Use Git as Storage for Systems
Styra DAS supports using Git as a storage mechanism for policies. Each system can be configured with its own Git repository as storage.
git-storage
is an internal functionality that co-ordinates all the activities between the Git repository and Styra DAS.
Using Git as storage also enables the following features:
-
Embrace the policy-as-code philosophy, allowing you to leverage the same source of truth for your policies that you have for your code: A Git repository.
-
Rollback policy changes using the same machinery you do for your other code: Update the tip of your chosen branch to a previous workable state.
-
Implement change control via peer-review using the Git-workflow provided by your organization.
Once you configure Git, you can use Styra the same way you always have, except when you want to promote policies for distribution to OPA.
The following shows the policy-authoring flow without configuring git-storage
:
- Make a policy change in the Styra editor.
- Promote the change. Styra stores the new policy in its backend.
- Styra distributes new policy to OPAs.
The following shows the policy-authoring flow when git-storage
is configured.
- Make a policy change in the Styra editor.
- Promote the change. Styra pushes this policy to your GitHub repository in a special branch. This branch is named
styra-{repo-path}-{basebranch}-system-{user@domain.com}
, where{repo-path}
is the path configured for git,{basebranch}
is the base branch name (typically "main"), and{user@domain.com}
is the email of the user who created the branch. - The team can review, test, and merge this special branch into your
main
branch. Styra does not open a pull request or similar -- you will need to do this manually. - Styra picks up the change in the
main
branch and distributes the new policy to OPAs.
