Support for typename import aliases in policy compiler

PiperOrigin-RevId: 789401005

Author: l46kok

checker/src/main/java/dev/cel/checker/CelCheckerBuilder.java

@@ -49,6 +49,9 @@ public interface CelCheckerBuilder {
   @CanIgnoreReturnValue
   CelCheckerBuilder setContainer(CelContainer container);
 
+  /** Retrieves the currently configured {@link CelContainer} in the builder. */
+  CelContainer container();
+
   /** Add variable and function {@code declarations} to the CEL environment. */
   @CanIgnoreReturnValue
   CelCheckerBuilder addDeclarations(Decl... declarations);

checker/src/main/java/dev/cel/checker/CelCheckerLegacyImpl.java

@@ -210,6 +210,11 @@ public CelCheckerBuilder setContainer(CelContainer container) {
       return this;
     }
 
+    @Override
+    public CelContainer container() {
+      return this.container;
+    }
+
     @Override
     public CelCheckerBuilder addDeclarations(Decl... declarations) {
       checkNotNull(declarations);

common/src/main/java/dev/cel/common/CelContainer.java

@@ -108,6 +108,8 @@ public Builder addAbbreviations(String... qualifiedNames) {
      * <p>If there is ever a case where an identifier could be in both the container and as an
      * abbreviation, the abbreviation wins as this will ensure that the meaning of a program is
      * preserved between compilations even as the container evolves.
+     *
+     * @throws IllegalArgumentException If qualifiedName is invalid per above specification.
      */
     @CanIgnoreReturnValue
     public Builder addAbbreviations(ImmutableSet<String> qualifiedNames) {
@@ -250,6 +252,8 @@ public ImmutableSet<String> resolveCandidateNames(String typeName) {
     return candidates.add(typeName).build();
   }
 
+  public abstract Builder toBuilder();
+
   public static Builder newBuilder() {
     return new AutoValue_CelContainer.Builder().setName("");
   }

policy/src/main/java/dev/cel/policy/BUILD.bazel

@@ -206,6 +206,7 @@ java_library(
         "//common:cel_ast",
         "//common:cel_source",
         "//common:compiler_common",
+        "//common:container",
         "//common:source_location",
         "//common/ast",
         "//common/formats:value_string",

policy/src/main/java/dev/cel/policy/CelPolicy.java

@@ -46,6 +46,8 @@ public abstract class CelPolicy {
 
   public abstract ImmutableMap<String, Object> metadata();
 
+  public abstract ImmutableList<Import> imports();
+
   /** Creates a new builder to construct a {@link CelPolicy} instance. */
   public static Builder newBuilder() {
     return new AutoValue_CelPolicy.Builder()
@@ -74,6 +76,16 @@ public abstract static class Builder {
 
     public abstract Builder setMetadata(ImmutableMap<String, Object> value);
 
+    abstract ImmutableList.Builder<Import> importsBuilder();
+
+    abstract Builder setImports(ImmutableList<Import> value);
+
+    @CanIgnoreReturnValue
+    public Builder addImport(Import value) {
+      importsBuilder().add(value);
+      return this;
+    }
+
     @CanIgnoreReturnValue
     public Builder putMetadata(String key, Object value) {
       metadataBuilder().put(key, value);
@@ -278,4 +290,16 @@ public static Builder newBuilder() {
       return new AutoValue_CelPolicy_Variable.Builder();
     }
   }
+
+  /** Import represents an imported type name which is aliased within CEL expressions. */
+  @AutoValue
+  public abstract static class Import {
+    public abstract long id();
+
+    public abstract ValueString name();
+
+    public static Import create(long id, ValueString name) {
+      return new AutoValue_CelPolicy_Import(id, name);
+    }
+  }
 }

policy/src/main/java/dev/cel/policy/CelPolicyCompilerImpl.java

@@ -21,6 +21,7 @@
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import dev.cel.bundle.Cel;
 import dev.cel.common.CelAbstractSyntaxTree;
+import dev.cel.common.CelContainer;
 import dev.cel.common.CelIssue;
 import dev.cel.common.CelSource;
 import dev.cel.common.CelSourceLocation;
@@ -39,6 +40,7 @@
 import dev.cel.policy.CelCompiledRule.CelCompiledMatch.Result;
 import dev.cel.policy.CelCompiledRule.CelCompiledMatch.Result.Kind;
 import dev.cel.policy.CelCompiledRule.CelCompiledVariable;
+import dev.cel.policy.CelPolicy.Import;
 import dev.cel.policy.CelPolicy.Match;
 import dev.cel.policy.CelPolicy.Variable;
 import dev.cel.policy.RuleComposer.RuleCompositionException;
@@ -63,7 +65,28 @@ final class CelPolicyCompilerImpl implements CelPolicyCompiler {
   @Override
   public CelCompiledRule compileRule(CelPolicy policy) throws CelPolicyValidationException {
     CompilerContext compilerContext = new CompilerContext(policy.policySource());
-    CelCompiledRule compiledRule = compileRuleImpl(policy.rule(), cel, compilerContext);
+
+    Cel extendedCel = this.cel;
+
+    if (!policy.imports().isEmpty()) {
+      CelContainer.Builder containerBuilder =
+          extendedCel.toCheckerBuilder().container().toBuilder();
+
+      for (Import imp : policy.imports()) {
+        try {
+          containerBuilder.addAbbreviations(imp.name().value());
+        } catch (IllegalArgumentException e) {
+          compilerContext.addIssue(
+              imp.id(),
+              CelIssue.formatError(
+                  1, 0, String.format("Error configuring import: %s", e.getMessage())));
+        }
+      }
+
+      extendedCel = extendedCel.toCelBuilder().setContainer(containerBuilder.build()).build();
+    }
+
+    CelCompiledRule compiledRule = compileRuleImpl(policy.rule(), extendedCel, compilerContext);
     if (compilerContext.hasError()) {
       throw new CelPolicyValidationException(compilerContext.getIssueString());
     }

policy/src/main/java/dev/cel/policy/CelPolicyYamlParser.java

@@ -27,6 +27,7 @@
 import dev.cel.common.formats.YamlHelper.YamlNodeType;
 import dev.cel.common.formats.YamlParserContextImpl;
 import dev.cel.common.internal.CelCodePointArray;
+import dev.cel.policy.CelPolicy.Import;
 import dev.cel.policy.CelPolicy.Match;
 import dev.cel.policy.CelPolicy.Match.Result;
 import dev.cel.policy.CelPolicy.Variable;
@@ -118,6 +119,9 @@ public CelPolicy parsePolicy(PolicyParserContext<Node> ctx, Node node) {
         Node valueNode = nodeTuple.getValueNode();
         String fieldName = ((ScalarNode) keyNode).getValue();
         switch (fieldName) {
+          case "imports":
+            parseImports(policyBuilder, ctx, valueNode);
+            break;
           case "name":
             policyBuilder.setName(ctx.newValueString(valueNode));
             break;
@@ -141,6 +145,51 @@ public CelPolicy parsePolicy(PolicyParserContext<Node> ctx, Node node) {
           .build();
     }
 
+    private void parseImports(
+        CelPolicy.Builder policyBuilder, PolicyParserContext<Node> ctx, Node node) {
+      long id = ctx.collectMetadata(node);
+      if (!assertYamlType(ctx, id, node, YamlNodeType.LIST)) {
+        return;
+      }
+
+      SequenceNode importListNode = (SequenceNode) node;
+      for (Node importNode : importListNode.getValue()) {
+        parseImport(policyBuilder, ctx, importNode);
+      }
+    }
+
+    private void parseImport(
+        CelPolicy.Builder policyBuilder, PolicyParserContext<Node> ctx, Node node) {
+      long importId = ctx.collectMetadata(node);
+      if (!assertYamlType(ctx, importId, node, YamlNodeType.MAP)) {
+        return;
+      }
+
+      MappingNode mappingNode = (MappingNode) node;
+      for (NodeTuple nodeTuple : mappingNode.getValue()) {
+        Node key = nodeTuple.getKeyNode();
+        long keyId = ctx.collectMetadata(key);
+        if (!assertYamlType(ctx, keyId, key, YamlNodeType.STRING, YamlNodeType.TEXT)) {
+          continue;
+        }
+
+        String fieldName = ((ScalarNode) key).getValue();
+        if (!fieldName.equals("name")) {
+          ctx.reportError(
+              keyId, String.format("Invalid import key: %s, expected 'name'", fieldName));
+          continue;
+        }
+
+        Node value = nodeTuple.getValueNode();
+        long valueId = ctx.collectMetadata(value);
+        if (!assertYamlType(ctx, valueId, value, YamlNodeType.STRING, YamlNodeType.TEXT)) {
+          continue;
+        }
+
+        policyBuilder.addImport(Import.create(valueId, ctx.newValueString(value)));
+      }
+    }
+
     @Override
     public CelPolicy.Rule parseRule(
         PolicyParserContext<Node> ctx, CelPolicy.Builder policyBuilder, Node node) {

policy/src/test/java/dev/cel/policy/BUILD.bazel

@@ -19,6 +19,7 @@ java_library(
         "//common:options",
         "//common/formats:value_string",
         "//common/internal",
+        "//common/resources/testdata/proto3:standalone_global_enum_java_proto",
         "//compiler",
         "//extensions:optional_library",
         "//parser:macro",

policy/src/test/java/dev/cel/policy/CelPolicyCompilerImplTest.java

@@ -43,6 +43,7 @@
 import dev.cel.policy.PolicyTestHelper.TestYamlPolicy;
 import dev.cel.runtime.CelFunctionBinding;
 import dev.cel.runtime.CelLateFunctionBindings;
+import dev.cel.testing.testdata.proto3.StandaloneGlobalEnum;
 import java.io.IOException;
 import java.util.Map;
 import java.util.Optional;
@@ -290,6 +291,7 @@ private static Cel newCel() {
         .setStandardMacros(CelStandardMacro.STANDARD_MACROS)
         .addCompilerLibraries(CelOptionalLibrary.INSTANCE)
         .addRuntimeLibraries(CelOptionalLibrary.INSTANCE)
+        .addFileTypes(StandaloneGlobalEnum.getDescriptor().getFile())
         .addMessageTypes(TestAllTypes.getDescriptor())
         .setOptions(CEL_OPTIONS)
         .addFunctionBindings(

policy/src/test/java/dev/cel/policy/CelPolicyYamlParserTest.java

@@ -21,6 +21,7 @@
 import com.google.testing.junit.testparameterinjector.TestParameter;
 import com.google.testing.junit.testparameterinjector.TestParameterInjector;
 import dev.cel.common.formats.ValueString;
+import dev.cel.policy.CelPolicy.Import;
 import dev.cel.policy.PolicyTestHelper.K8sTagHandler;
 import dev.cel.policy.PolicyTestHelper.TestYamlPolicy;
 import org.junit.Test;
@@ -129,6 +130,24 @@ public void parseYamlPolicy_withExplanation() throws Exception {
         .hasValue(ValueString.of(11, "'custom explanation'"));
   }
 
+  @Test
+  public void parseYamlPolicy_withImports() throws Exception {
+    String policySource =
+        "name: 'policy_with_imports'\n"
+            + "imports:\n"
+            + "- name: foo\n"
+            + "- name: >\n"
+            + "    bar";
+
+    CelPolicy policy = POLICY_PARSER.parse(policySource);
+
+    assertThat(policy.imports())
+        .containsExactly(
+            Import.create(8L, ValueString.of(9L, "foo")),
+            Import.create(12L, ValueString.of(13L, "    bar")))
+        .inOrder();
+  }
+
   @Test
   public void parseYamlPolicy_errors(@TestParameter PolicyParseErrorTestCase testCase) {
     CelPolicyValidationException e =
@@ -318,7 +337,32 @@ private enum PolicyParseErrorTestCase {
             + " [tag:yaml.org,2002:str !txt]\n"
             + " |   description: 1\n"
             + " | ...............^"),
-    ;
+    ILLEGAL_YAML_TYPE_IMPORT_EXPECTED_LIST(
+        "imports: foo",
+        "ERROR: <input>:1:10: Got yaml node type tag:yaml.org,2002:str, wanted type(s)"
+            + " [tag:yaml.org,2002:seq]\n"
+            + " | imports: foo\n"
+            + " | .........^"),
+    ILLEGAL_YAML_TYPE_IMPORT_ELEMENT_EXPECTED_MAP(
+        "imports:\n" //
+            + "- foo",
+        "ERROR: <input>:2:3: Got yaml node type tag:yaml.org,2002:str, wanted type(s)"
+            + " [tag:yaml.org,2002:map]\n"
+            + " | - foo\n"
+            + " | ..^"),
+    ILLEGAL_YAML_TYPE_IMPORT_ELEMENT_MAP_INVALID_KEY(
+        "imports:\n" //
+            + "- 1: 2",
+        "ERROR: <input>:2:3: Got yaml node type tag:yaml.org,2002:int, wanted type(s)"
+            + " [tag:yaml.org,2002:str !txt]\n"
+            + " | - 1: 2\n"
+            + " | ..^"),
+    ILLEGAL_YAML_TYPE_IMPORT_ELEMENT_MAP_INVALID_VALUE_NAME(
+        "imports:\n" //
+            + "- foo: bar",
+        "ERROR: <input>:2:3: Invalid import key: foo, expected 'name'\n"
+            + " | - foo: bar\n"
+            + " | ..^");
 
     private final String yamlPolicy;
     private final String expectedErrorMessage;