Skip to main content

Use Data Sources

One of the key features of Entitlements is to support interfacing with data from your existing systems and infrastructure. For this example, suppose the car dealership has some existing user data made available on the users URL and you want to bring this into the Entitlements system to allow Styra DAS to make decisions based on it.=

Create a transform that describes how to map the Data Source into the Entitlements object model.

Create a Policy

The following steps are used to create a policy

  1. Navigate to your system menu, expand the transform folder, click the kebab icon (), and select Add Policy to start creating a new policy.

  2. Set the Path (required) to transform/http_users.

  3. Set the Module name (required) to transform.rego.

  4. In the new Rego file, paste the following code:

    package transform.http_users

    users[id] = record {
        in := input[_]
        id := in.username
        record := {
            "name": in.name,
            "email": in.email,
            "geo": in.address.geo
        }
    }

  5. Click on the Publish.

The transform is created.

Create a Data Source

The following steps are used to create a new Data Source.

  1. Navigate to your system menu, click the kebab icon (), and select Add Data Source.
  2. Set the Data Source Type field to HTTPS, Path field to data sources/, and Data source name to http_users.
  3. Scroll down and expand the Advanced drop down list.
    • Data transform: Select Custom.
    • Policy: Enter transform/http_users/transform.rego.
    • Rego query: Enter data.transform.http_users.users.
  4. Click on the Add button to add the Data Source.

After several minutes, your new Data Source will pull the URL, download the JSON, and apply the configured transform.

Connect Users for Entitlements

The following steps are used to connect users to Entitlements.

  1. Navigate to Your System > object > object.rego policy. The set of all users for Entitlements to know about the users object will be the combination of those users retrieved from your new data source, and the sample users. When you are done editing, check if you have clicked on the Publish button to publish your changes.
  2. Replace the following line in the object.rego file:
users := data.global.systemtypes["entitlements:0.1"].library.sample[sample_package].users

With:

sample_users := data.global.systemtypes["entitlements:0.1"].library.sample[sample_package].users
http_users := data.datasources.http_users
users := object.union(sample_users, http_users)

Create a Rule

The following steps are used to create a rule.

  1. Navigate to Your System > Policy > rules.rego to create a new rule.
  2. Click Add rule.
  3. Search and click on Generic Allow/Deny Rule.
  4. In the subjects (optional) field, set Samantha and Bret. Here, the users Samantha and Bret have full access to the entire API.
  5. Click Publish to publish your changes and return to your Entitlements Playground tab.
  6. Change the resource and action fields. Set subject to Samantha or Bret and compare what happens with other users.

Debug Data Source Transforms

The following steps are used to debug Data Source transforms.

  1. Select your transform.rego file.
  2. Click on the Preview button in the top-right corner.
  3. Copy-paste an example of your input data into the Input pane in the bottom-left corner of the screen.
  4. Click Preview to see the output of your transform.