docs: update broken OPA links (#10320)

* docs: update broken OPA links

* fix: typo

content/en/about/faq/metrics-and-logs/mixer-migration.md

@@ -11,6 +11,6 @@ For built-in adapters, several alternatives are provided:
 * `Prometheus` and `Stackdriver` integrations are implemented as [proxy extensions](/docs/reference/config/proxy_extensions/).
     Customization of telemetry generated by these two extensions can be achieved via [request classification](/docs/tasks/observability/metrics/classify-metrics/) and [Prometheus metrics customization](/docs/tasks/observability/metrics/customize-metrics/)..
 * Global and Local Rate-Limiting (`memquota` and `redisquota` adapters) functionality is provided through the [Envoy-based rate-limiting solution](/docs/tasks/policy-enforcement/rate-limit/).
-* `OPA` adapter is replaced by the [Envoy ext-authz based solution](/docs/tasks/security/authorization/authz-custom/), which supports [integration with OPA policy agent](https://www.openpolicyagent.org/docs/latest/envoy-authorization/).
+* `OPA` adapter is replaced by the [Envoy ext-authz based solution](/docs/tasks/security/authorization/authz-custom/), which supports [integration with OPA policy agent](https://www.openpolicyagent.org/docs/latest/envoy-introduction/).
 
 For custom out-of-process adapters, migration to Wasm-based extensions is strongly encouraged. Please refer to the guides on [Wasm module development](https://github.com/istio-ecosystem/wasm-extensions/blob/master/doc/write-a-wasm-extension-with-cpp.md) and [extension distribution](/docs/ops/configuration/extensibility/wasm-module-distribution/). As a temporary solution, you can [enable Envoy ext-authz and gRPC access log API support in Mixer](https://github.com/istio/istio/wiki/Enabling-Envoy-Authorization-Service-and-gRPC-Access-Log-Service-With-Mixer), which allows you to upgrade Istio to post 1.7 versions while still using 1.7 Mixer with out-of-process adapters. This will give you more time to migrate to Wasm-based extensions. Note this temporary solution is not battle-tested and will unlikely get patch fixes, since it is only available on the Istio 1.7 branch which is out of support window after Feb 2021.

content/en/blog/2021/better-external-authz/index.md

@@ -19,7 +19,7 @@ cannot be supported with this model, for example:
 - You have your own in-house authorization system that cannot be easily migrated to, or cannot be easily replaced by, the
   authorization policy.
 
-- You want to integrate with a 3rd-party solution (e.g. [Open Policy Agent](https://www.openpolicyagent.org/docs/latest/envoy-authorization/)
+- You want to integrate with a 3rd-party solution (e.g. [Open Policy Agent](https://www.openpolicyagent.org/docs/latest/envoy-introduction/)
   or [`oauth2` proxy](https://github.com/oauth2-proxy/oauth2-proxy)) which may require use of the
   [low-level Envoy configuration APIs](/docs/reference/config/networking/envoy-filter/) in Istio, or may not be possible
   at all.

content/en/docs/tasks/security/authorization/authz-custom/index.md

@@ -8,7 +8,7 @@ test: yes
 ---
 
 This task shows you how to set up an Istio authorization policy using a new experimental value for the [action field](/docs/reference/config/security/authorization-policy/#AuthorizationPolicy-Action), `CUSTOM`,
-to delegate the access control to an external authorization system. This can be used to integrate with [OPA authorization](https://www.openpolicyagent.org/docs/latest/envoy-authorization/),
+to delegate the access control to an external authorization system. This can be used to integrate with [OPA authorization](https://www.openpolicyagent.org/docs/latest/envoy-introduction/),
 [`oauth2-proxy`](https://github.com/oauth2-proxy/oauth2-proxy), your own custom external authorization server and more.
 
 {{< boilerplate experimental-feature-warning >}}