Rego
Rego, pronounced ray-go, is a DSL that can be used to express policies so that OPA can evaluate them.
In this section, we will be talking about the language at a high level, giving links to the official documentation as much as possible, and providing some examples of policies for the most common environments.
Introduction
Rego is a language based on Datalog and is used as a query language due to its expressiveness and ability to extract information from complex queries. Rego extends it to support structured data such as YAML, JSON, and XML.
For those familiar with the .NET ecosystem, think LINQ but for data that describes authorization.
Rego allows defining policies that are easy to read and write; for example, look at the following policy snippet (you can follow along using the Rego Playground: https://play.openpolicyagent.org/):
package example default allow = false allow = true { input.method == "GET" &...