Skip to main content
Version: 2.0.0

Load Custom Data Sources into OPAL (and your PDP)

OPAL Scope Config (custom data sources)

With the new Scope Config API, you can set your own data sources for your GitOps policy, and combine Permit.io's ease of use, with OPAL's customizability.

Use the https://api.permit.io/v2/projects/{proj_id}/{env_id}/opal_scope to modify the OPAL Scope used. (you can get the environment and project id with API requests https://api.permit.io/v2/redoc#tag/Projects/operation/list_projects note that you need org level API key to access those, you can create one here https://app.permit.io/settings/api-keys )

By default, Permit loads data about users, roles, and so on to OPA from the Permit cloud. You can use this API to load additional data sources to use in your custom policy.

In this example, we will load data about countries of the world of https://restcountries.com.

Set custom data sources using the Permit.io API:

curl --location --request PUT '[https://api.permit.io/v2/projects/{project_id}/{env_id}/opal_scope](https://api.permit.io/v2/projects/%7Bproject_id%7D/%7Benv_id%7D/opal_scope)' \

--header 'Content-Type: application/json' \

--header 'Accept: application/json' \

--header 'Authorization: Bearer permit_key_***' \

--data '{

     "data": {

          "entries": [

               {

                    "url": "<https://restcountries.com/v3.1/all>",

                    "dst_path": "/countries",

                    "config": {

                         "headers": {

                              "Accept": "application/json"

                         }

                    }

               }

          ]

     }


}'

In order to see the new data you can request the data path from your local PDP like this

curl --location --request GET 'http://localhost:8181/v1/data' \

--header 'Authorization: Bearer permitkey {{secret}}'

API Docs for Scope Request (API still in beta):

You can view the full OPAL Scope documentation here: https://docs.opal.ac/getting-started/running-opal/run-opal-server/data-sources

Custom scopes are supported from PDP **v0.2.15, **so you may need to run: docker pull permitio/pdp-v2:latest

And the following flag needs to be enabled when you run the container:

OPAL_SPLIT_ROOT_DATA=1

E.G if you run it with docker:

docker run -e PDPAPI_KEY=permit_key*** -e OPAL_SPLIT_ROOT_DATA=1 permitio/pdp-v2:latest

This is it, you now have a running instance of PDP with custom scopes!

You can also use the custom data source in your rego like this (if you have the gitops feature enabled for you):

data.countries[0].capital == "Bridgetown"