From b03b44ae46813ba7d8e18da2da7cf5d400239782 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Fri, 7 Oct 2022 16:34:38 +0300
Subject: [PATCH 01/23] 1

---
 external_data/random_decision1.rego | 27 +++++++++++++++++++++++++++
 external_data/random_decision2.rego | 27 +++++++++++++++++++++++++++
 external_data/random_decision3.rego | 27 +++++++++++++++++++++++++++
 external_data/random_decision4.rego | 27 +++++++++++++++++++++++++++
 external_data/scalr-policy.hcl      | 20 ++++++++++++++++++++
 5 files changed, 128 insertions(+)
 create mode 100644 external_data/random_decision1.rego
 create mode 100644 external_data/random_decision2.rego
 create mode 100644 external_data/random_decision3.rego
 create mode 100644 external_data/random_decision4.rego

diff --git a/external_data/random_decision1.rego b/external_data/random_decision1.rego
new file mode 100644
index 0000000..968f304
--- /dev/null
+++ b/external_data/random_decision1.rego
@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See <https://www.openpolicyagent.org/docs/latest/policy-reference/#http>
+
+package terraform
+
+
+random_number = num {
+    request := {
+        "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+        "method": "GET"
+    }
+    response := http.send(request)
+    response.status_code == 200
+    num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+    number := random_number
+    number < 5
+
+    reason := sprintf(
+        "Unlucky you: got %d, but 5 or more is required",
+        [number]
+    )
+}
diff --git a/external_data/random_decision2.rego b/external_data/random_decision2.rego
new file mode 100644
index 0000000..968f304
--- /dev/null
+++ b/external_data/random_decision2.rego
@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See <https://www.openpolicyagent.org/docs/latest/policy-reference/#http>
+
+package terraform
+
+
+random_number = num {
+    request := {
+        "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+        "method": "GET"
+    }
+    response := http.send(request)
+    response.status_code == 200
+    num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+    number := random_number
+    number < 5
+
+    reason := sprintf(
+        "Unlucky you: got %d, but 5 or more is required",
+        [number]
+    )
+}
diff --git a/external_data/random_decision3.rego b/external_data/random_decision3.rego
new file mode 100644
index 0000000..968f304
--- /dev/null
+++ b/external_data/random_decision3.rego
@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See <https://www.openpolicyagent.org/docs/latest/policy-reference/#http>
+
+package terraform
+
+
+random_number = num {
+    request := {
+        "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+        "method": "GET"
+    }
+    response := http.send(request)
+    response.status_code == 200
+    num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+    number := random_number
+    number < 5
+
+    reason := sprintf(
+        "Unlucky you: got %d, but 5 or more is required",
+        [number]
+    )
+}
diff --git a/external_data/random_decision4.rego b/external_data/random_decision4.rego
new file mode 100644
index 0000000..968f304
--- /dev/null
+++ b/external_data/random_decision4.rego
@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See <https://www.openpolicyagent.org/docs/latest/policy-reference/#http>
+
+package terraform
+
+
+random_number = num {
+    request := {
+        "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+        "method": "GET"
+    }
+    response := http.send(request)
+    response.status_code == 200
+    num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+    number := random_number
+    number < 5
+
+    reason := sprintf(
+        "Unlucky you: got %d, but 5 or more is required",
+        [number]
+    )
+}
diff --git a/external_data/scalr-policy.hcl b/external_data/scalr-policy.hcl
index 0560865..1b12799 100644
--- a/external_data/scalr-policy.hcl
+++ b/external_data/scalr-policy.hcl
@@ -4,3 +4,23 @@ policy "random_decision" {
   enabled           = true
   enforcement_level = "advisory"
 }
+
+policy "random_decision1" {
+  enabled           = true
+  enforcement_level = "advisory"
+}
+
+policy "random_decision2" {
+  enabled           = true
+  enforcement_level = "advisory"
+}
+
+policy "random_decision3" {
+  enabled           = true
+  enforcement_level = "advisory"
+}
+
+policy "random_decision4" {
+  enabled           = true
+  enforcement_level = "advisory"
+}

From 6c3c3a03f5fd3d1ea57f8d608b21b426e2b4ddf0 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Thu, 20 Oct 2022 13:45:08 +0300
Subject: [PATCH 02/23] Add dummy policies

---
 always_fail/scalr-policy.hcl | 6 ++++++
 always_fail/test_fail.rego   | 8 ++++++++
 always_pass/scalr-policy.hcl | 6 ++++++
 always_pass/test_pass.rego   | 8 ++++++++
 4 files changed, 28 insertions(+)
 create mode 100644 always_fail/scalr-policy.hcl
 create mode 100644 always_fail/test_fail.rego
 create mode 100644 always_pass/scalr-policy.hcl
 create mode 100644 always_pass/test_pass.rego

diff --git a/always_fail/scalr-policy.hcl b/always_fail/scalr-policy.hcl
new file mode 100644
index 0000000..6ca0fae
--- /dev/null
+++ b/always_fail/scalr-policy.hcl
@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "test_fail" {
+  enabled           = true
+  enforcement_level = "soft-mandatory"
+}
diff --git a/always_fail/test_fail.rego b/always_fail/test_fail.rego
new file mode 100644
index 0000000..1a2eabf
--- /dev/null
+++ b/always_fail/test_fail.rego
@@ -0,0 +1,8 @@
+package terraform
+
+
+deny[reason] {
+    true
+
+    reason := sprintf("Variables: %v",[tfplan.variables])
+}
diff --git a/always_pass/scalr-policy.hcl b/always_pass/scalr-policy.hcl
new file mode 100644
index 0000000..b40e3e4
--- /dev/null
+++ b/always_pass/scalr-policy.hcl
@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "test_pass" {
+  enabled           = true
+  enforcement_level = "soft-mandatory"
+}
diff --git a/always_pass/test_pass.rego b/always_pass/test_pass.rego
new file mode 100644
index 0000000..112d2e6
--- /dev/null
+++ b/always_pass/test_pass.rego
@@ -0,0 +1,8 @@
+package terraform
+
+
+deny[reason] {
+    false
+
+    reason := sprintf("Variables: %v",[tfplan.variables])
+}

From 5faaf708ae64c598e618ab3807114f0313d8521c Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Thu, 20 Oct 2022 14:00:14 +0300
Subject: [PATCH 03/23] Add dummy policies

---
 always_fail/test_fail.rego | 2 +-
 always_pass/test_pass.rego | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/always_fail/test_fail.rego b/always_fail/test_fail.rego
index 1a2eabf..c83cc9c 100644
--- a/always_fail/test_fail.rego
+++ b/always_fail/test_fail.rego
@@ -4,5 +4,5 @@ package terraform
 deny[reason] {
     true
 
-    reason := sprintf("Variables: %v",[tfplan.variables])
+    reason := sprintf("fail")
 }
diff --git a/always_pass/test_pass.rego b/always_pass/test_pass.rego
index 112d2e6..76e8eee 100644
--- a/always_pass/test_pass.rego
+++ b/always_pass/test_pass.rego
@@ -4,5 +4,5 @@ package terraform
 deny[reason] {
     false
 
-    reason := sprintf("Variables: %v",[tfplan.variables])
+    reason := sprintf("pass")
 }

From 7689d116691d6d17c4b1eadf044e93583736bfa1 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <44230643+lyzohub@users.noreply.github.com>
Date: Thu, 20 Oct 2022 14:10:43 +0300
Subject: [PATCH 04/23] Update test_fail.rego

---
 always_fail/test_fail.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/always_fail/test_fail.rego b/always_fail/test_fail.rego
index 1a2eabf..c83cc9c 100644
--- a/always_fail/test_fail.rego
+++ b/always_fail/test_fail.rego
@@ -4,5 +4,5 @@ package terraform
 deny[reason] {
     true
 
-    reason := sprintf("Variables: %v",[tfplan.variables])
+    reason := sprintf("fail")
 }

From 62972229d447aa85e2facb10f09427a968d5785f Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <44230643+lyzohub@users.noreply.github.com>
Date: Thu, 20 Oct 2022 14:11:05 +0300
Subject: [PATCH 05/23] Update test_pass.rego

---
 always_pass/test_pass.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/always_pass/test_pass.rego b/always_pass/test_pass.rego
index 112d2e6..76e8eee 100644
--- a/always_pass/test_pass.rego
+++ b/always_pass/test_pass.rego
@@ -4,5 +4,5 @@ package terraform
 deny[reason] {
     false
 
-    reason := sprintf("Variables: %v",[tfplan.variables])
+    reason := sprintf("pass")
 }

From e873bb6bd36001138f3e103255890a6b549ed0b2 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <44230643+lyzohub@users.noreply.github.com>
Date: Thu, 20 Oct 2022 14:24:24 +0300
Subject: [PATCH 06/23] Update test_fail.rego

---
 always_fail/test_fail.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/always_fail/test_fail.rego b/always_fail/test_fail.rego
index c83cc9c..26105f2 100644
--- a/always_fail/test_fail.rego
+++ b/always_fail/test_fail.rego
@@ -4,5 +4,5 @@ package terraform
 deny[reason] {
     true
 
-    reason := sprintf("fail")
+    reason := "fail"
 }

From dce896b2458b5abcc46c7a6dc185325e22bdf84d Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <44230643+lyzohub@users.noreply.github.com>
Date: Mon, 24 Oct 2022 18:27:33 +0300
Subject: [PATCH 07/23] Update random_decision1.rego

---
 external_data/random_decision1.rego | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/external_data/random_decision1.rego b/external_data/random_decision1.rego
index 968f304..c8e0ddb 100644
--- a/external_data/random_decision1.rego
+++ b/external_data/random_decision1.rego
@@ -8,7 +8,7 @@ package terraform
 
 random_number = num {
     request := {
-        "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+        "url": "https://www.random.org/integers/?num=1&min=2&max=9&base=10&col=1&format=plain",
         "method": "GET"
     }
     response := http.send(request)
@@ -18,7 +18,7 @@ random_number = num {
 
 deny[reason] {
     number := random_number
-    number < 5
+    number < 1
 
     reason := sprintf(
         "Unlucky you: got %d, but 5 or more is required",

From 083d396e03a5a76334c5c7ac7204ac081e9677c8 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Thu, 10 Nov 2022 18:38:19 +0200
Subject: [PATCH 08/23] test

---
 external_data/{random_decision4.rego => random_decision5.rego} | 0
 external_data/scalr-policy.hcl                                 | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename external_data/{random_decision4.rego => random_decision5.rego} (100%)

diff --git a/external_data/random_decision4.rego b/external_data/random_decision5.rego
similarity index 100%
rename from external_data/random_decision4.rego
rename to external_data/random_decision5.rego
diff --git a/external_data/scalr-policy.hcl b/external_data/scalr-policy.hcl
index 1b12799..153f197 100644
--- a/external_data/scalr-policy.hcl
+++ b/external_data/scalr-policy.hcl
@@ -20,7 +20,7 @@ policy "random_decision3" {
   enforcement_level = "advisory"
 }
 
-policy "random_decision4" {
+policy "random_decision5" {
   enabled           = true
   enforcement_level = "advisory"
 }

From 651f832107363e7b6a927f548566fd1b1112cfbc Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Thu, 10 Nov 2022 18:43:59 +0200
Subject: [PATCH 09/23] test

---
 .idea/inspectionProfiles/Project_Default.xml  |   6 +
 .../inspectionProfiles/profiles_settings.xml  |   6 +
 .idea/misc.xml                                |   4 +
 .idea/modules.xml                             |   8 +
 .idea/sample-tf-opa-policies.iml              |   8 +
 .idea/vcs.xml                                 |   6 +
 .idea/workspace.xml                           | 148 ++++++++++++++++++
 ...m_decision5.rego => random_decision4.rego} |   0
 external_data/scalr-policy.hcl                |   2 +-
 9 files changed, 187 insertions(+), 1 deletion(-)
 create mode 100644 .idea/inspectionProfiles/Project_Default.xml
 create mode 100644 .idea/inspectionProfiles/profiles_settings.xml
 create mode 100644 .idea/misc.xml
 create mode 100644 .idea/modules.xml
 create mode 100644 .idea/sample-tf-opa-policies.iml
 create mode 100644 .idea/vcs.xml
 create mode 100644 .idea/workspace.xml
 rename external_data/{random_decision5.rego => random_decision4.rego} (100%)

diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
new file mode 100644
index 0000000..03d9549
--- /dev/null
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <profile version="1.0">
+    <option name="myName" value="Project Default" />
+    <inspection_tool class="Eslint" enabled="true" level="WARNING" enabled_by_default="true" />
+  </profile>
+</component>
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <settings>
+    <option name="USE_PROJECT_PROFILE" value="false" />
+    <version value="1.0" />
+  </settings>
+</component>
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..d1e22ec
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.8" project-jdk-type="Python SDK" />
+</project>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..027a02f
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/sample-tf-opa-policies.iml" filepath="$PROJECT_DIR$/.idea/sample-tf-opa-policies.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/sample-tf-opa-policies.iml b/.idea/sample-tf-opa-policies.iml
new file mode 100644
index 0000000..d0876a7
--- /dev/null
+++ b/.idea/sample-tf-opa-policies.iml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="PYTHON_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..94a25f7
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000..f75812d
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ChangeListManager">
+    <list default="true" id="4cef5f54-1d35-4e3c-a3d6-a897e55668f2" name="Changes" comment="test">
+      <change beforePath="$PROJECT_DIR$/external_data/random_decision5.rego" beforeDir="false" afterPath="$PROJECT_DIR$/external_data/random_decision4.rego" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/external_data/scalr-policy.hcl" beforeDir="false" afterPath="$PROJECT_DIR$/external_data/scalr-policy.hcl" afterDir="false" />
+    </list>
+    <option name="SHOW_DIALOG" value="false" />
+    <option name="HIGHLIGHT_CONFLICTS" value="true" />
+    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+    <option name="LAST_RESOLUTION" value="IGNORE" />
+  </component>
+  <component name="Git.Settings">
+    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+  </component>
+  <component name="KubernetesApiPersistence">
+    <option name="context" value="gke_scalr-dev_europe-west1-b_testenv-v2" />
+  </component>
+  <component name="MarkdownSettingsMigration">
+    <option name="stateVersion" value="1" />
+  </component>
+  <component name="ProjectId" id="2EARGv1xKpdPJTI1iNrZIGVtAxp" />
+  <component name="ProjectLevelVcsManager" settingsEditedManually="true" />
+  <component name="ProjectViewState">
+    <option name="hideEmptyMiddlePackages" value="true" />
+    <option name="showLibraryContents" value="true" />
+  </component>
+  <component name="PropertiesComponent"><![CDATA[{
+  "keyToString": {
+    "RunOnceActivity.OpenProjectViewOnStart": "true",
+    "RunOnceActivity.ShowReadmeOnStart": "true",
+    "TF_FMT": "false",
+    "WebServerToolWindowFactoryState": "true",
+    "last_opened_file_path": "/Users/lyzohub/Work/sample-tf-opa-policies/external_data",
+    "node.js.detected.package.eslint": "true",
+    "node.js.selected.package.eslint": "(autodetect)",
+    "nodejs_package_manager_path": "npm"
+  }
+}]]></component>
+  <component name="RecentsManager">
+    <key name="CopyFile.RECENT_KEYS">
+      <recent name="$PROJECT_DIR$/external_data" />
+      <recent name="$PROJECT_DIR$/always_fail" />
+      <recent name="$PROJECT_DIR$/always_pass" />
+      <recent name="$PROJECT_DIR$" />
+    </key>
+  </component>
+  <component name="RunManager" selected="Opa eval.eval data.terraform.allowed_roles_map">
+    <configuration name="eval data.terraform.allowed_roles_map" type="OPA_RUN_CONFIGURATION" factoryName="Opa configuration factory" temporary="true">
+      <option name="query" value="data.terraform.allowed_roles_map" />
+      <option name="additionalargs" value="-f pretty " />
+      <envs />
+      <method v="2" />
+    </configuration>
+    <configuration default="true" type="OPA_TEST_RUN_CONFIGURATION" factoryName="Opa configuration factory">
+      <option name="additionalargs" value="" />
+      <envs />
+      <method v="2" />
+    </configuration>
+    <configuration name="test terraform" type="OPA_TEST_RUN_CONFIGURATION" factoryName="Opa configuration factory" temporary="true">
+      <option name="additionalargs" value="-f pretty  -r data.terraform" />
+      <envs />
+      <method v="2" />
+    </configuration>
+    <recent_temporary>
+      <list>
+        <item itemvalue="Opa eval.eval data.terraform.allowed_roles_map" />
+        <item itemvalue="Opa test.test terraform" />
+      </list>
+    </recent_temporary>
+  </component>
+  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
+  <component name="TaskManager">
+    <task active="true" id="Default" summary="Default task">
+      <changelist id="4cef5f54-1d35-4e3c-a3d6-a897e55668f2" name="Changes" comment="" />
+      <created>1662036309600</created>
+      <option name="number" value="Default" />
+      <option name="presentableId" value="Default" />
+      <updated>1662036309600</updated>
+      <workItem from="1662036310719" duration="618000" />
+      <workItem from="1665149554872" duration="727000" />
+      <workItem from="1665494691153" duration="598000" />
+      <workItem from="1665561285741" duration="596000" />
+      <workItem from="1666262382052" duration="382000" />
+      <workItem from="1666262775597" duration="1000" />
+      <workItem from="1666263582970" duration="215000" />
+      <workItem from="1666264176570" duration="100000" />
+      <workItem from="1668098276454" duration="357000" />
+    </task>
+    <task id="LOCAL-00001" summary="1">
+      <created>1665149600331</created>
+      <option name="number" value="00001" />
+      <option name="presentableId" value="LOCAL-00001" />
+      <option name="project" value="LOCAL" />
+      <updated>1665149600331</updated>
+    </task>
+    <task id="LOCAL-00002" summary="1">
+      <created>1665149678659</created>
+      <option name="number" value="00002" />
+      <option name="presentableId" value="LOCAL-00002" />
+      <option name="project" value="LOCAL" />
+      <updated>1665149678659</updated>
+    </task>
+    <task id="LOCAL-00003" summary="Add dummy policies">
+      <created>1666262708869</created>
+      <option name="number" value="00003" />
+      <option name="presentableId" value="LOCAL-00003" />
+      <option name="project" value="LOCAL" />
+      <updated>1666262708869</updated>
+    </task>
+    <task id="LOCAL-00004" summary="Add dummy policies">
+      <created>1666263614938</created>
+      <option name="number" value="00004" />
+      <option name="presentableId" value="LOCAL-00004" />
+      <option name="project" value="LOCAL" />
+      <updated>1666263614938</updated>
+    </task>
+    <task id="LOCAL-00005" summary="test">
+      <created>1668098299943</created>
+      <option name="number" value="00005" />
+      <option name="presentableId" value="LOCAL-00005" />
+      <option name="project" value="LOCAL" />
+      <updated>1668098299943</updated>
+    </task>
+    <option name="localTasksCounter" value="6" />
+    <servers />
+  </component>
+  <component name="TypeScriptGeneratedFilesManager">
+    <option name="version" value="3" />
+  </component>
+  <component name="Vcs.Log.Tabs.Properties">
+    <option name="TAB_STATES">
+      <map>
+        <entry key="MAIN">
+          <value>
+            <State />
+          </value>
+        </entry>
+      </map>
+    </option>
+  </component>
+  <component name="VcsManagerConfiguration">
+    <MESSAGE value="1" />
+    <MESSAGE value="Add dummy policies" />
+    <MESSAGE value="test" />
+    <option name="LAST_COMMIT_MESSAGE" value="test" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/external_data/random_decision5.rego b/external_data/random_decision4.rego
similarity index 100%
rename from external_data/random_decision5.rego
rename to external_data/random_decision4.rego
diff --git a/external_data/scalr-policy.hcl b/external_data/scalr-policy.hcl
index 153f197..1b12799 100644
--- a/external_data/scalr-policy.hcl
+++ b/external_data/scalr-policy.hcl
@@ -20,7 +20,7 @@ policy "random_decision3" {
   enforcement_level = "advisory"
 }
 
-policy "random_decision5" {
+policy "random_decision4" {
   enabled           = true
   enforcement_level = "advisory"
 }

From a481f1ea0bce03b966f88bac5d80f4442bc366dd Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 11:41:20 +0200
Subject: [PATCH 10/23] test

---
 .idea/workspace.xml                           | 36 ++++++++++---------
 ...m_decision4.rego => random_decision5.rego} |  0
 external_data/scalr-policy.hcl                |  2 +-
 3 files changed, 20 insertions(+), 18 deletions(-)
 rename external_data/{random_decision4.rego => random_decision5.rego} (100%)

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index f75812d..fd1cbbc 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -2,7 +2,7 @@
 <project version="4">
   <component name="ChangeListManager">
     <list default="true" id="4cef5f54-1d35-4e3c-a3d6-a897e55668f2" name="Changes" comment="test">
-      <change beforePath="$PROJECT_DIR$/external_data/random_decision5.rego" beforeDir="false" afterPath="$PROJECT_DIR$/external_data/random_decision4.rego" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/external_data/scalr-policy.hcl" beforeDir="false" afterPath="$PROJECT_DIR$/external_data/scalr-policy.hcl" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
@@ -12,6 +12,7 @@
   </component>
   <component name="Git.Settings">
     <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+    <option name="RESET_MODE" value="HARD" />
   </component>
   <component name="KubernetesApiPersistence">
     <option name="context" value="gke_scalr-dev_europe-west1-b_testenv-v2" />
@@ -25,18 +26,18 @@
     <option name="hideEmptyMiddlePackages" value="true" />
     <option name="showLibraryContents" value="true" />
   </component>
-  <component name="PropertiesComponent"><![CDATA[{
-  "keyToString": {
-    "RunOnceActivity.OpenProjectViewOnStart": "true",
-    "RunOnceActivity.ShowReadmeOnStart": "true",
-    "TF_FMT": "false",
-    "WebServerToolWindowFactoryState": "true",
-    "last_opened_file_path": "/Users/lyzohub/Work/sample-tf-opa-policies/external_data",
-    "node.js.detected.package.eslint": "true",
-    "node.js.selected.package.eslint": "(autodetect)",
-    "nodejs_package_manager_path": "npm"
+  <component name="PropertiesComponent">{
+  &quot;keyToString&quot;: {
+    &quot;RunOnceActivity.OpenProjectViewOnStart&quot;: &quot;true&quot;,
+    &quot;RunOnceActivity.ShowReadmeOnStart&quot;: &quot;true&quot;,
+    &quot;TF_FMT&quot;: &quot;false&quot;,
+    &quot;WebServerToolWindowFactoryState&quot;: &quot;true&quot;,
+    &quot;last_opened_file_path&quot;: &quot;/Users/lyzohub/Work/sample-tf-opa-policies/external_data&quot;,
+    &quot;node.js.detected.package.eslint&quot;: &quot;true&quot;,
+    &quot;node.js.selected.package.eslint&quot;: &quot;(autodetect)&quot;,
+    &quot;nodejs_package_manager_path&quot;: &quot;npm&quot;
   }
-}]]></component>
+}</component>
   <component name="RecentsManager">
     <key name="CopyFile.RECENT_KEYS">
       <recent name="$PROJECT_DIR$/external_data" />
@@ -46,14 +47,15 @@
     </key>
   </component>
   <component name="RunManager" selected="Opa eval.eval data.terraform.allowed_roles_map">
-    <configuration name="eval data.terraform.allowed_roles_map" type="OPA_RUN_CONFIGURATION" factoryName="Opa configuration factory" temporary="true">
-      <option name="query" value="data.terraform.allowed_roles_map" />
-      <option name="additionalargs" value="-f pretty " />
+    <configuration default="true" type="OPA_RUN_CONFIGURATION" factoryName="Opa configuration factory">
+      <option name="query" value="" />
+      <option name="additionalargs" value="" />
       <envs />
       <method v="2" />
     </configuration>
-    <configuration default="true" type="OPA_TEST_RUN_CONFIGURATION" factoryName="Opa configuration factory">
-      <option name="additionalargs" value="" />
+    <configuration name="eval data.terraform.allowed_roles_map" type="OPA_RUN_CONFIGURATION" factoryName="Opa configuration factory" temporary="true">
+      <option name="query" value="data.terraform.allowed_roles_map" />
+      <option name="additionalargs" value="-f pretty " />
       <envs />
       <method v="2" />
     </configuration>
diff --git a/external_data/random_decision4.rego b/external_data/random_decision5.rego
similarity index 100%
rename from external_data/random_decision4.rego
rename to external_data/random_decision5.rego
diff --git a/external_data/scalr-policy.hcl b/external_data/scalr-policy.hcl
index 1b12799..153f197 100644
--- a/external_data/scalr-policy.hcl
+++ b/external_data/scalr-policy.hcl
@@ -20,7 +20,7 @@ policy "random_decision3" {
   enforcement_level = "advisory"
 }
 
-policy "random_decision4" {
+policy "random_decision5" {
   enabled           = true
   enforcement_level = "advisory"
 }

From f9f8a8fd65cbf76c4869bf1c49bee404c6366fc2 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 11:43:28 +0200
Subject: [PATCH 11/23] test

---
 .idea/workspace.xml                 | 12 +++++++++---
 external_data/random_decision5.rego |  2 +-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index fd1cbbc..ddffde8 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -2,8 +2,7 @@
 <project version="4">
   <component name="ChangeListManager">
     <list default="true" id="4cef5f54-1d35-4e3c-a3d6-a897e55668f2" name="Changes" comment="test">
-      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/external_data/scalr-policy.hcl" beforeDir="false" afterPath="$PROJECT_DIR$/external_data/scalr-policy.hcl" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/external_data/random_decision5.rego" beforeDir="false" afterPath="$PROJECT_DIR$/external_data/random_decision5.rego" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -124,7 +123,14 @@
       <option name="project" value="LOCAL" />
       <updated>1668098299943</updated>
     </task>
-    <option name="localTasksCounter" value="6" />
+    <task id="LOCAL-00006" summary="test">
+      <created>1668505280448</created>
+      <option name="number" value="00006" />
+      <option name="presentableId" value="LOCAL-00006" />
+      <option name="project" value="LOCAL" />
+      <updated>1668505280448</updated>
+    </task>
+    <option name="localTasksCounter" value="7" />
     <servers />
   </component>
   <component name="TypeScriptGeneratedFilesManager">
diff --git a/external_data/random_decision5.rego b/external_data/random_decision5.rego
index 968f304..95aa791 100644
--- a/external_data/random_decision5.rego
+++ b/external_data/random_decision5.rego
@@ -18,7 +18,7 @@ random_number = num {
 
 deny[reason] {
     number := random_number
-    number < 5
+    number < 6
 
     reason := sprintf(
         "Unlucky you: got %d, but 5 or more is required",

From 8561e2605660fad52c8ee1351c1b5f8189556d6e Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 11:47:31 +0200
Subject: [PATCH 12/23] test

---
 external_data/random_decision5.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/external_data/random_decision5.rego b/external_data/random_decision5.rego
index 95aa791..dbe18db 100644
--- a/external_data/random_decision5.rego
+++ b/external_data/random_decision5.rego
@@ -18,7 +18,7 @@ random_number = num {
 
 deny[reason] {
     number := random_number
-    number < 6
+    number < 4
 
     reason := sprintf(
         "Unlucky you: got %d, but 5 or more is required",

From 9ece175b128d91a4a8f8040178e5c35c2eaa5022 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 11:48:48 +0200
Subject: [PATCH 13/23] test

---
 external_data/random_decision5.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/external_data/random_decision5.rego b/external_data/random_decision5.rego
index dbe18db..95aa791 100644
--- a/external_data/random_decision5.rego
+++ b/external_data/random_decision5.rego
@@ -18,7 +18,7 @@ random_number = num {
 
 deny[reason] {
     number := random_number
-    number < 4
+    number < 6
 
     reason := sprintf(
         "Unlucky you: got %d, but 5 or more is required",

From 03ce947a4c455a8337700edbeae699e353b0c535 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 11:55:23 +0200
Subject: [PATCH 14/23] test

---
 .idea/workspace.xml                 | 24 +++++++++++++++++++++++-
 external_data/random_decision5.rego |  2 +-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index ddffde8..daa18b1 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -2,6 +2,7 @@
 <project version="4">
   <component name="ChangeListManager">
     <list default="true" id="4cef5f54-1d35-4e3c-a3d6-a897e55668f2" name="Changes" comment="test">
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/external_data/random_decision5.rego" beforeDir="false" afterPath="$PROJECT_DIR$/external_data/random_decision5.rego" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
@@ -130,7 +131,28 @@
       <option name="project" value="LOCAL" />
       <updated>1668505280448</updated>
     </task>
-    <option name="localTasksCounter" value="7" />
+    <task id="LOCAL-00007" summary="test">
+      <created>1668505408969</created>
+      <option name="number" value="00007" />
+      <option name="presentableId" value="LOCAL-00007" />
+      <option name="project" value="LOCAL" />
+      <updated>1668505408969</updated>
+    </task>
+    <task id="LOCAL-00008" summary="test">
+      <created>1668505651666</created>
+      <option name="number" value="00008" />
+      <option name="presentableId" value="LOCAL-00008" />
+      <option name="project" value="LOCAL" />
+      <updated>1668505651666</updated>
+    </task>
+    <task id="LOCAL-00009" summary="test">
+      <created>1668505728759</created>
+      <option name="number" value="00009" />
+      <option name="presentableId" value="LOCAL-00009" />
+      <option name="project" value="LOCAL" />
+      <updated>1668505728759</updated>
+    </task>
+    <option name="localTasksCounter" value="10" />
     <servers />
   </component>
   <component name="TypeScriptGeneratedFilesManager">
diff --git a/external_data/random_decision5.rego b/external_data/random_decision5.rego
index 95aa791..968f304 100644
--- a/external_data/random_decision5.rego
+++ b/external_data/random_decision5.rego
@@ -18,7 +18,7 @@ random_number = num {
 
 deny[reason] {
     number := random_number
-    number < 6
+    number < 5
 
     reason := sprintf(
         "Unlucky you: got %d, but 5 or more is required",

From dbc46920bac7dfafcc3d4a00e603f779fab3c377 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 11:56:16 +0200
Subject: [PATCH 15/23] test

---
 external_data/random_decision5.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/external_data/random_decision5.rego b/external_data/random_decision5.rego
index 968f304..95aa791 100644
--- a/external_data/random_decision5.rego
+++ b/external_data/random_decision5.rego
@@ -18,7 +18,7 @@ random_number = num {
 
 deny[reason] {
     number := random_number
-    number < 5
+    number < 6
 
     reason := sprintf(
         "Unlucky you: got %d, but 5 or more is required",

From a8e76d15f46a19235735ee36844e5cad9cb77512 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 12:30:45 +0200
Subject: [PATCH 16/23] test

---
 external_data/random_decision5.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/external_data/random_decision5.rego b/external_data/random_decision5.rego
index 95aa791..968f304 100644
--- a/external_data/random_decision5.rego
+++ b/external_data/random_decision5.rego
@@ -18,7 +18,7 @@ random_number = num {
 
 deny[reason] {
     number := random_number
-    number < 6
+    number < 5
 
     reason := sprintf(
         "Unlucky you: got %d, but 5 or more is required",

From 4e4badee137ff16557f03de4848200b498fa255d Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 12:31:17 +0200
Subject: [PATCH 17/23] test

---
 external_data/random_decision5.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/external_data/random_decision5.rego b/external_data/random_decision5.rego
index 968f304..95aa791 100644
--- a/external_data/random_decision5.rego
+++ b/external_data/random_decision5.rego
@@ -18,7 +18,7 @@ random_number = num {
 
 deny[reason] {
     number := random_number
-    number < 5
+    number < 6
 
     reason := sprintf(
         "Unlucky you: got %d, but 5 or more is required",

From 73f28b434cf0d4da661bf50efa234fa35d9b84df Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 12:32:07 +0200
Subject: [PATCH 18/23] test

---
 external_data/{random_decision5.rego => random_decision4.rego} | 0
 external_data/scalr-policy.hcl                                 | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename external_data/{random_decision5.rego => random_decision4.rego} (100%)

diff --git a/external_data/random_decision5.rego b/external_data/random_decision4.rego
similarity index 100%
rename from external_data/random_decision5.rego
rename to external_data/random_decision4.rego
diff --git a/external_data/scalr-policy.hcl b/external_data/scalr-policy.hcl
index 153f197..1b12799 100644
--- a/external_data/scalr-policy.hcl
+++ b/external_data/scalr-policy.hcl
@@ -20,7 +20,7 @@ policy "random_decision3" {
   enforcement_level = "advisory"
 }
 
-policy "random_decision5" {
+policy "random_decision4" {
   enabled           = true
   enforcement_level = "advisory"
 }

From b849478e4dd053bbaf97c20a5440901397dc96db Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 12:56:33 +0200
Subject: [PATCH 19/23] test

---
 external_data/random_decision4.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/external_data/random_decision4.rego b/external_data/random_decision4.rego
index 95aa791..968f304 100644
--- a/external_data/random_decision4.rego
+++ b/external_data/random_decision4.rego
@@ -18,7 +18,7 @@ random_number = num {
 
 deny[reason] {
     number := random_number
-    number < 6
+    number < 5
 
     reason := sprintf(
         "Unlucky you: got %d, but 5 or more is required",

From 10be72b21da4ee1486240f23dd9b9d269bb5878c Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <v.lyzohub@scalr.com>
Date: Tue, 15 Nov 2022 12:57:48 +0200
Subject: [PATCH 20/23] test

---
 external_data/random_decision5.rego | 27 +++++++++++++++++++++++++++
 external_data/scalr-policy.hcl      |  5 +++++
 2 files changed, 32 insertions(+)
 create mode 100644 external_data/random_decision5.rego

diff --git a/external_data/random_decision5.rego b/external_data/random_decision5.rego
new file mode 100644
index 0000000..968f304
--- /dev/null
+++ b/external_data/random_decision5.rego
@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See <https://www.openpolicyagent.org/docs/latest/policy-reference/#http>
+
+package terraform
+
+
+random_number = num {
+    request := {
+        "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+        "method": "GET"
+    }
+    response := http.send(request)
+    response.status_code == 200
+    num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+    number := random_number
+    number < 5
+
+    reason := sprintf(
+        "Unlucky you: got %d, but 5 or more is required",
+        [number]
+    )
+}
diff --git a/external_data/scalr-policy.hcl b/external_data/scalr-policy.hcl
index 1b12799..c00d4cf 100644
--- a/external_data/scalr-policy.hcl
+++ b/external_data/scalr-policy.hcl
@@ -24,3 +24,8 @@ policy "random_decision4" {
   enabled           = true
   enforcement_level = "advisory"
 }
+
+policy "random_decision5" {
+  enabled           = true
+  enforcement_level = "advisory"
+}

From 952747a08be868e81ca3b8fcec372e80fcb8be06 Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <44230643+lyzohub@users.noreply.github.com>
Date: Fri, 8 Dec 2023 14:55:51 +0200
Subject: [PATCH 21/23] Update scalr-policy.hcl

---
 always_pass/scalr-policy.hcl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/always_pass/scalr-policy.hcl b/always_pass/scalr-policy.hcl
index b40e3e4..630449f 100644
--- a/always_pass/scalr-policy.hcl
+++ b/always_pass/scalr-policy.hcl
@@ -1,5 +1,7 @@
 version = "v1"
 
+
+
 policy "test_pass" {
   enabled           = true
   enforcement_level = "soft-mandatory"

From d60d416908fd891ee7c1c5bb9409e599019b557d Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <44230643+lyzohub@users.noreply.github.com>
Date: Fri, 8 Dec 2023 14:59:46 +0200
Subject: [PATCH 22/23] Update test_pass.rego

---
 always_pass/test_pass.rego | 1 +
 1 file changed, 1 insertion(+)

diff --git a/always_pass/test_pass.rego b/always_pass/test_pass.rego
index 76e8eee..3cc914c 100644
--- a/always_pass/test_pass.rego
+++ b/always_pass/test_pass.rego
@@ -4,5 +4,6 @@ package terraform
 deny[reason] {
     false
 
+
     reason := sprintf("pass")
 }

From ab806ca18b52f16db922a69e6764c0720763060b Mon Sep 17 00:00:00 2001
From: Viacheslav Lyzohub <44230643+lyzohub@users.noreply.github.com>
Date: Fri, 8 Dec 2023 15:00:08 +0200
Subject: [PATCH 23/23] Update random_decision2.rego

---
 external_data/random_decision2.rego | 1 +
 1 file changed, 1 insertion(+)

diff --git a/external_data/random_decision2.rego b/external_data/random_decision2.rego
index 968f304..b970077 100644
--- a/external_data/random_decision2.rego
+++ b/external_data/random_decision2.rego
@@ -6,6 +6,7 @@
 package terraform
 
 
+
 random_number = num {
     request := {
         "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",