Stephan Renatus srenatus

## gist:fa1e3e1b55c6d505d3aa9c38bbdbc818
$ docker run -it --platform linux/arm64  docker.io/openpolicyagent/opa:edge eval --timeout 1s -t wasm 'numbers.range(1,1e10)'
Unable to find image 'openpolicyagent/opa:edge' locally
edge: Pulling from openpolicyagent/opa
dbcab61d5a5a: Already exists
1867b2187888: Already exists
4d704a88b82e: Already exists
db698d0a411a: Pull complete
Digest: sha256:ae185c082e080644c9e4089c688bca39c3ab9ae7b6eb5b546d1daf6982cee238
Status: Downloaded newer image for openpolicyagent/opa:edge
WARNING: image with reference openpolicyagent/opa was found but does not match the specified platform: wanted linux/arm64, actual: linux/amd64

## t.gr
import { Set, size, fromList } from "set"
import { length } from "string"

enum Value {
  NumberValue(Number),
  StringValue(String),
  SetValue(Set<Value>),
}

let length = (x) => {

## envoy.config.yaml
admin:
  access_log_path: /dev/stdout
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

static_resources:
  listeners:
  - name: listener1
    address:
      socket_address: { address: 0.0.0.0, port_value: 51051 }

## opa_and_oso.md

      
              1 file
            
          
              0 forks
            
          
              2 comments
            
          
              7 stars
            
          
                srenatus
                / opa_and_oso.md
            
            
              Last active
              May 31, 2023 18:08
            
          
    OPA, oso, oh no!


Caveat
Maturity
Interface

WebAssembly


Policy language
Next Steps

You may have gotten accustomed to Keep Calm and Use OPA, and then suddenly, there's

  
## multiple_dispatch_example.rb
require 'oso'
$polar=<<POLAR
add(x: String, y: String, x.concat(y));
add(x: List,   y: List,   x.concat(y));
add(x: List,   y: String, x0.concat(y)) if x0 in x;
add(x: String, y: List,   x.concat(y0)) if y0 in y;
POLAR
class Example
  def initialize
    @o = Oso.new

## config.yaml
plugins:
  envoy_ext_authz_grpc:
    addr: :9191
    path: foo/bar # always true
    enable-reflection: true
decision_logs:
  console: true

## Gemfile
source 'https://rubygems.org'
gem 'pry'
gem 'hashie'
gem 'oso-oso'

## sample-grpc-api.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: sample-api-grpc
  name: sample-api-grpc
  namespace: default
spec:
  selector:
    matchLabels:

## main.go
/*
 *
 * Copyright 2015 gRPC authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *

## full output
+-----------+--------------------------------------------------------------------------------------------+
| Query 1   | data.partial.authz_v2.authorized                                                           |
+-----------+--------------------------------------------------------------------------------------------+
| Support 1 | package partial                                                                            |
|           |                                                                                            |
|           | __not1_1__ {                                                                               |
|           |   "iam:roles:owner" = input.resource                                                       |
|           |   "iam:roles:update" = input.action                                                        |
|           |   _ = input.subjects[_]                                                                    |
|           | }
	$ docker run -it --platform linux/arm64 docker.io/openpolicyagent/opa:edge eval --timeout 1s -t wasm 'numbers.range(1,1e10)'
	Unable to find image 'openpolicyagent/opa:edge' locally
	edge: Pulling from openpolicyagent/opa
	dbcab61d5a5a: Already exists
	1867b2187888: Already exists
	4d704a88b82e: Already exists
	db698d0a411a: Pull complete
	Digest: sha256:ae185c082e080644c9e4089c688bca39c3ab9ae7b6eb5b546d1daf6982cee238
	Status: Downloaded newer image for openpolicyagent/opa:edge
	WARNING: image with reference openpolicyagent/opa was found but does not match the specified platform: wanted linux/arm64, actual: linux/amd64
	import { Set, size, fromList } from "set"
	import { length } from "string"

	enum Value {
	NumberValue(Number),
	StringValue(String),
	SetValue(Set<Value>),
	}

	let length = (x) => {
	admin:
	access_log_path: /dev/stdout
	address:
	socket_address: { address: 0.0.0.0, port_value: 9901 }

	static_resources:
	listeners:
	- name: listener1
	address:
	socket_address: { address: 0.0.0.0, port_value: 51051 }
	require 'oso'
	$polar=<<POLAR
	add(x: String, y: String, x.concat(y));
	add(x: List, y: List, x.concat(y));
	add(x: List, y: String, x0.concat(y)) if x0 in x;
	add(x: String, y: List, x.concat(y0)) if y0 in y;
	POLAR
	class Example
	def initialize
	@o = Oso.new
	plugins:
	envoy_ext_authz_grpc:
	addr: :9191
	path: foo/bar # always true
	enable-reflection: true
	decision_logs:
	console: true
	source 'https://rubygems.org'
	gem 'pry'
	gem 'hashie'
	gem 'oso-oso'
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: sample-api-grpc
	name: sample-api-grpc
	namespace: default
	spec:
	selector:
	matchLabels:
	/*
	*
	* Copyright 2015 gRPC authors.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	+-----------+--------------------------------------------------------------------------------------------+
	\| Query 1 \| data.partial.authz_v2.authorized \|
	+-----------+--------------------------------------------------------------------------------------------+
	\| Support 1 \| package partial \|
	\| \| \|
	\| \| __not1_1__ { \|
	\| \| "iam:roles:owner" = input.resource \|
	\| \| "iam:roles:update" = input.action \|
	\| \| _ = input.subjects[_] \|
	\| \| }