search

open-policy-agent / opa

Open Policy Agent (OPA) is an open source, general-purpose policy engine.
https://www.openpolicyagent.org
Apache License 2.0
9.57k stars 1.33k forks source link

Metadata annotations behavior is different than the spec #6742

Open msorens opened 4 months ago

msorens commented 4 months ago

Short description

With opa 0.64.1, the metadata is not being processed per the spec; so either opa is wrong or the spec is wrong on this. Regarding metadata annotations the spec says:

...every line in the comment block containing the annotation must start at Column 1 in the module/file, or otherwise, they will be ignored

Steps To Reproduce

Consider this rego file (note the description line comment does NOT start in column 1):

package test
import rego.v1

# METADATA
# title: rule
 # description: description
# custom: 
#  rule_types: [deny, allow]
allow if {
  true
}

Run opa inspect -a . on that directory.

Expected behavior

It should recognize both the title and custom properties.

Actual behavior

opa recognizes only the title property.

Additional context

It is acting as though the “comment block” should stop at the first line that is not in column 1. That is incorrect because the spec goes on to say that there is only one way to end a comment block:

...include a blank line immediately after the comment block containing the YAML document. This tells OPA that the comment block containing the YAML document is finished

ashutosh-narkar commented 4 months ago

@johanfylling is this expected behavior that needs a doc update or a bug?

johanfylling commented 4 months ago

I believe this is a matter of the documentation needing further clarification.

If a user wants to have comments inside the METADATA yaml, they can inline yaml-style comments, e.g.:

# METADATA
# title: foo
# # This is a comment
# description: bar

This might need explicit documentation too 🤔 .

ashutosh-narkar commented 4 months ago

Yeah would be good to document the expected behavior here.

stale[bot] commented 3 months ago

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue.