Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opa build: deny entrypoints that don't map to module tree #3957

Closed
srenatus opened this issue Nov 3, 2021 · 1 comment · Fixed by #5086
Closed

opa build: deny entrypoints that don't map to module tree #3957

srenatus opened this issue Nov 3, 2021 · 1 comment · Fixed by #5086
Assignees
@anderseknert
Labels
usability
Projects
Open Policy Agent

Comments

@srenatus
Copy link
Contributor

srenatus commented Nov 3, 2021

Given a policy.rego like

package foo
default allow = false
allow { input.open == "sesame" }

It's unlikely that when a user calls opa build -t wasm -e fox/allow policy.rego, they want to have their entrypoints point to raw data, i.e. data.fox.allow. (It's more likely that they've made a typo.)

opa build should fail if the provided endpoints don't reference the module tree, but "just data".

There should be a new option that allows to go back to the old behaviour. Or perhaps we make it --entrypoint (-e) and --data-entrypoint for plain data refs. Since this will be a breaking change for users that use data refs, anyways, with the "revert to old behaviour" flag, too, we might as well just have them be explicit about their entry point types.

This came up in #3953, where the mis-pointed entrypoint used quotes.
@srenatus srenatus changed the title opa build: deny entrypoints that don't map to rules opa build: deny entrypoints that don't map to module tree Nov 3, 2021
@srenatus srenatus mentioned this issue Nov 3, 2021
Closed
@stale
Copy link

stale bot commented Dec 3, 2021

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.

@stale stale bot added the inactive label Dec 3, 2021
@srenatus srenatus mentioned this issue Jan 30, 2022
Closed
@anderseknert anderseknert self-assigned this Sep 1, 2022
@stale stale bot removed the inactive label Sep 1, 2022
@anderseknert anderseknert added this to Backlog in Open Policy Agent via automation Sep 1, 2022
@anderseknert anderseknert moved this from Backlog to In Progress in Open Policy Agent Sep 1, 2022
@anderseknert anderseknert mentioned this issue Sep 2, 2022
Merged
anderseknert added a commit to anderseknert/opa that referenced this issue Sep 7, 2022
@anderseknert
opa build -t wasm|plan: fail on unmatched entrypoints
b829ec6 
Fixes open-policy-agent#3957

Signed-off-by: Anders Eknert <anders@eknert.com>
anderseknert added a commit that referenced this issue Sep 7, 2022
@anderseknert
opa build -t wasm|plan: fail on unmatched entrypoints
b5cbbb5 
Fixes #3957

Signed-off-by: Anders Eknert <anders@eknert.com>
Open Policy Agent automation moved this from In Progress to Done Sep 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anderseknert anderseknert

Labels
usability
Projects
Open Policy Agent
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

opa build -t wasm|plan: fail on unmatched entrypoints anderseknert/opa
2 participants
@anderseknert @srenatus