This message was deleted.

@Thilak Reddy thanks for reaching out. I will forward this question to our dev team to find out if this is a possibility! 🙏🏼

Hi @Thilak Reddy You should set

OPAL_REPO_WATCHER_ENABLED=false

That should display the policy tracking from opal server

@Asaf Cohen the

OPAL_REPO_WATCHER_ENABLED

setting is only available for the server The OPAL client still calls the server to fetch the policy bundle Not sure if a similar setting exists for the client as well

mmm i see, unfortunately looks like we are missing this as a feature. We can add an option to disable policy fetching in the client, but it might take us a few days to get there. In the meanwhile - i can suggest syncing an empty repo as a stop gap solution. @Ro'e Katz @Ori Shavit when do you think we can get this done, Thursday?

Hey @Asaf Cohen created a feature request on github to note this down, i tried to make the change but got stuck on writing tests I might take another shot at it if have get some time

Hi @Thilak Reddy we'll try to get this in as soon as we can.

Hi @Asaf Cohen, i have tried to solve this by optionally initialising the

PolicyUpdater

based on an env variable, mentioned some points that i need help on Can someone look at this pull request? https://github.com/permitio/opal/pull/470 Would appreciate help on how i can go about this 🙏

@Thilak Reddy That’s great. I’ll take a look! (maybe today but probably tomorrow)

Can I ask how are you planning to sync data?

I am using

OPAL_DATA_SOURCES_CONFIG

to load data and updates would be pushed to OPAL server through API 1. Workaround mentioned here are when i am tracking a git repo or loading bundles, which is not what i am trying to do, i don’t want to load or sync any policy files to clients 2. As i don’t want to fetch or load policies, doing this additional setup just to workaround the OPAL client health doesn’t sound like a good idea

might be fixing the server to just serve empty bundles if

OPAL_REPO_WATCHER_ENABLED=False

(instead of raising an error).

In any case when we are loading a bundle either empty or some dummy bundle, the policies loaded into OPAL client docker image during docker build are overridden by the loaded bundle from the server which is not the desired state, i would want the policies(a single policy file) i loaded into my OPAL client image to be the one being used So don’t serving empty bundles from any place solves the issue, it always overrides the policies present in the docker image

But thinking about that again, I tend to prefer a solution that involves the server rather than the client -

after all it is the server where the user configures what should be tracked

yup, but let’s consider a use case where the server is set to track a git repo for policy files but one or a subset of clients don’t want to receive those policy bundles/files, these clients are only interested in the data config sources and the data updates (git repo doesn’t have any data, contains only policies) and want to load policies during docker build instead of loading them from server In this scenario, not having an option on client to switch off policy loading/syncing would result in the OPAL client trying to fetch policy which will override the policies loaded into the docker image TLDR: server may or may not track a git repo, in any case the client should be able to choose to load/sync policies just like how it can choose to switch off data updates using

OPAL_DATA_UPDATER_ENABLED

I will reply on the PR with more details but i hope i made sense

@Thilak Reddy Thanks for the additional information. I see your points, Gonna reply soon on the PR itself.

Updated the PR with changes for

OpaTransactionLogState.healthy

method https://github.com/permitio/opal/pull/470#issuecomment-1566218232

Approved 🙂 But had 2 requests before I merge - take a look there

Hi @Ro'e Katz, checked the working of disabling and not disabling of policy sync and fixed the pre-commit formatting issue

@Thilak Reddy Merged. Kudos!

Thanks for your time @Ro'e Katz 🙌

I think we’re gonna release a new version next week (Meanwhile you can build your own image of course)