Policy Bundle API
note
See Migrating from OPA | Bundle Format for additional information.
Policy Bundle API
Working in much the same way as in OPA, the Bundle API is a functionality of Enterprise OPA which can can periodically download bundles of policy from remote HTTP servers.
The following is an example of a simple Enterprise OPA configuration using the Bundle API:
services:
acmecorp:
url: https://example.com/service/v1
credentials:
bearer:
token: "bGFza2RqZmxha3NkamZsa2Fqc2Rsa2ZqYWtsc2RqZmtramRmYWxkc2tm"
bundles:
authz:
service: acmecorp
resource: somedir/bundle.tar.gz
persist: true
polling:
min_delay_seconds: 10
max_delay_seconds: 20
Using this configuration, Enterprise OPA will fetch bundles from https://example.com/service/v1/somedir/bundle.tar.gz
using a Bearer token for authentication.
Other advanced features of the Bundle API are explained in detail in the OPA documentation:
- HTTP Long Polling for realtime updates
- Loading multiple bundles
- Signed bundles
- Supported public implementations for example, Amazon S3, Google Cloud Storage, and Azure Blob Storage)
note
It is not possible to use the Enterprise OPA Bundle format for Discovery Bundles at this time.