断言集合中的每个字符串在对象中都有关联的键
Assert that every string in a set has an associated key in an object
在通读了几次 Open Policy Agent 介绍文档之后,我在编写一条规则时遇到了问题,该规则断言对于集合中的每个元素,指定的对象都有一个关联的键。
这是我目前正在努力工作的一个简化示例
https://play.openpolicyagent.org/p/oWBumjRkWX
package example
my_object = {
"lemon": ""
}
fruits = {
"orange",
"lemon",
"banana"
}
has_key(x, k) { _ = x[k] }
default has_lemon = false
has_lemon = has_key(my_object, "lemon") # this works as you'd expect
default all_fruits_have_entries_in_my_object = false
all_fruits_have_entries_in_my_object { # this is never false for some reason
some fruit
fruits[fruit]
has_key(my_object, fruit) # each fruit have a key in the my_object object
}
据我了解,当 fruits 不包含 "lemon" 元素时,has_lemon 应该为 false,我已经测试过它可以正常工作。但是,我还认为 all_fruits_have_entries_in_my_object 规则应该在此处计算为 false,因为 my_object 缺少 "orange" 和 "banana" 的键。我在这里做傻事吗?
Rego 是存在量化的。这意味着声明规则以检查是否存在作为对象键的 some fruit。
解决问题的一种方法:您可以先使用推导式收集所有意外键,然后计算结果:
package example
my_object = {
"lemon": ""
}
fruits = {
"orange",
"lemon",
"banana"
}
has_key(x, k) { _ = x[k] }
default has_lemon = false
has_lemon = has_key(my_object, "lemon") # this works as you'd expect
default all_fruits_have_entries_in_my_object = false
all_fruits_have_entries_in_my_object { # this is never false for some reason
non_fruit_keys := { key | my_object[key]; !fruits[key] }
count(non_fruit_keys) > 0
}
您可以在 Rego Playground 中评估此示例。
上的文档
在通读了几次 Open Policy Agent 介绍文档之后,我在编写一条规则时遇到了问题,该规则断言对于集合中的每个元素,指定的对象都有一个关联的键。
这是我目前正在努力工作的一个简化示例
https://play.openpolicyagent.org/p/oWBumjRkWX
package example
my_object = {
"lemon": ""
}
fruits = {
"orange",
"lemon",
"banana"
}
has_key(x, k) { _ = x[k] }
default has_lemon = false
has_lemon = has_key(my_object, "lemon") # this works as you'd expect
default all_fruits_have_entries_in_my_object = false
all_fruits_have_entries_in_my_object { # this is never false for some reason
some fruit
fruits[fruit]
has_key(my_object, fruit) # each fruit have a key in the my_object object
}
据我了解,当 fruits 不包含 "lemon" 元素时,has_lemon 应该为 false,我已经测试过它可以正常工作。但是,我还认为 all_fruits_have_entries_in_my_object 规则应该在此处计算为 false,因为 my_object 缺少 "orange" 和 "banana" 的键。我在这里做傻事吗?
Rego 是存在量化的。这意味着声明规则以检查是否存在作为对象键的 some fruit。
解决问题的一种方法:您可以先使用推导式收集所有意外键,然后计算结果:
package example
my_object = {
"lemon": ""
}
fruits = {
"orange",
"lemon",
"banana"
}
has_key(x, k) { _ = x[k] }
default has_lemon = false
has_lemon = has_key(my_object, "lemon") # this works as you'd expect
default all_fruits_have_entries_in_my_object = false
all_fruits_have_entries_in_my_object { # this is never false for some reason
non_fruit_keys := { key | my_object[key]; !fruits[key] }
count(non_fruit_keys) > 0
}
您可以在 Rego Playground 中评估此示例。
上的文档