...
The default value of the sub field (principal name) in keycloak is the user id, this can be changed to the user name using a property mapper:
kube-mgmt
By default the entire policy and data cache are defined by the opa bundle.
If you need to add data from other sources you need to include other data you need to define the bundle root directories in the .manifest file
e.g.
Code Block | ||||
---|---|---|---|---|
| ||||
{
"revision" : "1",
"roots": ["policy" , "servers"]
} |
You can then add the kube-mgmt sidecar to your opa deployment and this will pull data from configmaps in the namespace speciiied
e.g.
Code Block | ||
---|---|---|
| ||
- name: kube-mgmt
image: openpolicyagent/kube-mgmt:latest
args:
- "--namespaces=opa" |
Code Block | ||||
---|---|---|---|---|
| ||||
kind: ConfigMap
apiVersion: v1
metadata:
name: hello-data
namespace: opa
labels:
openpolicyagent.org/data: opa
data:
x.json: |
{"a": [1,2,3,4]} |
You can also add extra data using curl e.g. curl -X PUT $host:31182/v1/data -d @servers2.json
You can view all the data available to opa using curl: curl <opa host>:<port>/v1/data
You should see something similar to the following output:
Code Block | ||||
---|---|---|---|---|
| ||||
"Topic":[
"Write",
"Describe"
]
}
}
},
"services":{
"rappopaprovider":{
"ingress":{
}
}
}
},
"servers":{
"id":"s1",
"name":"app",
"ports":[
"p1",
"p2",
"p3"
],
"protocols":[
"https",
"ssh"
]
}
} |
See also:
Using Open Policy Agent with Strimzi and Apache Kafka
...