2040,11 +2095,8 @@ func (x *ServiceDescriptorProto) GetOptions() *ServiceOptions {
// Describes a method of a service.
type MethodDescriptorProto struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
- Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
// Input and output type names. These are resolved in the same way as
// FieldDescriptorProto.type_name, but must refer to a message type.
InputType *string `protobuf:"bytes,2,opt,name=input_type,json=inputType" json:"input_type,omitempty"`
@@ -2054,6 +2106,8 @@ type MethodDescriptorProto struct {
ClientStreaming *bool `protobuf:"varint,5,opt,name=client_streaming,json=clientStreaming,def=0" json:"client_streaming,omitempty"`
// Identifies if server streams multiple server messages
ServerStreaming *bool `protobuf:"varint,6,opt,name=server_streaming,json=serverStreaming,def=0" json:"server_streaming,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Default values for MethodDescriptorProto fields.
@@ -2135,11 +2189,7 @@ func (x *MethodDescriptorProto) GetServerStreaming() bool {
}
type FileOptions struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Sets the Java package where classes generated from this .proto will be
// placed. By default, the proto package is used, but this is often
// inappropriate because proto packages do not normally start with backwards
@@ -2227,10 +2277,16 @@ type FileOptions struct {
// determining the ruby package.
RubyPackage *string `protobuf:"bytes,45,opt,name=ruby_package,json=rubyPackage" json:"ruby_package,omitempty"`
// Any features defined in the specific edition.
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
Features *FeatureSet `protobuf:"bytes,50,opt,name=features" json:"features,omitempty"`
// The parser stores options it doesn't recognize here.
// See the documentation for the "Options" section above.
UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Default values for FileOptions fields.
@@ -2424,11 +2480,7 @@ func (x *FileOptions) GetUninterpretedOption() []*UninterpretedOption {
}
type MessageOptions struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Set true to use the old proto1 MessageSet wire format for extensions.
// This is provided for backwards-compatibility with the MessageSet wire
// format. You should not use this for any other reason: It's less
@@ -2498,9 +2550,15 @@ type MessageOptions struct {
// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
DeprecatedLegacyJsonFieldConflicts *bool `protobuf:"varint,11,opt,name=deprecated_legacy_json_field_conflicts,json=deprecatedLegacyJsonFieldConflicts" json:"deprecated_legacy_json_field_conflicts,omitempty"`
// Any features defined in the specific edition.
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
Features *FeatureSet `protobuf:"bytes,12,opt,name=features" json:"features,omitempty"`
// The parser stores options it doesn't recognize here. See above.
UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Default values for MessageOptions fields.
@@ -2591,17 +2649,14 @@ func (x *MessageOptions) GetUninterpretedOption() []*UninterpretedOption {
}
type FieldOptions struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // NOTE: ctype is deprecated. Use `features.(pb.cpp).string_type` instead.
// The ctype option instructs the C++ code generator to use a different
// representation of the field than it normally would. See the specific
// options below. This option is only implemented to support use of
// [ctype=CORD] and [ctype=STRING] (the default) on non-repeated fields of
- // type "bytes" in the open source release -- sorry, we'll try to include
- // other types in a future version!
+ // type "bytes" in the open source release.
+ // TODO: make ctype actually deprecated.
Ctype *FieldOptions_CType `protobuf:"varint,1,opt,name=ctype,enum=google.protobuf.FieldOptions_CType,def=0" json:"ctype,omitempty"`
// The packed option can be enabled for repeated primitive fields to enable
// a more efficient representation on the wire. Rather than repeatedly
@@ -2664,10 +2719,16 @@ type FieldOptions struct {
Targets []FieldOptions_OptionTargetType `protobuf:"varint,19,rep,name=targets,enum=google.protobuf.FieldOptions_OptionTargetType" json:"targets,omitempty"`
EditionDefaults []*FieldOptions_EditionDefault `protobuf:"bytes,20,rep,name=edition_defaults,json=editionDefaults" json:"edition_defaults,omitempty"`
// Any features defined in the specific edition.
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
Features *FeatureSet `protobuf:"bytes,21,opt,name=features" json:"features,omitempty"`
FeatureSupport *FieldOptions_FeatureSupport `protobuf:"bytes,22,opt,name=feature_support,json=featureSupport" json:"feature_support,omitempty"`
// The parser stores options it doesn't recognize here. See above.
UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Default values for FieldOptions fields.
@@ -2810,15 +2871,17 @@ func (x *FieldOptions) GetUninterpretedOption() []*UninterpretedOption {
}
type OneofOptions struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Any features defined in the specific edition.
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
Features *FeatureSet `protobuf:"bytes,1,opt,name=features" json:"features,omitempty"`
// The parser stores options it doesn't recognize here. See above.
UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *OneofOptions) Reset() {
@@ -2866,11 +2929,7 @@ func (x *OneofOptions) GetUninterpretedOption() []*UninterpretedOption {
}
type EnumOptions struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Set this option to true to allow mapping different tag names to the same
// value.
AllowAlias *bool `protobuf:"varint,2,opt,name=allow_alias,json=allowAlias" json:"allow_alias,omitempty"`
@@ -2889,9 +2948,15 @@ type EnumOptions struct {
// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
DeprecatedLegacyJsonFieldConflicts *bool `protobuf:"varint,6,opt,name=deprecated_legacy_json_field_conflicts,json=deprecatedLegacyJsonFieldConflicts" json:"deprecated_legacy_json_field_conflicts,omitempty"`
// Any features defined in the specific edition.
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
Features *FeatureSet `protobuf:"bytes,7,opt,name=features" json:"features,omitempty"`
// The parser stores options it doesn't recognize here. See above.
UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Default values for EnumOptions fields.
@@ -2966,17 +3031,16 @@ func (x *EnumOptions) GetUninterpretedOption() []*UninterpretedOption {
}
type EnumValueOptions struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Is this enum value deprecated?
// Depending on the target platform, this can emit Deprecated annotations
// for the enum value, or it will be completely ignored; in the very least,
// this is a formalization for deprecating enum values.
Deprecated *bool `protobuf:"varint,1,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
// Any features defined in the specific edition.
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
Features *FeatureSet `protobuf:"bytes,2,opt,name=features" json:"features,omitempty"`
// Indicate that fields annotated with this enum value should not be printed
// out when using debug formats, e.g. when the field contains sensitive
@@ -2986,6 +3050,9 @@ type EnumValueOptions struct {
FeatureSupport *FieldOptions_FeatureSupport `protobuf:"bytes,4,opt,name=feature_support,json=featureSupport" json:"feature_support,omitempty"`
// The parser stores options it doesn't recognize here. See above.
UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Default values for EnumValueOptions fields.
@@ -3060,12 +3127,11 @@ func (x *EnumValueOptions) GetUninterpretedOption() []*UninterpretedOption {
}
type ServiceOptions struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Any features defined in the specific edition.
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
Features *FeatureSet `protobuf:"bytes,34,opt,name=features" json:"features,omitempty"`
// Is this service deprecated?
// Depending on the target platform, this can emit Deprecated annotations
@@ -3074,6 +3140,9 @@ type ServiceOptions struct {
Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
// The parser stores options it doesn't recognize here. See above.
UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Default values for ServiceOptions fields.
@@ -3133,11 +3202,7 @@ func (x *ServiceOptions) GetUninterpretedOption() []*UninterpretedOption {
}
type MethodOptions struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Is this method deprecated?
// Depending on the target platform, this can emit Deprecated annotations
// for the method, or it will be completely ignored; in the very least,
@@ -3145,9 +3210,15 @@ type MethodOptions struct {
Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
IdempotencyLevel *MethodOptions_IdempotencyLevel `protobuf:"varint,34,opt,name=idempotency_level,json=idempotencyLevel,enum=google.protobuf.MethodOptions_IdempotencyLevel,def=0" json:"idempotency_level,omitempty"`
// Any features defined in the specific edition.
+ // WARNING: This field should only be used by protobuf plugins or special
+ // cases like the proto compiler. Other uses are discouraged and
+ // developers should rely on the protoreflect APIs for their client language.
Features *FeatureSet `protobuf:"bytes,35,opt,name=features" json:"features,omitempty"`
// The parser stores options it doesn't recognize here. See above.
UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Default values for MethodOptions fields.
@@ -3221,11 +3292,8 @@ func (x *MethodOptions) GetUninterpretedOption() []*UninterpretedOption {
// or produced by Descriptor::CopyTo()) will never have UninterpretedOptions
// in them.
type UninterpretedOption struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
- Name []*UninterpretedOption_NamePart `protobuf:"bytes,2,rep,name=name" json:"name,omitempty"`
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Name []*UninterpretedOption_NamePart `protobuf:"bytes,2,rep,name=name" json:"name,omitempty"`
// The value of the uninterpreted option, in whatever type the tokenizer
// identified it as during parsing. Exactly one of these should be set.
IdentifierValue *string `protobuf:"bytes,3,opt,name=identifier_value,json=identifierValue" json:"identifier_value,omitempty"`
@@ -3234,6 +3302,8 @@ type UninterpretedOption struct {
DoubleValue *float64 `protobuf:"fixed64,6,opt,name=double_value,json=doubleValue" json:"double_value,omitempty"`
StringValue []byte `protobuf:"bytes,7,opt,name=string_value,json=stringValue" json:"string_value,omitempty"`
AggregateValue *string `protobuf:"bytes,8,opt,name=aggregate_value,json=aggregateValue" json:"aggregate_value,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *UninterpretedOption) Reset() {
@@ -3322,17 +3392,17 @@ func (x *UninterpretedOption) GetAggregateValue() string {
// be designed and implemented to handle this, hopefully before we ever hit a
// conflict here.
type FeatureSet struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
- extensionFields protoimpl.ExtensionFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
FieldPresence *FeatureSet_FieldPresence `protobuf:"varint,1,opt,name=field_presence,json=fieldPresence,enum=google.protobuf.FeatureSet_FieldPresence" json:"field_presence,omitempty"`
EnumType *FeatureSet_EnumType `protobuf:"varint,2,opt,name=enum_type,json=enumType,enum=google.protobuf.FeatureSet_EnumType" json:"enum_type,omitempty"`
RepeatedFieldEncoding *FeatureSet_RepeatedFieldEncoding `protobuf:"varint,3,opt,name=repeated_field_encoding,json=repeatedFieldEncoding,enum=google.protobuf.FeatureSet_RepeatedFieldEncoding" json:"repeated_field_encoding,omitempty"`
Utf8Validation *FeatureSet_Utf8Validation `protobuf:"varint,4,opt,name=utf8_validation,json=utf8Validation,enum=google.protobuf.FeatureSet_Utf8Validation" json:"utf8_validation,omitempty"`
MessageEncoding *FeatureSet_MessageEncoding `protobuf:"varint,5,opt,name=message_encoding,json=messageEncoding,enum=google.protobuf.FeatureSet_MessageEncoding" json:"message_encoding,omitempty"`
JsonFormat *FeatureSet_JsonFormat `protobuf:"varint,6,opt,name=json_format,json=jsonFormat,enum=google.protobuf.FeatureSet_JsonFormat" json:"json_format,omitempty"`
+ EnforceNamingStyle *FeatureSet_EnforceNamingStyle `protobuf:"varint,7,opt,name=enforce_naming_style,json=enforceNamingStyle,enum=google.protobuf.FeatureSet_EnforceNamingStyle" json:"enforce_naming_style,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *FeatureSet) Reset() {
@@ -3407,15 +3477,19 @@ func (x *FeatureSet) GetJsonFormat() FeatureSet_JsonFormat {
return FeatureSet_JSON_FORMAT_UNKNOWN
}
+func (x *FeatureSet) GetEnforceNamingStyle() FeatureSet_EnforceNamingStyle {
+ if x != nil && x.EnforceNamingStyle != nil {
+ return *x.EnforceNamingStyle
+ }
+ return FeatureSet_ENFORCE_NAMING_STYLE_UNKNOWN
+}
+
// A compiled specification for the defaults of a set of features. These
// messages are generated from FeatureSet extensions and can be used to seed
// feature resolution. The resolution with this object becomes a simple search
// for the closest matching edition, followed by proto merges.
type FeatureSetDefaults struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
Defaults []*FeatureSetDefaults_FeatureSetEditionDefault `protobuf:"bytes,1,rep,name=defaults" json:"defaults,omitempty"`
// The minimum supported edition (inclusive) when this was constructed.
// Editions before this will not have defaults.
@@ -3423,6 +3497,8 @@ type FeatureSetDefaults struct {
// The maximum known edition (inclusive) when this was constructed. Editions
// after this will not have reliable defaults.
MaximumEdition *Edition `protobuf:"varint,5,opt,name=maximum_edition,json=maximumEdition,enum=google.protobuf.Edition" json:"maximum_edition,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *FeatureSetDefaults) Reset() {
@@ -3479,10 +3555,7 @@ func (x *FeatureSetDefaults) GetMaximumEdition() Edition {
// Encapsulates information about the original source file from which a
// FileDescriptorProto was generated.
type SourceCodeInfo struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// A Location identifies a piece of source code in a .proto file which
// corresponds to a particular definition. This information is intended
// to be useful to IDEs, code indexers, documentation generators, and similar
@@ -3531,7 +3604,10 @@ type SourceCodeInfo struct {
// - Code which tries to interpret locations should probably be designed to
// ignore those that it doesn't understand, as more types of locations could
// be recorded in the future.
- Location []*SourceCodeInfo_Location `protobuf:"bytes,1,rep,name=location" json:"location,omitempty"`
+ Location []*SourceCodeInfo_Location `protobuf:"bytes,1,rep,name=location" json:"location,omitempty"`
+ extensionFields protoimpl.ExtensionFields
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *SourceCodeInfo) Reset() {
@@ -3575,13 +3651,12 @@ func (x *SourceCodeInfo) GetLocation() []*SourceCodeInfo_Location {
// file. A GeneratedCodeInfo message is associated with only one generated
// source file, but may contain references to different source .proto files.
type GeneratedCodeInfo struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// An Annotation connects some span of text in generated code to an element
// of its generating .proto file.
- Annotation []*GeneratedCodeInfo_Annotation `protobuf:"bytes,1,rep,name=annotation" json:"annotation,omitempty"`
+ Annotation []*GeneratedCodeInfo_Annotation `protobuf:"bytes,1,rep,name=annotation" json:"annotation,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *GeneratedCodeInfo) Reset() {
@@ -3622,13 +3697,12 @@ func (x *GeneratedCodeInfo) GetAnnotation() []*GeneratedCodeInfo_Annotation {
}
type DescriptorProto_ExtensionRange struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive.
+ End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Exclusive.
+ Options *ExtensionRangeOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
unknownFields protoimpl.UnknownFields
-
- Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive.
- End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Exclusive.
- Options *ExtensionRangeOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+ sizeCache protoimpl.SizeCache
}
func (x *DescriptorProto_ExtensionRange) Reset() {
@@ -3686,12 +3760,11 @@ func (x *DescriptorProto_ExtensionRange) GetOptions() *ExtensionRangeOptions {
// fields or extension ranges in the same message. Reserved ranges may
// not overlap.
type DescriptorProto_ReservedRange struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive.
+ End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Exclusive.
unknownFields protoimpl.UnknownFields
-
- Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive.
- End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Exclusive.
+ sizeCache protoimpl.SizeCache
}
func (x *DescriptorProto_ReservedRange) Reset() {
@@ -3739,10 +3812,7 @@ func (x *DescriptorProto_ReservedRange) GetEnd() int32 {
}
type ExtensionRangeOptions_Declaration struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// The extension number declared within the extension range.
Number *int32 `protobuf:"varint,1,opt,name=number" json:"number,omitempty"`
// The fully-qualified name of the extension field. There must be a leading
@@ -3758,7 +3828,9 @@ type ExtensionRangeOptions_Declaration struct {
Reserved *bool `protobuf:"varint,5,opt,name=reserved" json:"reserved,omitempty"`
// If true, indicates that the extension must be defined as repeated.
// Otherwise the extension must be defined as optional.
- Repeated *bool `protobuf:"varint,6,opt,name=repeated" json:"repeated,omitempty"`
+ Repeated *bool `protobuf:"varint,6,opt,name=repeated" json:"repeated,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *ExtensionRangeOptions_Declaration) Reset() {
@@ -3833,12 +3905,11 @@ func (x *ExtensionRangeOptions_Declaration) GetRepeated() bool {
// is inclusive such that it can appropriately represent the entire int32
// domain.
type EnumDescriptorProto_EnumReservedRange struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive.
+ End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Inclusive.
unknownFields protoimpl.UnknownFields
-
- Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive.
- End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Inclusive.
+ sizeCache protoimpl.SizeCache
}
func (x *EnumDescriptorProto_EnumReservedRange) Reset() {
@@ -3886,12 +3957,11 @@ func (x *EnumDescriptorProto_EnumReservedRange) GetEnd() int32 {
}
type FieldOptions_EditionDefault struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Edition *Edition `protobuf:"varint,3,opt,name=edition,enum=google.protobuf.Edition" json:"edition,omitempty"`
+ Value *string `protobuf:"bytes,2,opt,name=value" json:"value,omitempty"` // Textproto value.
unknownFields protoimpl.UnknownFields
-
- Edition *Edition `protobuf:"varint,3,opt,name=edition,enum=google.protobuf.Edition" json:"edition,omitempty"`
- Value *string `protobuf:"bytes,2,opt,name=value" json:"value,omitempty"` // Textproto value.
+ sizeCache protoimpl.SizeCache
}
func (x *FieldOptions_EditionDefault) Reset() {
@@ -3940,10 +4010,7 @@ func (x *FieldOptions_EditionDefault) GetValue() string {
// Information about the support window of a feature.
type FieldOptions_FeatureSupport struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// The edition that this feature was first available in. In editions
// earlier than this one, the default assigned to EDITION_LEGACY will be
// used, and proto files will not be able to override it.
@@ -3958,6 +4025,8 @@ type FieldOptions_FeatureSupport struct {
// this one, the last default assigned will be used, and proto files will
// not be able to override it.
EditionRemoved *Edition `protobuf:"varint,4,opt,name=edition_removed,json=editionRemoved,enum=google.protobuf.Edition" json:"edition_removed,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *FieldOptions_FeatureSupport) Reset() {
@@ -4024,12 +4093,11 @@ func (x *FieldOptions_FeatureSupport) GetEditionRemoved() Edition {
// E.g.,{ ["foo", false], ["bar.baz", true], ["moo", false] } represents
// "foo.(bar.baz).moo".
type UninterpretedOption_NamePart struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
+ NamePart *string `protobuf:"bytes,1,req,name=name_part,json=namePart" json:"name_part,omitempty"`
+ IsExtension *bool `protobuf:"varint,2,req,name=is_extension,json=isExtension" json:"is_extension,omitempty"`
unknownFields protoimpl.UnknownFields
-
- NamePart *string `protobuf:"bytes,1,req,name=name_part,json=namePart" json:"name_part,omitempty"`
- IsExtension *bool `protobuf:"varint,2,req,name=is_extension,json=isExtension" json:"is_extension,omitempty"`
+ sizeCache protoimpl.SizeCache
}
func (x *UninterpretedOption_NamePart) Reset() {
@@ -4081,15 +4149,14 @@ func (x *UninterpretedOption_NamePart) GetIsExtension() bool {
// the defaults at the closest matching edition ordered at or before it should
// be used. This field must be in strict ascending order by edition.
type FeatureSetDefaults_FeatureSetEditionDefault struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
- Edition *Edition `protobuf:"varint,3,opt,name=edition,enum=google.protobuf.Edition" json:"edition,omitempty"`
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Edition *Edition `protobuf:"varint,3,opt,name=edition,enum=google.protobuf.Edition" json:"edition,omitempty"`
// Defaults of features that can be overridden in this edition.
OverridableFeatures *FeatureSet `protobuf:"bytes,4,opt,name=overridable_features,json=overridableFeatures" json:"overridable_features,omitempty"`
// Defaults of features that can't be overridden in this edition.
FixedFeatures *FeatureSet `protobuf:"bytes,5,opt,name=fixed_features,json=fixedFeatures" json:"fixed_features,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *FeatureSetDefaults_FeatureSetEditionDefault) Reset() {
@@ -4144,10 +4211,7 @@ func (x *FeatureSetDefaults_FeatureSetEditionDefault) GetFixedFeatures() *Featur
}
type SourceCodeInfo_Location struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Identifies which part of the FileDescriptorProto was defined at this
// location.
//
@@ -4239,6 +4303,8 @@ type SourceCodeInfo_Location struct {
LeadingComments *string `protobuf:"bytes,3,opt,name=leading_comments,json=leadingComments" json:"leading_comments,omitempty"`
TrailingComments *string `protobuf:"bytes,4,opt,name=trailing_comments,json=trailingComments" json:"trailing_comments,omitempty"`
LeadingDetachedComments []string `protobuf:"bytes,6,rep,name=leading_detached_comments,json=leadingDetachedComments" json:"leading_detached_comments,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *SourceCodeInfo_Location) Reset() {
@@ -4307,10 +4373,7 @@ func (x *SourceCodeInfo_Location) GetLeadingDetachedComments() []string {
}
type GeneratedCodeInfo_Annotation struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Identifies the element in the original source .proto file. This field
// is formatted the same as SourceCodeInfo.Location.path.
Path []int32 `protobuf:"varint,1,rep,packed,name=path" json:"path,omitempty"`
@@ -4322,8 +4385,10 @@ type GeneratedCodeInfo_Annotation struct {
// Identifies the ending offset in bytes in the generated code that
// relates to the identified object. The end offset should be one past
// the last relevant byte (so the length of the text = end - begin).
- End *int32 `protobuf:"varint,4,opt,name=end" json:"end,omitempty"`
- Semantic *GeneratedCodeInfo_Annotation_Semantic `protobuf:"varint,5,opt,name=semantic,enum=google.protobuf.GeneratedCodeInfo_Annotation_Semantic" json:"semantic,omitempty"`
+ End *int32 `protobuf:"varint,4,opt,name=end" json:"end,omitempty"`
+ Semantic *GeneratedCodeInfo_Annotation_Semantic `protobuf:"varint,5,opt,name=semantic,enum=google.protobuf.GeneratedCodeInfo_Annotation_Semantic" json:"semantic,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *GeneratedCodeInfo_Annotation) Reset() {
@@ -4393,789 +4458,381 @@ func (x *GeneratedCodeInfo_Annotation) GetSemantic() GeneratedCodeInfo_Annotatio
var File_google_protobuf_descriptor_proto protoreflect.FileDescriptor
-var file_google_protobuf_descriptor_proto_rawDesc = []byte{
- 0x0a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f,
- 0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x62, 0x75, 0x66, 0x22, 0x4d, 0x0a, 0x11, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72,
- 0x69, 0x70, 0x74, 0x6f, 0x72, 0x53, 0x65, 0x74, 0x12, 0x38, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65,
- 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73,
- 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x04, 0x66, 0x69,
- 0x6c, 0x65, 0x22, 0x98, 0x05, 0x0a, 0x13, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72,
- 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61,
- 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18,
- 0x0a, 0x07, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x07, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x65,
- 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x65,
- 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x2b, 0x0a, 0x11, 0x70, 0x75, 0x62, 0x6c,
- 0x69, 0x63, 0x5f, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x0a, 0x20,
- 0x03, 0x28, 0x05, 0x52, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x44, 0x65, 0x70, 0x65, 0x6e,
- 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x64, 0x65,
- 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x05, 0x52, 0x0e,
- 0x77, 0x65, 0x61, 0x6b, 0x44, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x43,
- 0x0a, 0x0c, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04,
- 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
- 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0b, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x54,
- 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65,
- 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73,
- 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x08, 0x65, 0x6e,
- 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
- 0x65, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
- 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
- 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
- 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x43, 0x0a, 0x09, 0x65, 0x78, 0x74,
- 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
- 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72,
- 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x36,
- 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32,
- 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
- 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x49, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
- 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b,
- 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
- 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66,
- 0x6f, 0x52, 0x0e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66,
- 0x6f, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28,
- 0x09, 0x52, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x12, 0x32, 0x0a, 0x07, 0x65, 0x64, 0x69,
- 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f,
- 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69,
- 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xb9, 0x06,
- 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74,
- 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3b, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x02,
- 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63,
- 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x66, 0x69, 0x65,
- 0x6c, 0x64, 0x12, 0x43, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18,
- 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
- 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73,
- 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x65, 0x78,
- 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0b, 0x6e, 0x65, 0x73, 0x74, 0x65,
- 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
- 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0a,
- 0x6e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e,
- 0x75, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
- 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72,
- 0x6f, 0x74, 0x6f, 0x52, 0x08, 0x65, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x58, 0x0a,
- 0x0f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65,
- 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
- 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69,
- 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69,
- 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x44, 0x0a, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66,
- 0x5f, 0x64, 0x65, 0x63, 0x6c, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e,
- 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f,
- 0x74, 0x6f, 0x52, 0x09, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x63, 0x6c, 0x12, 0x39, 0x0a,
- 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x2e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
- 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x55, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65,
- 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b,
- 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
- 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f,
- 0x74, 0x6f, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65,
- 0x52, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12,
- 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
- 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64,
- 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x7a, 0x0a, 0x0e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f,
- 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18,
- 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03,
- 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x40,
- 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
- 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65,
- 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
- 0x1a, 0x37, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67,
- 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05,
- 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02,
- 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0xcc, 0x04, 0x0a, 0x15, 0x45, 0x78,
- 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69,
- 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
- 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03,
- 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
- 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65,
- 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x59, 0x0a,
- 0x0b, 0x64, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x03,
- 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61,
- 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x44, 0x65, 0x63, 0x6c, 0x61,
- 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0x88, 0x01, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x63,
- 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74,
- 0x75, 0x72, 0x65, 0x73, 0x18, 0x32, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f,
- 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61,
- 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65,
- 0x73, 0x12, 0x6d, 0x0a, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
- 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
- 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73,
- 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
- 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74,
- 0x65, 0x3a, 0x0a, 0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x42, 0x03, 0x88,
- 0x01, 0x02, 0x52, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
- 0x1a, 0x94, 0x01, 0x0a, 0x0b, 0x44, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
- 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05,
- 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x6c, 0x6c,
- 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x75, 0x6c,
- 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20,
- 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73,
- 0x65, 0x72, 0x76, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73,
- 0x65, 0x72, 0x76, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65,
- 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65,
- 0x64, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x34, 0x0a, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66,
- 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, 0x0b,
- 0x44, 0x45, 0x43, 0x4c, 0x41, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0e, 0x0a,
- 0x0a, 0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x01, 0x2a, 0x09, 0x08,
- 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65,
- 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74,
- 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18,
- 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a,
- 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
- 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72,
- 0x6f, 0x74, 0x6f, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c,
- 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72,
- 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65,
- 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20,
- 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a,
- 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66,
- 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09,
- 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f,
- 0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20,
- 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12,
- 0x1b, 0x0a, 0x09, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01,
- 0x28, 0x09, 0x52, 0x08, 0x6a, 0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07,
- 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
- 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70,
- 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f,
- 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6,
- 0x02, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f,
- 0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45,
- 0x5f, 0x46, 0x4c, 0x4f, 0x41, 0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45,
- 0x5f, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45,
- 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50,
- 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50,
- 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54,
- 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a,
- 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b,
- 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a,
- 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a,
- 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12,
- 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12,
- 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d,
- 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12,
- 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32,
- 0x10, 0x0f, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45,
- 0x44, 0x36, 0x34, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49,
- 0x4e, 0x54, 0x33, 0x32, 0x10, 0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53,
- 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x12, 0x22, 0x43, 0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c,
- 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e,
- 0x41, 0x4c, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45,
- 0x50, 0x45, 0x41, 0x54, 0x45, 0x44, 0x10, 0x03, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45,
- 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x22, 0x63, 0x0a, 0x14,
- 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
- 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
- 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69,
- 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f,
- 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
- 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
- 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
- 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a,
- 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45,
- 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
- 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36,
- 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
- 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
- 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
- 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
- 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
- 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64,
- 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
- 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65,
- 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e,
- 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12,
- 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05,
- 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01,
- 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d,
- 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
- 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
- 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62,
- 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72,
- 0x12, 0x3b, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
- 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74,
- 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01,
- 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
- 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
- 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06,
- 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d,
- 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
- 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07,
- 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
- 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07,
- 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68,
- 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74,
- 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74,
- 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74,
- 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74,
- 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75,
- 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
- 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f,
- 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
- 0x30, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d,
- 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
- 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e,
- 0x67, 0x12, 0x30, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65,
- 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
- 0x73, 0x65, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d,
- 0x69, 0x6e, 0x67, 0x22, 0xad, 0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69,
- 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b,
- 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50,
- 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f,
- 0x75, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08,
- 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43,
- 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61,
- 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18,
- 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61,
- 0x76, 0x61, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12,
- 0x44, 0x0a, 0x1d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65,
- 0x5f, 0x65, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68,
- 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61,
- 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x45, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e,
- 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74,
- 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18,
- 0x1b, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61,
- 0x76, 0x61, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66,
- 0x38, 0x12, 0x53, 0x0a, 0x0c, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f,
- 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
- 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70,
- 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f,
- 0x64, 0x65, 0x3a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d,
- 0x69, 0x7a, 0x65, 0x46, 0x6f, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63,
- 0x6b, 0x61, 0x67, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61,
- 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65,
- 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01,
- 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e,
- 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15,
- 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72,
- 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
- 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53,
- 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65,
- 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12,
- 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x25,
- 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x17, 0x20, 0x01,
- 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65,
- 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, 0x65, 0x6e, 0x61, 0x62,
- 0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x3a,
- 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41,
- 0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x63, 0x5f, 0x63, 0x6c,
- 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09,
- 0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69,
- 0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
- 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x73, 0x68,
- 0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c,
- 0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x27, 0x20, 0x01,
- 0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
- 0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65,
- 0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x68, 0x70, 0x43, 0x6c,
- 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x68, 0x70,
- 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09,
- 0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34,
- 0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x6e,
- 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14,
- 0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, 0x61, 0x6d, 0x65, 0x73,
- 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x70, 0x61, 0x63,
- 0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x75, 0x62, 0x79,
- 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75,
- 0x72, 0x65, 0x73, 0x18, 0x32, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74,
- 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73,
- 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65,
- 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32,
- 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
- 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
- 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70,
- 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50,
- 0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49,
- 0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e,
- 0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80,
- 0x02, 0x4a, 0x04, 0x08, 0x2a, 0x10, 0x2b, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x52, 0x14, 0x70,
- 0x68, 0x70, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
- 0x63, 0x65, 0x73, 0x22, 0xf4, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f,
- 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67,
- 0x65, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61,
- 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14,
- 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f,
- 0x72, 0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64,
- 0x61, 0x72, 0x64, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61,
- 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
- 0x61, 0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64,
- 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73,
- 0x6f, 0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
- 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
- 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70,
- 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61,
- 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63,
- 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
- 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73,
- 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72,
- 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e,
- 0x46, 0x69, 0x65, 0x6c, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x37,
- 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b,
- 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
- 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66,
- 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74,
- 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
- 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
- 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e,
- 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
- 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04,
- 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x4a, 0x04,
- 0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0x9d, 0x0d, 0x0a, 0x0c, 0x46,
- 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63,
- 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f,
- 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65,
- 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a,
- 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16,
- 0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06,
- 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65,
- 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70,
- 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53,
- 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12,
- 0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
- 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f, 0x75, 0x6e,
- 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x0f, 0x20,
- 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e, 0x76, 0x65,
- 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
- 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
- 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
- 0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a,
- 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x28, 0x0a, 0x0c,
- 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x10, 0x20, 0x01,
- 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62, 0x75, 0x67,
- 0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
- 0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c,
- 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52,
- 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
- 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x13,
- 0x20, 0x03, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69,
- 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74,
- 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x12, 0x57, 0x0a,
- 0x10, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
- 0x73, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
- 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f,
- 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65,
- 0x66, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x0f, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65,
- 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72,
- 0x65, 0x73, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
- 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75,
- 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12,
- 0x55, 0x0a, 0x0f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f,
- 0x72, 0x74, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
- 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
- 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53,
- 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0e, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53,
- 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65,
- 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7,
- 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
- 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70,
- 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69,
- 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
- 0x1a, 0x5a, 0x0a, 0x0e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75,
- 0x6c, 0x74, 0x12, 0x32, 0x0a, 0x07, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20,
- 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
- 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x65,
- 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
- 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x96, 0x02, 0x0a,
- 0x0e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12,
- 0x47, 0x0a, 0x12, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x74, 0x72, 0x6f,
- 0x64, 0x75, 0x63, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64,
- 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e,
- 0x74, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x12, 0x65, 0x64, 0x69, 0x74,
- 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x02,
- 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11,
- 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
- 0x64, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
- 0x5f, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12,
- 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x57, 0x61, 0x72, 0x6e, 0x69,
- 0x6e, 0x67, 0x12, 0x41, 0x0a, 0x0f, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65,
- 0x6d, 0x6f, 0x76, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64,
- 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
- 0x6d, 0x6f, 0x76, 0x65, 0x64, 0x22, 0x2f, 0x0a, 0x05, 0x43, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a,
- 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x43, 0x4f,
- 0x52, 0x44, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x50,
- 0x49, 0x45, 0x43, 0x45, 0x10, 0x02, 0x22, 0x35, 0x0a, 0x06, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65,
- 0x12, 0x0d, 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x10, 0x00, 0x12,
- 0x0d, 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0d,
- 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x55, 0x4d, 0x42, 0x45, 0x52, 0x10, 0x02, 0x22, 0x55, 0x0a,
- 0x0f, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
- 0x12, 0x15, 0x0a, 0x11, 0x52, 0x45, 0x54, 0x45, 0x4e, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e,
- 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x52, 0x45, 0x54, 0x45, 0x4e,
- 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x01, 0x12, 0x14,
- 0x0a, 0x10, 0x52, 0x45, 0x54, 0x45, 0x4e, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x4f, 0x55, 0x52,
- 0x43, 0x45, 0x10, 0x02, 0x22, 0x8c, 0x02, 0x0a, 0x10, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54,
- 0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52,
- 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e,
- 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50,
- 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x41, 0x52, 0x47,
- 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x4e, 0x53, 0x49, 0x4f,
- 0x4e, 0x5f, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x10, 0x02, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52,
- 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45,
- 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50,
- 0x45, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x41, 0x52,
- 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4f, 0x4e, 0x45, 0x4f, 0x46, 0x10, 0x05,
- 0x12, 0x14, 0x0a, 0x10, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
- 0x45, 0x4e, 0x55, 0x4d, 0x10, 0x06, 0x12, 0x1a, 0x0a, 0x16, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54,
- 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x4e, 0x54, 0x52, 0x59,
- 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50,
- 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x10, 0x08, 0x12, 0x16, 0x0a, 0x12, 0x54,
- 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f,
- 0x44, 0x10, 0x09, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04,
- 0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x12, 0x10, 0x13, 0x22, 0xac, 0x01, 0x0a, 0x0c, 0x4f,
- 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66,
- 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
- 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74,
- 0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70,
- 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20,
- 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
- 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
- 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74,
- 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09,
- 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xd1, 0x02, 0x0a, 0x0b, 0x45, 0x6e,
- 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c,
- 0x6f, 0x77, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a,
- 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
- 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
- 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
- 0x64, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f,
- 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c,
- 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28,
- 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
- 0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64,
- 0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61,
- 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65,
- 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72,
- 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
- 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28,
- 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65,
- 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
- 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8,
- 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x22, 0xd8, 0x02,
- 0x0a, 0x10, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f,
- 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
- 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
- 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61,
- 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65,
- 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72,
- 0x65, 0x73, 0x12, 0x28, 0x0a, 0x0c, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61,
- 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52,
- 0x0b, 0x64, 0x65, 0x62, 0x75, 0x67, 0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x55, 0x0a, 0x0f,
- 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18,
- 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
- 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74,
- 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x75, 0x70, 0x70,
- 0x6f, 0x72, 0x74, 0x52, 0x0e, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x75, 0x70, 0x70,
- 0x6f, 0x72, 0x74, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
- 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03,
- 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
- 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65,
- 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08,
- 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xd5, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72,
- 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66,
- 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
- 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74,
- 0x75, 0x72, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74,
- 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52,
- 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58, 0x0a, 0x14, 0x75,
- 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74,
- 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
- 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69,
- 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
- 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
- 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02,
- 0x22, 0x99, 0x03, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
- 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
- 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
- 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x71, 0x0a, 0x11, 0x69, 0x64, 0x65,
- 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x22,
- 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74,
- 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79,
- 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x3a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e,
- 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x52, 0x10, 0x69, 0x64, 0x65, 0x6d,
- 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x37, 0x0a, 0x08,
- 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61,
- 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
- 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07,
- 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
- 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e,
- 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22,
- 0x50, 0x0a, 0x10, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65,
- 0x76, 0x65, 0x6c, 0x12, 0x17, 0x0a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e,
- 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f,
- 0x4e, 0x4f, 0x5f, 0x53, 0x49, 0x44, 0x45, 0x5f, 0x45, 0x46, 0x46, 0x45, 0x43, 0x54, 0x53, 0x10,
- 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x54, 0x10,
- 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x9a, 0x03, 0x0a,
- 0x13, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70,
- 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x03,
- 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
- 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72,
- 0x74, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x64, 0x65, 0x6e, 0x74,
- 0x69, 0x66, 0x69, 0x65, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
- 0x09, 0x52, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c,
- 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69,
- 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10,
- 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65,
- 0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74,
- 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x6e, 0x65,
- 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21,
- 0x0a, 0x0c, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06,
- 0x20, 0x01, 0x28, 0x01, 0x52, 0x0b, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75,
- 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75,
- 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56,
- 0x61, 0x6c, 0x75, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74,
- 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61,
- 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x4a, 0x0a,
- 0x08, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x61, 0x6d,
- 0x65, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x61,
- 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x73, 0x5f, 0x65, 0x78, 0x74,
- 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73,
- 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xa7, 0x0a, 0x0a, 0x0a, 0x46, 0x65,
- 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x12, 0x91, 0x01, 0x0a, 0x0e, 0x66, 0x69, 0x65,
- 0x6c, 0x64, 0x5f, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
- 0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x46,
- 0x69, 0x65, 0x6c, 0x64, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x42, 0x3f, 0x88, 0x01,
- 0x01, 0x98, 0x01, 0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x45, 0x58, 0x50, 0x4c,
- 0x49, 0x43, 0x49, 0x54, 0x18, 0xe6, 0x07, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x49, 0x4d, 0x50, 0x4c,
- 0x49, 0x43, 0x49, 0x54, 0x18, 0xe7, 0x07, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x45, 0x58, 0x50, 0x4c,
- 0x49, 0x43, 0x49, 0x54, 0x18, 0xe8, 0x07, 0xb2, 0x01, 0x03, 0x08, 0xe8, 0x07, 0x52, 0x0d, 0x66,
- 0x69, 0x65, 0x6c, 0x64, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x6c, 0x0a, 0x09,
- 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32,
- 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x45, 0x6e, 0x75,
- 0x6d, 0x54, 0x79, 0x70, 0x65, 0x42, 0x29, 0x88, 0x01, 0x01, 0x98, 0x01, 0x06, 0x98, 0x01, 0x01,
- 0xa2, 0x01, 0x0b, 0x12, 0x06, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x18, 0xe6, 0x07, 0xa2, 0x01,
- 0x09, 0x12, 0x04, 0x4f, 0x50, 0x45, 0x4e, 0x18, 0xe7, 0x07, 0xb2, 0x01, 0x03, 0x08, 0xe8, 0x07,
- 0x52, 0x08, 0x65, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x98, 0x01, 0x0a, 0x17, 0x72,
- 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x65, 0x6e,
- 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
- 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x52, 0x65, 0x70, 0x65, 0x61, 0x74,
- 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x42,
- 0x2d, 0x88, 0x01, 0x01, 0x98, 0x01, 0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x45,
- 0x58, 0x50, 0x41, 0x4e, 0x44, 0x45, 0x44, 0x18, 0xe6, 0x07, 0xa2, 0x01, 0x0b, 0x12, 0x06, 0x50,
- 0x41, 0x43, 0x4b, 0x45, 0x44, 0x18, 0xe7, 0x07, 0xb2, 0x01, 0x03, 0x08, 0xe8, 0x07, 0x52, 0x15,
- 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x45, 0x6e, 0x63,
- 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x7e, 0x0a, 0x0f, 0x75, 0x74, 0x66, 0x38, 0x5f, 0x76, 0x61,
- 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x55, 0x74, 0x66, 0x38,
- 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x29, 0x88, 0x01, 0x01, 0x98,
- 0x01, 0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x09, 0x12, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x18, 0xe6,
- 0x07, 0xa2, 0x01, 0x0b, 0x12, 0x06, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x18, 0xe7, 0x07, 0xb2,
- 0x01, 0x03, 0x08, 0xe8, 0x07, 0x52, 0x0e, 0x75, 0x74, 0x66, 0x38, 0x56, 0x61, 0x6c, 0x69, 0x64,
- 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x7e, 0x0a, 0x10, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
- 0x5f, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32,
- 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x4d, 0x65, 0x73,
- 0x73, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x42, 0x26, 0x88, 0x01,
- 0x01, 0x98, 0x01, 0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x14, 0x12, 0x0f, 0x4c, 0x45, 0x4e, 0x47,
- 0x54, 0x48, 0x5f, 0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x45, 0x44, 0x18, 0xe6, 0x07, 0xb2, 0x01,
- 0x03, 0x08, 0xe8, 0x07, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x63,
- 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x82, 0x01, 0x0a, 0x0b, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66,
- 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65,
- 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x6f, 0x72,
- 0x6d, 0x61, 0x74, 0x42, 0x39, 0x88, 0x01, 0x01, 0x98, 0x01, 0x03, 0x98, 0x01, 0x06, 0x98, 0x01,
- 0x01, 0xa2, 0x01, 0x17, 0x12, 0x12, 0x4c, 0x45, 0x47, 0x41, 0x43, 0x59, 0x5f, 0x42, 0x45, 0x53,
- 0x54, 0x5f, 0x45, 0x46, 0x46, 0x4f, 0x52, 0x54, 0x18, 0xe6, 0x07, 0xa2, 0x01, 0x0a, 0x12, 0x05,
- 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x18, 0xe7, 0x07, 0xb2, 0x01, 0x03, 0x08, 0xe8, 0x07, 0x52, 0x0a,
- 0x6a, 0x73, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x22, 0x5c, 0x0a, 0x0d, 0x46, 0x69,
- 0x65, 0x6c, 0x64, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x46,
- 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x50, 0x52, 0x45, 0x53, 0x45, 0x4e, 0x43, 0x45, 0x5f, 0x55, 0x4e,
- 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x45, 0x58, 0x50, 0x4c, 0x49,
- 0x43, 0x49, 0x54, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x4d, 0x50, 0x4c, 0x49, 0x43, 0x49,
- 0x54, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x4c, 0x45, 0x47, 0x41, 0x43, 0x59, 0x5f, 0x52, 0x45,
- 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x03, 0x22, 0x37, 0x0a, 0x08, 0x45, 0x6e, 0x75, 0x6d,
- 0x54, 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x54, 0x59, 0x50,
- 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x4f,
- 0x50, 0x45, 0x4e, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x10,
- 0x02, 0x22, 0x56, 0x0a, 0x15, 0x52, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65,
- 0x6c, 0x64, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x23, 0x0a, 0x1f, 0x52, 0x45,
- 0x50, 0x45, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x45, 0x4e, 0x43,
- 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12,
- 0x0a, 0x0a, 0x06, 0x50, 0x41, 0x43, 0x4b, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x45,
- 0x58, 0x50, 0x41, 0x4e, 0x44, 0x45, 0x44, 0x10, 0x02, 0x22, 0x49, 0x0a, 0x0e, 0x55, 0x74, 0x66,
- 0x38, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, 0x17, 0x55,
- 0x54, 0x46, 0x38, 0x5f, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55,
- 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x56, 0x45, 0x52, 0x49,
- 0x46, 0x59, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x03, 0x22, 0x04,
- 0x08, 0x01, 0x10, 0x01, 0x22, 0x53, 0x0a, 0x0f, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x45,
- 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x45, 0x53, 0x53, 0x41,
- 0x47, 0x45, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x55, 0x4e, 0x4b, 0x4e,
- 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x4c, 0x45, 0x4e, 0x47, 0x54, 0x48, 0x5f,
- 0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x44, 0x45,
- 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x45, 0x44, 0x10, 0x02, 0x22, 0x48, 0x0a, 0x0a, 0x4a, 0x73, 0x6f,
- 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x17, 0x0a, 0x13, 0x4a, 0x53, 0x4f, 0x4e, 0x5f,
- 0x46, 0x4f, 0x52, 0x4d, 0x41, 0x54, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00,
- 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4c,
- 0x45, 0x47, 0x41, 0x43, 0x59, 0x5f, 0x42, 0x45, 0x53, 0x54, 0x5f, 0x45, 0x46, 0x46, 0x4f, 0x52,
- 0x54, 0x10, 0x02, 0x2a, 0x06, 0x08, 0xe8, 0x07, 0x10, 0x8b, 0x4e, 0x2a, 0x06, 0x08, 0x8b, 0x4e,
- 0x10, 0x90, 0x4e, 0x2a, 0x06, 0x08, 0x90, 0x4e, 0x10, 0x91, 0x4e, 0x4a, 0x06, 0x08, 0xe7, 0x07,
- 0x10, 0xe8, 0x07, 0x22, 0xef, 0x03, 0x0a, 0x12, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53,
- 0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x08, 0x64, 0x65,
- 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
- 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
- 0x73, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x45, 0x64, 0x69, 0x74,
- 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x08, 0x64, 0x65, 0x66, 0x61,
- 0x75, 0x6c, 0x74, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f,
- 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
- 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d,
- 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d,
- 0x75, 0x6d, 0x5f, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e,
- 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
- 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x69,
- 0x6d, 0x75, 0x6d, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xf8, 0x01, 0x0a, 0x18, 0x46,
- 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
- 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x32, 0x0a, 0x07, 0x65, 0x64, 0x69, 0x74, 0x69,
- 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
- 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69,
- 0x6f, 0x6e, 0x52, 0x07, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x14, 0x6f,
- 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75,
- 0x72, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74,
- 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x13, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x61,
- 0x62, 0x6c, 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x42, 0x0a, 0x0e, 0x66,
- 0x69, 0x78, 0x65, 0x64, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20,
- 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
- 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74,
- 0x52, 0x0d, 0x66, 0x69, 0x78, 0x65, 0x64, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x4a,
- 0x04, 0x08, 0x01, 0x10, 0x02, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x08, 0x66, 0x65, 0x61,
- 0x74, 0x75, 0x72, 0x65, 0x73, 0x22, 0xa7, 0x02, 0x0a, 0x0e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65,
- 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6f, 0x6f,
- 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75,
- 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x4c, 0x6f, 0x63, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xce,
- 0x01, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70,
- 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70,
- 0x61, 0x74, 0x68, 0x12, 0x16, 0x0a, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28,
- 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x12, 0x29, 0x0a, 0x10, 0x6c,
- 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18,
- 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f,
- 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69,
- 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28,
- 0x09, 0x52, 0x10, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64,
- 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73,
- 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x44,
- 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22,
- 0xd0, 0x02, 0x0a, 0x11, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64,
- 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x4d, 0x0a, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65,
- 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e,
- 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xeb, 0x01, 0x0a, 0x0a, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28,
- 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x73,
- 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
- 0x52, 0x0a, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05,
- 0x62, 0x65, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x62, 0x65, 0x67,
- 0x69, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52,
- 0x03, 0x65, 0x6e, 0x64, 0x12, 0x52, 0x0a, 0x08, 0x73, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63,
- 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
- 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74,
- 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x52, 0x08,
- 0x73, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x22, 0x28, 0x0a, 0x08, 0x53, 0x65, 0x6d, 0x61,
- 0x6e, 0x74, 0x69, 0x63, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x07,
- 0x0a, 0x03, 0x53, 0x45, 0x54, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x49, 0x41, 0x53,
- 0x10, 0x02, 0x2a, 0xa7, 0x02, 0x0a, 0x07, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x13,
- 0x0a, 0x0f, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57,
- 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0e, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4c,
- 0x45, 0x47, 0x41, 0x43, 0x59, 0x10, 0x84, 0x07, 0x12, 0x13, 0x0a, 0x0e, 0x45, 0x44, 0x49, 0x54,
- 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x32, 0x10, 0xe6, 0x07, 0x12, 0x13, 0x0a,
- 0x0e, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x33, 0x10,
- 0xe7, 0x07, 0x12, 0x11, 0x0a, 0x0c, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x32, 0x30,
- 0x32, 0x33, 0x10, 0xe8, 0x07, 0x12, 0x11, 0x0a, 0x0c, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e,
- 0x5f, 0x32, 0x30, 0x32, 0x34, 0x10, 0xe9, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x45, 0x44, 0x49, 0x54,
- 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10,
- 0x01, 0x12, 0x17, 0x0a, 0x13, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x32, 0x5f, 0x54,
- 0x45, 0x53, 0x54, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x02, 0x12, 0x1d, 0x0a, 0x17, 0x45, 0x44,
- 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x39, 0x39, 0x39, 0x39, 0x37, 0x5f, 0x54, 0x45, 0x53, 0x54,
- 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x9d, 0x8d, 0x06, 0x12, 0x1d, 0x0a, 0x17, 0x45, 0x44, 0x49,
- 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x39, 0x39, 0x39, 0x39, 0x38, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f,
- 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x9e, 0x8d, 0x06, 0x12, 0x1d, 0x0a, 0x17, 0x45, 0x44, 0x49, 0x54,
- 0x49, 0x4f, 0x4e, 0x5f, 0x39, 0x39, 0x39, 0x39, 0x39, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4f,
- 0x4e, 0x4c, 0x59, 0x10, 0x9f, 0x8d, 0x06, 0x12, 0x13, 0x0a, 0x0b, 0x45, 0x44, 0x49, 0x54, 0x49,
- 0x4f, 0x4e, 0x5f, 0x4d, 0x41, 0x58, 0x10, 0xff, 0xff, 0xff, 0xff, 0x07, 0x42, 0x7e, 0x0a, 0x13,
- 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x62, 0x75, 0x66, 0x42, 0x10, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
- 0x72, 0x6f, 0x74, 0x6f, 0x73, 0x48, 0x01, 0x5a, 0x2d, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
- 0x70, 0x74, 0x6f, 0x72, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2, 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa,
- 0x02, 0x1a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2e, 0x52, 0x65, 0x66, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-}
+const file_google_protobuf_descriptor_proto_rawDesc = "" +
+ "\n" +
+ " google/protobuf/descriptor.proto\x12\x0fgoogle.protobuf\"[\n" +
+ "\x11FileDescriptorSet\x128\n" +
+ "\x04file\x18\x01 \x03(\v2$.google.protobuf.FileDescriptorProtoR\x04file*\f\b\x80\xec\xca\xff\x01\x10\x81\xec\xca\xff\x01\"\x98\x05\n" +
+ "\x13FileDescriptorProto\x12\x12\n" +
+ "\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n" +
+ "\apackage\x18\x02 \x01(\tR\apackage\x12\x1e\n" +
+ "\n" +
+ "dependency\x18\x03 \x03(\tR\n" +
+ "dependency\x12+\n" +
+ "\x11public_dependency\x18\n" +
+ " \x03(\x05R\x10publicDependency\x12'\n" +
+ "\x0fweak_dependency\x18\v \x03(\x05R\x0eweakDependency\x12C\n" +
+ "\fmessage_type\x18\x04 \x03(\v2 .google.protobuf.DescriptorProtoR\vmessageType\x12A\n" +
+ "\tenum_type\x18\x05 \x03(\v2$.google.protobuf.EnumDescriptorProtoR\benumType\x12A\n" +
+ "\aservice\x18\x06 \x03(\v2'.google.protobuf.ServiceDescriptorProtoR\aservice\x12C\n" +
+ "\textension\x18\a \x03(\v2%.google.protobuf.FieldDescriptorProtoR\textension\x126\n" +
+ "\aoptions\x18\b \x01(\v2\x1c.google.protobuf.FileOptionsR\aoptions\x12I\n" +
+ "\x10source_code_info\x18\t \x01(\v2\x1f.google.protobuf.SourceCodeInfoR\x0esourceCodeInfo\x12\x16\n" +
+ "\x06syntax\x18\f \x01(\tR\x06syntax\x122\n" +
+ "\aedition\x18\x0e \x01(\x0e2\x18.google.protobuf.EditionR\aedition\"\xb9\x06\n" +
+ "\x0fDescriptorProto\x12\x12\n" +
+ "\x04name\x18\x01 \x01(\tR\x04name\x12;\n" +
+ "\x05field\x18\x02 \x03(\v2%.google.protobuf.FieldDescriptorProtoR\x05field\x12C\n" +
+ "\textension\x18\x06 \x03(\v2%.google.protobuf.FieldDescriptorProtoR\textension\x12A\n" +
+ "\vnested_type\x18\x03 \x03(\v2 .google.protobuf.DescriptorProtoR\n" +
+ "nestedType\x12A\n" +
+ "\tenum_type\x18\x04 \x03(\v2$.google.protobuf.EnumDescriptorProtoR\benumType\x12X\n" +
+ "\x0fextension_range\x18\x05 \x03(\v2/.google.protobuf.DescriptorProto.ExtensionRangeR\x0eextensionRange\x12D\n" +
+ "\n" +
+ "oneof_decl\x18\b \x03(\v2%.google.protobuf.OneofDescriptorProtoR\toneofDecl\x129\n" +
+ "\aoptions\x18\a \x01(\v2\x1f.google.protobuf.MessageOptionsR\aoptions\x12U\n" +
+ "\x0ereserved_range\x18\t \x03(\v2..google.protobuf.DescriptorProto.ReservedRangeR\rreservedRange\x12#\n" +
+ "\rreserved_name\x18\n" +
+ " \x03(\tR\freservedName\x1az\n" +
+ "\x0eExtensionRange\x12\x14\n" +
+ "\x05start\x18\x01 \x01(\x05R\x05start\x12\x10\n" +
+ "\x03end\x18\x02 \x01(\x05R\x03end\x12@\n" +
+ "\aoptions\x18\x03 \x01(\v2&.google.protobuf.ExtensionRangeOptionsR\aoptions\x1a7\n" +
+ "\rReservedRange\x12\x14\n" +
+ "\x05start\x18\x01 \x01(\x05R\x05start\x12\x10\n" +
+ "\x03end\x18\x02 \x01(\x05R\x03end\"\xcc\x04\n" +
+ "\x15ExtensionRangeOptions\x12X\n" +
+ "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption\x12Y\n" +
+ "\vdeclaration\x18\x02 \x03(\v22.google.protobuf.ExtensionRangeOptions.DeclarationB\x03\x88\x01\x02R\vdeclaration\x127\n" +
+ "\bfeatures\x182 \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12m\n" +
+ "\fverification\x18\x03 \x01(\x0e28.google.protobuf.ExtensionRangeOptions.VerificationState:\n" +
+ "UNVERIFIEDB\x03\x88\x01\x02R\fverification\x1a\x94\x01\n" +
+ "\vDeclaration\x12\x16\n" +
+ "\x06number\x18\x01 \x01(\x05R\x06number\x12\x1b\n" +
+ "\tfull_name\x18\x02 \x01(\tR\bfullName\x12\x12\n" +
+ "\x04type\x18\x03 \x01(\tR\x04type\x12\x1a\n" +
+ "\breserved\x18\x05 \x01(\bR\breserved\x12\x1a\n" +
+ "\brepeated\x18\x06 \x01(\bR\brepeatedJ\x04\b\x04\x10\x05\"4\n" +
+ "\x11VerificationState\x12\x0f\n" +
+ "\vDECLARATION\x10\x00\x12\x0e\n" +
+ "\n" +
+ "UNVERIFIED\x10\x01*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xc1\x06\n" +
+ "\x14FieldDescriptorProto\x12\x12\n" +
+ "\x04name\x18\x01 \x01(\tR\x04name\x12\x16\n" +
+ "\x06number\x18\x03 \x01(\x05R\x06number\x12A\n" +
+ "\x05label\x18\x04 \x01(\x0e2+.google.protobuf.FieldDescriptorProto.LabelR\x05label\x12>\n" +
+ "\x04type\x18\x05 \x01(\x0e2*.google.protobuf.FieldDescriptorProto.TypeR\x04type\x12\x1b\n" +
+ "\ttype_name\x18\x06 \x01(\tR\btypeName\x12\x1a\n" +
+ "\bextendee\x18\x02 \x01(\tR\bextendee\x12#\n" +
+ "\rdefault_value\x18\a \x01(\tR\fdefaultValue\x12\x1f\n" +
+ "\voneof_index\x18\t \x01(\x05R\n" +
+ "oneofIndex\x12\x1b\n" +
+ "\tjson_name\x18\n" +
+ " \x01(\tR\bjsonName\x127\n" +
+ "\aoptions\x18\b \x01(\v2\x1d.google.protobuf.FieldOptionsR\aoptions\x12'\n" +
+ "\x0fproto3_optional\x18\x11 \x01(\bR\x0eproto3Optional\"\xb6\x02\n" +
+ "\x04Type\x12\x0f\n" +
+ "\vTYPE_DOUBLE\x10\x01\x12\x0e\n" +
+ "\n" +
+ "TYPE_FLOAT\x10\x02\x12\x0e\n" +
+ "\n" +
+ "TYPE_INT64\x10\x03\x12\x0f\n" +
+ "\vTYPE_UINT64\x10\x04\x12\x0e\n" +
+ "\n" +
+ "TYPE_INT32\x10\x05\x12\x10\n" +
+ "\fTYPE_FIXED64\x10\x06\x12\x10\n" +
+ "\fTYPE_FIXED32\x10\a\x12\r\n" +
+ "\tTYPE_BOOL\x10\b\x12\x0f\n" +
+ "\vTYPE_STRING\x10\t\x12\x0e\n" +
+ "\n" +
+ "TYPE_GROUP\x10\n" +
+ "\x12\x10\n" +
+ "\fTYPE_MESSAGE\x10\v\x12\x0e\n" +
+ "\n" +
+ "TYPE_BYTES\x10\f\x12\x0f\n" +
+ "\vTYPE_UINT32\x10\r\x12\r\n" +
+ "\tTYPE_ENUM\x10\x0e\x12\x11\n" +
+ "\rTYPE_SFIXED32\x10\x0f\x12\x11\n" +
+ "\rTYPE_SFIXED64\x10\x10\x12\x0f\n" +
+ "\vTYPE_SINT32\x10\x11\x12\x0f\n" +
+ "\vTYPE_SINT64\x10\x12\"C\n" +
+ "\x05Label\x12\x12\n" +
+ "\x0eLABEL_OPTIONAL\x10\x01\x12\x12\n" +
+ "\x0eLABEL_REPEATED\x10\x03\x12\x12\n" +
+ "\x0eLABEL_REQUIRED\x10\x02\"c\n" +
+ "\x14OneofDescriptorProto\x12\x12\n" +
+ "\x04name\x18\x01 \x01(\tR\x04name\x127\n" +
+ "\aoptions\x18\x02 \x01(\v2\x1d.google.protobuf.OneofOptionsR\aoptions\"\xe3\x02\n" +
+ "\x13EnumDescriptorProto\x12\x12\n" +
+ "\x04name\x18\x01 \x01(\tR\x04name\x12?\n" +
+ "\x05value\x18\x02 \x03(\v2).google.protobuf.EnumValueDescriptorProtoR\x05value\x126\n" +
+ "\aoptions\x18\x03 \x01(\v2\x1c.google.protobuf.EnumOptionsR\aoptions\x12]\n" +
+ "\x0ereserved_range\x18\x04 \x03(\v26.google.protobuf.EnumDescriptorProto.EnumReservedRangeR\rreservedRange\x12#\n" +
+ "\rreserved_name\x18\x05 \x03(\tR\freservedName\x1a;\n" +
+ "\x11EnumReservedRange\x12\x14\n" +
+ "\x05start\x18\x01 \x01(\x05R\x05start\x12\x10\n" +
+ "\x03end\x18\x02 \x01(\x05R\x03end\"\x83\x01\n" +
+ "\x18EnumValueDescriptorProto\x12\x12\n" +
+ "\x04name\x18\x01 \x01(\tR\x04name\x12\x16\n" +
+ "\x06number\x18\x02 \x01(\x05R\x06number\x12;\n" +
+ "\aoptions\x18\x03 \x01(\v2!.google.protobuf.EnumValueOptionsR\aoptions\"\xa7\x01\n" +
+ "\x16ServiceDescriptorProto\x12\x12\n" +
+ "\x04name\x18\x01 \x01(\tR\x04name\x12>\n" +
+ "\x06method\x18\x02 \x03(\v2&.google.protobuf.MethodDescriptorProtoR\x06method\x129\n" +
+ "\aoptions\x18\x03 \x01(\v2\x1f.google.protobuf.ServiceOptionsR\aoptions\"\x89\x02\n" +
+ "\x15MethodDescriptorProto\x12\x12\n" +
+ "\x04name\x18\x01 \x01(\tR\x04name\x12\x1d\n" +
+ "\n" +
+ "input_type\x18\x02 \x01(\tR\tinputType\x12\x1f\n" +
+ "\voutput_type\x18\x03 \x01(\tR\n" +
+ "outputType\x128\n" +
+ "\aoptions\x18\x04 \x01(\v2\x1e.google.protobuf.MethodOptionsR\aoptions\x120\n" +
+ "\x10client_streaming\x18\x05 \x01(\b:\x05falseR\x0fclientStreaming\x120\n" +
+ "\x10server_streaming\x18\x06 \x01(\b:\x05falseR\x0fserverStreaming\"\xad\t\n" +
+ "\vFileOptions\x12!\n" +
+ "\fjava_package\x18\x01 \x01(\tR\vjavaPackage\x120\n" +
+ "\x14java_outer_classname\x18\b \x01(\tR\x12javaOuterClassname\x125\n" +
+ "\x13java_multiple_files\x18\n" +
+ " \x01(\b:\x05falseR\x11javaMultipleFiles\x12D\n" +
+ "\x1djava_generate_equals_and_hash\x18\x14 \x01(\bB\x02\x18\x01R\x19javaGenerateEqualsAndHash\x12:\n" +
+ "\x16java_string_check_utf8\x18\x1b \x01(\b:\x05falseR\x13javaStringCheckUtf8\x12S\n" +
+ "\foptimize_for\x18\t \x01(\x0e2).google.protobuf.FileOptions.OptimizeMode:\x05SPEEDR\voptimizeFor\x12\x1d\n" +
+ "\n" +
+ "go_package\x18\v \x01(\tR\tgoPackage\x125\n" +
+ "\x13cc_generic_services\x18\x10 \x01(\b:\x05falseR\x11ccGenericServices\x129\n" +
+ "\x15java_generic_services\x18\x11 \x01(\b:\x05falseR\x13javaGenericServices\x125\n" +
+ "\x13py_generic_services\x18\x12 \x01(\b:\x05falseR\x11pyGenericServices\x12%\n" +
+ "\n" +
+ "deprecated\x18\x17 \x01(\b:\x05falseR\n" +
+ "deprecated\x12.\n" +
+ "\x10cc_enable_arenas\x18\x1f \x01(\b:\x04trueR\x0eccEnableArenas\x12*\n" +
+ "\x11objc_class_prefix\x18$ \x01(\tR\x0fobjcClassPrefix\x12)\n" +
+ "\x10csharp_namespace\x18% \x01(\tR\x0fcsharpNamespace\x12!\n" +
+ "\fswift_prefix\x18' \x01(\tR\vswiftPrefix\x12(\n" +
+ "\x10php_class_prefix\x18( \x01(\tR\x0ephpClassPrefix\x12#\n" +
+ "\rphp_namespace\x18) \x01(\tR\fphpNamespace\x124\n" +
+ "\x16php_metadata_namespace\x18, \x01(\tR\x14phpMetadataNamespace\x12!\n" +
+ "\fruby_package\x18- \x01(\tR\vrubyPackage\x127\n" +
+ "\bfeatures\x182 \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12X\n" +
+ "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption\":\n" +
+ "\fOptimizeMode\x12\t\n" +
+ "\x05SPEED\x10\x01\x12\r\n" +
+ "\tCODE_SIZE\x10\x02\x12\x10\n" +
+ "\fLITE_RUNTIME\x10\x03*\t\b\xe8\a\x10\x80\x80\x80\x80\x02J\x04\b*\x10+J\x04\b&\x10'R\x14php_generic_services\"\xf4\x03\n" +
+ "\x0eMessageOptions\x12<\n" +
+ "\x17message_set_wire_format\x18\x01 \x01(\b:\x05falseR\x14messageSetWireFormat\x12L\n" +
+ "\x1fno_standard_descriptor_accessor\x18\x02 \x01(\b:\x05falseR\x1cnoStandardDescriptorAccessor\x12%\n" +
+ "\n" +
+ "deprecated\x18\x03 \x01(\b:\x05falseR\n" +
+ "deprecated\x12\x1b\n" +
+ "\tmap_entry\x18\a \x01(\bR\bmapEntry\x12V\n" +
+ "&deprecated_legacy_json_field_conflicts\x18\v \x01(\bB\x02\x18\x01R\"deprecatedLegacyJsonFieldConflicts\x127\n" +
+ "\bfeatures\x18\f \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12X\n" +
+ "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption*\t\b\xe8\a\x10\x80\x80\x80\x80\x02J\x04\b\x04\x10\x05J\x04\b\x05\x10\x06J\x04\b\x06\x10\aJ\x04\b\b\x10\tJ\x04\b\t\x10\n" +
+ "\"\x9d\r\n" +
+ "\fFieldOptions\x12A\n" +
+ "\x05ctype\x18\x01 \x01(\x0e2#.google.protobuf.FieldOptions.CType:\x06STRINGR\x05ctype\x12\x16\n" +
+ "\x06packed\x18\x02 \x01(\bR\x06packed\x12G\n" +
+ "\x06jstype\x18\x06 \x01(\x0e2$.google.protobuf.FieldOptions.JSType:\tJS_NORMALR\x06jstype\x12\x19\n" +
+ "\x04lazy\x18\x05 \x01(\b:\x05falseR\x04lazy\x12.\n" +
+ "\x0funverified_lazy\x18\x0f \x01(\b:\x05falseR\x0eunverifiedLazy\x12%\n" +
+ "\n" +
+ "deprecated\x18\x03 \x01(\b:\x05falseR\n" +
+ "deprecated\x12\x19\n" +
+ "\x04weak\x18\n" +
+ " \x01(\b:\x05falseR\x04weak\x12(\n" +
+ "\fdebug_redact\x18\x10 \x01(\b:\x05falseR\vdebugRedact\x12K\n" +
+ "\tretention\x18\x11 \x01(\x0e2-.google.protobuf.FieldOptions.OptionRetentionR\tretention\x12H\n" +
+ "\atargets\x18\x13 \x03(\x0e2..google.protobuf.FieldOptions.OptionTargetTypeR\atargets\x12W\n" +
+ "\x10edition_defaults\x18\x14 \x03(\v2,.google.protobuf.FieldOptions.EditionDefaultR\x0feditionDefaults\x127\n" +
+ "\bfeatures\x18\x15 \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12U\n" +
+ "\x0ffeature_support\x18\x16 \x01(\v2,.google.protobuf.FieldOptions.FeatureSupportR\x0efeatureSupport\x12X\n" +
+ "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption\x1aZ\n" +
+ "\x0eEditionDefault\x122\n" +
+ "\aedition\x18\x03 \x01(\x0e2\x18.google.protobuf.EditionR\aedition\x12\x14\n" +
+ "\x05value\x18\x02 \x01(\tR\x05value\x1a\x96\x02\n" +
+ "\x0eFeatureSupport\x12G\n" +
+ "\x12edition_introduced\x18\x01 \x01(\x0e2\x18.google.protobuf.EditionR\x11editionIntroduced\x12G\n" +
+ "\x12edition_deprecated\x18\x02 \x01(\x0e2\x18.google.protobuf.EditionR\x11editionDeprecated\x12/\n" +
+ "\x13deprecation_warning\x18\x03 \x01(\tR\x12deprecationWarning\x12A\n" +
+ "\x0fedition_removed\x18\x04 \x01(\x0e2\x18.google.protobuf.EditionR\x0eeditionRemoved\"/\n" +
+ "\x05CType\x12\n" +
+ "\n" +
+ "\x06STRING\x10\x00\x12\b\n" +
+ "\x04CORD\x10\x01\x12\x10\n" +
+ "\fSTRING_PIECE\x10\x02\"5\n" +
+ "\x06JSType\x12\r\n" +
+ "\tJS_NORMAL\x10\x00\x12\r\n" +
+ "\tJS_STRING\x10\x01\x12\r\n" +
+ "\tJS_NUMBER\x10\x02\"U\n" +
+ "\x0fOptionRetention\x12\x15\n" +
+ "\x11RETENTION_UNKNOWN\x10\x00\x12\x15\n" +
+ "\x11RETENTION_RUNTIME\x10\x01\x12\x14\n" +
+ "\x10RETENTION_SOURCE\x10\x02\"\x8c\x02\n" +
+ "\x10OptionTargetType\x12\x17\n" +
+ "\x13TARGET_TYPE_UNKNOWN\x10\x00\x12\x14\n" +
+ "\x10TARGET_TYPE_FILE\x10\x01\x12\x1f\n" +
+ "\x1bTARGET_TYPE_EXTENSION_RANGE\x10\x02\x12\x17\n" +
+ "\x13TARGET_TYPE_MESSAGE\x10\x03\x12\x15\n" +
+ "\x11TARGET_TYPE_FIELD\x10\x04\x12\x15\n" +
+ "\x11TARGET_TYPE_ONEOF\x10\x05\x12\x14\n" +
+ "\x10TARGET_TYPE_ENUM\x10\x06\x12\x1a\n" +
+ "\x16TARGET_TYPE_ENUM_ENTRY\x10\a\x12\x17\n" +
+ "\x13TARGET_TYPE_SERVICE\x10\b\x12\x16\n" +
+ "\x12TARGET_TYPE_METHOD\x10\t*\t\b\xe8\a\x10\x80\x80\x80\x80\x02J\x04\b\x04\x10\x05J\x04\b\x12\x10\x13\"\xac\x01\n" +
+ "\fOneofOptions\x127\n" +
+ "\bfeatures\x18\x01 \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12X\n" +
+ "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xd1\x02\n" +
+ "\vEnumOptions\x12\x1f\n" +
+ "\vallow_alias\x18\x02 \x01(\bR\n" +
+ "allowAlias\x12%\n" +
+ "\n" +
+ "deprecated\x18\x03 \x01(\b:\x05falseR\n" +
+ "deprecated\x12V\n" +
+ "&deprecated_legacy_json_field_conflicts\x18\x06 \x01(\bB\x02\x18\x01R\"deprecatedLegacyJsonFieldConflicts\x127\n" +
+ "\bfeatures\x18\a \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12X\n" +
+ "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption*\t\b\xe8\a\x10\x80\x80\x80\x80\x02J\x04\b\x05\x10\x06\"\xd8\x02\n" +
+ "\x10EnumValueOptions\x12%\n" +
+ "\n" +
+ "deprecated\x18\x01 \x01(\b:\x05falseR\n" +
+ "deprecated\x127\n" +
+ "\bfeatures\x18\x02 \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12(\n" +
+ "\fdebug_redact\x18\x03 \x01(\b:\x05falseR\vdebugRedact\x12U\n" +
+ "\x0ffeature_support\x18\x04 \x01(\v2,.google.protobuf.FieldOptions.FeatureSupportR\x0efeatureSupport\x12X\n" +
+ "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xd5\x01\n" +
+ "\x0eServiceOptions\x127\n" +
+ "\bfeatures\x18\" \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12%\n" +
+ "\n" +
+ "deprecated\x18! \x01(\b:\x05falseR\n" +
+ "deprecated\x12X\n" +
+ "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\x99\x03\n" +
+ "\rMethodOptions\x12%\n" +
+ "\n" +
+ "deprecated\x18! \x01(\b:\x05falseR\n" +
+ "deprecated\x12q\n" +
+ "\x11idempotency_level\x18\" \x01(\x0e2/.google.protobuf.MethodOptions.IdempotencyLevel:\x13IDEMPOTENCY_UNKNOWNR\x10idempotencyLevel\x127\n" +
+ "\bfeatures\x18# \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12X\n" +
+ "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption\"P\n" +
+ "\x10IdempotencyLevel\x12\x17\n" +
+ "\x13IDEMPOTENCY_UNKNOWN\x10\x00\x12\x13\n" +
+ "\x0fNO_SIDE_EFFECTS\x10\x01\x12\x0e\n" +
+ "\n" +
+ "IDEMPOTENT\x10\x02*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\x9a\x03\n" +
+ "\x13UninterpretedOption\x12A\n" +
+ "\x04name\x18\x02 \x03(\v2-.google.protobuf.UninterpretedOption.NamePartR\x04name\x12)\n" +
+ "\x10identifier_value\x18\x03 \x01(\tR\x0fidentifierValue\x12,\n" +
+ "\x12positive_int_value\x18\x04 \x01(\x04R\x10positiveIntValue\x12,\n" +
+ "\x12negative_int_value\x18\x05 \x01(\x03R\x10negativeIntValue\x12!\n" +
+ "\fdouble_value\x18\x06 \x01(\x01R\vdoubleValue\x12!\n" +
+ "\fstring_value\x18\a \x01(\fR\vstringValue\x12'\n" +
+ "\x0faggregate_value\x18\b \x01(\tR\x0eaggregateValue\x1aJ\n" +
+ "\bNamePart\x12\x1b\n" +
+ "\tname_part\x18\x01 \x02(\tR\bnamePart\x12!\n" +
+ "\fis_extension\x18\x02 \x02(\bR\visExtension\"\xae\f\n" +
+ "\n" +
+ "FeatureSet\x12\x91\x01\n" +
+ "\x0efield_presence\x18\x01 \x01(\x0e2).google.protobuf.FeatureSet.FieldPresenceB?\x88\x01\x01\x98\x01\x04\x98\x01\x01\xa2\x01\r\x12\bEXPLICIT\x18\x84\a\xa2\x01\r\x12\bIMPLICIT\x18\xe7\a\xa2\x01\r\x12\bEXPLICIT\x18\xe8\a\xb2\x01\x03\b\xe8\aR\rfieldPresence\x12l\n" +
+ "\tenum_type\x18\x02 \x01(\x0e2$.google.protobuf.FeatureSet.EnumTypeB)\x88\x01\x01\x98\x01\x06\x98\x01\x01\xa2\x01\v\x12\x06CLOSED\x18\x84\a\xa2\x01\t\x12\x04OPEN\x18\xe7\a\xb2\x01\x03\b\xe8\aR\benumType\x12\x98\x01\n" +
+ "\x17repeated_field_encoding\x18\x03 \x01(\x0e21.google.protobuf.FeatureSet.RepeatedFieldEncodingB-\x88\x01\x01\x98\x01\x04\x98\x01\x01\xa2\x01\r\x12\bEXPANDED\x18\x84\a\xa2\x01\v\x12\x06PACKED\x18\xe7\a\xb2\x01\x03\b\xe8\aR\x15repeatedFieldEncoding\x12~\n" +
+ "\x0futf8_validation\x18\x04 \x01(\x0e2*.google.protobuf.FeatureSet.Utf8ValidationB)\x88\x01\x01\x98\x01\x04\x98\x01\x01\xa2\x01\t\x12\x04NONE\x18\x84\a\xa2\x01\v\x12\x06VERIFY\x18\xe7\a\xb2\x01\x03\b\xe8\aR\x0eutf8Validation\x12~\n" +
+ "\x10message_encoding\x18\x05 \x01(\x0e2+.google.protobuf.FeatureSet.MessageEncodingB&\x88\x01\x01\x98\x01\x04\x98\x01\x01\xa2\x01\x14\x12\x0fLENGTH_PREFIXED\x18\x84\a\xb2\x01\x03\b\xe8\aR\x0fmessageEncoding\x12\x82\x01\n" +
+ "\vjson_format\x18\x06 \x01(\x0e2&.google.protobuf.FeatureSet.JsonFormatB9\x88\x01\x01\x98\x01\x03\x98\x01\x06\x98\x01\x01\xa2\x01\x17\x12\x12LEGACY_BEST_EFFORT\x18\x84\a\xa2\x01\n" +
+ "\x12\x05ALLOW\x18\xe7\a\xb2\x01\x03\b\xe8\aR\n" +
+ "jsonFormat\x12\xab\x01\n" +
+ "\x14enforce_naming_style\x18\a \x01(\x0e2..google.protobuf.FeatureSet.EnforceNamingStyleBI\x88\x01\x02\x98\x01\x01\x98\x01\x02\x98\x01\x03\x98\x01\x04\x98\x01\x05\x98\x01\x06\x98\x01\a\x98\x01\b\x98\x01\t\xa2\x01\x11\x12\fSTYLE_LEGACY\x18\x84\a\xa2\x01\x0e\x12\tSTYLE2024\x18\xe9\a\xb2\x01\x03\b\xe9\aR\x12enforceNamingStyle\"\\\n" +
+ "\rFieldPresence\x12\x1a\n" +
+ "\x16FIELD_PRESENCE_UNKNOWN\x10\x00\x12\f\n" +
+ "\bEXPLICIT\x10\x01\x12\f\n" +
+ "\bIMPLICIT\x10\x02\x12\x13\n" +
+ "\x0fLEGACY_REQUIRED\x10\x03\"7\n" +
+ "\bEnumType\x12\x15\n" +
+ "\x11ENUM_TYPE_UNKNOWN\x10\x00\x12\b\n" +
+ "\x04OPEN\x10\x01\x12\n" +
+ "\n" +
+ "\x06CLOSED\x10\x02\"V\n" +
+ "\x15RepeatedFieldEncoding\x12#\n" +
+ "\x1fREPEATED_FIELD_ENCODING_UNKNOWN\x10\x00\x12\n" +
+ "\n" +
+ "\x06PACKED\x10\x01\x12\f\n" +
+ "\bEXPANDED\x10\x02\"I\n" +
+ "\x0eUtf8Validation\x12\x1b\n" +
+ "\x17UTF8_VALIDATION_UNKNOWN\x10\x00\x12\n" +
+ "\n" +
+ "\x06VERIFY\x10\x02\x12\b\n" +
+ "\x04NONE\x10\x03\"\x04\b\x01\x10\x01\"S\n" +
+ "\x0fMessageEncoding\x12\x1c\n" +
+ "\x18MESSAGE_ENCODING_UNKNOWN\x10\x00\x12\x13\n" +
+ "\x0fLENGTH_PREFIXED\x10\x01\x12\r\n" +
+ "\tDELIMITED\x10\x02\"H\n" +
+ "\n" +
+ "JsonFormat\x12\x17\n" +
+ "\x13JSON_FORMAT_UNKNOWN\x10\x00\x12\t\n" +
+ "\x05ALLOW\x10\x01\x12\x16\n" +
+ "\x12LEGACY_BEST_EFFORT\x10\x02\"W\n" +
+ "\x12EnforceNamingStyle\x12 \n" +
+ "\x1cENFORCE_NAMING_STYLE_UNKNOWN\x10\x00\x12\r\n" +
+ "\tSTYLE2024\x10\x01\x12\x10\n" +
+ "\fSTYLE_LEGACY\x10\x02*\x06\b\xe8\a\x10\x8bN*\x06\b\x8bN\x10\x90N*\x06\b\x90N\x10\x91NJ\x06\b\xe7\a\x10\xe8\a\"\xef\x03\n" +
+ "\x12FeatureSetDefaults\x12X\n" +
+ "\bdefaults\x18\x01 \x03(\v2<.google.protobuf.FeatureSetDefaults.FeatureSetEditionDefaultR\bdefaults\x12A\n" +
+ "\x0fminimum_edition\x18\x04 \x01(\x0e2\x18.google.protobuf.EditionR\x0eminimumEdition\x12A\n" +
+ "\x0fmaximum_edition\x18\x05 \x01(\x0e2\x18.google.protobuf.EditionR\x0emaximumEdition\x1a\xf8\x01\n" +
+ "\x18FeatureSetEditionDefault\x122\n" +
+ "\aedition\x18\x03 \x01(\x0e2\x18.google.protobuf.EditionR\aedition\x12N\n" +
+ "\x14overridable_features\x18\x04 \x01(\v2\x1b.google.protobuf.FeatureSetR\x13overridableFeatures\x12B\n" +
+ "\x0efixed_features\x18\x05 \x01(\v2\x1b.google.protobuf.FeatureSetR\rfixedFeaturesJ\x04\b\x01\x10\x02J\x04\b\x02\x10\x03R\bfeatures\"\xb5\x02\n" +
+ "\x0eSourceCodeInfo\x12D\n" +
+ "\blocation\x18\x01 \x03(\v2(.google.protobuf.SourceCodeInfo.LocationR\blocation\x1a\xce\x01\n" +
+ "\bLocation\x12\x16\n" +
+ "\x04path\x18\x01 \x03(\x05B\x02\x10\x01R\x04path\x12\x16\n" +
+ "\x04span\x18\x02 \x03(\x05B\x02\x10\x01R\x04span\x12)\n" +
+ "\x10leading_comments\x18\x03 \x01(\tR\x0fleadingComments\x12+\n" +
+ "\x11trailing_comments\x18\x04 \x01(\tR\x10trailingComments\x12:\n" +
+ "\x19leading_detached_comments\x18\x06 \x03(\tR\x17leadingDetachedComments*\f\b\x80\xec\xca\xff\x01\x10\x81\xec\xca\xff\x01\"\xd0\x02\n" +
+ "\x11GeneratedCodeInfo\x12M\n" +
+ "\n" +
+ "annotation\x18\x01 \x03(\v2-.google.protobuf.GeneratedCodeInfo.AnnotationR\n" +
+ "annotation\x1a\xeb\x01\n" +
+ "\n" +
+ "Annotation\x12\x16\n" +
+ "\x04path\x18\x01 \x03(\x05B\x02\x10\x01R\x04path\x12\x1f\n" +
+ "\vsource_file\x18\x02 \x01(\tR\n" +
+ "sourceFile\x12\x14\n" +
+ "\x05begin\x18\x03 \x01(\x05R\x05begin\x12\x10\n" +
+ "\x03end\x18\x04 \x01(\x05R\x03end\x12R\n" +
+ "\bsemantic\x18\x05 \x01(\x0e26.google.protobuf.GeneratedCodeInfo.Annotation.SemanticR\bsemantic\"(\n" +
+ "\bSemantic\x12\b\n" +
+ "\x04NONE\x10\x00\x12\a\n" +
+ "\x03SET\x10\x01\x12\t\n" +
+ "\x05ALIAS\x10\x02*\xa7\x02\n" +
+ "\aEdition\x12\x13\n" +
+ "\x0fEDITION_UNKNOWN\x10\x00\x12\x13\n" +
+ "\x0eEDITION_LEGACY\x10\x84\a\x12\x13\n" +
+ "\x0eEDITION_PROTO2\x10\xe6\a\x12\x13\n" +
+ "\x0eEDITION_PROTO3\x10\xe7\a\x12\x11\n" +
+ "\fEDITION_2023\x10\xe8\a\x12\x11\n" +
+ "\fEDITION_2024\x10\xe9\a\x12\x17\n" +
+ "\x13EDITION_1_TEST_ONLY\x10\x01\x12\x17\n" +
+ "\x13EDITION_2_TEST_ONLY\x10\x02\x12\x1d\n" +
+ "\x17EDITION_99997_TEST_ONLY\x10\x9d\x8d\x06\x12\x1d\n" +
+ "\x17EDITION_99998_TEST_ONLY\x10\x9e\x8d\x06\x12\x1d\n" +
+ "\x17EDITION_99999_TEST_ONLY\x10\x9f\x8d\x06\x12\x13\n" +
+ "\vEDITION_MAX\x10\xff\xff\xff\xff\aB~\n" +
+ "\x13com.google.protobufB\x10DescriptorProtosH\x01Z-google.golang.org/protobuf/types/descriptorpb\xf8\x01\x01\xa2\x02\x03GPB\xaa\x02\x1aGoogle.Protobuf.Reflection"
var (
file_google_protobuf_descriptor_proto_rawDescOnce sync.Once
- file_google_protobuf_descriptor_proto_rawDescData = file_google_protobuf_descriptor_proto_rawDesc
+ file_google_protobuf_descriptor_proto_rawDescData []byte
)
func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte {
file_google_protobuf_descriptor_proto_rawDescOnce.Do(func() {
- file_google_protobuf_descriptor_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_descriptor_proto_rawDescData)
+ file_google_protobuf_descriptor_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_protobuf_descriptor_proto_rawDesc), len(file_google_protobuf_descriptor_proto_rawDesc)))
})
return file_google_protobuf_descriptor_proto_rawDescData
}
-var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 17)
+var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 18)
var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 33)
var file_google_protobuf_descriptor_proto_goTypes = []any{
(Edition)(0), // 0: google.protobuf.Edition
@@ -5194,124 +4851,126 @@ var file_google_protobuf_descriptor_proto_goTypes = []any{
(FeatureSet_Utf8Validation)(0), // 13: google.protobuf.FeatureSet.Utf8Validation
(FeatureSet_MessageEncoding)(0), // 14: google.protobuf.FeatureSet.MessageEncoding
(FeatureSet_JsonFormat)(0), // 15: google.protobuf.FeatureSet.JsonFormat
- (GeneratedCodeInfo_Annotation_Semantic)(0), // 16: google.protobuf.GeneratedCodeInfo.Annotation.Semantic
- (*FileDescriptorSet)(nil), // 17: google.protobuf.FileDescriptorSet
- (*FileDescriptorProto)(nil), // 18: google.protobuf.FileDescriptorProto
- (*DescriptorProto)(nil), // 19: google.protobuf.DescriptorProto
- (*ExtensionRangeOptions)(nil), // 20: google.protobuf.ExtensionRangeOptions
- (*FieldDescriptorProto)(nil), // 21: google.protobuf.FieldDescriptorProto
- (*OneofDescriptorProto)(nil), // 22: google.protobuf.OneofDescriptorProto
- (*EnumDescriptorProto)(nil), // 23: google.protobuf.EnumDescriptorProto
- (*EnumValueDescriptorProto)(nil), // 24: google.protobuf.EnumValueDescriptorProto
- (*ServiceDescriptorProto)(nil), // 25: google.protobuf.ServiceDescriptorProto
- (*MethodDescriptorProto)(nil), // 26: google.protobuf.MethodDescriptorProto
- (*FileOptions)(nil), // 27: google.protobuf.FileOptions
- (*MessageOptions)(nil), // 28: google.protobuf.MessageOptions
- (*FieldOptions)(nil), // 29: google.protobuf.FieldOptions
- (*OneofOptions)(nil), // 30: google.protobuf.OneofOptions
- (*EnumOptions)(nil), // 31: google.protobuf.EnumOptions
- (*EnumValueOptions)(nil), // 32: google.protobuf.EnumValueOptions
- (*ServiceOptions)(nil), // 33: google.protobuf.ServiceOptions
- (*MethodOptions)(nil), // 34: google.protobuf.MethodOptions
- (*UninterpretedOption)(nil), // 35: google.protobuf.UninterpretedOption
- (*FeatureSet)(nil), // 36: google.protobuf.FeatureSet
- (*FeatureSetDefaults)(nil), // 37: google.protobuf.FeatureSetDefaults
- (*SourceCodeInfo)(nil), // 38: google.protobuf.SourceCodeInfo
- (*GeneratedCodeInfo)(nil), // 39: google.protobuf.GeneratedCodeInfo
- (*DescriptorProto_ExtensionRange)(nil), // 40: google.protobuf.DescriptorProto.ExtensionRange
- (*DescriptorProto_ReservedRange)(nil), // 41: google.protobuf.DescriptorProto.ReservedRange
- (*ExtensionRangeOptions_Declaration)(nil), // 42: google.protobuf.ExtensionRangeOptions.Declaration
- (*EnumDescriptorProto_EnumReservedRange)(nil), // 43: google.protobuf.EnumDescriptorProto.EnumReservedRange
- (*FieldOptions_EditionDefault)(nil), // 44: google.protobuf.FieldOptions.EditionDefault
- (*FieldOptions_FeatureSupport)(nil), // 45: google.protobuf.FieldOptions.FeatureSupport
- (*UninterpretedOption_NamePart)(nil), // 46: google.protobuf.UninterpretedOption.NamePart
- (*FeatureSetDefaults_FeatureSetEditionDefault)(nil), // 47: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault
- (*SourceCodeInfo_Location)(nil), // 48: google.protobuf.SourceCodeInfo.Location
- (*GeneratedCodeInfo_Annotation)(nil), // 49: google.protobuf.GeneratedCodeInfo.Annotation
+ (FeatureSet_EnforceNamingStyle)(0), // 16: google.protobuf.FeatureSet.EnforceNamingStyle
+ (GeneratedCodeInfo_Annotation_Semantic)(0), // 17: google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+ (*FileDescriptorSet)(nil), // 18: google.protobuf.FileDescriptorSet
+ (*FileDescriptorProto)(nil), // 19: google.protobuf.FileDescriptorProto
+ (*DescriptorProto)(nil), // 20: google.protobuf.DescriptorProto
+ (*ExtensionRangeOptions)(nil), // 21: google.protobuf.ExtensionRangeOptions
+ (*FieldDescriptorProto)(nil), // 22: google.protobuf.FieldDescriptorProto
+ (*OneofDescriptorProto)(nil), // 23: google.protobuf.OneofDescriptorProto
+ (*EnumDescriptorProto)(nil), // 24: google.protobuf.EnumDescriptorProto
+ (*EnumValueDescriptorProto)(nil), // 25: google.protobuf.EnumValueDescriptorProto
+ (*ServiceDescriptorProto)(nil), // 26: google.protobuf.ServiceDescriptorProto
+ (*MethodDescriptorProto)(nil), // 27: google.protobuf.MethodDescriptorProto
+ (*FileOptions)(nil), // 28: google.protobuf.FileOptions
+ (*MessageOptions)(nil), // 29: google.protobuf.MessageOptions
+ (*FieldOptions)(nil), // 30: google.protobuf.FieldOptions
+ (*OneofOptions)(nil), // 31: google.protobuf.OneofOptions
+ (*EnumOptions)(nil), // 32: google.protobuf.EnumOptions
+ (*EnumValueOptions)(nil), // 33: google.protobuf.EnumValueOptions
+ (*ServiceOptions)(nil), // 34: google.protobuf.ServiceOptions
+ (*MethodOptions)(nil), // 35: google.protobuf.MethodOptions
+ (*UninterpretedOption)(nil), // 36: google.protobuf.UninterpretedOption
+ (*FeatureSet)(nil), // 37: google.protobuf.FeatureSet
+ (*FeatureSetDefaults)(nil), // 38: google.protobuf.FeatureSetDefaults
+ (*SourceCodeInfo)(nil), // 39: google.protobuf.SourceCodeInfo
+ (*GeneratedCodeInfo)(nil), // 40: google.protobuf.GeneratedCodeInfo
+ (*DescriptorProto_ExtensionRange)(nil), // 41: google.protobuf.DescriptorProto.ExtensionRange
+ (*DescriptorProto_ReservedRange)(nil), // 42: google.protobuf.DescriptorProto.ReservedRange
+ (*ExtensionRangeOptions_Declaration)(nil), // 43: google.protobuf.ExtensionRangeOptions.Declaration
+ (*EnumDescriptorProto_EnumReservedRange)(nil), // 44: google.protobuf.EnumDescriptorProto.EnumReservedRange
+ (*FieldOptions_EditionDefault)(nil), // 45: google.protobuf.FieldOptions.EditionDefault
+ (*FieldOptions_FeatureSupport)(nil), // 46: google.protobuf.FieldOptions.FeatureSupport
+ (*UninterpretedOption_NamePart)(nil), // 47: google.protobuf.UninterpretedOption.NamePart
+ (*FeatureSetDefaults_FeatureSetEditionDefault)(nil), // 48: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault
+ (*SourceCodeInfo_Location)(nil), // 49: google.protobuf.SourceCodeInfo.Location
+ (*GeneratedCodeInfo_Annotation)(nil), // 50: google.protobuf.GeneratedCodeInfo.Annotation
}
var file_google_protobuf_descriptor_proto_depIdxs = []int32{
- 18, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
- 19, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
- 23, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
- 25, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
- 21, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
- 27, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
- 38, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
+ 19, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
+ 20, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
+ 24, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+ 26, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
+ 22, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+ 28, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
+ 39, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
0, // 7: google.protobuf.FileDescriptorProto.edition:type_name -> google.protobuf.Edition
- 21, // 8: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
- 21, // 9: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
- 19, // 10: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
- 23, // 11: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
- 40, // 12: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
- 22, // 13: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
- 28, // 14: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
- 41, // 15: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
- 35, // 16: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
- 42, // 17: google.protobuf.ExtensionRangeOptions.declaration:type_name -> google.protobuf.ExtensionRangeOptions.Declaration
- 36, // 18: google.protobuf.ExtensionRangeOptions.features:type_name -> google.protobuf.FeatureSet
+ 22, // 8: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
+ 22, // 9: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+ 20, // 10: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
+ 24, // 11: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+ 41, // 12: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
+ 23, // 13: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
+ 29, // 14: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
+ 42, // 15: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
+ 36, // 16: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+ 43, // 17: google.protobuf.ExtensionRangeOptions.declaration:type_name -> google.protobuf.ExtensionRangeOptions.Declaration
+ 37, // 18: google.protobuf.ExtensionRangeOptions.features:type_name -> google.protobuf.FeatureSet
1, // 19: google.protobuf.ExtensionRangeOptions.verification:type_name -> google.protobuf.ExtensionRangeOptions.VerificationState
3, // 20: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
2, // 21: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
- 29, // 22: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
- 30, // 23: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
- 24, // 24: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
- 31, // 25: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
- 43, // 26: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
- 32, // 27: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
- 26, // 28: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
- 33, // 29: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
- 34, // 30: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
+ 30, // 22: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
+ 31, // 23: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
+ 25, // 24: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
+ 32, // 25: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
+ 44, // 26: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
+ 33, // 27: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
+ 27, // 28: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
+ 34, // 29: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
+ 35, // 30: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
4, // 31: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
- 36, // 32: google.protobuf.FileOptions.features:type_name -> google.protobuf.FeatureSet
- 35, // 33: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
- 36, // 34: google.protobuf.MessageOptions.features:type_name -> google.protobuf.FeatureSet
- 35, // 35: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+ 37, // 32: google.protobuf.FileOptions.features:type_name -> google.protobuf.FeatureSet
+ 36, // 33: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+ 37, // 34: google.protobuf.MessageOptions.features:type_name -> google.protobuf.FeatureSet
+ 36, // 35: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
5, // 36: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
6, // 37: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
7, // 38: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention
8, // 39: google.protobuf.FieldOptions.targets:type_name -> google.protobuf.FieldOptions.OptionTargetType
- 44, // 40: google.protobuf.FieldOptions.edition_defaults:type_name -> google.protobuf.FieldOptions.EditionDefault
- 36, // 41: google.protobuf.FieldOptions.features:type_name -> google.protobuf.FeatureSet
- 45, // 42: google.protobuf.FieldOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport
- 35, // 43: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
- 36, // 44: google.protobuf.OneofOptions.features:type_name -> google.protobuf.FeatureSet
- 35, // 45: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
- 36, // 46: google.protobuf.EnumOptions.features:type_name -> google.protobuf.FeatureSet
- 35, // 47: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
- 36, // 48: google.protobuf.EnumValueOptions.features:type_name -> google.protobuf.FeatureSet
- 45, // 49: google.protobuf.EnumValueOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport
- 35, // 50: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
- 36, // 51: google.protobuf.ServiceOptions.features:type_name -> google.protobuf.FeatureSet
- 35, // 52: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+ 45, // 40: google.protobuf.FieldOptions.edition_defaults:type_name -> google.protobuf.FieldOptions.EditionDefault
+ 37, // 41: google.protobuf.FieldOptions.features:type_name -> google.protobuf.FeatureSet
+ 46, // 42: google.protobuf.FieldOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport
+ 36, // 43: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+ 37, // 44: google.protobuf.OneofOptions.features:type_name -> google.protobuf.FeatureSet
+ 36, // 45: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+ 37, // 46: google.protobuf.EnumOptions.features:type_name -> google.protobuf.FeatureSet
+ 36, // 47: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+ 37, // 48: google.protobuf.EnumValueOptions.features:type_name -> google.protobuf.FeatureSet
+ 46, // 49: google.protobuf.EnumValueOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport
+ 36, // 50: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+ 37, // 51: google.protobuf.ServiceOptions.features:type_name -> google.protobuf.FeatureSet
+ 36, // 52: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
9, // 53: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
- 36, // 54: google.protobuf.MethodOptions.features:type_name -> google.protobuf.FeatureSet
- 35, // 55: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
- 46, // 56: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
+ 37, // 54: google.protobuf.MethodOptions.features:type_name -> google.protobuf.FeatureSet
+ 36, // 55: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+ 47, // 56: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
10, // 57: google.protobuf.FeatureSet.field_presence:type_name -> google.protobuf.FeatureSet.FieldPresence
11, // 58: google.protobuf.FeatureSet.enum_type:type_name -> google.protobuf.FeatureSet.EnumType
12, // 59: google.protobuf.FeatureSet.repeated_field_encoding:type_name -> google.protobuf.FeatureSet.RepeatedFieldEncoding
13, // 60: google.protobuf.FeatureSet.utf8_validation:type_name -> google.protobuf.FeatureSet.Utf8Validation
14, // 61: google.protobuf.FeatureSet.message_encoding:type_name -> google.protobuf.FeatureSet.MessageEncoding
15, // 62: google.protobuf.FeatureSet.json_format:type_name -> google.protobuf.FeatureSet.JsonFormat
- 47, // 63: google.protobuf.FeatureSetDefaults.defaults:type_name -> google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault
- 0, // 64: google.protobuf.FeatureSetDefaults.minimum_edition:type_name -> google.protobuf.Edition
- 0, // 65: google.protobuf.FeatureSetDefaults.maximum_edition:type_name -> google.protobuf.Edition
- 48, // 66: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
- 49, // 67: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
- 20, // 68: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
- 0, // 69: google.protobuf.FieldOptions.EditionDefault.edition:type_name -> google.protobuf.Edition
- 0, // 70: google.protobuf.FieldOptions.FeatureSupport.edition_introduced:type_name -> google.protobuf.Edition
- 0, // 71: google.protobuf.FieldOptions.FeatureSupport.edition_deprecated:type_name -> google.protobuf.Edition
- 0, // 72: google.protobuf.FieldOptions.FeatureSupport.edition_removed:type_name -> google.protobuf.Edition
- 0, // 73: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.edition:type_name -> google.protobuf.Edition
- 36, // 74: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.overridable_features:type_name -> google.protobuf.FeatureSet
- 36, // 75: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.fixed_features:type_name -> google.protobuf.FeatureSet
- 16, // 76: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
- 77, // [77:77] is the sub-list for method output_type
- 77, // [77:77] is the sub-list for method input_type
- 77, // [77:77] is the sub-list for extension type_name
- 77, // [77:77] is the sub-list for extension extendee
- 0, // [0:77] is the sub-list for field type_name
+ 16, // 63: google.protobuf.FeatureSet.enforce_naming_style:type_name -> google.protobuf.FeatureSet.EnforceNamingStyle
+ 48, // 64: google.protobuf.FeatureSetDefaults.defaults:type_name -> google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault
+ 0, // 65: google.protobuf.FeatureSetDefaults.minimum_edition:type_name -> google.protobuf.Edition
+ 0, // 66: google.protobuf.FeatureSetDefaults.maximum_edition:type_name -> google.protobuf.Edition
+ 49, // 67: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
+ 50, // 68: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
+ 21, // 69: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
+ 0, // 70: google.protobuf.FieldOptions.EditionDefault.edition:type_name -> google.protobuf.Edition
+ 0, // 71: google.protobuf.FieldOptions.FeatureSupport.edition_introduced:type_name -> google.protobuf.Edition
+ 0, // 72: google.protobuf.FieldOptions.FeatureSupport.edition_deprecated:type_name -> google.protobuf.Edition
+ 0, // 73: google.protobuf.FieldOptions.FeatureSupport.edition_removed:type_name -> google.protobuf.Edition
+ 0, // 74: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.edition:type_name -> google.protobuf.Edition
+ 37, // 75: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.overridable_features:type_name -> google.protobuf.FeatureSet
+ 37, // 76: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.fixed_features:type_name -> google.protobuf.FeatureSet
+ 17, // 77: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+ 78, // [78:78] is the sub-list for method output_type
+ 78, // [78:78] is the sub-list for method input_type
+ 78, // [78:78] is the sub-list for extension type_name
+ 78, // [78:78] is the sub-list for extension extendee
+ 0, // [0:78] is the sub-list for field type_name
}
func init() { file_google_protobuf_descriptor_proto_init() }
@@ -5323,8 +4982,8 @@ func file_google_protobuf_descriptor_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_google_protobuf_descriptor_proto_rawDesc,
- NumEnums: 17,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_descriptor_proto_rawDesc), len(file_google_protobuf_descriptor_proto_rawDesc)),
+ NumEnums: 18,
NumMessages: 33,
NumExtensions: 0,
NumServices: 0,
@@ -5335,7 +4994,6 @@ func file_google_protobuf_descriptor_proto_init() {
MessageInfos: file_google_protobuf_descriptor_proto_msgTypes,
}.Build()
File_google_protobuf_descriptor_proto = out.File
- file_google_protobuf_descriptor_proto_rawDesc = nil
file_google_protobuf_descriptor_proto_goTypes = nil
file_google_protobuf_descriptor_proto_depIdxs = nil
}
diff --git a/vendor/google.golang.org/protobuf/types/dynamicpb/types.go b/vendor/google.golang.org/protobuf/types/dynamicpb/types.go
index c432817bb9..8e759fc9f7 100644
--- a/vendor/google.golang.org/protobuf/types/dynamicpb/types.go
+++ b/vendor/google.golang.org/protobuf/types/dynamicpb/types.go
@@ -28,11 +28,7 @@ type extField struct {
type Types struct {
// atomicExtFiles is used with sync/atomic and hence must be the first word
// of the struct to guarantee 64-bit alignment.
- //
- // TODO(stapelberg): once we only support Go 1.19 and newer, switch this
- // field to be of type atomic.Uint64 to guarantee alignment on
- // stack-allocated values, too.
- atomicExtFiles uint64
+ atomicExtFiles atomic.Uint64
extMu sync.Mutex
files *protoregistry.Files
@@ -90,7 +86,7 @@ func (t *Types) FindExtensionByName(name protoreflect.FullName) (protoreflect.Ex
func (t *Types) FindExtensionByNumber(message protoreflect.FullName, field protoreflect.FieldNumber) (protoreflect.ExtensionType, error) {
// Construct the extension number map lazily, since not every user will need it.
// Update the map if new files are added to the registry.
- if atomic.LoadUint64(&t.atomicExtFiles) != uint64(t.files.NumFiles()) {
+ if t.atomicExtFiles.Load() != uint64(t.files.NumFiles()) {
t.updateExtensions()
}
xd := t.extensionsByMessage[extField{message, field}]
@@ -133,10 +129,10 @@ func (t *Types) FindMessageByURL(url string) (protoreflect.MessageType, error) {
func (t *Types) updateExtensions() {
t.extMu.Lock()
defer t.extMu.Unlock()
- if atomic.LoadUint64(&t.atomicExtFiles) == uint64(t.files.NumFiles()) {
+ if t.atomicExtFiles.Load() == uint64(t.files.NumFiles()) {
return
}
- defer atomic.StoreUint64(&t.atomicExtFiles, uint64(t.files.NumFiles()))
+ defer t.atomicExtFiles.Store(uint64(t.files.NumFiles()))
t.files.RangeFiles(func(fd protoreflect.FileDescriptor) bool {
t.registerExtensions(fd.Extensions())
t.registerExtensionsInMessages(fd.Messages())
diff --git a/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go b/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go
index 5067b89e90..37e712b6b7 100644
--- a/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go
+++ b/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go
@@ -16,8 +16,74 @@ import (
descriptorpb "google.golang.org/protobuf/types/descriptorpb"
reflect "reflect"
sync "sync"
+ unsafe "unsafe"
)
+type GoFeatures_APILevel int32
+
+const (
+ // API_LEVEL_UNSPECIFIED results in selecting the OPEN API,
+ // but needs to be a separate value to distinguish between
+ // an explicitly set api level or a missing api level.
+ GoFeatures_API_LEVEL_UNSPECIFIED GoFeatures_APILevel = 0
+ GoFeatures_API_OPEN GoFeatures_APILevel = 1
+ GoFeatures_API_HYBRID GoFeatures_APILevel = 2
+ GoFeatures_API_OPAQUE GoFeatures_APILevel = 3
+)
+
+// Enum value maps for GoFeatures_APILevel.
+var (
+ GoFeatures_APILevel_name = map[int32]string{
+ 0: "API_LEVEL_UNSPECIFIED",
+ 1: "API_OPEN",
+ 2: "API_HYBRID",
+ 3: "API_OPAQUE",
+ }
+ GoFeatures_APILevel_value = map[string]int32{
+ "API_LEVEL_UNSPECIFIED": 0,
+ "API_OPEN": 1,
+ "API_HYBRID": 2,
+ "API_OPAQUE": 3,
+ }
+)
+
+func (x GoFeatures_APILevel) Enum() *GoFeatures_APILevel {
+ p := new(GoFeatures_APILevel)
+ *p = x
+ return p
+}
+
+func (x GoFeatures_APILevel) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (GoFeatures_APILevel) Descriptor() protoreflect.EnumDescriptor {
+ return file_google_protobuf_go_features_proto_enumTypes[0].Descriptor()
+}
+
+func (GoFeatures_APILevel) Type() protoreflect.EnumType {
+ return &file_google_protobuf_go_features_proto_enumTypes[0]
+}
+
+func (x GoFeatures_APILevel) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *GoFeatures_APILevel) UnmarshalJSON(b []byte) error {
+ num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+ if err != nil {
+ return err
+ }
+ *x = GoFeatures_APILevel(num)
+ return nil
+}
+
+// Deprecated: Use GoFeatures_APILevel.Descriptor instead.
+func (GoFeatures_APILevel) EnumDescriptor() ([]byte, []int) {
+ return file_google_protobuf_go_features_proto_rawDescGZIP(), []int{0, 0}
+}
+
type GoFeatures_StripEnumPrefix int32
const (
@@ -54,11 +120,11 @@ func (x GoFeatures_StripEnumPrefix) String() string {
}
func (GoFeatures_StripEnumPrefix) Descriptor() protoreflect.EnumDescriptor {
- return file_google_protobuf_go_features_proto_enumTypes[0].Descriptor()
+ return file_google_protobuf_go_features_proto_enumTypes[1].Descriptor()
}
func (GoFeatures_StripEnumPrefix) Type() protoreflect.EnumType {
- return &file_google_protobuf_go_features_proto_enumTypes[0]
+ return &file_google_protobuf_go_features_proto_enumTypes[1]
}
func (x GoFeatures_StripEnumPrefix) Number() protoreflect.EnumNumber {
@@ -77,17 +143,19 @@ func (x *GoFeatures_StripEnumPrefix) UnmarshalJSON(b []byte) error {
// Deprecated: Use GoFeatures_StripEnumPrefix.Descriptor instead.
func (GoFeatures_StripEnumPrefix) EnumDescriptor() ([]byte, []int) {
- return file_google_protobuf_go_features_proto_rawDescGZIP(), []int{0, 0}
+ return file_google_protobuf_go_features_proto_rawDescGZIP(), []int{0, 1}
}
type GoFeatures struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Whether or not to generate the deprecated UnmarshalJSON method for enums.
- LegacyUnmarshalJsonEnum *bool `protobuf:"varint,1,opt,name=legacy_unmarshal_json_enum,json=legacyUnmarshalJsonEnum" json:"legacy_unmarshal_json_enum,omitempty"`
- StripEnumPrefix *GoFeatures_StripEnumPrefix `protobuf:"varint,3,opt,name=strip_enum_prefix,json=stripEnumPrefix,enum=pb.GoFeatures_StripEnumPrefix" json:"strip_enum_prefix,omitempty"`
+ // Can only be true for proto using the Open Struct api.
+ LegacyUnmarshalJsonEnum *bool `protobuf:"varint,1,opt,name=legacy_unmarshal_json_enum,json=legacyUnmarshalJsonEnum" json:"legacy_unmarshal_json_enum,omitempty"`
+ // One of OPEN, HYBRID or OPAQUE.
+ ApiLevel *GoFeatures_APILevel `protobuf:"varint,2,opt,name=api_level,json=apiLevel,enum=pb.GoFeatures_APILevel" json:"api_level,omitempty"`
+ StripEnumPrefix *GoFeatures_StripEnumPrefix `protobuf:"varint,3,opt,name=strip_enum_prefix,json=stripEnumPrefix,enum=pb.GoFeatures_StripEnumPrefix" json:"strip_enum_prefix,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *GoFeatures) Reset() {
@@ -127,6 +195,13 @@ func (x *GoFeatures) GetLegacyUnmarshalJsonEnum() bool {
return false
}
+func (x *GoFeatures) GetApiLevel() GoFeatures_APILevel {
+ if x != nil && x.ApiLevel != nil {
+ return *x.ApiLevel
+ }
+ return GoFeatures_API_LEVEL_UNSPECIFIED
+}
+
func (x *GoFeatures) GetStripEnumPrefix() GoFeatures_StripEnumPrefix {
if x != nil && x.StripEnumPrefix != nil {
return *x.StripEnumPrefix
@@ -153,79 +228,60 @@ var (
var File_google_protobuf_go_features_proto protoreflect.FileDescriptor
-var file_google_protobuf_go_features_proto_rawDesc = []byte{
- 0x0a, 0x21, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2f, 0x67, 0x6f, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x2e, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
- 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe0, 0x03, 0x0a, 0x0a, 0x47, 0x6f,
- 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0xbe, 0x01, 0x0a, 0x1a, 0x6c, 0x65, 0x67,
- 0x61, 0x63, 0x79, 0x5f, 0x75, 0x6e, 0x6d, 0x61, 0x72, 0x73, 0x68, 0x61, 0x6c, 0x5f, 0x6a, 0x73,
- 0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x75, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x42, 0x80, 0x01,
- 0x88, 0x01, 0x01, 0x98, 0x01, 0x06, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x09, 0x12, 0x04, 0x74, 0x72,
- 0x75, 0x65, 0x18, 0x84, 0x07, 0xa2, 0x01, 0x0a, 0x12, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x18,
- 0xe7, 0x07, 0xb2, 0x01, 0x5b, 0x08, 0xe8, 0x07, 0x10, 0xe8, 0x07, 0x1a, 0x53, 0x54, 0x68, 0x65,
- 0x20, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x20, 0x55, 0x6e, 0x6d, 0x61, 0x72, 0x73, 0x68, 0x61,
- 0x6c, 0x4a, 0x53, 0x4f, 0x4e, 0x20, 0x41, 0x50, 0x49, 0x20, 0x69, 0x73, 0x20, 0x64, 0x65, 0x70,
- 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x77, 0x69, 0x6c, 0x6c,
- 0x20, 0x62, 0x65, 0x20, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x64, 0x20, 0x69, 0x6e, 0x20, 0x61,
- 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x20, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e,
- 0x52, 0x17, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x55, 0x6e, 0x6d, 0x61, 0x72, 0x73, 0x68, 0x61,
- 0x6c, 0x4a, 0x73, 0x6f, 0x6e, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x7c, 0x0a, 0x11, 0x73, 0x74, 0x72,
- 0x69, 0x70, 0x5f, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x03,
- 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1e, 0x2e, 0x70, 0x62, 0x2e, 0x47, 0x6f, 0x46, 0x65, 0x61, 0x74,
- 0x75, 0x72, 0x65, 0x73, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x70, 0x45, 0x6e, 0x75, 0x6d, 0x50, 0x72,
- 0x65, 0x66, 0x69, 0x78, 0x42, 0x30, 0x88, 0x01, 0x01, 0x98, 0x01, 0x06, 0x98, 0x01, 0x07, 0x98,
- 0x01, 0x01, 0xa2, 0x01, 0x1b, 0x12, 0x16, 0x53, 0x54, 0x52, 0x49, 0x50, 0x5f, 0x45, 0x4e, 0x55,
- 0x4d, 0x5f, 0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x5f, 0x4b, 0x45, 0x45, 0x50, 0x18, 0x84, 0x07,
- 0xb2, 0x01, 0x03, 0x08, 0xe9, 0x07, 0x52, 0x0f, 0x73, 0x74, 0x72, 0x69, 0x70, 0x45, 0x6e, 0x75,
- 0x6d, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0x92, 0x01, 0x0a, 0x0f, 0x53, 0x74, 0x72, 0x69,
- 0x70, 0x45, 0x6e, 0x75, 0x6d, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x21, 0x0a, 0x1d, 0x53,
- 0x54, 0x52, 0x49, 0x50, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x50, 0x52, 0x45, 0x46, 0x49, 0x58,
- 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1a,
- 0x0a, 0x16, 0x53, 0x54, 0x52, 0x49, 0x50, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x50, 0x52, 0x45,
- 0x46, 0x49, 0x58, 0x5f, 0x4b, 0x45, 0x45, 0x50, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x53, 0x54,
- 0x52, 0x49, 0x50, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x5f,
- 0x47, 0x45, 0x4e, 0x45, 0x52, 0x41, 0x54, 0x45, 0x5f, 0x42, 0x4f, 0x54, 0x48, 0x10, 0x02, 0x12,
- 0x1b, 0x0a, 0x17, 0x53, 0x54, 0x52, 0x49, 0x50, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x50, 0x52,
- 0x45, 0x46, 0x49, 0x58, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x50, 0x10, 0x03, 0x3a, 0x3c, 0x0a, 0x02,
- 0x67, 0x6f, 0x12, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x18,
- 0xea, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x47, 0x6f, 0x46, 0x65,
- 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x02, 0x67, 0x6f, 0x42, 0x2f, 0x5a, 0x2d, 0x67, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x67,
- 0x6f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x70, 0x62,
-}
+const file_google_protobuf_go_features_proto_rawDesc = "" +
+ "\n" +
+ "!google/protobuf/go_features.proto\x12\x02pb\x1a google/protobuf/descriptor.proto\"\xab\x05\n" +
+ "\n" +
+ "GoFeatures\x12\xbe\x01\n" +
+ "\x1alegacy_unmarshal_json_enum\x18\x01 \x01(\bB\x80\x01\x88\x01\x01\x98\x01\x06\x98\x01\x01\xa2\x01\t\x12\x04true\x18\x84\a\xa2\x01\n" +
+ "\x12\x05false\x18\xe7\a\xb2\x01[\b\xe8\a\x10\xe8\a\x1aSThe legacy UnmarshalJSON API is deprecated and will be removed in a future edition.R\x17legacyUnmarshalJsonEnum\x12t\n" +
+ "\tapi_level\x18\x02 \x01(\x0e2\x17.pb.GoFeatures.APILevelB>\x88\x01\x01\x98\x01\x03\x98\x01\x01\xa2\x01\x1a\x12\x15API_LEVEL_UNSPECIFIED\x18\x84\a\xa2\x01\x0f\x12\n" +
+ "API_OPAQUE\x18\xe9\a\xb2\x01\x03\b\xe8\aR\bapiLevel\x12|\n" +
+ "\x11strip_enum_prefix\x18\x03 \x01(\x0e2\x1e.pb.GoFeatures.StripEnumPrefixB0\x88\x01\x01\x98\x01\x06\x98\x01\a\x98\x01\x01\xa2\x01\x1b\x12\x16STRIP_ENUM_PREFIX_KEEP\x18\x84\a\xb2\x01\x03\b\xe9\aR\x0fstripEnumPrefix\"S\n" +
+ "\bAPILevel\x12\x19\n" +
+ "\x15API_LEVEL_UNSPECIFIED\x10\x00\x12\f\n" +
+ "\bAPI_OPEN\x10\x01\x12\x0e\n" +
+ "\n" +
+ "API_HYBRID\x10\x02\x12\x0e\n" +
+ "\n" +
+ "API_OPAQUE\x10\x03\"\x92\x01\n" +
+ "\x0fStripEnumPrefix\x12!\n" +
+ "\x1dSTRIP_ENUM_PREFIX_UNSPECIFIED\x10\x00\x12\x1a\n" +
+ "\x16STRIP_ENUM_PREFIX_KEEP\x10\x01\x12#\n" +
+ "\x1fSTRIP_ENUM_PREFIX_GENERATE_BOTH\x10\x02\x12\x1b\n" +
+ "\x17STRIP_ENUM_PREFIX_STRIP\x10\x03:<\n" +
+ "\x02go\x12\x1b.google.protobuf.FeatureSet\x18\xea\a \x01(\v2\x0e.pb.GoFeaturesR\x02goB/Z-google.golang.org/protobuf/types/gofeaturespb"
var (
file_google_protobuf_go_features_proto_rawDescOnce sync.Once
- file_google_protobuf_go_features_proto_rawDescData = file_google_protobuf_go_features_proto_rawDesc
+ file_google_protobuf_go_features_proto_rawDescData []byte
)
func file_google_protobuf_go_features_proto_rawDescGZIP() []byte {
file_google_protobuf_go_features_proto_rawDescOnce.Do(func() {
- file_google_protobuf_go_features_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_go_features_proto_rawDescData)
+ file_google_protobuf_go_features_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_protobuf_go_features_proto_rawDesc), len(file_google_protobuf_go_features_proto_rawDesc)))
})
return file_google_protobuf_go_features_proto_rawDescData
}
-var file_google_protobuf_go_features_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_google_protobuf_go_features_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
var file_google_protobuf_go_features_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
var file_google_protobuf_go_features_proto_goTypes = []any{
- (GoFeatures_StripEnumPrefix)(0), // 0: pb.GoFeatures.StripEnumPrefix
- (*GoFeatures)(nil), // 1: pb.GoFeatures
- (*descriptorpb.FeatureSet)(nil), // 2: google.protobuf.FeatureSet
+ (GoFeatures_APILevel)(0), // 0: pb.GoFeatures.APILevel
+ (GoFeatures_StripEnumPrefix)(0), // 1: pb.GoFeatures.StripEnumPrefix
+ (*GoFeatures)(nil), // 2: pb.GoFeatures
+ (*descriptorpb.FeatureSet)(nil), // 3: google.protobuf.FeatureSet
}
var file_google_protobuf_go_features_proto_depIdxs = []int32{
- 0, // 0: pb.GoFeatures.strip_enum_prefix:type_name -> pb.GoFeatures.StripEnumPrefix
- 2, // 1: pb.go:extendee -> google.protobuf.FeatureSet
- 1, // 2: pb.go:type_name -> pb.GoFeatures
- 3, // [3:3] is the sub-list for method output_type
- 3, // [3:3] is the sub-list for method input_type
- 2, // [2:3] is the sub-list for extension type_name
- 1, // [1:2] is the sub-list for extension extendee
- 0, // [0:1] is the sub-list for field type_name
+ 0, // 0: pb.GoFeatures.api_level:type_name -> pb.GoFeatures.APILevel
+ 1, // 1: pb.GoFeatures.strip_enum_prefix:type_name -> pb.GoFeatures.StripEnumPrefix
+ 3, // 2: pb.go:extendee -> google.protobuf.FeatureSet
+ 2, // 3: pb.go:type_name -> pb.GoFeatures
+ 4, // [4:4] is the sub-list for method output_type
+ 4, // [4:4] is the sub-list for method input_type
+ 3, // [3:4] is the sub-list for extension type_name
+ 2, // [2:3] is the sub-list for extension extendee
+ 0, // [0:2] is the sub-list for field type_name
}
func init() { file_google_protobuf_go_features_proto_init() }
@@ -237,8 +293,8 @@ func file_google_protobuf_go_features_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_google_protobuf_go_features_proto_rawDesc,
- NumEnums: 1,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_go_features_proto_rawDesc), len(file_google_protobuf_go_features_proto_rawDesc)),
+ NumEnums: 2,
NumMessages: 1,
NumExtensions: 1,
NumServices: 0,
@@ -250,7 +306,6 @@ func file_google_protobuf_go_features_proto_init() {
ExtensionInfos: file_google_protobuf_go_features_proto_extTypes,
}.Build()
File_google_protobuf_go_features_proto = out.File
- file_google_protobuf_go_features_proto_rawDesc = nil
file_google_protobuf_go_features_proto_goTypes = nil
file_google_protobuf_go_features_proto_depIdxs = nil
}
diff --git a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
index 87da199a38..1ff0d1494d 100644
--- a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
@@ -122,6 +122,7 @@ import (
reflect "reflect"
strings "strings"
sync "sync"
+ unsafe "unsafe"
)
// `Any` contains an arbitrary serialized protocol buffer message along with a
@@ -210,10 +211,7 @@ import (
// "value": "1.212s"
// }
type Any struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// A URL/resource name that uniquely identifies the type of the serialized
// protocol buffer message. This string must contain at least
// one "/" character. The last segment of the URL's path must represent
@@ -244,7 +242,9 @@ type Any struct {
// used with implementation specific semantics.
TypeUrl string `protobuf:"bytes,1,opt,name=type_url,json=typeUrl,proto3" json:"type_url,omitempty"`
// Must be a valid serialized protocol buffer of the above specified type.
- Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+ Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// New marshals src into a new Any instance.
@@ -412,32 +412,22 @@ func (x *Any) GetValue() []byte {
var File_google_protobuf_any_proto protoreflect.FileDescriptor
-var file_google_protobuf_any_proto_rawDesc = []byte{
- 0x0a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x6f,
- 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x22, 0x36, 0x0a, 0x03,
- 0x41, 0x6e, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18,
- 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x79, 0x70, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x14,
- 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76,
- 0x61, 0x6c, 0x75, 0x65, 0x42, 0x76, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x08, 0x41, 0x6e, 0x79,
- 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x2f,
- 0x61, 0x6e, 0x79, 0x70, 0x62, 0xa2, 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1e, 0x47, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x57, 0x65,
- 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x33,
-}
+const file_google_protobuf_any_proto_rawDesc = "" +
+ "\n" +
+ "\x19google/protobuf/any.proto\x12\x0fgoogle.protobuf\"6\n" +
+ "\x03Any\x12\x19\n" +
+ "\btype_url\x18\x01 \x01(\tR\atypeUrl\x12\x14\n" +
+ "\x05value\x18\x02 \x01(\fR\x05valueBv\n" +
+ "\x13com.google.protobufB\bAnyProtoP\x01Z,google.golang.org/protobuf/types/known/anypb\xa2\x02\x03GPB\xaa\x02\x1eGoogle.Protobuf.WellKnownTypesb\x06proto3"
var (
file_google_protobuf_any_proto_rawDescOnce sync.Once
- file_google_protobuf_any_proto_rawDescData = file_google_protobuf_any_proto_rawDesc
+ file_google_protobuf_any_proto_rawDescData []byte
)
func file_google_protobuf_any_proto_rawDescGZIP() []byte {
file_google_protobuf_any_proto_rawDescOnce.Do(func() {
- file_google_protobuf_any_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_any_proto_rawDescData)
+ file_google_protobuf_any_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_protobuf_any_proto_rawDesc), len(file_google_protobuf_any_proto_rawDesc)))
})
return file_google_protobuf_any_proto_rawDescData
}
@@ -463,7 +453,7 @@ func file_google_protobuf_any_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_google_protobuf_any_proto_rawDesc,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_any_proto_rawDesc), len(file_google_protobuf_any_proto_rawDesc)),
NumEnums: 0,
NumMessages: 1,
NumExtensions: 0,
@@ -474,7 +464,6 @@ func file_google_protobuf_any_proto_init() {
MessageInfos: file_google_protobuf_any_proto_msgTypes,
}.Build()
File_google_protobuf_any_proto = out.File
- file_google_protobuf_any_proto_rawDesc = nil
file_google_protobuf_any_proto_goTypes = nil
file_google_protobuf_any_proto_depIdxs = nil
}
diff --git a/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go b/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
index b99d4d2410..ca2e7b38f4 100644
--- a/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
@@ -80,6 +80,7 @@ import (
reflect "reflect"
sync "sync"
time "time"
+ unsafe "unsafe"
)
// A Duration represents a signed, fixed-length span of time represented
@@ -141,10 +142,7 @@ import (
// be expressed in JSON format as "3.000000001s", and 3 seconds and 1
// microsecond should be expressed in JSON format as "3.000001s".
type Duration struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Signed seconds of the span of time. Must be from -315,576,000,000
// to +315,576,000,000 inclusive. Note: these bounds are computed from:
// 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
@@ -155,7 +153,9 @@ type Duration struct {
// of one second or more, a non-zero value for the `nanos` field must be
// of the same sign as the `seconds` field. Must be from -999,999,999
// to +999,999,999 inclusive.
- Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
+ Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// New constructs a new Duration from the provided time.Duration.
@@ -289,33 +289,22 @@ func (x *Duration) GetNanos() int32 {
var File_google_protobuf_duration_proto protoreflect.FileDescriptor
-var file_google_protobuf_duration_proto_rawDesc = []byte{
- 0x0a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x12, 0x0f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x22, 0x3a, 0x0a, 0x08, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a,
- 0x07, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07,
- 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6e, 0x6f, 0x73,
- 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6e, 0x61, 0x6e, 0x6f, 0x73, 0x42, 0x83, 0x01,
- 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
- 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x0d, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50,
- 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x31, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67,
- 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
- 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x2f, 0x64,
- 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2, 0x02, 0x03, 0x47,
- 0x50, 0x42, 0xaa, 0x02, 0x1e, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74,
- 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x54, 0x79,
- 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
+const file_google_protobuf_duration_proto_rawDesc = "" +
+ "\n" +
+ "\x1egoogle/protobuf/duration.proto\x12\x0fgoogle.protobuf\":\n" +
+ "\bDuration\x12\x18\n" +
+ "\aseconds\x18\x01 \x01(\x03R\aseconds\x12\x14\n" +
+ "\x05nanos\x18\x02 \x01(\x05R\x05nanosB\x83\x01\n" +
+ "\x13com.google.protobufB\rDurationProtoP\x01Z1google.golang.org/protobuf/types/known/durationpb\xf8\x01\x01\xa2\x02\x03GPB\xaa\x02\x1eGoogle.Protobuf.WellKnownTypesb\x06proto3"
var (
file_google_protobuf_duration_proto_rawDescOnce sync.Once
- file_google_protobuf_duration_proto_rawDescData = file_google_protobuf_duration_proto_rawDesc
+ file_google_protobuf_duration_proto_rawDescData []byte
)
func file_google_protobuf_duration_proto_rawDescGZIP() []byte {
file_google_protobuf_duration_proto_rawDescOnce.Do(func() {
- file_google_protobuf_duration_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_duration_proto_rawDescData)
+ file_google_protobuf_duration_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_protobuf_duration_proto_rawDesc), len(file_google_protobuf_duration_proto_rawDesc)))
})
return file_google_protobuf_duration_proto_rawDescData
}
@@ -341,7 +330,7 @@ func file_google_protobuf_duration_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_google_protobuf_duration_proto_rawDesc,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_duration_proto_rawDesc), len(file_google_protobuf_duration_proto_rawDesc)),
NumEnums: 0,
NumMessages: 1,
NumExtensions: 0,
@@ -352,7 +341,6 @@ func file_google_protobuf_duration_proto_init() {
MessageInfos: file_google_protobuf_duration_proto_msgTypes,
}.Build()
File_google_protobuf_duration_proto = out.File
- file_google_protobuf_duration_proto_rawDesc = nil
file_google_protobuf_duration_proto_goTypes = nil
file_google_protobuf_duration_proto_depIdxs = nil
}
diff --git a/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go b/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go
index 1761bc9c69..1d7ee3b476 100644
--- a/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go
@@ -38,6 +38,7 @@ import (
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
+ unsafe "unsafe"
)
// A generic empty message that you can re-use to avoid defining duplicated
@@ -48,9 +49,9 @@ import (
// rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
// }
type Empty struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
+ state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *Empty) Reset() {
@@ -85,29 +86,21 @@ func (*Empty) Descriptor() ([]byte, []int) {
var File_google_protobuf_empty_proto protoreflect.FileDescriptor
-var file_google_protobuf_empty_proto_rawDesc = []byte{
- 0x0a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x22, 0x07,
- 0x0a, 0x05, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x7d, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x0a,
- 0x45, 0x6d, 0x70, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x6b,
- 0x6e, 0x6f, 0x77, 0x6e, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2,
- 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1e, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50,
- 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77,
- 0x6e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
+const file_google_protobuf_empty_proto_rawDesc = "" +
+ "\n" +
+ "\x1bgoogle/protobuf/empty.proto\x12\x0fgoogle.protobuf\"\a\n" +
+ "\x05EmptyB}\n" +
+ "\x13com.google.protobufB\n" +
+ "EmptyProtoP\x01Z.google.golang.org/protobuf/types/known/emptypb\xf8\x01\x01\xa2\x02\x03GPB\xaa\x02\x1eGoogle.Protobuf.WellKnownTypesb\x06proto3"
var (
file_google_protobuf_empty_proto_rawDescOnce sync.Once
- file_google_protobuf_empty_proto_rawDescData = file_google_protobuf_empty_proto_rawDesc
+ file_google_protobuf_empty_proto_rawDescData []byte
)
func file_google_protobuf_empty_proto_rawDescGZIP() []byte {
file_google_protobuf_empty_proto_rawDescOnce.Do(func() {
- file_google_protobuf_empty_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_empty_proto_rawDescData)
+ file_google_protobuf_empty_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_protobuf_empty_proto_rawDesc), len(file_google_protobuf_empty_proto_rawDesc)))
})
return file_google_protobuf_empty_proto_rawDescData
}
@@ -133,7 +126,7 @@ func file_google_protobuf_empty_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_google_protobuf_empty_proto_rawDesc,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_empty_proto_rawDesc), len(file_google_protobuf_empty_proto_rawDesc)),
NumEnums: 0,
NumMessages: 1,
NumExtensions: 0,
@@ -144,7 +137,6 @@ func file_google_protobuf_empty_proto_init() {
MessageInfos: file_google_protobuf_empty_proto_msgTypes,
}.Build()
File_google_protobuf_empty_proto = out.File
- file_google_protobuf_empty_proto_rawDesc = nil
file_google_protobuf_empty_proto_goTypes = nil
file_google_protobuf_empty_proto_depIdxs = nil
}
diff --git a/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go b/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
index 19de8d371f..91ee89a5cd 100644
--- a/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
@@ -83,6 +83,7 @@ import (
sort "sort"
strings "strings"
sync "sync"
+ unsafe "unsafe"
)
// `FieldMask` represents a set of symbolic field paths, for example:
@@ -284,12 +285,11 @@ import (
// request should verify the included field paths, and return an
// `INVALID_ARGUMENT` error if any path is unmappable.
type FieldMask struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// The set of field mask paths.
- Paths []string `protobuf:"bytes,1,rep,name=paths,proto3" json:"paths,omitempty"`
+ Paths []string `protobuf:"bytes,1,rep,name=paths,proto3" json:"paths,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// New constructs a field mask from a list of paths and verifies that
@@ -504,32 +504,21 @@ func (x *FieldMask) GetPaths() []string {
var File_google_protobuf_field_mask_proto protoreflect.FileDescriptor
-var file_google_protobuf_field_mask_proto_rawDesc = []byte{
- 0x0a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x2e, 0x70, 0x72, 0x6f,
- 0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x62, 0x75, 0x66, 0x22, 0x21, 0x0a, 0x09, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b,
- 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52,
- 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x42, 0x85, 0x01, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x0e,
- 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
- 0x5a, 0x32, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e,
- 0x6f, 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70,
- 0x65, 0x73, 0x2f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x6d, 0x61,
- 0x73, 0x6b, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2, 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1e,
- 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
- 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
+const file_google_protobuf_field_mask_proto_rawDesc = "" +
+ "\n" +
+ " google/protobuf/field_mask.proto\x12\x0fgoogle.protobuf\"!\n" +
+ "\tFieldMask\x12\x14\n" +
+ "\x05paths\x18\x01 \x03(\tR\x05pathsB\x85\x01\n" +
+ "\x13com.google.protobufB\x0eFieldMaskProtoP\x01Z2google.golang.org/protobuf/types/known/fieldmaskpb\xf8\x01\x01\xa2\x02\x03GPB\xaa\x02\x1eGoogle.Protobuf.WellKnownTypesb\x06proto3"
var (
file_google_protobuf_field_mask_proto_rawDescOnce sync.Once
- file_google_protobuf_field_mask_proto_rawDescData = file_google_protobuf_field_mask_proto_rawDesc
+ file_google_protobuf_field_mask_proto_rawDescData []byte
)
func file_google_protobuf_field_mask_proto_rawDescGZIP() []byte {
file_google_protobuf_field_mask_proto_rawDescOnce.Do(func() {
- file_google_protobuf_field_mask_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_field_mask_proto_rawDescData)
+ file_google_protobuf_field_mask_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_protobuf_field_mask_proto_rawDesc), len(file_google_protobuf_field_mask_proto_rawDesc)))
})
return file_google_protobuf_field_mask_proto_rawDescData
}
@@ -555,7 +544,7 @@ func file_google_protobuf_field_mask_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_google_protobuf_field_mask_proto_rawDesc,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_field_mask_proto_rawDesc), len(file_google_protobuf_field_mask_proto_rawDesc)),
NumEnums: 0,
NumMessages: 1,
NumExtensions: 0,
@@ -566,7 +555,6 @@ func file_google_protobuf_field_mask_proto_init() {
MessageInfos: file_google_protobuf_field_mask_proto_msgTypes,
}.Build()
File_google_protobuf_field_mask_proto = out.File
- file_google_protobuf_field_mask_proto_rawDesc = nil
file_google_protobuf_field_mask_proto_goTypes = nil
file_google_protobuf_field_mask_proto_depIdxs = nil
}
diff --git a/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go b/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
index 8f206a6611..30411b7283 100644
--- a/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
@@ -128,6 +128,7 @@ import (
reflect "reflect"
sync "sync"
utf8 "unicode/utf8"
+ unsafe "unsafe"
)
// `NullValue` is a singleton enumeration to represent the null value for the
@@ -187,12 +188,11 @@ func (NullValue) EnumDescriptor() ([]byte, []int) {
//
// The JSON representation for `Struct` is JSON object.
type Struct struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Unordered map of dynamically typed values.
- Fields map[string]*Value `protobuf:"bytes,1,rep,name=fields,proto3" json:"fields,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+ Fields map[string]*Value `protobuf:"bytes,1,rep,name=fields,proto3" json:"fields,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// NewStruct constructs a Struct from a general-purpose Go map.
@@ -276,13 +276,10 @@ func (x *Struct) GetFields() map[string]*Value {
//
// The JSON representation for `Value` is JSON value.
type Value struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// The kind of value.
//
- // Types that are assignable to Kind:
+ // Types that are valid to be assigned to Kind:
//
// *Value_NullValue
// *Value_NumberValue
@@ -290,7 +287,9 @@ type Value struct {
// *Value_BoolValue
// *Value_StructValue
// *Value_ListValue
- Kind isValue_Kind `protobuf_oneof:"kind"`
+ Kind isValue_Kind `protobuf_oneof:"kind"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// NewValue constructs a Value from a general-purpose Go interface.
@@ -483,51 +482,63 @@ func (*Value) Descriptor() ([]byte, []int) {
return file_google_protobuf_struct_proto_rawDescGZIP(), []int{1}
}
-func (m *Value) GetKind() isValue_Kind {
- if m != nil {
- return m.Kind
+func (x *Value) GetKind() isValue_Kind {
+ if x != nil {
+ return x.Kind
}
return nil
}
func (x *Value) GetNullValue() NullValue {
- if x, ok := x.GetKind().(*Value_NullValue); ok {
- return x.NullValue
+ if x != nil {
+ if x, ok := x.Kind.(*Value_NullValue); ok {
+ return x.NullValue
+ }
}
return NullValue_NULL_VALUE
}
func (x *Value) GetNumberValue() float64 {
- if x, ok := x.GetKind().(*Value_NumberValue); ok {
- return x.NumberValue
+ if x != nil {
+ if x, ok := x.Kind.(*Value_NumberValue); ok {
+ return x.NumberValue
+ }
}
return 0
}
func (x *Value) GetStringValue() string {
- if x, ok := x.GetKind().(*Value_StringValue); ok {
- return x.StringValue
+ if x != nil {
+ if x, ok := x.Kind.(*Value_StringValue); ok {
+ return x.StringValue
+ }
}
return ""
}
func (x *Value) GetBoolValue() bool {
- if x, ok := x.GetKind().(*Value_BoolValue); ok {
- return x.BoolValue
+ if x != nil {
+ if x, ok := x.Kind.(*Value_BoolValue); ok {
+ return x.BoolValue
+ }
}
return false
}
func (x *Value) GetStructValue() *Struct {
- if x, ok := x.GetKind().(*Value_StructValue); ok {
- return x.StructValue
+ if x != nil {
+ if x, ok := x.Kind.(*Value_StructValue); ok {
+ return x.StructValue
+ }
}
return nil
}
func (x *Value) GetListValue() *ListValue {
- if x, ok := x.GetKind().(*Value_ListValue); ok {
- return x.ListValue
+ if x != nil {
+ if x, ok := x.Kind.(*Value_ListValue); ok {
+ return x.ListValue
+ }
}
return nil
}
@@ -582,12 +593,11 @@ func (*Value_ListValue) isValue_Kind() {}
//
// The JSON representation for `ListValue` is JSON array.
type ListValue struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Repeated field of dynamically typed values.
- Values []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
+ Values []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// NewList constructs a ListValue from a general-purpose Go slice.
@@ -662,64 +672,40 @@ func (x *ListValue) GetValues() []*Value {
var File_google_protobuf_struct_proto protoreflect.FileDescriptor
-var file_google_protobuf_struct_proto_rawDesc = []byte{
- 0x0a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x22,
- 0x98, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x12, 0x3b, 0x0a, 0x06, 0x66, 0x69,
- 0x65, 0x6c, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f,
- 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72,
- 0x75, 0x63, 0x74, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
- 0x06, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x1a, 0x51, 0x0a, 0x0b, 0x46, 0x69, 0x65, 0x6c, 0x64,
- 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
- 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
- 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
- 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52,
- 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb2, 0x02, 0x0a, 0x05, 0x56,
- 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x6e, 0x75, 0x6c, 0x6c, 0x5f, 0x76, 0x61, 0x6c,
- 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
- 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4e, 0x75, 0x6c, 0x6c, 0x56,
- 0x61, 0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6e, 0x75, 0x6c, 0x6c, 0x56, 0x61, 0x6c, 0x75,
- 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75,
- 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x48, 0x00, 0x52, 0x0b, 0x6e, 0x75, 0x6d, 0x62, 0x65,
- 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67,
- 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b,
- 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0a, 0x62,
- 0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x48,
- 0x00, 0x52, 0x09, 0x62, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3c, 0x0a, 0x0c,
- 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01,
- 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x48, 0x00, 0x52, 0x0b, 0x73,
- 0x74, 0x72, 0x75, 0x63, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x6c, 0x69,
- 0x73, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6c, 0x69,
- 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x06, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x22,
- 0x3b, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2e, 0x0a, 0x06,
- 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67,
- 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56,
- 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x2a, 0x1b, 0x0a, 0x09,
- 0x4e, 0x75, 0x6c, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x0e, 0x0a, 0x0a, 0x4e, 0x55, 0x4c,
- 0x4c, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x10, 0x00, 0x42, 0x7f, 0x0a, 0x13, 0x63, 0x6f, 0x6d,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x42, 0x0b, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
- 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f,
- 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65,
- 0x73, 0x2f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x70, 0x62,
- 0xf8, 0x01, 0x01, 0xa2, 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1e, 0x47, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x57, 0x65, 0x6c, 0x6c,
- 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x33,
-}
+const file_google_protobuf_struct_proto_rawDesc = "" +
+ "\n" +
+ "\x1cgoogle/protobuf/struct.proto\x12\x0fgoogle.protobuf\"\x98\x01\n" +
+ "\x06Struct\x12;\n" +
+ "\x06fields\x18\x01 \x03(\v2#.google.protobuf.Struct.FieldsEntryR\x06fields\x1aQ\n" +
+ "\vFieldsEntry\x12\x10\n" +
+ "\x03key\x18\x01 \x01(\tR\x03key\x12,\n" +
+ "\x05value\x18\x02 \x01(\v2\x16.google.protobuf.ValueR\x05value:\x028\x01\"\xb2\x02\n" +
+ "\x05Value\x12;\n" +
+ "\n" +
+ "null_value\x18\x01 \x01(\x0e2\x1a.google.protobuf.NullValueH\x00R\tnullValue\x12#\n" +
+ "\fnumber_value\x18\x02 \x01(\x01H\x00R\vnumberValue\x12#\n" +
+ "\fstring_value\x18\x03 \x01(\tH\x00R\vstringValue\x12\x1f\n" +
+ "\n" +
+ "bool_value\x18\x04 \x01(\bH\x00R\tboolValue\x12<\n" +
+ "\fstruct_value\x18\x05 \x01(\v2\x17.google.protobuf.StructH\x00R\vstructValue\x12;\n" +
+ "\n" +
+ "list_value\x18\x06 \x01(\v2\x1a.google.protobuf.ListValueH\x00R\tlistValueB\x06\n" +
+ "\x04kind\";\n" +
+ "\tListValue\x12.\n" +
+ "\x06values\x18\x01 \x03(\v2\x16.google.protobuf.ValueR\x06values*\x1b\n" +
+ "\tNullValue\x12\x0e\n" +
+ "\n" +
+ "NULL_VALUE\x10\x00B\x7f\n" +
+ "\x13com.google.protobufB\vStructProtoP\x01Z/google.golang.org/protobuf/types/known/structpb\xf8\x01\x01\xa2\x02\x03GPB\xaa\x02\x1eGoogle.Protobuf.WellKnownTypesb\x06proto3"
var (
file_google_protobuf_struct_proto_rawDescOnce sync.Once
- file_google_protobuf_struct_proto_rawDescData = file_google_protobuf_struct_proto_rawDesc
+ file_google_protobuf_struct_proto_rawDescData []byte
)
func file_google_protobuf_struct_proto_rawDescGZIP() []byte {
file_google_protobuf_struct_proto_rawDescOnce.Do(func() {
- file_google_protobuf_struct_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_struct_proto_rawDescData)
+ file_google_protobuf_struct_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_protobuf_struct_proto_rawDesc), len(file_google_protobuf_struct_proto_rawDesc)))
})
return file_google_protobuf_struct_proto_rawDescData
}
@@ -764,7 +750,7 @@ func file_google_protobuf_struct_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_google_protobuf_struct_proto_rawDesc,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_struct_proto_rawDesc), len(file_google_protobuf_struct_proto_rawDesc)),
NumEnums: 1,
NumMessages: 4,
NumExtensions: 0,
@@ -776,7 +762,6 @@ func file_google_protobuf_struct_proto_init() {
MessageInfos: file_google_protobuf_struct_proto_msgTypes,
}.Build()
File_google_protobuf_struct_proto = out.File
- file_google_protobuf_struct_proto_rawDesc = nil
file_google_protobuf_struct_proto_goTypes = nil
file_google_protobuf_struct_proto_depIdxs = nil
}
diff --git a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
index 0d20722d70..06d584c14b 100644
--- a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
@@ -78,6 +78,7 @@ import (
reflect "reflect"
sync "sync"
time "time"
+ unsafe "unsafe"
)
// A Timestamp represents a point in time independent of any time zone or local
@@ -170,10 +171,7 @@ import (
// http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
// ) to obtain a formatter capable of generating timestamps in this format.
type Timestamp struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Represents seconds of UTC time since Unix epoch
// 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
// 9999-12-31T23:59:59Z inclusive.
@@ -182,7 +180,9 @@ type Timestamp struct {
// second values with fractions must still have non-negative nanos values
// that count forward in time. Must be from 0 to 999,999,999
// inclusive.
- Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
+ Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
// Now constructs a new Timestamp from the current time.
@@ -298,33 +298,22 @@ func (x *Timestamp) GetNanos() int32 {
var File_google_protobuf_timestamp_proto protoreflect.FileDescriptor
-var file_google_protobuf_timestamp_proto_rawDesc = []byte{
- 0x0a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
- 0x75, 0x66, 0x22, 0x3b, 0x0a, 0x09, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12,
- 0x18, 0x0a, 0x07, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03,
- 0x52, 0x07, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6e,
- 0x6f, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6e, 0x61, 0x6e, 0x6f, 0x73, 0x42,
- 0x85, 0x01, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
- 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x0e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
- 0x6d, 0x70, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x32, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
- 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f,
- 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x6b, 0x6e, 0x6f, 0x77,
- 0x6e, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x70, 0x62, 0xf8, 0x01, 0x01,
- 0xa2, 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1e, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f,
- 0x77, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
+const file_google_protobuf_timestamp_proto_rawDesc = "" +
+ "\n" +
+ "\x1fgoogle/protobuf/timestamp.proto\x12\x0fgoogle.protobuf\";\n" +
+ "\tTimestamp\x12\x18\n" +
+ "\aseconds\x18\x01 \x01(\x03R\aseconds\x12\x14\n" +
+ "\x05nanos\x18\x02 \x01(\x05R\x05nanosB\x85\x01\n" +
+ "\x13com.google.protobufB\x0eTimestampProtoP\x01Z2google.golang.org/protobuf/types/known/timestamppb\xf8\x01\x01\xa2\x02\x03GPB\xaa\x02\x1eGoogle.Protobuf.WellKnownTypesb\x06proto3"
var (
file_google_protobuf_timestamp_proto_rawDescOnce sync.Once
- file_google_protobuf_timestamp_proto_rawDescData = file_google_protobuf_timestamp_proto_rawDesc
+ file_google_protobuf_timestamp_proto_rawDescData []byte
)
func file_google_protobuf_timestamp_proto_rawDescGZIP() []byte {
file_google_protobuf_timestamp_proto_rawDescOnce.Do(func() {
- file_google_protobuf_timestamp_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_timestamp_proto_rawDescData)
+ file_google_protobuf_timestamp_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_protobuf_timestamp_proto_rawDesc), len(file_google_protobuf_timestamp_proto_rawDesc)))
})
return file_google_protobuf_timestamp_proto_rawDescData
}
@@ -350,7 +339,7 @@ func file_google_protobuf_timestamp_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_google_protobuf_timestamp_proto_rawDesc,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_timestamp_proto_rawDesc), len(file_google_protobuf_timestamp_proto_rawDesc)),
NumEnums: 0,
NumMessages: 1,
NumExtensions: 0,
@@ -361,7 +350,6 @@ func file_google_protobuf_timestamp_proto_init() {
MessageInfos: file_google_protobuf_timestamp_proto_msgTypes,
}.Build()
File_google_protobuf_timestamp_proto = out.File
- file_google_protobuf_timestamp_proto_rawDesc = nil
file_google_protobuf_timestamp_proto_goTypes = nil
file_google_protobuf_timestamp_proto_depIdxs = nil
}
diff --git a/vendor/google.golang.org/protobuf/types/pluginpb/plugin.pb.go b/vendor/google.golang.org/protobuf/types/pluginpb/plugin.pb.go
index c6d90cab37..6998aa41b9 100644
--- a/vendor/google.golang.org/protobuf/types/pluginpb/plugin.pb.go
+++ b/vendor/google.golang.org/protobuf/types/pluginpb/plugin.pb.go
@@ -29,6 +29,7 @@ import (
descriptorpb "google.golang.org/protobuf/types/descriptorpb"
reflect "reflect"
sync "sync"
+ unsafe "unsafe"
)
// Sync with code_generator.h.
@@ -93,16 +94,15 @@ func (CodeGeneratorResponse_Feature) EnumDescriptor() ([]byte, []int) {
// The version number of protocol compiler.
type Version struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
- Major *int32 `protobuf:"varint,1,opt,name=major" json:"major,omitempty"`
- Minor *int32 `protobuf:"varint,2,opt,name=minor" json:"minor,omitempty"`
- Patch *int32 `protobuf:"varint,3,opt,name=patch" json:"patch,omitempty"`
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Major *int32 `protobuf:"varint,1,opt,name=major" json:"major,omitempty"`
+ Minor *int32 `protobuf:"varint,2,opt,name=minor" json:"minor,omitempty"`
+ Patch *int32 `protobuf:"varint,3,opt,name=patch" json:"patch,omitempty"`
// A suffix for alpha, beta or rc release, e.g., "alpha-1", "rc2". It should
// be empty for mainline stable releases.
- Suffix *string `protobuf:"bytes,4,opt,name=suffix" json:"suffix,omitempty"`
+ Suffix *string `protobuf:"bytes,4,opt,name=suffix" json:"suffix,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *Version) Reset() {
@@ -165,10 +165,7 @@ func (x *Version) GetSuffix() string {
// An encoded CodeGeneratorRequest is written to the plugin's stdin.
type CodeGeneratorRequest struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// The .proto files that were explicitly listed on the command-line. The
// code generator should generate code only for these files. Each file's
// descriptor will be included in proto_file, below.
@@ -201,6 +198,8 @@ type CodeGeneratorRequest struct {
SourceFileDescriptors []*descriptorpb.FileDescriptorProto `protobuf:"bytes,17,rep,name=source_file_descriptors,json=sourceFileDescriptors" json:"source_file_descriptors,omitempty"`
// The version number of protocol compiler.
CompilerVersion *Version `protobuf:"bytes,3,opt,name=compiler_version,json=compilerVersion" json:"compiler_version,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *CodeGeneratorRequest) Reset() {
@@ -270,10 +269,7 @@ func (x *CodeGeneratorRequest) GetCompilerVersion() *Version {
// The plugin writes an encoded CodeGeneratorResponse to stdout.
type CodeGeneratorResponse struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// Error message. If non-empty, code generation failed. The plugin process
// should exit with status code zero even if it reports an error in this way.
//
@@ -297,6 +293,8 @@ type CodeGeneratorResponse struct {
// effect for plugins that have FEATURE_SUPPORTS_EDITIONS set.
MaximumEdition *int32 `protobuf:"varint,4,opt,name=maximum_edition,json=maximumEdition" json:"maximum_edition,omitempty"`
File []*CodeGeneratorResponse_File `protobuf:"bytes,15,rep,name=file" json:"file,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *CodeGeneratorResponse) Reset() {
@@ -366,10 +364,7 @@ func (x *CodeGeneratorResponse) GetFile() []*CodeGeneratorResponse_File {
// Represents a single generated file.
type CodeGeneratorResponse_File struct {
- state protoimpl.MessageState
- sizeCache protoimpl.SizeCache
- unknownFields protoimpl.UnknownFields
-
+ state protoimpl.MessageState `protogen:"open.v1"`
// The file name, relative to the output directory. The name must not
// contain "." or ".." components and must be relative, not be absolute (so,
// the file cannot lie outside the output directory). "/" must be used as
@@ -430,6 +425,8 @@ type CodeGeneratorResponse_File struct {
// point is used, this information will be appropriately offset and inserted
// into the code generation metadata for the generated files.
GeneratedCodeInfo *descriptorpb.GeneratedCodeInfo `protobuf:"bytes,16,opt,name=generated_code_info,json=generatedCodeInfo" json:"generated_code_info,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
}
func (x *CodeGeneratorResponse_File) Reset() {
@@ -492,91 +489,46 @@ func (x *CodeGeneratorResponse_File) GetGeneratedCodeInfo() *descriptorpb.Genera
var File_google_protobuf_compiler_plugin_proto protoreflect.FileDescriptor
-var file_google_protobuf_compiler_plugin_proto_rawDesc = []byte{
- 0x0a, 0x25, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2f, 0x63, 0x6f, 0x6d, 0x70, 0x69, 0x6c, 0x65, 0x72, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69,
- 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x63, 0x6f, 0x6d, 0x70, 0x69, 0x6c, 0x65,
- 0x72, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
- 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x22, 0x63, 0x0a, 0x07, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14,
- 0x0a, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6d,
- 0x61, 0x6a, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x02, 0x20,
- 0x01, 0x28, 0x05, 0x52, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61,
- 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68,
- 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
- 0x52, 0x06, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x22, 0xcf, 0x02, 0x0a, 0x14, 0x43, 0x6f, 0x64,
- 0x65, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
- 0x74, 0x12, 0x28, 0x0a, 0x10, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x74, 0x6f, 0x5f, 0x67, 0x65, 0x6e,
- 0x65, 0x72, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x66, 0x69, 0x6c,
- 0x65, 0x54, 0x6f, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70,
- 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
- 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12, 0x43, 0x0a, 0x0a, 0x70, 0x72, 0x6f,
- 0x74, 0x6f, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0f, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
- 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72,
- 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x5c,
- 0x0a, 0x17, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x64, 0x65,
- 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x73, 0x18, 0x11, 0x20, 0x03, 0x28, 0x0b, 0x32,
- 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
- 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72,
- 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x15, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x46, 0x69, 0x6c,
- 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x73, 0x12, 0x4c, 0x0a, 0x10,
- 0x63, 0x6f, 0x6d, 0x70, 0x69, 0x6c, 0x65, 0x72, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
- 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x63, 0x6f, 0x6d, 0x70, 0x69, 0x6c, 0x65,
- 0x72, 0x2e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x63, 0x6f, 0x6d, 0x70, 0x69,
- 0x6c, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x85, 0x04, 0x0a, 0x15, 0x43,
- 0x6f, 0x64, 0x65, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x52, 0x65, 0x73, 0x70,
- 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20,
- 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x2d, 0x0a, 0x12, 0x73, 0x75,
- 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73,
- 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65,
- 0x64, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x69, 0x6e,
- 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01,
- 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x45, 0x64, 0x69, 0x74, 0x69,
- 0x6f, 0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x65, 0x64,
- 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78,
- 0x69, 0x6d, 0x75, 0x6d, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x04, 0x66,
- 0x69, 0x6c, 0x65, 0x18, 0x0f, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x63, 0x6f, 0x6d, 0x70,
- 0x69, 0x6c, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x64, 0x65, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
- 0x6f, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x52,
- 0x04, 0x66, 0x69, 0x6c, 0x65, 0x1a, 0xb1, 0x01, 0x0a, 0x04, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x12,
- 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
- 0x6d, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x69, 0x6e, 0x73, 0x65, 0x72, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
- 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x6e, 0x73,
- 0x65, 0x72, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x63,
- 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f,
- 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x52, 0x0a, 0x13, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
- 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x10, 0x20, 0x01,
- 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f,
- 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x11, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65,
- 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0x57, 0x0a, 0x07, 0x46, 0x65, 0x61,
- 0x74, 0x75, 0x72, 0x65, 0x12, 0x10, 0x0a, 0x0c, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f,
- 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x1b, 0x0a, 0x17, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52,
- 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x33, 0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41,
- 0x4c, 0x10, 0x01, 0x12, 0x1d, 0x0a, 0x19, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x53,
- 0x55, 0x50, 0x50, 0x4f, 0x52, 0x54, 0x53, 0x5f, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x53,
- 0x10, 0x02, 0x42, 0x72, 0x0a, 0x1c, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
- 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x63, 0x6f, 0x6d, 0x70, 0x69, 0x6c,
- 0x65, 0x72, 0x42, 0x0c, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x73,
- 0x5a, 0x29, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e,
- 0x6f, 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70,
- 0x65, 0x73, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x70, 0x62, 0xaa, 0x02, 0x18, 0x47, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x43, 0x6f,
- 0x6d, 0x70, 0x69, 0x6c, 0x65, 0x72,
-}
+const file_google_protobuf_compiler_plugin_proto_rawDesc = "" +
+ "\n" +
+ "%google/protobuf/compiler/plugin.proto\x12\x18google.protobuf.compiler\x1a google/protobuf/descriptor.proto\"c\n" +
+ "\aVersion\x12\x14\n" +
+ "\x05major\x18\x01 \x01(\x05R\x05major\x12\x14\n" +
+ "\x05minor\x18\x02 \x01(\x05R\x05minor\x12\x14\n" +
+ "\x05patch\x18\x03 \x01(\x05R\x05patch\x12\x16\n" +
+ "\x06suffix\x18\x04 \x01(\tR\x06suffix\"\xcf\x02\n" +
+ "\x14CodeGeneratorRequest\x12(\n" +
+ "\x10file_to_generate\x18\x01 \x03(\tR\x0efileToGenerate\x12\x1c\n" +
+ "\tparameter\x18\x02 \x01(\tR\tparameter\x12C\n" +
+ "\n" +
+ "proto_file\x18\x0f \x03(\v2$.google.protobuf.FileDescriptorProtoR\tprotoFile\x12\\\n" +
+ "\x17source_file_descriptors\x18\x11 \x03(\v2$.google.protobuf.FileDescriptorProtoR\x15sourceFileDescriptors\x12L\n" +
+ "\x10compiler_version\x18\x03 \x01(\v2!.google.protobuf.compiler.VersionR\x0fcompilerVersion\"\x85\x04\n" +
+ "\x15CodeGeneratorResponse\x12\x14\n" +
+ "\x05error\x18\x01 \x01(\tR\x05error\x12-\n" +
+ "\x12supported_features\x18\x02 \x01(\x04R\x11supportedFeatures\x12'\n" +
+ "\x0fminimum_edition\x18\x03 \x01(\x05R\x0eminimumEdition\x12'\n" +
+ "\x0fmaximum_edition\x18\x04 \x01(\x05R\x0emaximumEdition\x12H\n" +
+ "\x04file\x18\x0f \x03(\v24.google.protobuf.compiler.CodeGeneratorResponse.FileR\x04file\x1a\xb1\x01\n" +
+ "\x04File\x12\x12\n" +
+ "\x04name\x18\x01 \x01(\tR\x04name\x12'\n" +
+ "\x0finsertion_point\x18\x02 \x01(\tR\x0einsertionPoint\x12\x18\n" +
+ "\acontent\x18\x0f \x01(\tR\acontent\x12R\n" +
+ "\x13generated_code_info\x18\x10 \x01(\v2\".google.protobuf.GeneratedCodeInfoR\x11generatedCodeInfo\"W\n" +
+ "\aFeature\x12\x10\n" +
+ "\fFEATURE_NONE\x10\x00\x12\x1b\n" +
+ "\x17FEATURE_PROTO3_OPTIONAL\x10\x01\x12\x1d\n" +
+ "\x19FEATURE_SUPPORTS_EDITIONS\x10\x02Br\n" +
+ "\x1ccom.google.protobuf.compilerB\fPluginProtosZ)google.golang.org/protobuf/types/pluginpb\xaa\x02\x18Google.Protobuf.Compiler"
var (
file_google_protobuf_compiler_plugin_proto_rawDescOnce sync.Once
- file_google_protobuf_compiler_plugin_proto_rawDescData = file_google_protobuf_compiler_plugin_proto_rawDesc
+ file_google_protobuf_compiler_plugin_proto_rawDescData []byte
)
func file_google_protobuf_compiler_plugin_proto_rawDescGZIP() []byte {
file_google_protobuf_compiler_plugin_proto_rawDescOnce.Do(func() {
- file_google_protobuf_compiler_plugin_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_compiler_plugin_proto_rawDescData)
+ file_google_protobuf_compiler_plugin_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_protobuf_compiler_plugin_proto_rawDesc), len(file_google_protobuf_compiler_plugin_proto_rawDesc)))
})
return file_google_protobuf_compiler_plugin_proto_rawDescData
}
@@ -614,7 +566,7 @@ func file_google_protobuf_compiler_plugin_proto_init() {
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
- RawDescriptor: file_google_protobuf_compiler_plugin_proto_rawDesc,
+ RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_compiler_plugin_proto_rawDesc), len(file_google_protobuf_compiler_plugin_proto_rawDesc)),
NumEnums: 1,
NumMessages: 4,
NumExtensions: 0,
@@ -626,7 +578,6 @@ func file_google_protobuf_compiler_plugin_proto_init() {
MessageInfos: file_google_protobuf_compiler_plugin_proto_msgTypes,
}.Build()
File_google_protobuf_compiler_plugin_proto = out.File
- file_google_protobuf_compiler_plugin_proto_rawDesc = nil
file_google_protobuf_compiler_plugin_proto_goTypes = nil
file_google_protobuf_compiler_plugin_proto_depIdxs = nil
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 0deb3148a3..18f628282d 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -19,10 +19,7 @@ github.com/Microsoft/go-winio/pkg/guid
github.com/Microsoft/go-winio/pkg/process
github.com/Microsoft/go-winio/tools/mkwinsyscall
github.com/Microsoft/go-winio/vhd
-# github.com/OneOfOne/xxhash v1.2.8
-## explicit; go 1.11
-github.com/OneOfOne/xxhash
-# github.com/agnivade/levenshtein v1.2.0
+# github.com/agnivade/levenshtein v1.2.1
## explicit; go 1.21
github.com/agnivade/levenshtein
# github.com/akavel/rsrc v0.10.2
@@ -42,8 +39,8 @@ github.com/cenkalti/backoff/v4
# github.com/cespare/xxhash/v2 v2.3.0
## explicit; go 1.11
github.com/cespare/xxhash/v2
-# github.com/containerd/cgroups/v3 v3.0.3
-## explicit; go 1.18
+# github.com/containerd/cgroups/v3 v3.0.5
+## explicit; go 1.22.0
github.com/containerd/cgroups/v3
github.com/containerd/cgroups/v3/cgroup1
github.com/containerd/cgroups/v3/cgroup1/stats
@@ -75,18 +72,19 @@ github.com/containerd/containerd/runtime/v2/shim
github.com/containerd/containerd/sys
github.com/containerd/containerd/sys/reaper
github.com/containerd/containerd/version
-# github.com/containerd/containerd/api v1.7.19
-## explicit; go 1.21
+# github.com/containerd/containerd/api v1.9.0
+## explicit; go 1.23.0
github.com/containerd/containerd/api/events
github.com/containerd/containerd/api/runtime/task/v2
github.com/containerd/containerd/api/services/ttrpc/events/v1
github.com/containerd/containerd/api/types
github.com/containerd/containerd/api/types/task
-# github.com/containerd/continuity v0.4.2
-## explicit; go 1.19
+# github.com/containerd/continuity v0.4.5
+## explicit; go 1.21
+github.com/containerd/continuity/devices
github.com/containerd/continuity/fs
github.com/containerd/continuity/sysx
-# github.com/containerd/errdefs v0.3.0
+# github.com/containerd/errdefs v1.0.0
## explicit; go 1.20
github.com/containerd/errdefs
# github.com/containerd/errdefs/pkg v0.3.0
@@ -97,8 +95,8 @@ github.com/containerd/errdefs/pkg/internal/types
# github.com/containerd/fifo v1.1.0
## explicit; go 1.18
github.com/containerd/fifo
-# github.com/containerd/go-runc v1.0.0
-## explicit; go 1.13
+# github.com/containerd/go-runc v1.1.0
+## explicit; go 1.18
github.com/containerd/go-runc
# github.com/containerd/log v0.1.0
## explicit; go 1.20
@@ -111,18 +109,18 @@ github.com/containerd/protobuild/cmd/go-fix-acronym
## explicit; go 1.19
github.com/containerd/stargz-snapshotter/estargz
github.com/containerd/stargz-snapshotter/estargz/errorutil
-# github.com/containerd/ttrpc v1.2.5
+# github.com/containerd/ttrpc v1.2.7
## explicit; go 1.19
github.com/containerd/ttrpc
github.com/containerd/ttrpc/cmd/protoc-gen-go-ttrpc
-# github.com/containerd/typeurl/v2 v2.2.0
+# github.com/containerd/typeurl/v2 v2.2.3
## explicit; go 1.21
github.com/containerd/typeurl/v2
# github.com/coreos/go-systemd/v22 v22.5.0
## explicit; go 1.12
github.com/coreos/go-systemd/v22/dbus
-# github.com/cpuguy83/go-md2man/v2 v2.0.5
-## explicit; go 1.11
+# github.com/cpuguy83/go-md2man/v2 v2.0.6
+## explicit; go 1.12
github.com/cpuguy83/go-md2man/v2/md2man
# github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0
## explicit; go 1.17
@@ -149,8 +147,8 @@ github.com/docker/go-events
# github.com/docker/go-units v0.5.0
## explicit
github.com/docker/go-units
-# github.com/fxamacker/cbor/v2 v2.4.0
-## explicit; go 1.12
+# github.com/fxamacker/cbor/v2 v2.7.0
+## explicit; go 1.17
github.com/fxamacker/cbor/v2
# github.com/go-ini/ini v1.67.0
## explicit
@@ -196,8 +194,8 @@ github.com/golang/groupcache/lru
## explicit; go 1.17
github.com/golang/protobuf/proto
github.com/golang/protobuf/protoc-gen-go/descriptor
-# github.com/google/go-cmp v0.6.0
-## explicit; go 1.13
+# github.com/google/go-cmp v0.7.0
+## explicit; go 1.21
github.com/google/go-cmp/cmp
github.com/google/go-cmp/cmp/internal/diff
github.com/google/go-cmp/cmp/internal/flags
@@ -238,12 +236,13 @@ github.com/gorilla/mux
## explicit; go 1.12
github.com/josephspurrier/goversioninfo
github.com/josephspurrier/goversioninfo/cmd/goversioninfo
-# github.com/klauspost/compress v1.17.9
-## explicit; go 1.20
+# github.com/klauspost/compress v1.18.0
+## explicit; go 1.22
github.com/klauspost/compress
github.com/klauspost/compress/fse
github.com/klauspost/compress/huff0
github.com/klauspost/compress/internal/cpuinfo
+github.com/klauspost/compress/internal/le
github.com/klauspost/compress/internal/snapref
github.com/klauspost/compress/zstd
github.com/klauspost/compress/zstd/internal/xxhash
@@ -282,13 +281,13 @@ github.com/mattn/go-shellwords
# github.com/mitchellh/go-homedir v1.1.0
## explicit
github.com/mitchellh/go-homedir
-# github.com/moby/sys/mountinfo v0.7.1
-## explicit; go 1.16
+# github.com/moby/sys/mountinfo v0.7.2
+## explicit; go 1.17
github.com/moby/sys/mountinfo
-# github.com/moby/sys/sequential v0.5.0
+# github.com/moby/sys/sequential v0.6.0
## explicit; go 1.17
github.com/moby/sys/sequential
-# github.com/moby/sys/user v0.3.0
+# github.com/moby/sys/user v0.4.0
## explicit; go 1.17
github.com/moby/sys/user
# github.com/moby/sys/userns v0.1.0
@@ -297,18 +296,12 @@ github.com/moby/sys/userns
# github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
## explicit
github.com/munnerz/goautoneg
-# github.com/open-policy-agent/opa v0.70.0
-## explicit; go 1.21
+# github.com/open-policy-agent/opa v1.5.0
+## explicit; go 1.23.8
github.com/open-policy-agent/opa/ast
-github.com/open-policy-agent/opa/ast/internal/scanner
-github.com/open-policy-agent/opa/ast/internal/tokens
github.com/open-policy-agent/opa/ast/json
-github.com/open-policy-agent/opa/ast/location
github.com/open-policy-agent/opa/bundle
github.com/open-policy-agent/opa/capabilities
-github.com/open-policy-agent/opa/config
-github.com/open-policy-agent/opa/format
-github.com/open-policy-agent/opa/hooks
github.com/open-policy-agent/opa/internal/bundle
github.com/open-policy-agent/opa/internal/cidr/merge
github.com/open-policy-agent/opa/internal/compiler
@@ -323,12 +316,6 @@ github.com/open-policy-agent/opa/internal/file/archive
github.com/open-policy-agent/opa/internal/file/url
github.com/open-policy-agent/opa/internal/future
github.com/open-policy-agent/opa/internal/gojsonschema
-github.com/open-policy-agent/opa/internal/gqlparser/ast
-github.com/open-policy-agent/opa/internal/gqlparser/gqlerror
-github.com/open-policy-agent/opa/internal/gqlparser/lexer
-github.com/open-policy-agent/opa/internal/gqlparser/parser
-github.com/open-policy-agent/opa/internal/gqlparser/validator
-github.com/open-policy-agent/opa/internal/gqlparser/validator/rules
github.com/open-policy-agent/opa/internal/json/patch
github.com/open-policy-agent/opa/internal/jwx/buffer
github.com/open-policy-agent/opa/internal/jwx/jwa
@@ -360,37 +347,53 @@ github.com/open-policy-agent/opa/internal/wasm/opcode
github.com/open-policy-agent/opa/internal/wasm/sdk/opa/capabilities
github.com/open-policy-agent/opa/internal/wasm/types
github.com/open-policy-agent/opa/internal/wasm/util
-github.com/open-policy-agent/opa/ir
-github.com/open-policy-agent/opa/keys
github.com/open-policy-agent/opa/loader
-github.com/open-policy-agent/opa/loader/extension
-github.com/open-policy-agent/opa/loader/filter
-github.com/open-policy-agent/opa/logging
-github.com/open-policy-agent/opa/metrics
-github.com/open-policy-agent/opa/plugins
-github.com/open-policy-agent/opa/plugins/rest
github.com/open-policy-agent/opa/rego
-github.com/open-policy-agent/opa/resolver
-github.com/open-policy-agent/opa/resolver/wasm
-github.com/open-policy-agent/opa/schemas
github.com/open-policy-agent/opa/storage
github.com/open-policy-agent/opa/storage/inmem
-github.com/open-policy-agent/opa/storage/internal/errors
-github.com/open-policy-agent/opa/storage/internal/ptr
github.com/open-policy-agent/opa/topdown
-github.com/open-policy-agent/opa/topdown/builtins
-github.com/open-policy-agent/opa/topdown/cache
-github.com/open-policy-agent/opa/topdown/copypropagation
github.com/open-policy-agent/opa/topdown/print
-github.com/open-policy-agent/opa/tracing
-github.com/open-policy-agent/opa/types
-github.com/open-policy-agent/opa/util
-github.com/open-policy-agent/opa/util/decoding
-github.com/open-policy-agent/opa/version
+github.com/open-policy-agent/opa/v1/ast
+github.com/open-policy-agent/opa/v1/ast/internal/scanner
+github.com/open-policy-agent/opa/v1/ast/internal/tokens
+github.com/open-policy-agent/opa/v1/ast/json
+github.com/open-policy-agent/opa/v1/ast/location
+github.com/open-policy-agent/opa/v1/bundle
+github.com/open-policy-agent/opa/v1/capabilities
+github.com/open-policy-agent/opa/v1/config
+github.com/open-policy-agent/opa/v1/format
+github.com/open-policy-agent/opa/v1/hooks
+github.com/open-policy-agent/opa/v1/ir
+github.com/open-policy-agent/opa/v1/keys
+github.com/open-policy-agent/opa/v1/loader
+github.com/open-policy-agent/opa/v1/loader/extension
+github.com/open-policy-agent/opa/v1/loader/filter
+github.com/open-policy-agent/opa/v1/logging
+github.com/open-policy-agent/opa/v1/metrics
+github.com/open-policy-agent/opa/v1/plugins
+github.com/open-policy-agent/opa/v1/plugins/rest
+github.com/open-policy-agent/opa/v1/rego
+github.com/open-policy-agent/opa/v1/resolver
+github.com/open-policy-agent/opa/v1/resolver/wasm
+github.com/open-policy-agent/opa/v1/schemas
+github.com/open-policy-agent/opa/v1/storage
+github.com/open-policy-agent/opa/v1/storage/inmem
+github.com/open-policy-agent/opa/v1/storage/internal/errors
+github.com/open-policy-agent/opa/v1/storage/internal/ptr
+github.com/open-policy-agent/opa/v1/topdown
+github.com/open-policy-agent/opa/v1/topdown/builtins
+github.com/open-policy-agent/opa/v1/topdown/cache
+github.com/open-policy-agent/opa/v1/topdown/copypropagation
+github.com/open-policy-agent/opa/v1/topdown/print
+github.com/open-policy-agent/opa/v1/tracing
+github.com/open-policy-agent/opa/v1/types
+github.com/open-policy-agent/opa/v1/util
+github.com/open-policy-agent/opa/v1/util/decoding
+github.com/open-policy-agent/opa/v1/version
# github.com/opencontainers/go-digest v1.0.0
## explicit; go 1.13
github.com/opencontainers/go-digest
-# github.com/opencontainers/image-spec v1.1.0
+# github.com/opencontainers/image-spec v1.1.1
## explicit; go 1.18
github.com/opencontainers/image-spec/specs-go
github.com/opencontainers/image-spec/specs-go/v1
@@ -398,9 +401,10 @@ github.com/opencontainers/image-spec/specs-go/v1
## explicit; go 1.22
github.com/opencontainers/runc/libcontainer/devices
github.com/opencontainers/runc/libcontainer/user
-# github.com/opencontainers/runtime-spec v1.2.0
+# github.com/opencontainers/runtime-spec v1.2.1
## explicit
github.com/opencontainers/runtime-spec/specs-go
+github.com/opencontainers/runtime-spec/specs-go/features
# github.com/pelletier/go-toml v1.9.5
## explicit; go 1.12
github.com/pelletier/go-toml
@@ -409,15 +413,15 @@ github.com/pelletier/go-toml
github.com/pkg/errors
# github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
## explicit
-# github.com/prometheus/client_golang v1.20.5
-## explicit; go 1.20
+# github.com/prometheus/client_golang v1.22.0
+## explicit; go 1.22
github.com/prometheus/client_golang/prometheus
github.com/prometheus/client_golang/prometheus/internal
-# github.com/prometheus/client_model v0.6.1
-## explicit; go 1.19
+# github.com/prometheus/client_model v0.6.2
+## explicit; go 1.22.0
github.com/prometheus/client_model/go
-# github.com/prometheus/common v0.55.0
-## explicit; go 1.20
+# github.com/prometheus/common v0.62.0
+## explicit; go 1.21
github.com/prometheus/common/expfmt
github.com/prometheus/common/model
# github.com/prometheus/procfs v0.15.1
@@ -434,26 +438,34 @@ github.com/russross/blackfriday/v2
# github.com/sirupsen/logrus v1.9.3
## explicit; go 1.13
github.com/sirupsen/logrus
-# github.com/tchap/go-patricia/v2 v2.3.1
+# github.com/tchap/go-patricia/v2 v2.3.2
## explicit; go 1.16
github.com/tchap/go-patricia/v2/patricia
# github.com/urfave/cli v1.22.15
## explicit; go 1.11
github.com/urfave/cli
-# github.com/urfave/cli/v2 v2.27.5
+# github.com/urfave/cli/v2 v2.27.6
## explicit; go 1.18
github.com/urfave/cli/v2
# github.com/vbatts/tar-split v0.11.3
## explicit; go 1.15
github.com/vbatts/tar-split/archive/tar
+# github.com/vektah/gqlparser/v2 v2.5.26
+## explicit; go 1.22
+github.com/vektah/gqlparser/v2/ast
+github.com/vektah/gqlparser/v2/gqlerror
+github.com/vektah/gqlparser/v2/lexer
+github.com/vektah/gqlparser/v2/parser
+github.com/vektah/gqlparser/v2/validator
+github.com/vektah/gqlparser/v2/validator/rules
# github.com/veraison/go-cose v1.1.0
## explicit; go 1.18
github.com/veraison/go-cose
-# github.com/vishvananda/netlink v1.3.0
+# github.com/vishvananda/netlink v1.3.1-0.20250303224720-0e7078ed04c8
## explicit; go 1.12
github.com/vishvananda/netlink
github.com/vishvananda/netlink/nl
-# github.com/vishvananda/netns v0.0.4
+# github.com/vishvananda/netns v0.0.5
## explicit; go 1.17
github.com/vishvananda/netns
# github.com/x448/float16 v0.8.4
@@ -471,9 +483,12 @@ github.com/xrash/smetrics
# github.com/yashtewari/glob-intersection v0.2.0
## explicit; go 1.17
github.com/yashtewari/glob-intersection
-# go.etcd.io/bbolt v1.3.10
-## explicit; go 1.21
+# go.etcd.io/bbolt v1.4.0
+## explicit; go 1.23
go.etcd.io/bbolt
+go.etcd.io/bbolt/errors
+go.etcd.io/bbolt/internal/common
+go.etcd.io/bbolt/internal/freelist
# go.opencensus.io v0.24.0
## explicit; go 1.13
go.opencensus.io
@@ -491,8 +506,12 @@ go.opencensus.io/trace
go.opencensus.io/trace/internal
go.opencensus.io/trace/propagation
go.opencensus.io/trace/tracestate
-# go.opentelemetry.io/otel v1.31.0
-## explicit; go 1.22
+# go.opentelemetry.io/auto/sdk v1.1.0
+## explicit; go 1.22.0
+go.opentelemetry.io/auto/sdk
+go.opentelemetry.io/auto/sdk/internal/telemetry
+# go.opentelemetry.io/otel v1.35.0
+## explicit; go 1.22.0
go.opentelemetry.io/otel
go.opentelemetry.io/otel/attribute
go.opentelemetry.io/otel/baggage
@@ -503,38 +522,41 @@ go.opentelemetry.io/otel/internal/baggage
go.opentelemetry.io/otel/internal/global
go.opentelemetry.io/otel/propagation
go.opentelemetry.io/otel/semconv/v1.26.0
-# go.opentelemetry.io/otel/metric v1.31.0
-## explicit; go 1.22
+# go.opentelemetry.io/otel/metric v1.35.0
+## explicit; go 1.22.0
go.opentelemetry.io/otel/metric
go.opentelemetry.io/otel/metric/embedded
-# go.opentelemetry.io/otel/sdk v1.31.0
-## explicit; go 1.22
+# go.opentelemetry.io/otel/sdk v1.35.0
+## explicit; go 1.22.0
go.opentelemetry.io/otel/sdk
go.opentelemetry.io/otel/sdk/instrumentation
go.opentelemetry.io/otel/sdk/internal/env
go.opentelemetry.io/otel/sdk/internal/x
go.opentelemetry.io/otel/sdk/resource
go.opentelemetry.io/otel/sdk/trace
-# go.opentelemetry.io/otel/trace v1.31.0
-## explicit; go 1.22
+# go.opentelemetry.io/otel/sdk/metric v1.35.0
+## explicit; go 1.22.0
+# go.opentelemetry.io/otel/trace v1.35.0
+## explicit; go 1.22.0
go.opentelemetry.io/otel/trace
go.opentelemetry.io/otel/trace/embedded
+go.opentelemetry.io/otel/trace/internal/telemetry
go.opentelemetry.io/otel/trace/noop
# go.uber.org/mock v0.5.0
## explicit; go 1.22
go.uber.org/mock/gomock
go.uber.org/mock/mockgen
go.uber.org/mock/mockgen/model
-# golang.org/x/crypto v0.36.0
+# golang.org/x/crypto v0.37.0
## explicit; go 1.23.0
golang.org/x/crypto/curve25519
-# golang.org/x/mod v0.18.0
-## explicit; go 1.18
+# golang.org/x/mod v0.24.0
+## explicit; go 1.23.0
golang.org/x/mod/internal/lazyregexp
golang.org/x/mod/modfile
golang.org/x/mod/module
golang.org/x/mod/semver
-# golang.org/x/net v0.38.0
+# golang.org/x/net v0.39.0
## explicit; go 1.23.0
golang.org/x/net/http/httpguts
golang.org/x/net/http2
@@ -543,10 +565,10 @@ golang.org/x/net/idna
golang.org/x/net/internal/httpcommon
golang.org/x/net/internal/timeseries
golang.org/x/net/trace
-# golang.org/x/sync v0.13.0
+# golang.org/x/sync v0.14.0
## explicit; go 1.23.0
golang.org/x/sync/errgroup
-# golang.org/x/sys v0.32.0
+# golang.org/x/sys v0.33.0
## explicit; go 1.23.0
golang.org/x/sys/execabs
golang.org/x/sys/unix
@@ -555,7 +577,7 @@ golang.org/x/sys/windows/registry
golang.org/x/sys/windows/svc
golang.org/x/sys/windows/svc/debug
golang.org/x/sys/windows/svc/mgr
-# golang.org/x/text v0.23.0
+# golang.org/x/text v0.24.0
## explicit; go 1.23.0
golang.org/x/text/secure/bidirule
golang.org/x/text/transform
@@ -584,19 +606,20 @@ golang.org/x/tools/internal/stdlib
golang.org/x/tools/internal/tokeninternal
golang.org/x/tools/internal/typesinternal
golang.org/x/tools/internal/versions
-# google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de
-## explicit; go 1.19
-google.golang.org/genproto/protobuf/field_mask
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53
+# google.golang.org/genproto v0.0.0-20241118233622-e639e219e697
## explicit; go 1.21
-google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.69.0
+google.golang.org/genproto/protobuf/field_mask
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a
## explicit; go 1.22
+google.golang.org/genproto/googleapis/rpc/status
+# google.golang.org/grpc v1.72.0
+## explicit; go 1.23
google.golang.org/grpc
google.golang.org/grpc/attributes
google.golang.org/grpc/backoff
google.golang.org/grpc/balancer
google.golang.org/grpc/balancer/base
+google.golang.org/grpc/balancer/endpointsharding
google.golang.org/grpc/balancer/grpclb/state
google.golang.org/grpc/balancer/pickfirst
google.golang.org/grpc/balancer/pickfirst/internal
@@ -628,7 +651,9 @@ google.golang.org/grpc/internal/grpcutil
google.golang.org/grpc/internal/idle
google.golang.org/grpc/internal/metadata
google.golang.org/grpc/internal/pretty
+google.golang.org/grpc/internal/proxyattributes
google.golang.org/grpc/internal/resolver
+google.golang.org/grpc/internal/resolver/delegatingresolver
google.golang.org/grpc/internal/resolver/dns
google.golang.org/grpc/internal/resolver/dns/internal
google.golang.org/grpc/internal/resolver/passthrough
@@ -652,8 +677,8 @@ google.golang.org/grpc/tap
# google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1
## explicit; go 1.21
google.golang.org/grpc/cmd/protoc-gen-go-grpc
-# google.golang.org/protobuf v1.35.2
-## explicit; go 1.21
+# google.golang.org/protobuf v1.36.6
+## explicit; go 1.22
google.golang.org/protobuf/cmd/protoc-gen-go
google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo
google.golang.org/protobuf/compiler/protogen
@@ -680,6 +705,7 @@ google.golang.org/protobuf/internal/impl
google.golang.org/protobuf/internal/msgfmt
google.golang.org/protobuf/internal/order
google.golang.org/protobuf/internal/pragma
+google.golang.org/protobuf/internal/protolazy
google.golang.org/protobuf/internal/set
google.golang.org/protobuf/internal/strs
google.golang.org/protobuf/internal/version