Skip to main content

TLS Macros

CEL provides a set of predefined macros that can also be used in policy expressions. For convenience, the following custom macros are also supported:

NameReturn TypeDescription
inCidrRange(ip string, cidr string)boolReturns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid.
inCidrRanges(ip string, cidrs list)boolReturns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid.

inCidrRange(ip string, cidr string)

Returns true or false if the provided IP address falls within the provided CIDR range. Returns false if the provided CIDR range is invalid.

# snippet
---
expressions:
- "inCidrRange(conn.client_ip, '66.249.66.1/24')"

inCidrRanges(ip string, cidrs list)

Returns true or false if the provided IP address falls within any of the provided CIDR ranges. Ignores any provided CIDR ranges that are invalid.

# snippet
---
expressions:
- "inCidrRanges(conn.client_ip, ['66.249.66.1/24', '2001:4860::/32'])"