:wave: ! I’m attending an interesting Policy sessi...
# communitys
sdktr
02/12/2025, 9:02 AM👋 ! I’m attending an interesting Policy session at CiscoLive. It uses OPA to check for network device config conformance to an OPA policy:
sdktr
02/12/2025, 9:49 AMThe short version what they did in the demo:
• get the config of a cisco router, parse to json
• Using OPA; check for certain values in the json
Should be doable in cerbos right @Alex Olivier (Cerbos) @Emre (Cerbos) ? But is it ugly or nice-ish..
🙌 1
a
Alex Olivier (Cerbos)
02/12/2025, 9:59 AM
Absolutely! As long as there is that integration point which can call out to the PDP its certainly possible. Let me find a bit of time later to translate that policy in a Playground.
Alex Olivier (Cerbos)
02/12/2025, 10:41 AM
Something like this https://play.cerbos.dev/p/ludya2q67ac7a99JGmZljqlXgNv8UA37
🙌 2
s
Stefan de Kooter
02/12/2025, 10:04 PMnice job @Alex Olivier (Cerbos)!
Stefan de Kooter
02/12/2025, 10:05 PMIf we need to check a list of interfaces, should we strip the list to seperate resources (each resource being one interface) in our app? I guess that makes for the cleanest validation code right..
a
Alex Olivier (Cerbos)
02/13/2025, 8:16 AM
Yeah that would save the list manipulation
s
sdktr
02/13/2025, 1:54 PMInteresting way of doing compliancy checking for configurations. I’ll think about the pros and cons of using cerbos for this. Thanks 🙏
6 Views