Styra CLI
The Styra CLI provides the full power of Styra from your terminal.
Install the CLI
The CLI binaries listed in this section are for version: 0.9.0
.
Download and install the CLI for your system by executing
curl -o styra ${STYRA_CLI_URL}
command on your terminal.Table 1 - CLI Download LinksOS Download Link macOS M1 https://docs.styra.com/bin/darwin/arm64/styra
macOS https://docs.styra.com/bin/darwin/amd64/styra
Linux https://docs.styra.com/bin/linux/amd64/styra
Windows https://docs.styra.com/bin/windows/amd64/styra.exe
Copy the downloaded file as
styra
orstyra.exe
in your shell's executable path.mv styra /usr/local/bin/styra
For Mac and Linux systems, it is required to change the permissions of the downloaded file to make it executable. To change the file permissions in the directory where you downloaded the file, run:
chmod u+x /usr/local/bin/styra`
Test the installation.
styra --help
If you are using a Mac and see an error that Styra CLI "can't be opened because Apple cannot check it for malicious software" you can add an exception by running xattr -d com.apple.quarantine /usr/local/bin/styra
. This is only necessary once after installing a new version of the CLI.
Docker Container
The official build of the Styra CLI is located on hub.docker.com/r/styra-cli.
Run the CLI by executing docker run -v $HOME:/home/styra styra/cli
and use the following instructions.
Install the Custom CA Certificates
Services that Styra CLI must access can be configured with a server certificate issued by a custom CA. In order to validate the certificate presented from the service, the corresponding CA certificate must be added to Styra CLI client. You can use the environment variable SSL_CERT_DIR
to point to the directory where the CA certificate(s) are located in the container. The CA certificates directory can be mounted using the Docker volume option (-v) when starting the Styra or CLI container.
For example:
docker run -v $HOME:/home/styra \
-v /host/etc/certs:/container/etc/certs \
-e SSL_CERT_DIR="/container/etc/certs" \
styra/cli
Create a Configuration File
The Styra CLI needs your organization id and an authentication token. You may provide these values from a configuration file or environment variable. The command ./styra configure
can be used to create a configuration file.
The following values can be retrieved from the environment variable:
ENV | VALUE |
---|---|
STYRA_ORGANIZATION_ID | <das-id>.styra.com |
STYRA_TOKEN | Use value from Step 1 |
For example:
STYRA_ORGANIZATION_ID='<das-id>.styra.com' \
STYRA_TOKEN='<value from token created in UI>' \
./styra
Evaluate Policies
To use Terraform along with the Styra CLI to check Terraform plans against OPA policies. The Styra CLI embeds OPA in a command called vet
that was designed to evaluate policies against a JSON file on a laptop or a CI/CD pipeline. The styra-cli vet
command is provided with list of files or directories in the command line and OPA configuration from the current directory (location could be changed through the command line flag). Then it takes all JSON and YAML files from provided directories and runs your system's main rule with each file contents as an input, displays the results, and also produces decision logs like OPA would normally do. This can be used for any system-type and cases besides Terraform. For Terraform, it is already pre-configured in such a way that you can use styra-cli vet
to validate your Terraform plan files after converting them to JSON.