Skip to main content

Customizing OPA Discovery Configuration for a Styra DAS System

Styra DAS uses a System-specific OPA discovery configuration to centrally manage OPAs linked to a System. The discovery configuration can be used to define the behavior of various OPA plugins including decision logs, bundle download, and distributed tracing.

The discovery bundle for a System is made available at the /v1/systems/:id/discovery API endpoint.

curl -s -o - -H "Authorization: Bearer ${STYRA_API_TOKEN}" \
  "${DAS_URL}/v1/systems/${SYSTEM_ID}/discovery" | tar xz

The retrieved configuration data.json:

{
  "discovery": {
    "bundles": {
      "systems/SYSTEM_ID": {
        "persist": false,
        "polling": {
          "max_delay_seconds": 15,
          "min_delay_seconds": 10
        },
        "resource": "/bundles/systems/SYSTEM_ID",
        "service": "styra"
      }
    },
    "decision_logs": {
      "console": false,
      "reporting": {
        "max_delay_seconds": 15,
        "min_delay_seconds": 10
      },
      "service": "styra"
    },
    "default_decision": "main/main",
    "nd_builtin_cache": true,
    "status": {
      "console": false,
      "service": "styra"
    }
  }
}

Add or Override a Value in Discovery Configuration

Styra DAS users may choose to add or override the values specified in the default discovery configuration by using the /v1/systems UPDATE API to edit the deployment_parameters.discovery field in a System's configuration.

As an example, the following API call can be used to override the setting decision_logs.console from the above configuration, or to add another top-level setting, distributed_tracing.type.

curl -X PUT \
  -H "Authorization: Bearer ${STYRA_API_TOKEN}" \
  -H "Content-Type: application/json" \
  ${DAS_URL}/v1/systems/${SYSTEM_ID} \
  -d '{"deployment_parameters": {"discovery": {"decision_logs": {"console": true}, "distributed_tracing": {"type": "grpc"}}}}'

The new Discovery configuration can now be verified by retrieving the /v1/systems/:id/discovery bundle for the system.

curl -s -o - -H "Authorization: Bearer ${STYRA_API_TOKEN}" \
  "${DAS_URL}/v1/systems/${SYSTEM_ID}/discovery" | tar xz

The updated data.json has decision_logs.console set to true and a new value of grpc added for distributed_tracing.type.

{
  "discovery": {
    "bundles": {
      "systems/SYSTEM_ID": {
        "persist": false,
        "polling": {
          "max_delay_seconds": 15,
          "min_delay_seconds": 10
        },
        "resource": "/bundles/systems/SYSTEM_ID",
        "service": "styra"
      }
    },
    "decision_logs": {
      "console": true,
      "reporting": {
        "max_delay_seconds": 15,
        "min_delay_seconds": 10
      },
      "service": "styra"
    },
    "default_decision": "main/main",
    "distributed_tracing": {
      "type": "grpc"
    },
    "nd_builtin_cache": true,
    "status": {
      "console": false,
      "service": "styra"
    }
  }
}

References

See the following resources for additional information: