Status Edit

OPA can periodically report status updates to remote HTTP servers. The updates contain status information for OPA itself as well as the Bundles that have been downloaded and activated.

OPA sends status reports whenever one of the following happens:

  • Bundles are downloaded and activated – If the bundle download or activation fails for any reason, the status update will include error information describing the failure. This includes Discovery bundles.
  • A plugin state has changed – All plugin status is reported, and an update to any plugin will trigger a Status API report which contains the latest state.

The status updates will include a set of labels that uniquely identify the OPA instance. OPA automatically includes an id value in the label set that provides a globally unique identifier or the running OPA instance and a version value that provides the version of OPA.

See the Configuration Reference for configuration details.

Status Service API

OPA expects the service to expose an API endpoint that will receive status updates.

POST /status[/<partition_name>] HTTP/1.1
Content-Type: application/json

The partition name is an optional path segment that can be used to route status updates to different backends. If the partition name is not configured on the agent, updates will be sent to /status.

{
  "labels": {
    "app": "my-example-app",
    "id": "1780d507-aea2-45cc-ae50-fa153c8e4a5a",
    "version": "v0.29.4"
  },
  "bundles": {
    "http/example/authz": {
      "active_revision": "ABC",
      "last_request": "2018-01-01T00:00:00.000Z",
      "last_successful_request": "2018-01-01T00:00:00.000Z",
      "last_successful_download": "2018-01-01T00:00:00.000Z",
      "last_successful_activation": "2018-01-01T00:00:00.000Z",
      "metrics": {
        "timer_rego_data_parse_ns": 12345,
        "timer_rego_module_compile_ns": 12345,
        "timer_rego_module_parse_ns": 12345
      }
    }
  },
  "plugins": {
    "bundle": {
      "state": "OK"
    },
    "discovery": {
      "state": "OK"
    },
    "status": {
      "state": "OK"
    }
  },
  "metrics": {
    "prometheus": {
      "go_gc_duration_seconds": {
        "help": "A summary of the GC invocation durations.",
        "metric": [
          {
            "summary": {
              "quantile": [
                {
                  "quantile": 0,
                  "value": 0.000011799
                },
                {
                  "quantile": 0.25,
                  "value": 0.000011905
                },
                {
                  "quantile": 0.5,
                  "value": 0.000040002
                },
                {
                  "quantile": 0.75,
                  "value": 0.000065238
                },
                {
                  "quantile": 1,
                  "value": 0.000104897
                }
              ],
              "sample_count": 7,
              "sample_sum": 0.000309117
            }
          }
        ],
        "name": "go_gc_duration_seconds",
        "type": 2
      },
------------------------------8< SNIP 8<------------------------------
      "http_request_duration_seconds": {
        "help": "A histogram of duration for requests.",
        "metric": [
          {
            "histogram": {
              "bucket": [
                {
                  "cumulative_count": 1,
                  "upper_bound": 0.005
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 0.01
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 0.025
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 0.05
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 0.1
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 0.25
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 0.5
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 1
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 2.5
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 5
                },
                {
                  "cumulative_count": 1,
                  "upper_bound": 10
                }
              ],
              "sample_count": 1,
              "sample_sum": 0.003157399
            },
            "label": [
              {
                "name": "code",
                "value": "200"
              },
              {
                "name": "handler",
                "value": "v1/data"
              },
              {
                "name": "method",
                "value": "get"
              }
            ]
          }
        ],
        "name": "http_request_duration_seconds",
        "type": 4
      }
    }
  }
}

Status updates contain the following fields:

FieldTypeDescription
labelsobjectSet of key-value pairs that uniquely identify the OPA instance.
bundle.namestring(Deprecated) Name of bundle that the OPA instance is configured to download. Omitted when bundles are configured.
bundle.active_revisionstring(Deprecated) Opaque revision identifier of the last successful activation. Omitted when bundles are configured.
bundle.last_successful_downloadstring(Deprecated) RFC3339 timestamp of last successful bundle download. Omitted when bundles are configured.
bundle.last_successful_activationstring(Deprecated) RFC3339 timestamp of last successful bundle activation. Omitted when bundles are configured.
bundlesobjectSet of objects describing the status for each bundle configured with OPA.
bundles[_].namestringName of bundle that the OPA instance is configured to download.
bundles[_].active_revisionstringOpaque revision identifier of the last successful activation.
bundles[_].last_requeststringRFC3339 timestamp of last bundle request. This timestamp should be >= to the successful request timestamp in normal operation.
bundles[_].last_successful_requeststringRFC3339 timestamp of last successful bundle request. This timestamp should be >= to the successful download timestamp in normal operation.
bundles[_].last_successful_downloadstringRFC3339 timestamp of last successful bundle download.
bundles[_].last_successful_activationstringRFC3339 timestamp of last successful bundle activation.
bundles[_].metricsobjectMetrics from the last update of the bundle.
discovery.namestringName of discovery bundle that the OPA instance is configured to download.
discovery.active_revisionstringOpaque revision identifier of the last successful discovery activation.
discovery.last_requeststringRFC3339 timestamp of last discovery bundle request. This timestamp should be >= to the successful request timestamp in normal operation.
discovery.last_successful_requeststringRFC3339 timestamp of last successful discovery bundle request. This timestamp should be >= to the successful download timestamp in normal operation.
discovery.last_successful_downloadstringRFC3339 timestamp of last successful discovery bundle download.
discovery.last_successful_activationstringRFC3339 timestamp of last successful discovery bundle activation.
pluginsobjectA set of objects describing the state of configured plugins in OPA’s runtime.
plugins[_].statestringThe state of each plugin.
metrics.prometheusobjectGlobal performance metrics for the OPA instance.

If the bundle download or activation failed, the status update will contain the following additional fields.

FieldTypeDescription
bundle.codestringIf present, indicates error(s) occurred.
bundle.messagestringHuman readable messages describing the error(s).
bundle.errorsarrayCollection of detailed parse or compile errors that occurred during activation.

If the discovery bundle download or activation failed, the status update will contain the following additional fields.

FieldTypeDescription
discovery.codestringIf present, indicates error(s) occurred.
discovery.messagestringHuman readable messages describing the error(s).
discovery.errorsarrayCollection of detailed parse or compile errors that occurred during activation.

Services should reply with HTTP status 200 OK if the status update is processed successfully.

Local Status Logs

Local console logging of status updates can be enabled via the console config option. This does not require any remote server. Example of minimal config to enable:

status:
    console: true

This will dump all status updates to the console. See Configuration Reference for more details.

Warning: Status update messages are somewhat infrequent but can be very verbose! The metrics.prometheus portion of the status update in particular can create a considerable amount of log text at info level.