When I run the following code:
data := response {
response := http.send({
"method" : "GET",
"url": "https://httpbin.org/status/200"
})
}
I get this error:
1 error occurred: policy.rego:4: rego_type_error: unsafe built-in function calls in expression: http.send
Im using the rego play to run that policy. https://play.openpolicyagent.org/p/iqK8Zt5L62
I believe that is specific to the playground, as allowing arbitrary HTTP requests to be sent from there could potentially be misused. Your rule should work fine in any other context.