anderseknert

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
    groups:
      dependencies:
        patterns:
          - "*"

anderseknert

package google_sql_database_instance

import rego.v1

violations contains db_instance.id if {
    some db_instance in input.google_sql_database_instance
    not valid_db_instance(db_instance)
}

valid_db_instance(db_instance) if every setting in db_instance.config.settings {

anderseknert

package accurics

import rego.v1

violations contains db_instance.id if {
    some db_instance in input.google_sql_database_instance
    some setting in db_instance.config.settings
    invalid_db_instance_setting(setting)
}

anderseknert

arr := [x | some x in input.my_array]

anderseknert

arr = my_array || []

anderseknert

allow if {
    # return input.user.name, or "anyomous" if the lookup fails
    user := object.get(input, ["user", "name"], "anonymous")
    user != "anonymous"

    # ... more conditions
}

anderseknert

deny := message if {
    code_reason_map := {
        400: "Bad request",
        404: "Not found",
        500: "Internal server error",
    }

    message := code_reason_map[status_code]
}

anderseknert

allow {
    # Simple way to "inline" an OR check — turn it into a "contains" problem
    input.request.method in {“HEAD”, “GET”}
}

anderseknert

# Expressions may be evaluated in any order
allow if expression1
allow if expression2
allow if expression3

# Expressions evaluated from top to bottom
allow if {
    expression1
} else {
    expression2

anderseknert

# First name may be either "joe" or "jane" for function to evaluate
# No rule body needed as argument passed will be matched for equality
allowed_firstname("joe")
allowed_firstname("jane")

# This works with multiple arguments too, where only some are matched
# statically
alcohol_allowed("Sweden", age) if age > 18
alcohol_allowed("USA",    age) if age > 21
alcohol_allowed(country,  age) if {