How to import "io.jwt.decode" in 'fregot repl ' ?

[hepmkj]

Hello, My policy depends on "io.jwt.decod" OPA builtins. I tried to debug the policy using "fregot repl" . While loading the policy file, it complains

unknown call:

    6|     [_, payload, _] := io.jwt.decode(token)
                              ^^^^^^^^^^^^^^^^^^^^

  Unknown call to io.jwt.decode

Is it possible to load the opa builtins before testing of policy starts ? There is no issue while testing the policy using "opa test".

[jaspervdj-luminal]

Hi @hepmkj, thanks for opening an issue, that's very helpful!

fregot is still experimental and does not support all of the builtin functions that opa has. I've mostly been adding the ones we use internally at Fugue. That said, I'm happy to add them when they're simple enough. There are a couple of jwt ones but I assume I can implement all of them fairly easily using an existing jwt library. I'll try to get these in this week somewhere.

[hepmkj]

Hi Jaspervdj, Thanks for your quick reply. If possible, please include following builtin functions: io.jwt json.marshal

[jaspervdj-luminal]

@hepmkj We uploaded fregot v0.10.0 which has io.jwt.decode among other things. It doesn't cover the entire space of key types yet, so please give it a try and let me know if there's other functions needed.

[hepmkj]

Thanks for your effort. It seems there is a compilation issue. I tried the source code from master branch as well as from "0.10.0" release page. Both the cases are giving similar error.

""" [mxj142:fregot-0.10.0]$ pwd /Users/mxj142/Work/Tutorials/OPA/fregot-0.10.0 [mxj142:fregot-0.10.0]$ ls CHANGELOG.md Makefile SECURITY.md fregot.cabal packages stack.yaml tests LICENSE README.md examples lib src stack.yaml.lock [mxj142:fregot-0.10.0]$ stack install Stack looks for packages in the directories configured in the 'packages' and 'extra-deps' fields defined in your stack.yaml The current entry points to /Users/mxj142/Work/Tutorials/OPA/fregot-0.10.0/packages/hs-jose/, but no .cabal or package.yaml file could be found there. [mxj142:fregot-0.10.0]$ ll packages/ hs-jose/ pcre-simple/ [mxj142:fregot-0.10.0]$ ll packages/hs-jose/ [mxj142:fregot-0.10.0]$ ls -ltr packages/hs-jose/ [mxj142:fregot-0.10.0]$

"""

[jaspervdj-luminal]

We added a git submodule -- try cloning the repository using:

git clone --recurse-submodules git@github.com:fugue/fregot.git

Alternatively, there's also binaries for Mac OS X and Linux available on the releases page.

[hepmkj]

I am getting following error while loading the test cases: """ Loading global/test_utils_test.rego... fregot (compile error): "global/test_utils_test.rego" (line 6, column 5): unknown variable:

6|     [_, payload, _] := io.jwt.decode(token)
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Undefined variable: payload

fregot (compile error): "global/test_utils_test.rego" (line 6, column 5): invalid unification:

6|     [_, payload, _] := io.jwt.decode(token)
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The := operator should not appear in this context, perhaps you meant to write ==?

fregot (compile error): "global/test_utils_test.rego" (line 15, column 5): unknown variable:

15|     [_, payload, _] := io.jwt.decode(token)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Undefined variable: payload

fregot (compile error): "global/test_utils_test.rego" (line 15, column 5): invalid unification:

15|     [_, payload, _] := io.jwt.decode(token)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The := operator should not appear in this context, perhaps you meant to write ==? datafabric.authz.testutils%

"""

[jaspervdj-luminal]

Thanks for reporting @hepmkj! This is really valuable. That seems like a separate issue, so I've created #195 to track this, and I'll keep this issue open until we've made sure we solved the io.jwt problem.

[jaspervdj-luminal]

@hepmkj Can you try to run again using current master? If it is easier for you to use a binary, let me know and I'll do a 0.10.1 release so you can try it out that way.

[hepmkj]

@jaspervdj-luminal Please build the binaries for mac. I cannot clone the repository outside the VPN .

[jaspervdj-luminal]

@hepmkj They are available here: https://github.com/fugue/fregot/releases/tag/v0.10.1

[hepmkj]

Thanks. The error is still there. I have also attached the files for reproducing the issue.
""" [mxj142:global]$ fregot repl F u g u e R E G O T o o l k i t fregot v0.10.0 repl - use :help for usage info repl% :load test_utils.rego Loading test_utils.rego... Loaded package datafabric.authz.testutils datafabric.authz.testutils% :load test_utils_test.rego Loading test_utils_test.rego... fregot (compile error): "test_utils_test.rego" (line 6, column 5): unknown variable:

6|     [_, payload, _] := io.jwt.decode(token)
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Undefined variable: payload

fregot (compile error): "test_utils_test.rego" (line 6, column 5): invalid unification:

6|     [_, payload, _] := io.jwt.decode(token)
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The := operator should not appear in this context, perhaps you meant to write ==?

fregot (compile error): "test_utils_test.rego" (line 15, column 5): unknown variable:

15|     [_, payload, _] := io.jwt.decode(token)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Undefined variable: payload

fregot (compile error): "test_utils_test.rego" (line 15, column 5): invalid unification:

15|     [_, payload, _] := io.jwt.decode(token)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The := operator should not appear in this context, perhaps you meant to write ==? datafabric.authz.testutils%

"""

files.zip

[jaspervdj-luminal]

@hepmkj Thanks for testing! There were some issues around base64 encoding. It should be fixed in fregot-v0.11.1 which you can find here.