OPA for policy enforcement

Transcript

1. OPA for policy OPA for policy enforcement enforcement Sibi Prabakaran

   April 29, 2020

2. Agenda Agenda Overview of OPA Rego Usecases/Integra ons Example integra

   on of OPA + Python web service

3. OPA OPA Project started in a company named Styra at

   2016 Currently an incubator project at Linux founda on (CNCF) Goal: Unify policy enforcement

4. Overview Overview

5. Rego Rego Language for wri ng policy Expresssions, Variables, Rules

   Itera on Tooling

6. Expressions Expressions > input.servers[0].protocols[0] "https" > input.servers[0].protocols[0] undefined decision input.servers[0].id

   == "app" input.servers[0].protocols[0] == "https"

7. Rego Variables Rego Variables hello := "world"

8. Iteration Iteration networks = [{ "id": "net1", "public": false}, {

   "id": "net2", "public": false}] > networks[x] +---+------------------------------+ | x | networks[x] | +---+------------------------------+ | 0 | {"id":"net1","public":false} | | 1 | {"id":"net2","public":false} | +---+------------------------------+

9. Rules Rules any_public_networks = true { # is true if...

   net := networks[_] # some network exists and.. net.public # it is public. }

10. API Integration API Integration Python code Rego code

11. Experience Experience Policies Error messages aren’t nice Community Tooling

12. OPA OPA Integrations Integrations

13. Comparision Comparision with Sentinel with Sentinel Open Source Applicable more

    generally Language differences

14. Other Stu Other Stu WASM Support Editor integra ons h

    ps:/ /play.openpolicyagent.org/

15. Haskell Haskell - Fugue Rego Toolkit h ps:/ /github.com/fugue/fregot

16. Questions Questions