Re: Technical Due Dilligence for OPA

Quinton Hoole


Thanks for doing the hard work here Brendan and your team, and for providing such a balanced and easy-to-consume summary.  And to Torin, Tim and the rest of the OPA crew for the lucid proposal, and great project. 

Excellent to see a positive trend in outside contributions to OPA, and such rapid, broad adoption and production use.


From: cncf-toc@... [cncf-toc@...] on behalf of Brendan Burns via Lists.Cncf.Io []
Sent: Wednesday, March 20, 2019 12:28 PM
To: cncf-toc@...
Cc: cncf-toc@...
Subject: [cncf-toc] Technical Due Dilligence for OPA

Hey Folks,
I've completed my technical due-dilligence for OPA to move to incubation.

tl;dr; I'm supportive, with some plans to address a few issues.

In general, the project is in great shape along nearly all axis.

There are three areas that I think we need clarification or plan to improve from OPA as they enter incubation:

1) Some sort of old-issue cleanup. OPA doesn't have a ton of open issues (100) but some of them are very old. I think some sort of automated closing of issues is probably a good idea for hygiene.

2) Performance testing improvements. OPA is request path critical for all of it's use-cases. This means that performance is a key concern. There are some performance tests, but they don't seem comprehensive nor are they run during CI or as part of the release process as far as I can tell. I think that's an area for improvement.

3) Coverage. OPA is a security service and as such it is critical for users to have strong assurances of correctness. I'd like to see coverage metrics for unit testing, as well as aspirationally coverage for language features and validation to ensure that there aren't regressions that allow people to violate policy.

Anyway, with a plan to address these concerns, I'm supportive of OPA moving into incubator.

Happy to provide additional insight/answers as needed.


Join { to automatically receive all group messages.