Open Policy Agent is a CNCF incubating project that allow you to define Policy as code. It’s widely used in various projects like Istio, Kubernetes and more.
It allows you to express authorization policies - like our Action Policy - in a much more flexible way.
Building on the work that was done for aaasvc, I’ve added a rego engine to the choria server, which will allow us to do most of what actionpolicy allows, as well as:
- Assertions based on the arguments sent to actions
- Assertions based on other request fields like TTL and Collective
- Assertions based on if the server is set to provisioning mode or not
Read below the fold for our initial foray into OPA policies and what might come next.[Read More]