Managing a Library
The Styra DAS UI supports full Library management (create, read, update, and delete policies and data). Library policies and data are accessible across all Systems, Stacks, and other Libraries.
Using a Library to Manage Policies
Libraries can be used to write policies. All policies and data are available for policy writing from the data.libraries
namespace. You can use your Library with Systems, Stacks, and other Rego policies in Styra DAS.
For example, your library can include a helper function that turns a string representing a URL into an array, add a new policy url.rego
to your my_lib
library:
package libraries.my_lib.url
split(url) := result {
s := trim(url, "/")
result := split(s, "/")
}
The following function could then be used within an Envoy System Ingress policy.
package policy["com.styra.envoy.ingress"].rules.rules
import data.dataset
default allow = false
# allow GET /dogs/...
allow {
input.attributes.request.http.method == "GET"
parsed_path := data.libraries.my_lib.url.split(input.attributes.request.http.path)
parsed_path[0] == "dogs"
}
The data.libraries
namespace has a global scope. It can be used in any Policy within Styra DAS.
Using a Library to Define Data
You can also use Data Sources defined in a Library with Systems, Stacks, and other Rego policies in Styra DAS. For example, if your Library includes a JSON Data Source that is defined at actions/methods.json
to your my_lib
library:
{
"read": "GET",
"update": "POST"
}
The following function could then be used within an Envoy System Ingress policy.
package policy["com.styra.envoy.ingress"].rules.rules
import data.libraries.my_lib.actions
default allow = false
# allow GET /dogs/...
allow {
input.attributes.request.http.method == actions["methods.json"].read
}