v0.1.14
-
We made a few significant changes to the update callbacks mechanism:
- Dynamic registry of callbacks: OPAL client can now register new callbacks dynamically during runtime via its REST API (if opal client is running on http://localhost:7000, the API docs can be found on http://localhost:7000/redoc).
- Callbacks are called for policy updates: OPAL client will now call any registered callbacks after successful policy updates, so now every change made to OPA state will invoke a callback. This allows an OPAL user to monitor OPA state changes (get "push notifications" via the callbacks mechanism; each "callback" is actually implemented as a webhook).
-
We made a few small changes to OPAL's authentication mechanism:
- We now require datasource JWTs in order to publish updates: As was previously explained in the docs, you need a
datasourceJWT token in order to authenticate successfully when publishing a data update. Until now, we did not enforce the peer type requirement on the token. This change essentially fixes #44. - New type of OPAL JWT (listener): A
listenerJWT is meant for a network peer that "listens" to OPA state changes, or in other words, a peer that exposes a callback to be called by OPAL client after OPA state changes.
- We now require datasource JWTs in order to publish updates: As was previously explained in the docs, you need a
-
We added new config vars to expose the timeouts enforced on fetch providers (fixes #142):
# Time in seconds to wait on the queued fetch task (i.e: for a fetch provider to fetch data) OPAL_FETCHING_CALLBACK_TIMEOUT (default: 10) # Time in seconds to wait for queuing a new task (if the queue is full) OPAL_FETCHING_ENQUEUE_TIMEOUT (default: 10) -
We changed the default value of
OPAL_POLICY_STORE_URL: the policy store URL should only include the host and port part of the url, not the path. i.e: if OPA is on localhost port 8181, instead ofhttp://localhost:8181/v1, the config var should now behttp://localhost:8181.