Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
50 lines (35 sloc) 1.38 KB


This repository provides an example of Open Policy Agent-backed authentication in OpenFaaS Serverless functions.

Quick Start

To try it out, you will need to have an OPA server in your OpenFaaS stack. A version implementing this by default can be found here. Once this is up and running, fetch the golang-http-gomod template and deploy as normal:

$ faas-cli template pull
$ faas-cli up --skip-push

Example Policy

A simple example rego policy is provided in order to get started. This policy prohibits access by default, allowing access to the named function only for a specified user:

package openfaas.authz

default allow = false

allow {
  input.function == "opa-auth"
  input.user == "alice"

Function Invocation

Invocation of the function is prohibited by default by the example policy:

$ curl -X POST

Retrying the request with the permitted named user succeeds:

$ curl -H 'Authorization: alice' -X POST
Authorization OK


Released under the terms of the MIT license.

You can’t perform that action at this time.