Managing a Library
The Styra DAS UI currently supports full Library management (create, read, update, and delete policies and data). Their policies and data are accessible across all Systems and Stacks.
Using a Library to Manage Policies
Libraries are used to write policies. All policies and data are available for policy writing from the data.libraries
namespace. You can use your Library with Systems, Stacks, and other Rego policies in Styra DAS.
For example, your library can include a helper function that turns a string representing a URL into an array, add a new policy url.rego
to your my_lib
library:
package libraries.my_lib.url
split(url) := result {
s := trim(url, "/")
result := split(s, "/")
}
The following function could then be used within an Envoy System Ingress policy.
package policy["com.styra.envoy.ingress"].rules.rules
import data.dataset
default allow = false
# allow GET /dogs/...
allow {
input.attributes.request.http.method == "GET"
parsed_path := data.libraries.my_lib.url.split(input.attributes.request.http.path)
parsed_path[0] == "dogs"
}
The data.libraries
namespace has a global scope. It can be used in any Policy within Styra DAS.
Using a Library to Define Data
You can use your Library with Systems, Stacks, and other Rego policies in Styra DAS. For example, if your Library includes a JSON Data Source that defined at actions/methods.json
to your my_lib
library:
{
"read": "GET",
"update": "POST"
}
The following function could then be used within an Envoy System Ingress policy.
package policy["com.styra.envoy.ingress"].rules.rules
import data.libraries.my_lib.actions
default allow = false
# allow GET /dogs/...
allow {
input.attributes.request.http.method == actions["methods.json"].read
}