This serves as the OPA Backend Plugin, eventually to route all your OPA needs through!
This plugin is still in development so please use with caution.
The only pre-requisites to use this plugin is that you have set up an OPA server. You can find more information on how to do that here. And you have a Backstage instance running. More info on how to do that here.
This plugin is currently used by the backstage-opa-entity-checker, and the backstage-opa-policies plugins. You can install it by running the following command:
Start with installing the package:
yarn add --cwd packages/backend @parsifal-m/plugin-opa-backend
In your app-config.yaml
file, add the following:
opaClient:
baseUrl: 'http://localhost:8181'
policies:
entityChecker: # Entity checker plugin
entrypoint: 'entity_checker/violation'
Note, the
backstage-opa-policies
plugin does not require the above configuration.
This assumes you are using the New Backend System, (you should be!) registering the plugin is much easier.
Add the following to your packages/backend/src/index.ts
file:
// packages/backend/src/index.ts
import { createBackend } from '@backstage/backend-defaults';
const backend = createBackend();
// ...
backend.add(import('@parsifal-m/plugin-opa-backend'));
// ...
backend.start();
The entrypoint
name in the app-config.yaml
file should be the entrypoint to the policy in the rego
file. You can find some working example of policies to use with this plugin here or in here
I am happy to accept contributions to this plugin. Please fork the repository and open a PR with your changes. If you have any questions, please feel free to reach out to me on Mastodon
This project is released under the Apache 2.0 License.