Open Policy Agent: Microservices Authorization Simplified
This post explains how Open Policy Agent can be used in microservices architecture to implement policy driven authorization.
This post explains how Open Policy Agent (OPA) can be used in microservices architecture to implement policy driven authorization.
With microservices development, I often came across a problem with implementing Authentication and Authorization (A&A). We want a robust and centrally managed authentication and authorization strategy. But, the distributed nature of the application makes it difficult to implement. In this post, I will explore how Open Policy Agent can help simplify the authorization problem.
Let’s take a quick look at the definition for Authentication and Authorization. Authentication refers to identifying the user (“who”), whereas Authorization refers to determining the level of access an authenticated user has (“what”).
My focus for this post is the Authorization part. For simplicity sake, I have created a sample application with a set of microservices. There is a basic user interface where we can carry out various operations and see the results. The only purpose of this application is to show how various authorization scenarios are handled by Open Policy Agent. In the subsequent posts, we will extend this application to cover increasingly complex use cases, and policy administration.
So, let’s get started!
Sample Application
First, some context about the application. I am taking an example of a CPQ application commonly used by sales teams to configure quotes for customers.
Below are the roles we'll be creating for our app:
- Sales – Users that have a Sales role can create new offers for their customers and update the offers. The users that have a Sales role cannot, however, delete an offer.
- Sales Support – Support staff who can see all the offers but cannot edit any offer.
- Sales Admin – Administration staff; they can see all the offers, but cannot edit/create any offer. However, they can delete an offer if required to ensure cleanup.
Bootstrap 5 Complete Course with Examples
Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners
Nest.JS Tutorial for Beginners
Hello Vue 3: A First Look at Vue 3 and the Composition API
Building a simple Applications with Vue 3
Deno Crash Course: Explore Deno and Create a full REST API with Deno
How to Build a Real-time Chat App with Deno and WebSockets
Convert HTML to Markdown Online
HTML entity encoder decoder Online
50+ Useful Kubernetes Tools for 2020 - Part 2
Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.
Microservices and Its Security Patterns
Microservices and its security patterns. A developer's view on common security patterns used in most of the API-architecture practices in the industry to make API and Application, as safe as possible.
Microservices Security in Action
This recently published book on microservices security highlights the patterns and best practices of ensuring microservices are safe and secure.
Best Custom Web & Mobile App Development Company
Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots
Kubernetes Security: Common Myths & Facts
Myth: Kubernetes dashboard, in general, is a security risk Fact: The security concern is not directly related to the dashboard itself, but it accounts for how well you deploy it.