Comments (6)
Thank your helping. I think we got the issue. This is not a bug, a miss from our end. The rules added were only test rules not of any significance.
from opa.
Please provide an example policy.
from opa.
I have updated the description. The policy name has promoPackage but if you write any tests it will still pass. But the bundles do now allow such path at all, So should we not include this in test results as well ?
from opa.
I'm confused is that your exact policy? Because that package name works fine -- I just tried in the playground.
How do you experience
the bundles do now allow such path at all
exactly?
from opa.
BTW I think it's instructive to run your policy on the playground: see here.
In the lower right, you'll notice some Regal findings, and one of them stands out to me: "impossible not".
bugs/impossible-not: Impossible
not
condition (Learn more)
That line,
deny[output] {
not permit # <------
output := "deny "
}
cannot fail because it's a multi-value rule (or "partial set rule"). Even if its body never succeeds, the result with be an empty set, and not ...
of that is false.
As a remedy, you could write count(permit) == 0
or permit == set()
. See here for more details.
from opa.
Adding to what @srenatus said, there are more impossible conditions, or expressions that are essentially constant in your policy:
authorize = deny[output] {
deny
}
authorize = permit[output] {
permit
}
As both deny
and permit
are multi-value rules, they will always evaluate to something (minimum, an empty set), so they'll always evaluate "truthy".
Perhaps if you describe what you're trying to accomplish, we can try and help write a policy for that purpose 🙂
from opa.
Related Issues (20)
- Improve `concat` to accept numeric values HOT 2
- OPA support for persisted bundles with names using special characters in Windows HOT 7
- Reuse service from configuration in http.send HOT 3
- builtins: Error JWT but payload is not JSON when using io.jwt.encode_sign with set as payload value HOT 8
- Lost in iteration: values lost when iterating ref head rules mixing static and dynamic paths HOT 2
- Add metadata annotation for reusable schema references HOT 1
- Ref-head partial object doc rules can cause nil pointer dereference in compiler
- Extend METADATA scopes to include "file" scope HOT 1
- Improvement of OpenSSF Scorecard Score HOT 2
- OPA does not save bundle files to disk HOT 4
- Add support for OpenTelemetry resource attributes HOT 1
- `inspect` command does not always detect undefined functions HOT 6
- Support customizing bucket boundaries for status metrics `bundle_loading_duration_ns` HOT 2
- Make http headers appear in decision logs regardless of log level
- Consider a recommended name for OPA server configuration file
- [Perf] Cache schema types HOT 3
- OPA response is nil issue HOT 10
- calling `Module.String()` returns an invalid module for Rego V1 HOT 2
- The inter-query cache has intermittent test failures
- variables in closure of every block are sometimes not recognized HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opa.