sbueringer · February 23, 2019 13:57
diff --git a/blog-opa-perf-authorization-query.reg.rb b/blog-opa-perf-authorization-query.reg.rb
 deny[{"id": id, "resource": {"kind": "services", "namespace": "dev", "name": "grafana-svc"}, "resolution": resolution}]
 with data["kubernetes"]["services"]["dev"]["grafana-svc"] as {
  "kind":"SubjectAccessReview",
  "apiVersion":"authorization.k8s.io/v1beta1",
  "metadata":{
    "creationTimestamp":null
  },
  "spec":{
    "resourceAttributes":{
      "namespace":"dev",
      "verb":"update",
      "version":"v1",
      "resource":"services",
      "name":"grafana-svc"
    },
    "user":"system:serviceaccount:default:controller",
    "group":[
      "system:serviceaccounts",
      "system:serviceaccounts:default",
      "system:authenticated"
    ],
    "uid":"1471011f-f954-11e8-8752-fa163e203532"
  },
  "status":{
    "allowed":false
  }
 }
	deny[{"id": id, "resource": {"kind": "services", "namespace": "dev", "name": "grafana-svc"}, "resolution": resolution}]
	with data["kubernetes"]["services"]["dev"]["grafana-svc"] as {
	"kind":"SubjectAccessReview",
	"apiVersion":"authorization.k8s.io/v1beta1",
	"metadata":{
	"creationTimestamp":null
	},
	"spec":{
	"resourceAttributes":{
	"namespace":"dev",
	"verb":"update",
	"version":"v1",
	"resource":"services",
	"name":"grafana-svc"
	},
	"user":"system:serviceaccount:default:controller",
	"group":[
	"system:serviceaccounts",
	"system:serviceaccounts:default",
	"system:authenticated"
	],
	"uid":"1471011f-f954-11e8-8752-fa163e203532"
	},
	"status":{
	"allowed":false
	}
	}