A bit of policy magic to avoid writing policy
CFEngine promises language is rather unique and very powerful.
In his latest article my colleague Nick Anderson shows how to write a policy after which you can define all your access rules in def.json, thus avoiding need to write policy. Good for both worlds: for those who likes CFEngine policy language it clearly shows how powerful it is; for those who doesn't - it gives a small magic policy snippet which lets you avoid writing policy.
Also, I highly recommend everyone interested (or using) CFEngine to periodically check for new posts in Nick's blog!