Skip to content

Commit

Permalink
Fix doc typos (open-policy-agent#5514)
Browse files Browse the repository at this point in the history
Signed-off-by: Anders Eknert <[email protected]>
  • Loading branch information
anderseknert authored Jan 2, 2023
1 parent a13b623 commit ed455fb
Show file tree
Hide file tree
Showing 8 changed files with 25 additions and 25 deletions.
2 changes: 1 addition & 1 deletion docs/content/annotations.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ comment block containing the YAML document is finished
Name | Type | Description
--- | --- | ---
scope | string; one of `package`, `rule`, `document`, `subpackages` | The scope on which the `schemas` annotation is applied. Read more [here](./#scope).
title | string | A human-redable name for the annotation target. Read more [here](#title).
title | string | A human-readable name for the annotation target. Read more [here](#title).
description | string | A description of the annotation target. Read more [here](#description).
related_resources | list of URLs | A list of URLs pointing to related resources/documentation. Read more [here](#related-resources).
authors | list of strings | A list of authors for the annotation target. Read more [here](#authors).
Expand Down
30 changes: 15 additions & 15 deletions docs/content/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -298,8 +298,8 @@ bundles:
persistence_directory: ${PERSISTENCE_PATH}
```

When using an OCI service type the downloader uses the persistence path to store the layers of the downloaded repository. This storage path should be maintained by the user.
If persistence is not configured the OCI downloader will store the layers in the system's temporary directory to allow automatic cleanup on system restart.
When using an OCI service type the downloader uses the persistence path to store the layers of the downloaded repository. This storage path should be maintained by the user.
If persistence is not configured the OCI downloader will store the layers in the system's temporary directory to allow automatic cleanup on system restart.

#### Bearer Token

Expand Down Expand Up @@ -574,39 +574,39 @@ bundles:

#### Azure Managed Identities Token

OPA will authenticate with an [Azure managed identities](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) token.
The [token request](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http)
OPA will authenticate with an [Azure managed identities](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) token.
The [token request](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http)
can be configured via the plugin to customize the base URL, API version, and resource. Specific managed identity IDs can be optionally provided as well.

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `services[_].credentials.azure_managed_identity.endpoint` | `string` | No | Request endpoint. (default: `http://169.254.169.254/metadata/identity/oauth2/token`, the Azure Instance Metadata Service endpoint (recommended))|
| `services[_].credentials.azure_managed_identity.api_version` | `string` | No | API version to use. (default: `2018-02-01`, the minimum version) |
| `services[_].credentials.azure_managed_identity.resource` | `string` | No | App ID URI of the target resource. (default: `https://storage.azure.com/`) |
| `services[_].credentials.azure_managed_identity.object_id` | `string` | No | Optional object ID of the managed identity you would like the token for. Required, if your VM has multiple user-assigned managed identites. |
| `services[_].credentials.azure_managed_identity.client_id` | `string` | No | Optional client ID of the managed identity you would like the token for. Required, if your VM has multiple user-assigned managed identites. |
| `services[_].credentials.azure_managed_identity.mi_res_id` | `string` | No | Optional Azure Resource ID of the managed identity you would like the token for. Required, if your VM has multiple user-assigned managed identites. |
| `services[_].credentials.azure_managed_identity.object_id` | `string` | No | Optional object ID of the managed identity you would like the token for. Required, if your VM has multiple user-assigned managed identities. |
| `services[_].credentials.azure_managed_identity.client_id` | `string` | No | Optional client ID of the managed identity you would like the token for. Required, if your VM has multiple user-assigned managed identities. |
| `services[_].credentials.azure_managed_identity.mi_res_id` | `string` | No | Optional Azure Resource ID of the managed identity you would like the token for. Required, if your VM has multiple user-assigned managed identities. |

##### Example
Use an [Azure storage account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview) as a bundle service backend.
Note that the `x-ms-version` header must be specified for the storage account service, and a minimum version of `2017-11-09` must be provided as per [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#call-storage-operations-with-oauth-tokens).

```yaml
services:
azure_storage_account:
services:
azure_storage_account:
url: ${STORAGE_ACCOUNT_URL}
headers:
x-ms-version: 2017-11-09
response_header_timeout_seconds: 5
credentials:
credentials:
azure_managed_identity: {}
bundles:
authz:
bundles:
authz:
service: azure_storage_account
resource: bundles/http/example/authz.tar.gz
persist: true
polling:
polling:
min_delay_seconds: 60
max_delay_seconds: 120
```
Expand Down Expand Up @@ -716,15 +716,15 @@ func init() {

When using a private image from an OCI registry the credentials are mandatory as the OCI downloader needs the credentials for the pull operation.

Examples of setting credetials for pulling private images:
Examples of setting credetials for pulling private images:
*AWS ECR* private image usually requires at least basic authentication. The credentials to authenticate can be obtained using the AWS CLI command `aws ecr get-login` and those can be passed to the service configuration as basic bearer credentials as follows:
```
credentials:
bearer:
scheme: "Basic"
token: "<username>:<password>"
```
The OCI downloader includes a base64 encoder for these credentials so they can be supplied as shown above.
The OCI downloader includes a base64 encoder for these credentials so they can be supplied as shown above.

For *GHCR* (Github Container Registry) you can use a developer PAT (personal access token) when downloading a private image. These can be supplied as:
```
Expand Down
2 changes: 1 addition & 1 deletion docs/content/contrib-adding-builtin-functions.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ weight: 5
can be added inside the `topdown` package.

Built-in functions may be upstreamed if they are generally useful and provide functionality that would be
impractical to implement natively in Rego (e.g., CIDR arithmetic). Implementations should avoid thirdparty
impractical to implement natively in Rego (e.g., CIDR arithmetic). Implementations should avoid third-party
dependencies. If absolutely necessary, consider importing the code manually into the `internal` package.

{{< info >}}
Expand Down
2 changes: 1 addition & 1 deletion docs/content/contrib-code.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ implementing it inside of the
`github.com/open-policy-agent/opa/internal` package. The `internal`
package is not visible outside of OPA.

Avoid adding thirdparty dependencies (vendoring). OPA is designed to be minimal,
Avoid adding third-party dependencies (vendoring). OPA is designed to be minimal,
lightweight, and easily embedded. Vendoring may make features _easier_ to
implement however they come with their own cost for both OPA developers and
OPA users (e.g., vendoring conflicts, security, debugging, etc.)
Expand Down
2 changes: 1 addition & 1 deletion docs/content/policy-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,7 @@ fruit.orange.color(x) = true if x == "orange" # function
```

For reasons of backwards-compatibility, partial sets need to use `contains` in
their rule hesas, i.e.
their rule heads, i.e.

```live:rules/ref_heads/set:module:read_only
fruit.box contains "apples" if true
Expand Down
6 changes: 3 additions & 3 deletions docs/content/rest-api.md
Original file line number Diff line number Diff line change
Expand Up @@ -2043,9 +2043,9 @@ Content-Type: application/json
OPA currently supports the following query performance metrics:

- **timer_rego_input_parse_ns**: time taken (in nanoseconds) to parse the input
- **timer_rego_query_parse_ns**: time taken (in nanonseconds) to parse the query.
- **timer_rego_query_compile_ns**: time taken (in nanonseconds) to compile the query.
- **timer_rego_query_eval_ns**: time taken (in nanonseconds) to evaluate the query.
- **timer_rego_query_parse_ns**: time taken (in nanoseconds) to parse the query.
- **timer_rego_query_compile_ns**: time taken (in nanoseconds) to compile the query.
- **timer_rego_query_eval_ns**: time taken (in nanoseconds) to evaluate the query.
- **timer_rego_module_parse_ns**: time taken (in nanoseconds) to parse the input policy module.
- **timer_rego_module_compile_ns**: time taken (in nanoseconds) to compile the loaded policy modules.
- **timer_server_handler_ns**: time take (in nanoseconds) to handle the API request.
Expand Down
4 changes: 2 additions & 2 deletions docs/content/schemas.md
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ On the other hand, this annotation does not constrain other paths under `data`.

Note that the second `allow` rule doesn't have a METADATA comment block attached to it, and hence will not be type checked with any schemas.

On a different note, schema annotations can also be added to policy files part of a bundle package loaded via `opa eval --bundle` alongwith the `--schema` parameter for type checking a set of `*.rego` policy files.
On a different note, schema annotations can also be added to policy files part of a bundle package loaded via `opa eval --bundle` along with the `--schema` parameter for type checking a set of `*.rego` policy files.

The *scope* of the `schema` annotation can be controlled through the [scope](../annotations#scope) annotation

Expand Down Expand Up @@ -660,4 +660,4 @@ This contains samples for Envoy, Kubernetes, and Terraform including correspondi

For a reference on JSON Schema please see: http://json-schema.org/understanding-json-schema/reference/index.html

For a tool that generates JSON Schema from JSON samples, please see: https://jsonschema.net/home
For a tool that generates JSON Schema from JSON samples, please see: https://jsonschema.net/home
2 changes: 1 addition & 1 deletion docs/content/wasm.md
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ The (optional) `input` document for a policy can be provided by loading a JSON
returned address. After the raw string is loaded into memory you will need to
call the `opa_json_parse` exported method to get an address to the parsed input
document for use in evaluations. Set the address via the
`opa_eval_ctx_set_input` exported functoin supplying the evaluation context
`opa_eval_ctx_set_input` exported function supplying the evaluation context
address and parsed input document address.

#### External Data
Expand Down

0 comments on commit ed455fb

Please sign in to comment.