opa icon indicating copy to clipboard operation
opa copied to clipboard

Published 20 hours ago verified publisher icon open-policy-agent

Improve rule indexer to support multiple expressions

Open tsandall opened this issue 6 years ago • 1 comments

Currently, rule index lookups only support static expressions of the form <ref> = <constant> where the <ref> typically refers to an input value. In many cases, it would be advantageous if rule index lookups could resolve more dynamic expressions in the context of queries like...

x = input.method
y = upper(x)
y = "GET"

To achieve this, the rule index construction will need to be more intelligent and lookups may need to perform evaluation (recursively).

tsandall avatar Mar 06 '18 18:03 tsandall

#4894 revealed that "naked refs" (for the lack of a better term) also aren't considered for indexing.

E.g.

allow {
  input.just_be_present
}

whereas something like this is,

allow {
  input.just_be_present != false
}

through the ordinary rewriting to an equal expression, and that being indexed.

srenatus avatar Jul 18 '22 09:07 srenatus