From a86baf0b66df205bd7feb0054f73fd22e30b7c69 Mon Sep 17 00:00:00 2001
From: Kristin Laemmert <mildwonkey@users.noreply.github.com>
Date: Tue, 1 Oct 2024 12:45:14 -0400
Subject: [PATCH] add opa example to docs - i don't like my phrasing here

---
 docs/reference/domains/file-domain.md | 62 ++++++++++++++++++++++++---
 1 file changed, 56 insertions(+), 6 deletions(-)

diff --git a/docs/reference/domains/file-domain.md b/docs/reference/domains/file-domain.md
index 0cb1ef03..f6195ce5 100644
--- a/docs/reference/domains/file-domain.md
+++ b/docs/reference/domains/file-domain.md
@@ -37,7 +37,18 @@ The file domain supports the following file formats for validation:
 * YAML
 
 ## Validations
-When writing validations against files, the filepath Name must be included as the top-level key in the validation, in this example below `check`:
+When writing validations against files, the filepath Name must be included as
+the top-level key in the validation. The placement varies between providers.
+
+Given the following ini file:
+
+```grafana.ini
+[server]
+# Protocol (http, https, socket)
+protocol = http
+```
+
+The below Kyverno policy validates the protocol is https by including Grafana as the top-level key under "check":
 
 ```yaml
 metadata:
@@ -68,8 +79,47 @@ provider:
                     protocol: https
 ```
 
-```grafana.ini
-[server]
-# Protocol (http, https, socket)
-protocol = http
-```
\ No newline at end of file
+While in an OPA policy, the filepath Name is the input key to access the config:
+
+```yaml
+metadata:
+  name: validate-grafana-config
+  uuid: ad38ef57-99f6-4ac6-862e-e0bc9f55eebe
+domain:
+  type: file
+  file-spec:
+    filepaths:
+    - name: 'grafana'
+      path: 'custom.ini'
+provider:
+  type: opa
+  opa-spec:
+    rego: |
+      package validate
+      import rego.v1
+
+      # Default values
+      default validate := false
+      default msg := "Not evaluated"
+      
+      validate if {
+       check_grafana_config.result
+      }
+      msg = check_grafana_config.msg
+
+      config := input["grafana"]
+      protocol := config.server.protocol
+
+      check_grafana_config = {"result": true, "msg": msg} if {
+        protocol == "https"
+        msg := "Server protocol is set to https"
+      } else = {"result": false, "msg": msg} if {
+        protocol == "http"
+        msg := "Grafana protcol is insecure"
+      }
+
+    output:
+      validation: validate.validate
+      observations:
+        - validate.msg
+```