OPA

The opa adapter exposes an Open Policy Agent engine that provides sophisticated access control mechanisms.

Params

Configuration format for the opa adapter.

Example configuration:

policy:
  - |+
    package mixerauthz
    policy = [
      {
        "rule": {
          "verbs": [
            "storage.buckets.get"
          ],
          "users": [
            "bucket-admins"
          ]
        }
      }
    ]

    default allow = false

    allow = true {
      rule = policy[_].rule
      input.subject.user = rule.users[_]
      input.action.method = rule.verbs[_]
    }
checkMethod: "data.mixerauthz.allow"
failClose: true

Field	Type	Description
`policy`	`string[]`	List of OPA policies
`checkMethod`	`string`	Query method to check. Format: data..
`failClose`	`bool`	Close the client request when adapter has a issue. If failClose is set to true and there is a runtime error, instead of disabling the adapter, close the client request