Open Policy Agent (OPA) is an open-source engine that unifies policy enforcement across the cloud native stack. It provides a powerful declarative query language called Rego that lets the user specify policy as code and an engine that evaluates the queries given input data.
Rego has a gradual type system meaning that types can be partially known statically. OPA type checks what it knows statically and leaves the unknown parts to be type checked at runtime. However, the data handed to OPA could by design be any JSON value and hence gradual type-checking has no way of catching policy authoring mistakes, even when the policy author knows the intended schema.
This talk will introduce OPA and outline a new feature that enhances OPA’s ability to statically type check Rego code by taking into account JSON schemas for input and data documents, specified via annotations. This improves programmer productivity and helps Rego programmers catch errors earlier.