遍历 Rego 中 Arrays 内的 Json 对象

Question

我想获取client_broker键的值并检查它是否是TLS，如果TLS rego应该通过否则它将失败，但我无法遍历数组元素中的嵌套json，尝试使用walk但不工作，，，需要帮忙：（

正在尝试使用下面的代码，但没有奏效

deny{
   r := tfplan.resource_changes[_]
   r.type == "aws_msk_cluster"
   name := r.change.after.encryption_info[_]
   #val := walk(name,["encryption_in_transit"],"TLS")
   print(name)
   #print(val)
   contains(name,"TLS")
}

模拟.json

"change": {
                    "actions": [
                        "create"
                    ],
                    "before": null,
                    "after": {
                        "broker_node_group_info": [
                            {
                                "az_distribution": "DEFAULT",
                                "instance_type": "kafka.m5.large",
                                "storage_info": [
                                    {
                                        "ebs_storage_info": [
                                            {
                                                "provisioned_throughput": [],
                                                "volume_size": 1000
                                            }
                                        ]
                                    }
                                ]
                            }
                        ],
                        "client_authentication": [],
                        "cluster_name": "example",
                        "configuration_info": [],
                        "encryption_info": [
                            {
                                "encryption_in_transit": [
                                    {
                                        "client_broker": "TLS",
                                        "in_cluster": true
                                    }
                                ]
                            }
                        ],
                        "enhanced_monitoring": "DEFAULT",
                        "kafka_version": "3.2.0",

Answer 1

最后通过下面的代码行解决了这个问题

is_encryption_in_transit{
   r := tfplan.resource_changes[_]
   r.type == "aws_msk_cluster"
   name := r.change.after.encryption_info[_]
   [path,val] := walk(name.encryption_in_transit)
   protocol = val["client_broker"]
   cluster_encryption = val["in_cluster"]
   protocol == "TLS"
   cluster_encryption == true
}