Posts

Chat GPT

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Here's an example of how you could use Atlantis to run Terraform apply only if the OPA evaluation returns true: #!/bin/bash # Evaluate the OPA policy result=$(opa eval --data ./data.json --format json --pretty ./policy.rego 'data.terraform.allowed') # Extract the result of the evaluation allowed=$(echo $result | jq -r '.result') if [ "$allowed" == "true" ]; then # If OPA evaluation is true, run Terraform apply terraform apply else # If OPA evaluation is false, return an error echo "Terraform apply not allowed by OPA policy" exit 1 fi This script uses the opa command line tool to evaluate the policy defined in the policy.rego file with the data in data.json . The result of the evaluation is stored in the result variable, and the allowed variable is extracted from the re
Post a Comment
Read more

Atlantis & OPA Rego | Conftest

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Conftest https://www.conftest.dev/ Atlantis for OPA Policy https://www.runatlantis.io/docs/policy-checking.html ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    
Post a Comment
Read more

Sty -OPA - Rego : Basic Rego Rules

Image
 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Boolean Rules & Evaluation OPA Policy Authorization : Through out we will be using API policy evaluation . This is very simple use case and a common use case.  Boolean Rules : Remember that every rule is an IF statement . When you are going to write an IF statement you are going to assign a value . Multiple Rules : In all of those rules we were thinking of them in Isolation . But with OPA you can goahead and write multiple rule and if you do that you will end up with writing a logical OR. Even though you can write multiple . What happens when non of the Rules Succeed. Then the value of that rule is undefined. But in some cases you do not want the default "undefined" result and - if non of the rules succeed. default is_read = false This is achieved by defining the result as - false This says that non of the value s
Post a Comment
Read more

Sty -OPA - Rego : Comparing and Constructing Values

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  How to do some Equality Checks Equality Expressions : Array is above one , below is sets . Sets are sometimes surprising to people.     These two sets has got all the same element . The order in which they appear is Irrelevant and the number of times each of this appears is irrelevant.   There is another kind of Equality operator. The x in the first bracket , it finds x is not  the same as the one on the right and it assume x as variable and assigns the value 2 on the right to x on the left. Rego Build in Functions : Build in functions do a loads of comparisons and functions .
Post a Comment
Read more