👩‍🏫
Big ACL Docs
big-acl.comStatusSupport
  • Welcome
  • What is Big ACL ?
  • Getting started
    • Signing up
    • Authoring your first rule
    • Writing Effective Rules
  • Key Concepts
    • Lifecycle of an Authorization Rule
    • Managing Exceptions
  • Authorization Landscape
    • RBAC
    • ABAC
    • ReBAC
    • CEDAR
    • XACML
    • Zanzibar
    • OAuth 2.0 Rich Authorization Requests
  • API
    • Authentication
    • Authorization
  • Connectors
    • Spring Security
    • Open Policy Agent
    • Amazon Verified Permissions
Powered by GitBook
On this page
  • Overview
  • How OPA Bundles Work

Was this helpful?

  1. Connectors

Open Policy Agent

Integrating Open Policy Agent with Big ACL

PreviousSpring SecurityNextAmazon Verified Permissions

Last updated 2 months ago

Was this helpful?

Overview

Open Policy Agent (OPA) is a popular open-source solution for policy-based control. By leveraging OPA Bundles, you can distribute your Big ACL policies seamlessly to OPA agents running in your infrastructure.

This guide explains:

  • How Bundles work in OPA.

  • How to configure OPA to fetch policies from Big ACL as Bundles.

  • The REST API that Big ACL exposes for managing policies and retrieving them in a Bundle-compatible format.

How OPA Bundles Work

OPA Bundles allow you to package policy files and data into a single file or directory structure. OPA can be configured to periodically download these Bundles from a remote server, unpackage them, and apply the policies locally.

Typically, you provide OPA with a configuration file that tells it:

  1. Where to download the Bundle from (a URL endpoint).

  2. How often to refresh the Bundle.

  3. Optional settings such as authentication tokens or custom headers.

Once a Bundle is downloaded, OPA unpacks it into its local store and uses the Rego files within it to evaluate queries at runtime. Whenever the Bundle changes on the remote server, OPA pulls the latest version and updates its local state accordingly.

LogoExternal DataOpen Policy Agent