nicholasjackson/opa-rego-language
Rego is the declarative policy language used by Open Policy Agent (OPA). This tile covers writing and testing Rego policies for Kubernetes admission control, Terraform and infrastructure-as-code plan validation, Docker container authorization, HTTP API authorization, RBAC and role-based access control, data filtering, metadata annotations with opa inspect, and OPA policy testing with opa test.
99
Quality
Pending
Does it follow best practices?
Impact
99%
1.19xAverage score across 31 eval scenarios
Pending
The risk profile of this skill
task.mdevals/scenario-29/
Regal: Membership Operators — Department-Based Access Control
Write a Rego policy that allows access to API endpoints based on the user's department. Each endpoint has a set of allowed departments stored in data.endpoint_access. Deny access if the user's department is not in the allowed set.
Input
{
"method": "GET",
"path": "/api/reports",
"user": {"department": "engineering"}
}Data
data.endpoint_access maps paths to lists of allowed departments:
{
"/api/reports": ["engineering", "finance", "management"],
"/api/admin": ["management"]
}Expected behaviour
- Engineering department can access
/api/reports— allow - HR department cannot access
/api/reports— deny - Engineering department cannot access
/api/admin— deny - Deny by default if no matching path in
data.endpoint_access
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31