home.social

#rego — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #rego, aggregated by home.social.

  1. Prolog nezmizel. Jeho hlavní myšlenku dnes potkáváme v nástrojích, které se Prologu na první pohled nepodobají: v CodeQL pro analýzu kódu, v Rego pro policy-as-code, v Z3 pro práci s omezeními a v Leanu pro formální důkazy. Každý řeší jiný problém, ale všechny připomínají totéž: někdy je lepší popsat vztahy, pravidla, omezení nebo tvrzení než vrstvit další if.

    https://zdrojak.cz/clanky/prolog-nezmizel-jen-dnes-zije-v-jinych-nastrojich/
  2. Prolog nezmizel. Jeho hlavní myšlenku dnes potkáváme v nástrojích, které se Prologu na první pohled nepodobají: v CodeQL pro analýzu kódu, v Rego pro policy-as-code, v Z3 pro práci s omezeními a v Leanu pro formální důkazy. Každý řeší jiný problém, ale všechny připomínají totéž: někdy je lepší popsat vztahy, pravidla, omezení nebo tvrzení než vrstvit další if.

    https://zdrojak.cz/clanky/prolog-nezmizel-jen-dnes-zije-v-jinych-nastrojich/
  3. anthropic allows openclaw cli usage again but there are no performance metrics in the announcement. evaluating cel expressions server-side with no local test harness is a bad abstraction. you don't find out your policy is wrong until staging fails. #k8s #rego

    docs.openclaw.ai/providers/ant

  4. docs.docker.com/build/policies - #Docker build policies written in #Rego validate #container build conditions and fail if not met. Just put a Dockerfile.rego next to the Dockerfile (or {filename}.rego to match Dockerfile location) and it'll pick it up. No build flags necessary.

  5. docs.docker.com/build/policies - #Docker build policies written in #Rego validate #container build conditions and fail if not met. Just put a Dockerfile.rego next to the Dockerfile (or {filename}.rego to match Dockerfile location) and it'll pick it up. No build flags necessary.

  6. docs.docker.com/build/policies - build policies written in validate build conditions and fail if not met. Just put a Dockerfile.rego next to the Dockerfile (or {filename}.rego to match Dockerfile location) and it'll pick it up. No build flags necessary.

  7. docs.docker.com/build/policies - #Docker build policies written in #Rego validate #container build conditions and fail if not met. Just put a Dockerfile.rego next to the Dockerfile (or {filename}.rego to match Dockerfile location) and it'll pick it up. No build flags necessary.

  8. docs.docker.com/build/policies - #Docker build policies written in #Rego validate #container build conditions and fail if not met. Just put a Dockerfile.rego next to the Dockerfile (or {filename}.rego to match Dockerfile location) and it'll pick it up. No build flags necessary.

  9. Found while moving! Styra used to make a unique t-shirt for every #Kubecon back in the days. This was the first one made in the pandemic. Rudolph should have worn a mask though!

    #OPA #Rego

  10. Found while moving! Styra used to make a unique t-shirt for every #Kubecon back in the days. This was the first one made in the pandemic. Rudolph should have worn a mask though!

    #OPA #Rego

  11. Found while moving! Styra used to make a unique t-shirt for every #Kubecon back in the days. This was the first one made in the pandemic. Rudolph should have worn a mask though!

    #OPA #Rego

  12. Found while moving! Styra used to make a unique t-shirt for every #Kubecon back in the days. This was the first one made in the pandemic. Rudolph should have worn a mask though!

    #OPA #Rego

  13. Found while moving! Styra used to make a unique t-shirt for every #Kubecon back in the days. This was the first one made in the pandemic. Rudolph should have worn a mask though!

    #OPA #Rego

  14. I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).

    Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.

    SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.

    Docs: docs.spacelift.io/concepts/pol

    Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.

    #DevOps #SRE

  15. I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).

    Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.

    SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.

    Docs: docs.spacelift.io/concepts/pol

    Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.

    #DevOps #SRE

  16. I love spacelift.io for a number of reasons, namely it saves you from running or in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).

    Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send , but rarely give you control over if, where and what is sent. Now let you control all of this using a Policy based on .

    SL provide an event, you develop your policy in the language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.

    Docs: docs.spacelift.io/concepts/pol

    Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.

  17. I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).

    Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.

    SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.

    Docs: docs.spacelift.io/concepts/pol

    Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.

    #DevOps #SRE

  18. I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).

    Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.

    SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.

    Docs: docs.spacelift.io/concepts/pol

    Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.

    #DevOps #SRE

  19. Using or trialling OPA? We want to hear from you in our 2025 Community Survey.

    surveymonkey.com/r/SCBSDZN

    Whether you're new to OPA or have been on the Rego train for years, hearing about how you use OPA projects will help us share OPA for the months and years to come.

    We're going to be at KubeCon tomorrow in the project pavilion. Come and say hi!

    #Rego #OPA #OpenPolicyAgent #KubeCon #CloudNativeCon

  20. Using or trialling OPA? We want to hear from you in our 2025 Community Survey.

    surveymonkey.com/r/SCBSDZN

    Whether you're new to OPA or have been on the Rego train for years, hearing about how you use OPA projects will help us share OPA for the months and years to come.

    We're going to be at KubeCon tomorrow in the project pavilion. Come and say hi!

    #Rego #OPA #OpenPolicyAgent #KubeCon #CloudNativeCon

  21. Using or trialling OPA? We want to hear from you in our 2025 Community Survey.

    surveymonkey.com/r/SCBSDZN

    Whether you're new to OPA or have been on the Rego train for years, hearing about how you use OPA projects will help us share OPA for the months and years to come.

    We're going to be at KubeCon tomorrow in the project pavilion. Come and say hi!

    #Rego #OPA #OpenPolicyAgent #KubeCon #CloudNativeCon

  22. Политики над конфигами (OPA/Rego) в GitOps-пайплайне

    Привет, Хабр! Представим, что вы отвечаете за десятки конфигурационных файлов Kubernetes (или Terraform, Ansible, не суть важно) в репозитории, и каждый pull request может потенциально привести к тому, что в кластер уйдёт что-то не то. Наш любимый коллега случайно поставил контейнер с privileged -правами, другой задеплоил образ из публичного репозитория Docker Hub, а третий вовсе забыл про лимиты памяти и CPU. Без автоматического контроля такие промахи легко попадут в продакшн. Ошибки в настройках сегодня одна из главных причин инцидентов безопасности в облачных средах. Как же нам держать всё под контролем? Внедрить политики как код: формализованные правила, проверяемые автоматически на каждом шаге. В этой статье я расскажу, как применять Open Policy Agent и язык Rego, чтобы навести порядок в GitOps-пайплайне и не допускать лишнего в конфигурациях. Читать про внедрение политик в GitOps

    habr.com/ru/companies/otus/art

    #gitops #Open_Policy_Agent #Rego #Policy_as_Code #политики_как_код

  23. Политики над конфигами (OPA/Rego) в GitOps-пайплайне

    Привет, Хабр! Представим, что вы отвечаете за десятки конфигурационных файлов Kubernetes (или Terraform, Ansible, не суть важно) в репозитории, и каждый pull request может потенциально привести к тому, что в кластер уйдёт что-то не то. Наш любимый коллега случайно поставил контейнер с privileged -правами, другой задеплоил образ из публичного репозитория Docker Hub, а третий вовсе забыл про лимиты памяти и CPU. Без автоматического контроля такие промахи легко попадут в продакшн. Ошибки в настройках сегодня одна из главных причин инцидентов безопасности в облачных средах. Как же нам держать всё под контролем? Внедрить политики как код: формализованные правила, проверяемые автоматически на каждом шаге. В этой статье я расскажу, как применять Open Policy Agent и язык Rego, чтобы навести порядок в GitOps-пайплайне и не допускать лишнего в конфигурациях. Читать про внедрение политик в GitOps

    habr.com/ru/companies/otus/art

    #gitops #Open_Policy_Agent #Rego #Policy_as_Code #политики_как_код

  24. Политики над конфигами (OPA/Rego) в GitOps-пайплайне

    Привет, Хабр! Представим, что вы отвечаете за десятки конфигурационных файлов Kubernetes (или Terraform, Ansible, не суть важно) в репозитории, и каждый pull request может потенциально привести к тому, что в кластер уйдёт что-то не то. Наш любимый коллега случайно поставил контейнер с privileged -правами, другой задеплоил образ из публичного репозитория Docker Hub, а третий вовсе забыл про лимиты памяти и CPU. Без автоматического контроля такие промахи легко попадут в продакшн. Ошибки в настройках сегодня одна из главных причин инцидентов безопасности в облачных средах. Как же нам держать всё под контролем? Внедрить политики как код: формализованные правила, проверяемые автоматически на каждом шаге. В этой статье я расскажу, как применять Open Policy Agent и язык Rego, чтобы навести порядок в GitOps-пайплайне и не допускать лишнего в конфигурациях. Читать про внедрение политик в GitOps

    habr.com/ru/companies/otus/art

    #gitops #Open_Policy_Agent #Rego #Policy_as_Code #политики_как_код

  25. Политики над конфигами (OPA/Rego) в GitOps-пайплайне

    Привет, Хабр! Представим, что вы отвечаете за десятки конфигурационных файлов Kubernetes (или Terraform, Ansible, не суть важно) в репозитории, и каждый pull request может потенциально привести к тому, что в кластер уйдёт что-то не то. Наш любимый коллега случайно поставил контейнер с privileged -правами, другой задеплоил образ из публичного репозитория Docker Hub, а третий вовсе забыл про лимиты памяти и CPU. Без автоматического контроля такие промахи легко попадут в продакшн. Ошибки в настройках сегодня одна из главных причин инцидентов безопасности в облачных средах. Как же нам держать всё под контролем? Внедрить политики как код: формализованные правила, проверяемые автоматически на каждом шаге. В этой статье я расскажу, как применять Open Policy Agent и язык Rego, чтобы навести порядок в GitOps-пайплайне и не допускать лишнего в конфигурациях. Читать про внедрение политик в GitOps

    habr.com/ru/companies/otus/art

    #gitops #Open_Policy_Agent #Rego #Policy_as_Code #политики_как_код

  26. Took a walk with Harry today, and we spotted a car evidently owned by a person of culture.

    #rego

  27. Took a walk with Harry today, and we spotted a car evidently owned by a person of culture.

    #rego

  28. Took a walk with Harry today, and we spotted a car evidently owned by a person of culture.

    #rego

  29. Took a walk with Harry today, and we spotted a car evidently owned by a person of culture.

    #rego

  30. Took a walk with Harry today, and we spotted a car evidently owned by a person of culture.

    #rego

  31. On my way to present on #OPA and #Rego for the #CloudNative #Mauritius community. Sadly not in person ☀️ but virtually from cloudy Stockholm. Still, looking forward to getting to do some live coding!

  32. On my way to present on #OPA and #Rego for the #CloudNative #Mauritius community. Sadly not in person ☀️ but virtually from cloudy Stockholm. Still, looking forward to getting to do some live coding!

  33. On my way to present on #OPA and #Rego for the #CloudNative #Mauritius community. Sadly not in person ☀️ but virtually from cloudy Stockholm. Still, looking forward to getting to do some live coding!

  34. On my way to present on #OPA and #Rego for the #CloudNative #Mauritius community. Sadly not in person ☀️ but virtually from cloudy Stockholm. Still, looking forward to getting to do some live coding!

  35. On my way to present on #OPA and #Rego for the #CloudNative #Mauritius community. Sadly not in person ☀️ but virtually from cloudy Stockholm. Still, looking forward to getting to do some live coding!

  36. Building #Regal’s linter rules in #Rego really pushed the language to its limits some years back, and both OPA and Rego have improved a lot thanks to that. Building parts of its *language server* in Rego too was perhaps taking it too far, but OTOH, the LSP is really just JSON in and JSON out, which is what OPA does best after all.

    The bundled policies in Regal are normally embedded in the binary. That’s great for distribution, but kinda sucks for development as any change requires compilation. Not anymore! Today I merged some work of mine allowing live-reloading of the language server policies, and it’s such a *huge* difference seeing the result of a change a second after you made it. The video here shows live-editing of a LSP code action policy, and how adding a new “source action” item in the server immediately propagates to the client. Sooo much fun!

  37. Building #Regal’s linter rules in #Rego really pushed the language to its limits some years back, and both OPA and Rego have improved a lot thanks to that. Building parts of its *language server* in Rego too was perhaps taking it too far, but OTOH, the LSP is really just JSON in and JSON out, which is what OPA does best after all.

    The bundled policies in Regal are normally embedded in the binary. That’s great for distribution, but kinda sucks for development as any change requires compilation. Not anymore! Today I merged some work of mine allowing live-reloading of the language server policies, and it’s such a *huge* difference seeing the result of a change a second after you made it. The video here shows live-editing of a LSP code action policy, and how adding a new “source action” item in the server immediately propagates to the client. Sooo much fun!

  38. Building #Regal’s linter rules in #Rego really pushed the language to its limits some years back, and both OPA and Rego have improved a lot thanks to that. Building parts of its *language server* in Rego too was perhaps taking it too far, but OTOH, the LSP is really just JSON in and JSON out, which is what OPA does best after all.

    The bundled policies in Regal are normally embedded in the binary. That’s great for distribution, but kinda sucks for development as any change requires compilation. Not anymore! Today I merged some work of mine allowing live-reloading of the language server policies, and it’s such a *huge* difference seeing the result of a change a second after you made it. The video here shows live-editing of a LSP code action policy, and how adding a new “source action” item in the server immediately propagates to the client. Sooo much fun!

  39. Building #Regal’s linter rules in #Rego really pushed the language to its limits some years back, and both OPA and Rego have improved a lot thanks to that. Building parts of its *language server* in Rego too was perhaps taking it too far, but OTOH, the LSP is really just JSON in and JSON out, which is what OPA does best after all.

    The bundled policies in Regal are normally embedded in the binary. That’s great for distribution, but kinda sucks for development as any change requires compilation. Not anymore! Today I merged some work of mine allowing live-reloading of the language server policies, and it’s such a *huge* difference seeing the result of a change a second after you made it. The video here shows live-editing of a LSP code action policy, and how adding a new “source action” item in the server immediately propagates to the client. Sooo much fun!

  40. Building #Regal’s linter rules in #Rego really pushed the language to its limits some years back, and both OPA and Rego have improved a lot thanks to that. Building parts of its *language server* in Rego too was perhaps taking it too far, but OTOH, the LSP is really just JSON in and JSON out, which is what OPA does best after all.

    The bundled policies in Regal are normally embedded in the binary. That’s great for distribution, but kinda sucks for development as any change requires compilation. Not anymore! Today I merged some work of mine allowing live-reloading of the language server policies, and it’s such a *huge* difference seeing the result of a change a second after you made it. The video here shows live-editing of a LSP code action policy, and how adding a new “source action” item in the server immediately propagates to the client. Sooo much fun!