See what makes Kong the fastest, most-adopted API gateway
Check out the latest Kong feature releases and updates
Single platform for SaaS end-to-end connectivity
Enterprise service mesh based on Kuma and Envoy
Collaborative API design platform
How to Scale High-Performance APIs and Microservices
Call for speakers & sponsors, Kong API Summit 2023!
7 MIN READ
apiVersion: kuma.io/v1alpha1 kind: OPAPolicy mesh: default metadata: name: opa-1 spec: selectors: - match: kuma.io/service: '*' conf: agentConfig: inlineString: | decision_logs: console: true policies: - inlineString: | # one of: inlineString, secret package envoy.authz import input.attributes.request.http as http_request default allow = false allow { action_allowed } action_allowed { http_request.method == "GET" }
apiVersion: kuma.io/v1alpha1 kind: OPAPolicy mesh: default metadata: name: opa-1 spec: selectors: - match: kuma.io/service: '*' conf: agentConfig: inlineString: | decision_logs: console: true policies: - inlineString: | # one of: inlineString, secret package envoy.authz import input.attributes.request.http as http_request default allow = false token = {"valid": valid, "payload": payload} { [_, encoded] := split(http_request.headers.authorization, " ") [valid, _, payload] := io.jwt.decode_verify(encoded, {"secret": "hkBxrbZ9Td4QEwgRewV6gZSVH4q78vBia4GBYuqd09SsiMsIjH"}) } allow { action_allowed } allow { login_allowed } action_allowed { http_request.method == "GET" } login_allowed { http_request.method == “POST” input.attributes.request.http.path = “/api/loginEndpoint” }
allow { delete_posts } allow { post_allowed } post_allowed { http_request.method == "POST" token.payload.user_id == "cody" } delete_posts { http_request.method == "DELETE" token.payload.user_id == "cody" }
Share Post
Kong Mesh 1.2 Is Here With Embedded OPA Support, FIPS 140-2 Compliance and Multi-Zone Authentication
Read more