Comments (2)
chippyash
commented on July 1, 2024
Linting rules: Your linting rules require a flat interpretation of a rule at https://play.openpolicyagent.org/ e.g.
allow if {
# split the permission
perm_parts := split(input.permission, ":")
# parse the action
action := perm_parts[2]
# parse the resource
resource := concat(":", array.slice(perm_parts, 0, 2))
print("Query User:", input.user, "Resource:", resource, "Action:", action)
# lookup the list of roles for the user
roles := user_roles[input.user]
# for each role in that list
r := roles[_]
print("Checking Role:", r)
# lookup the permissions list for role r
permissions := role_permissions[r]
# for each permission
p := permissions[_]
# check if the permission granted to r matches the user's request
print("Evaluating:", p)
bits.and(to_number(glob.match(p.resource, [], resource)), to_number(glob.match(p.action, [], action)))
}
As this is a declarative language it makes much more sense to display looping thus:
allow if {
# split the permission
perm_parts := split(input.permission, ":")
# parse the action
action := perm_parts[2]
# parse the resource
resource := concat(":", array.slice(perm_parts,0,2))
print("Query User:", input.user, "Resource:", resource, "Action:", action)
# lookup the list of roles for the user
roles := user_roles[input.user]
# for each role in that list
r := roles[_]
print("Checking Role:", r)
# lookup the permissions list for role r
permissions := role_permissions[r]
# for each permission
p := permissions[_]
# check if the permission granted to r matches the user's request
print("Evaluating:", p)
bits.and(to_number(glob.match(p.resource, [], resource)), to_number(glob.match(p.action, [], action)))
}
There is some pythonesq stuff going on, and as I'm very new, I find the single indent very difficult to navigate. This is only a short example, adapted from the RBAC examplar but my example reads a lot clearer than the linted version.
Regards
Ashley
from opa.
anderseknert
commented on July 1, 2024
The Rego Playground is set up to run all of the Regal linter rules by default, but that's just a default set for the purpose of the playground. There is no requirement to agree with all of the rules :) If you download Regal yourself, you can easily disable any rule you disagree with, like the opa-fmt rule. Here's an example of a Regal configuration file to disable the formatter rule:
.regal/config.yaml
rules:
style:
opa-fmt:
level: ignorefrom opa.
Related Issues (20)
- Allow `not every` HOT 5
- Using non-collections with `every` should fail
- User defined headers are dropped with aws.sign_req HOT 5
- Formatter rewrites quoted reference containing keyword to non-quoted one which fails to parse HOT 1
- OPA test - fails to identify the keyword present in policy name and still passes all the tests without failing HOT 6
- OAuth2ClientCredentialsAuthPlugin: fatal error: concurrent map writes HOT 2
- Running `inspect` on a WASM bundle fails if the bundle contains an annotation with the `related_resources` metadata field HOT 3
- Update our wasmtime HOT 1
- AST: `text` element in location for annotations just says `#METADATA`
- Strange null results for multi-expression-query in case of `false` HOT 4
- docs: Missing monitoring metric `go_memstats_gc_cpu_fraction`
- regression: coverage change from 0.63.0+ HOT 3
- WithPartialEval losses r.Runtime HOT 1
- OPA panics in nested use of `every` HOT 3
- wasm: entrypoints for rules with "/" in their package parts are broken
- OPA high latency - potential cause: bad memory allocations HOT 1
- Add annotation to AST package node HOT 1
- Not clear why metadata attribute `entrypoint` requires `scope: rule` HOT 1
- Allow `opa inspect` to inspect a single file
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opa.