HTTP Macros
CEL provides a set of predefined macros that can also be used in policy expressions. For convenience, the following custom macros are also supported:
| Name | Return Type | Description |
|---|---|---|
hasReqHeader(string) | bool | Returns true or false if the provided header key is present on the request. |
getReqHeader(string) | list | Returns a list of header values for the provided key on the request. |
hasQueryParam(string) | bool | Returns true or false if the specified query parameter key is part of the request URL. |
getQueryParam(string) | list | Returns a list of the query parameter values from the request URL for the specified key. |
hasReqCookie(string) | bool | Returns true or false if a cookie exists on the request with the specified name. |
getReqCookie(string) | cookie | Returns the cookie struct for the specified cookie name, if it exists on the request. If there are multiple cookies of the same name, the first from the ordering specified in the Cookie header will be returned. |
hasResHeader(string) | bool | Returns true or false if the provided header key is present on the response. |
getResHeader(string) | list | Returns a list of header values for the provided key on the response. |
hasResCookie(string) | bool | Returns true or false if a cookie exists on the response with the specified name. |
getResCookie(string) | cookie | Returns the cookie struct for the specified cookie name, if it exists on the response. If there are multiple cookies of the same name, the cookie with the longest path will be returned. |
inCidrRange(ip string, cidr string) | bool | Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid. |
inCidrRanges(ip string, cidrs list) | bool | Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid. |
hasReqHeader(string)
Returns true or false if the provided header key is present on the request. Header keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "hasReqHeader('X-Version-Id')"
// snippet
{
"expressions": [
"hasReqHeader('X-Version-Id')"
]
}
getReqHeader(string)
Returns a list of header values for the provided key on the request. Header keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "getReqHeader('User-Agent').exists(v, v.matches('(?i)google-images'))"
// snippet
{
"expressions": [
"getReqHeader('User-Agent').exists(v, v.matches('(?i)google-images'))"
]
}
hasQueryParam(string)
Returns true or false if the specified query parameter key is part of the request URL.
- YAML
- JSON
# snippet
---
expressions:
- "hasQueryParam('q')"
// snippet
{
"expressions": [
"hasQueryParam('q')"
]
}
getQueryParam(string)
Returns a list of the query parameter values from the request URL for the specified key.
- YAML
- JSON
# snippet
---
expressions:
- "size(getQueryParam('q')) == 0"
// snippet
{
"expressions": [
"size(getQueryParam('q')) == 0"
]
}
hasReqCookie(string)
Returns true or false if a cookie exists on the request with the specified name.
- YAML
- JSON
# snippet
---
expressions:
- "hasReqCookie('session')"
// snippet
{
"expressions": [
"hasReqCookie('session')"
]
}
getReqCookie(string)
Returns the cookie struct for the specified cookie name, if it exists on the request. If there are multiple cookies of the same name, the first from the ordering specified in the Cookie header will be returned.
- YAML
- JSON
# snippet
---
expressions:
- "getReqCookie('session').secure"
// snippet
{
"expressions": [
"getReqCookie('session').secure"
]
}
hasResHeader(string)
Returns true or false if the provided header key is present on the response. Header keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "hasResHeader('Content-Type')"
// snippet
{
"expressions": [
"hasResHeader('Content-Type')"
]
}
getResHeader(string)
Returns a list of header values for the provided key on the response. Header keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "size(getResHeader('Content-Type').filter(v, v.matches('application/json')))
> 0"
// snippet
{
"expressions": [
"size(getResHeader('Content-Type').filter(v, v.matches('application/json'))) > 0"
]
}
hasResCookie(string)
Returns true or false if a cookie exists on the response with the specified name.
- YAML
- JSON
# snippet
---
expressions:
- "hasResCookie('_device_id')"
// snippet
{
"expressions": [
"hasResCookie('_device_id')"
]
}
getResCookie(string)
Returns the cookie struct for the specified cookie name, if it exists on the response. If there are multiple cookies of the same name, the cookie with the longest path will be returned.
- YAML
- JSON
# snippet
---
expressions:
- "getResCookie('_device_id').value == 'mobile-phone-14'"
// snippet
{
"expressions": [
"getResCookie('_device_id').value == 'mobile-phone-14'"
]
}
inCidrRange(ip string, cidr string)
Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid.
- YAML
- JSON
# snippet
---
expressions:
- "inCidrRange(conn.client_ip, '66.249.66.1/24')"
// snippet
{
"expressions": [
"inCidrRange(conn.client_ip, '66.249.66.1/24')"
]
}
inCidrRanges(ip string, cidrs list)
Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid.
- YAML
- JSON
# snippet
---
expressions:
- "inCidrRanges(conn.client_ip, ['66.249.66.1/24', '2001:4860::/32'])"
// snippet
{
"expressions": [
"inCidrRanges(conn.client_ip, ['66.249.66.1/24', '2001:4860::/32'])"
]
}