Last active
March 28, 2022 17:42
-
-
Save mandarjog/24b37f1685c4b23ccdb8533e223c55b2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filters: | |
| OR: | |
| - { attr.ip: 1.2.3.4/32 } | |
| - { attr.ip: 1.2.3.5/32 } | |
| - AND: | |
| - { attr.region: us-west1 } | |
| - { dept: eng } | |
Author
mandarjog
commented
Mar 25, 2022
// Match expression defined over resources.
message MatchExpr {
// Logical oneof between the following fields.
// Proto restrictions do not let us use oneof here.
//oneof {
// ANDs all the repeated fields.
repeated MatchExpr and = 1;
// ORs all the repeated fields.
repeated MatchExpr or = 2;
// Expresses a match.
repeated string match = 3;
// syntactic sugar for AND with all MATCH elements.
map<string, string> matchall = 4;
// syntactic sugar for OR with all MATCH elements.
map<string, string> matchany = 5;
// } end oneof
}
Only using and, or, match we get the following output
The following application domain is defined by the union of a subnet group consisting of two CIDRs, and one VM and VPC expression each.
{
"or": [
{"or": [
{"match": ["ip", "10.4.5.0/24"]},
{"match": ["ip", "10.4.4.0/24"]}]
},
{"and": [
{"match": ["type", "vm"]},
{"match": ["zone", "us-west-2"]},
{"match": ["tags.application", "app1"]}]
},
{"and": [
{"match": ["type", "vpc"]},
{"match": ["tags.application", "app1"]}]
}
]
}
**Using matchall shortcut **
{
"or": [
{"matchany": {
"ip": "10.4.5.0/24",
"ip": "10.4.4.0/24" }
},
{"matchall": {
"type": "vm",
"zone": "us-west-2",
"tags.application": "app1" }
},
{"matchall": {
"type": "vpc",
"tags.application": "app1" }
}
]
Alternative
syntax = "proto3";
package proto.global_config;
// combines n-booleans
message BoolExpr {
enum BoolOp {
UNSPECIFIED = 0;
AND = 1;
OR = 2;
NOT = 3;
}
BoolOp op = 1;
repeated Expr args = 2;
}
message MatchExpr {
repeated string args = 1;
}
message Expr {
oneof expr {
BoolExpr combine = 1;
MatchExpr match = 2;
}
}Rendering yaml using the alternative
combine: {
op: or,
args: [
{combine: {op: and,
args: [
{MATCH: {args: [type, vm]}},
{MATCH: {args: [ip, 10.4.4.0/24]}},
]}},
{combine: {op: and,
args: [
{MATCH: {args: [type, vm]}},
{MATCH: {args: [zone, us-west-2]}},
{MATCH: {args: [tags.application, app1]}}
]}},
{combine: {op: and,
args: [
{MATCH: {args: [type, vpc]}},
{MATCH: {args: [tags.application, app1]}}
]}}
]
}
Using a oneof that supports basic and full ast version -
We may not have to change the protobuf defintion if we use the oneof?
message Selector {
oneof ver {
// Basic version is what we will support in phase 1
Basic basic = 1;
// Based on requirements, we can support full AST (The alternative method suggested by Mandar)
FullAst fullast = 2
}
}
message Basic {
repeated MatchExpr expr = 1
}
message MatchExpr {
map <str, str> match = 1
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment