Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OPAL .manifest file is in conflict by name with OPA .manifest file #379

Open
ztepsic opened this issue Feb 8, 2023 · 3 comments
Open

OPAL .manifest file is in conflict by name with OPA .manifest file #379

ztepsic opened this issue Feb 8, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@ztepsic
Copy link

ztepsic commented Feb 8, 2023
edited

OPAL is defining .manifest file which is in conflict by name with .manifest file defined by OPA.

It means that you can only have one .manifest file, defined either for OPA or OPAL and not for both.

Example of OPAL .manifest file:

utils.rego
rbac.rego

Example of OPA .manifest file:

{
  "revision" : "7864d60dd78d748dbce54b569e939f5b0dc07486",
  "roots": ["roles", "http/example/authz"]
}

If using VS Code Open Policy Agent plugin with "OPA: Test Workspace" command, OPA will complain about OPAL .manifest file that contains invalid content since it expects json

unable to load bundle file: ...
bundle load failed on manifest decode: invalid character 'some caracter' looking for beginning of value
@ztepsic ztepsic added the bug Something isn't working label Feb 8, 2023
@orweis
Copy link
Contributor

orweis commented Feb 8, 2023

Hi @ztepsic :) -

You can simply set the OPAL manifest file to a different path using OPAL_POLICY_REPO_MANIFEST_PATH
See the docs here: https://docs.opal.ac/tutorials/track_a_git_repo#policy-bundle-manifest---serving-dependant-policy-modules

Please close this issue if this resolves the problem for you;
Please share more information if it doesn't.

@ztepsic
Copy link
Author

ztepsic commented Feb 8, 2023

But this is only

Hi @ztepsic :) -

You can simply set the OPAL manifest file to a different path using OPAL_POLICY_REPO_MANIFEST_PATH See the docs here: https://docs.opal.ac/tutorials/track_a_git_repo#policy-bundle-manifest---serving-dependant-policy-modules

Please close this issue if this resolves the problem for you; Please share more information if it doesn't.

This can be solution only for OPAL root .manifest file, but there can be OPAL .manifest files in subfolders, what is also causing issues.

The format of the .manifest file you should adhere to:

  • File encoding should be standard (i.e: UTF-8)
  • Lines should be separated with newlines (\n character)
    Each line should contain a path, relative to the .manifest file, which could be one of the following:
    • A policy / data file (i.e: a .rego file or data.json file).
    • A folder, containing another .manifest file to be loaded recursively.
  • File paths should appear in the order you want to load them into OPA.
  • If your root .manifest file is at another path, you can set another value to the env var OPAL_POLICY_REPO_MANIFEST_PATH (either a file path, or a folder path containing a .manifest file).

@orweis
Copy link
Contributor

orweis commented Feb 8, 2023

True - you can have sub manifests file - but you don't have to - you can use one just in the root folder.

I guess we can add an option via another ENV_VAR to search for a different file name in the recursive folders:

opal/packages/opal-common/opal_common/git/bundle_maker.py

Line 92 in 422d45c

manifest_file_name: str = ".manifest",

Would you be interested in doing a Pull-Request for this?

I'm also open to other solutions you'd like to suggest.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ztepsic @orweis