In progress

Author: alukach

examples/opa/Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/developmentseed/stac-auth-proxy:latest
+FROM ghcr.io/developmentseed/stac-auth-proxy:0.1.2
 
 ADD . /opa
 

examples/opa/docker-compose.yaml

@@ -2,6 +2,7 @@ services:
   proxy:
     depends_on:
       - stac
+      - opa
     build:
       context: examples/opa
     environment:
@@ -17,3 +18,13 @@ services:
       - "8000:8000"
     volumes:
       - ./src:/app/src
+
+  opa:
+    image: openpolicyagent/opa:latest
+    command: "run --server --addr=:8181 --watch /policies"
+    ports:
+      - "8181:8181"
+    volumes:
+      - ./examples/opa/policies:/policies
+    depends_on:
+      - stac

examples/opa/policies/example.rego

@@ -0,0 +1,19 @@
+package example
+
+# Helper function to check if user is authenticated
+is_authenticated if {
+    input.payload != null
+}
+
+# Return the list of permitted collections
+collections = ["naip"] if {
+    input.payload != null
+} else = [] if {
+    true
+}
+
+# Allow access to collections list - authenticated users see their permitted collections
+allow if {
+    input.method == "GET"
+    input.path = ["collections"]
+}