Skip to main content

Git Data Source

Another option for making JSON data available to policies is to store that data in Git and use a special data source that automatically reads the JSON out of Git. At present, the GUI will not show the files in that repository, but the remainder of the DAS functionality will work properly. For example, distributing those policies to OPA and evaluating those policies.

Mount JSON Files

The Git data source described in this section can be used to mount JSON files inside the Library. For more details on mounting Git repositories, see the Git-mounting page.

When you mount a Git repository, choose a directory that contains only JSON files named data.json. The directory that the JSON file exists in will correspond to the package it is loaded at.

For example, suppose you have the following directory structure in a Git repository.

โ”œโ”€โ”€ systemmount
โ”œโ”€โ”€ a
โ”œโ”€โ”€ b
โ”œโ”€โ”€ data.json

The contents of data.json might be as follows:

{
"foo": 17,
"bar": "a string"
}

Use the following steps to mount the contents of data.json within a system, so that you can reference it within Rego with data.myroot.a.b by choosing the mount point systems/<systemid>/myroot. One thing that differs is that your repository likely requires credentials.

1. Create a DAS secret with credentials that will access the Git repository, if you have not created one already. To create a secret named alice/repos/data, run the following curl command.

curl  -H 'Authorization: Bearer XXX' -H 'Content-Type: application/json' \
-X PUT https://styra-das-id.styra.com/v1/secrets/alice/repos/data -d '{
"name": "alice",
"secret": "super-secret-Password-44321"
}'

2. Mount the Git repository using that secret. You must provide your bearer token for XXX and the system ID for YYY. The system ID is located on your Systems >> Settings >> General page.

To mount the directory systemmount within the Git repository to the mount point systems/<systemid>/myroot, run the following curl command.

curl  -H 'Authorization: Bearer XXX' -H 'Content-Type: application/json' \
-X PUT \
https://styra-das-id.styra.com/v1/datasources/systems/YYY/myroot -d '{
"category": "git/rego",
"type": "pull",
"url": "https://github.com/timothyhinrichs/gitsave.git",
"path": "systemmount",
"reference": "refs/heads/master",
"credentials": "alice/repos/data"
}'

3. Check the STATUS of that data source to make sure everything is working. For example, the STATUS of the data source should have the code set to Finished if everything is functioning properly.

curl  -H 'Authorization: Bearer XXX' -H 'Content-Type: application/json' \
https://styra-das-id.styra.com/v1/datasources/systems/YYY/myroot -d '{

4. Finally, add the following Rego to one of the policy files within your System. To verify if the mounting process is completed successfully, you must Preview the file to check that mounted_correctly is assigned true.

package rules

mounted_correctly {
data.myroot.a.b.foo == 17
}