https://linen.dev logo
Join Slack
Powered by
This message was deleted.
# opal
s
This message was deleted.
o
Oh, I misread what you wrote. Let me check the specs for that config
To set where the bundle is downloaded to you need to include: 
OPAL_POLICY_BUNDLE_TMP_PATH
https://github.com/permitio/opal/blob/d943114eb2e9ac2e180772c88cf2b0a5bdf1c819/packages/opal-server/opal_server/config.py#L114
a
Yes i tried to modify this value also, still it downloads to /tmp
Below is the configuration with env POLICY_BUNDLE_TMP_PATH spec: containers: - name: opal-server image: "permitio/opal-server:latest" imagePullPolicy: IfNotPresent ports: - name: http containerPort: 7002 protocol: TCP env: - name: OPAL_POLICY_BUNDLE_URL value: 'http://nginx.opa.svc' - name: OPAL_POLICY_SOURCE_TYPE value: 'API' - name: POLICY_BUNDLE_TMP_PATH value: "~/opal" - name: OPAL_POLICY_REPO_POLLING_INTERVAL value: "30" - name: UVICORN_NUM_WORKERS value: "4" - name: OPAL_DATA_CONFIG_SOURCES value: '{"config":{"entries":[{"url":"http://opal-server.opa.svc.cluster.local:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}'
Logs for the same: /opal/regoclone/opal_repo_clone$ ls -lrt total 0 opal@myopal-server-cd6dbf8b-njwx7:/opal/regoclone/opal_repo_clone$ opal@myopal-server-cd6dbf8b-njwx7:/opal/regoclone/opal_repo_clone$ opal@myopal-server-cd6dbf8b-njwx7:/opal/regoclone/opal_repo_clone$ opal@myopal-server-cd6dbf8b-njwx7:/opal/regoclone/opal_repo_clone$ cd /tmp opal@myopal-server-cd6dbf8b-njwx7:/tmp$ ls -lrt total 4 -rw-r--r-- 1 opal opal 887 Dec 2 10:30 bundle.tar.gz -rwxr-xr-x 1 opal opal 0 Dec 2 10:31 opal_server_leader.lock
o
The value is a path to a file not to a folder
e.g. “”/tmp/bundle.tar.gz”"
a
Thanks @Or Weis, Let me try. Correct me if im wrong, value should be like below : '~/opal/bundle.tar.gz' Note: I followed docker-compose-api-policy-source-example.yml from the documents and configured same for kuberentes
o
Yes, Using “~” is somewhat OS dependent, so I’d even suggesting using the actual full path - just to be safe. Let us know if that solves the issue; Otherwise there might be a bug here (though , I’m looking at the code and it looks right to me)
CC: @OBD gmail , @Asaf Cohen, @Ori Shavit
👀 1
a
Hi @Or Weis, I tried with absolute path, below is the configuration but it didnt work, still it is downloading to /tmp env: - name: OPAL_POLICY_BUNDLE_URL value: 'http://nginx.opa.svc' - name: OPAL_POLICY_SOURCE_TYPE value: 'API' - name: POLICY_BUNDLE_TMP_PATH value: "/opal/bundle.tar.gz" Below are the logs for reference /tmp$ ls -lrt total 4 -rw-r--r-- 1 opal opal 887 Dec 2 10:46 bundle.tar.gz -rwxr-xr-x 1 opal opal 0 Dec 2 10:49 opal_server_leader.lock opal@myopal-server-665b64465f-xdn9t:/tmp$ cd /opal opal@myopal-server-665b64465f-xdn9t:/opal$ ls -lrt total 84 -rwxr-xr-x 1 root root 4049 Oct 14 18:53 wait-for.sh -rwxr-xr-x 1 root root 670 Oct 14 18:53 start.sh drwxr-xr-x 2 root root 4096 Oct 14 18:53 scripts -rw-r--r-- 1 root root 126 Oct 14 18:53 requirements.txt -rw-r--r-- 1 root root 90 Oct 14 18:53 pytest.ini drwxr-xr-x 1 root root 4096 Oct 14 18:53 packages -rw-r--r-- 1 root root 608 Oct 14 18:53 gunicorn_conf.py drwxr-xr-x 5 root root 4096 Oct 14 18:53 documentation drwxr-xr-x 3 root root 4096 Oct 14 18:53 docker -rw-r--r-- 1 root root 7446 Oct 14 18:53 README.md -rw-r--r-- 1 root root 2705 Oct 14 18:53 Makefile -rw-r--r-- 1 root root 21 Oct 14 18:53 MANIFEST.in -rw-r--r-- 1 root root 11352 Oct 14 18:53 LICENSE -rw-r--r-- 1 root root 2987 Oct 14 18:53 CONTRIBUTING.md -rw-r--r-- 1 root root 282 Oct 14 18:53 CODE_OF_CONDUCT.md drwxr-xr-x 2 opal opal 4096 Dec 2 10:46 pycache drwxr-xr-x 2 opal opal 4096 Dec 2 10:46 jwks_dir drwxr-xr-x 3 opal opal 4096 Dec 2 10:46 regoclone
o
That's odd. @Asaf Cohen what do you think?
a
Shouldn’t the env var name be OPAL_POLICY_BUNDLE_TMP_PATH?
@anvitha haviligi
o
Oh, good catch, yes it has to be
a
OK let me try with OPAL_ POLICY_BUNDLE_TMP_PATH
a
It’s misleading @anvitha haviligi all opal env vars must start with a prefix
a
Thank you @Asaf Cohen, My mistake i didnt noticed prefix.
❤️ 1
Open in Slack
PreviousNext
Powered by