Source: thenewstack.io
5 Things You Didn’t Know About Open Policy AgentCategory: Database, Data, Kubernetes, container
When introducing Open Policy Agent (OPA) to application developers and platform engineers, I normally end my presentation with a bulleted list detailing what I think are the best steps to take to start learning OPA and its declarative policy language, Rego. That kind of basic understanding of what OPA is and how to write simple policies in Rego and deploy them might actually be enough to solve most of the problems around application authorization a development team might be facing.
Knowing the document model really is key to any advanced OPA development, but perhaps in particular interactive development, where you frequently query the document for results, whether it’s done with help of the REST API, the REPL or as part of writing Rego tests.
Observing the state and flow of things in order to answer not just what a query, rule or function produces, but also why something happened — this skill is absolutely crucial in Rego as much as it is in any field of software development.
This takes the policy (and data) you see on screen and runs it in OPA on your local machine, in a Kubernetes cluster or wherever you want!
Knowing the document model really is key to any advanced OPA development, but perhaps in particular interactive development, where you frequently query the document for results, whether it’s done with help of the REST API, the REPL or as part of writing Rego tests.
Observing the state and flow of things in order to answer not just what a query, rule or function produces, but also why something happened — this skill is absolutely crucial in Rego as much as it is in any field of software development.
This takes the policy (and data) you see on screen and runs it in OPA on your local machine, in a Kubernetes cluster or wherever you want!
Related Articles
Community Partners
DevOps Careers