Comments (7)
I've filed an issue against OPA to improve support for incremental load scenarios. In the meantime, it would be good if the constraint framework could support a bulk load API (e.g., AddTemplates
in addition to AddTemplate
on the client).
EDIT: One other thing to mention. When I updated to use OPA master with the new parser implementation (which is in v0.19.0-rc1), the load time for the first template went from ~45ms to ~10ms.
from frameworks.
The increasing incremental cost is likely due to a larger bulk of Rego needing to be recompiled. Given that constraint templates are meant to be non-interacting, is there any way to eliminate the incremental cost by preserving the work of previous compiles? Maybe caching the artifacts somewhere to improve the cold start as well?
from frameworks.
An option for non-referential templates would be to have a separate interpreter per-template.
from frameworks.
@maxsmythe improving the compiler to support incremental updates is possible but would require some work. In short, some of the stages implement checks and rewriting or build data structures that are local to the module/rules in the module whereas others do these things globally (recursion check is one example). The first step would be to categorize the stages in the compiler so we know which ones require global information or perform global updates and which do not. For the global changes that affect data structures, we probably have to update the data structures to support add/remove operations (if they don't already.) In the short term, we should probably benchmark the compile operation and see where the time is spent. If you run opa eval -d x.rego 'data' --instrument
you'll get back timers for each of the stages.
from frameworks.
Any way to get that debug information from the OPA API?
from frameworks.
Yes, the rego.Instrument
option enables it: https://github.com/open-policy-agent/opa/blob/master/rego/rego.go#L785
from frameworks.
Resolved with #202
from frameworks.
Related Issues (20)
- [client.Client] Create optional caching interface for Targets
- Ensure Driver properly handles multi-target deletes
- add dependabot HOT 1
- upgrade opa to 0.38.0 HOT 1
- No Need to Cache Constraint Status HOT 2
- Cannot upgrade opentelemetry until k8s.io/component-base upgrades HOT 1
- Multi-target ConstraintTemplate HOT 3
- Upgrade OPA to v0.40.0 HOT 4
- No longer know which resource is causing a violation HOT 1
- block template deployment if GK version is not compatible
- Result.Target is not populated
- update kubebuilder version to v3 HOT 1
- ci: make GH lint and make lint consistent HOT 1
- Consider tagging submodule "constraint"?
- Remove the notion of "Enforcement Action" from the engine interface HOT 2
- Use `fake` Driver in e2e tests
- Driver interface `AddConstraint` improvement
- Use OpenAPI default param values
- improving match criteria debuggability HOT 2
- External Data cabundle should be referenceable from a secret HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frameworks.