Include eopa_dl plugin in opa #3792
Conversation
filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go
Outdated
Show resolved
Hide resolved
go.mod
Outdated
| github.com/aws/aws-sdk-go-v2/config v1.32.6 // indirect | ||
| github.com/aws/aws-sdk-go-v2/credentials v1.19.6 // indirect | ||
| github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect | ||
| github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.20.17 // indirect |
There was a problem hiding this comment.
If we merge it we can also add some AWS specific filters, because here we import many cloud provider dependencies.
I wonder how big the binary will be, can you build the binary and share the MB, please ?
There was a problem hiding this comment.
The binary is actually 156.9MB in this case. While master branch built one is 80.2.
What would be a recommended way to add AWS specific filters?
There was a problem hiding this comment.
Oh, that's huge.
The question is if we want to have build tags in order to reduce the binary size.
It's not really something you should care about, but we should care.
So from my side it's not a blocker, but I may create some build tag to also have a non OPA build for people who care about binary size.
|
|
||
| assert.NotNil(t, decisionLog["decision_id"]) | ||
| assert.NotNil(t, decisionLog["input"]) | ||
| assert.NotNil(t, decisionLog["result"]) |
There was a problem hiding this comment.
given that you already know if the decision is allowed or denied you could verify if the decision is allowed and if the path is what you used for the testcase
There was a problem hiding this comment.
Checking test instance related data in s3 calls cause race conditions. Removed this for now
Signed-off-by: wisinghe <[email protected]>
Signed-off-by: wisinghe <[email protected]>
Signed-off-by: wisinghe <[email protected]>
Signed-off-by: wisinghe <[email protected]>
Signed-off-by: wisinghe <[email protected]>
# Conflicts: # go.mod # go.sum
3 participants
This PR introduces the
eopa_dlplugin (documentation) into the open policy agent instance running in skipper filter.eopa_dlplugin allows multiple types of outputs. AWS S3 is one of the allowed output types. If the running skipper instance has an already assumed role with correct permission to a S3 bucket, opa can use the same credentials to upload decision logs to the S3.The eopa_dl plugin configuration can be either provided by opaconfig.yaml or discovery
Old PR: #3739 (had to close due to messed up git history)