search

open-policy-agent / kube-mgmt

Sidecar for managing OPA instances in Kubernetes.
Apache License 2.0
239 stars 106 forks source link

fix: retries for policies cm comprised of multiple dependent file #163

Closed eshepelyuk closed 2 years ago

eshepelyuk commented 2 years ago

This fixes an error when loading multiple policy files from a single config map. kube-mgmt is sorting config map keys so it may happen that some files ( like a.rego ) is loaded before it's dependencies. Since config map is not modified anymore - the policy is kept unloaded, although it's completely correct.

A simple retry is completely fixing the issue, since just another load may be successful because the dependencies (functions) were already loaded

---
kind: ConfigMap
metadata:
  name: multi-file-policy
  labels:
    kube-mgmt/e2e: "true"
    openpolicyagent.org/policy: rego
apiVersion: v1
data:
  a.rego: |
    package my_pkg
    import data.my_pkg.functions.my_func
    default my_rule := false
    my_rule {
      my_func(input.hello)
    }
  b.rego: |
    package my_pkg.functions
    my_func(str) := startswith("world", str)
eshepelyuk commented 2 years ago

Code looks good to me, but there's no description or issue linked, so it's a bit hard to know what this solves.

I am sorry. I should have put it to draft for now. will update description later.