Re: RFC: OPA is up for Annual Review + Incubation Request


Brendan Burns
 

Here's some verbatum feedback from one of my engineers who lead the azure policy controller and is helping lead gatekeeper (opa + admission control), I'll do my own look too, but I thought I'd pass this along.

--brendan

Vision

At the heart of the OPA’s premise is to decouple the definition of policy from the enforcement of it providing ability to define fine-grained policy control at various levels of the stack. At the basics it is JSON document store with Rego as the query-able language. The design of it being a general open policy engine allows easily building platform specific policy controllers Gatekeeper to be successful.


Quality

The project is well structured and is maintainable, follows good design patterns. I had a chance to add the contribute and enhance the query method in OPA core project. It was easy to make changes i.e. straightforward to satisfy new requirements, and add new test cases in existing test infrastructure. The project has clear and good documentation. The code review process is thorough.  The project has does good performance test and security analysis. The github issues are well documented for fresh developers to start making contributions.


Community Support

The support is awesome and growing (supported by folks at Styra). Questions get answered in a near real time. The Gatekeeper project would not have been successful without the help of the level of support (special mention Torin and Tim)


Adoption

In my last several months of closely working and monitoring this project I see fast growing adoption and interest in the project. With the Gatekeeper project we see interest from all major clouds expecting this project to make it to large number of test and production environments. I am already see products and teams within organization like Microsoft e.g Office, AAD, IOT  solving policy problems where OPA would be a natural fit.


Improvements

There are always this that we are striving to improve, in that spirit arguably there is a learning curve associated with writing new policies in Rego, and sizable portion of questions on Slack channel are related to policy syntax and bugs . The project has done incredible work it making it debuggable and testable to tooling (e.g. vs code extensions). There is work going on via Gatekeeper project to build a constraint framework a higher level  abstraction on top of Rego to make policies more reusable.





From: cncf-toc@... <cncf-toc@...> on behalf of Brendan Burns via Lists.Cncf.Io <bburns=microsoft.com@...>
Sent: Monday, March 4, 2019 12:06 PM
To: Quinton Hoole; caniszczyk@...
Cc: cncf-toc@...
Subject: Re: [cncf-toc] RFC: OPA is up for Annual Review + Incubation Request
 
I'll volunteer, unless Quinton wants it 🙂



From: cncf-toc@... <cncf-toc@...> on behalf of Chris Aniszczyk via Lists.Cncf.Io <caniszczyk=linuxfoundation.org@...>
Sent: Monday, March 4, 2019 11:40 AM
To: Quinton Hoole
Cc: cncf-toc@...
Subject: Re: [cncf-toc] RFC: OPA is up for Annual Review + Incubation Request
 
no but I look forward for someone from the TOC to volunteer, feel free to comment on the PR

On Mar 4, 2019, at 11:39 AM, Quinton Hoole <quinton.hoole@...> wrote:

Thanks Chris

Has anyone been assigned yet to lead the technical due diligence?

Thanks

Q


From: cncf-toc@... [cncf-toc@...] on behalf of Chris Aniszczyk [caniszczyk@...]
Sent: Friday, March 01, 2019 6:17 PM
To: CNCF TOC
Subject: [cncf-toc] RFC: OPA is up for Annual Review + Incubation Request

Just an FYI, OPA! They are close to their 1 year anniversary for their annual review as a sandbox project and also want to request a move to incubation:


We look forward to comments from the TOC and wider community.

--
Chris Aniszczyk (@cra) | +1-512-961-6719

Join cncf-toc@lists.cncf.io to automatically receive all group messages.