SYSTEM Cited by 1 source
Rego¶
Rego (openpolicyagent.org/docs/policy-language) is the declarative, Datalog-inspired policy language of Open Policy Agent (OPA). Policies are packaged into bundles and evaluated against structured input at request time (HTTP request, Kubernetes admission object, CI/CD metadata, etc.) to produce allow/deny decisions plus optional structured reasons.
Relevant wiki framing: Rego is a safe expression language (no unbounded loops, provably terminating) and a purely functional policy language, and its deployment exemplifies concepts/policy-as-data — policies live in a store, are versioned, and change independently of application deploys.
Seen in¶
- sources/2024-12-05-zalando-open-policy-agent-in-skipper-ingress — Zalando's authorization-as-a-service deployment makes Rego the application-team-owned layer of the concepts/platform-team-vs-application-team-split: platform engineers own how OPA runs + how bundles get to S3; application teams write Rego inside their own Git repos. Bundles are named after application IDs. The post says explicitly that "specifics like which paths to protect and authoring rules using Rego, the policy language of Open Policy Agent, are decentrally managed in the application's Git repositories."
Related¶
- systems/open-policy-agent — the engine Rego is authored for
- systems/styra-das — commercial authoring + publish layer
- concepts/policy-bundle — distribution unit
- concepts/permissions-dsl — Rego listed as a canonical example
- concepts/policy-as-data — Rego policies in a store, not in code
- concepts/safe-expression-language — Rego's execution-safety posture
- concepts/purely-functional-policy-language — Rego's semantic shape