Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

builtin parity with OPA #224

Open
srenatus opened this issue Jul 11, 2020 · 7 comments
Open

builtin parity with OPA #224

srenatus opened this issue Jul 11, 2020 · 7 comments

Comments

@srenatus
Copy link
Contributor

srenatus commented Jul 11, 2020
edited
Loading

  • abs
  • all
  • and
  • any
  • array.concat
  • array.slice
  • assign
  • base64.decode
  • base64.encode
  • base64.is_valid
  • base64url.decode
  • base64url.encode
  • bits.and
  • bits.lsh
  • bits.negate
  • bits.or
  • bits.rsh
  • bits.xor
  • cast_array
  • cast_boolean
  • cast_null
  • cast_object
  • cast_set
  • cast_string
  • concat
  • contains
  • count
  • crypto.md5
  • crypto.sha1
  • crypto.sha256
  • crypto.x509.parse_certificate_request
  • crypto.x509.parse_certificates
  • div
  • endswith
  • eq
  • equal
  • format_int
  • glob.match
  • glob.quote_meta
  • graph.reachable
  • gt
  • gte
  • http.send
  • indexof
  • intersection
  • io.jwt.decode
  • io.jwt.decode_verify
  • io.jwt.encode_sign
  • io.jwt.encode_sign_raw
  • io.jwt.verify_es256
  • io.jwt.verify_es384
  • io.jwt.verify_es512
  • io.jwt.verify_hs256
  • io.jwt.verify_hs384
  • io.jwt.verify_hs512
  • io.jwt.verify_ps256
  • io.jwt.verify_ps384
  • io.jwt.verify_ps512
  • io.jwt.verify_rs256
  • io.jwt.verify_rs384
  • io.jwt.verify_rs512
  • is_array
  • is_boolean
  • is_null
  • is_number
  • is_object
  • is_set
  • is_string
  • json.filter
  • json.marshal
  • json.remove
  • json.unmarshal
  • lower
  • lt
  • lte
  • max
  • min
  • minus
  • mul
  • neq
  • net.cidr_contains
  • net.cidr_contains_matches
  • net.cidr_expand
  • net.cidr_intersects
  • net.cidr_merge
  • net.cidr_overlap
  • numbers.range
  • object.filter
  • object.get
  • object.remove
  • object.union
  • opa.runtime
  • or
  • plus
  • product
  • re_match
  • regex.find_all_string_submatch_n
  • regex.find_n
  • regex.globs_match
  • regex.is_valid
  • regex.match
  • regex.split
  • regex.template_match
  • rego.parse_module
  • rem
  • replace
  • round
  • semver.compare
  • semver.is_valid
  • set_diff
  • sort
  • split
  • sprintf
  • startswith
  • strings.replace_n
  • substring
  • sum
  • time.add_date
  • time.clock
  • time.date
  • time.now_ns
  • time.parse_duration_ns
  • time.parse_ns
  • time.parse_rfc3339_ns
  • time.weekday
  • to_number
  • trace
  • trim
  • trim_left
  • trim_prefix
  • trim_right
  • trim_space
  • trim_suffix
  • type_name
  • union
  • units.parse_bytes
  • upper
  • urlquery.decode
  • urlquery.decode_object
  • urlquery.encode
  • urlquery.encode_object
  • uuid.rfc4122
  • walk
  • yaml.marshal
  • yaml.unmarshal

Made using this command:

jq -rn --argjson fregot "$(cat extra/capabilities-master.json)" --argjson opa "$(cat v0.24.0.json)" '$opa.builtins[].name | if . | IN($fregot.builtins[].name) then "- [x] \(.)" else "- [ ] \(.)" end'

using the capabilities file of OPA v0.24.0.
@srenatus srenatus mentioned this issue Jul 11, 2020
Closed
@srenatus
Copy link
Contributor Author

Guess my awk'ing was a bit flawed here. There's an object.union in OPA but not in this list...

@srenatus
Copy link
Contributor Author

OPA has a capabilities JSON doc now that could be used instead. I believe it would also be nice if fregot exported one of those.

👉 open-policy-agent/opa#2571

@srenatus
Copy link
Contributor Author

✔️ Updated the issue, using the capabilities doc.

@jaspervdj-luminal
Copy link
Member

The capabilities doc is really neat. I think we should be able to support that. One annoyance is that there's issues serializing the types of builtins in fregot because they can be small programs -- see e.g. eebc2df where I was experimenting with that.

Getting something out where we either drop the types or we just have any there should not be very hard though.

jaspervdj-luminal added a commit that referenced this issue Oct 5, 2020
@jaspervdj-luminal
Refactor builtin Sig into TypeRepr
9735632 
We used to have two indications of a builtins type:

 -  `Sig i o`, which just provided the arity
 -  `BuiltinType i`, which is a closure that checks the type

However, since `Sig` just indicates the arity, it doesn't give us quite enough
information to render the capabilities doc as described in #224.

In this refactor, I extended `Sig` to `TypeRepr` and made it hold more
information: an actual deep embedding of the types.  I also moved this new type
into `BuiltinType` (which is now a record).  This allows convenient construction
of _both_ `TypeRepr` and the checker closure using `🡒` and `out`.
@jaspervdj-luminal jaspervdj-luminal mentioned this issue Oct 5, 2020
Merged
jaspervdj-luminal added a commit that referenced this issue Oct 5, 2020
@jaspervdj-luminal
Refactor builtin Sig into TypeRepr
880789c 
We used to have two indications of a builtins type:

 -  `Sig i o`, which just provided the arity
 -  `BuiltinType i`, which is a closure that checks the type

However, since `Sig` just indicates the arity, it doesn't give us quite enough
information to render the capabilities doc as described in #224.

In this refactor, I extended `Sig` to `TypeRepr` and made it hold more
information: an actual deep embedding of the types.  I also moved this new type
into `BuiltinType` (which is now a record).  This allows convenient construction
of _both_ `TypeRepr` and the checker closure using `🡒` and `out`.
jaspervdj-luminal added a commit that referenced this issue Oct 5, 2020
@jaspervdj-luminal
Add capabilities subcommand
ec1279f 
See #224
@jaspervdj-luminal
Copy link
Member

@srenatus fregot now also exports a capabilities document: https://github.com/fugue/fregot/blob/master/extra/capabilities-v0.12.3.json.

My previous comment was wrong: due to the refactoring in #250 fregot can now also export the same type description format as OPA.

@srenatus
Copy link
Contributor Author

@jaspervdj-luminal that's cool, it made it so much easier to check supported builtins across the implementations. Updated the issue above. 🎉

@gusfcarvalho
Copy link

Hey all! Are there any plans to include crypto.x509 in fregot?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@srenatus @jaspervdj-luminal @gusfcarvalho