<p align="center">
<img src="https://i.ibb.co/BGVBmMK/opal.png" height=170 alt="opal" border="0" />
</p>
<h2 align="center">
OPAL Fetcher for Postgres
</h2>
[Check out OPAL main repo here.](https://github.com/permitio/opal)
### What's in this repo?
An OPAL [custom fetch provider](https://docs.opal.ac/tutorials/write_your_own_fetch_provider) to bring authorization state from [Postgres](https://www.postgresql.org/).
This fetcher is both:
- **A fully functional fetch-provider for Postgres:** can be used by OPAL to fetch data from Postgres DB.
- **Serving as an example** how to write custom fetch providers for OPAL and how to publish them as pip packages.
### How to try this custom fetcher in one command? (Example docker-compose configuration)
You can test this fetcher with the example docker compose file in this repository root. Clone this repo, `cd` into the cloned repo, and then run:
```
docker compose up
```
this docker compose configuration already correctly configures OPAL to load the Postgres Fetch Provider, and correctly configures `OPAL_DATA_CONFIG_SOURCES` to include an entry that uses this fetcher.
### ✏️ How to use this fetcher in your OPAL Setup
#### 1) Build a custom opal-client `Dockerfile`
The official docker image only contains the built-in fetch providers. You need to create your own `Dockerfile` (that is based on the official docker image), that includes this fetcher's pip package.
Your `Dockerfile` should look like this:
```
FROM permitio/opal-client:latest
RUN pip install --no-cache-dir --user opal-fetcher-postgres
```
#### 2) Build your custom opal-client container
Say your special Dockerfile from step one is called `custom_client.Dockerfile`.
You must build a customized OPAL container from this Dockerfile, like so:
```
docker build -t yourcompany/opal-client -f custom_client.Dockerfile .
```
#### 3) When running OPAL, set `OPAL_FETCH_PROVIDER_MODULES`
Pass the following environment variable to the OPAL client docker container (comma-separated provider modules):
```
OPAL_FETCH_PROVIDER_MODULES=opal_common.fetcher.providers,opal_fetcher_postgres.provider
```
Notice that OPAL receives a list from where to search for fetch providers.
The list in our case includes the built-in providers (`opal_common.fetcher.providers`) and our custom postgres provider.
#### 4) Using the custom provider in your DataSourceEntry objects
Your DataSourceEntry objects (either in `OPAL_DATA_CONFIG_SOURCES` or in dynamic updates sent via the OPAL publish API) can now include this fetcher's config.
Example value of `OPAL_DATA_CONFIG_SOURCES` (formatted nicely, but in env var you should pack this to one-line and no-spaces):
```json
{
"config": {
"entries": [
{
"url": "postgresql://postgres@example_db:5432/postgres",
"config": {
"fetcher": "PostgresFetchProvider",
"query": "SELECT * from city;",
"connection_params": {
"password": "postgres"
}
},
"topics": [
"policy_data"
],
"dst_path": "cities"
}
]
}
}
```
Notice how `config` is an instance of `PostgresFetcherConfig` (code is in `opal_fetcher_postgres/provider.py`).
Values for this fetcher config:
* The `url` is actually a postgres dsn. You can set the postgres password in the dsn itself if you want.
* `connection_params` are optional, if you want to include certain overrides outside the dsn.
* Your `config` must include the `fetcher` key to indicate to OPAL that you use a custom fetcher.
* Your `config` must include the `query` key to indicate what query to run against postgres.
### 🚩 Possible User Issues
While trying to send requests to a Postgres data source, you may encounter that the request fails. This can be caused by the format of the config entry URL for which the standard is:
`postgresql://<user>:<password>@<host>/<db>`
It might be most common that this request fails due to the password field being incorrectly parsed by the underlying library called `asyncpg`, which is one of the required libraries used within our OPAL custom data fetcher.
In order to solve the issue, you need to change the data source config entry URL to the format shown below:
`postgresql://<host>/<db>?user=<user>&password=<password>`
### 📖 About OPAL (Open Policy Administration Layer)
[OPAL](https://github.com/permitio/opal) is an administration layer for Open Policy Agent (OPA), detecting changes to both policy and policy data in realtime and pushing live updates to your agents.
OPAL brings open-policy up to the speed needed by live applications. As your application state changes (whether it's via your APIs, DBs, git, S3 or 3rd-party SaaS services), OPAL will make sure your services are always in sync with the authorization data and policy they need (and only those they need).
Check out OPAL's main site at [OPAL.ac](https://opal.ac).
<img src="https://i.ibb.co/CvmX8rR/simplified-diagram-highlight.png" alt="simplified" border="0">
Raw data
{
"_id": null,
"home_page": "",
"name": "opal-fetcher-postgres",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "",
"keywords": "Open Policy Agent,OPA,OPAL,Open Policy Administration Layer,Postgres,Permit.io",
"author": "",
"author_email": "Asaf Cohen <asaf@permit.io>",
"download_url": "https://files.pythonhosted.org/packages/4a/eb/7870c9ccf8a9f89d6ccc4a0c85b95282961d2247377f79a420502c7d4884/opal-fetcher-postgres-0.0.4.tar.gz",
"platform": null,
"description": "<p align=\"center\">\n <img src=\"https://i.ibb.co/BGVBmMK/opal.png\" height=170 alt=\"opal\" border=\"0\" />\n</p>\n<h2 align=\"center\">\nOPAL Fetcher for Postgres\n</h2>\n\n[Check out OPAL main repo here.](https://github.com/permitio/opal)\n\n### What's in this repo?\nAn OPAL [custom fetch provider](https://docs.opal.ac/tutorials/write_your_own_fetch_provider) to bring authorization state from [Postgres](https://www.postgresql.org/).\n\nThis fetcher is both:\n- **A fully functional fetch-provider for Postgres:** can be used by OPAL to fetch data from Postgres DB.\n- **Serving as an example** how to write custom fetch providers for OPAL and how to publish them as pip packages.\n\n### How to try this custom fetcher in one command? (Example docker-compose configuration)\n\nYou can test this fetcher with the example docker compose file in this repository root. Clone this repo, `cd` into the cloned repo, and then run:\n```\ndocker compose up\n```\nthis docker compose configuration already correctly configures OPAL to load the Postgres Fetch Provider, and correctly configures `OPAL_DATA_CONFIG_SOURCES` to include an entry that uses this fetcher.\n\n### \u270f\ufe0f How to use this fetcher in your OPAL Setup\n\n#### 1) Build a custom opal-client `Dockerfile`\n\nThe official docker image only contains the built-in fetch providers. You need to create your own `Dockerfile` (that is based on the official docker image), that includes this fetcher's pip package.\n\nYour `Dockerfile` should look like this:\n```\nFROM permitio/opal-client:latest\nRUN pip install --no-cache-dir --user opal-fetcher-postgres\n```\n\n#### 2) Build your custom opal-client container\nSay your special Dockerfile from step one is called `custom_client.Dockerfile`.\n\nYou must build a customized OPAL container from this Dockerfile, like so:\n```\ndocker build -t yourcompany/opal-client -f custom_client.Dockerfile .\n```\n\n#### 3) When running OPAL, set `OPAL_FETCH_PROVIDER_MODULES`\nPass the following environment variable to the OPAL client docker container (comma-separated provider modules):\n```\nOPAL_FETCH_PROVIDER_MODULES=opal_common.fetcher.providers,opal_fetcher_postgres.provider\n```\nNotice that OPAL receives a list from where to search for fetch providers.\nThe list in our case includes the built-in providers (`opal_common.fetcher.providers`) and our custom postgres provider.\n\n#### 4) Using the custom provider in your DataSourceEntry objects\n\nYour DataSourceEntry objects (either in `OPAL_DATA_CONFIG_SOURCES` or in dynamic updates sent via the OPAL publish API) can now include this fetcher's config.\n\nExample value of `OPAL_DATA_CONFIG_SOURCES` (formatted nicely, but in env var you should pack this to one-line and no-spaces):\n```json\n{\n \"config\": {\n \"entries\": [\n {\n \"url\": \"postgresql://postgres@example_db:5432/postgres\",\n \"config\": {\n \"fetcher\": \"PostgresFetchProvider\",\n \"query\": \"SELECT * from city;\",\n \"connection_params\": {\n \"password\": \"postgres\"\n }\n },\n \"topics\": [\n \"policy_data\"\n ],\n \"dst_path\": \"cities\"\n }\n ]\n }\n}\n```\n\nNotice how `config` is an instance of `PostgresFetcherConfig` (code is in `opal_fetcher_postgres/provider.py`).\n\nValues for this fetcher config:\n* The `url` is actually a postgres dsn. You can set the postgres password in the dsn itself if you want.\n* `connection_params` are optional, if you want to include certain overrides outside the dsn.\n* Your `config` must include the `fetcher` key to indicate to OPAL that you use a custom fetcher.\n* Your `config` must include the `query` key to indicate what query to run against postgres.\n\n### \ud83d\udea9 Possible User Issues\nWhile trying to send requests to a Postgres data source, you may encounter that the request fails. This can be caused by the format of the config entry URL for which the standard is:\n\n`postgresql://<user>:<password>@<host>/<db>`\n\nIt might be most common that this request fails due to the password field being incorrectly parsed by the underlying library called `asyncpg`, which is one of the required libraries used within our OPAL custom data fetcher.\n\nIn order to solve the issue, you need to change the data source config entry URL to the format shown below:\n\n`postgresql://<host>/<db>?user=<user>&password=<password>`\n\n### \ud83d\udcd6 About OPAL (Open Policy Administration Layer)\n[OPAL](https://github.com/permitio/opal) is an administration layer for Open Policy Agent (OPA), detecting changes to both policy and policy data in realtime and pushing live updates to your agents.\n\nOPAL brings open-policy up to the speed needed by live applications. As your application state changes (whether it's via your APIs, DBs, git, S3 or 3rd-party SaaS services), OPAL will make sure your services are always in sync with the authorization data and policy they need (and only those they need).\n\nCheck out OPAL's main site at [OPAL.ac](https://opal.ac).\n\n<img src=\"https://i.ibb.co/CvmX8rR/simplified-diagram-highlight.png\" alt=\"simplified\" border=\"0\">\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "An OPAL fetch provider to bring authorization state from Postgres DB.",
"version": "0.0.4",
"project_urls": {
"Bug Tracker": "https://github.com/permitio/opal-fetcher-postgres/issues",
"Source": "https://github.com/permitio/opal-fetcher-postgres"
},
"split_keywords": [
"open policy agent",
"opa",
"opal",
"open policy administration layer",
"postgres",
"permit.io"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "eb0526445575a3d104e7069fc8813ffc5992c1d6cabe4c87eb71226f42a2f298",
"md5": "a242e7250611744db36b6a6a90c8abd5",
"sha256": "7ccda6d44c01b1a466871ab33fc9921042ed6119745921f72ac1e2b793db3567"
},
"downloads": -1,
"filename": "opal_fetcher_postgres-0.0.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "a242e7250611744db36b6a6a90c8abd5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 10694,
"upload_time": "2023-09-12T11:19:44",
"upload_time_iso_8601": "2023-09-12T11:19:44.110555Z",
"url": "https://files.pythonhosted.org/packages/eb/05/26445575a3d104e7069fc8813ffc5992c1d6cabe4c87eb71226f42a2f298/opal_fetcher_postgres-0.0.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "4aeb7870c9ccf8a9f89d6ccc4a0c85b95282961d2247377f79a420502c7d4884",
"md5": "f4d6d7cb233575f34466f4337aadea7f",
"sha256": "55a953dac28e04b1c92f34222f770a12f3bec604226fbeed9a5e44fdf081599a"
},
"downloads": -1,
"filename": "opal-fetcher-postgres-0.0.4.tar.gz",
"has_sig": false,
"md5_digest": "f4d6d7cb233575f34466f4337aadea7f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 10503,
"upload_time": "2023-09-12T11:19:45",
"upload_time_iso_8601": "2023-09-12T11:19:45.249045Z",
"url": "https://files.pythonhosted.org/packages/4a/eb/7870c9ccf8a9f89d6ccc4a0c85b95282961d2247377f79a420502c7d4884/opal-fetcher-postgres-0.0.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-09-12 11:19:45",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "permitio",
"github_project": "opal-fetcher-postgres",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "opal-fetcher-postgres"
}
JSON
