HTTP Macros
CEL provides a set of predefined macros that can also be used in policy expressions. For convenience, the following custom macros are also supported:
Name | Return Type | Description |
---|---|---|
hasReqHeader(string) | bool | Returns true or false if the provided header key is present on the request. Header keys must be written in canonical format. |
getReqHeader(string) | list | Returns a list of header values for the provided key on the request. Header keys must be written in canonical format. |
hasQueryParam(string) | bool | Returns true or false if the specified query parameter key is part of the request URL. |
getQueryParam(string) | list | Returns a list of the query parameter values from the request URL for the specified key. |
hasReqCookie(string) | bool | Returns true or false if a cookie exists on the request with the specified name. |
getReqCookie(string) | bool | Returns the cookie struct for the specified cookie name, if it exists on the request. |
hasResHeader(string) | bool | Returns true or false if the provided header key is present on the response. Header keys must be written in canonical format. |
getResHeader(string) | list | Returns a list of header values for the provided key on the response. Header keys must be written in canonical format. |
hasResCookie(string) | bool | Returns true or false if a cookie exists on the response with the specified name. |
getResCookie(string) | bool | Returns the cookie struct for the specified cookie name, if it exists on the response. |
inCidrRange(ip string, cidr string) | bool | Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid. |
inCidrRanges(ip string, cidrs list) | bool | Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid. |
hasReqHeader(string)
Returns true
or false
if the provided header key is present on the request. Header keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "hasReqHeader('X-Version-Id')"
// snippet
{
"expressions": [
"hasReqHeader('X-Version-Id')"
]
}
getReqHeader(string)
Returns a list of header values for the provided key on the request. Header keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "getReqHeader('User-Agent').exists(v, v.matches('(?i)google-images'))"
// snippet
{
"expressions": [
"getReqHeader('User-Agent').exists(v, v.matches('(?i)google-images'))"
]
}
hasQueryParam(string)
Returns true or false if the specified query parameter key is part of the request URL.
- YAML
- JSON
# snippet
---
expressions:
- "hasQueryParam('q')"
// snippet
{
"expressions": [
"hasQueryParam('q')"
]
}
getQueryParam(string)
Returns a list of the query parameter values from the request URL for the specified key.
- YAML
- JSON
# snippet
---
expressions:
- "size(getQueryParam('q')) == 0"
// snippet
{
"expressions": [
"size(getQueryParam('q')) == 0"
]
}
hasReqCookie(string)
Returns true or false if a cookie exists on the request with the specified name.
- YAML
- JSON
# snippet
---
expressions:
- "hasReqCookie('session')"
// snippet
{
"expressions": [
"hasReqCookie('session')"
]
}
getReqCookie(string)
Returns the cookie struct for the specified cookie name, if it exists on the request.
- YAML
- JSON
# snippet
---
expressions:
- "getReqCookie('session').Secure"
// snippet
{
"expressions": [
"getReqCookie('session').Secure"
]
}
hasResHeader(string)
Returns true or false if the provided header key is present on the response. Header keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "hasResHeader('Content-Type')"
// snippet
{
"expressions": [
"hasResHeader('Content-Type')"
]
}
getResHeader(string)
Returns a list of header values for the provided key on the response. Header keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "size(getResHeader('Content-Type').filter(v, v.matches('application/json')))
> 0"
// snippet
{
"expressions": [
"size(getResHeader('Content-Type').filter(v, v.matches('application/json'))) > 0"
]
}
hasResCookie(string)
Returns true or false if a cookie exists on the response with the specified name.
- YAML
- JSON
# snippet
---
expressions:
- "hasResCookie('_device_id')"
// snippet
{
"expressions": [
"hasResCookie('_device_id')"
]
}
getResCookie(string)
Returns the cookie struct for the specified cookie name, if it exists on the response.
- YAML
- JSON
# snippet
---
expressions:
- "getResCookie('_device_id').Value == 'mobile-phone-14'"
// snippet
{
"expressions": [
"getResCookie('_device_id').Value == 'mobile-phone-14'"
]
}
inCidrRange(ip string, cidr string)
Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid.
- YAML
- JSON
# snippet
---
expressions:
- "inCidrRange(conn.client_ip, '66.249.66.1/24')"
// snippet
{
"expressions": [
"inCidrRange(conn.client_ip, '66.249.66.1/24')"
]
}
inCidrRanges(ip string, cidrs list)
Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid.
- YAML
- JSON
# snippet
---
expressions:
- "inCidrRanges(conn.client_ip, ['66.249.66.1/24', '2001:4860::/32'])"
// snippet
{
"expressions": [
"inCidrRanges(conn.client_ip, ['66.249.66.1/24', '2001:4860::/32'])"
]
}