Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow more than one Variable in Partial Reference Rule Heads #5685

Closed
nevumx opened this issue Feb 23, 2023 · 3 comments
Closed

Allow more than one Variable in Partial Reference Rule Heads #5685

nevumx opened this issue Feb 23, 2023 · 3 comments
Assignees
@johanfylling
Labels
authoring feature-request rego
Projects
Open Policy Agent

Comments

@nevumx
Copy link

nevumx commented Feb 23, 2023
edited
Loading

What is the underlying problem you're trying to solve?

Currently, Partial Reference Rule Heads only allow the last term to be a variable, (as with this playground) or else they throw a rego_type_error: rule head must only contain string terms (except for last), as with this playground.

Describe the ideal solution

In the ideal scenario, one would be able to use an arbitrary number of variables in the rule head, as with this playground, however this also introduces a rego_parse_error.

Describe a "Good Enough" solution

In a "good enough" solution, only terms after the first term can be variables, as with this playground.

Additional Context

A motivating example is as follows: suppose one uses partial rules to define the context of an "allow" policy, before defining the conditions, like so:

allow.manager.view_compensation[entity] {
  some entity in ["employee", "contractor"]
  external.entity_reports_to_manager(input.entity, input.manager)
}

In order to add an action to this policy, one must currently add a new, nearly identical policy with a new action:

allow.manager.view_address[entity] {
  some entity in ["employee", "contractor"]
  external.entity_reports_to_manager(input.entity, input.manager)
}

if more than one variable were allowed in the rule head, one could simply add the policy to the variable:

allow.manager[action][entity] {
  some entity in ["employee", "contractor"]
  some action in ["view_compensation", "view_address"]
  external.entity_reports_to_manager(input.entity, input.manager)
}
@srenatus
Copy link
Contributor

Thanks for bringing this up! I totally agree, and this is what #5247 is about. But your examples are better 😃

@anderseknert
Copy link
Member

@srenatus should we close the previous issue in favor of this?

@srenatus srenatus mentioned this issue Feb 23, 2023
Closed
@ashutosh-narkar ashutosh-narkar added this to Backlog in Open Policy Agent via automation Mar 20, 2023
@tsandall
Copy link
Member

@johanfylling is going to look into this soon. We may be able to target v0.52.0 (end of April) once some initial scoping is done.

@ashutosh-narkar ashutosh-narkar moved this from Backlog to Planning - v0.52 in Open Policy Agent Mar 27, 2023
@johanfylling johanfylling moved this from Planned - v0.52 to In Progress in Open Policy Agent Apr 4, 2023
johanfylling added a commit to johanfylling/opa that referenced this issue Apr 6, 2023
@johanfylling
topdown: Adding support for multiple variables in rule refs
e954577 
WiP

Fixes: open-policy-agent#5685

Signed-off-by: Johan Fylling <johan.dev@fylling.se>
This was referenced Jun 9, 2023
Closed
Closed
Closed
Closed
Open Policy Agent automation moved this from In Progress to Done Oct 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johanfylling johanfylling

Labels
authoring feature-request rego
Projects
Open Policy Agent
  
Done
Milestone
No milestone
Development

No branches or pull requests
6 participants
@tsandall @anderseknert @srenatus @ashutosh-narkar @nevumx @johanfylling