OPA 101: Learn OPA Policy Authoring with Styra Academy

3 min read

Whether you’re just starting to understand basic Rego language concepts or want to brush up on structuring policy-as-code rules, Styra Academy’s “OPA Policy Authoring” course lays out the fundamentals you need to know to get started.

Before we dive in, let’s get a better understanding of Open Policy Agent (OPA) and some common use cases.

What is OPA?

OPA is an open source, general purpose policy engine for cloud native environments. With OPA you can manage policy in increasingly distributed, complex and heterogeneous systems to unify policy enforcement across the stack. 

OPA allows you to separate policy decisions from enforcement by decoupling policy from application logic and can be used for:

  • Kubernetes admission control

  • Microservice authorization

  • Infrastructure

  • Data source filtering

  • CI/CD pipeline policies and many more.

  • API gateways

OPA generates policy decisions by evaluating business context, and comparing that information against policies and data. Since it’s designed to be completely universal, OPA lets teams describe almost any kind of policy. For example:

  • Which users can access which resources?

  • Which subnets allow egress traffic?

  • Upon which clusters can a given workload be deployed?

  • Can binaries be downloaded from certain registries?

  • Can a container execute with particular OS capabilities?

  • At which times of day can a system be accessed?

Policy decisions are not limited to simple yes/no or allow/deny answers, either. Just like OPA can take any structured data as a query input, policies can generate any structured data as output as well.

Get started with Styra Academy

So you’re ready to get rolling with OPA? Styra Academy’s OPA Policy Authoring course offers a great overview of OPA’s declarative language Rego. You’ll learn about Rego expressions, basic rules, iteration and packages. Sign up here!

And as always, if you’re stuck on a policy or have any questions about OPA, contact our DevRel team or reach out on Slack!

Cloud native
Authorization

Dynamic Authorization for Zero Trust Security

An organizational guide to architecting and implementing Zero Trust authorization in a brownfield environment

Speak with an Engineer

Request time with our team to talk about how you can modernize your access management.