Anders Eknert anderseknert

## or_array.rego
arr := [x | some x in input.my_array]

## or_array.js
arr = my_array || []

## object_get.rego
allow if {
    # return input.user.name, or "anyomous" if the lookup fails
    user := object.get(input, ["user", "name"], "anonymous")
    user != "anonymous"

    # ... more conditions
}

## object_or.rego
deny := message if {
    code_reason_map := {
        400: "Bad request",
        404: "Not found",
        500: "Internal server error",
    }

    message := code_reason_map[status_code]
}

## in.rego
allow {
    # Simple way to "inline" an OR check — turn it into a "contains" problem
    input.request.method in {“HEAD”, “GET”}
}

## else.rego
# Expressions may be evaluated in any order
allow if expression1
allow if expression2
allow if expression3

# Expressions evaluated from top to bottom
allow if {
    expression1
} else {
    expression2

## pattern_matching.rego
# First name may be either "joe" or "jane" for function to evaluate
# No rule body needed as argument passed will be matched for equality
allowed_firstname("joe")
allowed_firstname("jane")

# This works with multiple arguments too, where only some are matched
# statically
alcohol_allowed("Sweden", age) if age > 18
alcohol_allowed("USA",    age) if age > 21
alcohol_allowed(country,  age) if {

## pattern_matching.rego
# First name may be either "joe" or "jane" for function to evaluate
allowed_firstname(name) if name == "joe"
allowed_firstname(name) if name == "jane"

## multiple_outputs.rego
package play

import future.keywords.if
import future.keywords.in

# Both of the conditions could be true
validate_user(user) := "valid" if "admin" in user.roles
validate_user(user) := "invalid" if not user.email

valid := validate_user(input.user)

## helper_functions.rego
package policy

import future.keywords.if

default allow := false

allow if {
    idx := indexof(input.user.email, "@")
    fullname := substring(input.user.email, 0, idx)
    firstname := lower(split(fullname, ".")[0])
	allow if {
	# return input.user.name, or "anyomous" if the lookup fails
	user := object.get(input, ["user", "name"], "anonymous")
	user != "anonymous"

	# ... more conditions
	}
	deny := message if {
	code_reason_map := {
	400: "Bad request",
	404: "Not found",
	500: "Internal server error",
	}

	message := code_reason_map[status_code]
	}
	allow {
	# Simple way to "inline" an OR check — turn it into a "contains" problem
	input.request.method in {“HEAD”, “GET”}
	}
	# Expressions may be evaluated in any order
	allow if expression1
	allow if expression2
	allow if expression3

	# Expressions evaluated from top to bottom
	allow if {
	expression1
	} else {
	expression2
	# First name may be either "joe" or "jane" for function to evaluate
	# No rule body needed as argument passed will be matched for equality
	allowed_firstname("joe")
	allowed_firstname("jane")

	# This works with multiple arguments too, where only some are matched
	# statically
	alcohol_allowed("Sweden", age) if age > 18
	alcohol_allowed("USA", age) if age > 21
	alcohol_allowed(country, age) if {
	# First name may be either "joe" or "jane" for function to evaluate
	allowed_firstname(name) if name == "joe"
	allowed_firstname(name) if name == "jane"
	package play

	import future.keywords.if
	import future.keywords.in

	# Both of the conditions could be true
	validate_user(user) := "valid" if "admin" in user.roles
	validate_user(user) := "invalid" if not user.email

	valid := validate_user(input.user)
	package policy

	import future.keywords.if

	default allow := false

	allow if {
	idx := indexof(input.user.email, "@")
	fullname := substring(input.user.email, 0, idx)
	firstname := lower(split(fullname, ".")[0])