Skip to content

Instantly share code, notes, and snippets.

View anderseknert's full-sized avatar
👨‍💻
Hacking on all things OPA

Anders Eknert anderseknert

👨‍💻
Hacking on all things OPA
211 followers · 135 following
View GitHub Profile
@anderseknert
anderseknert / eopa.md
Created August 28, 2025 13:41

EOPA

A version of OPA designed for data heavy workloads, with data-filtering functionality included.

New!

EOPA has been donated to the OPA community, and we invite you to take a look around.

@anderseknert
anderseknert / opa_with_container.sh
Created August 25, 2025 19:48
Building and running OPA with the `container` tool
# In the OPA project root directory, first compile the binary
make ci-build-linux-static
# To build the OPA image (use whatever for your tag name)
container build \
--arch arm64 \
--tag myopa.com/opa/opa:latest \
--build-arg BASE=chainguard/glibc-dynamic \
--build-arg BIN_DIR=_release/1.7.0-dev \
--build-arg BIN_SUFFIX=_static \
@anderseknert
anderseknert / tokens.go
Created June 27, 2025 07:55
tokens.go
// Copyright 2017 The OPA Authors. All rights reserved.
// Use of this source code is governed by an Apache2
// license that can be found in the LICENSE file.
package topdown
import (
"crypto"
"crypto/ecdsa"
"crypto/hmac"
@anderseknert
anderseknert / copy_cost_test.go
Created June 5, 2025 16:02
Benchmark the cost of copying BuiltinContext passed to function vs not doing it
func BenchmarkBuiltinContextCopyCost(b *testing.B) {
b.Run("withBctx", func(b *testing.B) {
b.ResetTimer()
b.ReportAllocs()
for range b.N {
bctx := BuiltinContext{}
withBctx(bctx, "bctx")
}
@anderseknert
anderseknert / main.go
Created February 26, 2025 11:19
From AST JSON to Rego
package main
import (
"encoding/json"
"fmt"
"io"
"os"
"github.com/open-policy-agent/opa/v1/ast"
"github.com/open-policy-agent/opa/v1/format"
@anderseknert
anderseknert / input.json
Created December 5, 2024 11:10
Cost of custom function calls / caching
{
"package": {
"location": "1:1:1:8",
"path": [
{
"type": "var",
"value": "data"
},
{
"location": "1:9:1:14",
@anderseknert
anderseknert / dependabot.yml
Created November 4, 2024 10:51
Dependabot group PRs
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
groups:
dependencies:
patterns:
- "*"
@anderseknert
anderseknert / google_sql_database_instance.rego
Last active May 27, 2024 07:47
google_sql_database_instance policy
package google_sql_database_instance
import rego.v1
violations contains db_instance.id if {
some db_instance in input.google_sql_database_instance
not valid_db_instance(db_instance)
}
valid_db_instance(db_instance) if every setting in db_instance.config.settings {
@anderseknert
anderseknert / db_setting.rego
Last active May 25, 2024 08:47
Terrascan DB settings policy
package accurics
import rego.v1
violations contains db_instance.id if {
some db_instance in input.google_sql_database_instance
some setting in db_instance.config.settings
invalid_db_instance_setting(setting)
}
@anderseknert
anderseknert / or_array.rego
Created September 20, 2023 12:54
Or array
arr := [x | some x in input.my_array]