/opal

Policy and data administration, distribution, and real-time updates on top of Open Policy Agent

Primary LanguagePythonApache License 2.0Apache-2.0

opal

⚡OPAL⚡

Open Policy Administration Layer

Tests Package Package Downloads Docker pulls Join our Slack!

What is OPAL?

OPAL is an administration layer for Open Policy Agent (OPA), detecting changes to both policy and policy data in realtime and pushing live updates to your agents. OPAL brings open-policy up to the speed needed by live applications.

As your application state changes (whether it's via your APIs, DBs, git, S3 or 3rd-party SaaS services), OPAL will make sure your services are always in sync with the authorization data and policy they need (and only those they need).

Check out our main site at OPAL.ac, this video briefly explaining OPAL and how it works with OPA, and a deeper dive into it at this OWASP DevSlop talk.

Why use OPAL?

OPAL is the easiest way to keep your solution's authorization layer up-to-date in realtime. It aggregates policy and data from across the field and integrates them seamlessly into the authorization layer, and is microservices and cloud-native.

OPA + OPAL = 💜

While OPA (Open Policy Agent) decouples policy from code in a highly-performant and elegant way, the challenge of keeping policy agents up-to-date remains. This is especially true in applications, where each user interaction or API call may affect access-control decisions. OPAL runs in the background, supercharging policy-agents, keeping them in sync with events in realtime.

Documentation

curl -L https://raw.githubusercontent.com/permitio/opal/master/docker/docker-compose-example.yml \
> docker-compose.yml && docker-compose up

simplified


  • 📖   For further reading check out our Blog.

Community

Come talk to us about OPAL, or authorization in general - we would love to hear from you ❤️

You can raise questions and ask for features to be added to the road-map in our Github discussions, report issues in Github issues, follow us on Twitter to get the latest OPAL updates, and join our Slack community to chat about authorization, open-source, realtime communication, tech, or anything else!

If you are using our project, please consider giving us a ⭐️

Button
Button

Contributing to OPAL

  • Pull requests are welcome! (please make sure to include passing tests and docs)
  • Prior to submitting a PR - open an issue on GitHub, or make sure your PR addresses an existing issue well.

There's more!

  • Check out OPToggles, which enables you to create user targeted feature flags/toggles based on Open Policy managed authorization rules!