narval-xyz · Ptroger · Nov 12, 2024 · Nov 12, 2024 · Nov 12, 2024 · Nov 12, 2024
diff --git a/.github/workflows/policy-engine.yml b/.github/workflows/policy-engine.yml
@@ -122,11 +122,13 @@ jobs:
 
       - name: Setup Regal
         uses: StyraInc/[email protected]
+        with:
+          version: '0.29.0'
 
       - name: Setup OPA
         uses: open-policy-agent/setup-opa@v2
         with:
-          version: latest
+          version: '0.70.0'
 
       - name: Format
         run: make policy-engine/rego/format/check

diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/armory/criteria/checkApprovals.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/armory/criteria/checkApprovals.rego
@@ -16,10 +16,10 @@ getApprovalsCount(possibleApprovers) := result if {
 # User approvals
 
 checkApproval(approval) := result if {
-	principal := entities.getUser(input.principal.userId)
-
 	approval.countPrincipal == true
 	approval.approvalEntityType == "Narval::User"
+
+	principal := entities.getUser(input.principal.userId)
 	possibleApprovers = {
 	entity |
 		some entity in approval.entityIds
@@ -28,10 +28,10 @@ checkApproval(approval) := result if {
 }
 
 checkApproval(approval) := result if {
-	principal := entities.getUser(input.principal.userId)
-
 	approval.countPrincipal == false
 	approval.approvalEntityType == "Narval::User"
+
+	principal := entities.getUser(input.principal.userId)
 	possibleApprovers = {entity |
 		some entity in approval.entityIds
 		not lib.caseInsensitiveEqual(entity, principal.id)
@@ -42,10 +42,10 @@ checkApproval(approval) := result if {
 # User group approvals
 
 checkApproval(approval) := result if {
-	principal := entities.getUser(input.principal.userId)
-
 	approval.countPrincipal == true
 	approval.approvalEntityType == "Narval::UserGroup"
+
+	principal := entities.getUser(input.principal.userId)
 	possibleApprovers = {user |
 		some entity in approval.entityIds
 		users = entities.getUserGroup(entity).users
@@ -56,10 +56,10 @@ checkApproval(approval) := result if {
 }
 
 checkApproval(approval) := result if {
-	principal := entities.getUser(input.principal.userId)
-
 	approval.countPrincipal == false
 	approval.approvalEntityType == "Narval::UserGroup"
+
+	principal := entities.getUser(input.principal.userId)
 	possibleApprovers = {user |
 		some entity in approval.entityIds
 		users = entities.getUserGroup(entity).users

diff --git a/.../policy-engine/src/resource/open-policy-agent/rego/armory/entities/buildChainAccount.rego b/.../policy-engine/src/resource/open-policy-agent/rego/armory/entities/buildChainAccount.rego
@@ -28,7 +28,7 @@
 		"chainId": chainAccount.chainId,
 		"classification": addressBookData.classification,
 		# we can default to 'managed' because its in accounts
 		# TODO: @ptroger add addressBookGroups when implemented
 		"accountType": accountData.accountType,
 		"assignees": accountData.assignees,
 		"groups": accountData.groups,
@@ -55,10 +55,10 @@
 
 # Get source information when there is only an account entry
 buildIntentSourceChainAccount(intent) := source if {
-	chainAccount = parseChainAccount(intent.from)
+	getAddressBookEntry(intent.from) == null
 
+	chainAccount = parseChainAccount(intent.from)
 	accountData := getAccount(chainAccount.address)
-	getAddressBookEntry(intent.from) == null
 
 	source := {
 		"id": chainAccount.id,
@@ -84,7 +84,7 @@
 		"address": chainAccount.address,
 		"chainId": chainAccount.chainId,
 		"classification": addressBookData.classification,
 		# TODO: @ptroger add addressBookGroups when implemented
 	}
 }