Skip to content

Commit a4b246e

Browse files
labrenbelabrenbe
committed
change rego rules to reflect changes in OpaResponse
1 parent aa28250 commit a4b246e

1 file changed

Lines changed: 20 additions & 20 deletions

File tree

rego/nifi_rules.rego

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -17,15 +17,15 @@ import data.nifi_comp
1717

1818
# default return values
1919
default allow = {
20-
"allowed": "unknown",
20+
"resourceNotFound": true,
2121
"dumpCache": true
2222
}
2323

2424
### GLOBAL POLICIES
2525

2626
# check for reading permission
2727
allow := {
28-
"allowed": "true",
28+
"allowed": true,
2929
"dumpCache": true
3030
} if {
3131
nifi_glob.res_is_global_type
@@ -35,7 +35,7 @@ allow := {
3535

3636
# check for writing permission
3737
allow := {
38-
"allowed": "true",
38+
"allowed": true,
3939
"dumpCache": true
4040
} if {
4141
nifi_glob.res_is_global_type
@@ -45,7 +45,7 @@ allow := {
4545

4646
# check for full permission when action is read
4747
allow := {
48-
"allowed": "true",
48+
"allowed": true,
4949
"dumpCache": true
5050
} if {
5151
nifi_glob.res_is_global_type
@@ -55,7 +55,7 @@ allow := {
5555

5656
# check for full permission when action is write
5757
allow := {
58-
"allowed": "true",
58+
"allowed": true,
5959
"dumpCache": true
6060
} if {
6161
nifi_glob.res_is_global_type
@@ -65,7 +65,7 @@ allow := {
6565

6666
# check for denied permission
6767
allow := {
68-
"allowed": "false",
68+
"allowed": false,
6969
"dumpCache": true,
7070
"message": sprintf("Action %s on global resource %s denied.", [nifi_inp.action, nifi_inp.resource_name])
7171
} if {
@@ -81,7 +81,7 @@ allow := {
8181

8282
# explicit allowed
8383
allow := {
84-
"allowed": "true",
84+
"allowed": true,
8585
"dumpCache": true
8686
} if {
8787
nifi_comp.comp_is_root_type
@@ -92,7 +92,7 @@ allow := {
9292

9393
# implicit denied
9494
allow := {
95-
"allowed": "false",
95+
"allowed": false,
9696
"dumpCache": true,
9797
"message": sprintf("Action %s on component %s is implicity denied.", [nifi_inp.action, nifi_inp.resource_name])
9898
} if {
@@ -107,7 +107,7 @@ allow := {
107107

108108
# explicit root-inherit allowed
109109
allow := {
110-
"allowed": "true",
110+
"allowed": true,
111111
"dumpCache": true
112112
} if {
113113
nifi_comp.comp_is_root_type
@@ -119,7 +119,7 @@ allow := {
119119

120120
# implicit root-inherit denied
121121
allow := {
122-
"allowed": "false",
122+
"allowed": false,
123123
"dumpCache": true,
124124
"message": sprintf("Action %s on component %s is implicity denied.", [nifi_inp.action, nifi_inp.resource_name])
125125
} if {
@@ -132,7 +132,7 @@ allow := {
132132

133133
# explicit root-inherit denied
134134
allow := {
135-
"allowed": "false",
135+
"allowed": false,
136136
"dumpCache": true,
137137
"message": sprintf("Action %s on component %s is explicitly denied.", [nifi_inp.action, nifi_inp.resource_name])
138138
} if {
@@ -148,7 +148,7 @@ allow := {
148148

149149
# explicit root component allowed
150150
allow := {
151-
"allowed": "true",
151+
"allowed": true,
152152
"dumpCache": true
153153
} if {
154154
nifi_comp.comp_is_root_type
@@ -162,7 +162,7 @@ allow := {
162162

163163
# implicit denied
164164
allow := {
165-
"allowed": "false",
165+
"allowed": false,
166166
"dumpCache": true,
167167
"message": sprintf("Action %s on component %s is implicity denied.", [nifi_inp.action, nifi_inp.resource_name])
168168
} if {
@@ -177,7 +177,7 @@ allow := {
177177

178178
## check for illegal 'non-root equals root name' component name
179179
allow := {
180-
"allowed": "false",
180+
"allowed": false,
181181
"dumpCache": true,
182182
"message": sprintf("Multiple use of root component name %s detected.", [nifi_inp.resource_name])
183183
} if {
@@ -193,7 +193,7 @@ allow := {
193193

194194
# explicit node component allowed
195195
allow := {
196-
"allowed": "true",
196+
"allowed": true,
197197
"dumpCache": true
198198
} if {
199199
nifi_comp.comp_is_node_type
@@ -206,7 +206,7 @@ allow := {
206206

207207
# explicit node component permission changed
208208
allow := {
209-
"allowed": "false",
209+
"allowed": false,
210210
"dumpCache": true,
211211
"message": sprintf("Action %s on component %s is implicitly denied.", [nifi_inp.action, nifi_inp.resource_name])
212212
} if {
@@ -222,7 +222,7 @@ allow := {
222222

223223
# explicit node denied
224224
allow := {
225-
"allowed": "false",
225+
"allowed": false,
226226
"dumpCache": true,
227227
"message": sprintf("Action %s on component %s is explicity denied.", [nifi_inp.action, nifi_inp.resource_name])
228228
} if {
@@ -238,7 +238,7 @@ allow := {
238238

239239
# explicit node component allowed
240240
allow := {
241-
"allowed": "true",
241+
"allowed": true,
242242
"dumpCache": true
243243
} if {
244244
nifi_comp.comp_is_node_type
@@ -251,7 +251,7 @@ allow := {
251251

252252
# implicit node component permission changed
253253
allow := {
254-
"allowed": "false",
254+
"allowed": false,
255255
"dumpCache": true,
256256
"message": sprintf("Action %s on component %s is implicitly denied.", [nifi_inp.action, nifi_inp.resource_name])
257257
} if {
@@ -266,7 +266,7 @@ allow := {
266266

267267
# explicit node denied
268268
allow := {
269-
"allowed": "false",
269+
"allowed": false,
270270
"dumpCache": true,
271271
"message": sprintf("Action %s on component %s is explicity denied.", [nifi_inp.action, nifi_inp.resource_name])
272272
} if {

0 commit comments

Comments
 (0)