-
Calin has previously suggested adding `$foreach` and `$exists` functions that would apply boolean expressions to lists of nodes or relationships. `$foreach` evaluates to `true` if the boolean expressi…
-
### Describe the bug
When a `Secret` is created and then passed to a cross-env stack (provided the secret has a specified physical name), its internal `arnForPolicies` is its partial ARN without th…
-
**Use case**
When data entitlements are encoded into CH using grants, roles, and row policies, it is sometimes infeasible to reimplement the same logic in a web service that serves that data to use…
ekpdt updated
17 hours ago
-
OPA is a lightweight general-purpose policy engine that can be co-located with your service. You can integrate OPA as a sidecar, host-level daemon, or library.
Services offload policy decisions to …
-
**Problem:** A contract negotiation currently only succeeds if the consumer replays the policy in the exact manner it was discovered in the catalog. However, there may be several semantically equivale…
-
As the compliance lead for cloud.gov, I'd like to use InSpec to validate that resources we're creating in AWS on behalf of our customers are correctly configured, but I may need to use a different too…
-
## Short description
According to the documentation, OPA supports W3C tracing. Thus, we send the `traceparent` header to OPA when performing a REST request that evaluates policies. But we can not fi…
-
Hi all! :wave:
Given the target use case of git proxy of performing security & compliance policy-based checks, it would be nice to reuse existing policies in Rego with [Open Policy Agent](https://…
-
## Title
Azure_Keyvault_AuthZ_Min_Access_policies fails with minimal access policy
## Description
See attached image, in the ARM template the minimal (get,list) is set as required by our app, but t…
-
### Category
Cedar validation features
### Describe the feature you'd like to request
The typechecker currently supports singleton boolean types `True` and `False`. When an expression has one of th…