Load Styra Enterprise OPA data in Python using dltHub

Build a Styra Enterprise OPA-to-database or-dataframe pipeline in Python using dlt with automatic Cursor support.

In this guide, we'll set up a complete Styra Enterprise OPA data pipeline from API credentials to your first data load in just 10 minutes. You'll end up with a fully declarative Python pipeline based on dlt's REST API connector, like in the partial example code below:

Example code
@dlt.source
def styra_enterprise_opa_source(access_token=dlt.secrets.value):
    config: RESTAPIConfig = {
        "client": {
            "base_url": "https://myservice.corp.com/v1/",
            "auth": {
                "type": "bearer",
                "token": "${vault(kv/data/logs:data/token)}",
            },
        },
        "resources": [
            logs, data/authz
        ],
    }
    [...]
    yield from rest_api_resources(config)


def get_data() -> None:
    # Connect to destination
    pipeline = dlt.pipeline(
        pipeline_name='styra_enterprise_opa_pipeline',
        destination='duckdb',
        dataset_name='styra_enterprise_opa_data', 
    )
    # Load the data
    load_info = pipeline.run(styra_enterprise_opa_source())
    print(load_info)

Why use dltHub Workspace with LLM Context to generate Python pipelines?

  • Accelerate pipeline development with AI-native context
  • Debug pipelines, validate schemas and data with the integrated Pipeline Dashboard
  • Build Python notebooks for end users of your data
  • Low maintenance thanks to Schema evolution with type inference, resilience and self documenting REST API connectors. A shallow learning curve makes the pipeline easy to extend by any team member
  • dlt is the tool of choice for Pythonic Iceberg Lakehouses, bringing mature data loading to pythonic Iceberg with or without catalogs

What you’ll do

We’ll show you how to generate a readable and easily maintainable Python script that fetches data from styra_enterprise_opa’s API and loads it into Iceberg, DataFrames, files, or a database of your choice. Here are some of the endpoints you can load:

  • Logs: GET and POST operations for retrieving and submitting log entries
  • Users: GET and POST operations for managing user data and creation
  • Data/Authorization: POST operations for authorization checks and data path operations
  • Documents: POST operations for document approval workflows
  • Compliance Validation: POST operations for system compliance validation checks

You will then debug the Styra Enterprise OPA pipeline using our Pipeline Dashboard tool to ensure it is copying the data correctly, before building a Notebook to explore your data and build reports.

Setup & steps to follow

💡
Before getting started, let's make sure Cursor is set up correctly:

Now you're ready to get started!

  1. ⚙️ Set up dlt Workspace

    Install dlt with duckdb support:

    pip install dlt[workspace]

    Initialize a dlt pipeline with Styra Enterprise OPA support.

    dlt init dlthub:styra_enterprise_opa duckdb

    The init command will setup the necessary files and folders for the next step.

  2. 🤠 Start LLM-assisted coding

    Here’s a prompt to get you started:

    Prompt
    Please generate a REST API Source for Styra Enterprise OPA API, as specified in @styra_enterprise_opa-docs.yaml 
Start with endpoint(s) logs and data/authz and skip incremental loading for now. 
Place the code in styra_enterprise_opa_pipeline.py and name the pipeline styra_enterprise_opa_pipeline. 
If the file exists, use it as a starting point. 
Do not add or modify any other files. 
Use @dlt rest api as a tutorial. 
After adding the endpoints, allow the user to run the pipeline with python styra_enterprise_opa_pipeline.py and await further instructions.

  3. 🔒 Set up credentials

    Bearer token authentication is used via the Authorization header. The token value is retrieved from Vault using the ${vault(kv/data/logs:data/token)} syntax, which fetches credentials from a Vault key-value store at the path kv/data/logs with the field data/token. The Authorization header must be set to "bearer {token}" format. Overrides for http.send calls can dynamically inject or replace header values including bearer tokens through ekm.vault.httpsend configuration keys.

    To get the appropriate API keys, please visit the original source at docs.styra.com. If you want to protect your environment secrets in a production environment, look into setting up credentials with dlt.

  4. 🏃‍♀️ Run the pipeline in the Python terminal in Cursor

    python styra_enterprise_opa_pipeline.py

    If your pipeline runs correctly, you’ll see something like the following:

    Pipeline styra_enterprise_opa load step completed in 0.26 seconds
1 load package(s) were loaded to destination duckdb and into dataset styra_enterprise_opa_data
The duckdb destination used duckdb:/styra_enterprise_opa.duckdb location to store data
Load package 1749667187.541553 is LOADED and contains no failed jobs

  5. 📈 Debug your pipeline and data with the Pipeline Dashboard

    Now that you have a running pipeline, you need to make sure it’s correct, so you do not introduce silent failures like misconfigured pagination or incremental loading errors. By launching the dlt Workspace Pipeline Dashboard, you can see various information about the pipeline to enable you to test it. Here you can see:

    • Pipeline overview: State, load metrics
    • Data’s schema: tables, columns, types, hints
    • You can query the data itself
    dlt pipeline styra_enterprise_opa_pipeline show

  6. 🐍 Build a Notebook with data explorations and reports

    With the pipeline and data partially validated, you can continue with custom data explorations and reports. To get started, paste the snippet below into a new marimo Notebook and ask your LLM to go from there. Jupyter Notebooks and regular Python scripts are supported as well.

    import dlt

data = dlt.pipeline("styra_enterprise_opa_pipeline").dataset()
# get logs table as Pandas frame
data.logs.df().head()

Extra resources:

Next steps