Go Through with Rego components

Reading Time: 3 minutes

In this blog, we’ll understand Rego that uses for declaring policy in OPA(open policy Agent). Rego is a declarative logic programming language, not a programming language. We can get content based on the policy defined by Rego as it’s declarative nature it has many benefits than the imperative language.

  • In declarative language, we only need the logic of computation, not its control flow.
  • In declarative language, queries are simpler and concise.
This image has an empty alt attribute; its file name is openpolicyagent.png

Let’s see some components of Rego language –

Functions

add = result{
result = input.a + input.b
}
//calling of add function 
total := add

Rego support user-defined function. Here we have defined add function which return result variable as output of add function but it doesn’t take any argument. Functions In Rego can access both input and data Document. Rego also have some built-in functions like for Strings, Regex, Arrays etc. Let’s see an example of function which will take some arguments and return some output after processing.

add(a,b) = result{
result = a + b
}
//calling of add function
total := add(10,20)    // total =30

while calling the function with arguments only use small brackets.

Default Keyword

default hello = false
 
hello{
condition 1
condition 2
}
 
hello{
condition 1
}

The default keyword uses to define the default value of rules.

Rules

add[object]{
condition 1
condition 2 ...
}

The Rule is different from functions. In Rule, the input and output both referred to the same object. The rule will give output that satisfies all the conditions written in that rule. Let’s see rule without any object.

default add = DEFAULT VALUE
add = VALUE{
condition 1
condition 2 ...
}

Here, if all the conditions true then add rule will return VALUE otherwise it will return DEFAULT VALUE. If you don’t include a return value, it will return true. If all conditions not true and you have not defined default value then the rule will return undefined.

Key Points –

  • Functions can replace by rule but a rule can’t replace by functions.
  • A Rule can be exposed as a policy definition but function can’t.
  • Functions are a subset of Rules.
  • We can’t define two functions with the same name in the same module but rules can be defined.

Operators

Rego supports multiple operators like ==, <, >=, := as We all know about the comparison operators but here we will discuss the Assignment(:=), Comparison(==), and Unification(=) operators in detail.

Assignment operator (:=) – We can create local scoped variable X and if the local scope already has variable X then we can’t declare variable X using assignment operator but if we have a global variable X, then we can define a variable X in a local scope.
Comparison operator (==) – Comparison operator use to compare two variables but it will work with one condition that both variables should have some values before == line. The output could be true or false.
Unification operator (=) – Unification operator can work as both comparison and assignment operators. If both variables X and Y have values then it will work as a comparison operator and if either doesn’t then it will work as an assignment operator.

Searching

input[_] == "dog"
input{
  "a":"apple",
  "b":"banana",
  "c":"cat",
  "d":"dog"
}

We can search through a list for a given data by the help of wildcard. We can also know the corresponding value by using an arbitrary variable. Let’s see it by an example.

input[i] =="dog"
i == "d"

In input[i] ==”dog” statement, i variable will store “d” and In next statement we are checking the i value.This returns true.

Modules

The Rego policies defined inside a module it’s like a file that should follow the following properties.

  • One module can only have one package declaration.
  • One module can have any number of rules.
  • One module can have any number of import statements.

You can play around this policy here in the rego playground.
https://play.openpolicyagent.org/p/n6aegfzPFu
So this is how we can write policy in the rego language.

NOTE:
I’ll post more blogs on OPA soon. Stay Tuned.

Thanks for Reading!!!
For more reference, you can refer here.

This image has an empty alt attribute; its file name is footer-2-1.jpg

Written by 

Lokesh Aggarwal is a software Consultant trainee with 6 months of experience at Knoldus Inc.

Leave a Reply