Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not able to access rego policies from other drive in windows #6910

Open
Punithckaccionlabs opened this issue Aug 5, 2024 · 5 comments
Open

Comments

@Punithckaccionlabs
Copy link

Not able to access rego policies from other drive in windows. Error while integrate with Golang.
Ex: If go-binary/main.go is in the D drive and tries to access Rego policies located in the C drive(or vice-versa), an error occurs. loading policies: load: 1 error occurred during loading: CreateFile \Users\pck\AppData\Local\Temp\temp_dir_12342789295736: The system cannot find the path specified.

opa loader should identify windows C, D drives and load files

Quick fix has been added below.

Short description

OPA version = v0.67.0
Environment = windows 11
Error = loading policies: load: 1 error occurred during loading: CreateFile \Users\pck\AppData\Local\Temp\temp_dir_12342789295736: The system cannot find the path specified.
System type = x64 based PC

Steps To Reproduce

  1. Place Rego policy files in the C drive.
  2. LoadPolicy from the D drive.
package main

import (
	"fmt"
	"os"

	opaPolicy "github.com/open-policy-agent/conftest/policy"
)
// Keep this code in D drive
// Create a directory in D drive and add dummy rego policies ex: D:\punith\opa-bug-reproduce
// Create a directory in C drive and add dummy rego policies ex: C:\Users\pck\AppData\Local\Temp\temp_dir_12342789295736
// go mod init opa-bug
// go get "github.com/open-policy-agent/conftest"
// go mod tidy
// go run main.go

func main() {
	currentWorkingDirectory, _ := os.Getwd()
	fmt.Println("Current Working Directory:", currentWorkingDirectory) // D:\punith\opa-bug-reproduce

	cDir := `C:\Users\pck\AppData\Local\Temp\temp_dir_12342789295736`
	dir := cDir
	_, err := opaPolicy.LoadWithData([]string{dir}, []string{dir}, "", false)
	if err != nil {
		fmt.Println("Error: error during loading with data", err)
		return
	}
	fmt.Println("successfully loaded")
}

Expected behavior

Code should be able to load rego policies from other drives(C or D or E drives) in windows

Additional context

{

  input:    `C:\foo\bar`,

  wantParts: []string{"foo", "bar"}

  wantPath: `C:\foo\bar`,
}
@anderseknert
Copy link
Member

anderseknert commented Aug 5, 2024

Hi there, and thanks for filing an issue! It looks like you're pulling in a conftest module to load your policies.

opaPolicy "github.com/open-policy-agent/conftest/policy"

While this may very well be a bug in OPA, could you try and reproduce this with example code that only depends on OPA modules?

(or of course, file a bug in the conftest project if that's what you're using)

@Punithckaccionlabs
Copy link
Author

We are using github.com/open-policy-agent/conftest/policy
I Raised this issue in conftest project: open-policy-agent/conftest#979
Thanks @anderseknert for quick reply

@anderseknert
Copy link
Member

👍 Yeah, again, this might very well be something we'll need to fix in OPA too. But let's first see what the conftest folks have to say :)

@pckvcode
Copy link

I encountered a similar issue with OPA. Issue: Unable to retrieve Rego policies from other directories in windows

Sample Commands tried in my local with screenshot

  1. List example.rego and input.json file in D drive
  2. Evaluating policy[Success]
  3. List example.rego policy in C drive
  4. Evaluating policy[Failed, Error = CreateFile \\Users\\pck\\AppData\\Local\\Temp\\temp_dir_12342318055089\\example.rego: The system cannot find the path specified]
    Screenshot 2024-08-11 at 9 10 42 PM_Edited

To reproduce the issue:

  1. Create a Rego policy file on the C drive with the following content:

    File: example.rego

    package example.authz
    
    default allow = false
    
    allow {
        input.action == "merge"
        input.user == "admin"
    }
  2. Create an input file with the following content:

    File: input.json

    {
      "action": "merge",
      "user": "admin"
    }
  3. Run the following OPA eval command:

    .\opa.exe eval --input "D:\punith\opa-bug-reproduce\opa-library\test\input.json" --data "C:\Users\pck\AppData\Local\Temp\temp_dir_12342318055089\example.rego" "data.example.authz.allow"

pckvcode added a commit to pckvcode/opa-pckvcode that referenced this issue Aug 12, 2024
…ther drives in Windows. For more details, see open-policy-agent#6910 and open-policy-agent/conftest#979.

OPA should be capable of accessing Rego policies from specified paths including drives (e.g., c:\a\b\c.rego).

The code has been updated to allow OPA to load Rego policies from paths with drives. Now, OPA can load Rego policies from paths, URLs, and drives.

Fixes open-policy-agent#6910

Signed-off-by: pckvcode <pck@veracode.com>
pckvcode added a commit to pckvcode/opa-pckvcode that referenced this issue Aug 21, 2024
…nput sources:

Existing Inputs:
1. Absolute file paths (e.g., /a/b/c/example.rego)
2. Paths with URLs (e.g., file:///path/to/file.json)
3. Paths with drive letters (e.g., C:\a\b\c\example.rego)

New Inputs:
1. Paths with drive letters and URLs (e.g., "C:file:///C:/a/b/c")

This requirement ensures that Opa can handle a variety of input formats, including local file paths, remote URLs, and even mixed formats that include both drive letters and URLs.

open-policy-agent#6910
Signed-off-by: pckvcode <pck@veracode.com>
pckvcode added a commit to pckvcode/opa-pckvcode that referenced this issue Aug 21, 2024
…nput sources:

Existing Inputs:
1. Absolute file paths (e.g., /a/b/c/example.rego)
2. Paths with URLs (e.g., file:///path/to/file.json)
3. Paths with drive letters and URLs (e.g., "C:file:///C:/a/b/c")

New Inputs:
1. Paths with drive letters (e.g., C:\a\b\c\example.rego)

This requirement ensures that Opa can handle a variety of input formats, including local file paths, remote URLs, and even mixed formats that include both drive letters and URLs.

open-policy-agent#6910
Signed-off-by: pckvcode <pck@veracode.com>
pckvcode added a commit to pckvcode/opa-pckvcode that referenced this issue Aug 23, 2024
…clude a Windows drive letter (e.g., C:\a\b\c\example.rego). When tests are run on Windows, temporary directories are created on the C drive (e.g., C:\Users\<username>\AppData\Local\Temp).

Fixes: open-policy-agent#6910

Signed-off-by: pckvcode <pck@veracode.com>
Copy link

stale bot commented Sep 11, 2024

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants