Comments (2)
Linting rules: Your linting rules require a flat interpretation of a rule at https://play.openpolicyagent.org/ e.g.
allow if {
# split the permission
perm_parts := split(input.permission, ":")
# parse the action
action := perm_parts[2]
# parse the resource
resource := concat(":", array.slice(perm_parts, 0, 2))
print("Query User:", input.user, "Resource:", resource, "Action:", action)
# lookup the list of roles for the user
roles := user_roles[input.user]
# for each role in that list
r := roles[_]
print("Checking Role:", r)
# lookup the permissions list for role r
permissions := role_permissions[r]
# for each permission
p := permissions[_]
# check if the permission granted to r matches the user's request
print("Evaluating:", p)
bits.and(to_number(glob.match(p.resource, [], resource)), to_number(glob.match(p.action, [], action)))
}
As this is a declarative language it makes much more sense to display looping thus:
allow if {
# split the permission
perm_parts := split(input.permission, ":")
# parse the action
action := perm_parts[2]
# parse the resource
resource := concat(":", array.slice(perm_parts,0,2))
print("Query User:", input.user, "Resource:", resource, "Action:", action)
# lookup the list of roles for the user
roles := user_roles[input.user]
# for each role in that list
r := roles[_]
print("Checking Role:", r)
# lookup the permissions list for role r
permissions := role_permissions[r]
# for each permission
p := permissions[_]
# check if the permission granted to r matches the user's request
print("Evaluating:", p)
bits.and(to_number(glob.match(p.resource, [], resource)), to_number(glob.match(p.action, [], action)))
}
There is some pythonesq stuff going on, and as I'm very new, I find the single indent very difficult to navigate. This is only a short example, adapted from the RBAC examplar but my example reads a lot clearer than the linted version.
Regards
Ashley
from opa.
The Rego Playground is set up to run all of the Regal linter rules by default, but that's just a default set for the purpose of the playground. There is no requirement to agree with all of the rules :) If you download Regal yourself, you can easily disable any rule you disagree with, like the opa-fmt
rule. Here's an example of a Regal configuration file to disable the formatter rule:
.regal/config.yaml
rules:
style:
opa-fmt:
level: ignore
from opa.
Related Issues (20)
- Allow `not every` HOT 5
- Using non-collections with `every` should fail
- User defined headers are dropped with aws.sign_req HOT 5
- Formatter rewrites quoted reference containing keyword to non-quoted one which fails to parse HOT 1
- OPA test - fails to identify the keyword present in policy name and still passes all the tests without failing HOT 6
- OAuth2ClientCredentialsAuthPlugin: fatal error: concurrent map writes HOT 2
- Running `inspect` on a WASM bundle fails if the bundle contains an annotation with the `related_resources` metadata field HOT 3
- Update our wasmtime HOT 1
- AST: `text` element in location for annotations just says `#METADATA`
- Strange null results for multi-expression-query in case of `false` HOT 4
- docs: Missing monitoring metric `go_memstats_gc_cpu_fraction`
- regression: coverage change from 0.63.0+ HOT 3
- WithPartialEval losses r.Runtime HOT 1
- OPA panics in nested use of `every` HOT 3
- wasm: entrypoints for rules with "/" in their package parts are broken
- OPA high latency - potential cause: bad memory allocations HOT 1
- Add annotation to AST package node HOT 1
- Not clear why metadata attribute `entrypoint` requires `scope: rule` HOT 1
- Allow `opa inspect` to inspect a single file
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opa.