Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/open-policy-agent/example-api-authz-go

Example Go service that uses OPA for API authorization.
https://github.com/open-policy-agent/example-api-authz-go

Last synced: 3 months ago
JSON representation

Example Go service that uses OPA for API authorization.

Awesome Lists containing this project

README 

        
# OPA-Go API Authorization Example



This repository shows how to integrate a service written in Go with the OPA SDK to perform API authorization.



## Building



Build the example by running `go build ./cmd/example-api-authz-go/...`



## Requirements



This example requires an external HTTP server that serves [OPA

Bundles](https://www.openpolicyagent.org/docs/latest/bundles/). If you

don't provide an OPA configuration that enables bundle downloading,

the server will fail-closed.



## Running the example



Run the example with an [OPA Configuration File](https://www.openpolicyagent.org/docs/configuration.html):



```bash

./example-api-authz-go -config config.yaml

```



The example implementation is hardcoded to assume a policy decision will be generated at path

`system.main`. You **must** define a policy decision at that

path. If your policies use another package, you can include an

entrypoint policy.



**Entrypoint**:



```rego

package system



main = data.example # api queries data.system.main.allow

```



**Your policy**:



```rego

package example



import future.keywords.if



default allow := false



allow if {

    input.method == "GET"

    input.user == "bob"

}

```