Not able to access rego policies from other drive in windows

Punithckaccionlabs commented 1 month ago

Not able to access rego policies from other drive in windows. Error while integrate with Golang. Ex: If go-binary/main.go is in the D drive and tries to access Rego policies located in the C drive(or vice-versa), an error occurs. loading policies: load: 1 error occurred during loading: CreateFile \Users\pck\AppData\Local\Temp\temp_dir_12342789295736: The system cannot find the path specified.

opa loader should identify windows C, D drives and load files

Quick fix has been added below.

Short description

OPA version = v0.67.0 Environment = windows 11 Error = loading policies: load: 1 error occurred during loading: CreateFile \Users\pck\AppData\Local\Temp\temp_dir_12342789295736: The system cannot find the path specified. System type = x64 based PC

Steps To Reproduce

Place Rego policy files in the C drive.
LoadPolicy from the D drive.

package main

import (
    "fmt"
    "os"

    opaPolicy "github.com/open-policy-agent/conftest/policy"
)
// Keep this code in D drive
// Create a directory in D drive and add dummy rego policies ex: D:\punith\opa-bug-reproduce
// Create a directory in C drive and add dummy rego policies ex: C:\Users\pck\AppData\Local\Temp\temp_dir_12342789295736
// go mod init opa-bug
// go get "github.com/open-policy-agent/conftest"
// go mod tidy
// go run main.go

func main() {
    currentWorkingDirectory, _ := os.Getwd()
    fmt.Println("Current Working Directory:", currentWorkingDirectory) // D:\punith\opa-bug-reproduce

    cDir := `C:\Users\pck\AppData\Local\Temp\temp_dir_12342789295736`
    dir := cDir
    _, err := opaPolicy.LoadWithData([]string{dir}, []string{dir}, "", false)
    if err != nil {
        fmt.Println("Error: error during loading with data", err)
        return
    }
    fmt.Println("successfully loaded")
}

Expected behavior

Code should be able to load rego policies from other drives(C or D or E drives) in windows

Additional context

Bug in code: https://github.com/open-policy-agent/opa/blob/main/loader/loader.go#L575
- Current: if len(parts) == 2 && len(parts[0]) > 0 {
- New: if len(parts) == 2 && len(parts[0]) > 1 {
- Description: It should not separate the prefix if it detects C/D/E drives
New test case to be added: https://github.com/open-policy-agent/opa/blob/main/loader/loader_test.go#L825

{

  input:    `C:\foo\bar`,

  wantParts: []string{"foo", "bar"}

  wantPath: `C:\foo\bar`,
}

anderseknert commented 1 month ago

Hi there, and thanks for filing an issue! It looks like you're pulling in a conftest module to load your policies.

opaPolicy "github.com/open-policy-agent/conftest/policy"

While this may very well be a bug in OPA, could you try and reproduce this with example code that only depends on OPA modules?

(or of course, file a bug in the conftest project if that's what you're using)

Punithckaccionlabs commented 1 month ago

We are using github.com/open-policy-agent/conftest/policy I Raised this issue in conftest project: https://github.com/open-policy-agent/conftest/issues/979 Thanks @anderseknert for quick reply

anderseknert commented 1 month ago

👍 Yeah, again, this might very well be something we'll need to fix in OPA too. But let's first see what the conftest folks have to say :)

pckvcode commented 1 month ago

I encountered a similar issue with OPA. Issue: Unable to retrieve Rego policies from other directories in windows

Sample Commands tried in my local with screenshot

List example.rego and input.json file in D drive
Evaluating policy[Success]
List example.rego policy in C drive
Evaluating policy[Failed, Error = CreateFile \\Users\\pck\\AppData\\Local\\Temp\\temp_dir_12342318055089\\example.rego: The system cannot find the path specified]

To reproduce the issue:

Create a Rego policy file on the C drive with the following content:

File: example.rego

package example.authz

default allow = false

allow {
    input.action == "merge"
    input.user == "admin"
}

Create an input file with the following content:

File: input.json
```
{
  "action": "merge",
  "user": "admin"
}
```

Run the following OPA eval command:

.\opa.exe eval --input "D:\punith\opa-bug-reproduce\opa-library\test\input.json" --data "C:\Users\pck\AppData\Local\Temp\temp_dir_12342318055089\example.rego" "data.example.authz.allow"

stale[bot] commented 4 days ago

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue.

open-policy-agent / opa