raghanag
05/25/2023, 12:59 AM{}
but it is working as expected, here is the playground link https://play.openpolicyagent.org/p/4FSJjGOLpY, we suspect the schema is not being properly built into the policy bundle. How to make sure the schema is being included in the policy bundle. or do i need to extract the schema and put it as part of the input query.Or Weis
05/25/2023, 2:05 AMraghanag
05/25/2023, 4:05 AMOr Weis
05/25/2023, 6:39 AMinput.schema
- that means you are loading the schema from the input query itself, and not from the data loaded into OPA by OPALraghanag
05/25/2023, 6:46 AMallow
as false
Or Weis
05/25/2023, 6:48 AMraghanag
05/25/2023, 6:50 AMOr Weis
05/25/2023, 6:57 AMraghanag
05/25/2023, 7:01 AMOr Weis
05/25/2023, 7:02 AMraghanag
05/25/2023, 7:06 AMcurl --location --request POST '<http://127.0.0.1:8181/v1/data/graphqlapi/authz>' \
--header 'Content-Type: application/json' \
--data-raw '{
"input": {
"query": "query { environmentTags }",
"user": "lonewolf",
"variables": {}
}
}'
Or Weis
05/25/2023, 8:07 AMraghanag
05/25/2023, 6:53 PMopa build -b bundle
├── bundle
│ ├── data.json
│ └── graphqlapi
│ └── authz
│ └── rbac.rego (edited)
and followed the docker-compose at https://www.openpolicyagent.org/docs/latest/graphql-api-authorization/ its working as expected.
i.e., when i query with lonewolf
i get allow
as true
and with other users i get allow
as false
but when i use opal (just pushed my directory to git and let the opal-server tracks and clones it) i get the allow
as false
for lonewolf
user
curl --location --request POST '<http://127.0.0.1:8181/v1/data/graphqlapi/authz>' \
--header 'Content-Type: application/json' \
--data-raw '{
"input": {
"query": "query { environmentTags }",
"user": "lonewolf",
"variables": {}
}
}'
Or Weis
05/25/2023, 7:14 PMraghanag
05/25/2023, 7:38 PMopa
cli build
command to make a bundle and used it in the docker-compose.yaml
, and for opal
pushed my files to git
and configured the opal-server
And for stand-alone opa, I can see the data when i query http://localhost:8181/v1/data/schema but with opal i get empty response {}
Or Weis
05/25/2023, 7:41 PMraghanag
05/25/2023, 7:45 PMOr Weis
05/25/2023, 7:46 PMraghanag
05/25/2023, 7:47 PMOr Weis
05/25/2023, 7:49 PM/v1/data/*bundle*/schema
not /v1/data/schema
raghanag
05/25/2023, 7:50 PMOr Weis
05/25/2023, 8:03 PM<http://localhost:8181/v1/data/bundle/data>
?
It’s <http://localhost:8181/v1/data/bundle/schema>
may i ask if i use the same folder structure (basically same repo) to make bundle and used opal, why do i need to use different pathsIn one you have another folder called bundle - they are not the same folder structure
raghanag
05/25/2023, 8:08 PMOr Weis
05/25/2023, 8:10 PMraghanag
05/25/2023, 8:12 PMOr Weis
05/25/2023, 8:13 PMdata.json
file at the root of the folder.raghanag
05/25/2023, 8:13 PMOr Weis
05/25/2023, 8:15 PMdata.bundle.schema
instead of data.schema
- if you want to maintain your file structureraghanag
05/25/2023, 8:27 PM