Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for accessing environment vars in queries #420

Closed
tsandall opened this issue Aug 18, 2017 · 0 comments
Closed

Add support for accessing environment vars in queries #420

tsandall opened this issue Aug 18, 2017 · 0 comments

Comments

@tsandall
Copy link
Member

tsandall commented Aug 18, 2017
edited
Loading

In cases like #417 it would be useful if queries could refer to the environment vars that OPA (or the process embedding OPA) was started with.

E.g., this would allow secret values to be safely referred to in policies without worrying (as much) about leaking them via the Data API.

There are a few ways we could add support for accessing environment variables. The simplest approach would probably be to include a new built-in function like os.env(output) that returns a JSON object mapping environment variables to values.
@tsandall tsandall mentioned this issue May 21, 2018
Closed
@tsandall tsandall mentioned this issue Oct 16, 2018
Merged
tsandall added a commit to tsandall/opa that referenced this issue Oct 16, 2018
@tsandall
Add built-in function to get runtime info
cf73499 
These changes add support for accessing runtime information inside of
policies. In some cases, policies need to access environment variables
or configuration that OPA was booted with. These changes add a built-in
function that allows policies to gain access to this information. The
built-in function itself is relatively trivial. Most of the required
changes were plumbing the runtime information from the entrypoint down
into the evaluation engine. The alternative would have been to introduce
a global variable containing this information however that would be have
been harder to reason about in library integrations.

Fixes open-policy-agent#420

Signed-off-by: Torin Sandall <[email protected]>
tsandall added a commit that referenced this issue Oct 16, 2018
@tsandall
Add built-in function to get runtime info
38a9887 
These changes add support for accessing runtime information inside of
policies. In some cases, policies need to access environment variables
or configuration that OPA was booted with. These changes add a built-in
function that allows policies to gain access to this information. The
built-in function itself is relatively trivial. Most of the required
changes were plumbing the runtime information from the entrypoint down
into the evaluation engine. The alternative would have been to introduce
a global variable containing this information however that would be have
been harder to reason about in library integrations.

Fixes #420

Signed-off-by: Torin Sandall <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tsandall