OPA (Open Policy Agent): Part-2: Rego – Input Variable

Share At:

Open Policy Agent: Integration Overview | Curity

Overview

In this article, we are going to learn about how we can pass input variable to OPA policy.

Working Example

  1. Let’s create a Directory called test3 and create 2 files like below:

This is a very simple policy where we are checking a rule called “hello”. By default the hello rule is set to false.

We have defined a input variable called “message” and passing the value from another file called “input.json”.

policy.rego

package rules

default hello = false

hello {
    m := input.message
    m == "world"
}

input.json

{
    "message": "world"
}

Testing the Policy

The testing of the policy can be done in different ways like below.

Since we are passing input value as “world” to the policy, our policy should pass and return true. Now let’s test it.

Method-1:

Run below command to test the policy

opa eval --data policy.rego --input input.json 'data.rules.hello'

The output will be something like below:

{
  "result": [
    {
      "expressions": [
        {
          "value": true,
          "text": "data.rules.hello",
          "location": {
            "row": 1,
            "col": 1
          }
        }
      ]
    }
  ]
}

See the value returned is showing as “true”. This is what we were expecting !!

Method-2: Alternatively we can test our policy like below:

opa eval --format values --data policy.rego --input input.json 'data.rules.hello'

The output will be something like below:

[
  true
]

Method-3: There is one more way we can test it:

opa eval --format pretty --data policy.rego --input input.json 'data.rules.hello'

The output will be something like this:

true

This concludes our second tutorial on OPA policy and Rego.

Happy Learning !!


Share At:
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Back To Top

Contact Us