REST API Integrations

The Kubernetes API server can be configured to use OPA as an admission controller. Creating a ValidatingWebhookConfiguration resource can be used to query OPA for policy decisions.

The opa-envoy-plugin project uses the REST API to allow and deny requests routed via an Envoy proxy.

Read about this integration in the OPA Docs.

This project implements a custom Kafka authorizer that uses OPA to make authorization decisions by calling the REST API.

Installation and configuration instructions are available in the project's README.

OPA Spring Security uses the REST API to query OPA about authz decisions. See an example application in OPA's contrib repo.

This library provides a PHP wrapper around the OPA REST API. It can update policies and query for decisions. See the project README for various examples.

Strimzi can be configured to use OPA via the REST API as the Kafka authorizer using this project.

Apache APISIX routes can be configured to call an OPA instance over the REST API. This blog post explains how such a configuration can be achieved.

The OPA CloudFormation Hook uses AWS Lambda to consult an OPA instance using the REST API before allowing a CloudFormation stack to be created.

Read the tutorial here in the OPA documentation.

i2scim supports externalized access control decisions using OPA's REST API. The integration is described in the i2scim documentation.

The Kubernetes API server can be configured to use OPA as an authorization webhook. Such an integration can be configured by following the documentation in the contrib repo.

OPAL uses the OPA REST API to update the policy and data pushed down from the OPAL server. See how this works.

SPIRE can work in tandem with the Envoy proxy to integrate with the OPA REST API. See the tutorial here.

SSI Kit's CLI exposes policy management commands which update a local OPA instance. The feature is documented in the walt.id docs.

The Boomerang Bosun Service component interacts with an OPA instance over the REST API to evaluate policy during CICD runs.

This sample python application calls has a middleware to call OPA before processing each request. See the example code.

This example project in OPA contrib uses OPA over the REST API to enforce admission policy based on vulnerability scanning results.

Minio implements a native integration with OPA using the REST API. The integration is documented in the Minio docs.

This project provides a middleware that can query an OPA server for policy decisions. See the project's README for a js simple example.