Open Policy Agent
how to write a policy that will only allow certain keys to exist in data #252
-
|
hello everyone, i have a case where the user with a role of client can only update his password and nothing else. how to write that policy? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @pccrazy 👋 That would depend on how your API is structured, but as an example — if the input were to look something like this: {
"request": {
"method": "PUT",
"path": [
"users",
"abc123",
"password"
]
},
"user": {
"id": "abc123",
"roles": [
"client"
]
}
}A policy to allow updates of the users' password resource could look something like this: package play
import future.keywords.if
import future.keywords.in
default allow := false
allow if {
input.request.method == "PUT"
input.request.path == ["users", input.user.id, "password"]
"client" in input.user.roles
}Full example in the Rego Playground. |
Beta Was this translation helpful? Give feedback.
-
|
Hello @anderseknert, i apologies for the late replay. i some how missed the notification of the replay. |
Beta Was this translation helpful? Give feedback.
Hi @pccrazy 👋
That would depend on how your API is structured, but as an example — if the input were to look something like this:
{ "request": { "method": "PUT", "path": [ "users", "abc123", "password" ] }, "user": { "id": "abc123", "roles": [ "client" ] } }A policy to allow updates of the users' password resource could look something like this:
Full exampl…