cel 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5e83a98ac5e076442ae06b53d13f43581a3982196f57582bbac02a08eef46ca9
-  data.tar.gz: 1fdb06029d13f3a47037688df7d4d4a77f65e237aa73d0e00fb6989a78600000
+  metadata.gz: 1bf9b40df18d849d9a964e668c0f1aee0d82f02ccd2de536dcfa73c8d714c718
+  data.tar.gz: 0f348c6b1a4a09362d76db927aec94099fc2ac2b355ddcef963b72fa90549e07
 SHA512:
-  metadata.gz: 59eb650749f3b0fcef9a8ee66b6850831db66f116d851f35894d375191e280cac465e48c1f39103d6fcb21f7ebcf6c695f2cd286c65bcfb6c12ef08ddcb07400
-  data.tar.gz: b6dada73b82d27a17a6d9f23a672f36ec7c9af6f89eebef788227aba7b22cdc88720100ffcf5f466db70e923db689ff4df903942abb7ab2f8adeef70de4604df
+  metadata.gz: 936e0ea05567de1932de8a887dee32f3682cbdccc574999772283a98acef7ce47d4ad51446eb35a8bcb5195100dc0a3197ec7fb4a82f8ddc239aab47ba0f40c1
+  data.tar.gz: d346ef64b5f777b1e368f234a43ad69cb2759313134558ef9760e68933e61a2e1f0644b01ad46b85702017955777ceebe31bce28c410ddbbbca49639eeeb1120

data/CHANGELOG.md

@@ -1,5 +1,26 @@
 ## [Unreleased]
 
+## [0.6.0] - 2026-02-28
+
+### Features
+
+#### Network Extension
+
+Support the network extension, as defined [here](https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP).
+
+### Improvements
+
+#### support top-level lookup (ex: '.y')
+
+also, make sure than, on lookup, keys under the passed container take priority, except in the case where the lookup is top-level
+ (i.e. '.y').
+
+at the same time, #merge is refactored in order to:
+
+* normalize nested bindings into aggregated keys ({a:{b:1}} => {:"a.b"=> 1}
+* override container-prefixed variables with the local binding
+* deal with conflicts by moving them to top level.
+
 ## [0.5.0] - 2025-12-11
 
 ### Features

data/README.md

@@ -200,6 +200,7 @@ env.evaluate("ext.random()") #=> 42
 * bindings extensions
 * block extensions
 * encoders extensions
+* network extensions
 * comprehensions V2 API
 * optionals
 

data/lib/cel/ast/elements/invoke.rb

@@ -38,10 +38,10 @@ module Cel
         if indexing?
           "#{var}[#{args}]"
         else
-          "#{var}.#{func}#{"(#{args.map(&:to_s).join(", ")})" if args}"
+          "#{var}.#{func}#{"(#{args.join(", ")})" if args}"
         end
       else
-        "#{func}#{"(#{args.map(&:to_s).join(", ")})" if args}"
+        "#{func}#{"(#{args.join(", ")})" if args}"
       end
     end
 

data/lib/cel/ast/elements/list.rb

@@ -51,7 +51,7 @@ module Cel
     end
 
     def to_s
-      "[#{@value.map(&:to_s).join(", ")}]"
+      "[#{@value.map(&:to_s).join(", ")}]" # rubocop:disable Style/MapJoin
     end
 
     private

data/lib/cel/ast/elements/protobuf.rb

@@ -318,7 +318,7 @@ module Cel
       protoclass = var.split(".").last
       protoclass = Google::Protobuf.const_get(protoclass)
 
-      value = if args.nil? && protoclass.constants.include?(func.to_sym)
+      value = if args.nil? && protoclass.const_defined?(func.to_sym)
         protoclass.const_get(func)
       else
         protoclass.__send__(func, *args)
@@ -340,7 +340,7 @@ module Cel
       when :repeated
         case value
         when Google::Protobuf::Map
-          value.to_h { |k, v| [k, convert_from_proto_field_type(field, v)] } # rubocop:disable Style/HashTransformValues
+          value.to_h { |k, v| [k, convert_from_proto_field_type(field, v)] }
         else
           value.map { |v| convert_from_proto_field_type(field, v) }
         end

data/lib/cel/ast/types.rb

@@ -107,7 +107,7 @@ module Cel
         when :duration
           String.new(value.to_s)
         else
-          String.new(String(value.value))
+          String.new(String(value))
         end
       when :bytes
         case type

data/lib/cel/checker.rb

@@ -11,14 +11,14 @@ module Cel
     BOOLABLE_OPERATORS = %w[&& || == != < <= >= >].freeze
 
     CAST_ALLOWED_TYPES = {
-      int: %i[int uint double string timestamp], # TODO: enum
-      uint: %i[int uint double string],
-      string: %i[int uint double bytes bool bytes string timestamp duration],
-      double: %i[double int uint string],
-      bytes: %i[bytes string],
-      bool: %i[bool string],
-      duration: %i[string duration],
-      timestamp: %i[int string timestamp],
+      int: %i[int uint double string timestamp].freeze, # TODO: enum
+      uint: %i[int uint double string].freeze,
+      string: %i[int uint double bytes bool bytes string timestamp duration].freeze,
+      double: %i[double int uint string].freeze,
+      bytes: %i[bytes string].freeze,
+      bool: %i[bool string].freeze,
+      duration: %i[string duration].freeze,
+      timestamp: %i[int string timestamp].freeze,
     }.freeze
 
     attr_reader :environment, :declarations
@@ -26,6 +26,15 @@ module Cel
     def initialize(environment, declarations = environment.declarations)
       @environment = environment
       @declarations = declarations
+      @cast_allowed_types = CAST_ALLOWED_TYPES.dup
+      @environment.extensions.each_value do |ext|
+        next unless ext.const_defined?(:CAST_ALLOWED_TYPES)
+
+        ext.const_get(:CAST_ALLOWED_TYPES).each do |type, allowed_types|
+          @cast_allowed_types[type] ||= []
+          @cast_allowed_types[type] += allowed_types
+        end
+      end
     end
 
     def check(ast)
@@ -66,6 +75,8 @@ module Cel
     end
 
     def check_arity(func, args, arity, op = :===)
+      return arity.zero? if args.nil?
+
       return if arity.__send__(op, args.size)
 
       raise CheckError, "`#{func}` invoked with wrong number of arguments (should be #{arity})"
@@ -388,6 +399,12 @@ module Cel
       func = funcall.func
       args = funcall.args
 
+      @environment.implicit_extensions.each do |ext|
+        if (typ = ext.__check(funcall, checker: self))
+          return typ
+        end
+      end
+
       # check if protobuf conversion
       if (proto_type = Protobuf.convert_to_proto_type(func.to_s, @environment.package))
         # TODO: fixit
@@ -413,9 +430,9 @@ module Cel
 
         arg = call(args.first)
         return TYPES[:int] if find_match_all_types(%i[string bytes list map], arg)
-      when *CAST_ALLOWED_TYPES.keys
+      when *@cast_allowed_types.keys
         check_arity(func, args, 1)
-        allowed_types = CAST_ALLOWED_TYPES[func]
+        allowed_types = @cast_allowed_types[func]
 
         arg = call(args.first)
 

data/lib/cel/context.rb

@@ -16,12 +16,46 @@ module Cel
     def lookup(identifier)
       raise EvaluateError, "no value in context for #{identifier}" unless @bindings
 
+      top_level_key = nil
       id = identifier.to_s
 
       lookup_keys = id.split(".")
 
       val = @bindings
 
+      if lookup_keys.first.empty?
+        # key starts with ".", i.e. ".y"
+        val = val.dup
+        lookup_keys.shift
+        top_level_key = key = lookup_keys.first
+
+        if val.respond_to?(:key?)
+          val = val.dup
+          val.keys.select { |k| k.start_with?(".#{key}") }.each do |k|
+            val[k.to_s[1..-1].to_sym] = val.delete(k) # rubocop:disable Style/SlicingWithRange
+          end
+          # else do nothing
+        end
+      end
+
+      if (container = @environment.container)
+        # ex move data from "example.com.y" to "y"
+        container_keys = val.keys.select { |k| k.start_with?(container) }
+
+        unless container_keys.empty?
+          val = val.dup
+          container_keys.each do |key|
+            skey = key.to_s.delete_prefix("#{container}.")
+
+            # forego editing if this is a top level lookup and the key being
+            # overwritten would be one
+            next if top_level_key && skey.start_with?(top_level_key)
+
+            val[skey.to_sym] = val.delete(key)
+          end
+        end
+      end
+
       loop do
         fetched = false
         (0...lookup_keys.size).reverse_each do |idx|
@@ -66,8 +100,38 @@ module Cel
       [val, lookup_keys.empty? ? nil : lookup_keys.join(".")]
     end
 
+    NORMALIZE_KEYS = lambda do |k, v|
+      if v.is_a?(Hash) || v.is_a?(Map)
+        v.flat_map do |k2, v2|
+          NORMALIZE_KEYS.call(:"#{k}.#{String(k2)}", v2)
+        end
+      else
+        [k, v]
+      end
+    end
+
     def merge(bindings)
-      Context.new(@environment, @bindings ? @bindings.merge(bindings) : bindings)
+      bindings = bindings.to_h { |k, v| NORMALIZE_KEYS[k, v] }
+      if (old_bindings = @bindings)
+        if @environment.container
+          old_bindings = old_bindings.dup
+
+          bindings.each_key do |key|
+            container_key = :"#{@environment.container}.#{key}"
+
+            old_bindings.delete(container_key) if old_bindings.key?(container_key)
+          end
+        end
+        conflicts = []
+        bindings = old_bindings.merge(bindings) do |k, old, new|
+          conflicts << [k, old]
+          new
+        end
+        conflicts.each do |k, v|
+          bindings[:".#{k}"] = v
+        end
+      end
+      Context.new(@environment, bindings)
     end
 
     private

data/lib/cel/environment.rb

@@ -2,7 +2,7 @@
 
 module Cel
   class Environment
-    attr_reader :declarations, :extensions, :package
+    attr_reader :declarations, :extensions, :package, :container
 
     def initialize(
       declarations: nil,
@@ -13,11 +13,12 @@ module Cel
     )
       @disable_check = disable_check
       @declarations = declarations
-      @container = container
       @extensions = extensions ? EXTENSIONS.merge(extensions) : EXTENSIONS
-      @package = nil
+      @package = @container = nil
       @checker = Checker.new(self)
 
+      @container = container if container && !container.empty?
+
       if container && !container.empty?
 
         module_dir = container.split(".")
@@ -38,6 +39,10 @@ module Cel
       @parser = Parser.new(package, **kwargs)
     end
 
+    def implicit_extensions
+      @implicit_extensions ||= @extensions.select { |_, ext| ext.implicit? }.values
+    end
+
     def compile(expr)
       ast = @parser.parse(expr)
       @checker.check(ast)
@@ -88,8 +93,10 @@ module Cel
       cbinding_keys.each do |k|
         cbinding = k.to_s.delete_prefix(prefix).to_sym
 
-        bindings[cbinding] = bindings.delete(k)
-        declarations[cbinding] = declarations.delete(k) if declarations.key?(k)
+        unless bindings.key?(cbinding)
+          bindings[cbinding] = bindings.delete(k)
+          declarations[cbinding] = declarations.delete(k) if declarations.key?(k)
+        end
       end
 
       [declarations, bindings]

data/lib/cel/extensions/bind.rb

@@ -5,6 +5,10 @@ module Cel
     module Bind
       module_function
 
+      def implicit?
+        false
+      end
+
       def __check(funcall, checker:)
         func = funcall.func
         args = funcall.args

data/lib/cel/extensions/encoders.rb

@@ -6,6 +6,10 @@ module Cel
       module Base64
         module_function
 
+        def implicit?
+          false
+        end
+
         def __check(funcall, checker:)
           func = funcall.func
           args = funcall.args

data/lib/cel/extensions/math.rb

@@ -5,6 +5,10 @@ module Cel
     module Math
       module_function
 
+      def implicit?
+        false
+      end
+
       def __check(funcall, checker:)
         func = funcall.func
         args = funcall.args

data/lib/cel/extensions/network.rb

@@ -0,0 +1,220 @@
+# frozen_string_literal: true
+
+require "resolv"
+require "ipaddr"
+
+module Cel
+  module Extensions
+    module Network
+      module_function
+
+      def implicit?
+        false
+      end
+
+      def __check(funcall, checker:)
+        funcall.var
+        func = funcall.func
+        args = funcall.args
+
+        case func
+        when :IP, :CIDR
+          checker.check_arity(func, args, 0)
+          TYPES[:type]
+        end
+      end
+
+      def IP(*) # rubocop:disable Naming/MethodName
+        TYPES[:ip]
+      end
+
+      def CIDR(*) # rubocop:disable Naming/MethodName
+        TYPES[:cidr]
+      end
+
+      module IP
+        module_function
+
+        CAST_ALLOWED_TYPES = {
+          string: %i[ip cidr].freeze,
+        }.freeze
+
+        def implicit?
+          true
+        end
+
+        def __check(funcall, checker:)
+          funcall.var
+          func = funcall.func
+          args = funcall.args
+
+          case func
+          when :ip, :cidr
+            checker.check_arity(func, args, 1)
+            arg = checker.call(args.first)
+            TYPES[func] if checker.find_match_all_types(%i[string], arg)
+          when :isIP, :isCanonical
+            checker.check_arity(func, args, 1)
+            arg = checker.call(args.first)
+            TYPES[:bool] if checker.find_match_all_types(%i[string], arg)
+          end
+        end
+
+        def __ip(value)
+          Cel::IP.new(value)
+        rescue IPAddr::InvalidAddressError
+          raise EvaluateError, "IP Address '#{value}' parse error during conversion from string"
+        end
+
+        def __cidr(value)
+          Cel::CIDR.new(value)
+        rescue IPAddr::InvalidAddressError
+          raise EvaluateError, "IP Address '#{value}' parse error during conversion from string"
+        end
+
+        def ip(str, program:)
+          value = program.call(str).value
+
+          __ip(value)
+        end
+
+        def cidr(str, program:)
+          value = program.call(str).value
+
+          __cidr(value)
+        end
+
+        def isIP(str, program:) # rubocop:disable Naming/MethodName
+          value = program.call(str).value
+
+          begin
+            __ip(value)
+            Bool.new(true)
+          rescue EvaluateError
+            Bool.new(false)
+          end
+        end
+
+        def isCanonical(str, program:) # rubocop:disable Naming/MethodName
+          value = program.call(str).value
+
+          Bool.new(value == __ip(value).to_s)
+        end
+      end
+    end
+  end
+
+  # https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP
+  class IP < Literal
+    IPV4_LL_UC_CIDR = IPAddr.new("169.254.0.0/16")
+    IPV4_LL_MC_CIDR = IPAddr.new("224.0.0.0/24")
+    IPV6_LL_UC_CIDR = IPAddr.new("fe80::/10")
+    IPV6_LL_MC_CIDR = IPAddr.new("ff00::/8")
+
+    def initialize(val)
+      value = IPAddr.new(val)
+
+      if value.ipv6?
+        raise EvaluateError, "IP Address with zone value is not allowed" if value.zone_id
+
+        if Resolv::IPv4::Regex.match?(val.split(":").last)
+          raise EvaluateError, "IPv4-mapped IPv6 address is not allowed"
+        end
+      end
+
+      super(:ip, value)
+    end
+
+    define_cel_method(:==) do |other|
+      case other
+      when IP
+        if @value.ipv4? && other.value.ipv6? && other.value.ipv4_mapped?
+          # convert ipv4 to ipv4-mapped ipv6 addr
+          @value.ipv4_mapped == other.value
+        elsif @value.ipv6? && other.value.ipv4? && @value.ipv4_mapped?
+          # convert ipv4 to ipv4-mapped ipv6 addr
+          @value == other.value.ipv4_mapped
+        else
+          # same family?
+          @value == other.value
+        end
+      else
+        super
+      end
+    end
+
+    define_cel_method(:family) do
+      Number.new(:int, @value.ipv6? ? 6 : 4)
+    end
+
+    define_cel_method(:isUnspecified) do
+      Bool.cast(@value == (@value.ipv6? ? "::" : "0.0.0.0"))
+    end
+
+    define_cel_method(:isLoopback) do
+      Bool.cast(@value.loopback?)
+    end
+
+    define_cel_method(:isGlobalUnicast) do
+      if @value.ipv6?
+        # not a link-local unicast, loopback or multicast address.
+        Bool.cast(!@value.loopback? && !IPV6_LL_UC_CIDR.include?(@value) && !IPV6_LL_MC_CIDR.include?(@value))
+      else
+        # not zero or 255.255.255.255
+        Bool.cast(@value != "255.255.255.255" && @value != "0.0.0.0")
+      end
+    end
+
+    define_cel_method(:isLinkLocalMulticast) do
+      Bool.cast(@value.ipv6? ? IPV6_LL_MC_CIDR.include?(@value) : IPV4_LL_MC_CIDR.include?(@value))
+    end
+
+    define_cel_method(:isLinkLocalUnicast) do
+      Bool.cast(@value.ipv6? ? IPV6_LL_UC_CIDR.include?(@value) : IPV4_LL_UC_CIDR.include?(@value))
+    end
+  end
+
+  class CIDR < Literal
+    def initialize(val)
+      value = IPAddr.new(val)
+
+      if value.ipv6?
+        raise EvaluateError, "IP Address with zone value is not allowed" if value.zone_id
+
+        val, = val.split("/", 2)
+        if Resolv::IPv4::Regex.match?(val.split(":").last)
+          raise EvaluateError, "IPv4-mapped IPv6 address is not allowed"
+        end
+      end
+
+      super(:cidr, value)
+    end
+
+    define_cel_method(:containsIP) do |other|
+      Bool.cast(@value.include?(other.value))
+    end
+
+    define_cel_method(:containsCIDR) do |other|
+      Bool.cast(@value.include?(other.value))
+    end
+
+    define_cel_method(:ip) do
+      IP.new(@value.to_s)
+    end
+
+    define_cel_method(:masked) do
+      self
+    end
+
+    define_cel_method(:prefixLength) do
+      Number.new(:int, @value.prefix)
+    end
+
+    def to_str
+      @value.cidr
+    end
+  end
+
+  TYPES[:ip] = Type.new(:ip)
+  TYPES[:cidr] = Type.new(:cidr)
+end

data/lib/cel/extensions/string.rb

@@ -5,6 +5,10 @@ module Cel
     module String
       module_function
 
+      def implicit?
+        false
+      end
+
       def __check(funcall, checker:)
         var = funcall.var
         func = funcall.func

data/lib/cel/extensions.rb

@@ -4,6 +4,7 @@ require_relative "extensions/math"
 require_relative "extensions/string"
 require_relative "extensions/bind"
 require_relative "extensions/encoders"
+require_relative "extensions/network"
 
 module Cel
   EXTENSIONS = {
@@ -11,5 +12,7 @@ module Cel
     strings: Extensions::String,
     base64: Extensions::Encoders::Base64,
     cel: Extensions::Bind,
+    net: Extensions::Network,
+    ip: Extensions::Network::IP,
   }.freeze
 end

data/lib/cel/parser.rb

@@ -995,7 +995,7 @@ module_eval(<<'.,.,', 'parser.ry', 58)
 
 module_eval(<<'.,.,', 'parser.ry', 62)
   def _reduce_36(val, _values, result)
-     result = val[1]
+     result = ".#{val[1]}"
     result
   end
 .,.,

data/lib/cel/program.rb

@@ -208,10 +208,14 @@ module Cel
             return evaluate_invoke(invoke, proto_type)
           end
 
-          # try stuff like a.b.c
-          return evaluate_identifier(invoke.to_s) if args.nil?
-
-          evaluate_identifier(var)
+          if @environment.extensions.key?(var.to_sym)
+            var = @environment.extensions[var.to_sym]
+          elsif args.nil?
+            # try stuff like a.b.c
+            return evaluate_identifier(invoke.to_s)
+          else
+            evaluate_identifier(var)
+          end
 
         when Invoke
           if args.nil?
@@ -265,7 +269,7 @@ module Cel
         raise EvaluateError, "#{invoke} is not supported" unless var.class.method_defined?(func, false)
 
         # eliminate protobuf API from the lookup
-        raise NoMatchingOverloadError.new(var, func) if Protobuf.base_class.instance_methods.include?(func)
+        raise NoMatchingOverloadError.new(var, func) if Protobuf.base_class.method_defined?(func)
 
         # If e evaluates to a message and f is not declared in this message, the
         # runtime error no_such_field is raised.
@@ -274,16 +278,18 @@ module Cel
         var.cel_send(func, *args)
       when Literal
         # eliminate ruby API from the lookup
-        raise NoMatchingOverloadError.new(var, func) if Literal.instance_methods.include?(func)
+        raise NoMatchingOverloadError.new(var, func) if Literal.method_defined?(func)
 
         # If e evaluates to a message and f is not declared in this message, the
         # runtime error no_such_field is raised.
         raise NoSuchFieldError.new(var, func) unless var.respond_to?(func)
 
+        args ?
+        var.cel_send(func, *Array(args).map(&method(:call))) :
         var.cel_send(func)
       when Protobuf.base_class
         # eliminate protobuf API from the lookup
-        raise NoMatchingOverloadError.new(var, func) if Protobuf.base_class.instance_methods.include?(func)
+        raise NoMatchingOverloadError.new(var, func) if Protobuf.base_class.method_defined?(func)
 
         # If e evaluates to a message and f is not declared in this message, the
         # runtime error no_such_field is raised.
@@ -344,6 +350,12 @@ module Cel
       func = funcall.func
       args = funcall.args
 
+      unless Module.respond_to?(func)
+        @environment.implicit_extensions.each do |ext|
+          return ext.__send__(func, *args, program: self) if ext.respond_to?(func)
+        end
+      end
+
       case func
       when :type
         operand = args.first

data/lib/cel/version.rb

@@ -2,6 +2,6 @@
 
 module Cel
   module Ruby
-    VERSION = "0.5.0"
+    VERSION = "0.6.0"
   end
 end

data/lib/cel.rb

@@ -22,8 +22,7 @@ end
 
 begin
   require_relative "cel/ast/elements/protobuf"
-rescue LoadError => e
-  puts e
+rescue LoadError
   module Cel
     class << self
       # returns a struct class containing the attributes that one would
@@ -114,26 +113,27 @@ rescue LoadError => e
     module Protobuf
       module_function
 
-      BASE_CLASS = Class.new(Object)
+      class BaseClass < Object
+      end
 
       def base_class
         Struct
       end
 
       def enum_class
-        BASE_CLASS
+        BaseClass
       end
 
       def map_class
-        BASE_CLASS
+        BaseClass
       end
 
       def timestamp_class
-        BASE_CLASS
+        BaseClass
       end
 
       def duration_class
-        BASE_CLASS
+        BaseClass
       end
 
       def convert_to_proto(message_type, values)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cel
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Tiago Cardoso
@@ -109,6 +109,7 @@ files:
 - lib/cel/extensions/bind.rb
 - lib/cel/extensions/encoders.rb
 - lib/cel/extensions/math.rb
+- lib/cel/extensions/network.rb
 - lib/cel/extensions/string.rb
 - lib/cel/macro.rb
 - lib/cel/parser.rb