github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/hack/opa/policy.rego (about)

     1  package concourse
     2  
     3  default decision = {"allowed": true}
     4  
     5  # uncomment to include deny rules
     6  #decision = {"allowed": false, "reasons": reasons} {
     7  #  count(deny) > 0
     8  #  reasons := deny
     9  #}
    10  
    11  deny["cannot use docker-image types"] {
    12    input.action == "UseImage"
    13    input.data.image_type == "docker-image"
    14  }
    15  
    16  deny["cannot run privileged tasks"] {
    17    input.action == "SaveConfig"
    18    input.data.jobs[_].plan[_].privileged
    19  }
    20  
    21  deny["cannot use privileged resource types"] {
    22    input.action == "SaveConfig"
    23    input.data.resource_types[_].privileged
    24  }