I have a pretty common use case where I would like to cache the results of a http.send for a given amount of time. I know I can do something like
value := http.send({
"url": "https://whatever.com",
"method": "get",
# Cached for one minute
"force_cache": true,
"force_cache_duration": 60
})
Where actually does it cache the returned value. We are running OPA as a k8s side car in the container.
How does it determine to use the cache v/s making the rest call.
How is the cache invalidated ?
- Where actually does it cache the returned value
OPA stores the data in an internal cache, it's in memory and isn't accessible from elsewhere.
How does it determine to use the cache v/s making the rest call.
How is the cache invalidated ?
If you are using force_cache: true then the value will be retained for as long as the value of force_cache_duration in seconds. If force_cache is not set, then OPA will use the Cache-Control & Expires response header values similar to a browser. If the server sets and Etag or Last-Modified header value, then OPA can also use these to invalidate the cache.
The docs are quite detailed on this topic and might be worth a read too. https://www.openpolicyagent.org/docs/latest/policy-reference/#http