You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/docs/rest-api.md
+50-2Lines changed: 50 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1651,8 +1651,8 @@ OPA uses the `Accept` header to denote the target response format.
1651
1651
|`options.disableInlining`|`array[string]`| No. Default: undefined | A list of rule references. |
1652
1652
|`options.maskRule`|`string`| No | The rule to evaluate for generating column masks. Overrides any `mask_rule` annotations defined in the policy. |
1653
1653
|`options.targetDialects`|`array[string]`, one of `ucast+all`, `ucast+minimal`, `ucast+prisma`, `ucast+linq`, `sql+sqlserver`, `sql+mysql`, `sql+postgresql`| Yes, if using `multitarget`. **Ignored for all other targets**| The output targets for partial evaluation. Different targets will have different constraints. Use [`Accept` header](#accept-header--controlling-the-target-response-format) to request a single compilation target. |
1654
-
|`options.targetSQLTableMappings`|`object[string, object[string, string]]`| No | A mapping between tables and columns. See the [example](#using-table-and-column-remappings) for the schema. |
1655
-
|`unknowns`|`array[string]`| No | The terms to treat as unknown during partial evaluation (default: `["input"]`]). |
1654
+
|`options.targetSQLTableMappings`|`object[string, object[string, string]]`| No | A mapping between tables and columns. See the [example](#example-mapping-table-and-column-names) for the schema. |
1655
+
|`unknowns`|`array[string]`| No | The terms to treat as unknown during partial evaluation (default: `[]`). |
For this example, let's assume OPA is running with this policy:
1732
+
1733
+
```rego
1734
+
package filters
1735
+
1736
+
# METADATA
1737
+
# scope: document
1738
+
# compile:
1739
+
# unknowns: [input.fruits, input.price]
1740
+
include if input.fruits.name == input.favorite
1741
+
1742
+
include if input.price == "free"
1743
+
```
1744
+
1745
+
If there is no one-to-one correspondence between unknowns and table/column names, the target mapping comes into play.
1746
+
With this mapping, we would translate the policy into `WHERE fruit.display_name = E'pineapple' AND fruit.price_tag = E'free'`:
1747
+
1748
+
```http
1749
+
POST /v1/compile/filters/include
1750
+
Content-Type: application/json
1751
+
Accept: application/vnd.opa.sql.postgresql+json
1752
+
1753
+
{
1754
+
"input": {
1755
+
"favorite": "pineapple"
1756
+
},
1757
+
"options": {
1758
+
"targetSQLTableMappings": {
1759
+
"postgresql": {
1760
+
"fruits": {
1761
+
"$self": "fruit",
1762
+
"name": "display_name",
1763
+
"price": "price_tag"
1764
+
},
1765
+
"price": {
1766
+
"$table": "fruits"
1767
+
}
1768
+
}
1769
+
}
1770
+
}
1771
+
}
1772
+
```
1773
+
1774
+
For multi-target requests, per-target replacementes are possible, since the SQL table names might not match what you need for a UCAST consumer library.
1775
+
1776
+
1729
1777
## Health API
1730
1778
1731
1779
The `/health` API endpoint executes a simple built-in policy query to verify
0 commit comments