New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
opa run: always read .tar.gz file provided in argument as a bundle #5879
Comments
@anderseknert can I take this ? |
@yogisinha of course! |
Hi @anderseknert , "addrs":[":8181"],"diagnostic-addrs":[],"level":"info","msg":"Initializing server. OPA is running on a public (0.0.0.0) network interface. Unless you intend to expose OPA outside of the host, binding to the localhost interface (--addr localhost:8181) is recommended. See https://www.openpolicyagent.org/docs/latest/security/#interface-binding","time":"2023-06-17T16:25:53-04:00"} Whereas loading it from remote loads it successfully. something like this: opa run -s http://localhost:8080/bundle.tar.gz |
As far as I remember, the bundle plugin only deals with remote bundles provided from configuration. I don't think you need that for this purpose. What we'll want to ensure here is that a bundle loader is used to load the .tar.gz file. As it currently stands, it seems to be loaded as a regular directory, which ignores things like |
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
So when you do switch filepath.Ext(path) {
case ".json":
return loadJSON(path, bs, m)
case ".rego":
return loadRego(path, bs, m, opts)
case ".yaml", ".yml":
return loadYAML(path, bs, m)
default:
if strings.HasSuffix(path, ".tar.gz") {
r, err := loadBundleFile(path, bs, m)
if err != nil {
err = fmt.Errorf("bundle %s: %w", path, err)
}
return r, err
}
}
return nil, unrecognizedFile(path) loadBundleFile in the |
Hi @ashutosh-narkar , you are right for just one bundle given on cmd line. opa run -s bundle1.tar.gz bundle2.tar.gz With my change in it will load it and if the cmd given in non bundle mode, it will still load all the file ending with .tar.gz in bundle mode which was the requirement for this issue. Refer #6112 |
No, even with a single argument, the behavior differs between Another user reported the same issue (or so I suspect) in the OPA Slack some week back. @yogisinha if that's the case, that seems like a good thing to fix too! But since that wasn't the original issue, perhaps we should create one about that and link your PR to that instead? |
Yes, @anderseknert, In #6112 these issues are fixed. I changed LoadPaths method after some discussion/clarifications with @charlieegan3 . I am waiting for him to take a look and give me feedback. So after my change the behavior will be following. lets suppose bundle_test is a folder containing rego and data files
|
Great! I'm still on vacation for a few more days, but I'll take a look once I'm back :) Would be great to see some tests to verify the behavior in that PR. |
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Hi @anderseknert , I have added a test method. |
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
…ctorings. Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
…ctorings. Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Squashing all the commits for following issue: Fix for the issue when OPA doesnot load tarball on cmd line as a bundle. Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Squashing all the commits for following issue: Fix for the issue when OPA doesnot load tarball on cmd line as a bundle. Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Squashing all the commits for following issue: Fix for the issue when OPA doesnot load tarball on cmd line as a bundle. Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Squashing all the commits for following issue: Fix for the issue when OPA doesnot load tarball on cmd line as a bundle. Fixes open-policy-agent#5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
Squashing all the commits for following issue: Fix for the issue when OPA doesnot load tarball on cmd line as a bundle. Fixes #5879 Signed-off-by: Yogesh Sinha <sinhayogi@gmail.com>
When running
opa run -s bundle.tar.gz
, OPA currently seems to extract the tar ball as a regular directory, ignoring the.manifest
file included in the bundle. This has rightly caused some confusion and does not seem like it would ever be what the user wanted or intended.We should fix this so that when a tar ball is provided in the list of files in the args, it is always read as a bundle, no matter if the bundle is local or remote.
The text was updated successfully, but these errors were encountered: