You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The JSON schema-backed type checker fails if it encounters a regex pattern that it can't compile, even though the pattern is valid in the ECMA regex dialect provided in JSON schemas. While we'll unlikely be able to support that regex dialect fully, there doesn't seem to be much point in compiling those patterns at all unless we're actually using them in our type checks, which as far as I can tell, we don't. If correct, I'd suggest ignoring pattern for the purpose of type checking, and don't compile the values.
Example schema and policy below, reduced from the AWS Cloudformation S3Bucket template schema.
opa eval -f raw -d policy.rego -s schemas data.policy.allow
1 error occurred: policy.rego:6: rego_type_error: unable to compile the schema: pattern must be a valid regex
The text was updated successfully, but these errors were encountered:
We don't use the regex "pattern" attribute for type checking,
but this still caused problems parsing schemas where the pattern
specified contained things that the Go regex dialect did not
support, such as negative lookahead. Solved for now by simply
removing the regex compilation of pattern properties.
Fixesopen-policy-agent#4426
Signed-off-by: Anders Eknert <anders@eknert.com>
We don't use the regex "pattern" attribute for type checking,
but this still caused problems parsing schemas where the pattern
specified contained things that the Go regex dialect did not
support, such as negative lookahead. Solved for now by simply
removing the regex compilation of pattern properties.
Fixes#4426
Signed-off-by: Anders Eknert <anders@eknert.com>
The JSON schema-backed type checker fails if it encounters a regex pattern that it can't compile, even though the pattern is valid in the ECMA regex dialect provided in JSON schemas. While we'll unlikely be able to support that regex dialect fully, there doesn't seem to be much point in compiling those patterns at all unless we're actually using them in our type checks, which as far as I can tell, we don't. If correct, I'd suggest ignoring
pattern
for the purpose of type checking, and don't compile the values.Example schema and policy below, reduced from the AWS Cloudformation S3Bucket template schema.
schemas/name.json
policy.rego
opa eval -f raw -d policy.rego -s schemas data.policy.allow 1 error occurred: policy.rego:6: rego_type_error: unable to compile the schema: pattern must be a valid regex
The text was updated successfully, but these errors were encountered: