Reputation: 152
How to import different policies inside OPA rego policy?
I am working on writing new rego policies.
I have few rules defined in single policy file which I want to break into sub policy and import it.
Something like this:
A.rego
package com.example
import com.example.B.evaluate
default allow:= false
allow {
evaluate
}
B.rego
package com.example
default evaluate:= false
evaluate {
input.role != "admin" # some condition
}
How to achieve this policy configuration? It's like implementing policySet from authzforce having multiple sub-policies.
Thanks in advance! Please pardon my knowledge of OPA
Upvotes: 2
Views: 4253
Answers (1)
Reputation: 106
When you bundle your policies they will all be combined into one large policy, so they will be segmented based on the package name, not the file name.
some_name.rego
package com.example.A
import data.com.example.B.evaluate
default allow := false
allow {
evaluate
}
another_name.rego
package com.example.B
default evaluate := false
evaluate {
input.role != "admin" # some condition
}
Also shown in our docs here, which I'll admit is a little light. So if there's anything we can add to make it more understandable just let me know!
https://www.openpolicyagent.org/docs/latest/policy-language/#packages
Cheers, @peteroneilljr OPA Advocate
Upvotes: 2
Related Questions
- Using OR condition in OPA rego
- Parameters in Rego rules [Open Policy Agent]
- open policy agent - How to persist policies from REST API?
- Is there a way in OPA to only evaluate policies relevant to certain request?
- OPA Rego - How to do tag or label matching
- Rego function to define variables
- OPA authorization policies with scopes and roles
- Using opa for abac to check user claims agains defined policies
- OPA conflicting policy
- apply my policy(policy.rego) bydfault to my opa