Expression Language

This page describes how to use the Mixer configuration expression language (CEXL).

Background

Mixer configuration uses an expression language (CEXL) to specify match expressions and mapping expressions. CEXL expressions map a set of typed attributes and constants to a typed value.

Syntax

CEXL accepts a subset of Go expressions, which defines the syntax. CEXL implements a subset of the Go operators that constrains the set of accepted Go expressions. CEXL also supports arbitrary parenthesization.

Functions

CEXL supports the following functions.

Operator/FunctionDefinitionExampleDescription
==Equalsrequest.size == 200
!=Not Equalsrequest.auth.principal != "admin"
||Logical OR(request.size == 200) || (request.auth.principal == "admin")
&&Logical AND(request.size == 200) && (request.auth.principal == "admin")
[ ]Map Accessrequest.headers["x-request-id"]
+Addrequest.host + request.path
>Greater Thanresponse.code > 200
>=Greater Than or Equal torequest.size >= 100
<Less Thanresponse.code < 500
<=Less Than or Equal torequest.size <= 100
|First non emptysource.labels["app"] | source.labels["svc"] | "unknown"
matchGlob matchmatch(destination.service, "*.ns1.svc.cluster.local")Matches prefix or suffix based on the location of *
emailConvert a textual e-mail into the EMAIL_ADDRESS typeemail("awesome@istio.io")Use the email function to create an EMAIL_ADDRESS literal.
dnsNameConvert a textual DNS name into the DNS_NAME typednsName("www.istio.io")Use the dnsName function to create a DNS_NAME literal.
ipConvert a textual IPv4 address into the IP_ADDRESS typesource.ip == ip("10.11.12.13")Use the ip function to create an IP_ADDRESS literal.
timestampConvert a textual timestamp in RFC 3339 format into the TIMESTAMP typetimestamp("2015-01-02T15:04:35Z")Use the timestamp function to create a TIMESTAMP literal.
uriConvert a textual URI into the URI typeuri("http://istio.io")Use the uri function to create a URI literal.
.matchesRegular expression match"svc.*".matches(destination.service)Matches destination.service against regular expression pattern "svc.*".
.startsWithstring prefix matchdestination.service.startsWith("acme")Checks whether destination.service starts with "acme".
.endsWithstring postfix matchdestination.service.endsWith("acme")Checks whether destination.service ends with "acme".
emptyStringMapCreate an empty string maprequest.headers | emptyStringMap()Use emptyStringMap to create an empty string map for default value of request.headers.
conditionalSimulate ternary operatorconditional((context.reporter.kind | "inbound") == "outbound", "client", "server")Returns "client" if report kind is outbound otherwise returns "server".
toLowerConvert a string to lowercase letterstoLower("User-Agent")Returns "user-agent".
sizeLength of a stringsize("admin")Returns 5

Type checking

CEXL variables are attributes from the typed attribute vocabulary, constants are implicitly typed and, functions are explicitly typed.

Mixer validates a CEXL expression and resolves it to a type during configuration validation. Selectors must resolve to a boolean value and mapping expressions must resolve to the type they are mapping into. Configuration validation fails if a selector fails to resolve to a boolean or if a mapping expression resolves to an incorrect type.

For example, if an operator specifies a string label as request.size | 200, validation fails because the expression resolves to an integer.

Missing attributes

If an expression uses an attribute that is not available during request processing, the expression evaluation fails. Use the | operator to provide a default value if an attribute may be missing.

For example, the expression request.auth.principal == "user1" fails evaluation if the request.auth.principal attribute is missing. The | (OR) operator addresses the problem: (request.auth.principal | "nobody" ) == "user1".

Examples

ExpressionReturn TypeDescription
request.size | 200intrequest.size if available, otherwise 200.
request.headers["x-forwarded-host"] == "myhost"boolean
(request.headers["x-user-group"] == "admin") || (request.auth.principal == "admin")booleanTrue if the user is admin or in the admin group.
(request.auth.principal | "nobody" ) == "user1"booleanTrue if request.auth.principal is “user1”, The expression will not error out if request.auth.principal is missing.
source.labels["app"]=="reviews" && source.labels["version"]=="v3"booleanTrue if app label is reviews and version label is v3, false otherwise.
Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!