Build

Custom Open Policy Agent with prototypical support for Authzed

This experiment adds support for querying relations from Authzed / SpiceDB via GRPC to check resource level permissions as custom builtin commands for Open Policy Agent.

Currently only one command is supported:

authzed.check_permission("SUBJECT", "PERMISSION", "RESOURCE_ID") -> bool

Build

Note this example uses Go 1.19

go get
go build

Demo

Start authzed demo environment

docker compose -f demo/docker-compose.yml up -d

Run custom Open Policy Agent with authzed plugin enabled

./custom-opa-spicedb run \
  --set plugins.authzed.endpoint=localhost:50051 \
  --set plugins.authzed.token=foobar \
  --set plugins.authzed.insecure=true

Query relations against authzed See the example RBAC schema for reference.

> authzed.check_permission("user:tom", "view", "document:firstdoc")
true
> authzed.check_permission("user:tom", "edit", "document:firstdoc")
true
> authzed.check_permission("user:fred", "edit", "document:firstdoc")
false
> exit

Stop demo environment

docker compose -f demo/docker-compose.yml down

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
.run		.run
builtins		builtins
demo		demo
plugins		plugins
.gitignore		.gitignore
LICENSE		LICENSE
go.mod		go.mod
go.sum		go.sum
main.go		main.go
readme.md		readme.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Custom Open Policy Agent with prototypical support for Authzed

Build

Demo

About

Releases 2

Packages

Languages

License

thomasdarimont/custom-opa-spicedb

Folders and files

Latest commit

History

Repository files navigation

Custom Open Policy Agent with prototypical support for Authzed

Build

Demo

About

Resources

License

Stars

Watchers

Forks

Releases 2

Packages 0

Languages

Packages