Rule name subject to change :) But it's pretty common to encounter policies where large or even huge collections are defined inside a policy rather than it being provided as data. One example I encountered today is this.
There's obviously nothing wrong with that, but I think it's fair to say that separating policy from data is a good practice, and it would be good if Regal suggested moving definitions of static collection over a certain size from policy and to JSON files.
Not sure about category for this one, but either style or idiomatic, I think?
One possible caveat — if the data truly is huge, moving it to data may come with a performance penalty, as there are some known issues in OPA wrt large collections and OPA's data store. There's work in progress, or at least planned, to address that, so it could be that this won't be an issue when we get to this. Still something to keep in mind (and measure) as we don't want to recommend something that severly degrades performance.
Rule name subject to change :) But it's pretty common to encounter policies where large or even huge collections are defined inside a policy rather than it being provided as data. One example I encountered today is this.
There's obviously nothing wrong with that, but I think it's fair to say that separating policy from data is a good practice, and it would be good if Regal suggested moving definitions of static collection over a certain size from policy and to JSON files.
Not sure about category for this one, but either
style
oridiomatic
, I think?One possible caveat — if the data truly is huge, moving it to data may come with a performance penalty, as there are some known issues in OPA wrt large collections and OPA's data store. There's work in progress, or at least planned, to address that, so it could be that this won't be an issue when we get to this. Still something to keep in mind (and measure) as we don't want to recommend something that severly degrades performance.