open-policy-agent/opa – Open Source, general purpose policy agent

open-policy-agent/opa is an Open Source general  purpose policy agent.

OPA gives you a high-level declarative language to author and enforce policies across your stack.

With OPA, you define rules that govern how your system should behave. These rules exist to answer questions like:

  • Can user X call operation Y on resource Z?
  • What clusters should workload W be deployed to?
  • What tags must be set on resource R before it’s created?

You integrate services with OPA so that these kinds of policy decisions do not have to be hardcoded in your service. Services integrate with OPA by executing queries when policy decisions are needed.

When you query OPA for a policy decision, OPA evaluates the rules and data (which you give it) to produce an answer. The policy decision is sent back as the result of the query.

Go celebrates 4th birthday

I haven’t yet had my hands on the Go programming language, but I’ve kept a bit of an eye on  it.  It sounds interesting especially for those tasks that would benefit from concurrency – things like web spiders, email processors, etc.  The language had recently celebrated the 4th birthday, and there is a nice retrospective on the project’s blog that shows how fast it is getting accepted and which projects and companies are using it.

But this is just the tip of the iceberg. The number of high-quality open source Go projects is phenomenal. Prolific Go hacker Keith Rarick put it well: “The state of the Go ecosystem after only four years is astounding. Compare Go in 2013 to Python in 1995 or Java in 1999. Or C++ in 1987!”