Rego is a Query Language. To make a policy decision in Rego, you write logical tests on the data that comes in as input (such as the API or SSH data from the last section)
Questions tagged [rego]
161 questions
0
votes
1 answer
unable to use opa gatekeeper for denying pods with latest tags in a specific namespace (prod) on kubernetes
i'm new in OPA policies and need to deny pods running in my cluster with containers that have latest tag in its images, this must be denied just for prod namespace, the problem that i have is whatever the namespace used, the pods will be denied if…
leadab
- 25
- 3
0
votes
1 answer
Validating every element of a list against another list using Rego
I am new to rego and trying to write a policy to validate elements of a list against another list. Here is the problem I am trying to solve:
I have an approved list of security groups against which I need to check the security groups from my input.…
Jessica
- 13
- 5
0
votes
1 answer
Open policy agent - explicit logical AND in CI pipeline
I am trying to write a policy which governs administrator username compatibility, which consists of three rules: alphanumeric value, not part of disallowed names (admin, administrator etc.), and longer than 5 characters.
I have found that when using…
FitzChivalry
- 339
- 2
- 19
0
votes
1 answer
OPA PrepareForEval time increases exponentially
I need my application to be able to load policies (rego) and then evaluate an input JSON based on defined policies.
I mistakenly used PrepareForEval in my evaluation API instead of load policy API. The result of this surprised me as the response…
Kanak Singhal
- 3,074
- 1
- 19
- 17
0
votes
1 answer
OPA conflicting policy
I have written a sample rego code
default allow = false
allow {
some username
input.method = "GET"
input.path =["example", username]
input.user = username
}
allow {
some username
input.method = "GET"
input.path = ["example",…
Sarageorge
- 129
- 9
0
votes
1 answer
Create a set from a string of elements in Rego
How to create a set from a string in Rego Open Policy Agent language?
I've a string of elements like "values": "pvc-volume,emptydir-volume,hostPath,ConfigMaps" which elements need to be validated against a given set of admitted values …
kalise
- 221
- 5
- 12
0
votes
2 answers
Array product given a dynamic number of arguments
I have a function that does an array product:
arrayProduct(l1,l2,l3) = [[a, b, c] |
a := l1[_]
b := l2[_]
c := l3[_]
]
If I have three arrays defined as follows:
animals1 = ["hippo", "giraffe"]
animals2 = ["lion", "zebra"]
animals3 =…
ShrewdCleric
- 79
- 1
- 7
0
votes
1 answer
What's the `location` key in the opa rego resultset expression? can I get locations in input json that caused policy violation?
I'm using go rego package, and the rego.ResultSet when marshalled gives this:
[
{
"expressions": [
{
"value": {...},
"text": "data",
"location": { "row": 1, "col": 1 }
}
]
}
]
I intend to output the…
Kanak Singhal
- 3,074
- 1
- 19
- 17
0
votes
1 answer
OPA Rego function statement evaluation order
package play
exists(obj, a) {
obj[a]
}
hello {
exists(input, "department")
contains(input["location"], "London")
}
world {
contains(input["location"], "London")
exists(input, "department")
}
input = {
…
Anoop
- 1,757
- 1
- 19
- 24
-1
votes
1 answer
How to import policies from different files
This could potentially be a duplicate of this post but I'm still having real trouble.
I have a function defined in one file.
A.rego
package authorizer
default username := null
decode_user(jwt) := user_id {
// logic to decode token & return…
equatorial_daydreamer
- 358
- 4
- 15
-2
votes
1 answer
How would I select the first line from a block of code using regex?
I am trying to select the first line from a block of code (essentially a long string) using java. I am currently doing this using plain java but this seems clumsy. I would like to try and do this with regex instead if possible.
My code currently…
Ronan Byrne
- 11
- 2