opa

The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.

Community & Support

Website

GitHub

Documentation

What is OPA

Since we've started shipping binaries for that platform (#4254), it would be good to also run tests on it.

Note: the same would be true for windows; but we've skipped running tests there because of too many hardcoded assumptions about file paths in our tests. For linux/arm64, however, that should not be a problem.

The work done on the github workflow in #4254 could serve as an example: we'd

The metrics reporting functions are found in a variety of locations as of the creation of this bug:

❯ find ./pkg -name "stats_reporter.go"
./pkg/controller/mutators/stats_reporter.go
./pkg/controller/constrainttemplate/stats_reporter.go
./pkg/controller/sync/stats_reporter.go
./pkg/controller/constraint/stats_reporter.go
./pkg/audit/stats_reporter.go
./pkg/mutation/stats_reporte

Describe the bug
No easy way of setting .env
OPAL uses decouple to parse configuration from .env and .ini files (As part of Confi)
BY default it looks for them in the folder of the importing module - we should add support for a configurable folder or at least the current-directory

The config endpoint was added after the Open API specs (see open_api directory), and should be added accordingly: https://www.openpolicyagent.org/docs/latest/rest-api/#config-api

We are currently using ConstraintTemplatesv1beta1, v1 has been available for some time now, we should switch to it.

https://open-policy-agent.github.io/gatekeeper/website/docs/constrainttemplates/

What would you like to be added:

Need to add verbiage to specify the requirement for signed commits for all contributions to the Contributing Docs

Why is this needed:

More clarity for prerequisites for new contributors.

It would be great if users looking at this library found starting points for different settings.

These come to mind, but I'm sure there are more:

deno
popular frontend projects, perhaps pick one and demo the scaffolding incl webpack

Is your feature request related to a problem? Please describe.
Ranger is a popular solution for big data permission verification, but it does not support AWS-S3 permission verification at present.

Describe the solution you'd like
At present, I have an idea that the Proxy intercepts the S3 request, sends the request to ranger-S3-Plugin for authorization verification, and then sends t

opa

Community & Support

Here are 174 public repositories matching this topic...

open-policy-agent / opa

open-policy-agent / gatekeeper

permitio / opal

open-policy-agent / gatekeeper-library

anderseknert / awesome-opa

plexsystems / konstraint

jetstack / jetstack-secure

open-policy-agent / contrib

open-policy-agent / opa-envoy-plugin

sighupio / gatekeeper-policy-manager

open-policy-agent / kube-mgmt

alcideio / skan

tmobile / magtape

redhat-cop / rego-policies

policy-hub / policy-hub-cli

moabukar / CKS-Exercises-Certified-Kubernetes-Security-Specialist

devspace-cloud / devspace-cloud

open-policy-agent / npm-opa-wasm

oxyno-zeta / s3-proxy

k8s-sec / cloud-native-security-tutorial

brendanjryan / ccheck

open-policy-agent / opa-docker-authz

developer-guy / container-image-sign-and-verify-with-cosign-and-opa

alokmenghrajani / riskybird

madhuakula / docker-security-checker

zotoio / sls-lambda-opa

NewbMiao / opa-koans

build-security / opa-express-middleware

developer-guy / policy-as-code-war

anderseknert / opa-kafka-plugin

Related Topics