Reputation: 944
Pass back a value from Open Policy Agent (OPA) query
Instead of seeing who can access what, I want to setup policies that return how many connections are allowed per second, or, how much bandwidth is allowed. How do I define my policies to return values instead of true/false?
Upvotes: 1
Views: 1473
Answers (1)
Reputation: 1609
Complete rules are just if-then statements that assign a VALUE to a VARIABLE. When the VALUE is omitted, it's implicitly true:
allow { input.method == "GET" }
Is equivalent to:
allow = true { input.method == "GET" }
There is nothing special about allow or true though; you could similarly define a rule that sets the connections per second limit:
connections_per_second = 7 { input.tier == "gold" }
If you have multiple definitions just be aware that only one can succeed (otherwise OPA will raise a conflict error). You need to resolve the conflict inside of your policy. There are different ways of handling this, e.g., default, else, negation, etc.
Upvotes: 3
Related Questions
- Parameters in Rego rules [Open Policy Agent]
- how to control/sanitise Open Policy Agent (OPA) response
- Is there a way in OPA to only evaluate policies relevant to certain request?
- OPA Rego - How to do tag or label matching
- Rego function to define variables
- Retrieve a value from a set where the key comes from another set in Open Policy Agent (OPA)
- OPA unit-test failing, How to output response variable?
- OPA conflicting policy
- apply my policy(policy.rego) bydfault to my opa
- Open Policy Agent (OPA) Rego - Accessing Input Object Nested Fields At Runtime