anderseknert
commented
3 months ago Thinking more about this, it's quite hard to say which one to use as a general rule. Changing the category to custom to make this optional.
Open anderseknert opened 3 months ago
anderseknert
commented
3 months ago Thinking more about this, it's quite hard to say which one to use as a general rule. Changing the category to custom to make this optional.
Rule name subject to change :) But it's pretty common to encounter policies where large or even huge collections are defined inside a policy rather than it being provided as data. One example I encountered today is this.
There's obviously nothing wrong with that, but I think it's fair to say that separating policy from data is a good practice, and it would be good if Regal suggested moving definitions of static collection over a certain size from policy and to JSON files.
Not sure about category for this one, but either
styleoridiomatic, I think?One possible caveat — if the data truly is huge, moving it to data may come with a performance penalty, as there are some known issues in OPA wrt large collections and OPA's data store. There's work in progress, or at least planned, to address that, so it could be that this won't be an issue when we get to this. Still something to keep in mind (and measure) as we don't want to recommend something that severly degrades performance.