Comments (6)
Nope, my docker-compose files were using an older version. I submitted a pull-request to fix this for others who might experience the same. Thanks for your help @ashutosh-narkar!
from contrib.
@samdyzon Can you link to the example you are running ?
unsafe
means OPA can't assign a value to that variable in the rule body.
Here is a link to the Rego Language Reference.
from contrib.
Hey mate,
I'm just running the api_authz example from the OPA contrib repo. I'm running make up-token
without any modification and the container throws the errors shown in the initial message. The non-token example (make up
) works without issues.
I appreciate any assistance you can offer :)
from contrib.
Have you tried the HTTP API Authorization tutorial from the OPA website ? This is more up-to-date.
from contrib.
Yes, I have - the syntax in that tutorial is slightly different, but the result is the same - unsafe variables in the token decoding call.
from contrib.
I assume your docker compose file looks like below:
version: '2'
services:
opa:
image: openpolicyagent/opa:0.10.5
ports:
- 8181:8181
# WARNING: OPA is NOT running with an authorization policy configured. This
# means that clients can read and write policies in OPA. If you are
# deploying OPA in an insecure environment, be sure to configure
# authentication and authorization on the daemon. See the Security page for
# details: https://www.openpolicyagent.org/docs/security.html.
command:
- "run"
- "--server"
- "--log-level=debug"
api_server:
image: openpolicyagent/demo-restful-api:0.2
ports:
- 5000:5000
environment:
- OPA_ADDR=http://opa:8181
- POLICY_PATH=/v1/data/httpapi/authz
from contrib.
Related Issues (20)
- Migrate to GitHub Actions
- Kong-OPA Authz plugin does not send headers information to HOT 5
- Fix currently ignored build issues in two sub-modules
- Docker file for demo-kafka HOT 4
- Deal with new Kafka authorizer interface HOT 1
- Error when no JWT token provided
- information required HOT 4
- Add config API endpoint to Open API specs HOT 4
- Not able to verify NodeSelector Exists or not HOT 19
- Error on Apple M1: iptables v1.6.0: can't initialize iptables table `nat': iptables HOT 4
- Broken Elasticsearch Data Filtering Example HOT 2
- `pam_opa` build is failing in GH Actions
- `gatekeeper_mtail_violations_exporter` build is broken
- `k8s_authorization` build is broken
- Support `OTP` while using the `pam_opa` HOT 8
- Update spring_authz README to include some additional information HOT 1
- kong_api_authz build is broken
- kong_api_authz: Latest Rocks Build HOT 18
- contrib/data_filter_mongo example test case for employees/john example not working as advertised in README.md (returns empty)
- PAM module pam_sm_acct_mgmt call always returns success
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from contrib.