Styra DAS: Building for the Open Policy Agent Community
It’s been a great year so far for the Open Policy Agent (OPA) project and community. in the Cloud Native Computing Foundation (CNCF) in February and is quickly nearing 100 million downloads! With all this growth, we were excited to see the results of the second annual Open Policy Agent user survey. As I mentioned in my post on the Open Policy Agent blog, we survey the community to help better steer the project’s long-term roadmap in the right direction. This year’s survey told us a lot about adoption, the community’s goals and areas that they’d like to see grow.
Unified authorization across the stack
At Styra, we’re focused on providing the best solutions for our customers and the OPA community. We often look at how the community is using OPA to help us in determining and planning our product roadmap here. For example, we continue to see the popularity of the Kubernetes Admission Control use case for OPA (54% of respondents this year indicated they run OPA to enforce various policies on their clusters, consistent with the data from last year, and the year before), and that’s why the team prioritized enterprise-grade Kubernetes deployment features for Styra Declarative Authorization Service (DAS).
Our vision from day one has always been to provide unified authorization and policy across the cloud-native environment. So, Styra DAS also supports two other popular use cases — Terraform and microservices authorization with Envoy. With Styra DAS extended across the cloud platform, teams have a single solution to deploy, manage and monitor OPA at scale.
Styra DAS helps speed OPA deployment
Survey responses definitely indicated a growing interest in pre-built policy libraries for infrastructure-related guardrails, such as for Kubernetes (nearly 60%) and Terraform plans (nearly 30%). A strong policy library can enable OPA users to focus on accelerating their differentiated work without wasting cycles or cutting corners on critical but undifferentiated work. For example, building out the right set of rules for Kubernetes in Rego takes time — even for highly skilled developers and large teams. Styra DAS eliminates the need to spend this time, with a built-in library of well over a hundred Kubernetes policies, and multiple policy packs for best practices, pod security policies, PCI, MITRE, and more, including those that extend outside of Kubernetes, like Terraform. The Styra DAS built-in policy library saves time and brainpower, and helps teams get to “day two” faster.
Styra DAS helps solve your OPA debugging needs
Many respondents to the survey indicated that they wanted better debugging, and we know just how hard that can be. Rather than spending time debugging line-by-line, Styra DAS provides a fast and simple way to perform impact analysis to ensure that OPA policies work as intended, before deployment. The “validate” feature in Styra DAS does three things to ensure no bugs or unintended rules make their way into production:
1. Unit testing to ensure Rego policy is correct.
2. Impact analysis of policy on the current deployment to see where changes will have an effect.
3. Comparison of any policy changes over time, to ensure that any updates are making the change that was expected.
While unit testing is part of OPA, impact analysis and compliance scanning with result comparison is unique to Styra DAS. Styra minimizes the risk of human error by eliminating compliance overhead with unified policy that’s simple to understand, test, debug and extend.
Our customers adopt Styra DAS to accelerate initial OPA deployment, harden implementation and ensure that the reporting and audit requirements are met — all without having to build out custom, bespoke solutions.
If you’re just getting started with OPA, check out the Styra Academy for free OPA and Rego policy training! If you’re further down the OPA path, and looking to scale policy across your organization, request a Styra DAS demo today.