Rego Built-ins
Rego supports a wide range of built-in functions for different policy use cases. Built-ins available in this version of OPA are listed below.
✗ Wasm Only
Category | Name | Meta |
---|---|---|
aggregates | countn := count(collection) | |
aggregates | maxn := max(collection) | |
aggregates | minn := min(collection) | |
aggregates | productn := product(collection) | |
aggregates | sortn := sort(collection) | |
aggregates | sumn := sum(collection) | |
array | array.concatz := array.concat(x, y) | |
array | array.reverserev := array.reverse(arr) | |
array | array.sliceslice := array.slice(arr, start, stop) | |
bits | bits.andz := bits.and(x, y) | |
bits | bits.lshz := bits.lsh(x, s) | |
bits | bits.negatez := bits.negate(x) | |
bits | bits.orz := bits.or(x, y) | |
bits | bits.rshz := bits.rsh(x, s) | |
bits | bits.xorz := bits.xor(x, y) | |
comparison | equalx == y | |
comparison | gtx > y | |
comparison | gtex >= y | |
comparison | ltx < y | |
comparison | ltex <= y | |
comparison | neqx != y | |
conversions | to_numbernum := to_number(x) | |
crypto | crypto.hmac.equalresult := crypto.hmac.equal(mac1, mac2) | |
crypto | crypto.hmac.md5y := crypto.hmac.md5(x, key) | |
crypto | crypto.hmac.sha1y := crypto.hmac.sha1(x, key) | |
crypto | crypto.hmac.sha256y := crypto.hmac.sha256(x, key) | |
crypto | crypto.hmac.sha512y := crypto.hmac.sha512(x, key) | |
crypto | crypto.md5y := crypto.md5(x) | |
crypto | crypto.parse_private_keysoutput := crypto.parse_private_keys(keys) | |
crypto | crypto.sha1y := crypto.sha1(x) | |
crypto | crypto.sha256y := crypto.sha256(x) | |
crypto | crypto.x509.parse_and_verify_certificatesoutput := crypto.x509.parse_and_verify_certificates(certs) | |
crypto | crypto.x509.parse_and_verify_certificates_with_optionsoutput := crypto.x509.parse_and_verify_certificates_with_options(certs, options) | |
crypto | crypto.x509.parse_certificate_requestoutput := crypto.x509.parse_certificate_request(csr) | |
crypto | crypto.x509.parse_certificatesoutput := crypto.x509.parse_certificates(certs) | |
crypto | crypto.x509.parse_keypairoutput := crypto.x509.parse_keypair(cert, pem) | |
crypto | crypto.x509.parse_rsa_private_keyoutput := crypto.x509.parse_rsa_private_key(pem) | |
encoding | base64.decodey := base64.decode(x) | |
encoding | base64.encodey := base64.encode(x) | |
encoding | base64.is_validresult := base64.is_valid(x) | |
encoding | base64url.decodey := base64url.decode(x) | |
encoding | base64url.encodey := base64url.encode(x) | |
encoding | base64url.encode_no_pady := base64url.encode_no_pad(x) | |
encoding | hex.decodey := hex.decode(x) | |
encoding | hex.encodey := hex.encode(x) | |
encoding | json.is_validresult := json.is_valid(x) | |
encoding | json.marshaly := json.marshal(x) | |
encoding | json.marshal_with_optionsy := json.marshal_with_options(x, opts) | |
encoding | json.unmarshaly := json.unmarshal(x) | |
encoding | urlquery.decodey := urlquery.decode(x) | |
encoding | urlquery.decode_objectobject := urlquery.decode_object(x) | |
encoding | urlquery.encodey := urlquery.encode(x) | |
encoding | urlquery.encode_objecty := urlquery.encode_object(object) | |
encoding | yaml.is_validresult := yaml.is_valid(x) | |
encoding | yaml.marshaly := yaml.marshal(x) | |
encoding | yaml.unmarshaly := yaml.unmarshal(x) | |
glob | glob.matchresult := glob.match(pattern, delimiters, match) | |
glob | glob.quote_metaoutput := glob.quote_meta(pattern) | |
graph | graph.reachableoutput := graph.reachable(graph, initial) | |
graph | graph.reachable_pathsoutput := graph.reachable_paths(graph, initial) | |
graph | walkwalk(x, output) | |
graphql | graphql.is_validoutput := graphql.is_valid(query, schema) | |
graphql | graphql.parseoutput := graphql.parse(query, schema) | |
graphql | graphql.parse_and_verifyoutput := graphql.parse_and_verify(query, schema) | |
graphql | graphql.parse_queryoutput := graphql.parse_query(query) | |
graphql | graphql.parse_schemaoutput := graphql.parse_schema(schema) | |
graphql | graphql.schema_is_validoutput := graphql.schema_is_valid(schema) | |
http | http.sendresponse := http.send(request) | |
net | net.cidr_containsresult := net.cidr_contains(cidr, cidr_or_ip) | |
net | net.cidr_contains_matchesoutput := net.cidr_contains_matches(cidrs, cidrs_or_ips) | |
net | net.cidr_expandhosts := net.cidr_expand(cidr) | |
net | net.cidr_intersectsresult := net.cidr_intersects(cidr1, cidr2) | |
net | net.cidr_is_validresult := net.cidr_is_valid(cidr) | |
net | net.cidr_mergeoutput := net.cidr_merge(addrs) | |
net | net.lookup_ip_addraddrs := net.lookup_ip_addr(name) | |
numbers | absy := abs(x) | |
numbers | ceily := ceil(x) | |
numbers | divx / y | |
numbers | floory := floor(x) | |
numbers | minusx - y | |
numbers | mulx * y | |
numbers | numbers.rangerange := numbers.range(a, b) | |
numbers | numbers.range_steprange := numbers.range_step(a, b, step) | |
numbers | plusx + y | |
numbers | rand.intny := rand.intn(str, n) | |
numbers | remx % y | |
numbers | roundy := round(x) | |
object | json.filterfiltered := json.filter(object, paths) | |
object | json.match_schemaoutput := json.match_schema(document, schema) | |
object | json.patchoutput := json.patch(object, patches) | |
object | json.removeoutput := json.remove(object, paths) | |
object | json.verify_schemaoutput := json.verify_schema(schema) | |
object | object.filterfiltered := object.filter(object, keys) | |
object | object.getvalue := object.get(object, key, default) | |
object | object.keysvalue := object.keys(object) | |
object | object.removeoutput := object.remove(object, keys) | |
object | object.subsetresult := object.subset(super, sub) | |
object | object.unionoutput := object.union(a, b) | |
object | object.union_noutput := object.union_n(objects) | |
opa | opa.runtimeoutput := opa.runtime() | |
providers.aws | providers.aws.sign_reqsigned_request := providers.aws.sign_req(request, aws_config, time_ns) | |
regex | regex.find_all_string_submatch_noutput := regex.find_all_string_submatch_n(pattern, value, number) | |
regex | regex.find_noutput := regex.find_n(pattern, value, number) | |
regex | regex.globs_matchresult := regex.globs_match(glob1, glob2) | |
regex | regex.is_validresult := regex.is_valid(pattern) | |
regex | regex.matchresult := regex.match(pattern, value) | |
regex | regex.replaceoutput := regex.replace(s, pattern, value) | |
regex | regex.splitoutput := regex.split(pattern, value) | |
regex | regex.template_matchresult := regex.template_match(template, value, delimiter_start, delimiter_end) | |
rego | rego.metadata.chainchain := rego.metadata.chain() | |
rego | rego.metadata.ruleoutput := rego.metadata.rule() | |
rego | rego.parse_moduleoutput := rego.parse_module(filename, rego) | |
semver | semver.compareresult := semver.compare(a, b) | |
semver | semver.is_validresult := semver.is_valid(vsn) | |
sets | andx & y | |
sets | intersectiony := intersection(xs) | |
sets | minusx - y | |
sets | orx | y | |
sets | uniony := union(xs) | |
strings | concatoutput := concat(delimiter, collection) | |
strings | containsresult := contains(haystack, needle) | |
strings | endswithresult := endswith(search, base) | |
strings | format_intoutput := format_int(number, base) | |
strings | indexofoutput := indexof(haystack, needle) | |
strings | indexof_noutput := indexof_n(haystack, needle) | |
strings | lowery := lower(x) | |
strings | replacey := replace(x, old, new) | |
strings | splitys := split(x, delimiter) | |
strings | sprintfoutput := sprintf(format, values) | |
strings | startswithresult := startswith(search, base) | |
strings | strings.any_prefix_matchresult := strings.any_prefix_match(search, base) | |
strings | strings.any_suffix_matchresult := strings.any_suffix_match(search, base) | |
strings | strings.countoutput := strings.count(search, substring) | |
strings | strings.render_templateresult := strings.render_template(value, vars) | |
strings | strings.replace_noutput := strings.replace_n(patterns, value) | |
strings | strings.reversey := strings.reverse(x) | |
strings | substringoutput := substring(value, offset, length) | |
strings | trimoutput := trim(value, cutset) | |
strings | trim_leftoutput := trim_left(value, cutset) | |
strings | trim_prefixoutput := trim_prefix(value, prefix) | |
strings | trim_rightoutput := trim_right(value, cutset) | |
strings | trim_spaceoutput := trim_space(value) | |
strings | trim_suffixoutput := trim_suffix(value, suffix) | |
strings | uppery := upper(x) | |
time | time.add_dateoutput := time.add_date(ns, years, months, days) | |
time | time.clockoutput := time.clock(x) | |
time | time.datedate := time.date(x) | |
time | time.diffoutput := time.diff(ns1, ns2) | |
time | time.formatformatted timestamp := time.format(x) | |
time | time.now_nsnow := time.now_ns() | |
time | time.parse_duration_nsns := time.parse_duration_ns(duration) | |
time | time.parse_nsns := time.parse_ns(layout, value) | |
time | time.parse_rfc3339_nsns := time.parse_rfc3339_ns(value) | |
time | time.weekdayday := time.weekday(x) | |
tokens | io.jwt.decodeoutput := io.jwt.decode(jwt) | |
tokens | io.jwt.decode_verifyoutput := io.jwt.decode_verify(jwt, constraints) | |
tokens | io.jwt.verify_es256result := io.jwt.verify_es256(jwt, certificate) | |
tokens | io.jwt.verify_es384result := io.jwt.verify_es384(jwt, certificate) | |
tokens | io.jwt.verify_es512result := io.jwt.verify_es512(jwt, certificate) | |
tokens | io.jwt.verify_hs256result := io.jwt.verify_hs256(jwt, secret) | |
tokens | io.jwt.verify_hs384result := io.jwt.verify_hs384(jwt, secret) | |
tokens | io.jwt.verify_hs512result := io.jwt.verify_hs512(jwt, secret) | |
tokens | io.jwt.verify_ps256result := io.jwt.verify_ps256(jwt, certificate) | |
tokens | io.jwt.verify_ps384result := io.jwt.verify_ps384(jwt, certificate) | |
tokens | io.jwt.verify_ps512result := io.jwt.verify_ps512(jwt, certificate) | |
tokens | io.jwt.verify_rs256result := io.jwt.verify_rs256(jwt, certificate) | |
tokens | io.jwt.verify_rs384result := io.jwt.verify_rs384(jwt, certificate) | |
tokens | io.jwt.verify_rs512result := io.jwt.verify_rs512(jwt, certificate) | |
tokensign | io.jwt.encode_signoutput := io.jwt.encode_sign(headers, payload, key) | |
tokensign | io.jwt.encode_sign_rawoutput := io.jwt.encode_sign_raw(headers, payload, key) | |
tracing | traceresult := trace(note) | |
types | is_arrayresult := is_array(x) | |
types | is_booleanresult := is_boolean(x) | |
types | is_nullresult := is_null(x) | |
types | is_numberresult := is_number(x) | |
types | is_objectresult := is_object(x) | |
types | is_setresult := is_set(x) | |
types | is_stringresult := is_string(x) | |
types | type_nametype := type_name(x) | |
units | units.parsey := units.parse(x) | |
units | units.parse_bytesy := units.parse_bytes(x) | |
uuid | uuid.parseresult := uuid.parse(uuid) | |
uuid | uuid.rfc4122output := uuid.rfc4122(k) |