### GET /v1/notifications-install/state/{type} Source: https://docs.styra.com/assets/files/v2-deprecated-d552004827896a73a592822013a06f65.json Start installing the notification tool. This endpoint initiates the installation process for a specified notification tool. ```APIDOC ## GET /v1/notifications-install/state/{type} ### Description Start installing the notification tool. ### Method GET ### Endpoint /v1/notifications-install/state/{type} ### Parameters #### Path Parameters - **type** (string) - Required - notification type #### Query Parameters - **redirect_url** (string) - Optional - the landing page when OAuth is successfully done. ### Response #### Success Response (200) - **schema** - v1.NotificationInstallNewStateResponse #### Response Example ```json { "example": "response body" } ``` ``` -------------------------------- ### GET /v1/systems/{system}/instructions Source: https://docs.styra.com/assets/files/v2-deprecated-d552004827896a73a592822013a06f65.json Fetches the installation and uninstallation instructions for a system. ```APIDOC ## GET /v1/systems/{system}/instructions ### Description Retrieves the necessary instructions to install or uninstall the system components. ### Method GET ### Endpoint /v1/systems/{system}/instructions ### Parameters #### Path Parameters - **system** (string) - Required - The unique ID of the system. ### Response #### Success Response (200) - **instructions** (object) - The system installation/uninstallation guide. #### Response Example { "install": "command_string", "uninstall": "command_string" } ``` -------------------------------- ### GET /v1/notifications-install/state/{type} Source: https://docs.styra.com/assets/files/v3-efc2a77578b73d1b42c7d6625b79c1d2.json Initiates the installation flow for a specific notification tool. ```APIDOC ## GET /v1/notifications-install/state/{type} ### Description Starts the installation process for a notification tool and returns the necessary state for the OAuth flow. ### Method GET ### Endpoint /v1/notifications-install/state/{type} ### Parameters #### Path Parameters - **type** (string) - Required - The notification type identifier. #### Query Parameters - **redirect_url** (string) - Optional - The landing page URL after successful OAuth. ### Response #### Success Response (200) - **NotificationInstallNewStateResponse** (object) - Contains the state required to proceed with installation. ``` -------------------------------- ### GET /v1/notifications-install/state/{type} Source: https://docs.styra.com/assets/files/v2-970bd9894f77e3c8db75d1ff80f11738.json Initiates the installation process for a specific notification tool. ```APIDOC ## GET /v1/notifications-install/state/{type} ### Description Starts the installation flow for a notification tool, returning the necessary state to proceed with OAuth. ### Method GET ### Endpoint /v1/notifications-install/state/{type} ### Parameters #### Path Parameters - **type** (string) - Required - The notification type to install. #### Query Parameters - **redirect_url** (string) - Optional - The landing page when OAuth is successfully done. ### Response #### Success Response (200) - **NotificationInstallNewStateResponse** (object) - The installation state response. #### Response Example { "state": "example_state_token" } ``` -------------------------------- ### GET /systems/v1/deployment-instructions Source: https://docs.styra.com/assets/files/v2-970bd9894f77e3c8db75d1ff80f11738.json Retrieves the installation and uninstallation instructions for various tools used within the system. ```APIDOC ## GET /systems/v1/deployment-instructions ### Description Retrieves a list of deployment instructions including installation and uninstallation commands for various tools. ### Method GET ### Endpoint /systems/v1/deployment-instructions ### Response #### Success Response (200) - **install** (array) - List of installation instructions. - **uninstall** (array) - List of uninstallation instructions. #### Response Example { "install": [ { "category": "opa", "commands": [{"action": "install", "title": "Install OPA"}] } ], "uninstall": [] } ``` -------------------------------- ### GET /v1/systems/{system}/instructions Source: https://docs.styra.com/openapi/v3.json Retrieves the installation and uninstallation instructions for a specified system. ```APIDOC ## GET /v1/systems/{system}/instructions ### Description Get system install/uninstall instructions. This endpoint provides the necessary instructions for installing or uninstalling a specific system. ### Method GET ### Endpoint /v1/systems/{system}/instructions ### Parameters #### Path Parameters - **system** (string) - Required - The ID of the system. #### Query Parameters None ### Request Example None ### Response #### Success Response (200) - **schema** (object) - Reference to `systems.v1.SystemsGetInstructionsResponse` schema. #### Error Response (404) - **schema** (object) - Reference to `meta.v1.ErrorResponse` schema. #### Response Example (200) ```json { "example": "systems.v1.SystemsGetInstructionsResponse" } ``` #### Response Example (404) ```json { "example": "meta.v1.ErrorResponse" } ``` ``` -------------------------------- ### GET /v1/notifications-install/state/{type} Source: https://docs.styra.com/openapi/v3.json Initiates the installation process for a notification tool by providing a redirect URL for OAuth completion. ```APIDOC ## GET /v1/notifications-install/state/{type} ### Description Start installing the notification tool. ### Method GET ### Endpoint /v1/notifications-install/state/{type} #### Path Parameters - **type** (string) - Required - notification type #### Query Parameters - **redirect_url** (string) - Optional - the landing page when OAuth is successfully done. ### Response #### Success Response (200) - **notifications.v1.NotificationInstallNewStateResponse** (object) - OK ``` -------------------------------- ### Initiate Notification Tool Installation Source: https://docs.styra.com/assets/files/v3-efc2a77578b73d1b42c7d6625b79c1d2 Starts the installation process for a notification tool. It requires the notification type and a redirect URL for post-installation navigation. ```json { "/v1/notifications-install/state/{type}": { "get": { "operationId": "InitiateNotificationInstall", "parameters": [ { "description": "notification type", "in": "path", "name": "type", "required": true, "schema": { "pattern": ".*", "type": "string" } }, { "description": "the landing page when OAuth is successfully done.", "in": "query", "name": "redirect_url", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/notifications.v1.NotificationInstallNewStateResponse" } } }, "description": "OK" } }, "summary": "Start installing the notification tool.", "tags": [ "notifications" ] } } } ``` -------------------------------- ### Install and configure MongoDB environment Source: https://docs.styra.com/enterprise-opa/tutorials/using-data/querying-mongodb Shell commands to install the MongoDB shell and start a local MongoDB instance using Docker. ```bash brew install mongosh ``` ```bash docker run -p 27017:27017 -d mongo:latest ``` -------------------------------- ### Get System Instructions Source: https://docs.styra.com/assets/files/v3-efc2a77578b73d1b42c7d6625b79c1d2 Retrieves the installation and uninstallation instructions for a specified system. This endpoint provides guidance on how to set up or remove a system. It returns a 404 error if the system is not found. ```json { "operationId": "GetInstructions", "parameters": [ { "description": "system ID", "in": "path", "name": "system", "required": true, "schema": { "pattern": ".*", "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/systems.v1.SystemsGetInstructionsResponse" } } }, "description": "OK" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/meta.v1.ErrorResponse" } } }, "description": "Not Found" } }, "summary": "Get system install/uninstall instructions", "tags": [ "systems" ] } ``` -------------------------------- ### Initiate Notification Tool Installation Source: https://docs.styra.com/assets/files/v2-970bd9894f77e3c8db75d1ff80f11738 Starts the installation process for a notification tool, specifying the tool type and an optional redirect URL. ```json { "consumes": [ "*/*" ], "operationId": "InitiateNotificationInstall", "parameters": [ { "description": "notification type", "in": "path", "name": "type", "pattern": ".*", "required": true, "type": "string" }, { "description": "the landing page when OAuth is successfully done.", "in": "query", "name": "redirect_url", "type": "string" } ], "produces": [ "application/json" ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/notifications.v1.NotificationInstallNewStateResponse" } } }, "summary": "Start installing the notification tool.", "tags": [ "notifications" ] } ``` -------------------------------- ### Setup Enterprise OPA with Docker Compose Source: https://docs.styra.com/enterprise-opa/tutorials/decision-logs/s3 This snippet demonstrates how to clone the Enterprise OPA repository and start the service using Docker Compose. This is the initial step to set up the environment for logging decisions to S3. ```bash git clone https://github.com/StyraInc/enterprise-opa cd enterprise-opa docker compose up ``` -------------------------------- ### Start OPA Server with Bundle Source: https://docs.styra.com/sdk/java/tutorials/hello-world Command to launch an OPA server instance configured to load policies from a local directory. ```bash opa run --server --bundle ./policy/ ``` -------------------------------- ### Start Minikube Service Source: https://docs.styra.com/das/systems/kubernetes/tutorials/installing-kubernetes This command initiates the Minikube service, which starts a local Kubernetes cluster. Ensure Minikube is installed and virtualization is enabled before running this command. ```bash minikube start ``` -------------------------------- ### Initialize OPA Client and Evaluate Policy in Java Source: https://docs.styra.com/sdk/java/tutorials/hello-world Demonstrates how to instantiate the OPAClient, define input data, and perform an authorization check against a specific policy path. ```java package org.example; import com.styra.opa.OPAClient; import com.styra.opa.OPAException; import java.util.Map; import static java.util.Map.entry; public class App { public static void main(String[] args) throws OPAException { String opaURL = "http://localhost:8181"; OPAClient opa = new OPAClient(opaURL); Map input = Map.ofEntries( entry("subject", "alice"), entry("action", "read"), entry("resource", "/finance/reports/fy2038_budget.csv") ); boolean allowed = opa.check("authz/allow", input); System.out.println("allowed: " + allowed); } } ``` -------------------------------- ### Install Styra DAS via Helm Source: https://docs.styra.com/das/self-hosted-install/0.9.0-styra-das/install-and-configure-onprem/openshift Standard installation command for the Styra DAS Helm chart, including an example of how to pass secrets dynamically via environment variables. ```bash helm install styra-das styra-das/ # Example with dynamic secrets export PASSWORD="top-secret" helm install styra-das styra-das/ --set root_user.email=admin@example.com --set root_user.password=$PASSWORD ``` -------------------------------- ### Install Styra DAS with Dynamic Secrets Source: https://docs.styra.com/das/self-hosted-install/0.9.0-styra-das/install-and-configure-onprem/standard-vanilla-kubernetes Example of how to install the Styra DAS Helm chart while passing sensitive credentials as environment variables to avoid hardcoding them in values.yaml. ```bash export PASSWORD="top-secret" helm install styra-das styra-das/ --set root_user.email=admin@example.com --set root_user.password=$PASSWORD ``` -------------------------------- ### Configure Gradle Repositories for Buf Source: https://docs.styra.com/sdk/java/tutorials/hello-world-in-grpc Add the Buf Maven repository to your Gradle build file to allow the project to fetch generated gRPC SDKs. ```Groovy maven { name = 'buf' url 'https://buf.build/gen/maven' } ``` -------------------------------- ### GET /systems Source: https://docs.styra.com/assets/files/v2-970bd9894f77e3c8db75d1ff80f11738.json Retrieves a list of system configurations available in the environment. ```APIDOC ## GET /systems ### Description Retrieves a paginated list of system configurations. ### Method GET ### Endpoint /systems ### Parameters #### Query Parameters - **offset** (integer) - Optional - The starting index for pagination. ### Response #### Success Response (200) - **request_id** (string) - Unique identifier for the request. - **offset** (integer) - Current pagination offset. - **result** (array) - List of system configurations. #### Response Example { "request_id": "req-123", "offset": 0, "result": [] } ``` -------------------------------- ### GET /websites/styra/systems/{system_id}/instructions Source: https://docs.styra.com/assets/files/v3-efc2a77578b73d1b42c7d6625b79c1d2.json Retrieves deployment instructions for a specific system. ```APIDOC ## GET /websites/styra/systems/{system_id}/instructions ### Description Retrieves deployment instructions for a specific system. ### Method GET ### Endpoint /websites/styra/systems/{system_id}/instructions ### Parameters #### Path Parameters - **system_id** (string) - Required - The unique identifier of the system. ### Response #### Success Response (200) - **request_id** (string) - Unique identifier for the request. - **result** (object) - Deployment instructions for the system. #### Response Example ```json { "request_id": "req-efghi", "result": { "command": "kubectl apply -f deployment.yaml", "description": "Deploy the Styra agent using the provided manifest." } } ``` ``` -------------------------------- ### Deploy Styra DAS with Helm Source: https://docs.styra.com/das/self-hosted-install/0.9.0-styra-das/install-and-configure-onprem/google-kubernetes-engine Commands to install the Styra DAS Helm chart, including an example of passing sensitive credentials as arguments to avoid hardcoding in values.yaml. ```bash helm install styra-das styra-das/ ``` ```bash export PASSWORD="top-secret" helm install styra-das styra-das/ --set root_user.email=admin@example.com --set root_user.password=$PASSWORD ``` -------------------------------- ### Enterprise OPA Server Initialization Output Source: https://docs.styra.com/sdk/java/tutorials/hello-world-in-grpc This output shows the successful initialization of the Enterprise OPA server, including the starting of the gRPC server on the configured port. ```text eopa run --server --config-file ./config.yaml ./policy {"addrs":["localhost:8181"],"diagnostic-addrs":[],"level":"info","msg":"Initializing server.","time":"2024-07-11T14:36:34-07:00"} {"level":"info","msg":"Starting gRPC server on port: localhost:9090","time":"2024-07-11T14:36:34-07:00"} ``` -------------------------------- ### Get System Install/Uninstall Instructions Source: https://docs.styra.com/api Retrieves installation and uninstallation instructions for a given system. It requires a system ID as a path parameter. The response includes categorized commands for both installation and uninstallation. ```shell curl -X GET "https://TENANT.styra.com/v1/systems/{system}/instructions" \ -H "accept: application/json" ``` -------------------------------- ### Initialize Enterprise OPA SDK Source: https://docs.styra.com/enterprise-opa/how-to/integrate/go-sdk Demonstrates how to import the Enterprise OPA SDK package and instantiate the OPA object using custom options. ```go import eopa_sdk "github.com/styrainc/enterprise-opa-private/pkg/sdk" opts := eopa_sdk.DefaultOptions() opts.ID = "eopa-test-1" opts.Config = bytes.NewReader(config) opa, err := sdk.New(ctx, opts) ``` -------------------------------- ### Set On-Premises Version Environment Variable (Bash) Source: https://docs.styra.com/das/self-hosted-install/0.9.0-styra-das/overview Exports the ON_PREMISES_VERSION environment variable, essential for ensuring commands in the guide reference the correct Styra DAS release version. ```bash export ON_PREMISES_VERSION=0.9.0 ``` -------------------------------- ### Add Enterprise OPA gRPC Dependencies Source: https://docs.styra.com/sdk/java/tutorials/hello-world-in-grpc Include the required Enterprise OPA gRPC SDKs, Protocol Buffers, and gRPC networking libraries in the Gradle dependencies block. ```Groovy dependencies { implementation("build.buf.gen:styra_enterprise-opa_grpc_java:+") implementation("build.buf.gen:styra_enterprise-opa_protocolbuffers_java:+") implementation("com.google.protobuf:protobuf-java-util:+") implementation("io.grpc:grpc-okhttp:+") } ``` -------------------------------- ### Mock DynamoDB Get Response Source: https://docs.styra.com/api Example JSON structure for mocking DynamoDB GET requests, showing 'mocked' and 'unmocked' states with key, region, and table details. ```json { "mocks": { "dynamodb.get": { "mocked": [ { "key": { }, "region": "string", "table": "string" } ], "unmocked": [ { "key": { }, "region": "string", "table": "string" } ] } } } ``` -------------------------------- ### Integrate OPA Java gRPC SDK in Java Application Source: https://docs.styra.com/sdk/java/tutorials/hello-world-in-grpc This Java code snippet demonstrates how to use the OPA Java gRPC SDK to send a request to an OPA instance and process the response. It includes setting up the gRPC channel, creating a request object with input data, making the call to the OPA service, and handling the response to determine access. Dependencies include protobuf and gRPC libraries. ```java /* * This source file was generated by the Gradle 'init' task */ package org.example; import com.google.protobuf.util.JsonFormat; import com.google.protobuf.InvalidProtocolBufferException; import com.google.protobuf.Struct; import build.buf.gen.eopa.data.v1.*; import build.buf.gen.eopa.data.v1.DataServiceGrpc.DataServiceBlockingStub; import io.grpc.ManagedChannel; import io.grpc.ManagedChannelBuilder; import java.util.concurrent.TimeUnit; public class App { public String getGreeting() { return "Hello World!"; } public static void main(String[] args) throws InvalidProtocolBufferException, InterruptedException { System.out.println(new App().getGreeting()); String jsonString = """ { "user": "bob", "action": "read", "resource": "dog123" } """; Struct.Builder structBuilder = Struct.newBuilder(); JsonFormat.parser().ignoringUnknownFields().merge(jsonString, structBuilder); Struct input = (Struct) structBuilder.build(); InputDocument inputDocument = InputDocument.newBuilder().setDocument(input).build(); GetDataResponse response; GetDataRequest request = GetDataRequest.newBuilder().setPath("app/abac").setInput(inputDocument).build(); ManagedChannel channel = ManagedChannelBuilder.forAddress("localhost", 9090).usePlaintext().build(); DataServiceBlockingStub stub = DataServiceGrpc.newBlockingStub(channel); try { System.out.println("Making request"); response = stub.getData(request); System.out.println(response.getResult()); } catch (Exception e) { System.out.println("RPC failed: " + e); return; } finally { channel.shutdownNow().awaitTermination(5, TimeUnit.SECONDS); } boolean allowed = response.getResult().getDocument().getStructValue().getFieldsMap().get("allow").getBoolValue(); System.out.println("Allowed: " + allowed); } } ``` -------------------------------- ### Install and Configure OPA via Shell Script Source: https://docs.styra.com/opa/deploy/aws/ec2 This bash script automates the installation of the OPA binary, creates a Systemd service unit, and configures the agent to communicate with Styra DAS. It requires a valid DAS API Token, System ID, and Tenant URL to function correctly. ```bash #!/bin/bash curl -L -o /usr/local/bin/opa https://github.com/open-policy-agent/opa/releases/download/v/opa_linux_amd64 chmod 755 /usr/local/bin/opa cat < /etc/systemd/system/opa.service [Unit] Description=Open Policy Agent After=network.target StartLimitInterval=60 StartLimitBurst=4 [Service] ExecStartPre=/usr/bin/curl -v -H "Authorization: Bearer " -o /run/opa/opa-conf.yaml "/v1/systems//assets/opa-config" ExecStart=/usr/local/bin/opa run --server --addr=0.0.0.0:8181 --config-file=/run/opa/opa-conf.yaml RuntimeDirectory=opa WorkingDirectory=/run/opa Restart=always RestartSec=5 Restart=on-failure DynamicUser=yes ProtectSystem=full PrivateTmp=yes [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable opa.service systemctl start opa.service ``` -------------------------------- ### Rego Policy for Read Access Source: https://docs.styra.com/enterprise-opa/tutorials/decision-logs/kafka-splunk This Rego policy allows GET requests to paths starting with '/data/'. It parses the input path and checks if the second element is 'data' and the method is 'GET'. ```rego allow if { path := split(input.path, "/") path[1] == "data" input.method == "GET" } ``` -------------------------------- ### GET /v1/systems/{systemID}/kubernetes/kubectl-all Source: https://docs.styra.com/das/systems/kubernetes/install-agents Retrieves the uninstall command for Styra agents on a specific Kubernetes cluster. ```APIDOC ## GET /v1/systems/{systemID}/kubernetes/kubectl-all ### Description Retrieves the command required to uninstall Styra agents (Open Policy Agent, styra-local-plane, and discovery/datasource agent) from a Kubernetes cluster. ### Method GET ### Endpoint /v1/systems/{systemID}/kubernetes/kubectl-all ### Parameters #### Path Parameters - **systemID** (string) - Required - The unique identifier of the Styra system. ### Request Example curl -H 'Authorization: Bearer ' 'https://.styra.com/v1/systems/{systemID}/kubernetes/kubectl-all' ### Response #### Success Response (200) - **uninstall** (object) - Contains the 'kubectl' command string to be piped into 'kubectl delete -f -'. ``` -------------------------------- ### Clone and navigate to the demo repository Source: https://docs.styra.com/das/systems/terraform/tutorials/terraform-cloud/create-cloud-workspace Commands to download the tutorial repository from GitHub and enter the project directory. This is the prerequisite step for all subsequent Terraform operations. ```bash git clone https://github.com/StyraInc/tfc-das-tutorial.git cd tfc-das-tutorial ``` -------------------------------- ### Get System Install/Uninstall Instructions Source: https://docs.styra.com/api Retrieves installation and uninstallation commands for a given system. It requires the system ID as a path parameter and returns a JSON object containing categories and commands for both install and uninstall processes. ```json { "request_id": "string", "result": { "install": [ { "category": "string", "commands": [ { "action": "string", "title": "string" } ] } ], "uninstall": [ { "category": "string", "commands": [ { "action": "string", "title": "string" } ] } ] } } ``` -------------------------------- ### PUT /v1/systems/{system} Source: https://docs.styra.com/assets/files/v2-deprecated-d552004827896a73a592822013a06f65.json Creates or updates a system. Use the 'If-None-Match' header to specify behavior for existing systems. ```APIDOC ## PUT /v1/systems/{system} ### Description Creates or updates a system. If the system does not exist, it will be created. The 'If-None-Match' header can be used to control behavior when the system already exists. ### Method PUT ### Endpoint /v1/systems/{system} ### Parameters #### Path Parameters - **system** (string) - Required - The ID of the system to create or update. #### Header Parameters - **If-None-Match** (string) - Optional - If set to '*' then creates a new system with type-specific related objects. #### Request Body - **body** (v1.SystemsPutRequest) - Required - The request body containing the system details for creation or update. ### Response #### Success Response (200) - **schema** (v1.SystemsPutResponse) - The response schema for a successful create or update request. #### Response Example { "example": "response body" } ``` -------------------------------- ### GET /v1/notifications-install/callback/{type} Source: https://docs.styra.com/assets/files/v2-deprecated-d552004827896a73a592822013a06f65.json Handles the callback registration for notification tools. ```APIDOC ## GET /v1/notifications-install/callback/{type} ### Description Callback endpoint used by notification tools to complete the registration process. ### Method GET ### Endpoint /v1/notifications-install/callback/{type} ### Parameters #### Path Parameters - **type** (string) - Required - The notification type identifier. #### Query Parameters - **code** (string) - Optional - Authorization code provided by the notification tool. ``` -------------------------------- ### Rego Policies for Istio Ingress/Egress - Allow GET, Deny POST Source: https://docs.styra.com/das/systems/istio/policy-authoring Example Rego policies demonstrating how to allow all GET requests and deny all POST requests to the root path ('/'). These rules leverage the input JSON provided by Istio to OPA. ```rego # allow GET requests to the root path allow { input.attributes.request.http.method == "GET" input.attributes.request.http.path == "/" } # deny POST requests to the root path deny { input.attributes.request.http.method == "POST" input.attributes.request.http.path == "/" } ``` -------------------------------- ### Get system install/uninstall instructions Source: https://docs.styra.com/api Retrieves the installation and uninstallation instructions for a given system. It requires a system ID as a path parameter. ```APIDOC ## GET /v1/systems/{system}/instructions ### Description Retrieves the installation and uninstallation instructions for a given system. ### Method GET ### Endpoint https://TENANT.styra.com/v1/systems/{system}/instructions ### Parameters #### Path Parameters - **system** (string) - Required - The system ID. ### Request Example (No request body for this endpoint) ### Response #### Success Response (200) - **request_id** (string) - The ID of the request. - **result** (object) - Contains installation and uninstallation instructions. - **install** (array) - List of installation instructions. - **category** (string) - The category of the instruction. - **commands** (array) - List of commands for the instruction. - **action** (string) - The command to execute. - **title** (string) - A title for the command. - **uninstall** (array) - List of uninstallation instructions. - **category** (string) - The category of the instruction. - **commands** (array) - List of commands for the instruction. - **action** (string) - The command to execute. - **title** (string) - A title for the command. #### Response Example (200) ```json { "request_id": "string", "result": { "install": [ { "category": "string", "commands": [ { "action": "string", "title": "string" } ] } ], "uninstall": [ { "category": "string", "commands": [ { "action": "string", "title": "string" } ] } ] } } ``` ``` -------------------------------- ### Verify Data Loading with HTTP API (curl) Source: https://docs.styra.com/sdk/java/tutorials/hello-world-in-grpc This curl command demonstrates how to verify that data has been correctly loaded into Enterprise OPA by querying the HTTP API for specific user attributes. ```bash curl -Ss http://localhost:8181/v1/data/user_attributes/alice?pretty=true ``` -------------------------------- ### Retrieve Kubernetes Data Source Configuration Source: https://docs.styra.com/das/systems/kubernetes/install-agents Example JSON response from the Styra systems API detailing the status and metadata of a Kubernetes data source. ```json { "request_id": "7af08205-fd61-4f86-863e-1447fa664cda", "result": { "category": "kubernetes/resources", "id": "systems/cf8d422d77e943c4a09c75236cd1630f/kubernetes/resources", "metadata": { "created_at": "2019-06-27T22:32:38.64727557Z", "created_by": "support@styra.com", "created_through": "access/styra/automation", "last_modified_at": "2019-06-27T22:32:38.64727557Z", "last_modified_by": "support@styra.com", "last_modified_through": "access/styra/automation" }, "namespaces": { "kube-system": false }, "on_premises": true, "status": { "code": "finished", "message": "", "timestamp": "2021-03-03T23:01:11Z" } } } ``` -------------------------------- ### Sign and Verify Bundles with eopa Source: https://docs.styra.com/enterprise-opa/reference/cli-reference Demonstrates how to use the eopa build command to verify an existing bundle signature using a public key and generate a new signature using a private key. ```bash eopa build --verification-key /path/to/public_key.pem --signing-key /path/to/private_key.pem --bundle foo ``` -------------------------------- ### Styra DAS Helm Configuration Schema Source: https://docs.styra.com/das/self-hosted-install/0.9.0-styra-das/install-and-configure-onprem/openshift Example configuration snippet for the values.yaml file, defining SMTP, email, and service settings. ```yaml # smtp: Configures the SMTP server settings. smtp: serveraddress: smtp.gmail.com:587 username: "" password: "" email: from_address: support@styra.com cluster: gke gke: loadbalancerip: "" service: type: LoadBalancer loadBalancerIP: "" nodePorts: http: "" https: "" ``` -------------------------------- ### Perform Authorization Check with OPA Client in Java Source: https://docs.styra.com/sdk/java/tutorials/hello-world This snippet demonstrates how to initialize the OPAClient, define an input map for policy evaluation, and execute an authorization check against a specific OPA policy path. It includes error handling for OPAException and prints the resulting boolean decision. ```java package org.example; import com.styra.opa.OPAClient; import com.styra.opa.OPAException; import java.util.Map; import java.util.List; import static java.util.Map.entry; public class App { public String getGreeting() { return "Hello World!"; } public static void main(String[] args) throws OPAException { System.out.println(new App().getGreeting()); String opaURL = "http://localhost:8181"; OPAClient opa = new OPAClient(opaURL); java.util.Map input = java.util.Map.ofEntries( entry("subject", "alice"), entry("action", "read"), entry("resource", "/finance/reports/fy2038_budget.csv") ); boolean allowed = false; try { allowed = opa.check("authz/allow", input); } catch (OPAException e ) { System.out.println("exception while making request against OPA: " + e); throw e; } System.out.println("allowed: " + allowed); } } ``` -------------------------------- ### Setup rqlite Database Service (Docker) Source: https://docs.styra.com/apps/models/howto/rebac Provides the Docker command to start the rqlite database service in the background, which is used for demonstrating SQL-based graph traversal. ```shell docker run -d -p 4001:4001 rqlite/rqlite ``` -------------------------------- ### Configure Gradle Dependencies for OPA SDK Source: https://docs.styra.com/sdk/java/tutorials/hello-world Shows the necessary dependency configuration to include the Styra OPA SDK in a Gradle-based Java project. ```gradle dependencies { implementation group: 'com.styra', name: 'opa', version: '+' } ``` -------------------------------- ### Verify Policy Evaluation with HTTP API (curl) Source: https://docs.styra.com/sdk/java/tutorials/hello-world-in-grpc These curl commands show how to test the Rego policy's effectiveness by sending POST requests to the Enterprise OPA HTTP API with different input scenarios. ```bash curl -Ss http://localhost:8181/v1/data/app/abac/allow -X POST -d '{"input": {"user": "bob", "action": "read", "resource": "dog123"}}' curl -Ss http://localhost:8181/v1/data/app/abac/allow -X POST -d '{"input": {"user": "dave", "action": "read", "resource": "dog123"}}' ``` -------------------------------- ### Styra DAS Helm Configuration Schema Source: https://docs.styra.com/das/self-hosted-install/0.9.0-styra-das/install-and-configure-onprem/google-kubernetes-engine Example structure of the values.yaml file used to configure SMTP settings, email addresses, and service types for Styra DAS. ```yaml smtp: serveraddress: smtp.gmail.com:587 username: "" password: "" email: from_address: support@styra.com cluster: gke gke: loadbalancerip: "" service: type: LoadBalancer loadBalancerIP: "" nodePorts: http: "" https: "" ``` -------------------------------- ### Pull and Tag Elasticsearch and Postgres Images (Bash) Source: https://docs.styra.com/das/self-hosted-install/0.9.0-styra-das/overview Pulls the Elasticsearch and Postgres Docker images and tags them for an internal registry. This is for using bundled Elasticsearch and Postgres with Styra DAS. ```bash docker pull docker.elastic.co/elasticsearch/elasticsearch:7.17.5 docker pull postgres:14.5 export DOCKER_URL="my.registry.internal" docker tag docker.elastic.co/elasticsearch/elasticsearch:7.17.5 $DOCKER_URL/elasticsearch:7.17.5 docker tag postgres:14.5 $DOCKER_URL/postgres:14.5 ``` -------------------------------- ### Execute Gradle Application Source: https://docs.styra.com/sdk/java/tutorials/hello-world-in-grpc This snippet shows the command to run the Gradle application and the expected output, including the task execution, request details, and the final 'Allowed' status. It's a standard way to build and run Java projects with Gradle. ```bash ./gradlew run > Task :app:run Hello World! Making request path: "app/abac/allow" document { bool_value: true } Allowed: true BUILD SUCCESSFUL in 1s 2 actionable tasks: 2 executed ``` -------------------------------- ### Log Replay API Response Example Source: https://docs.styra.com/assets/files/v2-deprecated-d552004827896a73a592822013a06f65.json This JSON object illustrates the structure of a response from the /v1/logreplay API endpoint. It contains the start time of the analysis, a list of samples showing differences in re-evaluated decisions, and statistics about the analysis process. ```json { "result": { "started": "2018-11-26T19:59:28.879307Z", "samples": [{ "labels": { "hostname": "8508d25dc62c" }, "type": "agent", "name": "16b93fad-c221-4d67-a44f-a1aa90f7a099", "agent_id": "16b93fad-c221-4d67-a44f-a1aa90f7a099", "timestamp": "2018-11-24T21:43:45.166990877Z", "revision": "W3sibCI6Imh0dHBhcGkvYXV0aHoiLCJzIjowfSx7ImwiOiJzeXMvY2F0YWxvZyIsInMiOjEyMjd9XQ", "path": "httpapi/authz/allow", "input": { "method": "GET", "path": ["finance", "salary", "donna"], "user": "sam" }, "result": false, "requested_by": "172.19.0.3:38470", "decision_id": "1f6b94cf-f077-4899-8b69-af76e7cdf533", "new_result": true }], "stats": { "batches_observed": 203, "batches_analyzed": 203, "entries_observed": 57311, "entries_evaluated": 56263, "entries_scheduled": 56263, "entries_failed": 0, "analysis_errors": 0, "results_changed": 2825, "batches_downloaded": 203, "batches_dow" } } } ``` -------------------------------- ### Configure OpaAuthorizationMiddleware in ASP.NET Core Source: https://docs.styra.com/sdk/aspnetcore/how-to/add-sdk Demonstrates both minimal and maximal configuration approaches for the OpaAuthorizationMiddleware. The minimal setup uses default values, while the maximal setup allows explicit injection of OpaClient, policy entry points, and custom context data providers. ```csharp // Minimal setup using Styra.Opa.AspNetCore; var builder = new WebHostBuilder() .Configure(app => { app.UseRouting(); app.UseAuthentication(); app.UseMiddleware(); }); ``` ```csharp // Maximal setup using Styra.Opa; using Styra.Opa.AspNetCore; string opaURL = System.Environment.GetEnvironmentVariable("OPA_URL") ?? "http://localhost:8181"; OpaClient opa = new OpaClient(opaURL); string policyEntrypoint = "policy/main"; ContextDataProvider ctxProvider = makeMyCustomProvider(); var builder = new WebHostBuilder() .Configure(app => { app.UseRouting(); app.UseAuthentication(); app.UseMiddleware(opa, policyEntrypoint, ctxProvider); }); ```