Highest Voted 'rego' Questions

1

vote

1 answer

Evaluating multiple files from a folder using opa eval command

I have seen this on the OPA website that I could use the following: To Evaluate a policy on the command line. ./opa eval -i input.json -d example.rego In my case, I have multiple input files and I have modified it to ./opa eval -i /tmp/tfplan.json…

open-policy-agent rego

asked Aug 17 '20 at 15:38

Jessica

13
5

1

vote

2 answers

How to test that one object is a subset of another object in rego

I'd like to write a Rego rule that checks Kubernetes deployment selectors against the labels declared in the template. The rule should pass if every key/value present in spec.selector.matchLabels is present in spec.template.metadata.labels. If I…

open-policy-agent rego

asked Aug 08 '20 at 02:32

ahawkins

1,164
1
10
15

1

vote

1 answer

Take every item in list that starts with x and put it in a new list - Rego

list := ["a:aqsdf", "a:asdf", "b:gfs", "b:sdf", "a:adfd", "b:asdfd"] I want the new list to only include items that start with 'a': ["a:aqsdf", "a:asdf", "a:adfd"] I've tried working with sets with no success. This would be a breeze in python but…

open-policy-agent rego

asked Aug 07 '20 at 18:54

SteelerKid

304
1
4
15

1

vote

1 answer

helm accessing rego files inside templates

I am following example mentioned in https://helm.sh/docs/chart_template_guide/accessing_files/. I am able to load toml files in configmap, but when I use rego files, I am getting an error: cat multiple_config.yaml apiVersion: v1 kind:…

kubernetes kubernetes-helm open-policy-agent rego

asked Jul 31 '20 at 20:35

Shashank

159
1
3
6

1

vote

1 answer

Rego test to filter by IP address

I am using a similar rule to this: allow { http_request.method == "POST" allowed_paths[http_request.path] net.cidr_contains("XX.YYY.ZZZ.160/29-XX.YYY.ZZZ.32/29",source_address.Address.SocketAddress.address) } And I have two…

spring rego

asked Jul 16 '20 at 16:55

Ernesto Garcia

11
1

1

vote

1 answer

open policy agent - false vs none

Trying to understand the concept of falsehood in OPA. My situation is such - I need to verify whether all cloud resources are in allowed regions of AWS. What I have right now is: allowed_locations := ["eastus", "westus"] exists(array, value) { …

cloud open-policy-agent rego

asked Jul 14 '20 at 09:21

FitzChivalry

339
2
19

1

vote

1 answer

Parameters in Rego rules [Open Policy Agent]

How to use parameters in Rego rules? I would have something like this: deny[reason] { input.request.kind.kind == "Route" not valid_route_request[label] reason := sprintf("missing or wrong router selector label: %v",…

open-policy-agent rego

asked May 03 '20 at 17:15

kalise

221
5
12

1

vote

1 answer

Rego object.get with multileve key

is there any way to use object.get with multiple level key..? My input looks like this: { "pipelineParameters" : { "k8" : { "NODES" : "1" }, "ec2": { "NODES" : "0" } } my data looks like { …

open-policy-agent rego

asked Mar 06 '20 at 21:40

Nuthan Kumar

483
5
22

1

vote

2 answers

Mapping items in an array

Hoping this is a nice easy one, but I just can't see how to do it. I am wanting to with rego map items in an array to a cleaner version. For example from the data below data = [ { "some": "value", "another": "mvalue", "dont": "want" …

open-policy-agent rego

asked Feb 17 '20 at 15:40

bytesnz

384
1
14

1

vote

1 answer

Rego: how to specify not having either of multiple conditions

How can I validate the existence of two separate keys in Rego for OPA? Currently, I'm using the not operator like so: deny["Containers must specify readiness and liveness probes"] { not container.readinessProbe not…

open-policy-agent rego

asked Jan 28 '20 at 18:14

eirikir

3,802
3
21
39

1

vote

2 answers

Use rego to compare before and after values from list of inputs

When I run the following, I can compare the values for parameter instance_class and count the number of discrepancies: modifies_instance_class[resource_type] = num { some resource_type resource_types[resource_type] all :=…

open-policy-agent rego

asked Jan 03 '20 at 13:20

nmh

491
2
8
23

1

vote

1 answer

How to make HTTP GET request in Rego

I want to make a get request to url in rego. But it raises Invalid parameter: unallowed built-in function call in rego module: http.send error Here is my code. package play default hello = false hello { response := http.send({ "method"…

open-policy-agent rego

asked Dec 16 '19 at 11:39

Alihaydar Gubatov

988
1
12
27

1

vote

1 answer

How to deny view/get operation in openshift via open policy?

We want to disable oc get/describe for secrets to prevent token login The current policy prevent create, update, delete but not the viewing of secrets package admission import data.k8s.matches # Deny all user for doing secret ops except…

kubernetes openshift open-policy-agent rego

asked Dec 14 '19 at 03:21

letthefireflieslive

11,493
11
37
61

0

votes

1 answer

How can I loop over multiple values in OPA to validate

I have 'JSON' file something like below, now i want to validate is label cat is set or not? "labels": { "apple": "one", "banana": "two", "cat": "three" } check_against_targets(value, targets) { mode == "allowlist" match_mode ==…

regex open-policy-agent rego

asked Aug 18 '23 at 14:52

Antham

21
2

0

votes

0 answers

OPA List of objects - Finding two values in multiples objects within list

Due to limitations, I am using if/else blocks within OPA. I am writing control rules where it will fail all conditions and pass the remaining. I have a list of extensions (objects) where each object represents one extension available on your device…

opa rego

asked Aug 04 '23 at 20:52

Dalton Lu

1

Questions tagged [rego]