Source: thenewstack.io
JSON Schema Keywords AllOf and AnyOf in OPA Type Checker
This project includes a recent enhancement to its Rego type checker that uses JSON schemas as input during evaluation of policy.
The JSON schemas that are provided as input during policy evaluation essentially provide a blueprint for the policy being written, and this allows for easier and more immediate type checking.
Now with the newly implemented support for “anyOf” and “allOf”, OPA will inform you of the possible error: Implementation of support for the “allOf” and “anyOf” keywords eliminated a limitation of OPA’s type checker, so now schemas that use these keywords will render more useful error messages during policy creation and evaluation.
With this newly implemented support for “allOf” and “anyOf,” OPA is now able to support many of these Kubernetes use cases and enhance both security and flexibility for the API policy written.
Note: Other authors of this article were Mandana Vaziri, principal research staff member at IBM, and Ansu Varghese, research software engineer at IBM.
The JSON schemas that are provided as input during policy evaluation essentially provide a blueprint for the policy being written, and this allows for easier and more immediate type checking.
Now with the newly implemented support for “anyOf” and “allOf”, OPA will inform you of the possible error: Implementation of support for the “allOf” and “anyOf” keywords eliminated a limitation of OPA’s type checker, so now schemas that use these keywords will render more useful error messages during policy creation and evaluation.
With this newly implemented support for “allOf” and “anyOf,” OPA is now able to support many of these Kubernetes use cases and enhance both security and flexibility for the API policy written.
Note: Other authors of this article were Mandana Vaziri, principal research staff member at IBM, and Ansu Varghese, research software engineer at IBM.
Related Articles
Community Partners
DevOps Careers