Skip to main content

Managing a Library

The Styra DAS UI currently supports full Library management (create, read, update, and delete policies and data). Their policies and data are accessible across all Systems and Stacks.

Using a Library to Manage Policies

Libraries are used to write policies. All policies and data are available for policy writing from the data.libraries namespace. You can use your Library with Systems, Stacks, and other Rego policies in Styra DAS.

For example, your library can include a helper function that turns a string representing a URL into an array, add a new policy url.rego to your my_lib library:

package libraries.my_lib.url

split(url) := result {
   s := trim(url, "/")
   result := split(s, "/")
}

The following function could then be used within an Envoy System Ingress policy.

package policy["com.styra.envoy.ingress"].rules.rules

import data.dataset

default allow = false

# allow GET /dogs/...
allow {
   input.attributes.request.http.method == "GET"
   parsed_path := data.libraries.my_lib.url.split(input.attributes.request.http.path)
   parsed_path[0] == "dogs"
}

The data.libraries namespace has a global scope. It can be used in any Policy within Styra DAS.

Using a Library to Define Data

You can use your Library with Systems, Stacks, and other Rego policies in Styra DAS. For example, if your Library includes a JSON Data Source that defined at actions/methods.json to your my_lib library:

{
   "read": "GET",
   "update": "POST"
}

The following function could then be used within an Envoy System Ingress policy.

package policy["com.styra.envoy.ingress"].rules.rules

import data.libraries.my_lib.actions

default allow = false

# allow GET /dogs/...
allow {
  input.attributes.request.http.method == actions["methods.json"].read
}