Programming Your Policies: Justin Cormack at QCon San Francisco 2022 –

Live Webinar and Q&A: Success in the Cloud: How to Avoid Kubernetes Deployment Pitfalls (Live Webinar November 15, 2022) Save Your Seat
Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Liz Rice considers several facets where eBPF can help, from dynamic vulnerability patching through super-fast load balancing to multi-cluster networking.
In this episode, Marco Valtas, technical lead for cleantech and sustainability at ThoughtWorks North America, discusses the Principles of Green Software Engineering. The principles help guide software decisions by considering the environmental impact. The principles are intended for everyone involved in software, and emphasize that sustainability, on its own, is a reason to justify the work.
In this article, author discusses data pipeline and workflow scheduler Apache DolphinScheduler and how ML tasks are performed by Apache DolphinScheduler using Jupyter and MLflow components.
The growth of IoT has resulted in improving connectivity amongst devices worldwide. Green IoT represents the energy efficient procedures adopted by IoT devices to achieve a sustainable and safer world. In order to green the IoT, it will be necessary to use less energy, look for new resources, reduce the negative effects of the IoT on human health, and cause less environmental disruption.
DevOps must evolve to include Quality at Speed to address issues with delivering timely business value and innovation, siloed teams lacking alignment, a fragmented toolchain, and quality sacrifices. Infrastructure, Developer and Experimentation platforms are the three fundamental platforms enabling Quality at Speed software delivery
Make the right decisions by uncovering how senior software developers at early adopter companies are adopting emerging trends. Register Now.
Adopt the right emerging trends to solve your complex engineering challenges. Register Now.
Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.
InfoQ Homepage News Programming Your Policies: Justin Cormack at QCon San Francisco 2022
Oct 25, 2022 2 min read
Steef-Jan Wiggers
At QCon San Francisco 2022, Justin Cormack, the CTO at Docker, presented on Programming your policies. The talk is part of one of the editorial tracks called "Languages of Infra: Beyond YAML."
Cormack started his talk by explaining what a policy is. For example, who can run this program or perform this API call? Or a more complex case, who can perform this database query and view the result? Who can be a person or another computer program? It is about access control in the end.

After finishing a history story on access control and security, Cormack concluded that access control issues are still relevant, looking at the top 10 web application security risks
He continued with policies written in imperative code that were difficult to maintain from his experience. Policies have gravitated more toward declarative code frameworks. With logical programming from a set of facts, conclusions can be drawn. An example is Datalog, a declarative logic programming language derived from formalizing database logic, roughly SQL plus recursion. It helps create policy queries.
Next, Cormack discussed Open Policy Agent based on Datalog extended with json support, a CNCF graduated project. It is one of the most commonly used projects for policy management in the cloud-native world. He demonstrated how it works using the Rego Playground. And after the demo, he explained why Open Policy Agent is so favored by sharing a tweet from Kelsey Hightower:
Because of how straightforward it is to integrate into existing applications.
It can be integrated across an ecosystem. Json and YAML use the same data model for making policy decisions. It also comes with a range of integrations ranging from Kubernetes and SSH.
Another thing it also enables you to share is policies that have been created. And it helps if the data model is standardized. Cormack thinks this will take off first in the Kubernetes world, where there is a standard configuration model (easy-to-write rules on that). 
Cormack continued with the big vision going forward:
Software is going to eat compliance. One day every organizational policy will be expressed as declarative code and verified against commits on an ongoing basis.
To get there, Cormack points out that we must work on observability, as making policies work without knowing the context is challenging. Furthermore, works need to be done on standardization and reusability. And tests:
One way to look at security controls is to view them as tests, which is a fruitful way of thing about them.
Once policies are available as code in a reusable and portable form, they can be tested and run everywhere. In addition, the policies are easy to revise and update individually. And Cormack explained, you could also reverse the direction of testing where you promote code (meeting policies), for instance, to the next stage in a pipeline instead of blocking things.
Cormack ended up pointing out other frameworks that Open Policy Agent, such as the Google Zanzibar project, which inspired several recent systems, including OpenFGA, from Auth0 that recently joined CNCF, and Ory Keto. Furthermore, there is another CNCF project Kyverno for Kubernetes policies.
He ended the talk by pointing out that:
We are taking YAML and going beyond just considering YAML as a thing we have in turn of what we can do with all this YAML. So how to generate all this YAML having configuration documents and still process them through these pretty powerful declarative policies systems is an exciting move.

Becoming an editor for InfoQ was one of the best decisions of my career. It has challenged me and helped me grow in so many ways. We’d love to have more people join our team.

Clumio is a secure backup as a service that provides comprehensive data protection against ransomware attacks and account compromises in AWS. Start Free Trial.
A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example

We protect your privacy.
You need to Register an InfoQ account or or login to post comments. But there’s so much more behind being registered.
Get the most out of the InfoQ experience.
Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example

We protect your privacy.
Real-world technical talks. No product pitches.
Practical ideas to inspire you and your team.
QCon Plus – Nov 30 – Dec 8, Online.

QCon Plus brings together the world’s most innovative senior software engineers across multiple domains to share their real-world implementation of emerging trends and practices.
Uncover emerging software trends and practices to solve your complex engineering challenges, without the product pitches.Save your spot now and all content copyright © 2006-2022 C4Media Inc. hosted at Contegix, the best ISP we’ve ever worked with.
Privacy Notice, Terms And Conditions, Cookie Policy


Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…

Post expires at 12:25am on Thursday April 27th, 2023

Leave a Reply

Next Post

Low-Code Developers Report Higher Levels of Job Satisfaction - ITPro Today

Thu Oct 27 , 2022
IT Pro Today is part of the Informa Tech Division of Informa PLCThis site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.Nathan Eddy […]
%d bloggers like this: