Skip to content

Add support for Rego registration policies (regorus 0.5.0)#325

Open
achamayou wants to merge 22 commits intomicrosoft:mainfrom
achamayou:rego_take2_regorus
Open

Add support for Rego registration policies (regorus 0.5.0)#325
achamayou wants to merge 22 commits intomicrosoft:mainfrom
achamayou:rego_take2_regorus

Conversation

@achamayou
Copy link
Member

@achamayou achamayou commented Sep 24, 2025
edited
Loading

Add support for a "policyRego" field in configuration, similar to "policyScript" but allowing the definition of Rego policies.

A sample policy may be:

package policy

default allow := false

valid_issuer if {
  input.phdr.cwt.iss == "valid_issuer"
}

allow if {
  valid_issuer
}

errors contains "Invalid issuer" if { not valid_issuer }

See documentation for more detail.

All JS policy testcases have been templatised to run a rego equivalent, including performance regression test_perf, which feeds into the bencher dashboard. Performance tests show that equivalent Rego policies cause no performance regression compared to JS.

This replaces #260.

@achamayou achamayou requested a review from a team as a code owner September 24, 2025 15:17
@achamayou achamayou changed the title Add support for Rego registration policies Add support for Rego registration policies (regorus) Oct 23, 2025
@achamayou achamayou mentioned this pull request Oct 23, 2025
Open
@achamayou achamayou changed the title Add support for Rego registration policies (regorus) Add support for Rego registration policies (regorus 0.5.0) Oct 23, 2025
@achamayou achamayou mentioned this pull request Oct 24, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@achamayou