Open Policy Agent

Integrating Open Policy Agent with Big ACL

Overview

Open Policy Agent (OPA) is a popular open-source solution for policy-based control. By leveraging OPA Bundles, you can distribute your Big ACL policies seamlessly to OPA agents running in your infrastructure.

This guide explains:

How Bundles work in OPA.
How to configure OPA to fetch policies from Big ACL as Bundles.
The REST API that Big ACL exposes for managing policies and retrieving them in a Bundle-compatible format.

How OPA Bundles Work

OPA Bundles allow you to package policy files and data into a single file or directory structure. OPA can be configured to periodically download these Bundles from a remote server, unpackage them, and apply the policies locally.

Typically, you provide OPA with a configuration file that tells it:

Where to download the Bundle from (a URL endpoint).
How often to refresh the Bundle.
Optional settings such as authentication tokens or custom headers.

Once a Bundle is downloaded, OPA unpacks it into its local store and uses the Rego files within it to evaluate queries at runtime. Whenever the Bundle changes on the remote server, OPA pulls the latest version and updates its local state accordingly.

PreviousSpring Security NextAmazon Verified Permissions

Last updated 1 month ago

Was this helpful?