This message was deleted Permit #opal

Join Slack

This message was deleted.

# opal

Slackbot

05/25/2023, 2:37 PM

This message was deleted.

Gabriel L. Manor

05/25/2023, 3:21 PM

You can use a mock git image in your compose configuration and mount it to local volume

Copy code

cedar_retrieval_repository:
      image: rockstorm/gitweb
      ports:
        - "80:80"
      volumes:
        - "../:/srv/git:ro"

Gabriel L. Manor

05/25/2023, 3:22 PM

Gabriel L. Manor

05/25/2023, 3:25 PM

It is an example of working with Cedar, but will work with OPA/Rego too

Ben Wallis

05/25/2023, 3:29 PM

That might be a viable option - it would be nice to be able to provide the configs as a simple volume mount to the OPAL Server image though. In our specific situation we already have an infrastructure-as-code repository where we plan to store the rego policies, but we don't want to give OPAL Server access to that repo, nor do we ever intend to update policies outside of deployments. Is it feasible in the future that it would be possible to forego the git requirement entirely? Similarly it would be very useful if

OPAL_DATA_CONFIG_SOURCES

could use a volume mount to read a

.json

file opposed to requiring an external HTTP server for config.

Ben Wallis

05/25/2023, 3:30 PM

I appreciate that the existing design is likely because it's what works for permit.io though 🙂

Gabriel L. Manor

05/25/2023, 3:36 PM

One of the core principles of OPAL is GitOps, including its versioning, immutability, and one source of truth. Supporting local files is a viable option but will not stand in those principles. You can open an issue in OPAL repo so we can collaborate with other contributors on best practices.

Open in Slack

Previous Next