Moving to the frontend trends in a good direction, but I think ultimately we need to move OPA checks to "compile-time". I want my IDE to notify me as I'm writing my manifest/terraform/cloudformation config that I'm violating a rego rule somewhere. Tightening this feedback loop is a better UX than waiting for my gitops CI/CD build pipelines to start failing and an even better UX than waiting for a kubectl apply in production to fail (presumably it's prod because you'll likely have relaxed policies on your dev cluster). Great talk, thanks!
Rego language seems to suck a bit... the examples presented beg for an 'if' statement if protocol != https then result = False if person.age < 21 then result =False etc..
Moving to the frontend trends in a good direction, but I think ultimately we need to move OPA checks to "compile-time".
I want my IDE to notify me as I'm writing my manifest/terraform/cloudformation config that I'm violating a rego rule somewhere. Tightening this feedback loop is a better UX than waiting for my gitops CI/CD build pipelines to start failing and an even better UX than waiting for a kubectl apply in production to fail (presumably it's prod because you'll likely have relaxed policies on your dev cluster).
Great talk, thanks!
Rego language seems to suck a bit... the examples presented beg for an 'if' statement
if protocol != https then result = False
if person.age < 21 then result =False
etc..
@@rafayahmed6259 Agree, never understand why these tools like reinvent the wheel. There are plenty of exist battle-tested language.
Shoulda repeated the questions from the audience