Internal Changes

PiperOrigin-RevId: 910292784

Author: l46kok

bundle/src/main/java/dev/cel/bundle/BUILD.bazel

@@ -104,6 +104,7 @@ java_library(
         ":required_fields_checker",
         "//:auto_value",
         "//bundle:cel",
+        "//checker:proto_type_mask",
         "//checker:standard_decl",
         "//common:compiler_common",
         "//common:container",

bundle/src/main/java/dev/cel/bundle/CelEnvironment.java

@@ -30,6 +30,7 @@
 import dev.cel.checker.CelStandardDeclarations;
 import dev.cel.checker.CelStandardDeclarations.StandardFunction;
 import dev.cel.checker.CelStandardDeclarations.StandardOverload;
+import dev.cel.checker.ProtoTypeMask;
 import dev.cel.common.CelContainer;
 import dev.cel.common.CelFunctionDecl;
 import dev.cel.common.CelOptions;
@@ -134,6 +135,9 @@ public abstract class CelEnvironment {
   /** Limits to set in the environment. */
   public abstract ImmutableSet<Limit> limits();
 
+  /** Context variable to enable in the environment. */
+  public abstract Optional<ContextVariable> contextVariable();
+
   /** Builder for {@link CelEnvironment}. */
   @AutoValue.Builder
   public abstract static class Builder {
@@ -199,6 +203,8 @@ public Builder setLimits(Limit... limits) {
 
     public abstract Builder setLimits(ImmutableSet<Limit> limits);
 
+    public abstract Builder setContextVariable(ContextVariable contextVariable);
+
     abstract CelEnvironment autoBuild();
 
     @CheckReturnValue
@@ -258,6 +264,12 @@ public CelCompiler extend(CelCompiler celCompiler, CelOptions celOptions)
 
       applyStandardLibrarySubset(compilerBuilder);
 
+      contextVariable()
+          .ifPresent(
+              cv ->
+                  compilerBuilder.addProtoTypeMasks(
+                      ProtoTypeMask.ofAllFields(cv.typeName()).withFieldsAsVariableDeclarations()));
+
       return compilerBuilder.build();
     } catch (RuntimeException e) {
       throw new CelEnvironmentException(e.getMessage(), e);
@@ -406,6 +418,17 @@ private static CanonicalCelExtension getExtensionOrThrow(String extensionName) {
     return extension;
   }
 
+  /** Represents a context variable declaration. */
+  @AutoValue
+  public abstract static class ContextVariable {
+    /** Fully qualified type name of the context variable. */
+    public abstract String typeName();
+
+    public static ContextVariable create(String typeName) {
+      return new AutoValue_CelEnvironment_ContextVariable(typeName);
+    }
+  }
+
   /** Represents a policy variable declaration. */
   @AutoValue
   public abstract static class VariableDecl {

bundle/src/main/java/dev/cel/bundle/CelEnvironmentYamlParser.java

@@ -28,6 +28,7 @@
 import com.google.common.collect.ImmutableSet;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import dev.cel.bundle.CelEnvironment.Alias;
+import dev.cel.bundle.CelEnvironment.ContextVariable;
 import dev.cel.bundle.CelEnvironment.ExtensionConfig;
 import dev.cel.bundle.CelEnvironment.FunctionDecl;
 import dev.cel.bundle.CelEnvironment.LibrarySubset;
@@ -320,6 +321,36 @@ private ImmutableSet<String> parseAbbreviations(ParserContext<Node> ctx, Node no
     return builder.build();
   }
 
+  private ContextVariable parseContextVariable(ParserContext<Node> ctx, Node node) {
+    long id = ctx.collectMetadata(node);
+    if (!assertYamlType(ctx, id, node, YamlNodeType.MAP)) {
+      return ContextVariable.create("");
+    }
+
+    MappingNode mapNode = (MappingNode) node;
+    String typeName = "";
+    for (NodeTuple nodeTuple : mapNode.getValue()) {
+      Node keyNode = nodeTuple.getKeyNode();
+      long keyId = ctx.collectMetadata(keyNode);
+      Node valueNode = nodeTuple.getValueNode();
+      String keyName = ((ScalarNode) keyNode).getValue();
+      switch (keyName) {
+        case "type_name":
+          typeName = newString(ctx, valueNode);
+          break;
+        default:
+          ctx.reportError(keyId, String.format("Unsupported context_variable tag: %s", keyName));
+          break;
+      }
+    }
+
+    if (typeName.isEmpty()) {
+      ctx.reportError(id, "Missing required attribute(s): type_name");
+    }
+
+    return ContextVariable.create(typeName);
+  }
+
   private ImmutableSet<VariableDecl> parseVariables(ParserContext<Node> ctx, Node node) {
     long valueId = ctx.collectMetadata(node);
     ImmutableSet.Builder<VariableDecl> variableSetBuilder = ImmutableSet.builder();
@@ -900,6 +931,9 @@ private CelEnvironment.Builder parseConfig(ParserContext<Node> ctx, Node node) {
           case "limits":
             builder.setLimits(parseLimits(ctx, valueNode));
             break;
+          case "context_variable":
+            builder.setContextVariable(parseContextVariable(ctx, valueNode));
+            break;
           default:
             ctx.reportError(id, "Unknown config tag: " + fieldName);
             // continue handling the rest of the nodes

conformance/src/test/java/dev/cel/conformance/policy/BUILD.bazel

@@ -12,6 +12,13 @@ java_library(
     deps = [
         "//:auto_value",
         "//bundle:cel",
+        "//common/formats:value_string",
+        "//common/formats:yaml_helper",
+        "//policy",
+        "//policy:parser",
+        "//policy:parser_factory",
+        "//policy:policy_parser_context",
+        "//policy:test_policy_helper",
         "//runtime:function_binding",
         "//testing/testrunner:cel_expression_source",
         "//testing/testrunner:cel_test_context",
@@ -23,5 +30,6 @@ java_library(
         "@maven//:com_google_guava_guava",
         "@maven//:com_google_protobuf_protobuf_java",
         "@maven//:junit_junit",
+        "@maven//:org_yaml_snakeyaml",
     ],
 )

conformance/src/test/java/dev/cel/conformance/policy/PolicyConformanceTest.java

@@ -18,6 +18,8 @@
 import dev.cel.bundle.Cel;
 import dev.cel.bundle.CelFactory;
 import dev.cel.expr.conformance.proto3.TestAllTypes;
+import dev.cel.policy.CelPolicyParserFactory;
+import dev.cel.policy.K8sTagHandler;
 import dev.cel.runtime.CelFunctionBinding;
 import dev.cel.testing.testrunner.CelExpressionSource;
 import dev.cel.testing.testrunner.CelTestContext;
@@ -77,6 +79,13 @@ public void evaluate() throws Throwable {
                 TestAllTypes.getDescriptor().getFile(),
                 Struct.getDescriptor().getFile());
 
+    // Scopes the custom Kubernetes tag visitor exclusively to k8s tests to prevent non-standard
+    // grammar leakage.
+    if (name.startsWith("k8s/")) {
+      contextBuilder.setCelPolicyParser(
+          CelPolicyParserFactory.newYamlParserBuilder().addTagVisitor(new K8sTagHandler()).build());
+    }
+
     Path yamlConfigPath = Paths.get(dirPath, "config.yaml");
     Path textprotoConfigPath = Paths.get(dirPath, "config.textproto");
 

policy/BUILD.bazel

@@ -59,3 +59,9 @@ java_library(
     name = "compiler_builder",
     exports = ["//policy/src/main/java/dev/cel/policy:compiler_builder"],
 )
+
+java_library(
+    name = "test_policy_helper",
+    testonly = True,
+    exports = ["//policy/src/test/java/dev/cel/policy:tests"],
+)

policy/src/main/java/dev/cel/policy/CelPolicy.java

@@ -252,7 +252,7 @@ public abstract static class Builder implements RequiredFieldsChecker {
 
       abstract Optional<Long> id();
 
-      abstract Optional<Result> result();
+      public abstract Optional<Result> result();
 
       abstract Optional<ValueString> explanation();
 

policy/src/test/java/dev/cel/policy/BUILD.bazel

@@ -10,6 +10,8 @@ java_library(
     resources = [
         "//testing:policy_test_resources",
     ],
+    tags = ["alt_dep=//policy:test_policy_helper"],
+    visibility = ["//policy:__pkg__"],
     deps = [
         "//:java_truth",
         "//bundle:cel",
@@ -18,6 +20,7 @@ java_library(
         "//common:cel_ast",
         "//common:options",
         "//common/formats:value_string",
+        "//common/formats:yaml_helper",
         "//common/internal",
         "//common/resources/testdata/proto3:standalone_global_enum_java_proto",
         "//common/types",

policy/src/test/java/dev/cel/policy/CelPolicyCompilerImplTest.java

@@ -37,7 +37,6 @@
 import dev.cel.extensions.CelOptionalLibrary;
 import dev.cel.parser.CelStandardMacro;
 import dev.cel.parser.CelUnparserFactory;
-import dev.cel.policy.PolicyTestHelper.K8sTagHandler;
 import dev.cel.policy.PolicyTestHelper.PolicyTestSuite;
 import dev.cel.policy.PolicyTestHelper.PolicyTestSuite.PolicyTestSection;
 import dev.cel.policy.PolicyTestHelper.PolicyTestSuite.PolicyTestSection.PolicyTestCase;

policy/src/test/java/dev/cel/policy/CelPolicyYamlParserTest.java

@@ -22,7 +22,6 @@
 import com.google.testing.junit.testparameterinjector.TestParameterInjector;
 import dev.cel.common.formats.ValueString;
 import dev.cel.policy.CelPolicy.Import;
-import dev.cel.policy.PolicyTestHelper.K8sTagHandler;
 import dev.cel.policy.PolicyTestHelper.TestYamlPolicy;
 import org.junit.Test;
 import org.junit.runner.RunWith;