eval

package

v1.5.2 Latest Latest Go to latest Published: Feb 11, 2026 License: Apache-2.0 Imports: 3 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cedar-policy/cedar-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package eval provides a simple interface for evaluating or partially evaluating a policy node in a given environment.

Index ¶

Variables
func Eval(n ast.IsNode, env Env) (types.Value, error)
func PartialError(err error) ast.IsNode
func PartialPolicy(env Env, p *ast.Policy) (policy *ast.Policy, keep bool)
func PolicyToNode(p *ast.Policy) ast.Node
func ToPartialError(n ast.IsNode) (err error, ok bool)
func ToVariable(v types.Value) (types.String, bool)
func TypeName(v types.Value) string
func Variable(v types.String) types.Value
type Env

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrType = eval.ErrType

ErrType is the error type for type errors.

Functions ¶

func Eval ¶

func Eval(n ast.IsNode, env Env) (types.Value, error)

Eval evaluates a policy node in the given environment.

func PartialError ¶ added in v1.2.6

func PartialError(err error) ast.IsNode

PartialError returns a node that represents a partial error.

func PartialPolicy ¶ added in v1.2.6

func PartialPolicy(env Env, p *ast.Policy) (policy *ast.Policy, keep bool)

PartialPolicy returns a partially evaluated version of the policy and a boolean indicating if the policy should be kept. (Policies that are determined to evaluate to false are not kept.)

it is supposed to use `PartialPolicy` to partially evaluate a policy, and then use `PolicyToNode` to compile the policy to a node. but you can also use `PartialPolicy` directly.

All the env parts (PARC) must be specified, but you can specify `Variable` as `Variable("principal")` or `Variable("action")` or `Variable("resource")` or `Variable("context")`. also you can specify part of Context to be a `Variable`, such as `key` in `Context` could be `

context := types.NewRecord(types.RecordMap{
		"key": Variable("key"),
})

`

when the node is kept, it can be one of three kinds: 1. it is a `ValueNode`, and Must be `ast.True()` (e.g. `ast.True()`) 2. it is a `Node` contains `Variable` (e.g. `ast.Permit().When(ast.Context().Access("key").Equal(ast.Long(42)))`) 3. it is a `Node` contains `PartialError` (e.g. `ast.ExtensionCall(partialErrorName, ast.String("type error: expected comparable value, got string"))`)

you can use the partial evaluation result `ast.Node` to do any additional work you want for example, you can convert it to an sql query. in which case the variable should be a column name and binary node should be an sql expression.

func PolicyToNode ¶ added in v1.2.6

func PolicyToNode(p *ast.Policy) ast.Node

PolicyToNode returns a node compiled from a policy.

func ToPartialError ¶ added in v1.2.6

func ToPartialError(n ast.IsNode) (err error, ok bool)

ToPartialError returns the error if the node is a partial error.

func ToVariable ¶ added in v1.2.6

func ToVariable(v types.Value) (types.String, bool)

ToVariable converts a value to a variable.

func TypeName ¶ added in v1.2.6

func TypeName(v types.Value) string

TypeName returns the type name of a value.

func Variable ¶ added in v1.2.6

func Variable(v types.String) types.Value

Variable is a variable in the policy.

Types ¶

type Env ¶

type Env = eval.Env

Env is the environment for evaluating a policy.

Source Files ¶

View all Source files

eval.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL