Skip to main content
tip

You do not need an Enterprise OPA license to use this functionality.

How to develop and test policies locally using Styra DAS libraries

This guide shows you how to use the Enterprise OPA CLI to locally develop and test policies that use libraries from Styra DAS.

  1. Install the Enterprise OPA CLI
  2. Run eopa login to connect to your Styra DAS instance
  3. Run eopa pull to download the available libraries and library data from Styra DAS
  4. Run eopa run to start up a server
  5. Run eopa test to run unit tests

Install the Enterprise OPA CLI

brew install styrainc/packages/eopa

See the installation reference guide for alternatives.

eopa login

First, navigate to the directory containing your policy code.

Next, run eopa login with the URL of your Styra DAS tenant.

cd my_project
eopa login --url https://mytenant.styra.com

Your browser should automatically open the login page to your tenant. After signing in, you should be logged in on the command line.

eopa login --url https://mytenant.styra.com
[INFO] Opening https://mytenant.styra.com/cli-sign-in?callback=57009

[INFO] Successfully logged in
info

The callback port is randomized.

If the automatic token transfer fails, the browser tab will show you the token to use. Use the token with the --read-token flag to store it manually.

eopa login --read-token jlXPF81IAAQWHod1oGjHZNcuWgGKWJYu9gP638dTfwe5UokU7XlGeWGm38m8SWCU460OKiPq-8w=

You should see auto-generated .styra.yaml and .styra-session files.

Refer to the eopa login CLI reference for a full list of options

eopa pull

Now that you are logged in, pull the libraries and library data from your Styra DAS instance. You should see information about the libraries that were pulled.

eopa pull
[INFO] Retrieving 3 libraries: banking_lib, custom_snippets, terraform

The downloaded libraries will be contained in a .styra/include folder

ls .styra/include/libraries
banking_lib     custom_snippets   terraform

Refer to the eopa pull CLI reference for a full list of options

eopa run

note

When developing your policies you can reference your libraries via data.libraries.<library_name>, e.g. import data.libraries.custom_snippets

After developing your policies (e.g. in the /policy folder), running eopa run will automatically load in the contents of the .styra folder.

eopa run -s ./policy
{"level":"warning","msg":"no license provided\n\nSign up for a free trial now by running `eopa license trial`\n\nIf you already have a license:\n    Define either \"EOPA_LICENSE_KEY\" or \"EOPA_LICENSE_TOKEN\" in your environment\n        - or -\n    Provide the `--license-key` or `--license-token` flag when running a command\n\nFor more information on licensing Enterprise OPA visit https://docs.styra.com/enterprise-opa/installation/licensing","time":"2024-02-15T13:48:54-08:00"}
{"level":"warning","msg":"Switching to OPA mode. Enterprise OPA functionality will be disabled.","time":"2024-02-15T13:48:54-08:00"}
{"addrs":[":8181"],"diagnostic-addrs":[],"level":"info","msg":"Initializing server. OPA is running on a public (0.0.0.0) network interface. Unless you intend to expose OPA outside of the host, binding to the localhost interface (--addr localhost:8181) is recommended. See https://www.openpolicyagent.org/docs/latest/security/#interface-binding","time":"2024-02-15T13:48:54-08:00"}

Refer to the eopa run CLI reference for a full list of options

tip

The Enterprise OPA CLI also supports using locally downloaded libraries during eopa eval. Refer to the eopa eval CLI reference for usage.

eopa test

After developing tests, running eopa test will automatically load in the contents of the .styra folder

eopa test ./policy
PASS: 2/2

Refer to the eopa test CLI reference for a full list of options