OPA

The opa adapter exposes an Open Policy Agent enginethat provides sophisticated access control mechanisms.

This adapter supports the authorization template.

Params

Configuration format for the opa adapter.

Example configuration:

  1. policy:
  2.   - |+
  3.     package mixerauthz
  4.     policy = [
  5.       {
  6.         "rule": {
  7.           "verbs": [
  8.             "storage.buckets.get"
  9.           ],
  10.           "users": [
  11.             "bucket-admins"
  12.           ]
  13.         }
  14.       }
  15.     ]
  17.     default allow = false
  19.     allow = true {
  20.       rule = policy[_].rule
  21.       input.subject.user = rule.users[_]
  22.       input.action.method = rule.verbs[_]
  23.     }
  24. checkMethod: "data.mixerauthz.allow"
  25. failClose: true
FieldTypeDescriptionRequired
policystring[]List of OPA policiesNo
checkMethodstringQuery method to check.Format: data.<package name>.<method name>No
failCloseboolClose the client request when adapter has a issue.If failClose is set to true and there is a runtime error,instead of disabling the adapter, close the client requestNo