Add/Update policies in OPA when configured with Bundle server #604
-
Hi, We have deployed OPA with Bundle server which is working fine. When OPA starts, it reads the policy and able to evaluate as well. However when I am trying to add new Policy using REST API, it is not allowing. As per documentation, OPA should restrict any policy which are kept in .tar file under Bundles should not be allowed for update or delete but it should allow to add new policy using REST which is not happening. Getting below error : OPA Bundle configuration: However I am able to get all policies using REST endpoint except not able to delete or update or add new policy. If someone can confirm if adding or updating policy is not at all possible using Rest when OPA is configured with Bundle Server. Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
It's possible to do for any file that isn't owned by the bundle, i.e that belongs to a bundle root. If not provided, the bundle root will be If you for example would set the bundle root to "authz", then any path outside of "authz" can be modified without interfering with the bundle. |
Beta Was this translation helpful? Give feedback.
It's possible to do for any file that isn't owned by the bundle, i.e that belongs to a bundle root. If not provided, the bundle root will be
""
, which means the bundle owns all paths. You can change that in the bundle's.manifest
file: https://www.openpolicyagent.org/docs/latest/management-bundles/#bundle-file-formatIf you for example would set the bundle root to "authz", then any path outside of "authz" can be modified without interfering with the bundle.