2

I am new to rego code and writing a rule to check for employee names if they present in the approved employee list. If not, it should print out the employees who are not part of the list. Here is the input I am giving:

{ "valid_employee_names": { "first_name.2113690404": "emp_Maria", "first_name.2641279496": "emp_Rosie", "first_name.3921413181": "emp_Shaun", "first_name.588579514": "emp_John" }, "destroy": false }

Here is the rego rule:

valid_name := {i: Reason |
    check_list := {["emp_John","emp_Monika","emp_Cindy","emp_Katie","emp_Kein"]}
    doc = input[i]; i="valid_employee_names"
    key_ids := [k | doc[k]; startswith(k, "first_name.")]
    resource := {
        doc[k] : doc[replace(k, ".key", ".value")] | key_ids[_] == k
    }
    emp_name := [m | resource[m]; startswith(m, "emp_")]
    list := {x| x:=check_list[_]}
    not(list[emp_name])
    Reason := sprintf("Employees not on record found - %v . :: ", emp_name)
}

I always get the same output that employees not on record are found. Can anyone point me to see what needs to be corrected/updated?

Thanks!

Navya
  • 21
  • 2

1 Answers1

1

The rule you posted is quite complicated. If you only need to compute the set of employee names NOT in the approved list (which I assume is input.valid_employee_names) start by computing a set of valid names and then take the difference.

# valid_employee_names generates a set of valid employee (first) names from the input.
valid_employee_names := {v | 
    some k
    v := input.valid_employee_names[k]
    startswith(k, "first_name.")}

I'm assuming the list of names to check against is check_list. Note, you have check_list defined as a set containing an array of names (represented as strings). There is no obvious need for the extra array. Just define the check_list as a set of names:

check_list := {"emp_John", "emp_Monika", "emp_Cindy", "emp_Katie", "emp_Kein"}

Now we have two sets we can easily find the invalid names using set difference:

check_list - valid_employee_names

Putting it all together:

valid_employee_names := {v | 
    some k
    v := input.valid_employee_names[k]
    startswith(k, "first_name.")}

check_list := {"emp_John", "emp_Monika", "emp_Cindy", "emp_Katie", "emp_Kein"}

invalid_names := check_list - valid_employee_names

(playground link: https://play.openpolicyagent.org/p/5KfXnSIkHa)

tsandall
  • 1,544
  • 8
  • 8