Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/open-policy-agent/example-api-authz-go
Example Go service that uses OPA for API authorization.
https://github.com/open-policy-agent/example-api-authz-go
Last synced: about 1 month ago
JSON representation
Example Go service that uses OPA for API authorization.
- Host: GitHub
- URL: https://github.com/open-policy-agent/example-api-authz-go
- Owner: open-policy-agent
- License: apache-2.0
- Created: 2018-08-15T17:16:48.000Z (over 6 years ago)
- Default Branch: main
- Last Pushed: 2024-03-06T10:48:57.000Z (9 months ago)
- Last Synced: 2024-08-04T21:07:11.607Z (4 months ago)
- Language: Go
- Homepage:
- Size: 8.54 MB
- Stars: 92
- Watchers: 16
- Forks: 24
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-opa - Go Example API Authorization - Example API authorization using OPA (Language and Platform Integrations / Go)
README
# OPA-Go API Authorization Example
This repository shows how to integrate a service written in Go with the OPA SDK to perform API authorization.
## Building
Build the example by running `go build ./cmd/example-api-authz-go/...`
## Requirements
This example requires an external HTTP server that serves [OPA
Bundles](https://www.openpolicyagent.org/docs/latest/bundles/). If you
don't provide an OPA configuration that enables bundle downloading,
the server will fail-closed.## Running the example
Run the example with an [OPA Configuration File](https://www.openpolicyagent.org/docs/configuration.html):
```bash
./example-api-authz-go -config config.yaml
```The example implementation is hardcoded to assume a policy decision will be generated at path
`system.main`. You **must** define a policy decision at that
path. If your policies use another package, you can include an
entrypoint policy.**Entrypoint**:
```rego
package systemmain = data.example # api queries data.system.main.allow
```**Your policy**:
```rego
package exampleimport future.keywords.if
default allow := false
allow if {
input.method == "GET"
input.user == "bob"
}
```