Bundles

Bundles in Enterprise OPA are similar to OPA bundles and are the main mechanism for providing policies and data to a Enterprise OPA instance.

To make Enterprise OPA more performant for large data sets, the bundle format used in Enterprise OPA is different from that which is used in OPA. The Enterprise OPA format is based on a binary JSON representation of data which allows Enterprise OPA to process queries using less memory. Enterprise OPA has built in functionality to convert OPA Bundles to the Enterprise OPA Bundle format.

Converting an existing OPA Bundle

If you already have an OPA Bundle, you can convert it to the Enterprise OPA bundle format using the eopa bundle convert command. For example, if the OPA Bundle is named bundle.tar.gz:

$ eopa bundle convert bundle.tar.gz bundle-eopa.tar.gz

The new archive: bundle-eopa.tar.gz will contain the same bundle data but in a format suitable for Enterprise OPA to use.

Creating a new Enterprise OPA Bundle

To create a new Enterprise OPA Bundle from a local directory, first use Enterprise OPA to create an OPA Bundle and then convert it to the Enterprise OPA format:

$ ls bundle/
example.rego

$ cat bundle/example.rego
package example

allow := true

$ eopa build -b bundle/

$ tar tzf bundle.tar.gz 
/data.json
/foo/example.rego

$ eopa bundle convert bundle.tar.gz bundle-eopa.tar.gz

Bundle Service API with Enterprise OPA Bundles

Other than the difference in the bundle format outlined above, Enterprise OPA handles bundles in the same way as OPA. Using the same configuration options as OPA, Enterprise OPA can be configured to download Enterprise OPA bundles using the Bundle Service API.

note

It is not possible to use the Enterprise OPA Bundle format for Discovery Bundles at this time.

See the following for additional information:

• Policy Bundle API
• OPA Bundles Documentation