Skip to main content

Features

Styra DAS provides the following features for all use cases of OPA.

  1. Policy Authoring: Write the policies you need by yourself and with other teams across the organization.

    • Tailored policies: Write rules tailored to your organization in a declarative policy language designed specifically to express policies for the cloud-native ecosystem. Use the same policy language developed as part of the OPA project and owned by Cloud Native Computing Foundation (CNCF).

    • Context-aware policies: Elevate decision-making to incorporate business-level information. Connect custom sources of context to make more intelligent and business-aware authorization decisions.

    • Policy-as-Code: Render your policies as code to check them into source-control and inject them into your normal cloud-native change-management processes for peer-review, rollback, and versioning.

  2. Policy Impact Analysis: Before deploying a new or updated policy, you must know what impact it will have on the real-world system.

    • Policy test framework: To help the different stakeholders within the organization ensure the correct controls are in place, have them write tests over policies themselves. As policies evolve over time, those tests assure that the policies always meet business requirements.

    • Backtesting: It is important to predict the cases, test the cases, maintain a record of all the cases the real-system has seen, and backtest a new policy against those cases. Understand the decisions that are seen in the change with your new policy, even before you ask your peers for review.

  3. Distribution: Deploy policies to the systems that need them.

    • Distribution: OPA can be integrated to make decisions that get enforced or are simply monitored. OPA requires only the latest policies and the data that policy relies on. Once OPA has its policies, it makes decisions independently without any communication with the DAS. OPA makes decisions; DAS helps the organization manage OPA, its policies, and the decisions OPA makes.

    • Shift-left into CICD: For teams embracing Gitops, enforce policies as part of a Continuous Integration (CI) and Continuous Deployment or Continuous Delivery (CD) pipeline so developers get early feedback about policy violations. Policies are portable; the same ones used to enforce in a real-world system can also be used in a CICD pipeline.

  4. Monitoring and Logging: Watch the health of all your OPAs and the decisions that they are making.

    • Monitoring: OPAs are real-world systems too and need the same care and attention. It is important to know the list of OPAs that are healthy, require an upgrade, or have lost the connection.

    • Decision logging and analysis: Treat the decisions that OPA makes as first-class citizens; store them in a high-fidelity, loss-less log that can be replayed and analyzed to help people understand why decisions were made the way they were, even if the decisions were made months ago.

  5. Enterprise readiness: Use the features you expect for the modern enterprise.

    • Multi-everything: Manage policy across all your clouds, clusters, servers, applications, and databases from a single pane of glass. Aggregate or drill into the information as you like; use the Styra API to inject information into your existing security and monitoring tools; and link back to Styra for in-depth analysis.

    • Usual suspects: Single-sign on, access control, and on-premise deployments.