It would be really interesting to hear you talk about how you test the policies that are written for opa.
are the policy documents stored alongside the service or kept in a central registry? do you need to include opa when doing unit testing for the individual services or can it just be layered on and integration tested?
As for where policies are stored, we keep them with the service and later mount in a K8s pod as a ConfigMap. OPA then downloads missing data from the Bundle Service. Integration testing is more or less the same, with OPA declared as a container in Docker Compose.
mjallday|6 years ago
are the policy documents stored alongside the service or kept in a central registry? do you need to include opa when doing unit testing for the individual services or can it just be layered on and integration tested?
bkhablenko|6 years ago
As for where policies are stored, we keep them with the service and later mount in a K8s pod as a ConfigMap. OPA then downloads missing data from the Bundle Service. Integration testing is more or less the same, with OPA declared as a container in Docker Compose.