Skip to main content

Overview

A DAS data source provides an API for reading and writing JSON data that can be imported and used to make policy decisions. A data source can be added to systems, so that data and the policies that utilize it can be shared however is appropriate. The data is versioned and stored compactly with a delta-encoding to handle large and frequently changing JSON. When you create a data source you must choose a unique, hierarchical name similar to the way you choose a unique hierarchical package name when you create a new policy.

The data source name is used in the following two ways:

  1. The data source name allows you to reference the data provided by the data source from within a policy, similar to the way you use a policy's package name to refer to it.

  2. The data source name is embedded within the Styra DAS API that you use to read or write that JSON data.

Supported Data Source Types

The list of supported data source types are:

  1. AWS S3 data source: This data source type pulls JSON and YAML files from an S3 bucket and recursively into directories, and loads into DAS. It uses Rego for transformation on data before it's loaded into DAS. It authenticates using IAM access key and secret access key that is stored as a secret in DAS.

  2. Bundle Git data source: Another option for making JSON data available to policies is to store that data in Git and use a special data source that automatically reads the JSON out of Git. At present, the GUI will not show the files in that repository, but the remainder of the DAS functionality will work properly. For example, distributing those policies to OPA and evaluating those policies.

  3. S3 Bundle data source: This data source type is similar to the Bundle Git data sources. Instead of automatically reading the JSON out of Git, it reads the data from a bundle stored in a S3 bucket. With the Git data sources, the GUI will not show the files in that bundle, but the remainder of the DAS functionality will work properly.

  4. HTTPS data source: This data source type is similar to Git or S3 data sources. Instead of reading the data from a storage, the HTTPS data source reads data from an external server by making HTTPS requests.

  5. LDAP data source: This data source type reads the data from a configured LDAP service.