Skip to content

Commit

Permalink
feat(issue-641): add a clearer description to the documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@disaverio
disaverio committed Sep 9, 2024
1 parent f968eaa commit 0b7fdfe
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 19 deletions.
36 changes: 18 additions & 18 deletions documentation/docs/getting-started/configuration.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,24 +119,24 @@ Please use this table as a reference.

## OPAL Client Configuration Variables

| Variables | Description | Example |
| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------ |
| POLICY_STORE_TYPE | | |
| POLICY_STORE_AUTH_TYPE | The authentication method for connecting to the policy store. Possible values are `oauth` or `token` | |
| POLICY_STORE_AUTH_TOKEN | The authentication (bearer) token OPAL client will use to authenticate against the policy store (i.e: OPA agent). | |
| POLICY_STORE_AUTH_OAUTH_SERVER | The authentication server OPAL client will use to authenticate against for retrieving the access_token. | |
| POLICY_STORE_AUTH_OAUTH_CLIENT_ID | The client id OPAL will use to authenticate against the OAuth server. | |
| POLICY_STORE_AUTH_OAUTH_CLIENT_SECRET | The client secret OPAL will use to authenticate against the OAuth server. | |
| POLICY_STORE_CONN_RETRY | Retry options when connecting to the policy store (i.e. the agent that handles the policy, e.g. OPA). | |
| POLICY_STORE_POLICY_PATHS_TO_IGNORE | Which policy paths pushed to the client should be ignored. List of glob style paths, or paths without wildcards but ending with "/\*\*" indicating a parent path (ignoring all under it). It does support paths starting with '!' to force to not ignore them. | |
| INLINE_OPA_ENABLED | Whether or not OPAL should run OPA by itself in the same container. | |
| INLINE_OPA_CONFIG | If inline OPA is indeed enabled, the user can set the [server configuration options](https://docs.opal.ac/getting-started/running-opal/run-opal-client/opa-runner-parameters) that affects how OPA will start when running `opa run --server` inline. Watch escaping quotes. | \{"config_file":"/mnt/opa/config"\} |
| INLINE_OPA_LOG_FORMAT | | |
| KEEP_ALIVE_INTERVAL | | |
| OFFLINE_MODE_ENABLED | If set, opal client will try to load policy store from backup file and operate even if server is unreachable. Ignored if INLINE_OPA_ENABLED=False | |
| STORE_BACKUP_PATH | Path to backup policy store's data to | |
| STORE_BACKUP_INTERVAL | Interval in seconds to backup policy store's data | |
| POLICY_UPDATER_ENABLED | If set to `FALSE`, OPAL Client will not fetch policies or listen to policy updates. | |
| Variables | Description | Example |
| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------------------------------ |
| POLICY_STORE_TYPE | | |
| POLICY_STORE_AUTH_TYPE | The authentication method for connecting to the policy store. Possible values are `oauth` or `token` | |
| POLICY_STORE_AUTH_TOKEN | The authentication (bearer) token OPAL client will use to authenticate against the policy store (i.e: OPA agent). | |
| POLICY_STORE_AUTH_OAUTH_SERVER | The authentication server OPAL client will use to authenticate against for retrieving the access_token. | |
| POLICY_STORE_AUTH_OAUTH_CLIENT_ID | The client id OPAL will use to authenticate against the OAuth server. | |
| POLICY_STORE_AUTH_OAUTH_CLIENT_SECRET | The client secret OPAL will use to authenticate against the OAuth server. | |
| POLICY_STORE_CONN_RETRY | Retry options when connecting to the policy store (i.e. the agent that handles the policy, e.g. OPA). | |
| POLICY_STORE_POLICY_PATHS_TO_IGNORE | Which policy paths pushed to the client should be ignored. List of glob style paths, or paths without wildcards but ending with "/\*\*" indicating a parent path (ignoring all under it). It does support paths starting with '!' to force to not ignore them: a negated path would always take precedence, so if, e.g., both `!myFolder/**` and `myFolder/subFolder/**` are defined then `myFolder/subFolder/**` will not be ignored. | |
| INLINE_OPA_ENABLED | Whether or not OPAL should run OPA by itself in the same container. | |
| INLINE_OPA_CONFIG | If inline OPA is indeed enabled, the user can set the [server configuration options](https://docs.opal.ac/getting-started/running-opal/run-opal-client/opa-runner-parameters) that affects how OPA will start when running `opa run --server` inline. Watch escaping quotes. | \{"config_file":"/mnt/opa/config"\} |
| INLINE_OPA_LOG_FORMAT | | |
| KEEP_ALIVE_INTERVAL | | |
| OFFLINE_MODE_ENABLED | If set, opal client will try to load policy store from backup file and operate even if server is unreachable. Ignored if INLINE_OPA_ENABLED=False | |
| STORE_BACKUP_PATH | Path to backup policy store's data to | |
| STORE_BACKUP_INTERVAL | Interval in seconds to backup policy store's data | |
| POLICY_UPDATER_ENABLED | If set to `FALSE`, OPAL Client will not fetch policies or listen to policy updates. | |

## Policy Updater Configuration Variables

Expand Down
2 changes: 1 addition & 1 deletion ...ion/docs/getting-started/running-opal/run-opal-client/opa-runner-parameters.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ In order to override default configuration, you'll need to set this env var:

Use the `POLICY_STORE_*` [config options](/getting-started/configuration) to control how OPAL-client interacts the policy store (e.g. OPA)

- Use `POLICY_STORE_POLICY_PATHS_TO_IGNORE` to have the client ignore instruction to overwrite or delete policies. Accepting a list of glob paths, or parent paths (without wildcards) ending with "/\*\*". It does support paths starting with '!' to force to not ignore them.
- Use `POLICY_STORE_POLICY_PATHS_TO_IGNORE` to have the client ignore instruction to overwrite or delete policies. Accepting a list of glob paths, or parent paths (without wildcards) ending with "/\*\*". It does support paths starting with '!' to force to not ignore them: a negated path would always take precedence, so if, e.g., both `!myFolder/**` and `myFolder/subFolder/**` are defined then `myFolder/subFolder/**` will not be ignored.

#### Policy store backup

Expand Down

0 comments on commit 0b7fdfe

Please sign in to comment.