Skip to content

Instantly share code, notes, and snippets.

View anderseknert's full-sized avatar
👨‍💻
Hacking on all things OPA

Anders Eknert anderseknert

👨‍💻
Hacking on all things OPA
View GitHub Profile
@anderseknert
anderseknert / multiple_outputs.rego
Created September 20, 2023 12:47
Multiple outputs
package play
import future.keywords.if
import future.keywords.in
# Both of the conditions could be true
validate_user(user) := "valid" if "admin" in user.roles
validate_user(user) := "invalid" if not user.email
valid := validate_user(input.user)
@anderseknert
anderseknert / helper_functions.rego
Created September 20, 2023 12:46
Helper functions
package policy
import future.keywords.if
default allow := false
allow if {
idx := indexof(input.user.email, "@")
fullname := substring(input.user.email, 0, idx)
firstname := lower(split(fullname, ".")[0])
@anderseknert
anderseknert / helper_functions.rego
Created September 20, 2023 12:44
Helper functions
package policy
import future.keywords.if
default allow := false
allow if {
idx := indexof(input.user.email, "@")
fullname := substring(input.user.email, 0, idx)
firstname := lower(split(fullname, ".")[0])
@anderseknert
anderseknert / helper_rules.rego
Created September 20, 2023 12:42
Helper rules
package policy
import future.keywords.if
import future.keywords.in
default allow := false
allow if {
# User attempting to access internal resource
# i.e. something under /internal
@anderseknert
anderseknert / or.rego
Created September 20, 2023 12:41
Rego OR
# implicit assignment, same as: allow := true if ...
allow if expression1
allow if expression2
allow if expression3
@anderseknert
anderseknert / or.js
Created September 20, 2023 12:41
Imperative OR
var allow
if (expression1 || expression2 || expression3) {
// allow will only be assigned true if any of the expressions above are true
allow = true
}
@anderseknert
anderseknert / policy.rego
Created September 20, 2023 12:39
Simple policy
package policy
import future.keywords.if
import future.keywords.in
default allow := false
allow if {
# User attempting to access internal resource
# i.e. something under /internal
@anderseknert
anderseknert / and.rego
Created September 20, 2023 12:38
Rego AND
# implicit assignment, same as: allow := true if {
allow if {
expression1
expression2
expression3
}
@anderseknert
anderseknert / and.js
Created September 20, 2023 12:35
Imperative AND
var allow
if (expression1 && expression2 && expression3) {
// allow will only be assigned true if all expressions above are true
allow = true
}
@anderseknert
anderseknert / logical_and.rego
Created September 20, 2023 12:26
Logical AND
package policy
import future.keywords.if
#
# valid_email will be assigned the value of the email variable if, and only if, # all the expressions in the body evaluate
#
valid_email := email if { # rule head, name + (optional) assignment
email := lower(input.user.email) # fails if input.user.email is undefined
endswith(email, "hooli.com") # fails unless email ends with hooli.com