UPDATE

policies/sensor_7_in_1.rego

@@ -0,0 +1,43 @@
+package croplogic.authz
+
+import rego.v1
+
+has_feature_rule(feature) if {
+  is_sensor_7_in_1_feature(feature)
+}
+
+feature_rule(feature) := {
+  "code": "sensor-7-in-1-requires-sensor-code",
+  "allow": true,
+  "reason": "sensor-7-in-1 feature requires sensor_codes to include sensor-7-in-1",
+} if {
+  is_sensor_7_in_1_feature(feature)
+  has_sensor_code("sensor-7-in-1")
+}
+
+feature_rule(feature) := {
+  "code": "sensor-7-in-1-requires-sensor-code",
+  "allow": false,
+  "reason": "sensor-7-in-1 feature requires sensor_codes to include sensor-7-in-1",
+} if {
+  is_sensor_7_in_1_feature(feature)
+  not has_sensor_code("sensor-7-in-1")
+}
+
+is_sensor_7_in_1_feature(feature) if {
+  lower(sprintf("%v", [feature])) == "sensor-7-in-1"
+}
+
+has_sensor_code(code) if {
+  sensor_codes := object.get(input.resource, "sensor_codes", [])
+  is_array(sensor_codes)
+  sensor_code := sensor_codes[_]
+  lower(sprintf("%v", [sensor_code])) == lower(sprintf("%v", [code]))
+}
+
+has_sensor_code(code) if {
+  sensor_code := object.get(input.resource, "sensor_codes", null)
+  sensor_code != null
+  not is_array(sensor_code)
+  lower(sprintf("%v", [sensor_code])) == lower(sprintf("%v", [code]))
+}