Skip to content

open-policy-agent/example-api-authz-go

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OPA-Go API Authorization Example

This repository shows how to integrate a service written in Go with the OPA SDK to perform API authorization.

Building

Build the example by running go build ./cmd/example-api-authz-go/...

Requirements

This example requires an external HTTP server that serves OPA Bundles. If you don't provide an OPA configuration that enables bundle downloading, the server will fail-closed.

Running the example

Run the example with an OPA Configuration File:

./example-api-authz-go -config config.yaml

The example implementation is hardcoded to assume a policy decision will be generated at path system.main. You must define a policy decision at that path. If your policies use another package, you can include an entrypoint policy.

Entrypoint:

package system

main = data.example # api queries data.system.main.allow

Your policy:

package example

import future.keywords.if

default allow := false

allow if {
    input.method == "GET"
    input.user == "bob"
}