You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to package https://github.com/open-policy-agent/opa into a docker container and make data.json and /v1/policies/remote-bundle/traceable/http/request/policy.rego configurable. This container could be used in smoke tests in all Hypertrace agents. There is already a docker container https://hub.docker.com/r/openpolicyagent/opa - we should have a look if it could be used.
In the meantime the OPA filter can be tested by:
port-forwarding OPA agent from traceableai namespace k port-forward service/opa 8181:8181 -n traceableai
get the data from OPA agent curl localhost:8181/v1/data and pick some IP address from denylist
run agent on a test/demo app and do curl localhost:8080 -H "X-Forwarded-For: <IP from deny list> - the request should be blocked with 403
This is a tracking issue for discussing OPA filter testing. The idea is that in agent we want to be able to test OPA filter https://github.com/hypertrace/javaagent/tree/main/filter-custom-opa against running https://github.com/open-policy-agent/opa. The filter gets data from
/v1/data
and runs evaluation on every request.I would like to package https://github.com/open-policy-agent/opa into a docker container and make
data.json
and/v1/policies/remote-bundle/traceable/http/request/policy.rego
configurable. This container could be used in smoke tests in all Hypertrace agents. There is already a docker container https://hub.docker.com/r/openpolicyagent/opa - we should have a look if it could be used.In the meantime the OPA filter can be tested by:
traceableai
namespacek port-forward service/opa 8181:8181 -n traceableai
curl localhost:8181/v1/data
and pick some IP address fromdenylist
curl localhost:8080 -H "X-Forwarded-For: <IP from deny list>
- the request should be blocked with 403cc) @mohit-a21 @jcchavezs @davexroth
The text was updated successfully, but these errors were encountered: