I am working on writing new rego policies.
I have few rules defined in single policy file which I want to break into sub policy and import it.
Something like this:
A.rego
package com.example
import com.example.B.evaluate
default allow:= false
allow {
evaluate
}
B.rego
package com.example
default evaluate:= false
evaluate {
input.role != "admin" # some condition
}
How to achieve this policy configuration? It's like implementing policySet from authzforce having multiple sub-policies.
Thanks in advance! Please pardon my knowledge of OPA
When you bundle your policies they will all be combined into one large policy, so they will be segmented based on the package name, not the file name.
some_name.rego
package com.example.A
import data.com.example.B.evaluate
default allow := false
allow {
evaluate
}
another_name.rego
package com.example.B
default evaluate := false
evaluate {
input.role != "admin" # some condition
}
Also shown in our docs here, which I'll admit is a little light. So if there's anything we can add to make it more understandable just let me know!
https://www.openpolicyagent.org/docs/latest/policy-language/#packages
Cheers, @peteroneilljr OPA Advocate