This repo contains the startings of Rego code to parse GA4GH Passport claims to be used with Open Policy Agent. Currently most visas are able to be parsed and used to enforce OPA policies through a combination of both Rego rules and structured data. When making policy decisions, the conditions claim is not yet evaluated if it exists within relevant visas. Additional work will need to be done to fully check that visas containing condition claims are satisfied.
Optional but highly recommended: Install the Open Policy Agent extension in VSCode. Installing this will also install OPA if it's not detected on your system, but the main benefit of the extension is being able to evaluate rules and run tests in VSCode. You will need to bind the evaluate and run tests command to keyboard shortcuts once the extension is installed.
Once OPA is installed, rule evaulation can be tested with data by changing the input.json
Within this repo is a Keycloak access token containing a GA4GH passport. This is not the typical way a passport would be acquired. It should be returned via the userinfo endpoint. However, this is just easier for isolated testing.
This code is split between the passport.rego file and the data.json file. Both work together to properly return authorized datasets and is only one interpretation of how the authorization process could work.