Skip to content

Instantly share code, notes, and snippets.

@anderseknert
Created September 20, 2023 12:39
Show Gist options
  • Save anderseknert/6a90e9b2949be2c8cebfa47dec2b4419 to your computer and use it in GitHub Desktop.
Save anderseknert/6a90e9b2949be2c8cebfa47dec2b4419 to your computer and use it in GitHub Desktop.
Simple policy
package policy
import future.keywords.if
import future.keywords.in
default allow := false
allow if {
# User attempting to access internal resource
# i.e. something under /internal
input.request.path[0] == "internal"
# So user must work for AcmeCorp
endswith(input.user.email, "acmecorp.com")
# And user must have the "acmecorp-internal" role
"acmecorp-internal" in input.user.roles
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment