Options
All
  • Public
  • Public/Protected
  • All
Menu

Class RegoRule

export

RegoRule represents Rule concept in Rego language.

  • A simple rule is made up of Rule head, Rule value & Rule body
  • The Rule value defines the final result of the rule if the rule is matched (i.e. all expressions in rule body are true)
  • If you didn't sepcify the rule value, it will be assume as boolean value true
  • The rule body is made up of one of more rego expressions (see @class RegoExp) and each of the expression is made up of terms (see @class RegoTerm)
  • The rule is considered as matched if all expressions in rule body are true You can opt to define a default rule. A default rule has no rule body and will only considered as matched if all other rules are not matched.

Hierarchy

  • RegoRule

Index

Constructors

Properties

Methods

Constructors

constructor

Properties

expressions

expressions: RegoExp[]

All Rego expressions in this rule's rule body. @see RegoExp

memberof

RegoRule

fullName

fullName: string

Full name of the rule. Includes fulle package path e.g. data.object.content.allowRead

memberof

RegoRule

hasNoResolvableRef

hasNoResolvableRef: boolean = false

Whether the rule contains any expressions that has any resolvable references. reference start with input. should be considered as non-resolvable in context of partial evaluation. When this field is set to true, we should not attempt to evaluate this expression. i.e. evaluate() method should return immediately. This will speed up evaluation process.

memberof

RegoRule

isCompleteEvaluated

isCompleteEvaluated: boolean

If the rule is fully evaluate Default to false

memberof

RegoRule

isDefault

isDefault: boolean

Whether a rule is a default Rule Its value only be used if any other residual rules are not matched (or no other residual rules)

memberof

RegoRule

Optional isMatched

isMatched?: boolean

If the rule is matched or not Default to undefined Its value is only set when isCompleteEvaluated is true

memberof

RegoRule

name

name: string

the local name of the rule. i.e. doesn't include full package path e.g. allow

memberof

RegoRule

Private parser

parser: default

Reference to OpaParser

memberof

RegoRule

value

value: RegoValue

Rule value. Rule value is this value if all expression in rule body are true It can be any type. e.g. can be object or array etc. But a simple policy normally outputs a boolean true or false

memberof

RegoRule

Methods

clone

evaluate

  • Re-evaluate this rule If fully evaluated, this.isCompleteEvaluated will be set to true

    memberof

    RegoRule

    Returns RegoRule

isImpossible

  • isImpossible(): boolean

isResolvable

  • isResolvable(): boolean

  • Whether or not the rule is resolvable (i.e. we can tell whether it's matched or not) now.

    memberof

    RegoRule

    Returns boolean

    {boolean}

removeDuplicateExpressions

  • removeDuplicateExpressions(): void

toConciseData

  • toConciseData(): { default: boolean; expressions: { negated: boolean; operands: { isRef: boolean; value: RegoTermValue }[]; operator: string }[]; fullName: string; name: string; value: RegoValue }

  • Returns { default: boolean; expressions: { negated: boolean; operands: { isRef: boolean; value: RegoTermValue }[]; operator: string }[]; fullName: string; name: string; value: RegoValue }

    • default: boolean
    • expressions: { negated: boolean; operands: { isRef: boolean; value: RegoTermValue }[]; operator: string }[]
    • fullName: string
    • name: string
    • value: RegoValue

toConciseJSON

  • toConciseJSON(): string

toData

  • toData(): { default: boolean; expressions: ({ index: undefined; negated: boolean; terms: { type: string; value: RegoTermValue }[] } | { index: number; negated: boolean; terms: { type: string; value: RegoTermValue }[] } | { index: undefined; negated: undefined; terms: { type: string; value: RegoTermValue }[] } | { index: number; negated: undefined; terms: { type: string; value: RegoTermValue }[] })[]; fullName: string; name: string; value: RegoValue }

  • Returns { default: boolean; expressions: ({ index: undefined; negated: boolean; terms: { type: string; value: RegoTermValue }[] } | { index: number; negated: boolean; terms: { type: string; value: RegoTermValue }[] } | { index: undefined; negated: undefined; terms: { type: string; value: RegoTermValue }[] } | { index: number; negated: undefined; terms: { type: string; value: RegoTermValue }[] })[]; fullName: string; name: string; value: RegoValue }

    • default: boolean
    • expressions: ({ index: undefined; negated: boolean; terms: { type: string; value: RegoTermValue }[] } | { index: number; negated: boolean; terms: { type: string; value: RegoTermValue }[] } | { index: undefined; negated: undefined; terms: { type: string; value: RegoTermValue }[] } | { index: number; negated: undefined; terms: { type: string; value: RegoTermValue }[] })[]
    • fullName: string
    • name: string
    • value: RegoValue

toHumanReadableString

  • toHumanReadableString(): string

  • Generate Human Readable string of this rule If it's fully evaluated, the output will be true or false (or actual rule value) Otherwise, will generate expressions concate with AND

    memberof

    RegoRule

    Returns string

toJson

  • toJson(): string

Static createExpressionsFromRuleBodyData

  • createExpressionsFromRuleBodyData(data: any, parser: default): RegoExp[]

Static createFromValue

Static parseFromData

  • Create RegoRule from Opa response data

    static
    memberof

    RegoRule

    Parameters

    • r: any
    • packageName: string
    • parser: default

    Returns RegoRule

Static randomRuleName

  • randomRuleName(prefix: string): string

  • Parameters

    • prefix: string

    Returns string

Generated using TypeDoc