Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Type checking: "unable to compile the schema: pattern must be a valid regex" #4426

Closed
anderseknert opened this issue Mar 10, 2022 · 0 comments · Fixed by #4429
Closed

Type checking: "unable to compile the schema: pattern must be a valid regex" #4426

anderseknert opened this issue Mar 10, 2022 · 0 comments · Fixed by #4429
Labels
bug

Comments

@anderseknert
Copy link
Member

The JSON schema-backed type checker fails if it encounters a regex pattern that it can't compile, even though the pattern is valid in the ECMA regex dialect provided in JSON schemas. While we'll unlikely be able to support that regex dialect fully, there doesn't seem to be much point in compiling those patterns at all unless we're actually using them in our type checks, which as far as I can tell, we don't. If correct, I'd suggest ignoring pattern for the purpose of type checking, and don't compile the values.

Example schema and policy below, reduced from the AWS Cloudformation S3Bucket template schema.

schemas/name.json

{
    "properties": {
        "name": {
            "pattern": "^(?!aws:.*)[a-zA-Z0-9\\s\\_\\.\\/\\=\\+\\-]+$",
            "type": "string"
        }
    }
}

policy.rego

# METADATA
# schemas:
#   - input: schema.name
package policy

allow {
    input.name == "Jane"
}
opa eval -f raw -d policy.rego -s schemas data.policy.allow
1 error occurred: policy.rego:6: rego_type_error: unable to compile the schema: pattern must be a valid regex
@anderseknert anderseknert mentioned this issue Mar 11, 2022
Merged
anderseknert added a commit to anderseknert/opa that referenced this issue Mar 11, 2022
@anderseknert
JSON schema: skip pattern attribute compilation
f8dd7bb 
We don't use the regex "pattern" attribute for type checking,
but this still caused problems parsing schemas where the pattern
specified contained things that the Go regex dialect did not
support, such as negative lookahead. Solved for now by simply
removing the regex compilation of pattern properties.

Fixes open-policy-agent#4426

Signed-off-by: Anders Eknert <anders@eknert.com>
anderseknert added a commit that referenced this issue Mar 11, 2022
@anderseknert
JSON schema: skip pattern attribute compilation (#4429)
a49e17e 
We don't use the regex "pattern" attribute for type checking,
but this still caused problems parsing schemas where the pattern
specified contained things that the Go regex dialect did not
support, such as negative lookahead. Solved for now by simply
removing the regex compilation of pattern properties.

Fixes #4426

Signed-off-by: Anders Eknert <anders@eknert.com>
@anderseknert anderseknert mentioned this issue Jan 26, 2023
Closed
@anderseknert anderseknert mentioned this issue Jul 12, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

JSON schema: skip pattern attribute compilation anderseknert/opa
1 participant
@anderseknert