This message was deleted.
# opals
Slackbot
11/29/2022, 11:24 AMThis message was deleted.
a
Asaf Cohen
11/29/2022, 11:30 AMCheck out the
OPAL_INLINE_OPA_CONFIG Copy code
class OpaServerOptions(BaseModel):
"""Options to configure OPA server (apply when choosing to run OPA inline).
Security options are explained here in detail: <https://www.openpolicyagent.org/docs/latest/security/>
these include:
- addr (use https:// to apply TLS on OPA server)
- authentication (affects how clients are authenticating to OPA server)
- authorization (toggles the data.system.authz.allow document as the authz policy applied on each request)
- tls_ca_cert_file (CA cert for the CA signing on *client* tokens, when authentication=tls is on)
- tls_cert_file (TLS cert for the OPA server HTTPS)
- tls_private_key_file (TLS private key for the OPA server HTTPS)
"""
addr: str = Field(
":8181",
description="listening address of the opa server (e.g., [ip]:<port> for TCP)",
)
...Asaf Cohen
11/29/2022, 11:31 AMlearn about OPA security options here:
https://www.openpolicyagent.org/docs/latest/security/
and about the config format here:
https://www.openpolicyagent.org/docs/latest/configuration/
Asaf Cohen
11/29/2022, 11:31 AMAlso, welcome to our community @prithvi shankar 🙂
p
prithvi shankar
11/29/2022, 11:33 AM@Asaf Cohen Thanks for the information 🙂 . I will try with the solution provided and get back to you incase i have queries.
💪 1
prithvi shankar
11/30/2022, 5:19 AMHi @Asaf Cohen,
prithvi shankar
11/30/2022, 5:21 AMi tried to pass env variable data as below
- name: OPAL_INLINE_OPA_CONFIG
value: '{"config": {"addr:"0.0.0.0:443","tls_cert_file": "/certs/tls.crt","tls_private_key_file": "/certs/tls.key"}}'
but as per pod logs this variable is not getting considered. The OPAL client is running without this env variable.
prithvi shankar
11/30/2022, 5:21 AMCould you kindly help me with exact format for this env variable "OPAL_INLINE_OPA_CONFIG"