InfraBox uses Open Policy Agent for authorization management. The InfraBox API will connect to an Open Policy Agent server defined by the environment variables INFRABOX_OPA_HOST for the hostname and INFRABOX_OPA_PORT for the port the OPA server is listening on.
The Open Policy Agent server can be started isolated by running:
./ib.py services start opaBy default the service will be listening on port 8181.
The built docker image will come with these policy files preloaded.
To determine authorized and unauthorized requests the OPA service is required to have access to up-to-date information such as which projects are public and which users are collaborators to which projects. Therefore, this data is repeatedly pushed by the API to the OPA service.
The interval of the push in seconds is set in the environment variable INFRABOX_OPA_PUSH_INTERVAL.