avoidik · December 9, 2021 15:46
diff --git a/policy.sentinel b/policy.sentinel
 import "sockaddr"
 import "strings"

 #
 # allow update secrets under secret/ path only to clients coming from 10.0.0.0/8 CIDR range
 #

 precond = rule {
    request.operation in ["update"] and
    strings.has_prefix(request.path, "secret/")
 }

 cidrcheck = rule {
    sockaddr.is_contained(request.connection.remote_addr, "10.0.0.0/8")
 }

 main = rule when precond {
    cidrcheck
 }
	import "sockaddr"
	import "strings"

	#
	# allow update secrets under secret/ path only to clients coming from 10.0.0.0/8 CIDR range
	#

	precond = rule {
	request.operation in ["update"] and
	strings.has_prefix(request.path, "secret/")
	}

	cidrcheck = rule {
	sockaddr.is_contained(request.connection.remote_addr, "10.0.0.0/8")
	}

	main = rule when precond {
	cidrcheck
	}