Configuring Bundle Registry with the Styra DAS API

Bundle Registry maintains an internal archive of bundles. Its contents may be inspected with GET /v1/systems/<system id>/bundles and GET /v1/systems/<system id>/bundles/<bundle id>/<version>/details calls.

For example:

GET /v1/systems/b87975caa0084ea49f7e763107929706/bundles: Lists all the bundles in the archive.
?past: Option for the GET lists only the bundles that have been deployed in the past.
?version=NNN: A parameter that paginates through larger archive.

You can decide whether to use the Bundle Registry for each Styra DAS system. To configure the Bundle Registry, you must provide the configuration as a part of the system configuration, by setting the bundle_registry field of a system.

For example:

Download the system configuration with: GET /v1/systems/b87975caa0084ea49f7e763107929706.
Modify the system configuration in the result.
Upload it back after adding the bundle_registry field to the system configuration object.

note

The uploaded system configuration is in the result field of the GET call and the outer most object wrapping the system configuration should be dropped.

The configuration for the Bundle Registry comprises of the fields listed in Bundle Registry.

For example, the following JSON snippet is a valid bundle registry configuration that instructs Styra DAS to use an external Amazon S3 bucket (styra-example-storage) with the configured file names for the discovery and policy bundles. It also instructs the SLP/OPA to use AWS environment variables in obtaining the Amazon S3 credentials. It configures a short history for the bundle archives with at most two bundles will be archived (in total), but at least two bundles deployed in the past are kept in the archive.

"bundle_registry": {
    "max_bundles": 2,
    "max_deployed_bundles": 2,
    "distribution_s3": {
        "access_keys": "styra-example-storage-secret",
        "region": "us-east-1",
        "bucket": "styra-example-storage",
        "discovery_path": "discovery-p1.tgz",
        "policy_path": "policy-p2.tgz",
        "opa_credentials": {
            "environment_credentials": {
                "aws_default_region": "us-east-1"
            }
        }
    }
},

To configure the bundle registry using Styra DAS APIs:

Create a System.
Create an API token.

Create AWS S3 secret with following curl command:

curl --request PUT 'https://<das-id>.styra.com/v1/secrets/<secretname>' --header 'Content-Type: application/json' --header 'Authorization: Bearer <Styra DAS API Token>'
--data-raw '{
"description": "AWS S3 export key",
"name": "<aws_access_key_id>",
"secret": "<aws_secret_access_key>"
}'

Use the following instructions to update the System created with bundle_registry configuration:

Download the system configuration file using the following curl command:
```
curl -o system-config.json <das-id>.styra.com/v1/systems/SYSTEM_ID
```

Edit the system-config.json file; remove the outer JSON levels "request_id" and "result"; then add the bundle_registry field.

"bundle_registry": {
    "distribution_s3": {
        "access_keys": "<secretname>",
        "bucket": "styra-onprem-test01",
        "discovery_path": "discovery-p1.tgz",
        "opa_credentials": {
            "environment_credentials": {
                "aws_default_region": "us-east-1"
            }
        },
        "policy_path": "policy-p2.tgz",
        "region": "us-east-1"
    },
    "manual_deployment": true,
    "max_bundles": 2,
    "max_deployed_bundles": 2
}

Upload the updated version by using the following curl command:

curl -X PUT <das-id>.styra.com/v1/systems/SYSTEM_ID -d @system-config.json

Trigger bundle_deploy using API with the bundle version and revision obtained through getbundles API by using the following command:

curl -XPUT -H "Content-Type: application/json" <das-id>.styra.com/v1/systems/SYSTEM_ID/bundle-deploy -d '{"primary": {"id": "policy", "version" : VERSION}}'