Open Policy Agent: Microservices Authorization Simplified

Open Policy Agent: Microservices Authorization Simplified

This post explains how Open Policy Agent can be used in microservices architecture to implement policy driven authorization.

This post explains how Open Policy Agent (OPA) can be used in microservices architecture to implement policy driven authorization.

With microservices development, I often came across a problem with implementing Authentication and Authorization (A&A). We want a robust and centrally managed authentication and authorization strategy. But, the distributed nature of the application makes it difficult to implement. In this post, I will explore how  Open Policy Agent can help simplify the authorization problem.

Let’s take a quick look at the definition for Authentication and Authorization. Authentication refers to identifying the user (“who”), whereas Authorization refers to determining the level of access an authenticated user has (“what”).

My focus for this post is the Authorization part. For simplicity sake, I have created a sample application with a set of microservices. There is a basic user interface where we can carry out various operations and see the results. The only purpose of this application is to show how various authorization scenarios are handled by Open Policy Agent. In the subsequent posts, we will extend this application to cover increasingly complex use cases, and policy administration.

So, let’s get started!

Sample Application

First, some context about the application. I am taking an example of a  CPQ application commonly used by sales teams to configure quotes for customers.

Below are the roles we'll be creating for our app:

  1. Sales – Users that have a Sales role can create new offers for their customers and update the offers. The users that have a Sales role cannot, however, delete an offer.
  2. Sales Support – Support staff who can see all the offers but cannot edit any offer.
  3. Sales Admin – Administration staff; they can see all the offers, but cannot edit/create any offer. However, they can delete an offer if required to ensure cleanup.

security kubernetes gatekeeper microservices

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.

Microservices and Its Security Patterns

Microservices and its security patterns. A developer's view on common security patterns used in most of the API-architecture practices in the industry to make API and Application, as safe as possible.

Microservices Security in Action

This recently published book on microservices security highlights the patterns and best practices of ensuring microservices are safe and secure.

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

Kubernetes Security: Common Myths & Facts

Myth: Kubernetes dashboard, in general, is a security risk Fact: The security concern is not directly related to the dashboard itself, but it accounts for how well you deploy it.