Documentation Index
Fetch the complete documentation index at: https://docs.opal.dev/llms.txt
Use this file to discover all available pages before exploring further.
The following examples illustrate the different use cases for our Request Review scripts, and how you might implement it in your environment.
Auto-Approve Based on Duration
request = context.get_request()
if request.requested_duration_minutes and request.requested_duration_minutes <= 240:
actions.approve("Auto-approved: 4 hours or less")
else:
actions.comment("Duration exceeds auto-approval threshold")
Route Based on Resource Type
request = context.get_request()
for resource in request.requested_resources:
if resource.resource_type == "AWS_IAM_ROLE":
if "prod" in resource.resource_name.lower():
actions.comment("Production AWS access requires manual review")
break
else:
# No production resources found
actions.approve("Auto-approved: non-production access")
Validate Custom Fields
request = context.get_request()
custom_fields = request.custom_fields
# Require ticket number for non-emergency requests
is_emergency = custom_fields.get("emergency_access", False)
ticket_number = custom_fields.get("ticket_number", "")
if is_emergency:
actions.approve("Auto-approved: emergency access")
elif ticket_number:
actions.approve("Auto-approved: ticket " + ticket_number)
else:
actions.deny("A ticket number is required for non-emergency access")
Check Prerequisite Access
request = context.get_request()
PREREQUISITE_GROUP = "550e8400-e29b-41d4-a716-446655440000"
if request.target_user_id:
has_prereq = accesslib.check_access(
request.target_user_id,
PREREQUISITE_GROUP
)
if has_prereq:
actions.approve("User has prerequisite access")
else:
actions.deny("User must first obtain access to the prerequisite group")
else:
actions.comment("No target user specified")
Complex Multi-Condition Logic
def evaluate_request(request):
reason_lower = request.reason.lower()
# Check deny conditions
if "permanent" in reason_lower:
return ("deny", "Permanent access requires executive approval")
# Calculate approval score
score = 0
# Short duration
if request.requested_duration_minutes:
if request.requested_duration_minutes <= 240:
score = score + 2
elif request.requested_duration_minutes <= 480:
score = score + 1
# Has detailed reason
if len(request.reason) >= 50:
score = score + 1
# Urgent keyword
if "urgent" in reason_lower or "emergency" in reason_lower:
score = score + 2
# Make decision
if score >= 3:
return ("approve", "Auto-approved: score " + str(score))
else:
return ("comment", "Score " + str(score) + ", requires manual review")
request = context.get_request()
decision, message = evaluate_request(request)
if decision == "approve":
actions.approve(message)
elif decision == "deny":
actions.deny(message)
else:
actions.comment(message)
