OPA
The opa adapter exposes an Open Policy Agent engine
that provides sophisticated access control mechanisms.
This adapter supports the authorization template.
Params
Configuration format for the opa adapter.
Example configuration:
policy:
- |+
package mixerauthz
policy = [
{
"rule": {
"verbs": [
"storage.buckets.get"
],
"users": [
"bucket-admins"
]
}
}
]
default allow = false
allow = true {
rule = policy[_].rule
input.subject.user = rule.users[_]
input.action.method = rule.verbs[_]
}
checkMethod: "data.mixerauthz.allow"
failClose: true
| Field | Type | Description | Required |
|---|---|---|---|
policy | string[] | List of OPA policies | No |
checkMethod | string | Query method to check.
Format: | No |
failClose | bool | Close the client request when adapter has a issue. If failClose is set to true and there is a runtime error, instead of disabling the adapter, close the client request | No |