Enterprise OPA Preview in VS Code
With Styra VS Code Tools, you can preview decisions from your Enterprise OPA instance reflecting any new or updated policies and data in your project.
Enterprise OPA preview configuration give you control over the connection to the Enterprise OPA instance, how files are mapped, and how preview requests are processed.
|Bundle roots to search when looking for Rego policies and data (inherited from the Open Policy Agent extension).|
|The URL where the Enterprise OPA HTTP API is accessible.|
|The default query to run when performing an Enterprise OPA: Preview.|
|A prefix to add to all policy paths when mapping for Enterprise OPA preview.|
|||Controls the behavior and features of Enterprise OPA preview calls.|
|all||Determine which files to map for Enterprise OPA preview calls.|
|||A set of glob patterns to omit when mapping for Enterprise OPA preview calls.|
|true||Enable or disable support for Enterprise OPA preview Code Lens links.|
|none||Determine what kind of authorization to use when connecting to the Enterprise OPA API.|
|A file path to a PEM encoded client certificate used for TLS authentication.|
|A file path to a PEM encoded client key used for TLS authentication.|
|A file path to a PEM encoded custom certificate authority certificate to trust when connecting to Enterprise OPA.|
|false||Whether or not to trust Enterprise OPA when the returned TLS certificate is from an unknown authority.|
Enterprise OPA > Preview: Arguments contains various settings which control the behavior of the Enterprise OPA preview API. The available options are as follows:
|instrument||Include extended metrics in preview returns for more in depth debugging|
|Include output generated with |
|provenance||Include provenance data in preview returns|
|sandbox||Exclude existing policies and data when evaluating a preview request|
|strict||Compile previewed rego modules in strict mode|
|strict-builtin-errors||Return an error in the event an error is generated from a built-in function instead of |
Before you can preview decisions you need access to the REST API of an Enterprise OPA instance configured to process preview requests (TODO: link to eopa config docs). This may be a locally running instance, or a remote instance accessed through something such as
Configure your Workspace
Once you have access to the Enterprise OPA REST API, configure your workspace to access it.
Open up your VS Code settings using
CMD + , and type 'OPA' in the search bar. provide the base URL of your Enterprise OPA instance in
Enterprise OPA: Url. Next, if your policy files are in a subdirectory, configure
Opa > Roots to include that subdirectory so that policy mapping is performed at the correct location in your project. Finally, if your project has a default query, configure
Enterprise OPA > Preview: Default Query so you can run the query from any rego file in your project.
It is best to configure most of your settings at the 'Workspace' level in VS Code since each project is different, and likely requires a different preview configuration.
Run a Preview
Once your project is configured, you can begin running Previews against the Enterprise OPA instance. If you have the
Enterprise OPA > Preview: Code Lens setting enabled (it is by default), you can click 'Run Preview' at the top of any Rego document to execute the default query. If no default query is configured, this will evaluate and return results for the Rego package associated with the active Rego file.
In addition to the Code Lens link, you can run a preview from the right-click contextual menu, as well as through the command palette using the
Enterprise OPA: Preview commands.
The right-click contextual menu will provide access to the
Enterprise OPA: Preview Selection command only when the editor contains selected text.
The results of your Preview will appear in the 'Enterprise OPA Preview' output pane.