Highest Voted 'rego' Questions

1

vote

1 answer

Combining exit codes and 'defined' string return values from rules in Rego

I want to return a non-zero exit code when my policy fails so that my CI/CD buildspec stops building. I also want to return a string error message from my rule(s). I noticed the --fail and --fail-defined options for opa eval command. These options…

opa rego

asked Jul 01 '22 at 18:02

Steven DeVerteuil

13
1
5

1

vote

3 answers

REGO: Is it possible to parse a regex group from the regex statement?

Cant find any information about regex groups, but what i want to do is: Filter out a string of all ARN's, extract the AWS Services from the ARN's, is it even possible in REGO? What i currently have: output = matches { string := "\"Resource\":…

regex regex-group rego

asked Apr 28 '22 at 15:27

A K

31
5

1

vote

1 answer

rego to check for existance of a field in an array

How could the existance of the "spec.rules.host" field in each item under "speck.rules" can be checked, in a way that if any of them do not have such entry, it would trigger a "deny"? apiVersion: getambassador.io/v3alpha1 kind:…

opa open-policy-agent rego

asked Apr 20 '22 at 11:33

carrotcakeslayer

809
2
9
33

1

vote

1 answer

How to check if an array is empty in OPA Rego

I have an array which declare like this- arr = []. I want to check it it's empty. I tried: count(arr)==0, is_null(arr), arr==[] and arr=="".

arrays null is-empty opa rego

asked Apr 18 '22 at 11:17

Kfir-G

11
1
3

1

vote

1 answer

Rego regex to match a specific word from a sentence

I've written a regex \blates(t|)?\b to search for a word "latest" in a sentence "/man/service/man-aaaaaa-lllll-latest/zzzn2-iii-ooo-x00_00-gg". I'm testing a rule in 'Rego' through Rego playground, whenever there's a word 'latest' in a sentence, I…

regex conditional-statements boolean-logic open-policy-agent rego

asked Apr 18 '22 at 08:58

Katelyn Raphael

253
2
4
16

1

vote

1 answer

How to I combine the results of multiple rules

I have 3 roles and I am trying to return what actions a user can do based on the assigned roles. Playground: https://play.openpolicyagent.org/p/5gN7ObojXh The first part should check if the object being processed is in a list, and then if the…

arrays rules opa open-policy-agent rego

asked Apr 03 '22 at 00:07

Bill Mair

1,073
6
15

1

vote

1 answer

OPA authorization policies with scopes and roles

I'm using Open Policy Agent as an authorization component together with OIDC enabled apps. I have input from the apps in the format: { "token": { "scopes": [ "read:books", "write:books" ] }, …

authorization opa open-policy-agent rego

asked Mar 10 '22 at 07:12

onlyteo

113
1
5

1

vote

1 answer

How do i connect a simple node.js app running on docker to a Open Policy Server also running on a docker container

I'm trying to bundle together a node app and a Open Policy Agent server using docker compose, i can access the OPA server from my browser but when i tried to to a request using axios from the node app i get this: Error: connect ECONNREFUSED…

node.js docker docker-compose axios rego

asked Feb 24 '22 at 13:17

Heyker

41
3

1

vote

1 answer

What is the difference between Assignment(=) operator and Equality(==) operator in OPA rule body

In OPA documentation https://www.openpolicyagent.org/docs/latest/policy-testing/ there is a policy definition given like below: allow { input.path == ["users"] input.method == "POST" } allow { some profile_id input.path = ["users",…

open-policy-agent rego

asked Jan 19 '22 at 06:10

Rithu

79
1
6

1

vote

2 answers

How to check OPA Rego file is correct or not

I have created one sample.rego file and I encoded in base64. so is there any way in Golang Library that validate rego base64 encoded value is correct or not. Sample.rego file: package policy.authz default allow = false allow { input.policy ==…

go base64 opa rego

asked Dec 14 '21 at 15:21

Anupam Somani

224
1
7
17

1

vote

1 answer

How to return error messages per object in rego response when using nested objects

I am creating a policy to validate access to a collection of Records. These records are passed as input and have a collection of permissions attached to them. I validate them against permissions data stored in the OPA. For instance, I can return…

open-policy-agent rego

asked Dec 14 '21 at 00:17

Ashley Kelham

13
3

1

vote

1 answer

Pass back a value from Open Policy Agent (OPA) query

Instead of seeing who can access what, I want to setup policies that return how many connections are allowed per second, or, how much bandwidth is allowed. How do I define my policies to return values instead of true/false?

policy open-policy-agent rego

asked Nov 02 '21 at 16:09

JD Allen

799
5
12

1

vote

1 answer

OPA (Rego) as Go lib: How to apply external data?

I followed the example of https://www.openpolicyagent.org/docs/latest/#5-try-opa-as-a-go-library. Important code snippets: r := rego.New( rego.Query("x = data.example.allow"), rego.Load([]string{"./example.rego"}, nil) ... rs, err := query.Eval(ctx,…

go open-policy-agent rego

asked Oct 08 '21 at 07:18

bogg

31
5

1

vote

2 answers

Converting rego policy to json

I am trying to read rego format of policy and save into json format. However could not find a way to read using "go" package of rego. Any suggestions/advise ?

open-policy-agent rego

asked Oct 02 '21 at 04:27

vnn

31
1
4

1

vote

1 answer

Rego Playground Sort

I have been playing with the OPA Rego Playground. Nice tool. Very powerful. The default sort is alphabetical. But I'd like to sort the output in the same order as defined in the policy I saw some switches for the opa command line tool. …

opa rego

asked Oct 01 '21 at 21:34

Tom Turner

11
2

Questions tagged [rego]