Enable javascript in your browser for better experience. Need to know to enable it?

黑料门

Open Policy Agent (OPA)

Last updated : Apr 03, 2024
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Apr 2024
Trial ?

is a uniform framework and for declaring, enforcing and controlling policies. For our teams, it has become a favored way of defining policies for distributed systems, particularly where we need to implement . OPA allows teams to implement various platform engineering patterns, such as controlling what is deployed to Kubernetes clusters, enforcing access control across services in a service mesh and implementing fine-grained security policy as code for accessing application resources. While there is some complexity associated with OPA implementations, it has proven to be a highly valuable tool for ensuring . We’re also continuing to keep an eye on the extension and maturity of OPA beyond operational systems to (big) data-centric solutions.

May 2020
Trial ?

has rapidly become a favorable component of many distributed cloud-native solutions that we build for our clients. OPA provides a uniform framework and for declaring, enforcing and controlling policies for various components of a cloud-native solution. It's a great example of a tool that implements security policy as code. We've had a smooth experience using OPA in multiple scenarios, including deploying resources to K8s clusters, enforcing access control across services in a service mesh and fine-grained security controls as code for accessing application resources. A recent commercial offering, , eases the adoption of OPA for enterprises by adding a management tool, or control plane, to OPA for K8s with a prebuilt policy library, impact analysis of the policies and logging capabilities. We look forward to maturity and extension of OPA beyond operational services to (big) data-centric solutions.

Nov 2019
Assess ?

Defining and enforcing security policies uniformly across a diverse technology landscape is a challenge. Even for simple applications, you have to control access to their components — such as container orchestrators, services and data stores to keep the services' state — using their components' built-in security policy configuration and enforcement mechanisms.

We're excited about , an open-source technology that attempts to solve this problem. OPA lets you define fine-grained access control and flexible policies as code, using the policy definition language. Rego enforces the policies in a distributed and unobtrusive manner outside of the application code. At the time of this writing, OPA implements uniform and flexible policy definition and enforcement to secure access to Kubernetes APIs, microservices APIs through sidecar and Kafka. It can also be used as a sidecar to any service to verify access policies or filter response data. , the company behind OPA, provides commercial solutions for centralized visibility to distributed policies. We like to see OPA mature through the and continue to build support for more challenging policy enforcement scenarios such as diverse data stores.

Published : Nov 20, 2019

Download the PDF

?

?

English?|?Espa?ol?|?笔辞谤迟耻驳耻ê蝉?|?中文

Sign up for the Technology Radar newsletter

?

Subscribe now

Visit our archive to read previous volumes