search

opcr-io / policy

CLI for building OPA policies into OCI images
https://www.openpolicycontainers.com
Apache License 2.0
212 stars 12 forks source link

Improve error message when building from parent directory #152

Open ronenh opened 10 months ago

ronenh commented 10 months ago

Given a policy repo with the structure below, where the policy lives in content/src, running policy build . from the root of the repo results in the following error:

build failed: failed to build opa policy bundle: 3 errors occurred:
src/policies/rebac.check.rego:14: rego_type_error: undefined function ds.check_relation
src/policies/rebac.check_permission.rego:13: rego_type_error: undefined function ds.check_permission
src/policies/rebac.check_relation.rego:13: rego_type_error: undefined function ds.check_relation

The reason for the error is that the .manifest file isn't in the root, it's in content/src but the error message doesn't point users to the cause of the failure.

Repo structure:

.
├── README.md
└── content
    ├── .gitignore
    ├── README.md
    └── src
        ├── .manifest
        └── policies
glennblock commented 10 months ago

I just tested this a bit and if the .manifest is copied into content it works.

glennblock@Glenns-M2 src % cd ..
glennblock@Glenns-M2 content % ls
README.md   src
glennblock@Glenns-M2 content % policy build . -t glennblock/policy-rebac:1.0.0

Created new image.
digest: sha256:30e30695c1574faa3fdfa7226971252293e469d45d05c63df243dcdda6e6c282

I wonder if the solution here is to walk the tree to find the .manifest first and then use that as the path to run out of?