Skip to main content

Managing a Library

The Styra DAS UI supports full Library management (create, read, update, and delete policies and data). Library policies and data are accessible across all Systems, Stacks, and other Libraries.

Using a Library to Manage Policies

Libraries can be used to write policies. All policies and data are available for policy writing from the data.libraries namespace. You can use your Library with Systems, Stacks, and other Rego policies in Styra DAS.

For example, your library can include a helper function that turns a string representing a URL into an array, add a new policy url.rego to your my_lib library:

package libraries.my_lib.url

split(url) := result {
   s := trim(url, "/")
   result := split(s, "/")
}

The following function could then be used within an Envoy System Ingress policy.

package policy["com.styra.envoy.ingress"].rules.rules

import data.dataset

default allow = false

# allow GET /dogs/...
allow {
   input.attributes.request.http.method == "GET"
   parsed_path := data.libraries.my_lib.url.split(input.attributes.request.http.path)
   parsed_path[0] == "dogs"
}

The data.libraries namespace has a global scope. It can be used in any Policy within Styra DAS.

Using a Library to Define Data

You can also use Data Sources defined in a Library with Systems, Stacks, and other Rego policies in Styra DAS. For example, if your Library includes a JSON Data Source that is defined at actions/methods.json to your my_lib library:

{
   "read": "GET",
   "update": "POST"
}

The following function could then be used within an Envoy System Ingress policy.

package policy["com.styra.envoy.ingress"].rules.rules

import data.libraries.my_lib.actions

default allow = false

# allow GET /dogs/...
allow {
  input.attributes.request.http.method == actions["methods.json"].read
}