Embedding authorization logic directly into application code leads to tight coupling, auditing difficulties, and operational overhead when policies change.
Policy as Code decouples authorization from business logic, and Open Policy Agent (OPA) is an open-source engine that implements this pattern.
A simple example demonstrates how an application delegates authorization decisions to OPA by sending a JSON input to be evaluated against a policy written in Rego.
A command-line demo shows how to run OPA tests, start the server, and use curl to query the policy engine with different inputs to get allow or deny decisions.
A Go web service uses a middleware to intercept requests, construct an input object, and query OPA to enforce complex, attribute-based access control rules.
By updating a policy file and reloading it into the running OPA server via an API call, authorization rules can be changed instantly without restarting the application.
OPA can enforce policies in various environments, including Kubernetes admission control, Kafka, and even Linux system access via PAM modules.
Bitpanda
Vienna, Austria
1:00:00Alex Olivier
26:23Philipp Krenn
33:20Aarno Aukia
29:34Reto Kaeser
44:00Dimitrij Klesev & Andreas Zeissner
45:19Reinhard Kugler
![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms)
45:57Chris Nesbitt-Smith
06:04Halil Özkan
Jobs that call for the skills explored in this talk.
Wolters Kluwer
Alphen aan den Rijn, Netherlands
Rocken AG
Aarau, Switzerland
osapiens
Mannheim, Germany
Avanade
Berlin, Germany
osapiens
Mannheim, Germany
