diff options
Diffstat (limited to 'compose/config/opa-pdp/policies/organization/policy.rego')
-rw-r--r-- | compose/config/opa-pdp/policies/organization/policy.rego | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/compose/config/opa-pdp/policies/organization/policy.rego b/compose/config/opa-pdp/policies/organization/policy.rego new file mode 100644 index 00000000..31e7fb66 --- /dev/null +++ b/compose/config/opa-pdp/policies/organization/policy.rego @@ -0,0 +1,38 @@ +package organization + +import rego.v1 + +default allow := false + +# organization level access +allow if { + some acl in data.organization.acls + acl.user == input.user + acl.organization == input.organization + acl.project == input.project + acl.component == input.component + + some action in acl.actions + action == input.action +} + +# project level access +allow if { + some acl in data.organization.acls + acl.user == input.user + acl.organization == input.organization + acl.project == input.project + + some action in acl.actions + action == input.action +} + +# component level access +allow if { + some acl in data.organization.acls + acl.user == input.user + acl.organization == input.organization + + some action in acl.actions + action == input.action +} |