-
Notifications
You must be signed in to change notification settings - Fork 262
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open Policy Agent support? #373
Comments
I'm a big fan of OPA, I think this would be neat. I'm not entirely sure what the best way to integrate it would be though -- e.g. would we want to talk to an external server or use the runtime in-process to evaluate policies for example. |
I was thinking in-process, but then this is early for me - I just started looking into this. You guys have a discord for ghostunnel? |
There's no discord, but happy to talk on here if you want to sketch something out. |
Cool! Unrelated/related: I sent you a note on linkedin - as we are using ghostunnel for our stuff, we are interested in supporting the project - so, if this would be useful too, let me know over there? Thanks in all cases and ttyl! |
Thanks @spacedub! I think there's basically two approaches:
|
Ok, I have a small POC for the in-process approach that does verify the CN of a client cert. I have this policy defined in a local rego file:
I am obviously hooking-up on From a command-line perspective, I am passing along the policy and the query: The key question IMO: what UX do we want? So, what about this:
Thoughts? |
Left some comments on the pull request, overall I think this is the right direction and looks pretty good already. |
Hi,
Recently started looking into OPA, and was wondering if it would make sense to integrate with ghost (likely using their go sdk: https://www.openpolicyagent.org/docs/latest/integration/#integrating-with-the-go-api)
Before spending more time on this, I thought I would ask here:
Thanks!
The text was updated successfully, but these errors were encountered: