OPA based policy engine.
make build./policy-man -h
___ ___ _ ___ _____ __ __ __ _ _ _
| _ \/ _ \| | |_ _/ __\ \ / / ___ | \/ | /_\ | \| |
| _/ (_) | |__ | | (__ \ V / |___| | |\/| |/ _ \| .' |
|_| \___/|____|___\___| |_| |_| |_/_/ \_\_|\_|
Usage:
policy-man [flags]
Flags:
-c, --config string Specify the config file
-h, --help help for policy-man
-a, --host string The host of the HTTP server (default "localhost")
--log.level string The level of the log (default "info")
--log.path string The path of the log (default "stdout")
-m, --mode string The mode of the HTTP server.[release/debug/test] (default "release")
-p, --port string The port of the HTTP server (default "8090")
-v, --version Show the version numberOnly allow and deny will be evaluated. If the variable allow be evaluated as false, or the variable deny be
evaluated as true, The policy will be evaluated as false.
$ curl -X POST http://localhost:8090/evaluate/policies -H 'Content-Type: application/json' -d '
{
"policy_list": [
"import future.keywords.if\nimport future.keywords.in\n\ndefault allow := false\n\nallow if {\n input.method == \"GET\"\n input.path == [\"salary\", input.subject.user]\n}\n\nallow if is_admin\n\nis_admin if \"admin\" in input.subject.groups",
"import future.keywords.if\nimport future.keywords.in\n\ndefault deny := false\n\nallow if {\n input.method == \"GET\"\n input.path == [\"salary\", input.subject.user]\n}\n\nallow if is_admin\n\nis_admin if \"admin\" in input.subject.groups"
],
"input": "{\"method\":\"GET\",\"path\":[\"salary\",\"bob\"],\"subject\":{\"user\":\"bob\",\"groups\":[\"sales\",\"marketing\"]}}"
}'
{"isSuccessful":true}Open internet browser and navigate to the url http://localhost:8090/swagger/index.html. View and Call APIs on the page of swagger UI.
All files of the RESTful API documentation are in the directory ./openapi/docs, when the service API or API annotations are updated, these files should be updated by the following commands:
make api_docAll the above commands are written to the file Makefile, You can also use commands in the chapter [Build from source](#Build from source) directly to update these files.
All third-party related content is listed in the DEPENDENCIES file.
We can instrument the policy-man with open-telemetry metrics and traces using the auto-instrumentation feature from the open-telemetry project. This automatically generates required data for all HTTP requests.
Sample working example can be found here. The example uses jaeger as OTEL collector but can be used with any OTEL based collector. Jager UI can be accessed at http://localhost:16686/ .
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent