我有以下 Rego 政策:
package authz
import future.keywords.in
# The permissions the user has for each property
permissions[property_id][permission] {
some property_id, property_roles in input.subject.property_roles
some permission, roles in data.common.permissions_roles
property_roles == roles
}
输入以下内容:
{
"subject": {
"property_roles": {
"K1": [
"R1"
]
}
}
}
以及以下数据:
{
"common": {
"permissions_roles": {
"property.create": [
"R0"
],
"service.read": [
"R1"
],
"service.modify": [
"R1"
]
}
}
}
游乐场可以在这里找到。
目标是构建一个以字符串作为键、字符串数组作为值的字典,类似于:
{
"permissions": {
"K1": ["service.modify", "service.read"]
}
}
到目前为止,我可以得到这个:
{
"permissions": {
"K1": {
"service.modify": true,
"service.read": true
}
}
}
我也尝试使用
permissions[property_id] = [permission]
,这是我所期望的,但后来出现以下错误:
policy.rego:6: eval_conflict_error: object keys must be unique
我希望有人能提出更好的方法来实现目标!
您可以通过导入
future.keywords.contains
然后更改规则标头以使用 contains 来实现所需的输出:
package authz
import future.keywords.contains
import future.keywords.in
# The permissions the user has for each property
permissions[property_id] contains permission {
some property_id, property_roles in input.subject.property_roles
some permission, roles in data.common.permissions_roles
property_roles == roles
}
一些参考读物可以在这里找到: