aboutsummaryrefslogtreecommitdiffstats
path: root/compose/config/opa-pdp/policies/abac/policy.rego
diff options
context:
space:
mode:
Diffstat (limited to 'compose/config/opa-pdp/policies/abac/policy.rego')
-rw-r--r--compose/config/opa-pdp/policies/abac/policy.rego20
1 files changed, 20 insertions, 0 deletions
diff --git a/compose/config/opa-pdp/policies/abac/policy.rego b/compose/config/opa-pdp/policies/abac/policy.rego
new file mode 100644
index 00000000..9dc6ea9b
--- /dev/null
+++ b/compose/config/opa-pdp/policies/abac/policy.rego
@@ -0,0 +1,20 @@
+package abac
+
+import rego.v1
+
+default allow := false
+
+allow if {
+ viewable_sensor_data
+ action_is_read
+}
+
+action_is_read if "read" in input.actions
+
+viewable_sensor_data contains view_data if {
+ some sensor_data in data.abac.sensor_data
+ sensor_data.timestamp >= input.time_period.from
+ sensor_data.timestamp < input.time_period.to
+
+ view_data := {datatype: sensor_data[datatype] | datatype in input.datatypes}
+}