Task: Data Validation Policy

Create a data validation policy in Rego that validates a user registration payload and collects all constraint violations.

Requirements

Policy file

Create validation.rego with package data.validation and import rego.v1.

The policy evaluates the following input structure:

{
  "name": "Alice Smith",
  "email": "alice@example.com",
  "age": 30,
  "role": "user"
}

Define a multi-value violations rule (a set of strings) — do not use a boolean pattern. Each broken constraint should add a distinct error message to the set. A valid payload must produce an empty set.

Implement the following checks:

1. Required name

input.name must be present and must be a non-empty string. Violation message:

name is required and must be a non-empty string

2. Valid email

input.email must be present and must match the regular expression ^[^@]+@[^@]+\.[^@]+$. Violation message:

email is required and must be a valid email address

3. Age range

input.age must be a number greater than or equal to 18 and less than or equal to 120. Produce separate messages for each case:

age must be at least 18
age must be no greater than 120

4. Valid role

input.role must be one of: "admin", "user", "readonly". Violation message:

role must be one of: admin, user, readonly

Test file

Create validation_test.rego with package data.validation_test and import rego.v1.

Use the with input as { ... } keyword in every test. Include tests for:

• A fully valid payload — violations must be an empty set
• A payload with an empty name — violations must contain the name message
• A payload with a malformed email (e.g. "not-an-email") — violations must contain the email message
• A payload with age below 18 — violations must contain the under-age message
• A payload with age above 120 — violations must contain the over-age message
• A payload with an invalid role — violations must contain the role message

Run the tests

Run opa test . -v and confirm all tests pass.