OPA allows you to write context-aware policies that take into account the world in which they are deployed. It also allows you to inject arbitrary external data and use that data when making policy decisions.
The Kubernetes system's
Data source make it easy to inject external data and use that data when making policy decisions. You use the Styra DAS API to inject data into the
Data source, and then use it when you write policies.
Once your policy starts using the data, both will be distributed to all of the OPAs connected to the system. Therefore, OPA will use that data in concert with policy to make decisions. OPA records those decisions in its decision log and includes a revision ID that points to the version of policy used to make the decision. The revision ID also includes a pointer to the version of the
Data source JSON used to make the decision. As you update the
Data source over time, the Styra DAS keep a historical record of the changes. When required, you can replay any decision you want using exactly the inputs, the policy, and any supporting JSON data that was used to make the decision originally.
Similar to JSON data with OPA, you can create a DAS
Data source in the package hierarchy, or in its own separate path. When you create a
Data source, you must choose the location within the package hierarchy where you want that data to exist.