note

See Bundle Format for additional information.

Policy Bundle API

Working in much the same way as in OPA, the Bundle API is a functionality of Enterprise OPA which can can periodically download bundles of policy from remote HTTP servers.

The following is an example of a simple Enterprise OPA configuration using the Bundle API:

services:
  acmecorp:
    url: https://example.com/service/v1
    credentials:
      bearer:
        token: "bGFza2RqZmxha3NkamZsa2Fqc2Rsa2ZqYWtsc2RqZmtramRmYWxkc2tm"

bundles:
  authz:
    service: acmecorp
    resource: somedir/bundle.tar.gz
    persist: true
    polling:
      min_delay_seconds: 10
      max_delay_seconds: 20

Using this configuration, Enterprise OPA will fetch bundles from https://example.com/service/v1/somedir/bundle.tar.gz using a Bearer token for authentication.

Other advanced features of the Bundle API are explained in detail in the OPA documentation:

• HTTP Long Polling for realtime updates
• Loading multiple bundles
• Signed bundles
• Supported public implementations for example, Amazon S3, Google Cloud Storage, and Azure Blob Storage)