I want to be excited by the whole PaC (Policy as Code) idea. But, I’m going to be “that guy” for a minute:
-
I haven’t seen a rigorous definition of “policy”. It seems to me like it’s more of a mindset that’s somehow supposed to separate the actual “things we do” from the more lofty ideal of “the way we do things”. Somehow that doesn’t inform my fingers when I open my Editor of Choice and start to type.
-
Maybe I’ve hit my own personal ceiling on levels of abstraction, but I don’t see how – in actual practice – PaC differs from the same ol’ Ansible tasks we’ve been hacking on these last few years. If I really stretch credulity, I might comfortably claim that a set of tasks that truly is idempotent as a unit constitutes a chunk of PaC. But, honestly, I’d be more comfortable just claiming it’s a good set of tasks.
Truly I hope there’s more to it beyond aspirational hand waving. When I open a text file, what can I look for that clearly indicates it’s Policy as Code vs. mere code?