Skills / Engineering / Open Policy Agent (OPA)

Open Policy Agent (OPA)

Enforce policy-as-code across your stack with Open Policy Agent, the CNCF policy engine. Write Rego policies for Kubernetes admission control, API authorization, Terraform validation, and CI gates — with unit tests, coverage, and OPA/Gatekeeper or Conftest integration.

OPA decouples authorization and policy decisions from application code using the Rego language. This skill helps you write and test Rego policies, enforce Kubernetes admission control with Gatekeeper, validate Terraform plans with Conftest, add fine-grained API authorization, and ship policies with unit tests and coverage.

security policy-as-code rego kubernetes authorization

When to use

Use to write Rego policies for Kubernetes admission control, API authorization, Terraform validation, or CI gates — including policy unit tests and Gatekeeper/Conftest setup.

Examples

Kubernetes admission policy

Enforce cluster guardrails

Write an OPA/Gatekeeper policy that blocks pods running as root or without resource limits

Validate Terraform plans

Policy checks in CI

Use OPA with Conftest to fail my CI when a Terraform plan opens a security group to 0.0.0.0/0

API authorization

Fine-grained access rules

Write a Rego policy that authorizes API requests based on user role and resource ownership, with unit tests
Added to wishlist