OPA support for persisted bundles with names using special characters in Windows #6915
Comments
|
@alvarogomez93 do you know if two different bundles can exist where the only difference is the query component? If not it would seem like a good enough solution to just strip that out. But if |
|
@anderseknert in our case I believe the only difference in the name is the ?context part when we use separate data/policy bundles |
|
For clarity, here is an example: (thanks @alvarogomez93 for the pointers) "bundles": {
"foo": {
"persist": true,
"polling": {
"max_delay_seconds": 15,
"min_delay_seconds": 10
},
"resource": "/bundles/foo"
},
"foo?type=context": {
"persist": true,
"polling": {
"max_delay_seconds": 15,
"min_delay_seconds": 10
},
"resource": "/bundles/foo?type=context"
}
} |
|
Thanks! That means we'll just have to decode it into something that is considered valid for a filename on all systems. |
|
Adding a new config that specifies the relative persistence path and defaults to the bundle name seems like a good choice. |
|
That would still leave us with a broken default in the case reported, and would put the onus on the user to change the configuration to work around the issue... that they may not even be aware of. So I'd go with just making a simple exception for this case, where we just escape (or transform) values that aren't valid for filesystem paths in any given OS we support. |
|
Sure. Sorry I meant let's fix this. And the configurable path option seems like good functionality to include. |
…ory name In Windows there are some reserved characters that cannot be used in the names of files and directories (eg. ?, *). If a bundle name contains these and if it's configured to be persisted, the operation will fail on Windows. This change attempts to fix this on Windows systems by escaping any encountered reserved characters before using them in the bundle persistence path. Fixes: open-policy-agent#6915 Signed-off-by: Ashutosh Narkar <[email protected]>
…ory name In Windows there are some reserved characters that cannot be used in the names of files and directories (eg. ?, *). If a bundle name contains these and if it's configured to be persisted, the operation will fail on Windows. This change attempts to fix this on Windows systems by escaping any encountered reserved characters before using them in the bundle persistence path. Fixes: #6915 Signed-off-by: Ashutosh Narkar <[email protected]>
github-project-automation
bot
moved this from Planning - v0.68
to Done
in Open Policy Agent
What is the underlying problem you're trying to solve?
If a bundle uses a special character like such as
?in bundle name in the bundles config, Windows will fail to write the folder that persists the bundle since it uses the bundle name as a basis for the folder name.For example, if a bundle is called:
foo?context=bar, then the directory:foo?context=barcannot be created to place thebundle.tar.gzinside.An example config is:
Describe the ideal solution
Allow setting a different folder name per bundle in the OPA config file.
Describe a "Good Enough" solution
Strip the special characters of the bundle name before creating the folder.
The text was updated successfully, but these errors were encountered: