Skip to main content
Hitachi Vantara Lumada and Pentaho Documentation

Create a custom rule

You can use the rules engine in IIoT Core Services to deploy custom-defined rules.

Deployment is done using the Open Policy Agent (OPA) language Rego. For more information, see


  1. Write one or more rules using Rego and place them in a Rego file.

    Two kinds of rules are supported:
    • Default rules: These are used for authorization and controls that provide permissions to access resources.
    • Any other rules than default rules. You must satisfy the default rule to add other rules.
  2. Open the custom rules package:

    mkdir rules-deployment
    cd rules-deployment
    tar xvf custom-rules.tar

    We recommend that you keep the rules-deployment folder for adding additional rules in the future.

  3. Copy the newly created rules files to <installer root>/hiota-rules-engine/rules, so they can be deployed as a configuration map.

  4. Go to the chart folder and run the following command:

    helm upgrade hiota-rules-engine custom-rules -n hiota

    Helm ensures that the new rules are applied through the relevant configuration files.

  5. Restart the hiota-rules-engine pod by deleting the pod and letting Kubernetes reschedule a new one:

    kubectl delete pod hiota-rules-engine-<uuid> -n hiota


Your custom rules are automatically applied to relevant services in IIoT Core.
Default rule: resources.rego 
For authorizing access to the rules.
package resources

# The value (here "update.rego") is an array of file names that the key can access.
# The user email address is the key and is extracted from a JSON Web Token.
authorizedRules = {
  "<email-address>": [ "update.rego" ]

resource = ruleIds {
  ruleIds := authorizedRules[input]
Non-default rule: update.rego
package example

update[id] = actions {
  train := input[_]
  id :=
  train.stationary == true
  body := { "id": id }
  actions := [ { "url": "https://localhost:30000/update", "body": body } ]