The repository contains a proof-of-concept implementation of the Open Policy Agent (OPA) policy coverage visualization. Each condition from 2D matrix is being sent to OPA and the result is later presented using a table built with React. The OPA policy can be further tuned and the coverage will update accordingly.
As an example, the current setup imitates a system where each user has a role and the role has a set of permissions. The system has a set of policies that define the permissions for each role. Nevertheless, this could be reused in a different context. However, it is currently limited to a two dimensional data set.
# Download require container images
docker-compose pull
# Build initial React application image
docker-compose build
# Start services
docker-compose up -d
# Monitor service logs
docker-compose logs -fWeb based user interface will be available at http://localhost:3000
The OPA policy is located in ./policy directory. The bundle also includes a data.json file with user to group membership information. The OPA service is being started with --watch flag meaning that it does not require a manual reload after each policy change. However, the front-end does not monitor for policy changes and would required to reload a browser page after policy gets updated.
The users and permissions displayed in the table are taken from user.json and permissions.json files.
The initial coverage matrix will look as the following:
Feel free to tweak the policy rules, group memberships and users to test different scenarios.