I am not sure how can I get the incoming HTTP requests to first hit the “B” rego policy framework A "rego policy framework", e.g. OpenPolicyAgent are typically used as an assisting container. In this setup, your application receives the request, then ask the "rego policy framework" container, "is this request allowed?", then your application continue to process the request. See e.g OpenPolicyAgent example - HTTP API Authorization with this part, to ask if the request is allowed.
# ask OPA for a policy decision
# (in reality OPA URL would be constructed from environment)
rsp = requests.post("http://127.0.0.1:8181/v1/data/httpapi/authz", json=input_dict)
if rsp.json()["allow"]:
# HTTP API allowed
else:
# HTTP API denied
1条答案
按热度按时间dgtucam11#
I am not sure how can I get the incoming HTTP requests to first hit the “B” rego policy framework
A "rego policy framework", e.g. OpenPolicyAgent are typically used as an assisting container.
In this setup, your application receives the request, then ask the "rego policy framework" container, "is this request allowed?", then your application continue to process the request.
See e.g OpenPolicyAgent example - HTTP API Authorization with this part, to ask if the request is allowed.