Open Policy Agent
Why doesn't OPA support executing actions (e.g. REST calls) directly from policy evaluation #742
Unanswered
AvaGhiasian
asked this question in
OPA and Rego
Replies: 1 comment
-
|
OPA can do this, it's just not recommended https://www.openpolicyagent.org/docs/policy-reference/builtins/http Our ideal for policies is that they're idempotent — for any given input / state (policies + data), you'll always get the same output. This makes policy evaluation predictable, auditable and "replayable". None of that applies when evaluation itself mutates state. But again, the option is there should you want it 🙂 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi OPA team,
I have a conceptual question regarding OPA’s design philosophy.
In some rule engines rules can directly execute actions such as, calling a REST API, executing application logic, mutating state.
My question is,
Was it an intentional design decision that OPA policies (Rego) do not produce actions directly and only return decisions (e.g., allow/deny or structured data) instead of executing side effects like REST calls or arbitrary code? If so, what is the main reason behind this design choice?
Thank you very much for your time and guidance!
Beta Was this translation helpful? Give feedback.
All reactions