...
In the above case, OPA-PDP will create following directory structure and store policy and data files. The “.” mentioned in the policy will translate to subdirectories in OPA-PDP pod. This will also ensure each policy is referenced by the main rego file, this will avoid collision in case we have same library file used in multiple main rego files.
The “native” and “opa” keywords will be discarded when creating the directory structure.
Directory structure
| Code Block |
|---|
- /opt/policies
- cell/
- consistency/
- policy.rego // package cell.consistency will be stored here
- topology/
- policy.rego // package cell.consistency.topology will be stored here
- /opt/data
- cell/
- consistency/
- data.json // data will be stored here |
...
| Code Block |
|---|
tosca_definitions_version: tosca_simple_yaml_1_1_0
policy_types:
onap.policies.Native:
derived_from: tosca.policies.Root
description: a base policy type for all native PDP policies
version: 1.0.0
name: onap.policies.Native
onap.policies.native.opa:
derived_from: onap.policies.Native
version: 1.0.0
name: onap.policies.native.opa
description: a policy type for native opa policies
properties:
data:
type: map
type_version: 0.0.0
description: The data for Policy
required: false
metadata:
encoding: Base64
policy:
type: map
type_version: 0.0.0
description: The rego PolicySet or Policy
required: true
metadata:
encoding: Base64 |
Design Discussion