https://linen.dev logo
Join Slack
Powered by
This message was deleted.
# opal
s
This message was deleted.
t
taking an example of one policy rule from my policy file
Copy code
package httpapi.authz
default allow = false

allow {
    input.method = "POST"
	input.path = ["v1", "users"]
}
calling OPA with following request payload
Copy code
curl --location --request POST '<http://localhost:8181/v1/data/httpapi/authz>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "input": {
        "method": "POST",
        "path": [
            "v1",
            "users"
        ]
    }
}'
should have resulted in
Copy code
{
  "result": {
    "allow": true
  }
}
instead i don’t get anything in response not sure if data source fetch failing causes any issues with OPA’s working if not would help me to rule out this possibility and debug differently
tried out running a new image where data fetch fails and OPA was working as intended there might be some issue with some other thing in my docker compose
👀 1
a
Hi @Thilak Reddy 🙂 If you tried to sync the policy file through OPAL and the policy bundle download did not succeed, you might get an issue here. It would help if you can provide your docker compose file so i can make sure that your OPAL config is correct
ok, just tested your policy on local opa and it should have worked. so it's definitely related to your OPAL config. It would help to get your config file (e.g: docker compose) and the opal server and client logs so we can help you detect the issue.
t
the policy file is statically loaded during build and i don’t sync policy i was also trying out directly running each container this is my client
Copy code
docker run -it  \
	-e "OPAL_POLICY_UPDATER_ENABLED=false" \
	-e "OPAL_INLINE_OPA_LOG_FORMAT=http" \
	-e "OPAL_SERVER_URL=<http://host.docker.internal:7002>" \
	-e "OPAL_INLINE_OPA_CONFIG="{\"files\":[\"\/policy.rego\"]}"" \
	-p 7766:7000 -p 8181:8181 opal-local
i built this 
opal-local
image from latest image and load my policy file into the image
Copy code
FROM permitio/opal-client:0.7.4-rc
COPY ./policy/org.rego /policy.rego
my server docker run is
Copy code
docker run -it  \
	-e "OPAL_POLICY_REPO_URL=<https://github.com/thilak009/opal-policy-store-test>" \
	-e OPAL_DATA_CONFIG_SOURCES=<config> \
	-e "OPAL_POLICY_REPO_POLLING_INTERVAL=0" \
    -e "OPAL_POLICY_REPO_MAIN_BRANCH=main" \
	-e "OPAL_REPO_WATCHER_ENABLED=false" \
	-p 7002:7002 permitio/opal-server:0.7.4-rc
the DATA_CONFIG_SOURCES has url of a proxy/gateway which serves data, but this fails due to some reason
this is working as expected @Asaf Cohen, i will try out my docker compose tomorrow and let u know if the issue persists
a
the DATA_CONFIG_SOURCES has url of a proxy/gateway which serves data, but this fails due to some reason
the logs would be helpful here
i don't see anything unusual with your docker image, but you can make sure your policy file is loaded by calling OPA REST API:
Copy code
curl --location --request GET 'http://<pdp-dns>:8181/v1/policies'
and see if your policy is indeed loaded as expected
t
Asaf, it is with great embarrassment to tell you that, an issue with my code was not adding roles to user tokens which was causing deny from OPA as user token does not have role(s) the bug was that in golang multiple switch case having to execute same code should be of the syntax
Copy code
case condition1,condition1,conditionn:
  // code to be executed
and not
Copy code
case condition1:
case condition2:
case conditionn:
  // code to be executed
shouldn’t have debugged this yesterday when my brain battery was low xD
a
No worries 😉 Glad I could help!
💜 1
Open in Slack
PreviousNext
Powered by