Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time


This repository provides an example of Open Policy Agent-backed authentication in OpenFaaS Serverless functions.

Quick Start

To try it out, you will need to have an OPA server in your OpenFaaS stack. A version implementing this by default can be found here. Once this is up and running, fetch the golang-http-gomod template and deploy as normal:

$ faas-cli template pull
$ faas-cli up --skip-push

Example Policy

A simple example rego policy is provided in order to get started. This policy prohibits access by default, allowing access to the named function only for a specified user:

package openfaas.authz

default allow = false

allow {
  input.function == "opa-auth"
  input.user == "alice"

Function Invocation

Invocation of the function is prohibited by default by the example policy:

$ curl -X POST

Retrying the request with the permitted named user succeeds:

$ curl -H 'Authorization: alice' -X POST
Authorization OK


Released under the terms of the MIT license.