• OPA
    • Params

    OPA

    The opa adapter exposes an Open Policy Agent enginethat provides sophisticated access control mechanisms.

    This adapter supports the authorization template.

    Params

    Configuration format for the opa adapter.

    Example configuration:

    1. policy:
    2.   - |+
    3.     package mixerauthz
    4.     policy = [
    5.       {
    6.         "rule": {
    7.           "verbs": [
    8.             "storage.buckets.get"
    9.           ],
    10.           "users": [
    11.             "bucket-admins"
    12.           ]
    13.         }
    14.       }
    15.     ]
    17.     default allow = false
    19.     allow = true {
    20.       rule = policy[_].rule
    21.       input.subject.user = rule.users[_]
    22.       input.action.method = rule.verbs[_]
    23.     }
    24. checkMethod: "data.mixerauthz.allow"
    25. failClose: true
    FieldTypeDescriptionRequired
    policystring[]List of OPA policiesNo
    checkMethodstringQuery method to check.Format: data.<package name>.<method name>No
    failCloseboolClose the client request when adapter has a issue.If failClose is set to true and there is a runtime error,instead of disabling the adapter, close the client requestNo