Anders Eknert anderseknert
👨💻
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "funcs": { | |
| "funcs": [ | |
| { | |
| "name": "g0.data.policy.is_admin", | |
| "params": [ | |
| 0, | |
| 1 | |
| ], | |
| "return": 2, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "plans": { | |
| "plans": [ | |
| { | |
| "name": "policy/allow", | |
| "blocks": [ | |
| { | |
| "stmts": [ | |
| { | |
| "type": "CallStmt", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "static": { | |
| "strings": [{"value": "result"}, {"value": "user"}, {"value": "roles"}, {"value": "admin"}], | |
| "builtin_funcs": [ | |
| { | |
| "name": "internal.member_2", | |
| "decl": { | |
| "args": [{"type": "any"}, {"type": "any"}], | |
| "result": {"type": "boolean"}, | |
| "type": "function" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package policy | |
| import future.keywords.if | |
| import future.keywords.in | |
| allow if is_admin | |
| is_admin if "admin" in input.user.roles |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package policy | |
| # Note the use of the allowed is_object function here | |
| response := is_object({ | |
| "method": "GET", | |
| "url": "https://www.openpolicyagent.org" | |
| }) | |
| # This would work (and send a HTTP request) even though | |
| # the http.send built-in function had been declared unsafe |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import json | |
| import os | |
| import subprocess | |
| import tempfile | |
| import yaml | |
| yaml.SafeDumper.org_represent_str = yaml.SafeDumper.represent_str |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| deny["S3 Bucket: 'AccessControl' attribute value must be 'Private'"] { | |
| not bucket_is_private | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bucket_is_private { | |
| input.resource.properties.AccessControl == "Private" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "myS3Bucket": { | |
| "Type": "AWS::S3::Bucket" | |
| } | |
| } |
anderseknert
/ resourcetypes.py
Last active
April 2, 2022 19:59
Crawling AWS docs for all CloudFormation resource types. Python vs. Rego!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import requests | |
| def main(): | |
| base = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide" | |
| resp = requests.get(f"{base}/toc-contents.json") | |
| body = resp.json() |