opa

The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.

Community & Support

Website

GitHub

Documentation

What is OPA

What part of OPA would you like to see improved?

I am aware that in OPA tests we can mock the input provided in each test.
I need to be able to write tests where

different environment variables are set in the policy execution (e.g. outp

What steps did you take and what happened:
Needed to add the pod annotations

podAnnotations:
  traffic.sidecar.istio.io/excludeOutboundIPRanges: 10.207.0.1/32
  traffic.sidecar.istio.io/includeOutboundIPRanges: '*'

to avoid istio interfering with kubernetes API calls made by gatekeeper services.
The annotations are not applied to the job pods.

**What did you expect to happen

Describe the bug
No easy way of setting .env
OPAL uses decouple to parse configuration from .env and .ini files (As part of Confi)
BY default it looks for them in the folder of the importing module - we should add support for a configurable folder or at least the current-directory

The config endpoint was added after the Open API specs (see open_api directory), and should be added accordingly: https://www.openpolicyagent.org/docs/latest/rest-api/#config-api

We are currently using ConstraintTemplatesv1beta1, v1 has been available for some time now, we should switch to it.

https://open-policy-agent.github.io/gatekeeper/website/docs/constrainttemplates/

What would you like to be added:

Need to add verbiage to specify the requirement for signed commits for all contributions to the Contributing Docs

Why is this needed:

More clarity for prerequisites for new contributors.

Is your feature request related to a problem? Please describe.
Ranger is a popular solution for big data permission verification, but it does not support AWS-S3 permission verification at present.

Describe the solution you'd like
At present, I have an idea that the Proxy intercepts the S3 request, sends the request to ranger-S3-Plugin for authorization verification, and then sends t

It would be great if users looking at this library found starting points for different settings.

These come to mind, but I'm sure there are more:

deno
popular frontend projects, perhaps pick one and demo the scaffolding incl webpack

opa

Community & Support

Here are 184 public repositories matching this topic...

open-policy-agent / opa

What part of OPA would you like to see improved?

open-policy-agent / gatekeeper

permitio / opal

open-policy-agent / gatekeeper-library

anderseknert / awesome-opa

plexsystems / konstraint

jetstack / jetstack-secure

open-policy-agent / contrib

open-policy-agent / opa-envoy-plugin

sighupio / gatekeeper-policy-manager

open-policy-agent / kube-mgmt

alcideio / skan

tmobile / magtape

moabukar / CKS-Exercises-Certified-Kubernetes-Security-Specialist

redhat-cop / rego-policies

policy-hub / policy-hub-cli

devspace-cloud / devspace-cloud

oxyno-zeta / s3-proxy

open-policy-agent / npm-opa-wasm

k8s-sec / cloud-native-security-tutorial

brendanjryan / ccheck

open-policy-agent / opa-docker-authz

developer-guy / container-image-sign-and-verify-with-cosign-and-opa

alokmenghrajani / riskybird

anderseknert / kube-review

zotoio / sls-lambda-opa

madhuakula / docker-security-checker

NewbMiao / opa-koans

build-security / opa-express-middleware

developer-guy / policy-as-code-war

Related Topics