Skip to content

[EnforceAuth] Add policy: Create Policy Test #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
boorad wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

[EnforceAuth] Add policy: Create Policy Test #15

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
39cb25a
[EnforceAuth] Add policy: Create Policy Test
boorad Mar 11, 2026
1d529c0
[EnforceAuth] Update policy: Create Policy Test
boorad Mar 12, 2026
949b433
[EnforceAuth] Update policy: Create Policy Test
boorad Mar 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions infra/opa/policies/retail/retail_api/create_policy_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# METADATA

# title: Create Policy Test

package create_policy_test

@coderabbitai coderabbitai Bot Mar 12, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

python - <<'PY'
from pathlib import Path

root = Path("infra/opa/policies")
for path in sorted(root.rglob("*.rego")):
    package = None
    for line in path.read_text().splitlines():
        stripped = line.strip()
        if stripped.startswith("package "):
            package = stripped.split(None, 1)[1]
            break
    print(f"{path}: {package}")
PY

Repository: EnforceAuth/ea-financial

Length of output: 3311

Rename the package to match the directory structure and sibling policies.

The package should be retail.retail_api.create_policy_test, not create_policy_test. All other files in this directory follow the pattern where the package mirrors the path: retail.retail_api.accounts_test, retail.retail_api.authentication_test, etc. Update the package declaration on line 4 to be consistent with the rest of the codebase.

🧰 Tools
🪛 Regal (0.39.0)

[error] 4-4: Directory structure should mirror package

(idiomatic)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@infra/opa/policies/retail/retail_api/create_policy_test.rego` at line 4, The
package declaration currently reads "create_policy_test" and should be renamed
to match the repo pattern; update the package line in create_policy_test to
"retail.retail_api.create_policy_test" so it mirrors sibling files like
retail.retail_api.accounts_test and retail.retail_api.authentication_test,
ensuring the package path matches the directory structure and existing policy
tests.


import rego.v1

default allow = false

@amazon-q-developer amazon-q-developer Bot Mar 11, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛑 Logic Error: This policy will deny all requests because it only defines default allow = false with no allow rules. Add at least one allow rule to make this policy functional, or if this is intentional for testing, add a comment explaining the deny-all behavior.

Suggested change
default allow = false
default allow = false
# TODO: Add allow rules to define when access should be granted
# Example:
# allow if {
# input.user.role == "admin"
# }


Loading