Policy Bundle API

note

See Migrating from OPA | Bundle Format for additional information.

Policy Bundle API

Working in much the same way as in OPA, the Bundle API is a functionality of Enterprise OPA which can can periodically download bundles of policy from remote HTTP servers.

The following is an example of a simple Enterprise OPA configuration using the Bundle API:

services:
  acmecorp:
    url: https://example.com/service/v1
    credentials:
      bearer:
        token: "bGFza2RqZmxha3NkamZsa2Fqc2Rsa2ZqYWtsc2RqZmtramRmYWxkc2tm"

bundles:
  authz:
    service: acmecorp
    resource: somedir/bundle.tar.gz
    persist: true
    polling:
      min_delay_seconds: 10
      max_delay_seconds: 20

Using this configuration, Enterprise OPA will fetch bundles from https://example.com/service/v1/somedir/bundle.tar.gz using a Bearer token for authentication.

Other advanced features of the Bundle API are explained in detail in the OPA documentation:

• HTTP Long Polling for realtime updates
• Loading multiple bundles
• Signed bundles
• Supported public implementations for example, Amazon S3, Google Cloud Storage, and Azure Blob Storage)

note

It is not possible to use the Enterprise OPA Bundle format for Discovery Bundles at this time.