...
Info |
---|
OPA Playground - https://play.openpolicyagent.org/ |
Approach 1:
...
Develop a Java sidecar to seamlessly integrate with Open Policy Agent (OPA) for dynamic policy enforcement within Java-based applications.
The proposed Java sidecar will be developed using standard Java libraries and frameworks, with consideration for ease of use and minimal impact on existing applications. It will be designed to support Java applications running in various environments, including cloud-native architectures.
Utilize HTTP REST APIs for secure communication with OPA.
Implement Java HTTP clients to send policy queries and receive decisions from OPA.
Design a simple and intuitive Java API for defining and enforcing policies.
Convert Java application context into OPA-compatible data structures for policy evaluation.
Implement a mechanism for dynamically updating policies from OPA.
Support real-time updates.
Integrate with Kafka for asynchronous communication with other components of the system.
Implement Kafka producers or consumers as necessary for policy-related events.
...
Go Application Integration with OPA
Develop a Go application that seamlessly integrates with Open Policy Agent (OPA), leveraging the OPA Rego language, and incorporates Kafka for event-driven communication.
Use the OPA Rego library Go SDK to integrate OPA into the Go application.
Establish a secure communication channel between the Go application and OPA.
Develop a clear and concise mechanism for defining policies using the OPA Rego language within the Go application.
Implement logic for evaluating policies using the OPA Rego engine.
Enable the Go application to dynamically load and update policies from OPA for real-time adjustments.
Implement Kafka producers to publish policy-related events when policy decisions are made.
Implement Kafka consumers to listen for policy-related events and trigger appropriate actions.
Approach 2: Java Sidecar Integration with OPA
Develop a Java sidecar to seamlessly integrate with Open Policy Agent (OPA) for dynamic policy enforcement within Java-based applications.
Utilize HTTP REST APIs for secure communication with OPA.
Implement Java HTTP clients to send policy queries and receive decisions from OPA.
Design a Java API for defining and enforcing policies.
Implement a mechanism for dynamically updating policies from OPA.
Integrate with Kafka for asynchronous communication with other components of the PF.
Implement Kafka producers or consumers for policy-related events.
Conclusion: Both approaches involve integrating OPA for policy enforcement, with the second first approach additionally incorporating Kafka for event-driven communication. The choice between a Java sidecar and a Go application is yet to be decided.
...
Info |
---|
https://www.openpolicyagent.org/docs/latest/#5-try-opa-as-a-go-library |
Notes/Considerations from the policy weekly discussion:
Re-implement the PAP interaction with PDPs?
Convert ONAP policies to be OPA compatible?
Convert OPA policies to be ONAP compatible?
Others?