Whether you’re just starting to understand basic Rego language concepts or want to brush up on structuring policy-as-code rules, Styra Academy’s “OPA Policy Authoring” course lays out the fundamentals you need to know to get started.
Before we dive in, let’s get a better understanding of Open Policy Agent (OPA) and some common use cases.
What is OPA?
OPA is an open source, general purpose policy engine for cloud native environments. With OPA you can manage policy in increasingly distributed, complex and heterogeneous systems to unify policy enforcement across the stack.
OPA allows you to separate policy decisions from enforcement by decoupling policy from application logic and can be used for:
Kubernetes admission control
Data source filtering
CI/CD pipeline policies and many more.
OPA generates policy decisions by evaluating business context, and comparing that information against policies and data. Since it’s designed to be completely universal, OPA lets teams describe almost any kind of policy. For example:
Which users can access which resources?
Which subnets allow egress traffic?
Upon which clusters can a given workload be deployed?
Can binaries be downloaded from certain registries?
Can a container execute with particular OS capabilities?
At which times of day can a system be accessed?
Policy decisions are not limited to simple yes/no or allow/deny answers, either. Just like OPA can take any structured data as a query input, policies can generate any structured data as output as well.
Get started with Styra Academy
So you’re ready to get rolling with OPA? Styra Academy’s OPA Policy Authoring course offers a great overview of OPA’s declarative language Rego. You’ll learn about Rego expressions, basic rules, iteration and packages. Sign up here!