From 89754d074a2abf197d28402e8863bf9cfa33773f Mon Sep 17 00:00:00 2001 From: Tobin Feldman-Fitzthum Date: Fri, 20 Dec 2024 17:09:13 -0600 Subject: [PATCH] policy: fixup simple default policy The OPA linter seems to have updated and now complains if we don't use an if before our blocks. This is unrelated to the rest of this PR. Signed-off-by: Tobin Feldman-Fitzthum --- .../src/token/simple_default_policy.rego | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/attestation-service/src/token/simple_default_policy.rego b/attestation-service/src/token/simple_default_policy.rego index b9b641dff..28c98ccb1 100644 --- a/attestation-service/src/token/simple_default_policy.rego +++ b/attestation-service/src/token/simple_default_policy.rego @@ -31,7 +31,7 @@ import future.keywords.every default allow = false -allow { +allow if { every k, v in input { # `judge_field`: Traverse each key value pair in the input and make policy judgments on it. # @@ -44,7 +44,7 @@ allow { } } -judge_field(input_key, input_value) { +judge_field(input_key, input_value) if { has_key(data.reference, input_key) reference_value := data.reference[input_key] @@ -57,16 +57,16 @@ judge_field(input_key, input_value) { match_value(reference_value, input_value) } -judge_field(input_key, input_value) { +judge_field(input_key, input_value) if { not has_key(data.reference, input_key) } -match_value(reference_value, input_value) { +match_value(reference_value, input_value) if { not is_array(reference_value) input_value == reference_value } -match_value(reference_value, input_value) { +match_value(reference_value, input_value) if { is_array(reference_value) # `array_include`: judge the input value with the values in the array. @@ -78,16 +78,16 @@ match_value(reference_value, input_value) { array_include(reference_value, input_value) } -array_include(reference_value_array, input_value) { +array_include(reference_value_array, input_value) if { reference_value_array == [] } -array_include(reference_value_array, input_value) { +array_include(reference_value_array, input_value) if { reference_value_array != [] some i reference_value_array[i] == input_value } -has_key(m, k) { +has_key(m, k) if { _ = m[k] }