Open Policy Agent
Write allow and deny rules #68
Unanswered
gituserjava
asked this question in
OPA and Rego
Replies: 1 comment
-
|
Which rules are executed depends on which rule is queried. If you'd want both the deny and allow rule to be evaluated you'd normally have a third rule which invoked both and aggregated the result. Perhaps something like: deny {
input.attributes.request.http.method == POST
}
allow {
input.attributes.request.http.method == GET
}
decision := {
"alllow": allow,
"deny": deny,
} |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
What is the best practice to write deny rules along with allow rules? I have a use-case where I need to deny all the requests for a POST endpoint. I can write allow rules with a negation on request header but it is getting complicated. Please advise.
Question: If the deny rule evaluates to true, will the allow rule be executed and what will be the overall result?
Beta Was this translation helpful? Give feedback.
All reactions