Stack Overflow
Stack Overflow

Questions tagged [rego]

Rego is a Query Language. To make a policy decision in Rego, you write logical tests on the data that comes in as input (such as the API or SSH data from the last section)

161 questions
0
votes
1 answer

Kubernetes Open Policy Agent (OPA) If Else

I'm trying to implement an if else clause in a mutate rule like so ... a := { "alb.ingress.kubernetes.io/healthcheck-path": "/healthz", "alb.ingress.kubernetes.io/listen-ports": `[{"HTTPS": 443}]` } b := { …
Simply Seth
  • 3,246
  • 17
  • 51
  • 77
0
votes
1 answer

Open Policy Agent - check existence of elements in a list

Just started to deal with conftest and OPA, I'm trying to validate a sample kubernetes deployment manifest to make sure it contains a specific key in a list (i.e. image exists for all containers) here's a sample input apiVersion: apps/v1 kind:…
Mahyar
  • 1,011
  • 2
  • 17
  • 37
0
votes
1 answer

Join two lists in Rego

How to join two list together in Rego? a := [1,2,3] b := [4,5,6] I tried the following but it doesn't work, not quite sure what the syntax is c := a + b Thank you in advance (:
jrchew
  • 205
  • 2
  • 9
0
votes
1 answer

Rego Validation Array Compare

I am new at Rego and I am trying to write a policy in order to check if there is a set of rules already created on certain Azure NSGs. Input test: { "name": "", "id": "", "etag": "", "type": "", "location":…
delucaezequiel
  • 483
  • 2
  • 9
  • 26
0
votes
1 answer

Does Rego Set lookup will iterate all items in the set?

package example default allow = false input = { "value_2": {"c", "b", "c", "b", "c", "b", "c", "b", "c", "b", "c", "b", "c", "b", "c", "b", "c", "b", "c", "b", "c", "a", "a"}, "value_1": ["c", "b", "c", "b", "c", "b", "c", "b", "c", "b",…
Phan Nghia
  • 1
  • 2
0
votes
1 answer

Running Rego Tests in Jenkins Pipeline

I am trying to run rego test cases as part of jenkins pipeline run. I previously had my test case and the input data for the test case in a single file and they all ran successfully. I modified my test cases to read the data from an external json…
Jessica
  • 13
  • 5
0
votes
1 answer

How to compact and optimize open policy agent, in a single rego policy

I'm new to rego and OPA (Open Policy Agent) in general. I'm trying to create a default policy for implementations that allow for policy overrides but in normal cases use "Policy Configuration" in a simple JSON document. I use the input as the…
Mario Toffia
  • 510
  • 5
  • 16
0
votes
1 answer

Open Policy Agent - Improve performance of a grouping comprehension

I have a id and role mapping in below format { "ra": [ { "id": 168, "code": "AFAP" }, { "id": 180, "code": "ABC" }, { "id": 180, "code": "ABCMND" } ] } I…
Tarun Lalwani
  • 142,312
  • 9
  • 204
  • 265
0
votes
1 answer

How to use a built-in in another built-in for Open policy agent

Is there a way to call a built-in (like io.jwt.decode_verify(string, constraints)) in a new built-in that I wanted to create? Or is there a way to call OPA's internal package's method?
ulyssesjason
  • 21
  • 2
0
votes
1 answer

How to convert a list to an object with key duplications in OPA Rego

I am new to Open Policy Agent (OPA) and Rego language. I need to convert a list of objects which I get from input to an object (in best case in O(n) time). The problem is that used key may be duplicated in a list. Input example: [ { …
user2106655
  • 1,121
  • 1
  • 9
  • 10
0
votes
1 answer

denial of creation of new subnets by OPA

I have the below rego code, package terraform.analysis import input as tfplan # acceptable score for automated authorization blast_radius = 5 # weights assigned for each operation on each resource-type weights = { "aws_subnet": {"delete":…
learner
  • 2,480
  • 10
  • 50
  • 94
0
votes
1 answer

how do I check an array of objects in REGO to check if a user has permissions conceit?

I'm trying to check if a user have certain permission conceit given a subject and action to check against, sadly I'm unable to make it work, this is the REGO file: package monolith.tiene_permiso default permitir = false permitir { …
shackra
  • 277
  • 3
  • 16
  • 56
0
votes
1 answer

Union an array of objects in rego

How do I union an array of objects into one object in rego? I know how to union two objects, but how do I loop through an array of objects? This sample works, but it is (obvious) not scalable ;) a := [{"test1": "123"}, {"test2": "456"}, {"test3":…
Casper Jensen
  • 551
  • 1
  • 5
  • 15
0
votes
1 answer

Using opa http.send with conftest

I have a question about data importing and the execution of built-in opa function when using conftest. In the below code sample I have two modules abc and main. I've conveniently left out some of the set up for abc all that matters is that it's a…
b0bu
  • 1,062
  • 1
  • 9
  • 24
0
votes
1 answer

Test Cases for Rego Polices

Sorry for my novice question. I have written a rego rule to check for ASV Names, and now I am looking to write a test case for the same. I have looked at sample test cases but has no success in writing for my policy(pasted below). Was wondering how…
Jessica
  • 13
  • 5
1 2 3
10
11