docs: add cel libs documentation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

website/docs/cel-extensions/envoy.md

@@ -0,0 +1,3 @@
+# Envoy library
+
+TODO

website/docs/cel-extensions/index.md

@@ -0,0 +1,33 @@
+# CEL extensions
+
+The CEL engine used to evaluate variables and authorization rules has been extended with libraries to help processing the input `CheckRequest` and forge the corresponding `CheckResponse`.
+
+## Envoy plugin libraries
+
+- [Envoy](./envoy.md)
+- [Jwt](./jwt.md)
+
+## Common libraries
+
+The libraries below are common CEL extensions enabled in the Kyverno Authz Server CEL engine:
+
+- [Optional types](https://pkg.go.dev/github.com/google/cel-go/cel#OptionalTypes)
+- [Cross type numeric comparisons](https://pkg.go.dev/github.com/google/cel-go/cel#CrossTypeNumericComparisons)
+- [Bindings](https://pkg.go.dev/github.com/google/cel-go/ext#readme-bindings)
+- [Encoders](https://pkg.go.dev/github.com/google/cel-go/ext#readme-encoders)
+- [Lists](https://pkg.go.dev/github.com/google/cel-go/ext#readme-lists)
+- [Math](https://pkg.go.dev/github.com/google/cel-go/ext#readme-math)
+- [Protos](https://pkg.go.dev/github.com/google/cel-go/ext#readme-protos)
+- [Sets](https://pkg.go.dev/github.com/google/cel-go/ext#readme-sets)
+- [Strings](https://pkg.go.dev/github.com/google/cel-go/ext#readme-strings)
+
+## Kubernetes libraries
+
+The libraries below are imported from Kubernetes:
+
+- CIDR
+- Format
+- IP
+- [Lists](https://kubernetes.io/docs/reference/using-api/cel/#kubernetes-list-library)
+- [Regex](https://kubernetes.io/docs/reference/using-api/cel/#kubernetes-regex-library)
+- [URL](https://kubernetes.io/docs/reference/using-api/cel/#kubernetes-url-library)

website/docs/cel-extensions/jwt.md

@@ -0,0 +1,29 @@
+# Jwt library
+
+Policies have native functionality to decode and verify the contents of JWT tokens in order to enforce additional authorization logic on requests.
+
+
+## jwt.Decode
+
+The `jwt.Decode` function decodes and validates a JWT token. It accepts two arguments: the token and the secret to verify the signature.
+
+### Example
+
+```yaml
+apiVersion: envoy.kyverno.io/v1alpha1
+kind: AuthorizationPolicy
+metadata:
+  name: demo
+spec:
+  failurePolicy: Ignore
+  variables:
+  - name: token
+    expression: >
+      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaXNzIjoicGtpLmV4YW1wbGUuY29tIn0.EiAS-4_ecAe3Fx3GDzZkvNPmhIaDQTHnmpLAHdWWe60"
+  - name: secret
+    expression: >
+      "password"
+  authorizations:
+  - expression: >
+      jwt.Decode(variables.token, variables.secret)....
+```

website/mkdocs.yaml

@@ -11,6 +11,10 @@ nav:
   - pols/failure-policy.md
   - pols/variables.md
   - pols/authorization-rules.md
+  - CEL extensions:
+    - cel-extensions/index.md
+    - cel-extensions/envoy.md
+    - cel-extensions/jwt.md
 - Documentation:
   - quick-start.md
   - Writing policies: