Create a custom rule

Last updated
Save as PDF

You can use the rules engine in IIoT Core Services to deploy custom-defined rules.

Deployment is done using the Open Policy Agent (OPA) language Rego. For more information, see https://www.openpolicyagent.org/docs/latest/policy-language/.

Procedure

Write one or more rules using Rego and place them in a Rego file.
Two kinds of rules are supported:
- Default rules: These are used for authorization and controls that provide permissions to access resources.
- Any other rules than default rules. You must satisfy the default rule to add other rules.
Open the custom rules package:
```
mkdir rules-deployment
cd rules-deployment
tar xvf custom-rules.tar
```
We recommend that you keep the rules-deployment folder for adding additional rules in the future.
Copy the newly created rules files to <installer root>/hiota-rules-engine/rules, so they can be deployed as a configuration map.
Go to the chart folder and run the following command:
```
helm upgrade hiota-rules-engine custom-rules -n hiota
```
Helm ensures that the new rules are applied through the relevant configuration files.
Restart the hiota-rules-engine pod by deleting the pod and letting Kubernetes reschedule a new one:
```
kubectl delete pod hiota-rules-engine-<uuid> -n hiota
```

Results

Your custom rules are automatically applied to relevant services in IIoT Core.

Default rule: resources.rego

For authorizing access to the rules.

package resources

# The value (here "update.rego") is an array of file names that the key can access.
# The user email address is the key and is extracted from a JSON Web Token.
authorizedRules = {
  "<email-address>": [ "update.rego" ]
}

resource = ruleIds {
  ruleIds := authorizedRules[input]
}

Non-default rule: update.rego

package example

update[id] = actions {
  train := input[_]
  id := train.id
  train.stationary == true
  body := { "id": id }
  actions := [ { "url": "https://localhost:30000/update", "body": body } ]
}