Open PietervdWerk opened 4 days ago
Hi, thanks for raising the issue here. (Slack Thread)
This might be a bit of a hack, but could you use os.Setenv("OPA_BUILD", "my-custom-build")
and then use environment variables in the config: https://www.openpolicyagent.org/docs/latest/configuration/#using-environment-variables-in-configuration
for the labels
key: https://www.openpolicyagent.org/docs/latest/configuration/#miscellaneous
I no it's not super neat, but it might unblock you.
Yes, you're right; that would be a solution. However, our clients download our runtime and our bundle to be part of our trust network. Since we don’t control how they run their instance, we also don’t manage the configuration YAML. I would love to control this from the runtime itself.
Ok interesting, so beyond the most minimal config file needed to download the bundle, what configuration is being set by clients in their OPA config files? Are they making use of other OPA features that are out of your control?
I was wondering if you might be able to use Discovery Bundles https://www.openpolicyagent.org/docs/latest/management-discovery/ to minimise the different things that users need to change. The realised configuration might be able to abstract the variable substitution?
What is the underlying problem you're trying to solve?
When extending OPA with your own functions or plugins, there is nothing in the decision log indicating that the OPA runtime that ran the evaluation is in fact a custom build OPA runtime.
Describe the ideal solution
I would like to programmatically add a label to the decision log that indicates the custom version. A ldflag can be used to pass the build tag into the binary. And some kind of hook could be used to add the label to manager's labels.
Describe a "Good Enough" solution
I do not know a simpler solution, but all ideas are welcome!
Additional Context
The OPA config allows a labels setting to add labels to the Decision Log for that instance, as far as I could see, there is no way to add to the config programmatically.
https://openpolicyagent.slack.com/archives/CBR63TK2A/p1729599666570109