Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 4b0e5c075a81a7ea251c5c85af1d15c5ab54e962 / . / core / internal / iam / policies.go
blob: b17b6231ec5884cc388cf7de3294d5ed1ac9d18a [file] [log] [blame]
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]1// Copyright 2020 The Monogon Project Authors.
2//
3// SPDX-License-Identifier: Apache-2.0
4//
5// Licensed under the Apache License, Version 2.0 (the "License");
6// you may not use this file except in compliance with the License.
7// You may obtain a copy of the License at
8//
9// http://www.apache.org/licenses/LICENSE-2.0
10//
11// Unless required by applicable law or agreed to in writing, software
12// distributed under the License is distributed on an "AS IS" BASIS,
13// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14// See the License for the specific language governing permissions and
15// limitations under the License.
16
17package main
18
19import (
20 "context"
21 "fmt"
22 "github.com/open-policy-agent/opa/ast"
23 "github.com/open-policy-agent/opa/rego"
24 "github.com/open-policy-agent/opa/util"
25)
26
27type dataSetProfile struct {
28 numTokens int
29 numPaths int
30}
31
32func main() {
33 ctx := context.Background()
34 compiler := ast.NewCompiler()
35 module := ast.MustParseModule(policy)
36
37 compiler.Compile(map[string]*ast.Module{"": module})
38 if compiler.Failed() {
39 }
40
41 r := rego.New(
42 rego.Compiler(compiler),
43 rego.Input(util.MustUnmarshalJSON([]byte(`{
44 "token_id": "deadbeef",
45 "path": "mna",
46 "method": "GET"
47 }`))),
48 rego.Query("data.restauthz"),
49 )
50
51 rs, err := r.Eval(ctx)
52 if err != nil {
53 panic(err)
54 }
55 fmt.Printf("%v", rs)
56}
57
58const policy = `package restauthz
59
60default allow = false
61
62allow {
63 input.method == "GET"
64}
65
66allow {
67 not input.method == "GET"
68}
69`