https://linen.dev logo
Join Slack
Powered by
This message was deleted.
# opal
s
This message was deleted.
a
Hi @Heng Tan thanks for letting us know. @Ro'e Katz will merge these on Sunday.
👍 1
h
cool thanks @Asaf Cohen, once those changes is merged how likely it will be integrated into OPAL for the future release?
a
Hi @Heng Tan, the next minor OPAL release is scheduled for the first week of April. However @Ro'e Katz might be able to do an RC release before then.
👍 1
h
That's really good news 🎉🎉🎉 🙏🙏🙏
r
Hi @Heng Tan, I’ve merged all latest commits from the upstream repo 
encode/broadcaster
into our 
permitio/broadcaster
fork (including both of the merges you’ve requested). I’ve also pushed a new build 
permitio/opal-server:0.5.3-rc
that uses this new broadcaster. It would be great if you can help me test it out (mainly that broadcaster works, with redis, and with the features you were interested in).
👍 1
h
That's great news, many thanks for doing this. I'll definitely keep you inform today or tomorrow whether both password and rediss:// work on our opal server deployment. 😉 Cheers
@Ro'e Katz, I can confirm that I able to get Opal Server (opal-server:0.5.3-rc) working with redis using the following connection string format : rediss://xxxxxxx:6380,password=xxxxxxxxxxxxx. I also did a Http POST request to opal server endpoint : /data/config to make sure the pub sub communication is working between opal server and opal client, and opal client have successfully completed the data update. Please find the attached server log
[2023-03-27 210747 +0000] [1] [INFO] Starting gunicorn 20.1.0 [2023-03-27 210747 +0000] [1] [INFO] Listening at: http://0.0.0.0:7002 (1) [2023-03-27 210747 +0000] [1] [INFO] Using worker: uvicorn.workers.UvicornWorker [2023-03-27 210747 +0000] [7] [INFO] Booting worker with pid: 7 [2023-03-27 210747 +0000] [8] [INFO] Booting worker with pid: 8 [2023-03-27 210748 +0000] [9] [INFO] Booting worker with pid: 9 [2023-03-27 210748 +0000] [10] [INFO] Booting worker with pid: 10 2023-03-27T210753.085100+0000 | 10 | opal_server.server | INFO | OPAL is running in secure mode - will verify API requests with JWT tokens. 2023-03-27T210753.097822+0000 | 10 | opal_server.pubsub | INFO | Initializing broadcaster for server<->server communication 2023-03-27T210753.108472+0000 | 7 | opal_server.server | INFO | OPAL is running in secure mode - will verify API requests with JWT tokens. 2023-03-27T210753.109058+0000 | 7 | opal_server.pubsub | INFO | Initializing broadcaster for server<->server communication 2023-03-27T210753.109211+0000 | 8 | opal_server.server | INFO | OPAL is running in secure mode - will verify API requests with JWT tokens. 2023-03-27T210753.109975+0000 | 8 | opal_server.pubsub | INFO | Initializing broadcaster for server<->server communication 2023-03-27T210753.219564+0000 | 8 | opal_server.server | INFO | * OPAL Server Startup * 2023-03-27T210753.220184+0000 | 8 | opal_server.server | INFO | leadership lock acquired, leader pid: 8 2023-03-27T210753.222437+0000 | 8 | opal_server.data.data_update_publisher | INFO | [8] Starting Polling Updates 2023-03-27T210753.262027+0000 | 9 | opal_server.server | INFO | OPAL is running in secure mode - will verify API requests with JWT tokens. 2023-03-27T210753.263190+0000 | 9 | opal_server.pubsub | INFO | Initializing broadcaster for server<->server communication 2023-03-27T210753.272127+0000 | 10 | opal_server.server | INFO | * OPAL Server Startup * 2023-03-27T210753.272584+0000 | 10 | opal_server.server | INFO | leadership lock acquired, leader pid: 10 2023-03-27T210753.274503+0000 | 10 | opal_server.data.data_update_publisher | INFO | [10] Starting Polling Updates 2023-03-27T210753.280263+0000 | 7 | opal_server.server | INFO | * OPAL Server Startup * 2023-03-27T210753.280813+0000 | 7 | opal_server.server | INFO | leadership lock acquired, leader pid: 7 2023-03-27T210753.282334+0000 | 7 | opal_server.data.data_update_publisher | INFO | [7] Starting Polling Updates 2023-03-27T210753.364364+0000 | 9 | opal_server.server | INFO | * OPAL Server Startup * 2023-03-27T210753.364934+0000 | 9 | opal_server.server | INFO | leadership lock acquired, leader pid: 9 2023-03-27T210754.622524+0000 | 10 | fastapi_websocket_pubsub.event_broadc...| INFO | Listening for incoming events from broadcast channel (first listener started) 2023-03-27T210754.626346+0000 | 9 | fastapi_websocket_pubsub.event_broadc...| INFO | Listening for incoming events from broadcast channel (first listener started) 2023-03-27T210754.672025+0000 | 10 | fastapi_websocket_pubsub.event_broadc...| INFO | Starting broadcaster listener 2023-03-27T210754.673888+0000 | 10 | websockets.legacy.server | INFO | connection open 2023-03-27T210754.678279+0000 | 10 | websockets.legacy.server | INFO | connection closed 2023-03-27T210754.678573+0000 | 9 | fastapi_websocket_pubsub.event_broadc...| INFO | Starting broadcaster listener 2023-03-27T210754.683554+0000 | 9 | websockets.legacy.server | INFO | connection open 2023-03-27T210754.684821+0000 | 9 | websockets.legacy.server | INFO | connection closed 2023-03-27T210754.934279+0000 | 9 | fastapi_websocket_rpc.websocket_rpc_e...| INFO | Client connected 2023-03-27T210754.935256+0000 | 9 | websockets.legacy.server | INFO | connection open 2023-03-27T210754.948555+0000 | 9 | fastapi_websocket_pubsub.event_notifier | INFO | New subscription {'id': '90ccbc521f534d8e94b291bd2828c9e7', 'subscriber_id': '28258cf421e4424b988f1782a8a25945', 'topic': 'policy:.', 'callback': <function RpcEventServerMethods.subscribe.<locals>.callback at 0x7f83704f7520>, 'notifier_id': None} 2023-03-27T210754.965006+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38288 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210755.433013+0000 | 7 | fastapi_websocket_pubsub.event_broadc...| INFO | Listening for incoming events from broadcast channel (first listener started) 2023-03-27T210755.495129+0000 | 7 | fastapi_websocket_pubsub.event_broadc...| INFO | Starting broadcaster listener 2023-03-27T210755.496535+0000 | 7 | websockets.legacy.server | INFO | connection open 2023-03-27T210755.500232+0000 | 7 | websockets.legacy.server | INFO | connection closed 2023-03-27T210755.670369+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38292 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210757.231283+0000 | 7 | fastapi_websocket_rpc.websocket_rpc_e...| INFO | Client connected 2023-03-27T210757.232085+0000 | 7 | websockets.legacy.server | INFO | connection open 2023-03-27T210757.240986+0000 | 7 | fastapi_websocket_pubsub.event_notifier | INFO | New subscription {'id': 'ccaa34ac6a9a4102ab90179f80450220', 'subscriber_id': '8f0a77aa16d240a88dc384d8c3adf773', 'topic': 'xxxxxxxxxxxxxxxx', 'callback': <function RpcEventServerMethods.subscribe.<locals>.callback at 0x7f83704f7520>, 'notifier_id': None} 2023-03-27T210757.250068+0000 | 9 | opal_server.data.api | INFO | Source configuration is available at 'xxxxxxxxxxxxxxxxxx', redirecting with token=eyJhb...YR4JQ (abbrv.) 2023-03-27T210757.250604+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38296 - "GET /data/config HTTP/1.1" 307 2023-03-27T210757.598108+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38304 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210758.371569+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38308 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210802.566022+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38314 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210828.909838+0000 | 7 | fastapi_websocket_rpc.websocket_rpc_e...| INFO | Client disconnected - 38294 :: 8f0a77aa16d240a88dc384d8c3adf773 2023-03-27T210828.909967+0000 | 9 | fastapi_websocket_rpc.websocket_rpc_e...| INFO | Client disconnected - 38286 :: 28258cf421e4424b988f1782a8a25945 2023-03-27T210828.910450+0000 | 7 | fastapi_websocket_pubsub.event_notifier | INFO | Removing Subscription of topic='xxxxxxx' for subscriber=8f0a77aa16d240a88dc384d8c3adf773 2023-03-27T210828.910667+0000 | 9 | fastapi_websocket_pubsub.event_notifier | INFO | Removing Subscription of topic='policy:.' for subscriber=28258cf421e4424b988f1782a8a25945 2023-03-27T210828.911063+0000 | 7 | websockets.legacy.server | INFO | connection closed 2023-03-27T210828.911203+0000 | 9 | websockets.legacy.server | INFO | connection closed 2023-03-27T210837.063426+0000 | 9 | fastapi_websocket_rpc.websocket_rpc_e...| INFO | Client connected 2023-03-27T210837.064713+0000 | 9 | websockets.legacy.server | INFO | connection open 2023-03-27T210837.066288+0000 | 9 | fastapi_websocket_rpc.websocket_rpc_e...| INFO | Client connected 2023-03-27T210837.067100+0000 | 9 | websockets.legacy.server | INFO | connection open 2023-03-27T210837.083938+0000 | 9 | fastapi_websocket_pubsub.event_notifier | INFO | New subscription {'id': '5bcb4da06a074ccab593f01810386949', 'subscriber_id': '113c1b8ab8d34ffa80beb1b948d2af26', 'topic': 'policy:.', 'callback': <function RpcEventServerMethods.subscribe.<locals>.callback at 0x7f83704cf2e0>, 'notifier_id': None} 2023-03-27T210837.087605+0000 | 9 | fastapi_websocket_pubsub.event_notifier | INFO | New subscription {'id': '365ccdd93a7943b7a9f7356f39c8b178', 'subscriber_id': 'bdb2650238ae4cf68850302bb0a6d354', 'topic': 'xxxxxxxxxxxx', 'callback': <function RpcEventServerMethods.subscribe.<locals>.callback at 0x7f83704e5750>, 'notifier_id': None} 2023-03-27T210837.095389+0000 | 9 | opal_server.data.api | INFO | Source configuration is available at 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx', redirecting with token=eyJhb...YR4JQ (abbrv.) 2023-03-27T210837.095760+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38356 - "GET /data/config HTTP/1.1" 307 2023-03-27T210837.102899+0000 | 10 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38354 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210837.330221+0000 | 10 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38364 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210837.517073+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38366 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210838.604268+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38370 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210842.997388+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.7:38376 - "GET /policy?path=. HTTP/1.1" 503 2023-03-27T210900.223530+0000 | 8 | opal_server.data.data_update_publisher | INFO | [8] Publishing data update to topics: {'xxxxxxxxxxxxxxxxxx'}, reason: None, entries: [{'url': 'xxxxxxxxxxxxxxxxxxxx', 'method': 'PUT', 'path': '/static', 'inline_data': False, 'topics': ['xxxxxxxxxxxxxxxxxxxxx']}] 2023-03-27T210900.224537+0000 | 8 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.1:35876 - "POST /data/config HTTP/1.1" 200 2023-03-27T210945.614641+0000 | 9 | opal_server.security.api | INFO | Generated opal token: peer_type=datasource 2023-03-27T210945.615949+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.1:35892 - "POST /token HTTP/1.1" 200 2023-03-27T211030.311026+0000 | 9 | opal_server.data.data_update_publisher | INFO | [9] Publishing data update to topics: {'xxxxxxxxxxxxx'}, reason: None, entries: [{'url': 'xxxxxxxxxxxxxxxxx', 'method': 'PUT', 'path': '/static', 'inline_data': False, 'topics': ['xxxxxxxxxxxxxxxxxxxx']}] 2023-03-27T211030.311625+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.22.0.1:35908 - "POST /data/config HTTP/1.1" 200 2023-03-27T211030.312596+0000 | 9 | fastapi_websocket_pubsub.event_notifier | INFO | calling subscription callbacks: topic=xxxxxxxxxxxxxxxx, subscription_id=365ccdd93a7943b7a9f7356f39c8b178, subscriber_id=bdb2650238ae4cf68850302bb0a6d354 2023-03-27T211030.313851+0000 | 9 | fastapi_websocket_pubsub.rpc_event_me...| INFO | Notifying other side: subscription={'id': '365ccdd93a7943b7a9f7356f39c8b178', 'subscriber_id': 'bdb2650238ae4cf68850302bb0a6d354', 'topic': 'xxxxxxxxxxxxxxxx', 'notifier_id': None}, data=id='f56f9c09-7ec7-4799-914b-a0459ad5d26c' entries=[DataSourceEntry(url='xxxxxxxxxxxxxxxx', data=None, config={'headers': {'authorization': 'bearer xxxxxxxxxxxxxxxxxxxxx'}}, topics=['xxxxxxxxxxxxxxxxxxxxxxx'], dst_path='/static', save_method='PUT')] reason=None callback=UpdateCallback(callbacks=[]), channel_id=bdb2650238ae4cf68850302bb0a6d354
r
That’s great! 🙂 Thanks!
🙏 1
h
hi @Ro'e Katz, I just did some testing with the opal server version 0.6.0, 0.6.1 and 0.7.0 it doesn't look like it included the update you made for https://github.com/permitio/broadcaster. Everything seems to be working fine with the release candidate version that you provide us : permitio/opal-server:0.5.3-rc
👀 1
i would assume the latest OPAL release will include the latest updates made to https://github.com/permitio/broadcaster ? or you need to create a new release tag in https://github.com/permitio/broadcaster in order to be pickup by the new Opal release?
hi @Ro'e Katz would you able to help me to check why the latest version of opal doesn't seem to work with rediss:// and password in the connection string but the release candidate permitio/opal-server:0.5.3-rc is working fine?
r
Hi @Heng Tan, That’s very weird. I’ve bumped our broadcaster version to 
0.2.2
after merging those upstream changes you’ve requested (and others). I see that 
0.5.3-rc
, 
0.6.0
, 
0.6.1
, 
0.7.0
& 
0.7.1
are all using that version (
cat /usr/local/lib/python3.10/site-packages/broadcaster/__init__.py
within a shell on the server’s container), While 
0.5.0
is using the older broadcaster version 
0.2.1
. Can you please share instructions for reproducing (some feature that work on 
0.5.3-rc
but not on 
0.7.1
)?
h
Hi @Ro'e Katz, thanks for getting back to me. I created a basic sample docker compose file and rego bundle file to replicate this issue.
sample.tar.gzdocker-compose.yml
If you run 
docker compose up
, you will notice the opal-client container keep throwing the following error:
Copy code
Trying to connect to Pub/Sub server - <ws://opal-server:7002/ws>
2023-05-30 22:19:35 2023-05-30T21:19:35.269497+0000 | 19 | fastapi_websocket_rpc.websocket_rpc_c...| INFO  | Trying server - <ws://opal-server:7002/ws>
2023-05-30 22:19:35 2023-05-30T21:19:35.342957+0000 | 19 | fastapi_websocket_rpc.websocket_rpc_c...| INFO  | RPC Websocket failed - with invalid status code 500
2023-05-30 22:19:35 2023-05-30T21:19:35.352640+0000 | 19 | fastapi_websocket_rpc.websocket_rpc_c...| INFO  | RPC Websocket failed - with invalid status code 500
2023-05-30 22:19:35 2023-05-30T21:19:35.404337+0000 | 19 | fastapi_websocket_rpc.websocket_rpc_c...| INFO  | Trying server - <ws://opal-server:7002/ws>
2023-05-30 22:19:35 2023-05-30T21:19:35.429726+0000 | 19 | fastapi_websocket_rpc.websocket_rpc_c...| INFO  | Connection was terminated.
2023-05-30 22:19:35 2023-05-30T21:19:35.430244+0000 | 19 | fastapi_websocket_rpc.websocket_rpc_c...| INFO  | Closing RPC client
2023-05-30 22:19:35 2023-05-30T21:19:35.433289+0000 | 19 | opal_client.policy.updater              | INFO  | Disconnected from server
and the opal-server container keep showing the following error:
Copy code
2023-05-30 22:19:35 2023-05-30T21:19:35.337973+0000 | 12 | fastapi_websocket_pubsub.event_broadc...| INFO  | Starting broadcaster listener
2023-05-30 22:19:35 2023-05-30T21:19:35.340290+0000 | 12 | websockets.legacy.server                | INFO  | connection open
2023-05-30 22:19:35 2023-05-30T21:19:35.343201+0000 | 11 | fastapi_websocket_pubsub.event_broadc...| INFO  | Starting broadcaster listener
2023-05-30 22:19:35 2023-05-30T21:19:35.351043+0000 | 11 | websockets.legacy.server                | INFO  | connection open
2023-05-30 22:19:35 2023-05-30T21:19:35.351213+0000 | 12 | websockets.legacy.server                | INFO  | connection closed
2023-05-30 22:19:35 2023-05-30T21:19:35.356731+0000 | 11 | websockets.legacy.server                | INFO  | connection closed
2023-05-30 22:19:35 2023-05-30T21:19:35.415047+0000 | 12 | fastapi_websocket_rpc.websocket_rpc_e...| INFO  | Client connected
2023-05-30 22:19:35 2023-05-30T21:19:35.416226+0000 | 12 | websockets.legacy.server                | INFO  | connection open
2023-05-30 22:19:35 2023-05-30T21:19:35.417122+0000 | 12 | fastapi_websocket_rpc.websocket_rpc_e...| INFO  | Client connection failed - 54674 :: a11c190dd82242fc89c2b0a734ca6cc6
If you change to use one of the following options the error seem to be dissappear: • change the opal server to use image: permitio/opal-server:0.5.3-rc the error doesn't seem to appear • or change the redis container not to use password (
--requirepass
)
r
Hi @Heng Tan - Thanks for sending those! I believe I understand what’s going on. The url with the password should be passed in the following format:
Copy code
OPAL_BROADCAST_URI=redis://:sS1a8I20TJb1qfMyRapWpkfUuBE3bq7X4AzCaK7cOfE=@broadcast-channel:6379
(Look at broadcaster’s code - it uses 
urllib.parse.urlparse
, 
urllib.parse.urlparse("<redis://broadcast-channel:6379>,password=sS1a8I20TJb1qfMyRapWpkfUuBE3bq7X4AzCaK7cOfE=").port
actually raises an error). Using this format, I’ve been able to make it work on the newer versions. As for 
0.5.3-rc
- it doesn’t really work there either, The server just kind of ignores the broadcaster connection failure, and lets the client connect - which is actually a bug we’ve fixed before the later versions.
h
@Ro'e Katz thank you so much for looking into the issue. I just tested the Redis connection string you suggested and it works. Thank you again for your help. 🙏
r
Happy I was able to help ✌️
🍻 1
Open in Slack
PreviousNext
Powered by