Does it make sense to create a Bundle for loading into OpenPolicyAgent which contains a data.json file with a /giant/ list of both Principals (fediverse handles, email addresses) and Resources (documents, meetings) they Own (can modify)?

Document-ownership kinda sounds Dynamic. But there's no numbers for size/freq (just "medium") in https://openpolicyagent.org/docs/external-data

(Is this what OPAL does?)

(Unknown whether a principal list should just be implied by resource-rights.)

#askfedi #opa #OpenPolicyAgent

I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).

Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.

SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.

Docs: https://docs.spacelift.io/concepts/policy/notification-policy

Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.

#DevOps #SRE

Using or trialling OPA? We want to hear from you in our 2025 Community Survey.

https://www.surveymonkey.com/r/SCBSDZN

Whether you're new to OPA or have been on the Rego train for years, hearing about how you use OPA projects will help us share OPA for the months and years to come.

We're going to be at KubeCon tomorrow in the project pavilion. Come and say hi!

#Rego #OPA #OpenPolicyAgent #KubeCon #CloudNativeCon

Note from Teemu, Tim, and Torin to the #OpenPolicyAgent community

https://blog.openpolicyagent.org/note-from-teemu-tim-and-torin-to-the-open-policy-agent-community-2dbbfe494371

#OPA #Styra #Apple

Policy-Driven #CostOptimization with #OpenPolicyAgent and #Kubernetes

https://medium.com/@platform.engineers/policy-driven-cost-optimization-with-open-policy-agent-opa-and-kubernetes-aa53f61b624d

#OPA

Great blog from Square, on how they built a custom solution for #Kubernetes guardrails on top of Open Policy Agent. This is a perfect example of the flexibility OPA provides organizations to solve the most advanced use cases!

https://developer.squareup.com/blog/kube-policies-guardrails-for-apps-running-in-kubernetes/

#OPA #OpenPolicyAgent #CloudNative #CNCF #DevOps #DevSecOps

The #KubeCon recordings are now on YouTube! We'll be posting links to all the #OpenPolicyAgent related ones as we watch them. First out is the #OPA maintainer track session, where @charlieegan3 and @anderseknert give a short introduction to OPA and Rego, followed by a deep-dive into recent performance improvements, and a sneak peek at the project roadmap. Check it out!

https://www.youtube.com/watch?v=XtA-NKoJDaI

#CloudNative #CNCF #DevOps #DevSecOps #PolicyAsCode

For anyone at #KubeCon, me and @charlieegan3 will close the day off by presenting an introduction, deep-dive and roadmap for #OpenPolicyAgent at 17:30. I know it’s late, but stick around, as we have a lot of cool things to show you!

https://kccnceu2025.sched.com/event/1td0h/open-policy-agent-opa-intro-deep-dive-charlie-egan-styra

#CloudNative #CNCF #DevOps #OPA #Rego