jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-03-02 23:51:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e6168a644c0c9c625fbe29331d83e00a48da2fd
higress/plugins/wasm-go/extensions/opa/README_EN.md
澄潭 c7c4ae1da2 update plugins doc (#1305)
2024-09-12 21:48:40 +08:00

59 lines
2.0 KiB
Markdown
Raw Blame History

---
title: OPA
keywords: [higress,opa]
description: OPA policy control plugin configuration reference
---
## Function Description
This plugin implements `OPA` policy control.
## Running Attributes
Plugin Execution Phase: `Authentication Phase`
Plugin Execution Priority: `225`
## Configuration Fields
| Field | Data Type | Required | Default Value | Description |
|------------------|-------------|----------|---------------|-----------------------------------------------|
| policy | string | Required | - | OPA Policy |
| timeout | string | Required | - | Timeout setting for access |
| serviceSource | string | Required | - | k8s, nacos, ip, route |
| host | string | Optional | - | Service host (required if serviceSource is `ip`) |
| serviceName | string | Optional | - | Service name (required if serviceSource is `k8s,nacos,ip`) |
| servicePort | string | Optional | - | Service port (required if serviceSource is `k8s,nacos,ip`) |
| namespace | string | Optional | - | Namespace (required if serviceSource is `k8s,nacos`) |
## Configuration Example
```yaml
serviceSource: k8s
serviceName: opa
servicePort: 8181
namespace: higress-backend
policy: example1
timeout: 5s
```
## OPA Service Installation Reference
### Start OPA Service
```shell
docker run -d --name opa -p 8181:8181 openpolicyagent/opa:0.35.0 run -s
```
### Create OPA Policy
```shell
curl -X PUT '127.0.0.1:8181/v1/policies/example1' \
-H 'Content-Type: text/plain' \
-d 'package example1
import input.request
default allow = false
allow {
# HTTP method must GET
request.method == "GET"
}'
```
### Query Policy
```shell
curl -X POST '127.0.0.1:8181/v1/data/example1/allow' \
-H 'Content-Type: application/json' \
-d '{"input":{"request":{"method":"GET"}}}'
```
Reference in New Issue View Git Blame Copy Permalink