jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-02-06 15:10:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
higress/plugins/wasm-go/extensions/opa
History

README_EN.md

title, keywords, description
title keywords description
OPA
higress
opa
OPA policy control plugin configuration reference

Function Description

This plugin implements OPA policy control.

Running Attributes

Plugin Execution Phase: Authentication Phase
Plugin Execution Priority: 225

Configuration Fields

Field Data Type Required Default Value Description
policy string Required - OPA Policy
timeout string Required - Timeout setting for access
serviceSource string Required - k8s, nacos, ip, route
host string Optional - Service host (required if serviceSource is ip)
serviceName string Optional - Service name (required if serviceSource is k8s,nacos,ip)
servicePort string Optional - Service port (required if serviceSource is k8s,nacos,ip)
namespace string Optional - Namespace (required if serviceSource is k8s,nacos)

Configuration Example

serviceSource: k8s
serviceName: opa
servicePort: 8181
namespace: higress-backend
policy: example1
timeout: 5s

OPA Service Installation Reference

Start OPA Service

docker run -d --name opa -p 8181:8181 openpolicyagent/opa:0.35.0 run -s

Create OPA Policy

curl -X PUT '127.0.0.1:8181/v1/policies/example1' \
  -H 'Content-Type: text/plain' \
  -d 'package example1
import input.request
default allow = false
allow {
    # HTTP method must GET
    request.method == "GET"
}'

Query Policy

curl -X POST '127.0.0.1:8181/v1/data/example1/allow' \
  -H 'Content-Type: application/json' \
  -d '{"input":{"request":{"method":"GET"}}}'
Reference in New Issue View Git Blame Copy Permalink