#rego — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #rego, aggregated by home.social.
-
Wrote a little something about #rego, #OpenPolicyAgent's policy language and how I use it for some configuration problems: https://zerokspot.com/weblog/2026/02/21/complex-applogic-config-with-rego/ #blogged
-
https://docs.docker.com/build/policies - #Docker build policies written in #Rego validate #container build conditions and fail if not met. Just put a Dockerfile.rego next to the Dockerfile (or {filename}.rego to match Dockerfile location) and it'll pick it up. No build flags necessary.
-
Found while moving! Styra used to make a unique t-shirt for every #Kubecon back in the days. This was the first one made in the pandemic. Rudolph should have worn a mask though!
-
I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).
Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.
SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.
Docs: https://docs.spacelift.io/concepts/policy/notification-policy
Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.
-
Using or trialling OPA? We want to hear from you in our 2025 Community Survey.
https://www.surveymonkey.com/r/SCBSDZN
Whether you're new to OPA or have been on the Rego train for years, hearing about how you use OPA projects will help us share OPA for the months and years to come.
We're going to be at KubeCon tomorrow in the project pavilion. Come and say hi!
-
Политики над конфигами (OPA/Rego) в GitOps-пайплайне
Привет, Хабр! Представим, что вы отвечаете за десятки конфигурационных файлов Kubernetes (или Terraform, Ansible, не суть важно) в репозитории, и каждый pull request может потенциально привести к тому, что в кластер уйдёт что-то не то. Наш любимый коллега случайно поставил контейнер с privileged -правами, другой задеплоил образ из публичного репозитория Docker Hub, а третий вовсе забыл про лимиты памяти и CPU. Без автоматического контроля такие промахи легко попадут в продакшн. Ошибки в настройках сегодня одна из главных причин инцидентов безопасности в облачных средах. Как же нам держать всё под контролем? Внедрить политики как код: формализованные правила, проверяемые автоматически на каждом шаге. В этой статье я расскажу, как применять Open Policy Agent и язык Rego, чтобы навести порядок в GitOps-пайплайне и не допускать лишнего в конфигурациях. Читать про внедрение политик в GitOps
https://habr.com/ru/companies/otus/articles/960368/
#gitops #Open_Policy_Agent #Rego #Policy_as_Code #политики_как_код
-
Took a walk with Harry today, and we spotted a car evidently owned by a person of culture.
-
On my way to present on #OPA and #Rego for the #CloudNative #Mauritius community. Sadly not in person ☀️ but virtually from cloudy Stockholm. Still, looking forward to getting to do some live coding!
-
Building #Regal’s linter rules in #Rego really pushed the language to its limits some years back, and both OPA and Rego have improved a lot thanks to that. Building parts of its *language server* in Rego too was perhaps taking it too far, but OTOH, the LSP is really just JSON in and JSON out, which is what OPA does best after all.
The bundled policies in Regal are normally embedded in the binary. That’s great for distribution, but kinda sucks for development as any change requires compilation. Not anymore! Today I merged some work of mine allowing live-reloading of the language server policies, and it’s such a *huge* difference seeing the result of a change a second after you made it. The video here shows live-editing of a LSP code action policy, and how adding a new “source action” item in the server immediately propagates to the client. Sooo much fun!
-
"regal-main test bundle ran 2.54 times faster than regal test bundle"
#OPA's new parallel test runner doing it's magic in Regal, where 800 unit tests now execute in half a second (down from 1.4). Shipping with the next OPA release, which if all goes well should be later today :)
Amazing work by OPA maintainer Sebastian Spaink 🚀
-
Nicholaos Mouzourakis at Gusto has been a long-time contributor to #OPA, and has written some of the best blogs on #Rego we've read. Turns out he is just as great talking about it on video! Just published on YouTube, "Super-Scaling Open Policy Agent with Batch Queries" is a deep-dive into an advanced OPA topic, explained well enough to be interesting to most. Hosted by the ever excellent Bart Farrell. Recommended!
-
So I just packaged kube-review (by @anderseknert) for @opensuse #Tumbleweed. Will come in handy once I start playing with Admission controllers and #OPA and the likes soon-ish.
Has been submitted to devel:kubic and will be sent to Tumbleweed once accepted.
#kubernetes #opa #rego #admissioncontrollers #opensuse #tumbleweed #k8s
-
Just pushed a new version of kube-review, my tiny tool for creating #Kubernetes admission review objects out of any YAML resource manifest. Perfect for testing admission controller implementations offline, or author #Rego k8s policies using those as input.
-
A new #Regal release is out! Featuring 4 new linter rules, and a bunch of performance improvements along with the usual fixes. I'm particularly happy about the new "narrow-argument" rule, as I don't know many tools do that type of analysis for any language. It's an optional rule though, so make sure to enable it if you want to try it out!
-
For anyone at #KubeCon, me and @charlieegan3 will close the day off by presenting an introduction, deep-dive and roadmap for #OpenPolicyAgent at 17:30. I know it’s late, but stick around, as we have a lot of cool things to show you!
https://kccnceu2025.sched.com/event/1td0h/open-policy-agent-opa-intro-deep-dive-charlie-egan-styra
-
New video!
#OPA core maintainer @johanfylling takes us through the roadmap and teases some helpful updates to #Rego. Nothing’s set in stone so take time to watch this preview and let us know what you think!
-
Regal v0.32.0 just dropped! After having worked mostly on language server features recently, it was time for the linter to get some love. This release includes 3 new linter rules as well as much faster linting. Check it out!
https://github.com/StyraInc/regal/releases/tag/v0.32.0
#OPA #Rego #Regal #PolicyAsCode #CloudNative #DevOps #DevSecOps
-
Just realized I lost my pinned post when moving to a new instance, so here's a new one. See my profile for an #introduction to who I am — what I want to talk about here is the project I've been working on the most recently. That project is #Regal, a linter and a language server for #OPA's policy language #Rego.
What started out as a simple linter is now a complete companion tool for anyone working with Rego, providing developers new to the language a platform for learning, and seasoned developers means to enforce best practices and guardrails around their policies.
If you're working with anything related to OPA and Rego, try it out! If it doesn't help you in your work, that's a bug and I want to know about it. And if there's anything else related to OPA or Rego you want to ask someone about, my DMs are always open for that.
-
🎥 Policy Management with Open Policy Agent (OPA) and Rego – zobacz prelekcję z Jesieni Linuksowej 2024.
Ruslan Korniichuk przedstawia Open Policy Agent (OPA) – uniwersalny silnik polityk. W trakcie prelekcji omawia, jak pisać i wdrażać polityki za pomocą języka Rego, koncentrując się na przypadkach użycia związanych z Terraformem, GitLabem i środowiskiem cloud-native.
Link do nagrania: https://tube.pol.social/w/2JLDQKH72ZuX71BChMTnoQ
#OPA #rego #terraform #gitlab #cloudnative #linux #opensource #jesieńlinuksowa
-
If you're occasionally working on #Rego policies and haven't kept up with #OPA updates, I'd recommend you start by checking out the recent improvements around testing. Specifically:
- The `--var-values` flag added to `opa test`, which provides a detailed view of test failures and help explain exactly which assertion failed and why.
- The new parameterized test feature. Data-driven testing of policies! This really is such a killer feature, and I can't wait to rewrite tests to leverage this in my existing projects.All covered in the OPA docs page on policy testing. Check it out!
-
OPA v1.2.0 released just now! The big feature of this release is parameterized tests for Rego — something I have wanted for years! Other than that, my continued work on performance contributes a bunch of commits here, making OPA significantly faster 🚀
https://github.com/open-policy-agent/opa/releases/tag/v1.2.0
-
Fun times at the #CloudNative meetup last night, where I got to talk for 2x40 minutes about how I ended up working with #OPA, and why I've spent so much time lately trying to make #Rego more approachable via #Regal. And of course some Rego live hacking. Thanks Gothenburg!
-
Excited to talk #OPA, #Rego and the story of how I got involved in this space, tonight at the #CloudNative meetup in #Gothenburg! A couple of hours until it starts and I just got done with the slides 😅 I really need to start preparing earlier for these things..
-
Off to Gothenburg tomorrow! First to meet with some friends, and then to talk at the local #CloudNative meetup there on Thursday. I was supposed to promote the event, but the 60 seats are all booked already, so instead — enjoy this humble brag. Anyway, can't wait to talk about #OPA and hack some #Rego in front of an audience again!
-
The boys at #TheFifthColumn are nailing it. There is waste to cut but #DOGE is taking an approach that is often illegal, misleading and will make doing this necessary work harder in the future. When you look at the success of the Clinton era #REGO process, I'm stuck wondering why they are choosing this path. Either they are dumb / unware of what was accomplished back then, or pursuing other priorities. Making government and society dysfunctional perhaps. IDK. #uspol
-
Today we had to allow a bunch of new users and groups to do stuff in our #Backstage instance and it was as simple as adding a few lines to our #rego policy and a small PR, we didn't have to update a bunch of code, or ask any admins or raise any tickets, didn't redeploy nothin'
Keep it simple 😎
-
I didn't renew my #JetBrains license this year, and have been working exclusively in #VSCode for the past month, for both #Golang and #Rego development. And the experience is mostly great! The few things that are annoying are however *really* annoying. Like how poorly VS Code integrates test runners still, and the way to abort a hanging test is often to restart the whole editor. It's a good experience sticking to a single editor for some time though, and I've learnt a lot that I otherwise wouldn't have.
-
Декларативная платформа управления доступом: от ролей к динамическим политикам
Зачем нужна авторизация, какие проблемы она решает и в каких ситуациях будет полезна? Рассмотрим модели организации контроля доступа и способы их реализации. Привет, Хабр! Меня зовут Олег Козырев. Senior Golang инженер в BigTech-компании, ментор и блогер. Обучаю людей backend-разработке и консультирую по вопросам IT. А главным героем этой статьи по мотивам моего доклада для GolangConf будет мой кот. Он проведёт нас по тернистому пути создания платформы контроля доступами.
https://habr.com/ru/companies/oleg-bunin/articles/875720/
#идентификация #аутентификация #авторизация #golang #rbac #abac #права_доступа #acl #rego #dsl
-
🌍 ZARZĄDZANIE POLITYKAMI Z OPA I REGO 🌍
Ruslan Korniichuk, specjalista #DevOps z doświadczeniem w firmach z listy #Fortune500, opowie o zarządzaniu politykami z Open Policy Agent (OPA) i językiem #Rego. Przykłady z #Terraform, #GitLab i #Cloud!☁️
Zapisy --> https://jesien.org/2024/zapisy/
-
Not sure if it'll make it into the next #Regal release, but currently working on Code Lens support for the Regal language server which would allow evaluating any rule directly in the editor, and have the result displayed on the same line. I think it'll go a *really* long way in making #Rego development easier for everyone. Many things to iron out first though... but here's a preview only for fedi :)
-
I’ve been doing a lot of “renovations” on old #Rego projects lately, bringing them up to modern standards and best practices. While there are some excellent tools around to help with that, there’s not been much in terms of documentation on that process. So I figured it might be helpful if I shared mine. Check out my latest blog to learn more!
-
At last! Our #KubeCon talk "Open Policy Agent — Intro and Deep Dive" is now up on YouTube 😃 I can't stand hearing / watching myself talk, but hopefully you won't feel the same aversion. Covering an intro to the project, some updates, a roadmap, and much more. Check it out!
-
Good morning from #KubeCon! If you’re here and want to meet, find me in the #OpenPolicyAgent kiosk in the project pavilion. Also, don’t miss my talk on today at 15:25 if you’re curious about #OPA, #Rego, and anything related.
-
I just published #Regal v0.16.0. This release brings two new linter rules, but most importantly it adds a language server (LSP) mode to Regal, allowing editor integrations to lint your workspace continuously as you work on your #Rego policies. Client implementations soon to follow. Exciting times!
Thanks @charlieegan3 for an awesome contribution!
-
Eventful day starting at 5 AM traveling from Stockholm 🇸🇪 to Utrecht 🇳🇱 to talk #authorization and #OPA at #VodafoneZiggo before heading to Haarlem and an amazing dinner with @parcifal and his wife. Tomorrow I’ll be presenting on #Regal, my #Rego linter, at the local OPA Amsterdam meetup. Good times!
-
What better way to spend the weekend than with a new version of #Regal? Everyone's favorite #Rego linter now have 2 more new rules, and some other nice improvements added. Check it out!
-
Thinking of hacking on a #LanguageServer for #Rego during the holidays, and integrate #Regal for linting. Anyone here who built one for some other language? I’d love to hear what you found most difficult, gotchas, clever tricks, or whatnot. All that kind of stuff you won’t find in the docs.
-
Regal v0.14.0 just released! 🎉 The latest edition of the #OPA community's favorite #Rego linter features two new rules, a new output format, and many improvements and fixes. Release notes and downloads here: https://github.com/StyraInc/regal/releases/tag/v0.14.0
#OpenPolicyAgent #DevOps #DevSecOps #PolicyAsCode #Linter #CodeQuality #IAM
-
Regal v0.13.0 just released! Featuring 3 new linter rules, performance improvements across the board, and many improvements and fixes. If you're working with #OPA and #Rego in any way, make sure to try it out! Regal aims to help not just by finding bugs and issues, but to teach developers of all levels idiomatic Rego.
I'd love to hear what you think!
https://github.com/StyraInc/regal/releases/tag/v0.13.0
#OpenPolicyAgent #CloudNative #DevOps #DevSecOps #IAM #CodeQuality #Linter
-
Regal v0.12.0 just released! The latest edition of the #OPA community's favorite #Rego linter adds 4 new linter rules, a long-awaited capabilities feature, and many other improvements and fixes. Check out the full changelog, and get your copy!
https://github.com/StyraInc/regal
#Regal #OpenPolicyAgent #PolicyAsCode #CloudNative #DevOps #DevSecOps #Authorization #Linter
-
My colleague @charlieegan3 writing about "Scaling Open Source Community" in the #TheNewStack, and how our linter #Regal help answer some of the most common questions asked about #Rego in our community.
https://thenewstack.io/scaling-open-source-community-by-getting-closer-to-users/
-
#Regal goes to 11! Or v0.11.0 anyway. This release adds six new rules to the #linter, bringing the total number of rules up to our roadmap goal of 50! 🎉 Also includes a number of improvements and fixes to existing rules. Truly heartwarming to see so many starting to adopt this tool as part of their #Rego development toolkit.
Read about all the new rules, and get your copy here: https://github.com/StyraInc/regal/releases/tag/v0.11.0
-
👉 Rientriamo dal coffe break con "Come implementare il proprio modello di governance DevSecOps automatizzato con Rego e Trivy" il talk di Andrea Panisson
Andrea è Cloud Native Engineer @ @sparkfabrik
#devsecopsday23 #DevSecOps #DevOps #Cybersecurity #rego #trivy #governance #security
-
Anyone using #regula and their #rego policies with #conftest and custom policies for #terraform plans? Trying to extend the set of rules from regula with rego policies I write but for some reason I can’t get the expected test results. It’s like I’m not referencing the input document correctly and therefore it’s not finding any resources to run my policy checks against. It definitely doesn’t seem to work the way I’m used to with conftest and my own policies.
-
The result of last night's experiments with #rq — we now have a #Rego based build system to build #Regal. Absolute madness, and I love it! 😄 If you're curious to see what a "make file" in Rego looks like, check this out: https://github.com/StyraInc/regal/blob/main/build/do.rq
-
Tonight I’m playing with #rq, a tool originally intended as a #jq replacement using #Rego as its query language, but which eventually grew to be useful for format transformations, and now a full-blown #scripting environment. All powered by #OPA. Madness, obviously, but just the right kind of madness.
#DevOps #DevSecOps #PolicyAsCode #OpenPolicyAgent #IAM #Code #CloudNative
-
It's hot outside, but you know what's even hotter? The #CloudNative meetup taking place at the Google office in #Stockholm this evening. I'll be talking about how to translate "real" policy, like the upcoming #EUCS framework into #PolicyAsCode using #OpenPolicyAgent and #Rego. Also, my buddy Abdel to present on ambient service mesh and #Istio. Good times!
-
My #KubeCon talk from Amsterdam a few weeks ago is now up on YouTube! The #EUCS — a compliance certification scheme for service providers in the cloud — is on its way, and will have a big impact on how organizations work with #security, #compliance and #automation. A holistic framework like the EUCS provides #policy controls applicable to the whole stack. How would we codify and enforce such rules?
-
Good introductory article on using #Conftest to enforce #PolicyAsCode decisions against Ansible Playbooks.
https://www.redhat.com/sysadmin/conftest-policy-as-code-ansible