Rego Built-in Function: regex.template_match
regex.template_match() is an advanced function for matching inputs against
complex patterns. Sometimes, an input string needs to be validated as a series
of distinct components. This function allows you to offer patterns to validate
specific parts of the string separately.
warning
Before continuing, make sure your use case is not solved by the simpler
regex.match()
or
glob.match
functions.
This functions are easier to use and thus less error prone for simpler use cases.
Examples
Advanced path pattern matching
In the example that follows, we have a complex path which represents an AWS ARN owned by a project with a UUID v4 identifier. The path is validated in two parts using two separate patterns, each contained to particular segments of the path.
# policy.rego
uuid_v4_pattern := `[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}`
aws_arn_pattern := `arn:(aws[a-zA-Z-]*):([a-zA-Z0-9-]+):([a-zA-Z0-9-]*):([0-9]*):([a-zA-Z0-9-:/]+)`
path := "/projects/10ceef56-2b18-4cf7-895f-14d2dc45cc66/arn:aws:ec2:us-west-2:123456789012:instance/i-1234567890abcdef0"
path_pattern_template := sprintf("/projects/{%s}/{%s}", [
uuid_v4_pattern,
aws_arn_pattern,
])
matches := regex.template_match(path_pattern_template, path, "{", "}")
| Rule | Output Value | Notes |
|---|---|---|
| matches | true | The path is a valid UUID followed by a valid AWS ARN. |