OPA
The opa
adapter exposes an Open Policy Agent engine
that provides sophisticated access control mechanisms.
This adapter supports the authorization template.
Params
Configuration format for the opa
adapter.
Example configuration:
policy:
- |+
package mixerauthz
policy = [
{
"rule": {
"verbs": [
"storage.buckets.get"
],
"users": [
"bucket-admins"
]
}
}
]
default allow = false
allow = true {
rule = policy[_].rule
input.subject.user = rule.users[_]
input.action.method = rule.verbs[_]
}
checkMethod: "data.mixerauthz.allow"
failClose: true