jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-02-28 06:30:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e6168a644c0c9c625fbe29331d83e00a48da2fd
higress/plugins/wasm-go/extensions/opa/README.md
澄潭 c7c4ae1da2 update plugins doc (#1305)
2024-09-12 21:48:40 +08:00

71 lines
1.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: OPA
keywords: [higress,opa]
description: OPA 策略控制插件配置参考
---
## 功能说明
该插件实现了 `OPA` 策略控制
## 运行属性
插件执行阶段:`认证阶段`
插件执行优先级:`225`
## 配置字段
| 字段 | 数据类型 | 填写要求 | 默认值 | 描述 |
|---------------|--------|------|-----|--------------------------------------|
| policy | string | 必填 | - | opa 策略 |
| timeout | string | 必填 | - | 访问超时时间设置 |
| serviceSource | string | 必填 | - | k8s,nacos,ip,route |
| host | string | 非必填 | - | 服务主机serviceSource为`ip`必填) |
| serviceName | string | 非必填 | - | 服务名称serviceSource为`k8s,nacos,ip`必填) |
| servicePort | string | 非必填 | - | 服务端口serviceSource为`k8s,nacos,ip`必填) |
| namespace | string | 非必填 | - | 服务端口serviceSource为`k8s,nacos`必填) |
## 配置示例
```yaml
serviceSource: k8s
serviceName: opa
servicePort: 8181
namespace: higress-backend
policy: example1
timeout: 5s
```
## OPA 服务安装参考
### 启动 OPA 服务
```shell
docker run -d --name opa -p 8181:8181 openpolicyagent/opa:0.35.0 run -s
```
### 创建 OPA 策略
```shell
curl -X PUT '127.0.0.1:8181/v1/policies/example1' \
-H 'Content-Type: text/plain' \
-d 'package example1
import input.request
default allow = false
allow {
# HTTP method must GET
request.method == "GET"
}'
```
### 查询策略
```shell
curl -X POST '127.0.0.1:8181/v1/data/example1/allow' \
-H 'Content-Type: application/json' \
-d '{"input":{"request":{"method":"GET"}}}'
```
Reference in New Issue View Git Blame Copy Permalink