REGO-Lang

 ===========================================================================     =========================================================================== ====Another example of fetching the information package play default let_do := false let_do = true {    resource := input[_]    resource.hosts == "databases" }   Result : {     "let_do": true }   ============ INPUT FILE  [   {     "name": "Update web servers",     "hosts": "webservers",     "remote_user": "root",     "tasks": [       {         "name": "Ensure apache is at the latest version",         "ansible.builtin.yum": {           "name": "httpd",           "state": "latest"         }       },       {         "name": "Write the apache config file",         "ansible.builtin.template": {           "src": "/srv/httpd.j2",   

 ===========================================================================      =========================================================================== OPA can be embedded inside Go programs as a library. The simplest way to embed OPA as a library is to import the github.com/open-policy-agent/opa/rego package. import "github.com/open-policy-agent/opa/rego"

 =============================================================================  https://www.youtube.com/watch?v=ejH4EzmL7e0 ============================================================================= default hello := false hello if input.message == "world"  ---- {     "message": "world" } ================== Both means the same . default hello := false or default hello = false hello = true {    m := hello.message    m == "world" } or hello {    m := hello.message    m == "world" } INPUT Message {    "message": "world" } ====Another example of fetching the information package play default let_do := false let_do = true {    resource := input[_]    resource.hosts == "databases" }   Result : {     "let_do": true } ============  Another Scenarios default hello := false hello =  "You are not allowed to do this"   // You can in face write messages instead of true or false {    m := hello.messa

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    bash-4.2$ ./opa eval --format values --data policy1.rego --input ansibleplan.json "data.rules" [   {     "allow_update": false   } ] ./opa eval --format pretty --data policy1.rego --input nsupdate-con111.json "data.rules" ./opa eval --format pretty --data policy-111.rego --input meteor.json "data.ast" ./opa eval --format values --data policy-111.rego --input meteor.json "data.ast" ./opa eval --format values --data policy-111.rego --input meteor.json "data.ast"   BELOW TWO TO EVALUATE BELOW TWO SCENARIOS ./opa eval --format pretty --data terraform1.rego --input tfplan222.json "data.terraform.analysis" > ops-eval_CHECK1.txt ./opa eval --format pretty --data terraform1.rego --input tfplan11.json "data.terraform.analysis" ./opa eval --format pretty --data

package example import future.keywords.every default allow_update := false allow_update {    resource := input[_]    dns_update := resource[ "ngine_io.vultr.vultr_dns_record" ]    dns_update.record_type == "CNAME" } allow_update {    resource := input[_]    dns_update := resource[ "ngine_io.vultr.vultr_dns_record" ]    dns_update.record_type == "AAA" } # deny MX Records from being updated deny[msg] {       resource := input[_]     dns_record := resource[ "ngine_io.vultr.vultr_dns_record" ]     dns_record.record_type == "MX"                               msg := sprintf ( "dns_record '%v' Our policy recommends no changes to MX records" , [dns_record])     } INPUT file . [   {     "name" : "Ensure an A record exists" ,     "ngine_io.vultr.vultr_dns_record" : {       "name" : "www" ,       "domain" : "example.com" ,       "data" : &q

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  ==The below is working package example import future.keywords.every #default allow_update := false #allow_update { #  resource := input[_] #  dns_record := resource["ngine_io.vultr.vultr_dns_record"] #  dns_record.record_type == "CNAME" # } deny[msg] {       resource := input[_]     dns_record := resource["ngine_io.vultr.vultr_dns_record"]     dns_record.record_type == "MX"                                    msg := sprintf("dns_record '%v' No change is recommended for MX records", [dns_record])     } INPUT FILE [     {       "name": "Ensure an A record exists",       "ngine_io.vultr.vultr_dns_record": {         "name": "www",         "domain": "example.com",         "data": "10.10.10.10"