From fb4069fa016f9297dad5a2ef5eedc2fc2ed953cf Mon Sep 17 00:00:00 2001 From: Tobin Feldman-Fitzthum Date: Fri, 20 Dec 2024 17:09:13 -0600 Subject: [PATCH] policy: fixup simple default policy The OPA linter seems to have updated and now complains if we don't use an if before our blocks. This is unrelated to the rest of this PR. Signed-off-by: Tobin Feldman-Fitzthum --- .../src/token/simple_default_policy.rego | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/attestation-service/src/token/simple_default_policy.rego b/attestation-service/src/token/simple_default_policy.rego index b9b641dff..166ad7d35 100644 --- a/attestation-service/src/token/simple_default_policy.rego +++ b/attestation-service/src/token/simple_default_policy.rego @@ -29,9 +29,9 @@ package policy import future.keywords.every -default allow = false +default allow := false -allow { +allow if { every k, v in input { # `judge_field`: Traverse each key value pair in the input and make policy judgments on it. # @@ -44,7 +44,7 @@ allow { } } -judge_field(input_key, input_value) { +judge_field(input_key, input_value) if { has_key(data.reference, input_key) reference_value := data.reference[input_key] @@ -57,16 +57,16 @@ judge_field(input_key, input_value) { match_value(reference_value, input_value) } -judge_field(input_key, input_value) { +judge_field(input_key, input_value) if { not has_key(data.reference, input_key) } -match_value(reference_value, input_value) { +match_value(reference_value, input_value) if { not is_array(reference_value) input_value == reference_value } -match_value(reference_value, input_value) { +match_value(reference_value, input_value) if { is_array(reference_value) # `array_include`: judge the input value with the values in the array. @@ -78,16 +78,16 @@ match_value(reference_value, input_value) { array_include(reference_value, input_value) } -array_include(reference_value_array, input_value) { +array_include(reference_value_array, input_value) if { reference_value_array == [] } -array_include(reference_value_array, input_value) { +array_include(reference_value_array, input_value) if { reference_value_array != [] some i reference_value_array[i] == input_value } -has_key(m, k) { +has_key(m, k) if { _ = m[k] }