This message was deleted.
# opals
Slackbot
03/23/2023, 8:53 AMThis message was deleted.
s
Shaul Kremer
03/23/2023, 9:27 AMHi Philip!
First of all, I believe it's likely the error you're seeing has to do with load order. Since OPAL pushes policies incrementally to OPA (i.e., not using bundles), policies have to be loaded in dependency order. If you don't add a manifest file, OPAL will fall back to loading in alphabetical order, which might not work. You can find information about how to add a manifest at https://docs.opal.ac/tutorials/track_a_git_repo/#policy-bundle-manifest---serving-dependent-policy-modules.
Shaul Kremer
03/23/2023, 9:35 AMRegarding your questions:
1. As the error you're seeing is returned by OPA, looking at its logs will probably help. OPAL's default is to not show OPA logs. To enable OPA logs, set the
OPAL_INLINE_OPA_LOG_FORMATfullShaul Kremer
03/23/2023, 9:35 AMLet me know if you have any further questions
p
Philip Claesson
03/23/2023, 9:55 AMThanks Shaul! Thanks for pointing out the load order - I was not aware of that but it makes sense. Should help me figure this out.
Also thanks for the pointer to OPAL scopes, that will be a great thing for us to look into in the future!
Philip Claesson
03/23/2023, 9:58 AMRegarding .manifest, we have structured our policy repo like this
Copy code
repo/
data.json
domain/
shared.rego
applications/ # contains a lot of rego policies that depend on shared.rego and data.json
shared/ # contains a lot of rego policies that depend on shared.rego and data.json Copy code
data.json
domain/shared.regos
Shaul Kremer
03/23/2023, 10:23 AMYou don't need the data.json in the manifest as nothing is dependent on it. Other than that, yes, OPAL will load the files in the manifest first, and then other files in alphabetical order.
👍 1
p
Philip Claesson
03/23/2023, 10:27 AMgreat, thanks shaul!
s
Shaul Kremer
03/23/2023, 10:34 AMSure thing, let me know if you have any other questions.