Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OPA for policy enforcement
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Sibi
April 29, 2020
Technology
74
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
OPA for policy enforcement
Sibi
April 29, 2020
More Decks by Sibi
See All by Sibi
Just
psibi
0
100
Nix/NixOS
psibi
0
120
Rust
psibi
2
330
Rust + Credstash
psibi
0
89
ASG and lifecycle hooks
psibi
0
65
Haskell + Azure Pipelines
psibi
0
97
Web programming in Haskell using Yesod
psibi
0
170
Monad
psibi
1
190
Science behind Quantum Computing
psibi
0
310
Other Decks in Technology
See All in Technology
Control Planeで育てるBtoB SaaSの認証基盤 - SRE NEXT 2026
pokohide
1
1.7k
アカウントが増えてからでは遅い? ~ マルチアカウント統制の勘所 ~
kenichinakamura
0
190
はじめてのWDM
miyukichi_ospf
1
130
事業価値を⽣み出すSREへ SREが担うべき意思決定の5層
kenta_hi
2
2.4k
次世代ランサムウェア対策の考察 / 20260704 Mitsutoshi Matsuo
shift_evolve
PRO
5
1.7k
グローバルチームと挑むプロダクト開発
sansantech
PRO
1
160
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
360
ポストモーテム! DDoSからサイトは守れた。 でもビジネスは守れなかった。
bengo4com
0
2k
インフラ寄りSREでも 開発に踏み出せる〜境界を越えてユーザー体験に向き合いたい〜
sansantech
PRO
1
2.8k
プロダクトだけじゃない、社内プロセスにおける自動化・省力化ノススメ
kakehashi
PRO
1
2.9k
ヘルスケア領域における AI 活用と その安全性担保のための取り組み (Leveraging AI in Healthcare and Our Efforts to Ensure Its Safety) - Google I/O Extended Tokyo 2026, July 11, 2026
zettaittenani
0
200
AWS Summit の片隅で、体育座りしながらコミュニティがにぎわう理由を考えた
k_adachi_01
2
360
Featured
See All Featured
Unsuck your backbone
ammeep
672
58k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
410
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
sarafernandez
0
220
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
Six Lessons from altMBA
skipperchong
29
4.3k
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
320
Agile that works and the tools we love
rasmusluckow
331
22k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.5k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
260
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
Un-Boring Meetings
codingconduct
0
330
Transcript
OPA for policy OPA for policy enforcement enforcement Sibi Prabakaran
April 29, 2020
Agenda Agenda Overview of OPA Rego Usecases/Integra ons Example integra
on of OPA + Python web service
OPA OPA Project started in a company named Styra at
2016 Currently an incubator project at Linux founda on (CNCF) Goal: Unify policy enforcement
Overview Overview
Rego Rego Language for wri ng policy Expresssions, Variables, Rules
Itera on Tooling
Expressions Expressions > input.servers[0].protocols[0] "https" > input.servers[0].protocols[0] undefined decision input.servers[0].id
== "app" input.servers[0].protocols[0] == "https"
Rego Variables Rego Variables hello := "world"
Iteration Iteration networks = [{ "id": "net1", "public": false}, {
"id": "net2", "public": false}] > networks[x] +---+------------------------------+ | x | networks[x] | +---+------------------------------+ | 0 | {"id":"net1","public":false} | | 1 | {"id":"net2","public":false} | +---+------------------------------+
Rules Rules any_public_networks = true { # is true if...
net := networks[_] # some network exists and.. net.public # it is public. }
API Integration API Integration Python code Rego code
Experience Experience Policies Error messages aren’t nice Community Tooling
OPA OPA Integrations Integrations
Comparision Comparision with Sentinel with Sentinel Open Source Applicable more
generally Language differences
Other Stu Other Stu WASM Support Editor integra ons h
ps:/ /play.openpolicyagent.org/
Haskell Haskell - Fugue Rego Toolkit h ps:/ /github.com/fugue/fregot
Questions Questions