This month, we’re shining a spotlight on Torin Sandall, co-creator and maintainer of Open Policy Agent, an incubating project in CNCF.
OPA has many recent developments to highlight: The v0.19 release includes a new parser for OPA’s language (Rego), which reduces memory allocations and improves performance by about 100x. New features have been launched in the playground to “help new users kick the tires, e.g., a catalogue of example policies, bundle serving, and better support for external context,” says Torin. Plus, the project has recently completed a security audit with the help of Trail of Bits, removed the use of finalizers, and added support for standalone audits of Kubernetes clusters.
Torin took time to answer a few questions about all the buzz around OPA.
Tell us a bit about your background.
I’ve spent most of my career building libraries, tools, and services for other developers. Eventually I became interested in helping organizations efficiently manage their stacks using more general-purpose technology. Declarative systems like Kubernetes and OPA are a key part of that story. I joined Styra as an early employee and co-created OPA (along with Tim Hinrichs and Teemu Koponen) to provide a building block that unifies policy and authorization across a range of technology. I’ve been maintaining OPA actively since inception.
What do you think is the most important part of being a maintainer?
Excellent question! I think there are many ways to be a great maintainer. Obviously it’s nice if you can ship the right features for your users as efficiently as possible. However, I think it’s equally (if not more) important to ensure that users and other contributors have a positive experience when they interact with the project. This goes way beyond just writing code. You need to care about developer experience, documentation, testing, support, process, communication, and so on. In the end, I think it comes down to focusing on quality (whatever that means to you) in as many areas as possible.
Any messages or shoutouts you’d like to give to the OPA community?
The OPA community is growing quickly. We’ve received a lot of positive feedback about the experience people have when they join Slack, post on GitHub or Stack Overflow, etc. So, as the community gets bigger, let’s continue to treat new users kindly and be conscious of the fact that people have differing experiences, points of view, and goals and sometimes those don’t align with our own. Hopefully OPA can continue to meet as many needs as possible.
I’d like to give shoutouts to the other OPA maintainers that keep the project going: Tim Hinrichs, Ash Narkar, Patrick East, Rita Zhang, Max Smythe, Sertaç Özercan, and Craig Tabita. I’d also like to recognize Stephan Renatus from Chef who has consistently supported new community members over the past two years.
How has being part of CNCF been beneficial to the project? What else can we do for you?
At a very high level, CNCF gives OPA a vendor-neutral home that is aligned with our goal of providing reusable building blocks to end users as well as vendors. More specifically, CNCF provides valuable funding for things like security audits as well as advice and support around project governance and community engagement. Also, CNCF helps us out with messy infrastructure needs like artifact signing. Keep up the good work!
Any final thoughts?
We’re always looking for new integrations between OPA and other software systems. If you’re interested in contributing code to the OPA community, this is a great way to get started. For example, we’ve recently seen end users contribute new integrations for projects like Kong and Kafka. Please reach out if this sounds interesting to you.