{"id":28663,"date":"2018-07-09T10:21:37","date_gmt":"2018-07-09T08:21:37","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=28663"},"modified":"2018-07-09T10:21:37","modified_gmt":"2018-07-09T08:21:37","slug":"open-policy-agent-opa-open-source-general-purpose-policy-agent","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2018\/07\/09\/open-policy-agent-opa-open-source-general-purpose-policy-agent\/","title":{"rendered":"open-policy-agent\/opa &#8211; Open Source, general purpose policy agent"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"https:\/\/github.com\/open-policy-agent\/opa\">open-policy-agent\/opa<\/a> is an Open Source general\u00a0 purpose policy agent.<\/p>\n<blockquote><p>OPA gives you a high-level declarative language to author and enforce policies across your stack.<\/p>\n<p>With OPA, you define\u00a0<em>rules<\/em>\u00a0that govern how your system should behave. These rules exist to answer questions like:<\/p>\n<ul>\n<li>Can user X call operation Y on resource Z?<\/li>\n<li>What clusters should workload W be deployed to?<\/li>\n<li>What tags must be set on resource R before it&#8217;s created?<\/li>\n<\/ul>\n<p>You integrate services with OPA so that these kinds of policy decisions do not have to be\u00a0<em>hardcoded<\/em>\u00a0in your service. Services integrate with OPA by executing\u00a0<em>queries<\/em>\u00a0when policy decisions are needed.<\/p>\n<p>When you query OPA for a policy decision, OPA evaluates the rules and data (which you give it) to produce an answer. The policy decision is sent back as the result of the query.<\/p><\/blockquote>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>open-policy-agent\/opa is an Open Source general\u00a0 purpose policy agent. OPA gives you a high-level declarative language to author and enforce policies across your stack. With OPA, you define\u00a0rules\u00a0that govern how your system should behave. These rules exist to answer questions like: Can user X call operation Y on resource Z? What clusters should workload W &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2018\/07\/09\/open-policy-agent-opa-open-source-general-purpose-policy-agent\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">open-policy-agent\/opa &#8211; Open Source, general purpose policy agent<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"open-policy-agent\/opa - Open Source, general purpose policy agent #WebDev #Go #security #API","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,18,62,1334],"tags":[2404,3230,200,1330],"keyring_services":[],"class_list":["post-28663","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-technology","category-web-work","tag-api","tag-go","tag-security","tag-web-development"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":27602,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/05\/22\/aws-iam-policies-in-a-nutshell\/","url_meta":{"origin":28663,"position":0},"title":"AWS IAM Policies in a Nutshell","author":"Leonid Mamchenkov","date":"May 22, 2017","format":false,"excerpt":"J Cole Morrison wrote an excellent guide into AWS IAM policies. It's super useful for anyone who have tried implementing IAM policies and failed (or even barely succeeded). What is an AWS IAM Policy? A set of rules that, under the correct conditions, define what actions the policy principal or\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/aws-aim-500x200.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":13342,"url":"https:\/\/mamchenkov.net\/wordpress\/2010\/09\/02\/best-vacation-policy-is-a-no-policy\/","url_meta":{"origin":28663,"position":1},"title":"Best vacation policy is a no policy","author":"Leonid Mamchenkov","date":"September 2, 2010","format":false,"excerpt":"Read this: At Netflix, the vacation policy is audaciously simple and simply audacious. Salaried employees can take as much time off as they'd like, whenever they want to take it. Nobody \u2013 not employees themselves, not managers \u2013 tracks vacation days. That's an example to follow. \u00a0After all, it's the\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28398,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/02\/19\/on-browsers-user-agent-string\/","url_meta":{"origin":28663,"position":2},"title":"On browser&#8217;s User-Agent string","author":"Leonid Mamchenkov","date":"February 19, 2018","format":false,"excerpt":"https:\/\/twitter.com\/AmeliasBrain\/status\/963589448406462464","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27844,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/08\/14\/secure-headers-a-php-library-for-easier-management-of-browser-security-features\/","url_meta":{"origin":28663,"position":3},"title":"Secure Headers &#8211; a PHP library for easier management of browser security features","author":"Leonid Mamchenkov","date":"August 14, 2017","format":false,"excerpt":"Modern browsers offer a variety of security mechanisms for web developers. \u00a0Unfortunately, some of these aren't so easy to manage. \u00a0One needs a deep understanding of the functionality as well as theory behind. \u00a0Secure Headers is a library that makes all that work a lot easier for PHP developers. \u00a0Here\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":15493,"url":"https:\/\/mamchenkov.net\/wordpress\/2011\/09\/12\/on-policy-making-and-profit-protection\/","url_meta":{"origin":28663,"position":4},"title":"On policy making and profit protection","author":"Leonid Mamchenkov","date":"September 12, 2011","format":false,"excerpt":"TorrentFreak runs an inspirational piece, which touches upon civil liberties, policy making, and profits of the large companies involved in movie and music making. The job of any entrepreneur is to construct a use case and a business case that allow them to make money, given the current constraints of\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27668,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/06\/08\/huginn-integration-platform\/","url_meta":{"origin":28663,"position":5},"title":"Huginn integration platform","author":"Leonid Mamchenkov","date":"June 8, 2017","format":false,"excerpt":"Huginn is an integration platform that manages triggered events with agent services according to workflows. \u00a0Unlike many hosted services (Zapier, IFTTT, bip.io), Huginn is an Open Source application written in Ruby on Rails, and can be hosted, extended, and customized locally. If you can read Russian, make sure to check\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/06\/huginn-500x217.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=28663"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28663\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=28663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=28663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=28663"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=28663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}