OPA

The opa adapter exposes an Open Policy Agent engine that provides sophisticated access control mechanisms.

Params

Configuration format for the opa adapter.

Example configuration:

policy:
  - |+
    package mixerauthz
    policy = [
      {
        "rule": {
          "verbs": [
            "storage.buckets.get"
          ],
          "users": [
            "bucket-admins"
          ]
        }
      }
    ]

    default allow = false

    allow = true {
      rule = policy[_].rule
      input.subject.user = rule.users[_]
      input.action.method = rule.verbs[_]
    }
checkMethod: "data.mixerauthz.allow"
failClose: true
FieldTypeDescription
policystring[]

List of OPA policies

checkMethodstring

Query method to check. Format: data..

failClosebool

Close the client request when adapter has a issue. If failClose is set to true and there is a runtime error, instead of disabling the adapter, close the client request