rule with else evaluated incorrectly

microsoft / rego-cpp

A C++ interpreter for the OPA policy language Rego

MIT License

33 stars 9 forks source link

rule with else evaluated incorrectly #156

Closed anakrish closed 4 days ago

anakrish commented 2 months ago

The following rego

package test

import future.keywords

allow := input.x if { not input.x }
else := 5

incorrectly evaluates to {"expressions":[{"test":{}}]}

matajoh commented 2 months ago

I must admit, I'm a bit confused by this one. I can confirm that the reference implementation returns

{
    "allow": 5
}

however I can't quite follow the logic. The body of the if resolves to true, so the value of allow should be undefined. Is the idea that the else value gets used because the resulting value of the rule would otherwise be undefined, even though a preceding query resolved to true?

anakrish commented 2 months ago

One could say that the value is part of the query as seen by the following rego. The value x resolves to the local variable in the query instead of the rule x with same name.

package test

x := 5
y := x { x := 6 }

In the original example the query did not resolve to true rather it evaluated to undefined.