Heath
Reputation: 13
Multiple property rules
I must be missing the right words because I can not find how to create a rule that uses multiple properties of an object. I am trying to validate that "bob" has the action and resource in his list of endpoints.
The data looks like this:
"clientaccount_endpoints": [
{
"ClientId": "Bob",
"Endpoints": [
{
"Action": "GET",
"Resource": "employee",
"Tenantable": true
}]}]}
The input is this:
{
"clientaccount": "bob",
"action": "GET",
"resource": "employee"
}
This is what I tried:
clientaccount_entitled {
some i
data.clientaccount_endpoints[i].ClientId == input.clientaccount
data.clientaccount_endpoints[i].Action == input.action
data.clientaccount_endpoints[i].Resource == input.resource
}
Upvotes: 0
Views: 304
Answers (1)
Michael Sorens
Reputation: 36748
You are almost there but have a couple issues:
(1) Data in rego is case-sensitive; bob does not match Bob.
(2) Your paths are not correct--try this:
clientaccount_entitled {
some i,j
data.clientaccount_endpoints[i].ClientId == input.clientaccount
data.clientaccount_endpoints[i].Endpoints[j].Action == input.action
data.clientaccount_endpoints[i].Endpoints[j].Resource == input.resource
}
Upvotes: 0
Related Questions
- Using OR condition in OPA rego
- OPA rego policy - pattern matching using valid regex not working
- OPA Rego - How to do tag or label matching
- Can this Rego policy be simplified
- Rego function to define variables
- How to I combine the results of multiple rules
- OPA conflicting policy
- OPA Rego rule to check annotation in k8s namespace with other rules
- Rego: how to specify not having either of multiple conditions
- Limit OPA Rego to a single rule solution