-
Notifications
You must be signed in to change notification settings - Fork 0
/
validate_zip_codes.sentinel
42 lines (34 loc) · 1.04 KB
/
validate_zip_codes.sentinel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Policy that requires keys of secrets with name "zipcode", "zip-code", or "zip_code"
# to be a valid 5-digit U.S. zipcode
# EGP Policy, paths = secret/*
# Function that validates zip codes
validate_zip_codes = func() {
# Print some information about the request
# Note that these messages will only be printed when the policy is violated
print("Namespace path:", namespace.path)
print("Request path:", request.path)
print("Request data:", request.data)
# Test for "zipcode" key
if "zipcode" in keys(request.data) {
if request.data.zipcode not matches "^[0-9][0-9][0-9][0-9][0-9]$" {
return false
}
}
# Test for "zip_code" key
if "zip_code" in keys(request.data) {
if request.data.zip_code not matches "^[0-9][0-9][0-9][0-9][0-9]$" {
return false
}
}
# Test for "zip-code" key
if "zip-code" in keys(request.data) {
if request.data.zip-code not matches "^[0-9][0-9][0-9][0-9][0-9]$" {
return false
}
}
return true
}
# Main Rule
main = rule {
validate_zip_codes()
}