trustee icon indicating copy to clipboard operation
trustee copied to clipboard

Published 20 hours ago verified publisher icon confidential-containers

OPA Engine Quirks

Open fitzthum opened this issue 1 year ago • 11 comments

I am not an expert on OPA, but I have noticed a few weird things about our implementation.

First, it seems like we probably have some duplicate code between the AS and KBS. Should we pull the OPA engine into a crate that they can share?

Second, the version of the OPA verifier seems out of date. I haven't looked into this yet, but it seems like it does not support the same things that the online rego playground does.

Third, the set policy endpoint is very finicky. I often get errors about invalid padding when trying to upload a resource policy that works fine on the rego playground. This might be my fault, but it seems like the endpoint could be a little more robust.

fitzthum avatar Jan 09 '24 22:01 fitzthum