Skip to content

Commit

Permalink
Fix grammar: allow import between rules and complex expression in els…
Browse files Browse the repository at this point in the history
…e statement (#80)

* fix grammar: allow import between rules and allow "complex" expression in else statement

also merge 'else keyword' and 'else keyword 2' tests into 'else keyword'

Signed-off-by: Vincent Gramer <vgramer@gmail.com>
  • Loading branch information
vgramer authored Jan 4, 2021
1 parent 42f0d4b commit 85c8e55
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 13 deletions.
5 changes: 2 additions & 3 deletions src/main/grammar/Rego.bnf
Original file line number Diff line number Diff line change
Expand Up @@ -63,14 +63,13 @@
COMMENT = 'regexp:[ \t]*#[^\r\n]*'
]
}
module ::= package import* policy
module ::= package (import| rule)*
package ::= "package" ref
import ::= "import" ref ( "as" var )?
policy ::= rule*
rule ::= "default"? rule-head rule-body*
rule-head ::= var ( "(" rule-args? ")" )? ("[" term "]" )? ( ( ":=" | "=" ) expr2 )?
rule-args ::= term ( "," term )*
rule-body ::= ( else ( "=" term )? )? "{" query "}"
rule-body ::= ( else ( "=" expr2 )? )? "{" query "}"
query ::=( literal |';' )+
literal ::= ( some-decl | expr | "not" expr ) with-modifier*
with-modifier ::= "with" term "as" term
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,10 @@ class RegoParsingTestCase: RegoParsingTestCaseBase() {

fun `test composite keys`() = doTestNoError()
fun `test composite values`() = doTestNoError()
fun `test else keyword 2`() = doTestNoError()

fun `test imports`() = doTestNoError()
fun `test imports between rules`() = doTestNoError()

fun `test negations`() = doTestNoError()
fun `test package with simple rule`() = doTestNoError()
fun `test references`() = doTestNoError()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,45 @@
package main
a := []

# In order to handle manifest with one or many resources, we turns the input into an array, if it's not an array already.
as_array(x) = [x] {not is_array(x)} else = x {true}
as_array(x) = [x] {not is_array(x)} else = x {true}


authorize = "allow" {
input.user == "superuser" # allow 'superuser' to perform any operation.
} else = "deny" {
input.path[0] == "admin" # disallow 'admin' operations...
input.source_network == "external" # from external networks.
}


check_function_call_for_else(x) = x {
x % 2 == 0
}else = abs(x) {
true
}

check_infix_op_for_else(x) = x {
x % 2 == 0
} else = x *2 - 1 {
true
}


check_array_comprehension_for_else(x) = x {
x % 2 == 0
} else = [y | some y; a[y] == x] {
true
}

check_set_comprehension_for_else(x) = x {
x % 2 == 0
} else = {y | some y; a[y]} {
true
}

check_object_comprehension_for_else(x) = x {
x % 2 == 0
} else = {y : "true" | some y; a[y] } {
true
}

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package test

import data.policy
import data.security.policy as p

default allow = false
allow {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package test

import data.policy
import data.security.policy as p

default allow = false
allow {
true
}

import data.domain
import data.otherdomain as od

rule_1 {
1 == 1
}

import data.something

0 comments on commit 85c8e55

Please sign in to comment.