opa-operator/docs/modules/opa/examples/getting_started/getting_started.sh at d24519e4eba598dc48111b090edc2087376261cf · stackabletech/opa-operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#! /usr/bin/env bash
set -euo pipefail

# DO NOT EDIT THE SCRIPT
# Instead, update the j2 template, and regenerate it for dev with `make render-docs`.

# This script contains all the code snippets from the guide, as well as some assert tests
# to test if the instructions in the guide work. The user *could* use it, but it is intended
# for testing only.
# The script will install the operator, create an OPA instance and briefly open a port
# forward and query the OPA.
# No running processes are left behind (i.e. the port-forwarding is closed at the end)

if [ $# -eq 0 ]
then
  echo "Installation method argument ('helm' or 'stackablectl') required."
  exit 1
fi

case "$1" in
"helm")
echo "Installing operators with Helm"
# tag::helm-install-operators[]
helm install --wait opa-operator oci://oci.stackable.tech/sdp-charts/opa-operator --version 25.11.0-rc1
# end::helm-install-operators[]
;;
"stackablectl")
echo "installing operators with stackablectl"
# tag::stackablectl-install-operators[]
stackablectl operator install opa=25.11.0-rc1
# end::stackablectl-install-operators[]
;;
*)
echo "Need to provide 'helm' or 'stackablectl' as an argument for which installation method to use!"
exit 1
;;
esac

echo "Creating OPA cluster"
# tag::apply-opa-cluster[]
kubectl apply -f opa.yaml
# end::apply-opa-cluster[]

sleep 15

echo "Waiting on rollout ..."
kubectl rollout status --watch --timeout=5m daemonset/simple-opa-server-default

echo "Applying the rule file"
# tag::apply-rule-file[]
kubectl apply -f simple-rule.yaml
# end::apply-rule-file[]

# The bundle builder will update the bundle almost immediately, but OPA can take up to
# max_delay_seconds: 20 (see ConfigMap)
# to poll the bundle
sleep 21

echo "Starting port-forwarding of port 8081"
# tag::port-forwarding[]
kubectl port-forward svc/simple-opa-server 8081 > /dev/null 2>&1 &
# end::port-forwarding[]
PORT_FORWARD_PID=$!
# shellcheck disable=SC2064
trap "kill $PORT_FORWARD_PID" EXIT
sleep 5

request_hello() {
# tag::request-hello[]
curl -s http://localhost:8081/v1/data/test/hello -d '{"input": {}}'
# end::request-hello[]
}

echo "Checking policy decision for 'hello' rule ..."
test_hello=$(request_hello)
if [ "$test_hello" == "$(cat expected_response_hello.json)" ]; then
  echo "The 'hello' rule returned the correct response!"
else
  echo "The 'hello' rule returned an incorrect response."
  echo "Received: $test_hello"
  echo "Expected: $(cat expected_response_hello.json)"
  exit 1
fi

request_world() {
# tag::request-world[]
curl -s http://localhost:8081/v1/data/test/world -d '{"input": {}}'
# end::request-world[]
}

echo "Checking policy decision for 'world' rule ..."
test_world=$(request_world)
if [ "$test_world" == "$(cat expected_response_world.json)" ]; then
  echo "The 'world' rule returned the correct response!"
else
  echo "The 'world' rule returned an incorrect response."
  echo "Received: $test_world"
  echo "Expected: $(cat expected_response_world.json)"
  exit 1
fi