Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/open-policy-agent/example-api-authz-go

Example Go service that uses OPA for API authorization.
https://github.com/open-policy-agent/example-api-authz-go

Last synced: about 1 month ago
JSON representation

Example Go service that uses OPA for API authorization.

Awesome Lists containing this project

README

        

# OPA-Go API Authorization Example

This repository shows how to integrate a service written in Go with the OPA SDK to perform API authorization.

## Building

Build the example by running `go build ./cmd/example-api-authz-go/...`

## Requirements

This example requires an external HTTP server that serves [OPA
Bundles](https://www.openpolicyagent.org/docs/latest/bundles/). If you
don't provide an OPA configuration that enables bundle downloading,
the server will fail-closed.

## Running the example

Run the example with an [OPA Configuration File](https://www.openpolicyagent.org/docs/configuration.html):

```bash
./example-api-authz-go -config config.yaml
```

The example implementation is hardcoded to assume a policy decision will be generated at path
`system.main`. You **must** define a policy decision at that
path. If your policies use another package, you can include an
entrypoint policy.

**Entrypoint**:

```rego
package system

main = data.example # api queries data.system.main.allow
```

**Your policy**:

```rego
package example

import future.keywords.if

default allow := false

allow if {
input.method == "GET"
input.user == "bob"
}
```