Styra DAS provides the following features for all use cases of OPA.
Write the Policies you need by yourself and with other teams across the organization.
- Tailored Policies: Write Rules tailored to your organization in a declarative policy language designed specifically to express policies for the cloud-native ecosystem. Use the same policy language developed as part of the OPA project and owned by the Cloud Native Computing Foundation (CNCF).
- Context-aware policies: Elevate decision-making to incorporate business-level information. Connect custom sources of context to make more intelligent and business-aware authorization decisions.
- Policy-as-Code: Render your Policies as code to check them into source-control and inject them into your normal cloud-native change-management processes for peer-review, rollback, and versioning.
Policy Impact Analysis
Before deploying a new or updated Policy, know what impact it will have on the real-world system.
- Policy test framework: To help the different stakeholders within the organization ensure the correct controls are in place, have them write tests over Policies themselves. As Policies evolve over time, those tests assure that the policies always meet business requirements.
- Backtesting: It is important to predict the cases, test the cases, maintain a record of all the cases the real-system has seen, and backtest a new Policy against those cases. Understand the decisions that are seen in the change with your new Policy, even before you ask your peers for review.
Deploy Policies to the Systems that need them.
- Distribution: OPA can be integrated to make decisions that get enforced or are simply monitored. OPA requires only the latest Policies and the data that Policy relies on. Once OPA has its Policies, it makes decisions independently without any communication with Styra DAS. OPA makes decisions; Styra DAS helps the organization manage OPA, its Policies, and the Decisions OPA makes.
- Shift-left into CI/CD: For teams embracing Gitops, enforce Policies as part of a Continuous Integration (CI) and Continuous Deployment or Continuous Delivery (CD) pipeline so developers get early feedback about Policy violations. Policies are portable, the same ones used to enforce in a real-world system can also be used in a CI/CD pipeline.
Monitoring and Logging
Watch the health of all your OPAs and the Decisions being made.
- Monitoring: OPAs are real-world systems and require care and attention. It is important to know the list of OPAs that are healthy, require an upgrade, or have lost the connection.
- Decision logging and analysis: Treat the Decisions OPA makes as first-class citizens; store them in a high-fidelity, loss-less log that can be replayed and analyzed to help people understand why Decisions were made the way they were, even if the Decisions were made months ago.
Use the features you expect for the modern enterprise.
- Multi-everything: Manage Policies across all your clouds, clusters, servers, applications, and databases from a single pane of glass. Aggregate or drill into the information as you like and use the Styra API to inject information into your existing security and monitoring tools, then link back to Styra DAS for in-depth analysis.
- Common implementations: Single-sign on, access control, and Self-hosted deployments.