OPA

The opa adapter exposes an Open Policy Agent engine that provides sophisticated access control mechanisms.

This adapter supports the authorization template.

Params

Configuration format for the opa adapter.

Example configuration:

  1. policy:
  2.   - |+
  3.     package mixerauthz
  4.     policy = [
  5.       {
  6.         "rule": {
  7.           "verbs": [
  8.             "storage.buckets.get"
  9.           ],
  10.           "users": [
  11.             "bucket-admins"
  12.           ]
  13.         }
  14.       }
  15.     ]
  17.     default allow = false
  19.     allow = true {
  20.       rule = policy[_].rule
  21.       input.subject.user = rule.users[_]
  22.       input.action.method = rule.verbs[_]
  23.     }
  24. checkMethod: "data.mixerauthz.allow"
  25. failClose: true
FieldTypeDescriptionRequired
policystring[]

List of OPA policies

No
checkMethodstring

Query method to check. Format: data.<package name>.<method name>

No
failClosebool

Close the client request when adapter has a issue. If failClose is set to true and there is a runtime error, instead of disabling the adapter, close the client request

No