This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package play | |
import future.keywords.if | |
import future.keywords.in | |
# Both of the conditions could be true | |
validate_user(user) := "valid" if "admin" in user.roles | |
validate_user(user) := "invalid" if not user.email | |
valid := validate_user(input.user) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package policy | |
import future.keywords.if | |
default allow := false | |
allow if { | |
idx := indexof(input.user.email, "@") | |
fullname := substring(input.user.email, 0, idx) | |
firstname := lower(split(fullname, ".")[0]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package policy | |
import future.keywords.if | |
default allow := false | |
allow if { | |
idx := indexof(input.user.email, "@") | |
fullname := substring(input.user.email, 0, idx) | |
firstname := lower(split(fullname, ".")[0]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package policy | |
import future.keywords.if | |
import future.keywords.in | |
default allow := false | |
allow if { | |
# User attempting to access internal resource | |
# i.e. something under /internal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# implicit assignment, same as: allow := true if ... | |
allow if expression1 | |
allow if expression2 | |
allow if expression3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var allow | |
if (expression1 || expression2 || expression3) { | |
// allow will only be assigned true if any of the expressions above are true | |
allow = true | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package policy | |
import future.keywords.if | |
import future.keywords.in | |
default allow := false | |
allow if { | |
# User attempting to access internal resource | |
# i.e. something under /internal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# implicit assignment, same as: allow := true if { | |
allow if { | |
expression1 | |
expression2 | |
expression3 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var allow | |
if (expression1 && expression2 && expression3) { | |
// allow will only be assigned true if all expressions above are true | |
allow = true | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package policy | |
import future.keywords.if | |
# | |
# valid_email will be assigned the value of the email variable if, and only if, # all the expressions in the body evaluate | |
# | |
valid_email := email if { # rule head, name + (optional) assignment | |
email := lower(input.user.email) # fails if input.user.email is undefined | |
endswith(email, "hooli.com") # fails unless email ends with hooli.com |