Torin Sandall
Torin Sandall
The following policy is rejected by the type checker: ```rego package bin a := {1, 2, 3, 4} b := {3, 4, 5} c := {4, 5, 6} d :=...
There are a few instances where the grammar has not kept up-to-date with the parser: ``` 1. The % operator is missing 2. data.refrules.fruit["[color.name](http://color.name/)"](fruit.apple, "green") is a valid expr-call 3....
The format of the nd_builtin_cache field in decision_logs makes it difficult and computationally expensive to mask sensitive values: ```json -----------8
In this case the error message should not include `__local0__` but rather `y`. ``` > show package repl p.x[y] { y := 7 } > p["foo"] { true } 1...
The current compiler implementation re-runs all stages on all modules each time the compiler is invoked. This is fine when policies are loaded in bulk, however, [when policies are loaded...
Currently we mention the `http_request_duration` histogram in the Prometheus endpoint but we don't explain that the buckets go from 1us to 1s: ``` http_request_duration_seconds_bucket{code="200",handler="v1/data",method="get",le="1e-06"} 0 //
Currently unexpected errors returned by topdown#eval can be difficult to debug because the context (input data, bindings, etc.) are not included in the error message (to avoid leaking sensitive data.)...
We need docs that explain how people can extend Gatekeeper with their own templates. For example, we need to explain: * Deny rule semantics * The structure of the input...
If you run multiple queries back to back that produce the same answer, it's difficult to tell when evaluation has finished and the latest result is being displayed. One way...
Topdown contains two global caches for compiled regex and glob match patterns: * https://github.com/open-policy-agent/opa/blob/main/topdown/regex.go#L19 * https://github.com/open-policy-agent/opa/blob/main/topdown/glob.go#L14 Using a modified version of [stress-opa](https://github.com/tsandall/stress-opa) I was able to cause OPA to use...