nicholasjackson/opa-rego-language
Rego is the declarative policy language used by Open Policy Agent (OPA). This tile covers writing and testing Rego policies for Kubernetes admission control, Terraform and infrastructure-as-code plan validation, Docker container authorization, HTTP API authorization, RBAC and role-based access control, data filtering, metadata annotations with opa inspect, and OPA policy testing with opa test.
99
Quality
Pending
Does it follow best practices?
Impact
99%
1.19xAverage score across 31 eval scenarios
Pending
The risk profile of this skill
task.mdevals/scenario-27/
Regal: Import Conventions — JWT Authorization with Helper Library
Write two Rego files:
-
lib/jwt.rego— packagelib.jwtwith adecode_claims(token)function that splits a JWT by., base64-decodes the second part, and JSON-parses it to return the claims object. -
authz.rego— packageapi.authzthat:- Imports the helper package with
import data.lib.jwt(not individual functions) - Uses
jwt.decode_claims(input.token)to get claims - Allows access when the
roleclaim is"admin"or"editor" - All imports appear before any rules
- No redundant aliases (don't alias
jwtasjwt)
- Imports the helper package with
Input
{"token": "<jwt-string>"}Expected behaviour
- Token with
role: "admin"→ allow - Token with
role: "editor"→ allow - Token with
role: "viewer"→ deny - Invalid/missing token → deny
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31