Skip to main content

OPAL is an administration layer for Open Policy Agent (OPA), detecting changes to both policy and data and pushing live updates to your agents. The opal-server creates a pub/sub channel clients can subscribe to (i.e: acts as coordinator). The server also tracks a git repository (via webhook) for updates to policy (or static data) and accepts continuous data update notifications via REST api, which are then pushed to clients.

Project description

opal

⚡OPAL⚡

Open Policy Administration Layer

Tests Package Package Downloads Docker pulls Join our Slack!

What is OPAL?

OPAL is an administration layer for Policy Engines such as Open Policy Agent (OPA), and AWS' Cedar Agent detecting changes to both policy and policy data in realtime and pushing live updates to your agents. OPAL brings open-policy up to the speed needed by live applications.

As your application state changes (whether it's via your APIs, DBs, git, S3 or 3rd-party SaaS services), OPAL will make sure your services are always in sync with the authorization data and policy they need (and only those they need).

Check out our main site at OPAL.ac, this video briefly explaining OPAL and how it works with OPA, and a deeper dive into it at this OWASP DevSlop talk.

Why use OPAL?

OPAL is the easiest way to keep your solution's authorization layer up-to-date in realtime. It aggregates policy and data from across the field and integrates them seamlessly into the authorization layer, and is microservices and cloud-native.

OPA + OPAL == 💜

While OPA (Open Policy Agent) decouples policy from code in a highly-performant and elegant way, the challenge of keeping policy agents up-to-date remains. This is especially true in applications, where each user interaction or API call may affect access-control decisions. OPAL runs in the background, supercharging policy-agents, keeping them in sync with events in realtime.

AWS Cedar + OPAL == 💪

Cedar is a very powerful policy language, which powers AWS' AVP (Amazon Verified Permissions) - but what if you want to enjoy the power of Cedar on another cloud, locally, or on premise? This is where Cedar-Agent and OPAL come in.

Documentation

curl -L https://raw.githubusercontent.com/permitio/opal/master/docker/docker-compose-example.yml \
> docker-compose.yml && docker-compose up


OPAL uses a client-server stateless architecture. OPAL-Servers publish policy and data updates over a lightweight (websocket) PubSub Channel, which OPAL-clients subscribe to via topics. Upon updates each client fetches data directly (from source) to load it in to its managed OPA instance.
simplified
📖   For further reading check out our [Blog](https://bit.ly/opal_blog).

Community

Come talk to us about OPAL, or authorization in general - we would love to hear from you ❤️

You can raise questions and ask for features to be added to the road-map in our Github discussions, report issues in Github issues, follow us on Twitter to get the latest OPAL updates, and join our Slack community to chat about authorization, open-source, realtime communication, tech, or anything else!

If you are using our project, please consider giving us a ⭐️

Button
Button

Contributing to OPAL

  • Pull requests are welcome! (please make sure to include passing tests and docs)
  • Prior to submitting a PR - open an issue on GitHub, or make sure your PR addresses an existing issue well.

There's more!

  • Check out OPToggles, which enables you to create user targeted feature flags/toggles based on Open Policy managed authorization rules!
  • Check out Cedar-Agent, the easiest way to deploy & run AWS Cedar.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

opal_server-0.7.9.tar.gz (47.7 kB view details)

Uploaded Source

Built Distribution

opal_server-0.7.9-py3-none-any.whl (53.8 kB view details)

Uploaded Python 3

File details

Details for the file opal_server-0.7.9.tar.gz.

File metadata

  • Download URL: opal_server-0.7.9.tar.gz
  • Upload date:
  • Size: 47.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.10.14

File hashes

Hashes for opal_server-0.7.9.tar.gz
Algorithm Hash digest
SHA256 e014793ba1b3334169e4ac90cef3237d1905fe2e469aeeb00e704c6a154cbc56
MD5 328b2db229917b00fb837a17e1363cd2
BLAKE2b-256 5431f56d890ed973fe33c42d56fc8aed295a13f2796931fb210efb7c3a1f5120

See more details on using hashes here.

File details

Details for the file opal_server-0.7.9-py3-none-any.whl.

File metadata

  • Download URL: opal_server-0.7.9-py3-none-any.whl
  • Upload date:
  • Size: 53.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.10.14

File hashes

Hashes for opal_server-0.7.9-py3-none-any.whl
Algorithm Hash digest
SHA256 8b9ea26f86b966f2bdb5d037f3251b59cd7781360fba688ab55dd82eb506ecfe
MD5 57a0e050cf3d6c144029e55118c93f1d
BLAKE2b-256 18f72bec925978ab5bde12ac15433e000b17eb7cae240db2ba7e26bfb3936d6d

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page