我是 OPA 和 rego 文件的新手。我创建了一个这样的 rego 文件:
package sample.access
import data.myaccess
default allow = false
allow = true {
myaccess.is_user_allowed(input.user)
}
而且,我已经创建了这样的测试 rego 文件:
package sample.access
test_allow_positive{
allow with input as {
"user": "user1"
} with data.myaccess as {
{
{"user": "user1"},
{"user": "user2"}
}
}
}
当我运行这个测试用例时,我收到类似"rego_type_error: undefined function data.myaccess.is_user_allowed" 的错误。帮我解决这个问题。谢谢
最佳答案
我假设这就是您要尝试做的:
创建规则 allow
,如果 input.user
来自调用时传递的一组用户,则返回 true
。为此,您可以使用规则:
package sample.access
allow {
data.allowed[input.user]
}
相应的单元测试:
package sample.access
test_allow {
allow with input as {
"user": "user1"
} with data.allowed as {"user1", "user2"}
}
test_deny {
not allow with input as {
"user": "user3"
} with data.allowed as {"user1", "user2"}
}
请注意,您无需显式导入将在运行时传递的参数。
如果您的输入数据需要采用 {"user": "id"}
列表的形式,那么您应该使用 set comprehension .
package sample.access
allow {
is_user_allowed = {user | user = data.allowed[_].user}
is_user_allowed[input.user]
}
然后您的单元测试需要这样修改:
package sample.access
test_allow {
allow with input as {
"user": "user1"
} with data.allowed as {
{"user": "user1"},
{"user": "user2"}
}
}
test_deny {
not allow with input as {
"user": "user3"
} with data.allowed as {
{"user": "user1"},
{"user": "user2"}
}
}
关于unit-testing - rego_type_error : undefined function,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65870501/