Skip to main content

Operations

This page describes the various operations on a data source.

Create a Data Source

warning

Skip this section only when a data source has already been created for you within a system.

At the time of writing, you can only create new data sources through the API, and those data sources will not appear in the GUI; however, you can still use them in policies. With the introduction of Multi-File Policy Authoring for Custom systems, you can now create data sources through the GUI.

Data sources are created within the systems. To create a data source, you must first decide on where you want to create it. For each one, run a PUT under v1/datasources and provide the location and hierarchical name of the data source.

The following examples show the API calls to create a data source named foo/bar (referenced in policy as foo.bar) in each location.

tip

For systems and stacks, replace YYY with the ID of the corresponding system or stack.

  • System: PUT https://<das-id>.styra.com/v1/datasources/systems/YYY/foo/bar.

  • Stack: PUT https://<das-id>.styra.com/v1/datasources/stacks/YYY/foo/bar.

  • Library: PUT https://<das-id>.styra.com/v1/datasources/global/foo/bar.

You can mount your data sources in locations other than Systems, Stacks, and Libraries; however, those data sources are not used by the policies.

Run the following curl command to create a data source under system YYY.

curl -H 'Authorization: Bearer XXX' -H 'Content-Type: application/json' \
-X PUT https://<das-id>.styra.com/v1/datasources/global/foo/bar \
-d '
{
"category": "rest"
}'

The category and type fields describe what kind of data source you want to create. The data source described here requires that you push the data through the DAS REST API.

tip

To configure the data source agents for Kubernetes systems, see the Kubernetes Data Source documentation.

Limitations

The following limitations apply to data sources.

  • The data source name should not be a prefix of another data source name. For example, the data source foo should not be created if the data source foo/bar already exists (or vice versa).

  • The data source name should not be a prefix of a policy name (or vice versa). For example, if the policy package foo.bar exists then the data source foo does not exist.

Use a Data Source

Once your data source exists, you can read and write the JSON data through the DAS API by using v1/data instead of v1/datasources as follows:

  1. Read the JSON data with GET https://<das-id>.styra.com/v1/data/global/foo/bar. For example, run the following curl command to read the JSON data from the data source.

    curl -H 'Authorization: Bearer XXX' \
    -X GET https://<das-id>.styra.com/v1/data/global/foo/bar
  2. Update the JSON data with PUT https://<das-id>.styra.com/v1/data/global/foo/bar <data>. For example, run the following curl command to write the JSON data into the data source.

    curl -H 'Authorization: Bearer XXX' -H 'Content-Type: application/json' \
    -X PUT https://<das-id>.styra.com/v1/data/global/foo/bar \
    -d '{"baz": {"qux": 7}}'

Additionally, when writing policies you can use the data source with the keyword data. A slightly different Rego reference is used for each of the systems, stacks, and libraries.

  • Systems: A DAS system provides a sandbox so that anything located under v1/data/system/YYY/ appears as if it is in the root data namespace. A system's data sources (or policies) are not accessible by other systems. For example, data source v1/datasource/system/YYY/foo/bar is referenced as data.foo.bar.

  • Stacks: A DAS Stack exists in the global namespace so that it can be used across many systems. The data source v1/datasource/stack/YYY/foo/bar is referenced from Rego as data.stack.YYY.foo.bar.

  • Libraries: The Styra DAS Library is a global collection of Rego that all systems and all stacks may choose to import and use. The data source v1/datasource/global/foo/bar is referenced from Rego as data.global.foo.bar.

The following shows an example when the data source is created in the library.

package rules

datasource_succeeded { data.global.foo.bar.baz.qux == 7 }

Preview a Data Source

You can preview a data source by clicking on the Refresh data button that appears in the right hand side of Your System >> Add Data Source dialog. The Refresh data button allows you to preview the data that are retrieved from the data source. It also allows you to optionally transform if a Rego transform is specified on the data source. You can modify the data source parameters to adjust either the data retrieved or the transformation performed on it. Also, modify the settings of a created data source with the preview capability and ability to adjust the data source parameters. Click on the Refresh data to refresh the changes you made during data source creation. For more information on data sources APIs, see the ExecuteDatasource API documentation.

Delete a Data Source

You can delete a data source by running a DELETE command on the data source's name located under v1/datasources.

For example, run the following curl command to delete the data source constructed earlier.

curl -H 'Authorization: Bearer XXX' -H 'Content-Type: application/json' \
-X DELETE https://<das-id>.styra.com/v1/datasources/global/foo/bar

Once the data source is deleted, subsequent PUT commands will return errors. However, a policy referencing the data source will not produce an error. Instead, the value of that data reference will be undefined in Rego.