Skip to main content

Multi-File Policy Authoring
ENTERPRISE

Multi-File Policy Authoring for Custom systems allows you to further customize your folders and files. Similar to other file systems, you can create, update, and delete Policies and Data Sources. All existing authoring features will also be available for these customized files.

This page covers the following topics on Multi-File Policy Authoring for Custom systems only.

Add a Policy to a System

A Policy is a Rego module or file. You can add a Policy to a Custom system as part of a new package or an existing package using the following methods.

Add a New Package to a Custom System

To add the package devops.teama with the module teama.rego:

  1. In the Styra DAS UI, go to your Workspace >> SYSTEMS >> Your Custom System.

  2. To add a new package, go to the left navigation panel, click the ( ⨁ ) plus icon next Your Custom System.

  3. Now, your Custom System >> Add >> Add Resource dialog appears.

  4. Do the following actions in your dialog box.

    • Type: Make sure Policy is selected from the drop down list.

    • Package: Enter a new or existing package in the format policy.rules. Enter devops.teama.

    • Module name: The module name defaults to the last segment in the package, teama.rego. Click the Add button to add a package in your Custom system.

Now, you will see two folders and a file representing the package.

├── Your Custom System
├── devops
├── teama
├── teama.rego
├── monitor
├── monitor.rego
├── rules
├── rules.rego
├── system
├── log
├── log.rego
├── test
├── test.rego
├── dataset

Add a Module to a Custom Package

You can add another module in the package you just added.

To add the module teama_iam.rego to the package devops.teama:

  1. In the Styra DAS UI, go to your Workspace >> SYSTEMS >> your Custom system.

  2. To add a new package, go to the left navigation panel, click the ( ⨁ ) plus icon next Your Custom System.

  3. Now, your Custom System >> Add >> Add Resource dialog appears.

  4. Do the following actions in your dialog box.

    • Type: Make sure Policy is selected from the drop down list.

    • Package:

      • To add to the package you just added, enter devops.teama into the Package field.

      • In the Module name field, enter teama_iam.rego.

      • Click the Add button to add the new module.

Now, if you look at teama_iam.rego you can see that its package declaration is package devops.teama. The teama_iam.rego module is added to the devops.teama package.

├── Your Custom System
├── devops
├── teama
├── teama.rego
├── teama_iam.rego
├── monitor
├── monitor.rego
├── rules
├── rules.rego
├── system
├── log
├── log.rego
├── test
├── test.rego
├── dataset

Add a Module to a Stock Package

You can add a module to a stock package (rules, test or monitor) that Styra delivers out of the box in the Custom systems.

To add the more_rules.rego module to the rules stock package:

  1. In the Styra DAS UI, go to your Workspace >> SYSTEMS >> your Custom system.

  2. To add a new package, go to the left navigation panel, click the ( ⨁ ) plus icon next Your Custom System.

  3. Now, your Custom System >> Add >> Add Resource dialog appears.

  4. Do the following actions in your dialog box.

    • Type: Make sure Policy is selected from the drop down list.

    • Package: Enter rules.

    • Module name: Enter more_rules.rego.

    • Click the Add button to add the module to the package.

Now, the more_rules.rego module is added to the rules package.

├── Your Custom System
├── devops
├── teama
├── teama.rego
├── teama_iam.rego
├── monitor
├── monitor.rego
├── rules
├── more_rules.rego
├── rules.rego
├── system
├── log
├── log.rego
├── test
├── test.rego
├── dataset

Add a New Package to an Existing Root

You can create another package under the devops root of the package you added earlier.

To add the package devops.teamb with the module teamb.rego:

  1. In the Styra DAS UI, go to SYSTEMS >> your Custom system.

  2. To add a new package, go to the left navigation panel, click the ( ⨁ ) plus icon next Your Custom System.

  3. Now, your Custom System > Add > Add Resource dialog appears.

  4. Do the following actions in your dialog box.

    • Type: Make sure Policy is selected from the drop down list.

    • Package: Enter devops.teamb.

    • Module name: The module name defaults to the last segment in the package teamb.rego.

    • Click the Add button to add the new package in your Custom system.

Now, the new package devops.teamb is added to your Custom system.

├── Your Custom System
├── devops
├── teama
├── teama.rego
├── teama_iam.rego
├── teamb
├── teamb.rego
├── monitor
├── monitor.rego
├── rules
├── more_rules.rego
├── rules.rego
├── system
├── log
├── log.rego
├── test
├── test.rego
├── dataset

Add a Data Source File

To create a new path named devops.attributes and add the shareddata file under devops.attributes path in the Custom systems:

  1. In the Styra DAS UI, go to your SYSTEMS >> your Custom system.

  2. To add a Data source file, go to the left navigation panel, click the ( ⨁ ) plus icon next Your Custom System.

  3. Now, your Custom System > Add > Add Resource dialog appears.

  4. Do the following actions in your dialog box.

    • Type: Click Data source from the drop down list.
    • Path (required): Enter devops.attributes.
    • Data source name: The default is dataset. Enter the name of the data source, datashare.
    • Click the Add button to add the datasource to your Custom system.

Now, the new Data Source datashare is added to your Custom system.

├── Your Custom System
├── devops
├── teama
├── teama.rego
├── teama_iam.rego
├── teamb
├── teamb.rego
├── devops.attributes
├── datashare
├── monitor
├── monitor.rego
├── rules
├── more_rules.rego
├── rules.rego
├── system
├── log
├── log.rego
├── test
├── test.rego
├── dataset

Delete Resources

To delete the teama or teamb package from a Custom system, you must delete the module’s *.rego file; since that file is the only module in the package and the entire package is deleted.

For example, you can delete the teamb package only when you delete the teamb.rego module.

Delete a Custom Package

To delete the teamb package by deleting the teamb.rego module:

  1. In the Styra DAS UI, go to SYSTEMS >> Your Custom System.

  2. Click the expand/collapse icon to view the hierarchy of packages.

  3. Scroll down to the teamb package and click the expand/collapse icon to locate the teamb.rego module.

    a. Click the teamb.rego module under the teamb package.

    b. Click the three dots () and then click the Delete button to display the delete confirmation dialog.

  4. A confirmation dialog for the delete action appears. Click the Delete button to delete the teamb/teamb.rego module or you can click the Cancel button to cancel the delete action.

Now, the teamb package is deleted from the Custom system.

note
  1. If a package contains more than one module, when you delete a module, only that module is deleted. If you delete the last module in a package, then the package is deleted.

  2. In order to delete the package, you must delete the module file rather than deleting its parent folder.

  3. Delete a Custom Package method can be used to delete any of the default packages from a Custom system: the rules, test, monitor, or system.log stock packages.

├── Your Custom System
├── devops
├── teama
├── teama.rego
├── teama_iam.rego
├── devops.attributes
├── datashare
├── monitor
├── monitor.rego
├── rules
├── more_rules.rego
├── rules.rego
├── system
├── log
├── log.rego
├── test
├── test.rego
├── dataset

Specify Decision Mappings

For a system and its packages, you can specify the system’s Decision Mappings which are the default. Optionally, you can add Decision Mappings for each package in the system. The Decision Mappings for a package overrides the default Decision Mappings for the system, if they are defined.

Operations on Decision Mappings

Do the following operations on Decision Mappings for a Package.

Add

To add decision mappings for a package:

  1. In the Styra DAS UI, go to SYSTEMS and click on Your Custom System.

  2. Click on the Settings tab >> Decision Mappings page.

  3. Under System (default) or Custom, click on Add decision mappings for package to add decision mappings.

  4. In the Add Decision Mappings for Package dialog, do the following:

    • Package field: Click the drop down list and select devops.teama module.

    • Path to decision: Enter result.allow to view the path to Allowed decisions.

    • Click Add mappings button to add decision mappings for devops.teama module.

To view the added decision mapping (devops.teama) for a package, click on the Settings tab >> Decision Mappings page.

After adding the decision mappings for one or more packages, you can also update, or delete the decision mappings.

Update

To update the decision mappings for a package:

  1. Click on Your Custom System >> Settings tab >> Decision Mappings page.

  2. Click on your default system Custom System to update the Decisions Mappings form.

  3. Click devops.teama to update the Path to decision field .

  4. In the Decisions Mappings >> devops/teama dialog, update the decision mappings and click the Update mapping button.

Delete

To delete the decision mappings for a package:

  1. Click on Your Custom System >> Settings tab >> Decision Mappings page.

  2. Click on devops.teama module.

  3. In the Decision Mappings >> devops.teama dialog, click the Delete mappings button for a delete confirmation dialog. The dialog box has a Delete button and a Cancel button.

  4. Click the Delete button to delete the decision mappings for devops.teama or you can click the Cancel button to cancel the delete action.

Limitations

The following shows the limitations on Multi-File Policy Authoring operations.

  • The system owners cannot add or delete folders since they are tied to the package hierarchy with Policy API v1. The folders only exist if a package file or a data source exists.

  • The system owners cannot add a policy at the root system level. The package must have at least a prefix.