There should be more documentation explaining how to setup authorization in the OPAL client. There's plenty of documentation already available for authentication, but very little to do with authorization.
The official OPAL docs webpages should contain a section devoted to Rego authorization.
There already exists a Docker example of setting up authorization, but there's less documentation available on the Helm side. The opaStartupData option is not documented in values.yml.
A very basic Helm implementation of "authorization":
client:
extraEnv:
OPAL_INLINE_OPA_CONFIG: '{"authorization": "basic", "files": ["/opt/opa/startup-data/authz.rego"]}'
opaStartupData:
authz.rego: |
package system.authz
default allow := true
There should be more documentation explaining how to setup authorization in the OPAL client. There's plenty of documentation already available for authentication, but very little to do with authorization.
The official OPAL docs webpages should contain a section devoted to Rego authorization.
There already exists a Docker example of setting up authorization, but there's less documentation available on the Helm side. The
opaStartupDataoption is not documented invalues.yml.A very basic Helm implementation of "authorization":