nicholasjackson/opa-rego-language
Rego is the declarative policy language used by Open Policy Agent (OPA). This tile covers writing and testing Rego policies for Kubernetes admission control, Terraform and infrastructure-as-code plan validation, Docker container authorization, HTTP API authorization, RBAC and role-based access control, data filtering, metadata annotations with opa inspect, and OPA policy testing with opa test.
99
Quality
Pending
Does it follow best practices?
Impact
99%
1.19xAverage score across 31 eval scenarios
Pending
The risk profile of this skill
task.mdevals/scenario-30/
Regal: Naming Conventions — RBAC Policy
Write a Rego policy in the package rbac.authz that implements role-based access control for API endpoints. Users have roles stored in data.user_roles. Roles have permissions stored in data.role_permissions. Allow access when the user's role grants the required permission for the requested endpoint and method.
Input
{
"user": "alice",
"method": "GET",
"path": "/api/reports"
}Data
{
"user_roles": {"alice": "engineer", "bob": "admin"},
"role_permissions": {
"engineer": ["reports:read"],
"admin": ["reports:read", "reports:write", "users:read", "users:write"]
}
}Expected behaviour
- Alice (engineer) can GET
/api/reports(hasreports:read) — allow - Alice (engineer) cannot POST
/api/reports(noreports:write) — deny - Bob (admin) can POST
/api/reports— allow - Unknown user with no role — deny
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31