3

I am new to OPA and rego files. I have created a rego file like this :

package sample.access
import data.myaccess

default allow = false
allow = true {
    myaccess.is_user_allowed(input.user)
}

And, I have created test rego file like this :

package sample.access

test_allow_positive{
    allow with input as {
        "user": "user1"
    } with data.myaccess as {
        {
            {"user": "user1"},
            {"user": "user2"}
        }
            
    }
}

When I run this test case, I am getting error like "rego_type_error: undefined function data.myaccess.is_user_allowed". Help me to fix this. Thanks

Improve this question
3
  • 1
    If the myaccess policy defines the is_user_allowed function, ensure that it is loaded when OPA starts. Commented Jan 30, 2021 at 17:42
  • yes,its been loaded.. Commented Feb 6, 2021 at 18:42
  • 2
    Could you include your other policy file in your example for completeness? Commented Feb 8, 2021 at 11:29

2 Answers 2

Reset to default
3

I was facing a similar issue, probably the below solution might help.

I had a function make_err, in the file myutils.rego which I was using in myModule-test.rego file.

When I ran the command like this:

user@ubuntu:~/rules$./opa test myModule-test.rego

Got this error:

1 error occurred: myModule-test.rego:7: rego_type_error: undefined function data.myutils.make_err

When I gave the below command, it worked:

user@ubuntu:~/rules$ ./opa test myutils.rego myModule-test.rego
PASS: 11/11

It seems we need to load all the modules on which the current test depends.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Spent 2 days trying everything. Stupid OPA doesn't resolve dependencies you must manually tell it all files involved in the test case. Thanks a lot.
1

I assume this is what you are trying to do:

Create a rule, allow, which returns true if input.user is from a set of users passed at the call time. To do this, you can use the rule:

package sample.access

allow {
    data.allowed[input.user]
}

The corresponding unit tests:

package sample.access

test_allow {
    allow with input as {
        "user": "user1"
    } with data.allowed as {"user1", "user2"}
}

test_deny {
    not allow with input as {
        "user": "user3"
    } with data.allowed as {"user1", "user2"}
}

Note that you do not need to explicitly import parameters which you will pass at runtime.

If your input data is required to be in the form of a list of {"user": "id"}, then instead you should use a set comprehension.

package sample.access

allow {
    is_user_allowed = {user | user = data.allowed[_].user}

    is_user_allowed[input.user]
}

Your unit tests would then need to be amended as such:

package sample.access

test_allow {
    allow with input as {
        "user": "user1"
    } with data.allowed as {
        {"user": "user1"},
        {"user": "user2"}
    }
}

test_deny {
    not allow with input as {
        "user": "user3"
    } with data.allowed as {
         {"user": "user1"},
         {"user": "user2"}
    }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.