opa-bundler v1.0.0
opa-bundler
OPA bundler is responsible for bundling the policies in bundle directory with data fetched from remote sources.
The bundler is scheduled to run at an interval, but can also be triggered by a SNS message.
Policies
OPA evaluates policies written in Rego agains input and data.
OPA policies is defined in bundle/ directory.
The bundle/ is synchronized with data by the opa-bundler/ and made available to OPA in an AWS S3 bucket (sm-opa-bundles).
Testing
Install OPA
For Mac install by:
brew install opaFor other platforms see: https://www.openpolicyagent.org/docs/latest/#1-download-opa
If using VSCode there's also a nice extension available https://marketplace.visualstudio.com/items?itemName=tsandall.opa.
Policy testing
Run all tests in bundle/ directory by:
opa test ./bundleFor testing OPA http.send requests (remote data fetching):
First start the MMOCK (mocking data) server by:
docker run --rm -v $(pwd)/mmockconfig:/config -p 5678:8083 jordimartin/mmockThen in another shell set test env vars by:
export $(cat .env-integration-test | xargs)... then do testing with:
opa test ./bundleTo unset the variables from .env-integration-test do:
unset $(cat .env-integration-test | cut -d = -f 1 | xargs)OPA server testing
For testing the bundle (synchronized with data) with OPA server.
First sync a bundle for testing by:
yarn sls invoke local -e S3_BUNDLE_KEY=bundle_test.tar.gz -f sync_bundle_cronThen run a local OPA server with AWS S3 as bundle service by:
AWS_REGION=eu-west-1 opa run -s --log-format=text -c opa-test-config.yamlYou will need aws credentials in environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
3 years ago