CEL extensions¶
The CEL engine used to evaluate variables and authorization rules has been extended with various libraries. Each library has a different scope and purpose.
Some libraries are specific to Envoy or HTTP while others are common to both Authz Server types.
Kyverno Authz libraries¶
| Lib | Envoy Policy | HTTP Policy | HTTP Server |
|---|---|---|---|
| Envoy |  | ||
| Http | | | |
| Http Server | | ||
| Jwk | | | |
| Jwt | | | |
| Json | | | |
| Mcp | | | |
Common libraries¶
The libraries below are common CEL extensions enabled in the Kyverno Authz Server CEL engine.
| Lib | Envoy Policy | HTTP Policy | HTTP Server |
|---|---|---|---|
| Optional types | | | |
| Cross type numeric comparisons | | | |
| Bindings | | | |
| Encoders | | | |
| Lists | | | |
| Math | | | |
| Protos | | | |
| Sets | | | |
| Strings | | | |
Kubernetes libraries¶
The libraries below are imported from Kubernetes.
| Lib | Envoy Policy | HTTP Policy | HTTP Server |
|---|---|---|---|
| Lists | | | |
| Regex | | | |
| URL | | | |
| IP | | | |
| CIDR | | | |
| Format | | | |
| Quantity | | | |
| Semver | | | |
Kyverno libraries¶
The libraries below are imported from Kyverno.
| Lib | Envoy Policy | HTTP Policy | HTTP Server |
|---|---|---|---|
| HTTP | | | |
| Image | | | |
| ImageData | | | |