How to import different policies inside OPA rego policy?

Question

I am working on writing new rego policies.

I have few rules defined in single policy file which I want to break into sub policy and import it.

Something like this:

A.rego

package com.example
import com.example.B.evaluate

default allow:= false
allow {
    evaluate
}

B.rego

package com.example

default evaluate:= false
evaluate {
    input.role != "admin" # some condition
}

How to achieve this policy configuration? It's like implementing policySet from authzforce having multiple sub-policies.

Thanks in advance! Please pardon my knowledge of OPA

score 0 · Answer 1 · answered Sep 19 '22 at 17:29

When you bundle your policies they will all be combined into one large policy, so they will be segmented based on the package name, not the file name.

some_name.rego

package com.example.A
import com.example.B.evaluate

default allow := false
allow {
    evaluate
}

another_name.rego

package com.example.B

default evaluate := false
evaluate {
    input.role != "admin" # some condition
}

Also shown in our docs here, which I'll admit is a little light. So if there's anything we can add to make it more understandable just let me know!

https://www.openpolicyagent.org/docs/latest/policy-language/#packages

Cheers, @peteroneilljr OPA Advocate

How to import different policies inside OPA rego policy?

1 Answers1

Linked