From f52ce0ea0d3f5dd5c1884c38ebbef5bf6d8330a0 Mon Sep 17 00:00:00 2001 From: Tolleiv Nietsch Date: Fri, 23 Apr 2021 15:11:27 +0200 Subject: [PATCH 1/6] Open Policy Agent --- radar/2021-01-01/open-policy-agent.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 radar/2021-01-01/open-policy-agent.md diff --git a/radar/2021-01-01/open-policy-agent.md b/radar/2021-01-01/open-policy-agent.md new file mode 100644 index 0000000..f83035a --- /dev/null +++ b/radar/2021-01-01/open-policy-agent.md @@ -0,0 +1,12 @@ +--- +title: "Open Policy Agent" +ring: assess +quadrant: tools + +--- + +[Open Policy Agent](https://www.openpolicyagent.org/) (OPA) is a framework and language which allows to model and evaluate policies access services. The underlying expression language *rego* is purpose-built for the policy evaluations and implements the **Policy As Code** patterns. + +The utility of OPA and Rego comes from the various integrations into other cloud-natives services and tools. It can be part of the Kubernetes Admission Control process, can be used for authorization decisions within a Service Mesh or could be part of infrastructure evaluation pipelines. + +We use OPA in some of our infrastructure pipelines to ensure that changes don't have undesired impact or within Kubernetes to evaluate the overall conformity of our deployments with the gives policies. \ No newline at end of file From 292fdbba04f88f3c235992f94f83427f4d6a304b Mon Sep 17 00:00:00 2001 From: Kevin Schu Date: Fri, 30 Apr 2021 11:39:57 +0200 Subject: [PATCH 2/6] Update open-policy-agent.md --- radar/2021-01-01/open-policy-agent.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radar/2021-01-01/open-policy-agent.md b/radar/2021-01-01/open-policy-agent.md index f83035a..baeae9e 100644 --- a/radar/2021-01-01/open-policy-agent.md +++ b/radar/2021-01-01/open-policy-agent.md @@ -9,4 +9,4 @@ quadrant: tools The utility of OPA and Rego comes from the various integrations into other cloud-natives services and tools. It can be part of the Kubernetes Admission Control process, can be used for authorization decisions within a Service Mesh or could be part of infrastructure evaluation pipelines. -We use OPA in some of our infrastructure pipelines to ensure that changes don't have undesired impact or within Kubernetes to evaluate the overall conformity of our deployments with the gives policies. \ No newline at end of file +We use OPA in some of our infrastructure pipelines to ensure that changes don't have undesired impact or within Kubernetes to evaluate the overall conformity of our deployments with the given policies. From a59ccb3aae57ad2e26176a406e036b8bb909a973 Mon Sep 17 00:00:00 2001 From: Kevin Schu Date: Fri, 30 Apr 2021 11:40:52 +0200 Subject: [PATCH 3/6] Update open-policy-agent.md --- radar/2021-01-01/open-policy-agent.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radar/2021-01-01/open-policy-agent.md b/radar/2021-01-01/open-policy-agent.md index baeae9e..0c9d197 100644 --- a/radar/2021-01-01/open-policy-agent.md +++ b/radar/2021-01-01/open-policy-agent.md @@ -5,7 +5,7 @@ quadrant: tools --- -[Open Policy Agent](https://www.openpolicyagent.org/) (OPA) is a framework and language which allows to model and evaluate policies access services. The underlying expression language *rego* is purpose-built for the policy evaluations and implements the **Policy As Code** patterns. +[Open Policy Agent](https://www.openpolicyagent.org/) (OPA) is a framework which allows to model and evaluate policies access services. The underlying expression language *rego* is purpose-built for the policy evaluations and implements the **Policy As Code** patterns. The utility of OPA and Rego comes from the various integrations into other cloud-natives services and tools. It can be part of the Kubernetes Admission Control process, can be used for authorization decisions within a Service Mesh or could be part of infrastructure evaluation pipelines. From d57c3a7672a56b12dae1e52dcf1b8c93bd5535bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=C3=B6tzinger?= Date: Thu, 27 May 2021 15:06:26 +0200 Subject: [PATCH 4/6] Update open-policy-agent.md --- radar/2021-01-01/open-policy-agent.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/radar/2021-01-01/open-policy-agent.md b/radar/2021-01-01/open-policy-agent.md index 0c9d197..c0f1904 100644 --- a/radar/2021-01-01/open-policy-agent.md +++ b/radar/2021-01-01/open-policy-agent.md @@ -7,6 +7,10 @@ quadrant: tools [Open Policy Agent](https://www.openpolicyagent.org/) (OPA) is a framework which allows to model and evaluate policies access services. The underlying expression language *rego* is purpose-built for the policy evaluations and implements the **Policy As Code** patterns. -The utility of OPA and Rego comes from the various integrations into other cloud-natives services and tools. It can be part of the Kubernetes Admission Control process, can be used for authorization decisions within a Service Mesh or could be part of infrastructure evaluation pipelines. +This allows to decouple policy from the service's code so you can release, and review policies seperatly for example. + +The benefits of using OPA and Rego comes from the various available integrations into other cloud-native services and tools. It can be used with the "Kubernetes Admission Controller", to authorize decisions within a Service Mesh or as part of infrastructure evaluation pipelines. We use OPA in some of our infrastructure pipelines to ensure that changes don't have undesired impact or within Kubernetes to evaluate the overall conformity of our deployments with the given policies. + +We have also evaluated OPA as part of a permission management concept in larger distributed architectures. From 67145649e3c1aa705df0578e1946adf56d881082 Mon Sep 17 00:00:00 2001 From: Brian Hoffmann Date: Fri, 28 May 2021 10:40:13 +0200 Subject: [PATCH 5/6] Update open-policy-agent.md --- radar/2021-01-01/open-policy-agent.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/radar/2021-01-01/open-policy-agent.md b/radar/2021-01-01/open-policy-agent.md index c0f1904..7945989 100644 --- a/radar/2021-01-01/open-policy-agent.md +++ b/radar/2021-01-01/open-policy-agent.md @@ -5,9 +5,9 @@ quadrant: tools --- -[Open Policy Agent](https://www.openpolicyagent.org/) (OPA) is a framework which allows to model and evaluate policies access services. The underlying expression language *rego* is purpose-built for the policy evaluations and implements the **Policy As Code** patterns. +[Open Policy Agent](https://www.openpolicyagent.org/) (OPA) is a framework which allows to model and evaluate policy access services. The underlying expression language *Rego* is purpose-built for the policy evaluations and implements the **Policy As Code** pattern. -This allows to decouple policy from the service's code so you can release, and review policies seperatly for example. +This allows to decouple policy from the service's code so you can release, and review policies seperatly. The benefits of using OPA and Rego comes from the various available integrations into other cloud-native services and tools. It can be used with the "Kubernetes Admission Controller", to authorize decisions within a Service Mesh or as part of infrastructure evaluation pipelines. From 4a5f5bc6cbb7257c3f0682d515a42deb9785df50 Mon Sep 17 00:00:00 2001 From: Brian Hoffmann Date: Wed, 2 Jun 2021 09:28:27 +0200 Subject: [PATCH 6/6] Add note about verdict of evaluation --- radar/2021-01-01/open-policy-agent.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radar/2021-01-01/open-policy-agent.md b/radar/2021-01-01/open-policy-agent.md index 7945989..fafbc35 100644 --- a/radar/2021-01-01/open-policy-agent.md +++ b/radar/2021-01-01/open-policy-agent.md @@ -13,4 +13,4 @@ The benefits of using OPA and Rego comes from the various available integrations We use OPA in some of our infrastructure pipelines to ensure that changes don't have undesired impact or within Kubernetes to evaluate the overall conformity of our deployments with the given policies. -We have also evaluated OPA as part of a permission management concept in larger distributed architectures. +We have also evaluated OPA as part of permission management in distributed architectures. The concept promisses to provide value especially for distributed enterprise architectures.