Open Policy Agent
rego_parse_error when using "every" keyword. #546
-
|
I'm attempting to use the "every" keyword as described in the documentation found here. However, I'm receiving the following rego parse error when I do. 1 error occurred: policy.rego:21: rego_parse_error: unexpected identifier token: missing body Any help on what I may be doing incorrectly would be appreciated! Thanks in advance! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Your playground example read deny if {
every group in claims.authorities
group != "ProhibitedGroup"
}Try adding deny if {
every group in claims.authorities {
group != "ProhibitedGroup"
}
}
# invalid
deny contains group if {
every group in claims.authorities
group != "ProhibitedGroup"
}Since Note that you can drop the outermost deny if every group in claims.authorities {
group != "ProhibitedGroup"
} |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the quick response and explanation! The braces resolved the issue and your explanation helped me understand the syntax further. Much appreciated! |
Beta Was this translation helpful? Give feedback.
Your playground example read
Try adding
{ ... }:everyonly applies to the expressing within its{ ... }block. That is because it's not ever valid to do something like this:Since
everyis true when the domain (claims.authorities) is empty, we wouldn't have anygroupto use, although the expression is true.Note that you can drop the outermost
{ .. }, and go with this here: