Skip to content

Instantly share code, notes, and snippets.

@anderseknert
Created September 20, 2023 12:42
Show Gist options
  • Save anderseknert/3fa04540eb40fb0d1ca803adff07b3e7 to your computer and use it in GitHub Desktop.
Save anderseknert/3fa04540eb40fb0d1ca803adff07b3e7 to your computer and use it in GitHub Desktop.
Helper rules
package policy
import future.keywords.if
import future.keywords.in
default allow := false
allow if {
# User attempting to access internal resource
# i.e. something under /internal
input.request.path[0] == "internal"
# User must work for AcmeCorp, Hooli, or Lexcorp
valid_email
# And user must have the "acmecorp-internal" role
"acmecorp-internal" in input.user.roles
}
valid_email if endswith(input.user.email, "acmecorp.com")
valid_email if endswith(input.user.email, "hooli.com")
valid_email if endswith(input.user.email, "lexcorp.com")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment