OPA for policy enforcement

OPA for policy
OPA for policy
enforcement
enforcement
Sibi Prabakaran
April 29, 2020

View Slide

Agenda
Agenda
Overview of OPA
Rego
Usecases/Integra ons
Example integra on of OPA + Python web service

View Slide

OPA
OPA
Project started in a company named Styra at 2016
Currently an incubator project at Linux founda on
(CNCF)
Goal: Unify policy enforcement

View Slide

Overview
Overview

View Slide

Rego
Rego
Language for wri ng policy
Expresssions, Variables, Rules
Itera on
Tooling

View Slide

Expressions
Expressions
> input.servers[0].protocols[0]
"https"
> input.servers[0].protocols[0]
undefined decision
input.servers[0].id == "app"
input.servers[0].protocols[0] == "https"

View Slide

Rego Variables
Rego Variables
hello := "world"

View Slide

Iteration
Iteration
networks = [{ "id": "net1", "public": false}, { "id": "net2",
"public": false}]
> networks[x]
+---+------------------------------+
| x | networks[x] |
+---+------------------------------+
| 0 | {"id":"net1","public":false} |
| 1 | {"id":"net2","public":false} |
+---+------------------------------+

View Slide

Rules
Rules
any_public_networks = true { # is true if...
net := networks[_] # some network exists and..
net.public # it is public.
}

View Slide

API Integration
API Integration
Python code
Rego code

View Slide

Experience
Experience
Policies
Error messages aren’t nice
Community
Tooling

View Slide

OPA
OPA
Integrations
Integrations

View Slide

Comparision
Comparision
with Sentinel
with Sentinel
Open Source
Applicable more generally
Language diﬀerences

View Slide

Other Stu
Other Stu
WASM Support
Editor integra ons
h ps:/
/play.openpolicyagent.org/

View Slide

Haskell
Haskell
- Fugue Rego
Toolkit
h ps:/
/github.com/fugue/fregot

View Slide

Questions
Questions

View Slide

OPA for policy enforcement

OPA for policy enforcement

Sibi

More Decks by Sibi

Other Decks in Technology

Featured

Transcript