Skip to content

open-policy-agent/opa

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
28 branches 165 tags
Code

Latest commit

@RDVasavada @ashutosh-narkar
RDVasavada and ashutosh-narkar feat(builtins): add a new builtin function strings.render_template to…
d46bc9d Nov 17, 2023
feat(builtins): add a new builtin function strings.render_template to… 
… render templated strings

This adds support for rendering of templated strings utilizing Golang's text/template library.
For a given templated string and key/value mapping of template var inputs, this builtin will
inject the values into the template where they are referenced by key.

Fixes #6371
Signed-off-by: Rohan Vasavada <rohanvasavada@gmail.com>
d46bc9d

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
deps: group otel deps (#6407)
November 13, 2023 16:25
ast
feat(builtins): add a new builtin function strings.render_template to…
November 17, 2023 08:53
build
build: Migrate to GitHub CLI tool (#6329)
October 19, 2023 10:23
bundle
Add option to marshal location text (#6234)
September 21, 2023 09:40
capabilities
ast: Adding capability feature for the rego.v1 import (#6375)
November 15, 2023 12:16
cmd
ast: Adding capability feature for the rego.v1 import (#6375)
November 15, 2023 12:16
compile
ast: extend capabilities to return min compatible version
October 30, 2023 09:36
config
This change adds support to configurable prometheus buckets
October 6, 2023 13:27
cover
Don't use rounding for coverage calculation (#6308)
October 12, 2023 06:49
dependencies
chore: Use t.Setenv in tests (#5321)
October 27, 2022 17:44
docs
Update spinnaker integration (#6414)
November 15, 2023 12:53
download
remove not required basedir for oci bundles & add test to verify sign…
August 29, 2023 11:08
features
eval+rego: Support caching output of non-deterministic builtins. (#4926)
September 1, 2022 11:35
format
format: Not outputting any future.keywords.* imports when rego.v1…
October 30, 2023 13:34
hooks
extensibility: add hooks (plugins, discovery, sdk)
June 29, 2023 10:18
internal
internal/planner: Insert general ref head objects starting from the l…
November 15, 2023 15:23
ir
ir: make golang code public (#5141)
September 16, 2022 07:56
keys
chore: don't use the deprecated ioutil functions (#5319)
October 27, 2022 14:30
loader
Add option to marshal location text (#6234)
September 21, 2023 09:40
logging
server: pass decision_id via ctx, cleanup RemoteAddr -> RequestContex…
February 10, 2023 12:00
logo
Fix logo in README
August 14, 2019 17:21
metrics
Status API: use jsonpb for json marshalling of prometheus metrics (#4324
February 22, 2022 09:25
misc/syntax
docs: Add IDE and Editor section to docs website
March 23, 2020 10:36
plugins
discovery: Make status updates non blocking (#6345)
November 6, 2023 16:19
profiler
profiler: Add number of generated expr to profile o/p
April 18, 2023 23:54
proposals/attic
chore: Rename design directory to proposals
August 14, 2019 11:28
refactor
ast: support dotted heads (#4660)
October 14, 2022 10:15
rego
Moving wasm test (#6399)
November 10, 2023 14:11
repl
repl: only use ToLower on the input command (#5698)
February 27, 2023 13:04
resolver
rego: make wasmtime-go dependency "more optional" (#3708)
August 16, 2021 11:48
runtime
Rename --future-compat CLI flag
October 26, 2023 10:50
schemas
Extend type checking for authz policies
September 11, 2023 15:34
sdk
sdk_test: add environment variable tests (#6420)
November 17, 2023 15:46
server
discovery: Make status updates non blocking (#6345)
November 6, 2023 16:19
storage
loader: change extension handler type (#6015)
June 16, 2023 09:37
test
feat(builtins): add a new builtin function strings.render_template to…
November 17, 2023 08:53
tester
Adding lines not covered to test coverage threshold error message (#6272
October 4, 2023 15:08
topdown
feat(builtins): add a new builtin function strings.render_template to…
November 17, 2023 08:53
tracing
tracing: make otel dependency optional for rego+topdown (#4127)
December 14, 2021 09:57
types
types: New algorithm for (Any).Union + new benchmarks (#6228)
September 20, 2023 12:27
util
chore: Replace ghodss/yaml with sigs.k8s.io/yaml (#6195)
August 30, 2023 15:08
vendor
build(deps): bump the go-opentelemetry-io group with 3 updates
November 17, 2023 08:31
version
Prepare v0.59.0 development
October 27, 2023 08:39
wasm
wasm: fix re2 bug
November 9, 2023 11:04
.gitignore
[docs] Fix unversioned built-in docs issue (#6274)
October 5, 2023 09:28
.go-version
golang: Update golang to 1.21.4
November 14, 2023 10:36
.golangci.yaml
ci: remove deprecated linters in golangci config (#5530)
January 4, 2023 09:35
.trivyignore
nightly: address recent findings, update trivyignore (#5287)
October 21, 2022 12:06
ADOPTERS.md
Update adopters list
June 7, 2023 08:36
CHANGELOG.md
Prepare v0.59.0 development
October 27, 2023 08:39
CODE_OF_CONDUCT.md
Update code of conduct for CNCF
April 2, 2018 10:56
COMMUNITY_BADGES.md
initial draft of the community badges program (#4200)
January 13, 2022 11:13
COMMUNITY_GUIDELINES.md
Update vendor guidelines
December 9, 2021 09:45
CONTRIBUTING.md
Update contributing page link to latest not edge (#6149)
August 9, 2023 13:19
Dockerfile
build: Remove rootless image variant
November 2, 2023 08:55
GOVERNANCE.md
Update governance (again)
May 5, 2020 06:32
LICENSE
Initial commit
December 28, 2015 14:08
MAINTAINERS.md
Refresh maintainers, Add gatekeeper-library maintainers
April 10, 2023 17:31
Makefile
build: Remove rootless image variant
November 2, 2023 08:55
README.md
Remove office hours sign-up (#5929)
May 18, 2023 12:07
SECURITY.md
SECURITY: migrate policy to web site, update content (#5094)
September 6, 2022 12:50
SECURITY_AUDIT.pdf
Add external security audit information
August 30, 2018 14:52
builtin_metadata.json
feat(builtins): add a new builtin function strings.render_template to…
November 17, 2023 08:53
capabilities.json
feat(builtins): add a new builtin function strings.render_template to…
November 17, 2023 08:53
go.mod
build(deps): bump the go-opentelemetry-io group with 3 updates
November 17, 2023 08:31
go.sum
build(deps): bump the go-opentelemetry-io group with 3 updates
November 17, 2023 08:31
main.go
ast: extend capabilities to return min compatible version
October 30, 2023 09:36
netlify.toml
[docs] Update integrations, organisations and softwares to have pages (…
August 17, 2023 16:09
Open Policy Agent Want to connect with the community or get support for OPA? Want to learn more about OPA? Want to download OPA? Want to integrate OPA? Want to contribute to OPA? How does OPA work? Presentations Security Audit Reporting Security Vulnerabilities

README.md

logo Open Policy Agent

Build Status Go Report Card CII Best Practices Netlify Status

Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

OPA is proud to be a graduated project in the Cloud Native Computing Foundation (CNCF) landscape. For details read the CNCF announcement.

Want to connect with the community or get support for OPA?

Want to learn more about OPA?

  • Go to openpolicyagent.org to get started with documentation and tutorials.
  • Browse blog.openpolicyagent.org for news about OPA, community, policy and authorization.
  • Watch OPA's YouTube channel for videos about OPA.
  • Try OPA with the Rego Playground to experiment with policies and share your work.
  • View the OPA Roadmap to see a high-level snapshot of OPA features in-progress and planned.
  • Check out the ADOPTERS.md file for a list of production adopters. Does your organization use OPA in production? Support the OPA project by submitting a PR to add your organization to the list with a short description of your OPA use cases!

Want to download OPA?

Want to integrate OPA?

  • See the high-level Go SDK or the low-level Go API GoDoc to integrate OPA with services written in Go.
  • See REST API to integrate OPA with services written in other languages.
  • See the integration docs for more options.

Want to contribute to OPA?

How does OPA work?

OPA gives you a high-level declarative language to author and enforce policies across your stack.

With OPA, you define rules that govern how your system should behave. These rules exist to answer questions like:

  • Can user X call operation Y on resource Z?
  • What clusters should workload W be deployed to?
  • What tags must be set on resource R before it's created?

You integrate services with OPA so that these kinds of policy decisions do not have to be hardcoded in your service. Services integrate with OPA by executing queries when policy decisions are needed.

When you query OPA for a policy decision, OPA evaluates the rules and data (which you give it) to produce an answer. The policy decision is sent back as the result of the query.

For example, in a simple API authorization use case:

  • You write rules that allow (or deny) access to your service APIs.
  • Your service queries OPA when it receives API requests.
  • OPA returns allow (or deny) decisions to your service.
  • Your service enforces the decisions by accepting or rejecting requests accordingly.

For concrete examples of how to integrate OPA with systems like Kubernetes, Terraform, Docker, SSH, and more, see openpolicyagent.org.

Presentations

  • OPA maintainers talk @ Kubecon NA 2022: video
  • Open Policy Agent (OPA) Intro & Deep Dive @ Kubecon EU 2022: video
  • Open Policy Agent Intro @ KubeCon EU 2021: Video
  • Using Open Policy Agent to Meet Evolving Policy Requirements @ KubeCon NA 2020: video
  • Applying Policy Throughout The Application Lifecycle with Open Policy Agent @ CloudNativeCon 2019: video
  • Open Policy Agent Introduction @ CloudNativeCon EU 2018: video, slides
  • Rego Deep Dive @ CloudNativeCon EU 2018: video, slides
  • How Netflix Is Solving Authorization Across Their Cloud @ CloudNativeCon US 2017: video, slides.
  • Policy-based Resource Placement in Kubernetes Federation @ LinuxCon Beijing 2017: slides, screencast
  • Enforcing Bespoke Policies In Kubernetes @ KubeCon US 2017: video, slides
  • Istio's Mixer: Policy Enforcement with Custom Adapters @ CloudNativeCon US 2017: video, slides

Security Audit

A third party security audit was performed by Cure53, you can see the full report here

Reporting Security Vulnerabilities

Please report vulnerabilities by email to open-policy-agent-security. We will send a confirmation message to acknowledge that we have received the report and then we will send additional messages to follow up once the issue has been investigated.

About

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

www.openpolicyagent.org

Topics

json declarative policy authorization opa cloud-native compliance doge lolcat open-policy-agent

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

8.6k stars

Watchers

126 watching

Forks

1.2k forks
Report repository

Releases 152

v0.58.0 Latest
Oct 26, 2023
+ 151 releases

Used by 1.9k

  • @Tushar-ArmorCode
  • @uselagoon
  • @roshaaaan
  • @Fadil369
  • @mhshahin
  • @DmitryOvchinnikov
  • @ardanlabs
  • @apolzek
+ 1,904

Contributors 401

+ 390 contributors

Languages