Burrego: implement missing builtins #56
Description
Relation of builtin-list and builtin-usage in different repositories containing builtins, so we can prioritize builtin implementation depending on the usage. The list of the full SDK-dependant bultins follows:
| Category | Built-in | Status |
|---|---|---|
| Numbers | rand.intn |
- |
| Objects | json.patch |
Implemented |
| Strings | sprintf |
Implemented |
| Regex | regex.split |
- |
regex.globs_match |
- | |
regex.template_match |
- | |
regex.find_n |
- | |
| Glob | glob.quote_meta |
Implemented |
| Units | units.parse_bytes |
- |
| Encoding | base64url.encode_no_pad |
Implemented |
urlquery.encode |
Implemented | |
urlquery.encode_object |
Implemented | |
urlquery.decode |
Implemented | |
urlquery.decode_object |
Implemented | |
json.is_valid |
Implemented | |
yaml.marshal |
Implemented | |
yaml.unmarshal |
Implemented | |
yaml.is_valid |
Implemented | |
hex.encode |
Implemented | |
hex.decode |
Implemented | |
| Token Signing | io.jwt.encode_sign_raw |
- |
io.jwt.encode_sign |
- | |
| Token Verification | io.jwt.verify_rs256 |
- |
io.jwt.verify_rs384 |
- | |
io.jwt.verify_rs512 |
- | |
io.jwt.verify_ps256 |
- | |
io.jwt.verify_ps384 |
- | |
io.jwt.verify_ps512 |
- | |
io.jwt.verify_es256 |
- | |
io.jwt.verify_es384 |
- | |
io.jwt.verify_es512 |
- | |
io.jwt.verify_hs256 |
- | |
io.jwt.verify_hs384 |
- | |
io.jwt.verify_hs512 |
- | |
io.jwt.decode |
- | |
io.jwt.decode_verify |
- | |
| Time | time.now_ns |
Implemented |
time.parse_ns |
- | |
time.parse_rfc3339_ns |
Implemented | |
time.parse_duration_ns |
- | |
time.date |
Implemented | |
time.clock |
- | |
time.weekday |
- | |
time.add_date |
- | |
time.diff |
- | |
| Cryptography | crypto.x509.parse_certificates |
- |
crypto.x509.parse_and_verify_certificates |
- | |
crypto.x509.parse_certificate_request |
- | |
crypto.md5 |
- | |
crypto.sha1 |
- | |
crypto.sha256 |
- | |
| HTTP | http.send |
- |
| Net | net.cidr_contains_matches |
- |
net.cidr_expand |
- | |
net.cidr_merge |
- | |
| UUID | uuid.rfc4122 |
- |
| Semantic Versions | semver.is_valid |
Implemented |
semver.compare |
Implemented | |
| Rego | rego.parse_module |
- |
| OPA | opa.runtime |
- |
| Debugging | trace |
Implemented |
The use of builtins, per repo:
-
Gatekeeper library (https://github.com/open-policy-agent/gatekeeper-library)
re_match: now renamed toregex.match, but not updated in the policy code. 12 usages.trace: only used in tests. 18 usages.
-
OPA library (https://github.com/open-policy-agent/library/tree/master/kubernetes)
re_match: now renamed toregex.match, but not updated in the policy code. 3 usages.yaml.unmarshal: 1 usage.http.send: 1 usage. I don't think we should aim for this right now.trace: only used in tests. 9 usages.
The rest of the table is not used by the policies in the mentioned repositories.