open-policy-agent / contrib

Integrations, examples, and proof-of-concepts that are not part of OPA proper.
http://www.openpolicyagent.org/
Apache License 2.0
327 stars 154 forks source link

kong_api_authz: Latest Rocks Build #214

Open STKarthikAbiram opened 1 year ago

STKarthikAbiram commented 1 year ago

Team,

The rocks file at https://luarocks.org/modules/wada-ama/kong-plugin-opa is from 3 years ago. Could anyone please let me know where I can get the latest rocks, which would include the fix #146 ?

Thanks!

anderseknert commented 1 year ago

Hi @STKarthikAbiram 👋 I don't think we ever published one from this repository. I'm afraid I know almost nothing about Lua or its ecosystem, but if you do and would like to help out, that'd be great :)

STKarthikAbiram commented 1 year ago

Lua is new for me as well.

The old repo mentions something about a CI pipeline but the repo is archived: https://github.com/wada-ama/kong-plugin-opa

Do we know any contributor from the previous repo?

anderseknert commented 1 year ago

I'm not sure, but I can ask around.

anderseknert commented 1 year ago

I learnt that Kong provides this if you're on an enterprise subscription: https://docs.konghq.com/hub/kong-inc/opa/

If you want to use the one provided here, you'll probably have to build it yourself. Or hope that someone with more Lua knowledge than us drops by :)

JesseEstum commented 1 year ago

I would also like an updated rock and was just looking into this today.

Steps I think we'll need in order to pull this off:

  1. Reuse github action from https://github.com/wada-ama/kong-plugin-opa/blob/master/.github/workflows/luarocks.yml in this repo.
  2. Transfer ownership of the existing rock from https://github.com/wada-ama to this project. Likely this will require an "owner" - perhaps @anderseknert can be the steward of that ownership? I believe you'll need to create an account here.
  3. To transfer the ownership, it looks like we need to open an issue here. There are examples of requesting ownership transfer: https://github.com/luarocks/luarocks/issues/1504
  4. Further luarocks technical details are here.
JesseEstum commented 1 year ago

I learnt that Kong provides this if you're on an enterprise subscription: https://docs.konghq.com/hub/kong-inc/opa/

If you want to use the one provided here, you'll probably have to build it yourself. Or hope that someone with more Lua knowledge than us drops by :)

This plugin appears to be entirely different than the source code seen here (as evidenced by different (OPA Input Structure)[https://docs.konghq.com/hub/kong-inc/opa/#opa-input-structure]). Also the Kong plugin is part of their enterprise offering - the plugin featured here is OSS and open to modification.

Each seem like a valid use case and I'd vote for maintaining the separate lineage of the plugin featured in this repo.

(And publishing updated rocks packages.)

anderseknert commented 1 year ago

Hi Jesse! Transfering ownership sounds like it might be more work than simply replicating that functionality here, and publish a new project to luarocks, or WDYT? If @wada-ama is around, he might have some thoughts on the matter to share.

JesseEstum commented 1 year ago

Tagging @jeremyjpj0916 - Do you have an opinion on this one or bandwidth to help fix up the luarocks package?

jeremyjpj0916 commented 1 year ago

Tried to do something quick and dirty for yah to play with but seems the way it references errors out:

# luarocks upload kong-plugin-opa2-0.1.1-2.rockspec --api-key=XXXXXXXXXXX
chmod: cannot access ‘/root/.luarocks/upload_config.lua’: No such file or directory
Sending kong-plugin-opa2-0.1.1-2.rockspec ...
Will create new module (kong-plugin-opa2)
Packing kong-plugin-opa2
Cloning into 'contrib'...
remote: Enumerating objects: 4582, done.
remote: Counting objects: 100% (400/400), done.
remote: Compressing objects: 100% (282/282), done.
remote: Total 4582 (delta 121), reused 309 (delta 83), pack-reused 4182
Receiving objects: 100% (4582/4582), 18.82 MiB | 3.93 MiB/s, done.
Resolving deltas: 100% (2247/2247), done.
  adding: kong-plugin-opa2-0.1.1-2.rockspec (deflated 55%)
  adding: contrib/ (stored 0%)
  adding: contrib/.github/ (stored 0%)
  adding: contrib/.github/dependabot.yml (deflated 17%)
  adding: contrib/.github/workflows/ (stored 0%)
  adding: contrib/.github/workflows/build.yaml (deflated 47%)
  adding: contrib/LICENSE (deflated 65%)
  adding: contrib/Makefile (deflated 31%)
  adding: contrib/README.md (deflated 56%)
  adding: contrib/api_authz/ (stored 0%)
  adding: contrib/api_authz/Makefile (deflated 50%)
  adding: contrib/api_authz/README.md (deflated 55%)
  adding: contrib/api_authz/docker/ (stored 0%)
  adding: contrib/api_authz/docker/Dockerfile (deflated 13%)
  adding: contrib/api_authz/docker/docker-compose.yaml (deflated 56%)
  adding: contrib/api_authz/docker/echo_server.py (deflated 55%)
  adding: contrib/api_authz/docker/policy/ (stored 0%)
  adding: contrib/api_authz/docker/policy/example-hr.rego (deflated 26%)
  adding: contrib/api_authz/docker/policy/example-jwt.rego (deflated 61%)
  adding: contrib/api_authz/docker/policy/example.rego (deflated 57%)
  adding: contrib/api_authz/docker/requirements.txt (stored 0%)
  adding: contrib/api_authz/tokens/ (stored 0%)
  adding: contrib/api_authz/tokens/alice_token.jwt (deflated 8%)
  adding: contrib/api_authz/tokens/alice_token.txt (deflated 31%)
  adding: contrib/api_authz/tokens/betty_token.jwt (deflated 10%)
  adding: contrib/api_authz/tokens/betty_token.txt (deflated 33%)
  adding: contrib/api_authz/tokens/bob_token.jwt (deflated 12%)
  adding: contrib/api_authz/tokens/bob_token.txt (deflated 33%)
  adding: contrib/api_authz/tokens/charlie_token.jwt (deflated 8%)
  adding: contrib/api_authz/tokens/charlie_token.txt (deflated 31%)
  adding: contrib/api_authz/tokens/david_token.jwt (deflated 9%)
  adding: contrib/api_authz/tokens/david_token.txt (deflated 31%)
  adding: contrib/build/ (stored 0%)
  adding: contrib/build/install-opa.sh (deflated 52%)
  adding: contrib/build/make-all.sh (deflated 42%)
  adding: contrib/cloud-foundry/ (stored 0%)
  adding: contrib/cloud-foundry/README.md (deflated 53%)
  adding: contrib/cloud-foundry/polices/ (stored 0%)
  adding: contrib/cloud-foundry/polices/cipher/ (stored 0%)
  adding: contrib/cloud-foundry/polices/cipher/cipher_test.rego (deflated 32%)
  adding: contrib/cloud-foundry/polices/pas/ (stored 0%)
  adding: contrib/cloud-foundry/polices/pas/cert/ (stored 0%)
  adding: contrib/cloud-foundry/polices/pas/cert/certificate.rego (deflated 65%)
  adding: contrib/cloud-foundry/polices/pas/cert/certificate_test.rego (deflated 68%)
  adding: contrib/cloud-foundry/polices/pas/cipher/ (stored 0%)
  adding: contrib/cloud-foundry/polices/pas/cipher/check_cipher.rego (deflated 39%)
  adding: contrib/cloud-foundry/polices/pas/cipher/cipher_test.rego (deflated 34%)
  adding: contrib/cloud-foundry/polices/pas/combine.rego (deflated 62%)
  adding: contrib/cloud-foundry/polices/pas/credhub-key/ (stored 0%)
  adding: contrib/cloud-foundry/polices/pas/credhub-key/credhub_key.rego (deflated 60%)
  adding: contrib/cloud-foundry/polices/pas/credhub-key/credhub_key_test.rego (deflated 51%)
  adding: contrib/cloud-foundry/polices/pas/diego/ (stored 0%)
  adding: contrib/cloud-foundry/polices/pas/diego/diego.rego (deflated 42%)
  adding: contrib/cloud-foundry/polices/pas/diego/diego_cell_test.rego (deflated 80%)
  adding: contrib/cloud-foundry/polices/pshelpers/ (stored 0%)
  adding: contrib/cloud-foundry/polices/pshelpers/compare_numbers.rego (deflated 34%)
  adding: contrib/cloud-foundry/polices/pshelpers/compare_numbers_test.rego (deflated 66%)
  adding: contrib/cloud-foundry/polices/pshelpers/object_matchers.rego (deflated 38%)
  adding: contrib/cloud-foundry/polices/pshelpers/object_matchers_test.rego (deflated 73%)
  adding: contrib/cobertura/ (stored 0%)
  adding: contrib/cobertura/README.md (deflated 62%)
  adding: contrib/cobertura/example/ (stored 0%)
  adding: contrib/cobertura/example/policy.rego (deflated 29%)
  adding: contrib/cobertura/example/policy_test.rego (deflated 4%)
  adding: contrib/cobertura/opa_coverage_to_cobertura.py (deflated 70%)
  adding: contrib/custom_bundle_signing/ (stored 0%)
  adding: contrib/custom_bundle_signing/.gitignore (deflated 11%)
  adding: contrib/custom_bundle_signing/.signatures.json.expected (deflated 18%)
  adding: contrib/custom_bundle_signing/Makefile (deflated 63%)
  adding: contrib/custom_bundle_signing/README.md (deflated 53%)
  adding: contrib/custom_bundle_signing/cmd/ (stored 0%)
  adding: contrib/custom_bundle_signing/cmd/opa/ (stored 0%)
  adding: contrib/custom_bundle_signing/cmd/opa/main.go (deflated 22%)
  adding: contrib/custom_bundle_signing/go.mod (deflated 41%)
  adding: contrib/custom_bundle_signing/go.sum (deflated 60%)
  adding: contrib/custom_bundle_signing/internal/ (stored 0%)
  adding: contrib/custom_bundle_signing/internal/signer.go (deflated 48%)
  adding: contrib/custom_bundle_signing/internal/verifier.go (deflated 56%)
  adding: contrib/custom_bundle_signing/internal/version.go (stored 0%)
  adding: contrib/custom_bundle_signing/policy/ (stored 0%)
  adding: contrib/custom_bundle_signing/policy/awesome.rego (deflated 26%)
  adding: contrib/custom_bundle_signing/setup/ (stored 0%)
  adding: contrib/custom_bundle_signing/setup/setup.go (deflated 53%)
  adding: contrib/dart_authz/ (stored 0%)
  adding: contrib/dart_authz/.gitignore (deflated 31%)
  adding: contrib/dart_authz/CHANGELOG.md (stored 0%)
  adding: contrib/dart_authz/Dockerfile (stored 0%)
  adding: contrib/dart_authz/LICENSE (deflated 65%)
  adding: contrib/dart_authz/Makefile (deflated 46%)
  adding: contrib/dart_authz/README.md (deflated 54%)
  adding: contrib/dart_authz/bin/ (stored 0%)
  adding: contrib/dart_authz/bin/server.dart (deflated 45%)
  adding: contrib/dart_authz/lib/ (stored 0%)
  adding: contrib/dart_authz/lib/opa_api_authz_dart.dart (deflated 59%)
  adding: contrib/dart_authz/lib/src/ (stored 0%)
  adding: contrib/dart_authz/lib/src/handlers.dart (deflated 75%)
  adding: contrib/dart_authz/lib/src/helpers.dart (deflated 31%)
  adding: contrib/dart_authz/lib/src/models/ (stored 0%)
  adding: contrib/dart_authz/lib/src/models/cars.dart (deflated 74%)
  adding: contrib/dart_authz/lib/src/models/input.dart (deflated 57%)
  adding: contrib/dart_authz/lib/src/models/mockdb.dart (deflated 68%)
  adding: contrib/dart_authz/lib/src/opa/ (stored 0%)
  adding: contrib/dart_authz/lib/src/opa/authorization.dart (deflated 42%)
  adding: contrib/dart_authz/lib/src/opa/policies.dart (deflated 50%)
  adding: contrib/dart_authz/logo.png (deflated 0%)
  adding: contrib/dart_authz/policies/ (stored 0%)
  adding: contrib/dart_authz/policies/example.rego (deflated 70%)
  adding: contrib/dart_authz/pubspec.yaml (deflated 44%)
  adding: contrib/data_filter_azure/ (stored 0%)
  adding: contrib/data_filter_azure/.gitignore (stored 0%)
  adding: contrib/data_filter_azure/Makefile (deflated 49%)
  adding: contrib/data_filter_azure/README.documentdb.md (deflated 61%)
  adding: contrib/data_filter_azure/README.tablestorage.md (deflated 62%)
  adding: contrib/data_filter_azure/data_filter_azure/ (stored 0%)
  adding: contrib/data_filter_azure/data_filter_azure/__init__.py (stored 0%)
  adding: contrib/data_filter_azure/data_filter_azure/config.py (deflated 51%)
  adding: contrib/data_filter_azure/data_filter_azure/documentdb_server.py (deflated 68%)
  adding: contrib/data_filter_azure/data_filter_azure/opa.py (deflated 71%)
  adding: contrib/data_filter_azure/data_filter_azure/sql.py (deflated 77%)
  adding: contrib/data_filter_azure/data_filter_azure/tablestorage_server.py (deflated 72%)
  adding: contrib/data_filter_azure/data_filter_azure/tablestorageaccount.py (deflated 68%)
  adding: contrib/data_filter_azure/example_documentdb.rego (deflated 81%)
  adding: contrib/data_filter_azure/example_tablestorage.rego (deflated 65%)
  adding: contrib/data_filter_azure/requirements.txt (deflated 14%)
  adding: contrib/data_filter_azure/setup.cfg (stored 0%)
  adding: contrib/data_filter_azure/setup.py (deflated 23%)
  adding: contrib/data_filter_elasticsearch/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/.gitignore (stored 0%)
  adding: contrib/data_filter_elasticsearch/Makefile (deflated 55%)
  adding: contrib/data_filter_elasticsearch/README.md (deflated 56%)
  adding: contrib/data_filter_elasticsearch/build/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/build/check-fmt.sh (deflated 41%)
  adding: contrib/data_filter_elasticsearch/build/check-lint.sh (deflated 34%)
  adding: contrib/data_filter_elasticsearch/build/check-vet.sh (deflated 35%)
  adding: contrib/data_filter_elasticsearch/build/utils.sh (deflated 51%)
  adding: contrib/data_filter_elasticsearch/cmd/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/cmd/opa-es-filtering/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/cmd/opa-es-filtering/main.go (deflated 68%)
  adding: contrib/data_filter_elasticsearch/example-conditions.rego (deflated 73%)
  adding: contrib/data_filter_elasticsearch/go.mod (deflated 67%)
  adding: contrib/data_filter_elasticsearch/go.sum (deflated 63%)
  adding: contrib/data_filter_elasticsearch/internal/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/internal/api/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/internal/api/api.go (deflated 64%)
  adding: contrib/data_filter_elasticsearch/internal/es/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/internal/es/es.go (deflated 72%)
  adding: contrib/data_filter_elasticsearch/internal/opa/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/internal/opa/opa.go (deflated 67%)
  adding: contrib/data_filter_elasticsearch/internal/opa/opa_test.go (deflated 88%)
  adding: contrib/data_filter_elasticsearch/internal/version/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/internal/version/version.go (deflated 29%)
  adding: contrib/data_filter_elasticsearch/opa-conf.yaml (deflated 31%)
  adding: contrib/data_filter_elasticsearch/policy/ (stored 0%)
  adding: contrib/data_filter_elasticsearch/policy/example.rego (deflated 79%)
  adding: contrib/data_filter_example/ (stored 0%)
  adding: contrib/data_filter_example/.gitignore (stored 0%)
  adding: contrib/data_filter_example/Makefile (deflated 48%)
  adding: contrib/data_filter_example/README.md (deflated 46%)
  adding: contrib/data_filter_example/data_filter_example/ (stored 0%)
  adding: contrib/data_filter_example/data_filter_example/__init__.py (stored 0%)
  adding: contrib/data_filter_example/data_filter_example/opa.py (deflated 69%)
  adding: contrib/data_filter_example/data_filter_example/server.py (deflated 63%)
  adding: contrib/data_filter_example/data_filter_example/sql.py (deflated 76%)
  adding: contrib/data_filter_example/data_filter_example/static/ (stored 0%)
  adding: contrib/data_filter_example/data_filter_example/static/logo.png (deflated 6%)
  adding: contrib/data_filter_example/data_filter_example/templates/ (stored 0%)
  adding: contrib/data_filter_example/data_filter_example/templates/index.html (deflated 64%)
  adding: contrib/data_filter_example/example.rego (deflated 64%)
  adding: contrib/data_filter_example/requirements.txt (deflated 13%)
  adding: contrib/data_filter_example/setup.cfg (stored 0%)
  adding: contrib/data_filter_example/setup.py (deflated 24%)
  adding: contrib/data_filter_example/tests/ (stored 0%)
  adding: contrib/data_filter_example/tests/test_opa.py (deflated 84%)
  adding: contrib/data_filter_mongodb/ (stored 0%)
  adding: contrib/data_filter_mongodb/Dockerfile (deflated 24%)
  adding: contrib/data_filter_mongodb/LICENSE (deflated 65%)
  adding: contrib/data_filter_mongodb/Makefile (deflated 57%)
  adding: contrib/data_filter_mongodb/README.md (deflated 67%)
  adding: contrib/data_filter_mongodb/bin/ (stored 0%)
  adding: contrib/data_filter_mongodb/bin/opa-mongo (deflated 52%)
  adding: contrib/data_filter_mongodb/cmd/ (stored 0%)
  adding: contrib/data_filter_mongodb/cmd/root.go (deflated 40%)
  adding: contrib/data_filter_mongodb/cmd/run.go (deflated 58%)
  adding: contrib/data_filter_mongodb/config.yaml (deflated 15%)
  adding: contrib/data_filter_mongodb/example.rego (deflated 65%)
  adding: contrib/data_filter_mongodb/go.mod (deflated 39%)
  adding: contrib/data_filter_mongodb/go.sum (deflated 65%)
  adding: contrib/data_filter_mongodb/internal/ (stored 0%)
  adding: contrib/data_filter_mongodb/internal/mongo/ (stored 0%)
  adding: contrib/data_filter_mongodb/internal/mongo/mongo.go (deflated 74%)
  adding: contrib/data_filter_mongodb/internal/mongo/mongo_mock.go (deflated 61%)
  adding: contrib/data_filter_mongodb/internal/mongo/mongo_test.go (deflated 53%)
  adding: contrib/data_filter_mongodb/internal/mongo/test-data.go (deflated 67%)
  adding: contrib/data_filter_mongodb/internal/opa/ (stored 0%)
  adding: contrib/data_filter_mongodb/internal/opa/opa.go (deflated 68%)
  adding: contrib/data_filter_mongodb/internal/opa/opa_test.go (deflated 64%)
  adding: contrib/data_filter_mongodb/internal/opa/run.go (deflated 61%)
  adding: contrib/data_filter_mongodb/k8s/ (stored 0%)
  adding: contrib/data_filter_mongodb/k8s/opa-mongo.yaml (deflated 70%)
  adding: contrib/data_filter_mongodb/main.go (deflated 9%)
  adding: contrib/decision_logger_plugin_example/ (stored 0%)
  adding: contrib/decision_logger_plugin_example/.gitignore (stored 0%)
  adding: contrib/decision_logger_plugin_example/README.md (deflated 54%)
  adding: contrib/decision_logger_plugin_example/config.yaml (deflated 36%)
  adding: contrib/decision_logger_plugin_example/main.go (deflated 59%)
  adding: contrib/envoy_iptables/ (stored 0%)
  adding: contrib/envoy_iptables/Dockerfile (deflated 28%)
  adding: contrib/envoy_iptables/Makefile (deflated 53%)
  adding: contrib/envoy_iptables/README.md (deflated 40%)
  adding: contrib/envoy_iptables/proxy_init.sh (deflated 68%)
  adding: contrib/gatekeeper_mtail_violations_exporter/ (stored 0%)
  adding: contrib/gatekeeper_mtail_violations_exporter/Dockerfile (deflated 42%)
  adding: contrib/gatekeeper_mtail_violations_exporter/Makefile (deflated 43%)
  adding: contrib/gatekeeper_mtail_violations_exporter/README.md (deflated 52%)
  adding: contrib/gatekeeper_mtail_violations_exporter/gatekeeper.mtail (deflated 63%)
  adding: contrib/gatekeeper_mtail_violations_exporter/kustomization.yaml (deflated 45%)
  adding: contrib/gatekeeper_mtail_violations_exporter/mtail_service.yaml (deflated 42%)
  adding: contrib/gatekeeper_mtail_violations_exporter/mtail_sidecar_patch.yaml (deflated 63%)
  adding: contrib/grafana-dashboard/ (stored 0%)
  adding: contrib/grafana-dashboard/README.md (deflated 44%)
  adding: contrib/grafana-dashboard/dashboard.json (deflated 94%)
  adding: contrib/grafana-dashboard/images/ (stored 0%)
  adding: contrib/grafana-dashboard/images/dashboard-image-1.png (deflated 11%)
  adding: contrib/grafana-dashboard/images/dashboard-image-2.png (deflated 13%)
  adding: contrib/grafana-dashboard/images/dashboard-image-3.png (deflated 21%)
  adding: contrib/grafana-dashboard/images/dashboard-image-4.png (deflated 20%)
  adding: contrib/grafana-dashboard/images/dashboard-image-5.png (deflated 20%)
  adding: contrib/image_enforcer/ (stored 0%)
  adding: contrib/image_enforcer/.gitignore (stored 0%)
  adding: contrib/image_enforcer/Dockerfile.run (deflated 26%)
  adding: contrib/image_enforcer/Makefile (deflated 41%)
  adding: contrib/image_enforcer/README.md (deflated 61%)
  adding: contrib/image_enforcer/clair/ (stored 0%)
  adding: contrib/image_enforcer/clair/clair.go (deflated 60%)
  adding: contrib/image_enforcer/data/ (stored 0%)
  adding: contrib/image_enforcer/data/clair/ (stored 0%)
  adding: contrib/image_enforcer/data/clair/clair.json (deflated 85%)
  adding: contrib/image_enforcer/data/docker/ (stored 0%)
  adding: contrib/image_enforcer/data/docker/docker.json (deflated 83%)
  adding: contrib/image_enforcer/docker/ (stored 0%)
  adding: contrib/image_enforcer/docker/docker.go (deflated 67%)
  adding: contrib/image_enforcer/main.go (deflated 66%)
  adding: contrib/image_enforcer/manifests/ (stored 0%)
  adding: contrib/image_enforcer/manifests/deployment.yaml (deflated 61%)
  adding: contrib/image_enforcer/manifests/service.yaml (deflated 32%)
  adding: contrib/image_enforcer/opa/ (stored 0%)
  adding: contrib/image_enforcer/opa/opa.go (deflated 53%)
  adding: contrib/image_enforcer/policies/ (stored 0%)
  adding: contrib/image_enforcer/policies/default.rego (deflated 42%)
  adding: contrib/image_enforcer/policies/mock/ (stored 0%)
  adding: contrib/image_enforcer/policies/mock/input.rego (deflated 65%)
  adding: contrib/image_enforcer/policies/scan.rego (deflated 50%)
  adding: contrib/junit/ (stored 0%)
  adding: contrib/junit/README.md (deflated 49%)
  adding: contrib/junit/opa_test_to_junit.py (deflated 69%)
  adding: contrib/k8s_api_client/ (stored 0%)
  adding: contrib/k8s_api_client/README.md (deflated 62%)
  adding: contrib/k8s_api_client/kind-config.yaml (deflated 32%)
  adding: contrib/k8s_api_client/kustomization.yaml (deflated 47%)
  adding: contrib/k8s_api_client/policy/ (stored 0%)
  adding: contrib/k8s_api_client/policy/api_client.rego (deflated 67%)
  adding: contrib/k8s_api_client/resources/ (stored 0%)
  adding: contrib/k8s_api_client/resources/deployment.yaml (deflated 66%)
  adding: contrib/k8s_api_client/resources/ingress.yaml (deflated 45%)
  adding: contrib/k8s_api_client/resources/rbac.yaml (deflated 66%)
  adding: contrib/k8s_api_client/resources/secret.yaml (deflated 43%)
  adding: contrib/k8s_api_client/resources/service.yaml (deflated 32%)
  adding: contrib/k8s_api_client/resources/serviceaccount.yaml (deflated 20%)
  adding: contrib/k8s_api_client/setup.sh (deflated 40%)
  adding: contrib/k8s_api_client/test.sh (deflated 70%)
  adding: contrib/k8s_authorization/ (stored 0%)
  adding: contrib/k8s_authorization/Makefile (deflated 35%)
  adding: contrib/k8s_authorization/README.md (deflated 54%)
  adding: contrib/k8s_authorization/api-server/ (stored 0%)
  adding: contrib/k8s_authorization/api-server/authz-webhook.yaml (deflated 43%)
  adding: contrib/k8s_authorization/config/ (stored 0%)
  adding: contrib/k8s_authorization/config/kind-conf.yaml (deflated 50%)
  adding: contrib/k8s_authorization/kubernetes/ (stored 0%)
  adding: contrib/k8s_authorization/kubernetes/resources.yaml (deflated 68%)
  adding: contrib/k8s_authorization/kustomization.yaml (deflated 22%)
  adding: contrib/k8s_authorization/policy/ (stored 0%)
  adding: contrib/k8s_authorization/policy/policy.rego (deflated 51%)
  adding: contrib/k8s_authorization/setup.sh (deflated 28%)
  adding: contrib/k8s_authorization/test.sh (deflated 60%)
  adding: contrib/k8s_node_selector/ (stored 0%)
  adding: contrib/k8s_node_selector/.devcontainer/ (stored 0%)
  adding: contrib/k8s_node_selector/.devcontainer/Dockerfile (deflated 56%)
  adding: contrib/k8s_node_selector/.devcontainer/devcontainer.json (deflated 50%)
  adding: contrib/k8s_node_selector/Makefile (deflated 62%)
  adding: contrib/k8s_node_selector/README.MD (deflated 57%)
  adding: contrib/k8s_node_selector/authz.rego (deflated 40%)
  adding: contrib/k8s_node_selector/data_input.rego (deflated 83%)
  adding: contrib/k8s_node_selector/integration/ (stored 0%)
  adding: contrib/k8s_node_selector/integration/deploy/ (stored 0%)
  adding: contrib/k8s_node_selector/integration/deploy/.gitignore (deflated 17%)
  adding: contrib/k8s_node_selector/integration/deploy/admission-controller.yaml (deflated 69%)
  adding: contrib/k8s_node_selector/integration/deploy/deploy.sh (deflated 54%)
  adding: contrib/k8s_node_selector/integration/test/ (stored 0%)
  adding: contrib/k8s_node_selector/integration/test/int_test.py (deflated 76%)
  adding: contrib/k8s_node_selector/main.rego (deflated 59%)
  adding: contrib/k8s_node_selector/requirements.txt (deflated 11%)
  adding: contrib/k8s_node_selector/test_node_selector.rego (deflated 72%)
  adding: contrib/k8s_node_selector/testdata/ (stored 0%)
  adding: contrib/k8s_node_selector/testdata/pod.yaml (deflated 26%)
  adding: contrib/k8s_node_selector/testdata/sample-request.json (deflated 74%)
  adding: contrib/kafka_authorizer/ (stored 0%)
  adding: contrib/kafka_authorizer/.editorconfig (deflated 51%)
  adding: contrib/kafka_authorizer/.gitignore (deflated 22%)
  adding: contrib/kafka_authorizer/Dockerfile.in (deflated 57%)
  adding: contrib/kafka_authorizer/Makefile (deflated 47%)
  adding: contrib/kafka_authorizer/README.md (deflated 56%)
  adding: contrib/kafka_authorizer/docker-compose.yml (deflated 55%)
  adding: contrib/kafka_authorizer/input.json (deflated 52%)
  adding: contrib/kafka_authorizer/pom.xml (deflated 72%)
  adding: contrib/kafka_authorizer/scripts/ (stored 0%)
  adding: contrib/kafka_authorizer/scripts/build.sh (deflated 9%)
  adding: contrib/kafka_authorizer/scripts/gen-secrets.sh (deflated 64%)
  adding: contrib/kafka_authorizer/scripts/get-version.sh (deflated 22%)
  adding: contrib/kafka_authorizer/secrets/ (stored 0%)
  adding: contrib/kafka_authorizer/secrets/anon_consumer-ca1-signed.crt (deflated 25%)
  adding: contrib/kafka_authorizer/secrets/anon_consumer.csr (deflated 24%)
  adding: contrib/kafka_authorizer/secrets/anon_consumer.ssl.config (deflated 57%)
  adding: contrib/kafka_authorizer/secrets/anon_consumer_keystore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/anon_consumer_sslkey_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/anon_consumer_truststore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/anon_producer-ca1-signed.crt (deflated 25%)
  adding: contrib/kafka_authorizer/secrets/anon_producer.csr (deflated 23%)
  adding: contrib/kafka_authorizer/secrets/anon_producer.ssl.config (deflated 57%)
  adding: contrib/kafka_authorizer/secrets/anon_producer_keystore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/anon_producer_sslkey_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/anon_producer_truststore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/broker-ca1-signed.crt (deflated 25%)
  adding: contrib/kafka_authorizer/secrets/broker.csr (deflated 24%)
  adding: contrib/kafka_authorizer/secrets/broker.ssl.config (deflated 57%)
  adding: contrib/kafka_authorizer/secrets/broker_keystore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/broker_sslkey_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/broker_truststore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/fanout_producer-ca1-signed.crt (deflated 25%)
  adding: contrib/kafka_authorizer/secrets/fanout_producer.csr (deflated 24%)
  adding: contrib/kafka_authorizer/secrets/fanout_producer.ssl.config (deflated 57%)
  adding: contrib/kafka_authorizer/secrets/fanout_producer_keystore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/fanout_producer_sslkey_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/fanout_producer_truststore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/kafka.anon_consumer.keystore.jks (deflated 30%)
  adding: contrib/kafka_authorizer/secrets/kafka.anon_consumer.truststore.jks (deflated 14%)
  adding: contrib/kafka_authorizer/secrets/kafka.anon_producer.keystore.jks (deflated 31%)
  adding: contrib/kafka_authorizer/secrets/kafka.anon_producer.truststore.jks (deflated 14%)
  adding: contrib/kafka_authorizer/secrets/kafka.broker.keystore.jks (deflated 30%)
  adding: contrib/kafka_authorizer/secrets/kafka.broker.truststore.jks (deflated 14%)
  adding: contrib/kafka_authorizer/secrets/kafka.fanout_producer.keystore.jks (deflated 30%)
  adding: contrib/kafka_authorizer/secrets/kafka.fanout_producer.truststore.jks (deflated 14%)
  adding: contrib/kafka_authorizer/secrets/kafka.pii_consumer.keystore.jks (deflated 30%)
  adding: contrib/kafka_authorizer/secrets/kafka.pii_consumer.truststore.jks (deflated 14%)
  adding: contrib/kafka_authorizer/secrets/pii_consumer-ca1-signed.crt (deflated 25%)
  adding: contrib/kafka_authorizer/secrets/pii_consumer.csr (deflated 23%)
  adding: contrib/kafka_authorizer/secrets/pii_consumer.ssl.config (deflated 57%)
  adding: contrib/kafka_authorizer/secrets/pii_consumer_keystore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/pii_consumer_sslkey_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/pii_consumer_truststore_creds (stored 0%)
  adding: contrib/kafka_authorizer/secrets/snakeoil-ca-1.crt (deflated 25%)
  adding: contrib/kafka_authorizer/secrets/snakeoil-ca-1.key (deflated 24%)
  adding: contrib/kafka_authorizer/secrets/snakeoil-ca-1.srl (stored 0%)
  adding: contrib/kafka_authorizer/src/ (stored 0%)
  adding: contrib/kafka_authorizer/src/main/ (stored 0%)
  adding: contrib/kafka_authorizer/src/main/assembly/ (stored 0%)
  adding: contrib/kafka_authorizer/src/main/assembly/package.xml (deflated 66%)
  adding: contrib/kafka_authorizer/src/main/java/ (stored 0%)
  adding: contrib/kafka_authorizer/src/main/java/com/ (stored 0%)
  adding: contrib/kafka_authorizer/src/main/java/com/lbg/ (stored 0%)
  adding: contrib/kafka_authorizer/src/main/java/com/lbg/kafka/ (stored 0%)
  adding: contrib/kafka_authorizer/src/main/java/com/lbg/kafka/opa/ (stored 0%)
  adding: contrib/kafka_authorizer/src/main/java/com/lbg/kafka/opa/OpaAuthorizer.java (deflated 70%)
  adding: contrib/kafka_authorizer/src/main/resources/ (stored 0%)
  adding: contrib/kafka_authorizer/src/main/resources/log4j.properties (deflated 43%)
  adding: contrib/kafka_authorizer/src/test/ (stored 0%)
  adding: contrib/kafka_authorizer/src/test/resources/ (stored 0%)
  adding: contrib/kafka_authorizer/src/test/resources/kafka_authz.rego (deflated 68%)
  adding: contrib/kong_api_authz/ (stored 0%)
  adding: contrib/kong_api_authz/.busted (deflated 37%)
  adding: contrib/kong_api_authz/.devcontainer/ (stored 0%)
  adding: contrib/kong_api_authz/.devcontainer/Dockerfile (deflated 52%)
  adding: contrib/kong_api_authz/.devcontainer/devcontainer.json (deflated 34%)
  adding: contrib/kong_api_authz/.devcontainer/entrypoint.sh (deflated 50%)
  adding: contrib/kong_api_authz/.dockerignore (deflated 7%)
  adding: contrib/kong_api_authz/.editorconfig (deflated 42%)
  adding: contrib/kong_api_authz/.gitignore (deflated 38%)
  adding: contrib/kong_api_authz/.luacheckrc (deflated 40%)
  adding: contrib/kong_api_authz/.luacov (deflated 57%)
  adding: contrib/kong_api_authz/Dockerfile (deflated 48%)
  adding: contrib/kong_api_authz/LICENSE (deflated 65%)
  adding: contrib/kong_api_authz/Makefile (deflated 66%)
  adding: contrib/kong_api_authz/README.md (deflated 64%)
  adding: contrib/kong_api_authz/doc/ (stored 0%)
  adding: contrib/kong_api_authz/doc/basic-sequence-diagram.png (deflated 13%)
  adding: contrib/kong_api_authz/doc/basic-sequence-diagram.txt (deflated 57%)
  adding: contrib/kong_api_authz/integration/ (stored 0%)
  adding: contrib/kong_api_authz/integration/docker-compose.test.yml (deflated 55%)
  adding: contrib/kong_api_authz/integration/docker-compose.yml (deflated 58%)
  adding: contrib/kong_api_authz/integration/testdata/ (stored 0%)
  adding: contrib/kong_api_authz/integration/testdata/kong-test.yml (deflated 57%)
  adding: contrib/kong_api_authz/integration/testdata/opa/ (stored 0%)
  adding: contrib/kong_api_authz/integration/testdata/opa/bundle/ (stored 0%)
  adding: contrib/kong_api_authz/integration/testdata/opa/bundle/httpapi/ (stored 0%)
  adding: contrib/kong_api_authz/integration/testdata/opa/bundle/httpapi/authz/ (stored 0%)
  adding: contrib/kong_api_authz/integration/testdata/opa/bundle/httpapi/authz/policy.rego (deflated 28%)
  adding: contrib/kong_api_authz/integration/testdata/postman/ (stored 0%)
  adding: contrib/kong_api_authz/integration/testdata/postman/docker.postman_environment.json (deflated 62%)
  adding: contrib/kong_api_authz/integration/testdata/postman/kong-plugin-opa.integration_tests.postman_collection.json (deflated 86%)
  adding: contrib/kong_api_authz/integration/testdata/postman/wait-for-services.sh (deflated 61%)
  adding: contrib/kong_api_authz/integration/toxiproxy.json (deflated 27%)
  adding: contrib/kong_api_authz/kong-plugin-opa-0.1.1-2.rockspec (deflated 59%)
  adding: contrib/kong_api_authz/spec/ (stored 0%)
  adding: contrib/kong_api_authz/spec/__mocks__/ (stored 0%)
  adding: contrib/kong_api_authz/spec/__mocks__/resty/ (stored 0%)
  adding: contrib/kong_api_authz/spec/__mocks__/resty/http.lua (deflated 60%)
  adding: contrib/kong_api_authz/spec/__mocks__/resty/jwt.lua (deflated 37%)
  adding: contrib/kong_api_authz/spec/kong/ (stored 0%)
  adding: contrib/kong_api_authz/spec/kong/plugins/ (stored 0%)
  adding: contrib/kong_api_authz/spec/kong/plugins/opa/ (stored 0%)
  adding: contrib/kong_api_authz/spec/kong/plugins/opa/access_spec.lua (deflated 63%)
  adding: contrib/kong_api_authz/spec/kong/plugins/opa/helpers_spec.lua (deflated 82%)
  adding: contrib/kong_api_authz/src/ (stored 0%)
  adding: contrib/kong_api_authz/src/kong/ (stored 0%)
  adding: contrib/kong_api_authz/src/kong/plugins/ (stored 0%)
  adding: contrib/kong_api_authz/src/kong/plugins/opa/ (stored 0%)
  adding: contrib/kong_api_authz/src/kong/plugins/opa/access.lua (deflated 60%)
  adding: contrib/kong_api_authz/src/kong/plugins/opa/handler.lua (deflated 41%)
  adding: contrib/kong_api_authz/src/kong/plugins/opa/helpers.lua (deflated 52%)
  adding: contrib/kong_api_authz/src/kong/plugins/opa/schema.lua (deflated 83%)
  adding: contrib/linkerd_authz/ (stored 0%)
  adding: contrib/linkerd_authz/.gitignore (stored 0%)
  adding: contrib/linkerd_authz/README.md (deflated 55%)
  adding: contrib/linkerd_authz/build.sbt (deflated 53%)
  adding: contrib/linkerd_authz/project/ (stored 0%)
  adding: contrib/linkerd_authz/project/plugins.sbt (deflated 10%)
  adding: contrib/linkerd_authz/sbt (deflated 53%)
  adding: contrib/linkerd_authz/src/ (stored 0%)
  adding: contrib/linkerd_authz/src/main/ (stored 0%)
  adding: contrib/linkerd_authz/src/main/resources/ (stored 0%)
  adding: contrib/linkerd_authz/src/main/resources/META-INF/ (stored 0%)
  adding: contrib/linkerd_authz/src/main/resources/META-INF/services/ (stored 0%)
  adding: contrib/linkerd_authz/src/main/resources/META-INF/services/io.buoyant.linkerd.IdentifierInitializer (stored 0%)
  adding: contrib/linkerd_authz/src/main/scala/ (stored 0%)
  adding: contrib/linkerd_authz/src/main/scala/org/ (stored 0%)
  adding: contrib/linkerd_authz/src/main/scala/org/openpolicyagent/ (stored 0%)
  adding: contrib/linkerd_authz/src/main/scala/org/openpolicyagent/linkerd/ (stored 0%)
  adding: contrib/linkerd_authz/src/main/scala/org/openpolicyagent/linkerd/identifier.scala (deflated 66%)
  adding: contrib/opa-iptables/ (stored 0%)
  adding: contrib/opa-iptables/Dockerfile (deflated 23%)
  adding: contrib/opa-iptables/LICENSE (deflated 65%)
  adding: contrib/opa-iptables/Makefile (deflated 55%)
  adding: contrib/opa-iptables/README.md (deflated 61%)
  adding: contrib/opa-iptables/build/ (stored 0%)
  adding: contrib/opa-iptables/build/get-build-commit.sh (deflated 19%)
  adding: contrib/opa-iptables/docs/ (stored 0%)
  adding: contrib/opa-iptables/docs/IPTables.md (deflated 64%)
  adding: contrib/opa-iptables/docs/converter.md (deflated 60%)
  adding: contrib/opa-iptables/docs/img/ (stored 0%)
  adding: contrib/opa-iptables/docs/img/tutorial1.topology.001.jpeg (deflated 34%)
  adding: contrib/opa-iptables/docs/opa-iptables-example/ (stored 0%)
  adding: contrib/opa-iptables/docs/opa-iptables-example/Dockerfile (deflated 33%)
  adding: contrib/opa-iptables/docs/opa-iptables-example/main.go (deflated 40%)
  adding: contrib/opa-iptables/docs/tutorial.md (deflated 65%)
  adding: contrib/opa-iptables/go.mod (deflated 36%)
  adding: contrib/opa-iptables/go.sum (deflated 45%)
  adding: contrib/opa-iptables/help.go (deflated 63%)
  adding: contrib/opa-iptables/main.go (deflated 56%)
  adding: contrib/opa-iptables/pkg/ (stored 0%)
  adding: contrib/opa-iptables/pkg/command/ (stored 0%)
  adding: contrib/opa-iptables/pkg/command/command.go (deflated 63%)
  adding: contrib/opa-iptables/pkg/controller/ (stored 0%)
  adding: contrib/opa-iptables/pkg/controller/controller.go (deflated 64%)
  adding: contrib/opa-iptables/pkg/controller/handlers.go (deflated 74%)
  adding: contrib/opa-iptables/pkg/controller/opa.go (deflated 61%)
  adding: contrib/opa-iptables/pkg/controller/operation.go (deflated 68%)
  adding: contrib/opa-iptables/pkg/controller/types.go (deflated 56%)
  adding: contrib/opa-iptables/pkg/controller/watcher.go (deflated 64%)
  adding: contrib/opa-iptables/pkg/converter/ (stored 0%)
  adding: contrib/opa-iptables/pkg/converter/converter.go (deflated 62%)
  adding: contrib/opa-iptables/pkg/converter/converter_test.go (deflated 52%)
  adding: contrib/opa-iptables/pkg/flag/ (stored 0%)
  adding: contrib/opa-iptables/pkg/flag/flag.go (deflated 68%)
  adding: contrib/opa-iptables/pkg/flag/flag_test.go (deflated 53%)
  adding: contrib/opa-iptables/pkg/iptables/ (stored 0%)
  adding: contrib/opa-iptables/pkg/iptables/rule.go (deflated 71%)
  adding: contrib/opa-iptables/pkg/iptables/rule_test.go (deflated 81%)
  adding: contrib/opa-iptables/pkg/iptables/ruleset.go (deflated 48%)
  adding: contrib/opa-iptables/pkg/logging/ (stored 0%)
  adding: contrib/opa-iptables/pkg/logging/logger.go (deflated 53%)
  adding: contrib/opa-iptables/pkg/opa/ (stored 0%)
  adding: contrib/opa-iptables/pkg/opa/opa.go (deflated 67%)
  adding: contrib/opa-iptables/pkg/version/ (stored 0%)
  adding: contrib/opa-iptables/pkg/version/version.go (deflated 27%)
  adding: contrib/opa_fig_autocomplete/ (stored 0%)
  adding: contrib/opa_fig_autocomplete/README.md (deflated 50%)
  adding: contrib/opa_fig_autocomplete/go.mod (deflated 70%)
  adding: contrib/opa_fig_autocomplete/go.sum (deflated 65%)
  adding: contrib/opa_fig_autocomplete/main.go (deflated 27%)
  adding: contrib/open_api/ (stored 0%)
  adding: contrib/open_api/README.md (deflated 38%)
  adding: contrib/open_api/favicon-16x16.png (stored 0%)
  adding: contrib/open_api/favicon-32x32.png (stored 0%)
  adding: contrib/open_api/index.html (deflated 43%)
  adding: contrib/open_api/management-swagger-ui.html (deflated 53%)
  adding: contrib/open_api/management.html (deflated 44%)
  adding: contrib/open_api/management.yaml (deflated 70%)
  adding: contrib/open_api/openapi.yaml (deflated 82%)
  adding: contrib/open_api/screenshot.png (deflated 17%)
  adding: contrib/open_api/swagger-ui-bundle.js (deflated 70%)
  adding: contrib/open_api/swagger-ui-bundle.js.map (deflated 73%)
  adding: contrib/open_api/swagger-ui-es-bundle-core.js (deflated 71%)
  adding: contrib/open_api/swagger-ui-es-bundle-core.js.map (deflated 73%)
  adding: contrib/open_api/swagger-ui-es-bundle.js (deflated 70%)
  adding: contrib/open_api/swagger-ui-es-bundle.js.map (deflated 73%)
  adding: contrib/open_api/swagger-ui-standalone-preset.js (deflated 69%)
  adding: contrib/open_api/swagger-ui-standalone-preset.js.map (deflated 73%)
  adding: contrib/open_api/swagger-ui.css (deflated 84%)
  adding: contrib/open_api/swagger-ui.css.map (deflated 78%)
  adding: contrib/open_api/swagger-ui.html (deflated 52%)
  adding: contrib/open_api/swagger-ui.js (deflated 71%)
  adding: contrib/open_api/swagger-ui.js.map (deflated 73%)
  adding: contrib/pam_opa/ (stored 0%)
  adding: contrib/pam_opa/Makefile (deflated 57%)
  adding: contrib/pam_opa/README.md (deflated 51%)
  adding: contrib/pam_opa/docker/ (stored 0%)
  adding: contrib/pam_opa/docker/create_user.sh (deflated 51%)
  adding: contrib/pam_opa/docker/docker-compose.yaml (deflated 68%)
  adding: contrib/pam_opa/docker/etc/ (stored 0%)
  adding: contrib/pam_opa/docker/etc/backend_host_id (stored 0%)
  adding: contrib/pam_opa/docker/etc/frontend_host_id (stored 0%)
  adding: contrib/pam_opa/docker/etc/pam.d/ (stored 0%)
  adding: contrib/pam_opa/docker/etc/pam.d/sshd (deflated 56%)
  adding: contrib/pam_opa/docker/etc/pam.d/sudo (deflated 42%)
  adding: contrib/pam_opa/docker/etc/sshd_config (deflated 26%)
  adding: contrib/pam_opa/docker/keys/ (stored 0%)
  adding: contrib/pam_opa/docker/keys/id_rsa (deflated 23%)
  adding: contrib/pam_opa/docker/keys/id_rsa.pub (deflated 17%)
  adding: contrib/pam_opa/docker/pam-builder.dockerfile (deflated 54%)
  adding: contrib/pam_opa/docker/policy/ (stored 0%)
  adding: contrib/pam_opa/docker/policy/contributors.json (deflated 49%)
  adding: contrib/pam_opa/docker/policy/display.rego (deflated 48%)
  adding: contrib/pam_opa/docker/policy/pull.rego (deflated 28%)
  adding: contrib/pam_opa/docker/policy/sshd_authz.rego (deflated 45%)
  adding: contrib/pam_opa/docker/policy/sudo_authz.rego (deflated 45%)
  adding: contrib/pam_opa/docker/policy/users.json (deflated 28%)
  adding: contrib/pam_opa/docker/run.dockerfile (deflated 49%)
  adding: contrib/pam_opa/pam/ (stored 0%)
  adding: contrib/pam_opa/pam/.gitignore (deflated 19%)
  adding: contrib/pam_opa/pam/LICENSE (deflated 64%)
  adding: contrib/pam_opa/pam/Makefile (deflated 54%)
  adding: contrib/pam_opa/pam/README.md (deflated 63%)
  adding: contrib/pam_opa/pam/authz.c (deflated 73%)
  adding: contrib/pam_opa/pam/authz.h (deflated 40%)
  adding: contrib/pam_opa/pam/display.c (deflated 70%)
  adding: contrib/pam_opa/pam/display.h (deflated 58%)
  adding: contrib/pam_opa/pam/flag.c (deflated 65%)
  adding: contrib/pam_opa/pam/flag.h (deflated 58%)
  adding: contrib/pam_opa/pam/http.c (deflated 62%)
  adding: contrib/pam_opa/pam/http.h (deflated 45%)
  adding: contrib/pam_opa/pam/json.c (deflated 68%)
  adding: contrib/pam_opa/pam/json.h (deflated 67%)
  adding: contrib/pam_opa/pam/log.c (deflated 62%)
  adding: contrib/pam_opa/pam/log.h (deflated 59%)
  adding: contrib/pam_opa/pam/pam.c (deflated 67%)
  adding: contrib/pam_opa/pam/pull.c (deflated 74%)
  adding: contrib/pam_opa/pam/pull.h (deflated 56%)
  adding: contrib/pam_opa/pam/sysinfo.c (deflated 66%)
  adding: contrib/pam_opa/pam/sysinfo.h (deflated 49%)
  adding: contrib/puppet_example/ (stored 0%)
  adding: contrib/puppet_example/README.md (deflated 58%)
  adding: contrib/puppet_example/blame_allowed.json (deflated 92%)
  adding: contrib/puppet_example/blame_denied.json (deflated 92%)
  adding: contrib/puppet_example/puppet_authz.rego (deflated 62%)
  adding: contrib/puppet_example/puppet_catalog.json (deflated 70%)
  adding: contrib/simplecov/ (stored 0%)
  adding: contrib/simplecov/README.md (deflated 55%)
  adding: contrib/simplecov/example/ (stored 0%)
  adding: contrib/simplecov/example/policy.rego (deflated 29%)
  adding: contrib/simplecov/example/policy_test.rego (deflated 4%)
  adding: contrib/simplecov/simplecov.rego (deflated 64%)
  adding: contrib/spring_authz/ (stored 0%)
  adding: contrib/spring_authz/.gitignore (deflated 10%)
  adding: contrib/spring_authz/README.md (deflated 59%)
  adding: contrib/spring_authz/pom.xml (deflated 65%)
  adding: contrib/spring_authz/src/ (stored 0%)
  adding: contrib/spring_authz/src/main/ (stored 0%)
  adding: contrib/spring_authz/src/main/java/ (stored 0%)
  adding: contrib/spring_authz/src/main/java/org/ (stored 0%)
  adding: contrib/spring_authz/src/main/java/org/openpolicyagent/ (stored 0%)
  adding: contrib/spring_authz/src/main/java/org/openpolicyagent/voter/ (stored 0%)
  adding: contrib/spring_authz/src/main/java/org/openpolicyagent/voter/OPADataRequest.java (deflated 44%)
  adding: contrib/spring_authz/src/main/java/org/openpolicyagent/voter/OPADataResponse.java (deflated 47%)
  adding: contrib/spring_authz/src/main/java/org/openpolicyagent/voter/OPAVoter.java (deflated 65%)
  adding: contrib/wasm/ (stored 0%)
  adding: contrib/wasm/cloudflare-worker/ (stored 0%)
  adding: contrib/wasm/cloudflare-worker/README.md (deflated 60%)
  adding: contrib/wasm/cloudflare-worker/docs/ (stored 0%)
  adding: contrib/wasm/cloudflare-worker/docs/CF-worker.drawio (deflated 24%)
  adding: contrib/wasm/cloudflare-worker/docs/CF-worker.png (deflated 8%)
  adding: contrib/wasm/cloudflare-worker/example.rego (deflated 36%)
  adding: contrib/wasm/cloudflare-worker/index.js (deflated 54%)
  adding: contrib/wasm/cloudflare-worker/metadata_wasm.json (deflated 36%)
  adding: contrib/wasm/cloudflare-worker/package-lock.json (deflated 33%)
  adding: contrib/wasm/cloudflare-worker/package.json (deflated 37%)
  adding: contrib/wasm/cloudflare-worker/webpack.config.js (deflated 44%)
Sending /home/jjustus3/kong-plugin-opa/kong-plugin-opa2-0.1.1-2.src.rock ...

Error: API failure: /upload_rock/22192

Looks like the raw rock was made. I am not familiar with luarocks builds that reference a different source other than its own in the:

source = {
   url = "git+https://github.com/open-policy-agent/contrib.git"
}

section.

image

image

The guys older rock file looks way smaller at 25kb... maybe I try removing the source ref.

https://github.com/luarocks/luarocks/wiki/Rockspec-format#build-rules

Makes me think the source ref matters... but the difference in KB sizes makes me think maybe it was a goof to ref that larger repo as part of the source vs his own codebase?

jeremyjpj0916 commented 1 year ago

Can try using this, see if it works for your needs: https://luarocks.org/modules/optum-ross/kong-plugin-opa2

https://luarocks.org/modules/optum-ross/kong-plugin-opa2/0.1.1-2

Dropped the original source ref pointing at the other repo(https://github.com/open-policy-agent/contrib.git), so now it just references the source code of the plugin folder in the rock.

# luarocks upload kong-plugin-opa2-0.1.1-2.rockspec --api-key=XXXXXXX --force
Sending kong-plugin-opa2-0.1.1-2.rockspec ...
Packing kong-plugin-opa2
Cloning into 'kong-plugin-opa'...
remote: Enumerating objects: 79, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (27/27), done.
remote: Total 79 (delta 10), reused 0 (delta 0), pack-reused 52
Unpacking objects: 100% (79/79), done.
  adding: kong-plugin-opa2-0.1.1-2.rockspec (deflated 53%)
  adding: kong-plugin-opa/ (stored 0%)
  adding: kong-plugin-opa/.busted (deflated 37%)
  adding: kong-plugin-opa/.devcontainer/ (stored 0%)
  adding: kong-plugin-opa/.devcontainer/Dockerfile (deflated 49%)
  adding: kong-plugin-opa/.devcontainer/devcontainer.json (deflated 34%)
  adding: kong-plugin-opa/.devcontainer/entrypoint.sh (deflated 50%)
  adding: kong-plugin-opa/.dockerignore (deflated 7%)
  adding: kong-plugin-opa/.editorconfig (deflated 42%)
  adding: kong-plugin-opa/.github/ (stored 0%)
  adding: kong-plugin-opa/.github/workflows/ (stored 0%)
  adding: kong-plugin-opa/.github/workflows/luarocks.yml (deflated 65%)
  adding: kong-plugin-opa/.luacheckrc (deflated 40%)
  adding: kong-plugin-opa/.luacov (deflated 57%)
  adding: kong-plugin-opa/Dockerfile (deflated 36%)
  adding: kong-plugin-opa/LICENSE (deflated 65%)
  adding: kong-plugin-opa/Makefile (deflated 66%)
  adding: kong-plugin-opa/README.md (deflated 63%)
  adding: kong-plugin-opa/doc/ (stored 0%)
  adding: kong-plugin-opa/doc/basic-sequence-diagram.png (deflated 13%)
  adding: kong-plugin-opa/doc/basic-sequence-diagram.txt (deflated 57%)
  adding: kong-plugin-opa/integration/ (stored 0%)
  adding: kong-plugin-opa/integration/docker-compose.test.yml (deflated 52%)
  adding: kong-plugin-opa/integration/docker-compose.yml (deflated 58%)
  adding: kong-plugin-opa/integration/testdata/ (stored 0%)
  adding: kong-plugin-opa/integration/testdata/kong-test.yml (deflated 56%)
  adding: kong-plugin-opa/integration/testdata/opa/ (stored 0%)
  adding: kong-plugin-opa/integration/testdata/opa/bundle/ (stored 0%)
  adding: kong-plugin-opa/integration/testdata/opa/bundle/httpapi/ (stored 0%)
  adding: kong-plugin-opa/integration/testdata/opa/bundle/httpapi/authz/ (stored 0%)
  adding: kong-plugin-opa/integration/testdata/opa/bundle/httpapi/authz/policy.rego (deflated 28%)
  adding: kong-plugin-opa/integration/testdata/postman/ (stored 0%)
  adding: kong-plugin-opa/integration/testdata/postman/docker.postman_environment.json (deflated 56%)
  adding: kong-plugin-opa/integration/testdata/postman/kong-plugin-opa.integration_tests.postman_collection.json (deflated 81%)
  adding: kong-plugin-opa/integration/testdata/postman/wait-for-services.sh (deflated 55%)
  adding: kong-plugin-opa/kong-plugin-opa2-0.1.1-2.rockspec (deflated 53%)
  adding: kong-plugin-opa/spec/ (stored 0%)
  adding: kong-plugin-opa/spec/__mocks__/ (stored 0%)
  adding: kong-plugin-opa/spec/__mocks__/resty/ (stored 0%)
  adding: kong-plugin-opa/spec/__mocks__/resty/http.lua (deflated 53%)
  adding: kong-plugin-opa/spec/__mocks__/resty/jwt.lua (deflated 37%)
  adding: kong-plugin-opa/spec/kong/ (stored 0%)
  adding: kong-plugin-opa/spec/kong/plugins/ (stored 0%)
  adding: kong-plugin-opa/spec/kong/plugins/opa/ (stored 0%)
  adding: kong-plugin-opa/spec/kong/plugins/opa/access_spec.lua (deflated 62%)
  adding: kong-plugin-opa/src/ (stored 0%)
  adding: kong-plugin-opa/src/kong/ (stored 0%)
  adding: kong-plugin-opa/src/kong/plugins/ (stored 0%)
  adding: kong-plugin-opa/src/kong/plugins/opa/ (stored 0%)
  adding: kong-plugin-opa/src/kong/plugins/opa/access.lua (deflated 58%)
  adding: kong-plugin-opa/src/kong/plugins/opa/handler.lua (deflated 41%)
  adding: kong-plugin-opa/src/kong/plugins/opa/schema.lua (deflated 78%)
Sending /home/jjustus3/kong-plugin-opa/kong-plugin-opa2-0.1.1-2.src.rock ...

Done: https://luarocks.org/modules/optum-ross/kong-plugin-opa2
JesseEstum commented 1 year ago

@jeremyjpj0916 Thanks for looking into this. Did we gain much over the status quo by spinning up a new git repo? Isn't that what https://github.com/wada-ama/kong-plugin-opa has in place today?

I believe the idea was to get strong linkage between the luarocks package and the authoritative github repo (this one).

jeremyjpj0916 commented 1 year ago

The OP wanted a fix that merged the PR into the src of this luarocks package. I think I did that with the version bump the original author had made on the src but didn't ever do a luarocks push.

A refactor to embedding this code if the OPA folks want it would be taking my repo, taking the plugin source and embedding it with the rockspec in their repo and becoming maintainers of it in a folder of their repo if they like. The dependency fix should work as is though from what I pushed to luarocks if that referenced repo had the latest kong opa plugin code.

The code reads as a independent kong plugin though so honestly embedding it in another mega repo isn't really the kong plugin way. The codebase should have its own maintainable separate repo and ci/cd.

Repo here to work with as a ref point: https://github.com/jeremyjpj0916/kong-plugin-opa

anderseknert commented 1 year ago

The contrib repo is largely community maintained, so if it makes sense to move something out of here in favor of a separate repo elsewhere, I have no objections to that. We can still reference it here, on the ecosystem page, the awesome OPA list, and wherever else makes sense.

jeremyjpj0916 commented 1 year ago

I just realized the source in that folder in this contrib repo is the same as the plugin source code in the independent repo woth a new PR that was added recently. I would say setting up a separate official kong opa dedicated plugin and readme and ci/cd is def the way to go vs a uber repo. Whether opa wants to maintain it or someone else tries to run with it. Could put it in the Optum OSS space @JesseEstum if opa does not want the burden of maintaining it.

JesseEstum commented 1 year ago

The OP wanted a fix that merged the PR into the src of this luarocks package. I think I did that with the version bump the original author had made on the src but didn't ever do a luarocks push.

Good catch! @jeremyjpj0916 you rock :) (lua package manager pun intended).

I would say setting up a separate official kong opa dedicated plugin and readme and ci/cd is def the way to go vs a uber repo. Whether opa wants to maintain it or someone else tries to run with it.

My vote is for the repo to live in the open-policy-agent org. To denote that it's a contributed plugin, perhaps a name like contrib-kong-opa-plugin would be appropriate. Rationale:

  1. The code already started out in a repo outside of the open-policy-agent org. Moving it out again would be going full circle.
  2. It would lend a sense of legitimacy to the plugin. People looking at it won't have to wonder about the lineage of the source code like they would if it's in an unfamiliar github org. Listing it on the ecosystem page and awesome OPA list will help legitimacy too, but some people will start with a github search so they may never see the ecosystem page/awesome OPA list.
  3. We'll presumably be able to retain @anderseknert's awesome stewardship and advocacy services.

Further my vote would be to:

  1. Place a README.md in the current contrib/kong_api_authz to link out to the new repo location
  2. Try to open up a luarocks github issue to get the kong-plugin-opa rock ownership transferred. It has over 2000 downloads, so there's clearly a user base pointed at it already. Let's help that user base out by maintaining the same package over time.

@anderseknert @jeremyjpj0916 @STKarthikAbiram your thoughts?

anderseknert commented 1 year ago

Thanks for the kind words!

I'll go with whatever you decide. Just let me know if/when you need me to do anything.

jeremyjpj0916 commented 1 year ago

@JesseEstum I think that makes sense.

If part 2 of your further on the luarocks ownership transfer and all that gets to be too delaying I don't think it would be all that bad an idea if there wasn't a new OPA contributor managed luarocks account stood up that could become a fresh updated source of truth for all things around this plugin now. Typically OSS users will find a way to get to the lastest and greatest one way or another.

STKarthikAbiram commented 1 year ago

@JesseEstum I agree with your points.

  1. Yes, it would be good to add a ReadMe file with instructions on how to build.
  2. If we want to move this to a separate repo, I would also recommend having the repo as part of open-policy-agent github org (and not moving it under a user or a different org)
  3. We can raise a ticket to see if we can get ownership of existing luarocks account which has 2k downloads. If we are not able to get, creating a new account with name as 'open-policy-agent' would be okay in the long run.