November Newsletter
*|MC:SUBJECT|* *|MC_PREVIEW_TEXT|*
View this email in your browser
The OPA Monthly Newsletter
November Edition!
November has arrived and we are looking forward to the holiday season!
Thanks to all of the community members that stopped by the booth at Kubecon, it was a pleasure meeting you!
User Survey
We are looking for input from the community to see how everyone is using OPA. Take 5 minutes to fill out this 7 question survey to help out the community!
Ecosystem Updates
Open Policy Agent v0.46.1
- New language feature: refs in rule heads
- Entrypoint annotations in rule metadata
- New Built-in Functon: graphql.schema_is_valid
- New Built-in Functon: net.cidr_is_valid
Gatekeeper 3.10.0
- Kubernetes v1.25+, removal of Pod Security Policies and migration to Pod Security Admission 🔐
- Mutation is promoted to stable 🦠
- Introducing Validation of Workload Resources as alpha 🚀
- Performance improvements 🏃
Contributor Shout Outs
Thanks to all of the contributors that participated in these releases, the OPA community wouldn’t be here without you!
- @mattfarina
- @jaspervdj
- @ricardomaraschini
- @byronic
- @philipaconrad
- @pjbgf
- @caldwecr
- @hzliangbin
- @peterchenadded
- @phantlantis
- @ericjkao
- @TheLunaticScripter
- @humbertoc-silva
- @Juneezee
- @vinhph0906
- @aholmis
- @Joffref
- @olegroom
- @iamatwork
- @fredallen-wk
- @bartandacc
- @max0ne
- @OpenSourceZombie
- @JAORMX
- @Boojapho
- @ethanrange
- @stp-bsh
- @qa-ship-it
- @salaxander
- @boatmisser
- @gracedo
- @meons
- @mariusblarsen
Community Tools
circle-policy-agent
The policy-agent is essentially a CircleCI-flavored wrapper library around the Open Policy Agent (OPA), which will allow the users to write the policy documents in CircleCI terminology.
custom-opa-spicedb
This experiment adds support for querying relations from Authzed / SpiceDB via GRPC to check resource level permissions as custom builtin commands for Open Policy Agent.
Videos 🎥
Policy as Code with Open Policy Agent — Anders Eknert, Styra
Should user Alice be allowed to read credit reports? Should a cloud instance be deployable without basic security configuration in place? Should service X be allowed to query the database? Policy defines the rules of our systems, but how do we ensure our policies are enforced consistently in increasingly distributed and diverse tech stacks? In this talk we’ll explore the benefits of decoupling policy from our applications, deployment pipelines and platforms, and how Open Policy Agent (OPA) can help unify the way we work with policy across the stack.
Securing kubernetes with opa and gatekeeper
Starts at 3:23:20 as part of the Kubehuddle Edinburgh event.
Blogs
I have a plan! Exploring the OPA Intermediate Representation (IR) format
5 Application Authorization Best Practices for Better Cybersecurity
Intro to sets in Rego
OPA into WASM
Opa for k8s
Spring Security Authorization with OPA
Programming Your Policies: Justin Cormack at QCon San Francisco 2022
Let us know how we did
The OPA monthly newsletter is built for the OPA community, let us know what you liked or what you wanted to see more of. Reach out using one of the links below.
*|IFNOT:ARCHIVE_PAGE|**|HTML:LIST_ADDRESS_HTML|**|END:IF|*
