{"id":24509461,"url":"https://github.com/barbiecue/opa-http-api-example-kotlin","last_synced_at":"2025-07-22T05:31:36.403Z","repository":{"id":154944364,"uuid":"562543333","full_name":"BarbieCue/opa-http-api-example-kotlin","owner":"BarbieCue","description":"A simple example showing how to restrict a custom HTTP API using the Open Policy Agent.","archived":false,"fork":false,"pushed_at":"2023-08-01T04:21:40.000Z","size":787,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-15T09:28:09.473Z","etag":null,"topics":["http-api","kotlin","open-policy-agent"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BarbieCue.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-06T17:17:48.000Z","updated_at":"2023-02-19T13:26:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"90f73bff-1614-4fff-b633-698941eab81c","html_url":"https://github.com/BarbieCue/opa-http-api-example-kotlin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/BarbieCue/opa-http-api-example-kotlin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BarbieCue%2Fopa-http-api-example-kotlin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BarbieCue%2Fopa-http-api-example-kotlin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BarbieCue%2Fopa-http-api-example-kotlin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BarbieCue%2Fopa-http-api-example-kotlin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BarbieCue","download_url":"https://codeload.github.com/BarbieCue/opa-http-api-example-kotlin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BarbieCue%2Fopa-http-api-example-kotlin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266433122,"owners_count":23927704,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http-api","kotlin","open-policy-agent"],"created_at":"2025-01-22T00:21:10.864Z","updated_at":"2025-07-22T05:31:36.379Z","avatar_url":"https://github.com/BarbieCue.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv style=\"text-align: center;\"\u003e\n\n# Open Policy Agent HTTP API example\n\n\u003ca href=\"https://www.openpolicyagent.org/\"\u003e\u003cimg src=\"docs/opa-logo.png\" alt=\"Open Policy Agent\" width=\"50\" /\u003e\u003c/a\u003e\n\u003ca href=\"https://kotlinlang.org/\"\u003e\u003cimg src=\"docs/kotlin-logo.png\" alt=\"Kotlin\" width=\"50\" /\u003e\u003c/a\u003e\n\nA minimalistic example of restricting an HTTP API with OPA\n\n\u003c/div\u003e\n\n\n## Get started\n\n### 1. Start the API server (kotlin application)\n```shell\n./gradlew run\n```\n\n### 2. Start the OPA server (+ bundle server)\n ```shell\n docker compose -f opa/docker-compose.yml up\n ```\n\n### 3. Be the client - sample requests to the API server\n\n_Allowed_\n```shell\ncurl --user alice:password localhost:5000/finance/salary/alice\n```\n\n_Forbidden_\n```shell\ncurl --user alice:password localhost:5000/finance/salary/charlie\n```\n\n# What happens here?\n\n![](docs/opa_flow.png)\n\nOn each HTTP request from a client to the API server, \nthe API server asks the OPA server whether the requesting client\nis authorized to perform this action or not.\nDepending on the answer of OPA, \nthe client request will be processed or rejected.  \n\n\n## Policy / Bundle\n\nWhy does the OPA server knows about the permissions of a client?\nFrom the policy!\n\n- The policy is defined in the `example-policy.rego` file\n- From this file a bundle was built using the OPA executable\n- This bundle is persisted in and shipped from the bundle server to the OPA server\n\n![](docs/opa_build.png)\n\n\n## How to edit and apply the policy?\n\n1. Make changes to the policy file\n2. [Download and install](https://www.openpolicyagent.org/docs/v0.11.0/get-started/) the Open Policy Agent. *Tip: drop the opa executable to ~/.local/bin, so it is on the PATH.*\n3. Build the policy and move the resulting bundle to the correct folder so that it can be collected by the bundle server\n    ```shell\n    cd opa\n    opa build example-policy.rego\n    mv bundle.tar.gz bundles\n    ```\n\n\n# References\n\n- Inspired by https://www.openpolicyagent.org/docs/latest/http-api-authorization/\n- Corresponding python implementaion https://github.com/open-policy-agent/contrib/tree/main/api_authz\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbarbiecue%2Fopa-http-api-example-kotlin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbarbiecue%2Fopa-http-api-example-kotlin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbarbiecue%2Fopa-http-api-example-kotlin/lists"}