This directory contains a simple OPA policy and a pre-built IR bundle for use with the SDK examples.
policy.rego defines a rule example/allow that grants access when:
- The user is
"admin", or - The action is
"read"and the user is in theauthorized_readerslist
data.json provides the static data:
{
"authorized_readers": ["alice", "bob", "charlie"]
}| Input | Result | Reason |
|---|---|---|
{"user": "admin", "action": "write"} |
true |
admin always allowed |
{"user": "alice", "action": "read"} |
true |
alice is an authorized reader |
{"user": "alice", "action": "write"} |
false |
alice can only read |
{"user": "eve", "action": "read"} |
false |
eve is not an authorized reader |
If you modify the policy or data, rebuild with:
cd examples
opa build -t plan -e 'example/allow' -b . -o bundle.tar.gz