aboutsummaryrefslogtreecommitdiffstats
path: root/compose/config/opa-pdp/policies/abac/policy.rego
blob: 9dc6ea9be05af139215e3f50ea1507cb2d622871 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
package abac

import rego.v1

default allow := false

allow if {
 viewable_sensor_data
 action_is_read
}

action_is_read if "read" in input.actions

viewable_sensor_data contains view_data if {
 some sensor_data in data.abac.sensor_data
 sensor_data.timestamp >= input.time_period.from
 sensor_data.timestamp < input.time_period.to

 view_data := {datatype: sensor_data[datatype] | datatype in input.datatypes}
}