Home / Kong Plugin Hub
Edit
Report

OPA

Overview Examples Configuration reference Changelog

Configuration

configobjectrequired
Hide Child Parameters
include_body_in_opa_inputboolean

Default:false

include_consumer_in_opa_inputboolean

If set to true, the Kong Gateway Consumer object in use for the current request (if any) is included as input to OPA.

Default:false

include_parsed_json_body_in_opa_inputboolean

If set to true and the Content-Type header of the current request is application/json, the request body will be JSON decoded and the decoded struct is included as input to OPA.

Default:false

include_route_in_opa_inputboolean

If set to true, the Kong Gateway Route object in use for the current request is included as input to OPA.

Default:false

include_service_in_opa_inputboolean

If set to true, the Kong Gateway Service object in use for the current request is included as input to OPA.

Default:false

include_uri_captures_in_opa_inputboolean

If set to true, the regex capture groups captured on the Kong Gateway Route’s path field in the current request (if any) are included as input to OPA.

Default:false

opa_hoststring

A string representing a host name, such as example.com.

Default:localhost

opa_pathstringrequired

A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).

opa_portinteger

An integer representing a port number between 0 and 65535, inclusive.

Default:8181

>= 0<= 65535

opa_protocolstring

The protocol to use when talking to Open Policy Agent (OPA) server. Allowed protocols are http and https.

Allowed values:httphttps

Default:http

ssl_verifyboolean

If set to true, the OPA certificate will be verified according to the CA certificates specified in lua_ssl_trusted_certificate.

Default:true

protocolsarray[string]

A set of strings representing HTTP protocols.

Allowed values:grpcgrpcshttphttps

Default:grpc, grpcs, http, https

routeobject

If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.

* Additional properties are NOT allowed.
Hide Child Parameters
idstring
serviceobject

If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.

* Additional properties are NOT allowed.
Hide Child Parameters
idstring

Did this doc help?

Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support