{"id":16489807,"url":"https://github.com/ashutoshsce/opa-rbac","last_synced_at":"2026-03-05T06:32:08.409Z","repository":{"id":115130079,"uuid":"284670054","full_name":"ashutoshSce/opa-rbac","owner":"ashutoshSce","description":"Rest API of Role-based Access Control using Open Policy Agent","archived":false,"fork":false,"pushed_at":"2020-08-03T12:07:25.000Z","size":5,"stargazers_count":7,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-01T04:26:57.372Z","etag":null,"topics":["blog","blog-api","grants","opa","open-policy-agent","permissions","rbac","rbac-configuration","rbac-management","rbac-roles","rego"],"latest_commit_sha":null,"homepage":"","language":"Open Policy Agent","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ashutoshSce.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-03T10:24:45.000Z","updated_at":"2022-10-05T03:19:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"1dc2a317-4be6-4028-b32e-289f4895dc21","html_url":"https://github.com/ashutoshSce/opa-rbac","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ashutoshSce/opa-rbac","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashutoshSce%2Fopa-rbac","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashutoshSce%2Fopa-rbac/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashutoshSce%2Fopa-rbac/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashutoshSce%2Fopa-rbac/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ashutoshSce","download_url":"https://codeload.github.com/ashutoshSce/opa-rbac/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashutoshSce%2Fopa-rbac/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30112241,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T03:40:26.266Z","status":"ssl_error","status_checked_at":"2026-03-05T03:39:15.902Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blog","blog-api","grants","opa","open-policy-agent","permissions","rbac","rbac-configuration","rbac-management","rbac-roles","rego"],"created_at":"2024-10-11T13:45:28.965Z","updated_at":"2026-03-05T06:32:08.402Z","avatar_url":"https://github.com/ashutoshSce.png","language":"Open Policy Agent","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Open Policy Agent: opa-rbac\n\nThis is an example defines an Role-based Access Control (RBAC) model for a Blog API using [Open Policy Agent](https://www.openpolicyagent.org/) and Rego as a Language. This is to demonstrate all possible features of Rego and its test cases while writing RBAC APIs for Blog Application.\n\n# [Running OPA](https://www.openpolicyagent.org/docs/latest/#running-opa)\n\nFollow the instruction on OPA official website by clicking [here](https://www.openpolicyagent.org/docs/latest/#running-opa)\n\n# `opa run` (server)\n\n```shell\n$ ./opa run --server\n```\n\nIt will run OPA server on port 8181\n\n- `export my postman apis`: https://www.getpostman.com/collections/d299fd2bfd0b35387004\n- If not than you can run all apis using `curl` command as follows\n\n# Follow steps to run all OPA REST API using curl command\n\n- `Create/Update Policy`: Update your policy rego rules using opa rest api. upload my [rbac.rego](https://github.com/ashutoshSce/opa-rbac/blob/master/rbac.rego) file here\n\n```shell\n$ curl --location --request PUT 'http://localhost:8181/v1/policies/rbac' \\\n--header 'Content-Type: text/plain' \\\n--data-binary '@rbac.rego'\n```\n\n- `Create/Update Data`: Update your policy data using opa rest api. upload my [data.json](https://github.com/ashutoshSce/opa-rbac/blob/master/data.json) file here\n\n```shell\n$ curl --location --request PUT 'http://localhost:8181/v1/data/cnapp/rbac' \\\n--header 'Content-Type: application/json' \\\n--data-binary '@data.json'\n```\n\n- `Get Data`: Get all your data in given package name (here we are using `cnapp/rbac` as package name in [rbac.rego](https://github.com/ashutoshSce/opa-rbac/blob/master/rbac.rego) policy file).\n\n```shell\n$ curl --location --request GET 'http://localhost:8181/v1/data/cnapp/rbac'\n```\n\n- `Execute Boolean Policy: allow`: check whether given input user has given input grants\n  based on my policy [data.json](https://github.com/ashutoshSce/opa-rbac/blob/master/data.json), It should return true as result. Add input as different user, roles and permission based on [data.json](https://github.com/ashutoshSce/opa-rbac/blob/master/data.json) and check your expected result.\n\n```shell\n$ curl --location --request POST 'http://localhost:8181/v1/data/cnapp/rbac/allow' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{\n    \"input\": {\n        \"user\": \"raghu\"\n    }\n}'\n```\n\nResponse\n\n```json\n{\n  \"result\": true\n}\n```\n\n```shell\n$ curl --location --request POST 'http://localhost:8181/v1/data/cnapp/rbac/allow' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{\n    \"input\": {\n        \"user\": \"ashutosh\",\n        \"action\": \"comment\",\n        \"type\": \"post\"\n    }\n}'\n```\n\nResponse\n\n```json\n{\n  \"result\": true\n}\n```\n\n- `Add data dynamically`: Add data based on requirement on demand. It uses [JSON PATCH](http://jsonpatch.com/).\n  Example: Adding here blacklist same grant in above example for user `ashutosh`.\n\n```shell\n$ curl --location --request PATCH 'http://localhost:8181/v1/data/cnapp/rbac' \\\n--header 'Content-Type: application/json' \\\n--data-raw '[\n    {\n        \"op\": \"add\",\n        \"path\": \"/blacklist\",\n        \"value\": {\n            \"ashutosh\": [\n                {\n                    \"action\": \"comment\",\n                    \"type\": \"post\"\n                }\n            ]\n        }\n    }\n]'\n```\n\n- `Execute Boolean Policy: not allow if blacklisted grants`: check whether given input user has given input grants\n  based on my policy [data.json](https://github.com/ashutoshSce/opa-rbac/blob/master/data.json), It should return false as we have blacklisted this grants in above example for user `ashutosh`.\n\n```shell\n$ curl --location --request POST 'http://localhost:8181/v1/data/cnapp/rbac/allow' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{\n    \"input\": {\n        \"user\": \"ashutosh\",\n        \"action\": \"comment\",\n        \"type\": \"post\"\n    }\n}'\n```\n\nResponse\n\n```json\n{\n  \"result\": false\n}\n```\n\n- `Execute Array List of Policy`: you can also get results as array, or objects, of mix datatype in rego. Here we wants list of users who has `admin` role.\n\n```shell\n$ curl --location --request POST 'http://localhost:8181/v1/data/cnapp/rbac/who_are' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{\n    \"input\": {\n        \"role\": \"admin\"\n    }\n}'\n```\n\nResponse\n\n```json\n{\n  \"result\": [\"raghu\"]\n}\n```\n\n- Similarly we have other policy examples like `who_all_are`, `roles_can`, `users_can`. Run as rest api using different input and data.\n\n# Run all policy test cases using OPA test command\n\n```shell\n$ ./opa test -v rbac.rego rbac_test.rego\n```\n\n# License\n\nThis project is licensed under [MIT](https://github.com/ashutoshSce/opa-rbac/blob/master/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashutoshsce%2Fopa-rbac","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fashutoshsce%2Fopa-rbac","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashutoshsce%2Fopa-rbac/lists"}