OPA

The opa adapter exposes an Open Policy Agent engine that provides sophisticated access control mechanisms.

This adapter supports the authorization template.

Params

Configuration format for the opa adapter.

Example configuration:

policy:
  - |+
    package mixerauthz
    policy = [
      {
        "rule": {
          "verbs": [
            "storage.buckets.get"
          ],
          "users": [
            "bucket-admins"
          ]
        }
      }
    ]

    default allow = false

    allow = true {
      rule = policy[_].rule
      input.subject.user = rule.users[_]
      input.action.method = rule.verbs[_]
    }
checkMethod: "data.mixerauthz.allow"
failClose: true
Field Type Description
policy string[]

List of OPA policies
checkMethod string

Query method to check. Format: data..
failClose bool

Close the client request when adapter has a issue. If failClose is set to true and there is a runtime error, instead of disabling the adapter, close the client request


Memory quota
Prometheus