Slide 9
Slide 9 text
9
● In some cases, policies require data that can change often, aren’t
fully known at policy creation, or would simply be impractical to
embed and manage inside the policy. Examples:
○ Suspicious IP address list
○ Groups to users list
○ Employee list with high privileged access
● It’s possible to leverage OPA policy document model data object
● We built an OPA Data server that can provide the data to OPA
server
● OPA Data Server is called from OPA policies using built-in http
functions.
○ It uses OPA package in Go. it’s very flexible.
Using dynamic external data for policies