search

permitio / opal-fetcher-postgres

An OPAL custom data fetcher to bring authorization state from Postgres
https://opal.ac
Apache License 2.0
20 stars 20 forks source link

opal-client failed #3

Closed hongbo-miao closed 3 years ago

hongbo-miao commented 3 years ago

When I run docker compose up, I get error:

opal-client log ```shell [2021-08-23 17:43:31 +0000] [1] [INFO] Starting gunicorn 20.1.0 [2021-08-23 17:43:31 +0000] [1] [INFO] Listening at: http://0.0.0.0:7000 (1) [2021-08-23 17:43:31 +0000] [1] [INFO] Using worker: uvicorn.workers.UvicornWorker [2021-08-23 17:43:31 +0000] [9] [INFO] Booting worker with pid: 9 2021-08-23T17:43:31.756294+0000 |opal_common.fetcher.fetcher_register | INFO | Loading FetcherProvider 'FastApiRpcFetchProvider' found at: 2021-08-23T17:43:31.756561+0000 |opal_common.fetcher.fetcher_register | INFO | Loading FetcherProvider 'HttpFetchProvider' found at: 2021-08-23T17:43:31.776586+0000 |opal_common.fetcher.fetcher_register | INFO | Loading FetcherProvider 'PostgresFetchProvider' found at: 2021-08-23T17:43:31.776740+0000 |opal_common.fetcher.fetcher_register | INFO | Fetcher Register loaded 2021-08-23T17:43:31.797014+0000 |opal_client.opa.runner | INFO | Launching opa runner 2021-08-23T17:43:31.798399+0000 |opal_client.opa.runner | INFO | Running OPA inline: opa run --server --addr=:8181 --authentication=off --authorization=off --log-level=info 2021-08-23T17:43:31.813046+0000 |opal_client.opa.logger | INFO | Initializing server. {'addrs': [':8181'], 'diagnostic-addrs': [], 'time': '2021-08-23T17:43:31Z'} 2021-08-23T17:43:32.804447+0000 |opal_client.opa.runner | INFO | Running OPA initial start callbacks 2021-08-23T17:43:32.805396+0000 |opal_client.policy.updater | INFO | Launching policy updater 2021-08-23T17:43:32.805677+0000 |opal_client.data.updater | INFO | Launching data updater 2021-08-23T17:43:32.805880+0000 |opal_client.policy.updater | INFO | Subscribing to topics: ['policy:.'] 2021-08-23T17:43:32.806317+0000 |opal_client.data.updater | INFO | Subscribing to topics: ['policy_data'] 2021-08-23T17:43:32.806967+0000 |fastapi_websocket_pubsub.pub_sub_client | INFO | Trying to connect to Pub/Sub server - ws://opal_server:7002/ws 2021-08-23T17:43:32.807783+0000 |fastapi_websocket_rpc.websocket_rpc_c...| INFO | Trying server - ws://opal_server:7002/ws 2021-08-23T17:43:32.811801+0000 |fastapi_websocket_pubsub.pub_sub_client | INFO | Trying to connect to Pub/Sub server - ws://opal_server:7002/ws 2021-08-23T17:43:32.812388+0000 |fastapi_websocket_rpc.websocket_rpc_c...| INFO | Trying server - ws://opal_server:7002/ws 2021-08-23T17:43:32.871213+0000 |opal_client.policy.updater | INFO | Connected to server 2021-08-23T17:43:32.871684+0000 |opal_client.policy.updater | INFO | Refetching policy code (full bundle) 2021-08-23T17:43:32.873803+0000 |opal_client.data.updater | INFO | Connected to server 2021-08-23T17:43:32.873948+0000 |opal_client.data.updater | INFO | Performing data configuration, reason: Initial load 2021-08-23T17:43:32.874025+0000 |opal_client.data.updater | INFO | Getting data-sources configuration from 'http://opal_server:7002/data/config' 2021-08-23T17:43:32.879804+0000 |opal_client.data.updater | INFO | Triggering data update with id: bda17568be5c4c3180f8d62f387e6f0e 2021-08-23T17:43:32.879997+0000 |opal_client.data.updater | INFO | Fetching policy data 2021-08-23T17:43:32.880289+0000 |opal_client.data.fetcher | INFO | Fetching data from url: postgresql://postgres@example_db:5432/postgres 2021-08-23T17:43:32.896534+0000 |fastapi_websocket_pubsub.pub_sub_client | INFO | Connected to PubSub server ws://opal_server:7002/ws 2021-08-23T17:43:32.898193+0000 |opal_client.policy.updater | INFO | got policy bundle, commit hash: 'c60470ef8046152a8498d81df0eff66ddd1632e2' 2021-08-23T17:43:32.900306+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41390', 'req_id': 1, 'req_method': 'GET', 'req_path': '/v1/policies', 'time': '2021-08-23T17:43:32Z'} 2021-08-23T17:43:32.901079+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41390', 'req_id': 1, 'req_method': 'GET', 'req_path': '/v1/policies', 'resp_bytes': 13, 'resp_duration': 0.568914, 'resp_status': 200, 'time': '2021-08-23T17:43:32Z'} 2021-08-23T17:43:32.903906+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41392', 'req_id': 2, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'time': '2021-08-23T17:43:32Z'} 2021-08-23T17:43:32.906962+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41392', 'req_id': 2, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'resp_bytes': 315, 'resp_duration': 3.040543, 'resp_status': 400, 'time': '2021-08-23T17:43:32Z'} 2021-08-23T17:43:32.913913+0000 |opal_client.data.updater | INFO | Saving fetched data to policy-store: source url='postgresql://postgres@example_db:5432/postgres', destination path='/cities' 2021-08-23T17:43:32.915890+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41394', 'req_id': 3, 'req_method': 'PUT', 'req_path': '/v1/data/cities', 'time': '2021-08-23T17:43:32Z'} 2021-08-23T17:43:32.916704+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41394', 'req_id': 3, 'req_method': 'PUT', 'req_path': '/v1/data/cities', 'resp_bytes': 0, 'resp_duration': 0.889005, 'resp_status': 204, 'time': '2021-08-23T17:43:32Z'} 2021-08-23T17:43:32.992279+0000 |opal_client.opa.logger | INFO | OPA is out of date. {'current_version': '0.30.2', 'download_opa': 'https://openpolicyagent.org/downloads/v0.31.0/opa_linux_amd64', 'latest_version': '0.31.0', 'release_notes': 'https://github.com/open-policy-agent/opa/releases/tag/v0.31.0', 'time': '2021-08-23T17:43:32Z'} 2021-08-23T17:43:34.911369+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41396', 'req_id': 4, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'time': '2021-08-23T17:43:34Z'} 2021-08-23T17:43:34.912880+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41396', 'req_id': 4, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'resp_bytes': 315, 'resp_duration': 1.120678, 'resp_status': 400, 'time': '2021-08-23T17:43:34Z'} 2021-08-23T17:43:34.913772+0000 |opal_client...base_policy_store_client |WARNING | OPA transaction failed, transaction id=c60470ef8046152a8498d81df0eff66ddd1632e2, actions=['set_policies'], error=RetryError() 2021-08-23T17:43:34.914065+0000 |fastapi_websocket_rpc.websocket_rpc_c...|ERROR | RPC Error Traceback (most recent call last): File "/root/.local/lib/python3.8/site-packages/tenacity/_asyncio.py", line 45, in __call__ result = await fn(*args, **kwargs) │ │ └ {'policy_id': 'rbac.rego', 'policy_code': '# Role-based Access Control (RBAC)\n# --------------------------------\n#\n# This ... │ └ (,) └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 173, in set_policy return await proxy_response_unless_invalid(opa_response, accepted_status_codes=[status.HTTP_200_OK]) │ │ │ └ 200 │ │ └ │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 54, in proxy_response_unless_invalid raise ValueError("OPA Client: unexpected status code: {}, error: {}".format(response.status_code, error)) │ │ └ {'code': 'invalid_parameter', 'message': 'error(s) occurred while compiling module(s)', 'errors': [{'code': 'rego_type_error'... │ └ 400 └ ValueError: OPA Client: unexpected status code: 400, error: {'code': 'invalid_parameter', 'message': 'error(s) occurred while compiling module(s)', 'errors': [{'code': 'rego_type_error', 'message': 'undefined function data.utils.hasPermission', 'location': {'file': 'rbac.rego', 'row': 37, 'col': 2}}]} The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/root/.local/bin/gunicorn", line 8, in sys.exit(run()) │ │ └ │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 67, in run WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run() └ File "/root/.local/lib/python3.8/site-packages/gunicorn/app/base.py", line 231, in run super().run() File "/root/.local/lib/python3.8/site-packages/gunicorn/app/base.py", line 72, in run Arbiter(self).run() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 202, in run self.manage_workers() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 551, in manage_workers self.spawn_workers() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 622, in spawn_workers self.spawn_worker() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 589, in spawn_worker worker.init_process() │ └ File "/root/.local/lib/python3.8/site-packages/uvicorn/workers.py", line 64, in init_process super(UvicornWorker, self).init_process() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/workers/base.py", line 142, in init_process self.run() │ └ File "/root/.local/lib/python3.8/site-packages/uvicorn/workers.py", line 77, in run loop.run_until_complete(server.serve(sockets=self.sockets)) │ │ │ │ │ └ [] │ │ │ │ └ │ │ │ └ │ │ └ │ └ > File "/root/.local/lib/python3.8/site-packages/fastapi_websocket_rpc/websocket_rpc_client.py", line 127, in __connect__ await self.channel.on_connect() │ │ └ │ └ File "/root/.local/lib/python3.8/site-packages/fastapi_websocket_rpc/rpc_channel.py", line 237, in on_connect await self.on_handler_event(self._connect_handlers, self) │ │ │ │ └ │ │ │ └ [ │ └ File "/root/.local/lib/python3.8/site-packages/fastapi_websocket_rpc/rpc_channel.py", line 234, in on_handler_event await asyncio.gather(*(callback(*args, **kwargs) for callback in handlers)) │ │ │ │ └ [,) │ └ File "/root/.local/lib/python3.8/site-packages/fastapi_websocket_pubsub/pub_sub_client.py", line 217, in _primary_on_connect await asyncio.gather(*(callback(self, channel) for callback in self._on_connect)) │ │ │ │ │ └ [>] │ │ │ │ └ │ │ │ └ │ │ └ │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy/updater.py", line 108, in _on_connect await self.update_policy() │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy/updater.py", line 214, in update_policy await store_transaction.set_policies(bundle) │ │ └ PolicyBundle(manifest=['data.json', 'rbac.rego', 'utils.rego'], hash='c60470ef8046152a8498d81df0eff66ddd1632e2', old_hash=Non... │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 256, in set_policies return await self._set_policies_from_complete_bundle(bundle) │ │ └ PolicyBundle(manifest=['data.json', 'rbac.rego', 'utils.rego'], hash='c60470ef8046152a8498d81df0eff66ddd1632e2', old_hash=Non... │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 268, in _set_policies_from_complete_bundle await self.set_policy(policy_id=module.path, policy_code=module.rego) │ │ │ │ │ └ '# Role-based Access Control (RBAC)\n# --------------------------------\n#\n# This example defines an RBAC model for a Pet St... │ │ │ │ └ RegoModule(path='rbac.rego', package_name='app.rbac', rego='# Role-based Access Control (RBAC)\n# ---------------------------... │ │ │ └ 'rbac.rego' │ │ └ RegoModule(path='rbac.rego', package_name='app.rbac', rego='# Role-based Access Control (RBAC)\n# ---------------------------... │ └ .async_wrapped at 0x7f7fa0b1daf0> └ File "/root/.local/lib/python3.8/site-packages/tenacity/_asyncio.py", line 79, in async_wrapped return await fn(*args, **kwargs) │ │ └ {'policy_id': 'rbac.rego', 'policy_code': '# Role-based Access Control (RBAC)\n# --------------------------------\n#\n# This ... │ └ (,) └ File "/root/.local/lib/python3.8/site-packages/tenacity/_asyncio.py", line 42, in __call__ do = self.iter(retry_state=retry_state) │ │ └ │ └ , wait= │ │ │ └ │ │ └ RetryError() │ └ File "", line 3, in raise_from tenacity.RetryError: RetryError[] 2021-08-23T17:43:35.858602+0000 |fastapi_websocket_rpc.websocket_rpc_c...| INFO | Trying server - ws://opal_server:7002/ws 2021-08-23T17:43:35.869748+0000 |opal_client.policy.updater | INFO | Connected to server 2021-08-23T17:43:35.869938+0000 |opal_client.policy.updater | INFO | Refetching policy code (full bundle) 2021-08-23T17:43:35.892245+0000 |opal_client.policy.updater | INFO | got policy bundle, commit hash: 'c60470ef8046152a8498d81df0eff66ddd1632e2' 2021-08-23T17:43:35.893954+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41402', 'req_id': 5, 'req_method': 'GET', 'req_path': '/v1/policies', 'time': '2021-08-23T17:43:35Z'} 2021-08-23T17:43:35.894336+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41402', 'req_id': 5, 'req_method': 'GET', 'req_path': '/v1/policies', 'resp_bytes': 13, 'resp_duration': 0.153132, 'resp_status': 200, 'time': '2021-08-23T17:43:35Z'} 2021-08-23T17:43:35.896196+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41404', 'req_id': 6, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'time': '2021-08-23T17:43:35Z'} 2021-08-23T17:43:35.897293+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41404', 'req_id': 6, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'resp_bytes': 315, 'resp_duration': 1.059368, 'resp_status': 400, 'time': '2021-08-23T17:43:35Z'} 2021-08-23T17:43:37.901788+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41406', 'req_id': 7, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'time': '2021-08-23T17:43:37Z'} 2021-08-23T17:43:37.902706+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41406', 'req_id': 7, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'resp_bytes': 315, 'resp_duration': 0.967893, 'resp_status': 400, 'time': '2021-08-23T17:43:37Z'} 2021-08-23T17:43:37.903923+0000 |opal_client...base_policy_store_client |WARNING | OPA transaction failed, transaction id=c60470ef8046152a8498d81df0eff66ddd1632e2, actions=['set_policies'], error=RetryError() 2021-08-23T17:43:37.904287+0000 |fastapi_websocket_rpc.websocket_rpc_c...|ERROR | RPC Error Traceback (most recent call last): File "/root/.local/lib/python3.8/site-packages/tenacity/_asyncio.py", line 45, in __call__ result = await fn(*args, **kwargs) │ │ └ {'policy_id': 'rbac.rego', 'policy_code': '# Role-based Access Control (RBAC)\n# --------------------------------\n#\n# This ... │ └ (,) └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 173, in set_policy return await proxy_response_unless_invalid(opa_response, accepted_status_codes=[status.HTTP_200_OK]) │ │ │ └ 200 │ │ └ │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 54, in proxy_response_unless_invalid raise ValueError("OPA Client: unexpected status code: {}, error: {}".format(response.status_code, error)) │ │ └ {'code': 'invalid_parameter', 'message': 'error(s) occurred while compiling module(s)', 'errors': [{'code': 'rego_type_error'... │ └ 400 └ ValueError: OPA Client: unexpected status code: 400, error: {'code': 'invalid_parameter', 'message': 'error(s) occurred while compiling module(s)', 'errors': [{'code': 'rego_type_error', 'message': 'undefined function data.utils.hasPermission', 'location': {'file': 'rbac.rego', 'row': 37, 'col': 2}}]} The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/root/.local/bin/gunicorn", line 8, in sys.exit(run()) │ │ └ │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 67, in run WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run() └ File "/root/.local/lib/python3.8/site-packages/gunicorn/app/base.py", line 231, in run super().run() File "/root/.local/lib/python3.8/site-packages/gunicorn/app/base.py", line 72, in run Arbiter(self).run() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 202, in run self.manage_workers() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 551, in manage_workers self.spawn_workers() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 622, in spawn_workers self.spawn_worker() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 589, in spawn_worker worker.init_process() │ └ File "/root/.local/lib/python3.8/site-packages/uvicorn/workers.py", line 64, in init_process super(UvicornWorker, self).init_process() │ └ File "/root/.local/lib/python3.8/site-packages/gunicorn/workers/base.py", line 142, in init_process self.run() │ └ File "/root/.local/lib/python3.8/site-packages/uvicorn/workers.py", line 77, in run loop.run_until_complete(server.serve(sockets=self.sockets)) │ │ │ │ │ └ [] │ │ │ │ └ │ │ │ └ │ │ └ │ └ > File "/root/.local/lib/python3.8/site-packages/fastapi_websocket_rpc/websocket_rpc_client.py", line 127, in __connect__ await self.channel.on_connect() │ │ └ │ └ File "/root/.local/lib/python3.8/site-packages/fastapi_websocket_rpc/rpc_channel.py", line 237, in on_connect await self.on_handler_event(self._connect_handlers, self) │ │ │ │ └ │ │ │ └ [ │ └ File "/root/.local/lib/python3.8/site-packages/fastapi_websocket_rpc/rpc_channel.py", line 234, in on_handler_event await asyncio.gather(*(callback(*args, **kwargs) for callback in handlers)) │ │ │ │ └ [,) │ └ File "/root/.local/lib/python3.8/site-packages/fastapi_websocket_pubsub/pub_sub_client.py", line 217, in _primary_on_connect await asyncio.gather(*(callback(self, channel) for callback in self._on_connect)) │ │ │ │ │ └ [>] │ │ │ │ └ │ │ │ └ │ │ └ │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy/updater.py", line 108, in _on_connect await self.update_policy() │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy/updater.py", line 214, in update_policy await store_transaction.set_policies(bundle) │ │ └ PolicyBundle(manifest=['data.json', 'rbac.rego', 'utils.rego'], hash='c60470ef8046152a8498d81df0eff66ddd1632e2', old_hash=Non... │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 256, in set_policies return await self._set_policies_from_complete_bundle(bundle) │ │ └ PolicyBundle(manifest=['data.json', 'rbac.rego', 'utils.rego'], hash='c60470ef8046152a8498d81df0eff66ddd1632e2', old_hash=Non... │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 268, in _set_policies_from_complete_bundle await self.set_policy(policy_id=module.path, policy_code=module.rego) │ │ │ │ │ └ '# Role-based Access Control (RBAC)\n# --------------------------------\n#\n# This example defines an RBAC model for a Pet St... │ │ │ │ └ RegoModule(path='rbac.rego', package_name='app.rbac', rego='# Role-based Access Control (RBAC)\n# ---------------------------... │ │ │ └ 'rbac.rego' │ │ └ RegoModule(path='rbac.rego', package_name='app.rbac', rego='# Role-based Access Control (RBAC)\n# ---------------------------... │ └ .async_wrapped at 0x7f7fa0b1daf0> └ File "/root/.local/lib/python3.8/site-packages/tenacity/_asyncio.py", line 79, in async_wrapped return await fn(*args, **kwargs) │ │ └ {'policy_id': 'rbac.rego', 'policy_code': '# Role-based Access Control (RBAC)\n# --------------------------------\n#\n# This ... │ └ (,) └ File "/root/.local/lib/python3.8/site-packages/tenacity/_asyncio.py", line 42, in __call__ do = self.iter(retry_state=retry_state) │ │ └ │ └ , wait= │ │ │ └ │ │ └ RetryError() │ └ File "", line 3, in raise_from tenacity.RetryError: RetryError[] 2021-08-23T17:43:39.286038+0000 |fastapi_websocket_rpc.websocket_rpc_c...| INFO | Trying server - ws://opal_server:7002/ws 2021-08-23T17:43:39.297423+0000 |opal_client.policy.updater | INFO | Connected to server 2021-08-23T17:43:39.297608+0000 |opal_client.policy.updater | INFO | Refetching policy code (full bundle) 2021-08-23T17:43:39.328751+0000 |opal_client.policy.updater | INFO | got policy bundle, commit hash: 'c60470ef8046152a8498d81df0eff66ddd1632e2' 2021-08-23T17:43:39.331631+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41412', 'req_id': 8, 'req_method': 'GET', 'req_path': '/v1/policies', 'time': '2021-08-23T17:43:39Z'} 2021-08-23T17:43:39.332070+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41412', 'req_id': 8, 'req_method': 'GET', 'req_path': '/v1/policies', 'resp_bytes': 13, 'resp_duration': 0.132113, 'resp_status': 200, 'time': '2021-08-23T17:43:39Z'} 2021-08-23T17:43:39.334898+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41414', 'req_id': 9, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'time': '2021-08-23T17:43:39Z'} 2021-08-23T17:43:39.336371+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41414', 'req_id': 9, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'resp_bytes': 315, 'resp_duration': 0.946037, 'resp_status': 400, 'time': '2021-08-23T17:43:39Z'} 2021-08-23T17:43:41.342537+0000 |opal_client.opa.logger | INFO | Received request. {'client_addr': '127.0.0.1:41416', 'req_id': 10, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'time': '2021-08-23T17:43:41Z'} 2021-08-23T17:43:41.344037+0000 |opal_client.opa.logger | INFO | Sent response. {'client_addr': '127.0.0.1:41416', 'req_id': 10, 'req_method': 'PUT', 'req_path': '/v1/policies/rbac.rego', 'resp_bytes': 315, 'resp_duration': 1.443397, 'resp_status': 400, 'time': '2021-08-23T17:43:41Z'} 2021-08-23T17:43:41.345722+0000 |opal_client...base_policy_store_client |WARNING | OPA transaction failed, transaction id=c60470ef8046152a8498d81df0eff66ddd1632e2, actions=['set_policies'], error=RetryError() 2021-08-23T17:43:41.346221+0000 |fastapi_websocket_rpc.websocket_rpc_c...|ERROR | RPC Error Traceback (most recent call last): File "/root/.local/lib/python3.8/site-packages/tenacity/_asyncio.py", line 45, in __call__ result = await fn(*args, **kwargs) │ │ └ {'policy_id': 'rbac.rego', 'policy_code': '# Role-based Access Control (RBAC)\n# --------------------------------\n#\n# This ... │ └ (,) └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 173, in set_policy return await proxy_response_unless_invalid(opa_response, accepted_status_codes=[status.HTTP_200_OK]) │ │ │ └ 200 │ │ └ │ └ File "/usr/local/lib/python3.8/site-packages/opal_client-0.1.11-py3.8.egg/opal_client/policy_store/opa_client.py", line 54, in proxy_response_unless_invalid raise ValueError("OPA Client: unexpected status code: {}, error: {}".format(response.status_code, error)) │ │ └ {'code': 'invalid_parameter', 'message': 'error(s) occurred while compiling module(s)', 'errors': [{'code': 'rego_type_error'... │ └ 400 └ ```

I tried to have a clean setup by

docker system prune
docker rm -f $(docker ps -a -q)  # Delete all containers
docker volume rm $(docker volume ls -q)  # Delete all volumes

and run again, but still same. Any idea? thanks!

asafc commented 3 years ago

sorry - i broke the example repo - it only works with opal version on master. (did not release v0.1.12 yet).

i am reverting. will update again in few minutes.

asafc commented 3 years ago

@Hongbo-Miao reverted, please try again.

hongbo-miao commented 3 years ago

Cool, now it works, thanks!