Styra -OPA - Rego : Overview of OPA

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

All Credits to the creators of this course...I am just taking notes from this video tutorial for my knowledge so it helps me remember them later 

 https://academy.styra.com/courses/take/opa-rego/lessons/15312900-welcome-video

sreejith.cloudme@gmail.com
App

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Welcome : How to use this course ?

The Problem OPA solves .

When we started OPA the problem that we saw that we have all kinds of different pieces of software in this could native eco-system all of which implements Policy and Authorization in it own unique way.

You can think about kubernetes, when every time someone is trying to deploy a new resource on Kubernetes , there needs to be a policy or authorization problem that needs to be solved there.

 

Every time a microservice runs in an API call and another microservice to run there is a policy decision that needs to be made. Is this allowed or not. Every time a person or a software run a query on a database is the query authorized or not , every time someone deploys a cloud resource that is authorized or not. 

Any time some one connects to a linux server and runs a Docker container is that authorized or not ? Anytime some one tries to merge the code to Git Pipeline is this authorized or not. There is authorization and policy problems across all these cloud native eco-systems. And the problem here is that each and every piece of software here tries a different way of solving that. They provide a different API , a different GUI or different model for authorization and understanding this policy

When we build OPA the goal was to provide a unified way of solving the policy problem across all of these different kinds of cloud native softwares.

Today people are using OPA today in all these use cases in production today. One of the most popular use cases today is Kubernetes and mission control and ensuring that only the right configuration get deployed onto Kubernetes cluster whether it is POD or ingress or whatever

 Another most popular use case is microservices authorization

 OPA was designed to be a general purpose policy agent . Run OPA in the same server where software in that server needing that authorization decisions .

OPA is a Open source and every piece of code that is written is in the public Git Repository. We at styra created it in 2016 and donated it to the CNCF - Cloud Native Computing Foundation  as a sanbox project in 2018 and in a year later it moved into incubating stand


What is OPA ?

OPA is a general purpose policy engine and what that means is something that we go into detail here. The idea here is you have got a service here and that service can be any of that pieces if software here that you see on the screen . 







 

 

Comments

Post a Comment

Popular posts from this blog

Sty -OPA - Rego : What is OPA

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   OPA is a general purpose policy engine . All these software that we see on the right at some point of time understands that it needs a policy decision.  So what it is does it cobles on whatever policy decision that it needs about as a policy query and hands that query over to OPA . And OPA makes the decision and returns into the service , it is the services responsibility to enforce that decision . It is OPA responsibility to make that decision. For example if that service was a kubernetes API server . Kubernetes will decide that some user is trying to create a new resource on it , POD or ingress lets say on the kubernetes cluster . Kubernetes would take that 100 or 500 line of code of JSON or YAMLthat describes the new resource the user trying to deploy on to the cluster and it will hand that entire JSON or YAML code to OPA - OPA
Read more

Sty -OPA - Rego : Comparing and Constructing Values

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  How to do some Equality Checks Equality Expressions : Array is above one , below is sets . Sets are sometimes surprising to people.     These two sets has got all the same element . The order in which they appear is Irrelevant and the number of times each of this appears is irrelevant.   There is another kind of Equality operator. The x in the first bracket , it finds x is not  the same as the one on the right and it assume x as variable and assigns the value 2 on the right to x on the left. Rego Build in Functions : Build in functions do a loads of comparisons and functions .
Read more

Sty -OPA - Rego : Basic Rego Rules

Image
 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Boolean Rules & Evaluation OPA Policy Authorization : Through out we will be using API policy evaluation . This is very simple use case and a common use case.  Boolean Rules : Remember that every rule is an IF statement . When you are going to write an IF statement you are going to assign a value . Multiple Rules : In all of those rules we were thinking of them in Isolation . But with OPA you can goahead and write multiple rule and if you do that you will end up with writing a logical OR. Even though you can write multiple . What happens when non of the Rules Succeed. Then the value of that rule is undefined. But in some cases you do not want the default "undefined" result and - if non of the rules succeed. default is_read = false This is achieved by defining the result as - false This says that non of the value s
Read more