https://github.com/permitio/opal-example-policy-repo

An example repository for OPAL policy tracking
https://github.com/permitio/opal-example-policy-repo

example

Last synced: about 1 year ago
JSON representation

An example repository for OPAL policy tracking

• Host: GitHub
• URL: https://github.com/permitio/opal-example-policy-repo
• Owner: permitio
• License: apache-2.0
• Created: 2021-04-06T23:43:56.000Z (about 5 years ago)
• Default Branch: master
• Last Pushed: 2025-01-28T21:52:53.000Z (over 1 year ago)
• Last Synced: 2025-05-11T07:13:16.314Z (about 1 year ago)
• Topics: example
• Language: Open Policy Agent
• Homepage: https://opal.ac
• Size: 46.9 KB
• Stars: 29
• Watchers: 5
• Forks: 172
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


 





OPAL Example Policy Repo



[Check out OPAL main repo here.](https://github.com/permitio/opal)

### What's in this repo?

This repo contain an example git repo containing a basic [OPA](https://www.openpolicyagent.org/docs/latest/) policy written in [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/#what-is-rego).

This repo is used in [OPAL](https://github.com/permitio/opal)'s Getting Started [tutorial](https://opal.ac/getting-started/quickstart/docker-compose-config/overview) to **demonstrate** how OPAL keeps your OPA agents in sync with policy and data changes. When commits are affecting this repo, the OPAL server will immediately push updates (over websockets pub/sub interface) to the connected OPAL clients, and they in turn will push the updated policy and data to OPA.

If you follow [the tutorial](https://opal.ac/getting-started/quickstart/docker-compose-config/overview), you will see how this repo is used by OPAL in a real example running in docker-compose. The entire tutorial is also available as [video](https://asciinema.org/a/5IMzZRPltUiFdsNnZ81t14ERk?t=1).

#### The policy in this repo

This repo has a very simple [RBAC policy](https://en.wikipedia.org/wiki/Role-based_access_control):

- each user is granted certain roles

- a user can perform an action on a resource, only if:

  - one of his roles has permission to do so

  - the user "location" is in the US (a special **twist** that is **non-standard** to RBAC, but is useful for the tutorial)

- a user with admin role can do anything

### About OPA (Open Policy Agent)

#### Why use OPA?

OPA enables decoupling policy from code in your applications, and enables you to evolve your application and your authorization policies (i.e: "permissions logic") separately.

#### Who uses OPA?

Companies like [Netflix](https://www.youtube.com/watch?v=R6tUNpRpdnY) and [Pinterest](https://www.youtube.com/watch?v=LhgxFICWsA8) built their authorization layer using OPA

### About OPAL (Open Policy Administration Layer)

[OPAL](https://github.com/permitio/opal) is an administration layer for Open Policy Agent (OPA), detecting changes to both policy and policy data in realtime and pushing live updates to your agents.

OPAL brings open-policy up to the speed needed by live applications. As your application state changes (whether it's via your APIs, DBs, git, S3 or 3rd-party SaaS services), OPAL will make sure your services are always in sync with the authorization data and policy they need (and only those they need).

Check out OPAL's main site at [OPAL.ac](https://opal.ac).