Home Page: Open Policy Agent Policy-based control for cloud native environments. Flexible, fine-grained control for administrators across the stack
use OPA to decouple policy from the service’s code so you can release, analyze, and review policies (which security and compliance teams love) without sacrificing availability or performance. Stop using a different policy language, policy model, and policy API for every product and service you use. Use OPA for a unified toolset and framework for policy across the cloud native stack.
Declarative policy (sample code):
Policy:
package application.authz
import future.keywords
# Only owner can update the pet's information
# Ownership information is provided as part of OPA's input
default allow := false
allow if {
input.method == "PUT"
some petid
input.path = ["pets", petid]
input.user == input.owner
}
Input:
{
"method": "PUT",
"owner": "[email protected]",
"path": [
"pets",
"pet113-987"
],
"user": "[email protected]"
}Output:
{
"allow": false
}Rego is the playground to write and evalute policies against input.
See also: