236 questions
Score of 0
0 answers
69 views
Issues with OPA/Reg Policy Compilation to WASM
I'm working on a Rego/OPA policy, specifically for checking azure resources diagnostic settings compliant based on specified parameters. However, I'm having several issues when trying to compile my ...
Score of 0
1 answer
178 views
Do Rego policies compiled into WASM modules support `http.send`?
The OPA WASM documentation mentions that built-in functions like http.send are not natively supported by WASM.
However, I was able to successfully compile and evaluate WASM modules from Rego policies ...
Score of 1
0 answers
135 views
Writing an OPA Policy that enforces tagging, but only for AWS resources that allow tagging
In the project I'm working on, we're getting OPA failures because our policy checks for tags on resources, but some resources do not allow tags, such as SNS.
Is it possible to write a policy that can ...
Score of 2
0 answers
103 views
Translating a Rego policy to AWS Cedar
I have the following dummy Rego policy
is_permitted if {
owner := dataowner.resources[input.resource][input.resource_id].owner
permitted_members := data.owners[owner].permissions[input....
Score of 0
1 answer
217 views
Compress json file >= 60MB in Go to file tar.gz
When I compress a json file >= 60MB, I get an error that the data is insufficient and only 28MB is available.
func CreateTarGz(sourceDir, targetFile string) error {
target, err := os.Create(...
Score of 0
2 answers
106 views
rego language multiple rules in same violation
These are rules that are part of a
apiVersion: templates.gatekeeper.sh/v1
kind: ConstraintTemplate
Can you help me understand why this works (preventing the creation of deployments out of the limits):...
Score of 0
0 answers
112 views
opal client is very slow
I'm using OPAL(Open Policy Administration Layer) .
OPAL is fetching rego files from gitlab and I have about 200 rego files in gitlab.
when opal-client is started, it has 4 minutes to start up the opal-...
Score of 1
0 answers
168 views
OPA | Conftest incorrect parse yaml file
ResourceQuota object definition involves limits keys with dots and there is issue to get the value of the limits:
policy.rego
package main
deny_incorrect_memory_unit[msg] {
input.kind == "...
Score of 1
1 answer
162 views
OPA Gatekeeper: match everything
In OPA Gatekeeper, is there a configuration for spec.match.kinds in a constraint to match everything?
I've tried using a bunch of combinations, like this a one:
...
spec:
match:
kinds:
- ...
Score of 3
0 answers
893 views
x509: certificate is not valid for any names, but wanted to match admission-controller.opa-istio.svc
I m trying to enable mTLS in STRICT mode in Istio on my cluster with OPA, but when I try to create a pod, I m getting error:
Error from server (InternalError): Internal error occurred: failed calling ...
Score of 2
1 answer
250 views
Cannot load github.com/open-policy-agent/opa/capabilities: no Go source files
I was trying to install the OPA library using command
go get github.com/open-policy-agent/opa/rego
but installation is getting stuck with message
build github.com/open-policy-agent/opa/capabilities: ...
Score of 2
1 answer
781 views
OPA Gatekeeper Policy to block priviliged Pods
Since 2 days I try to create a simple OPA Gatekeeper Policy which blocks the creation of pods with "privileged:true" for some namespaces.
Some more details:
Im using opa-gatekeeper in ...
Score of 1
0 answers
686 views
How to debug and fix "SSL handshake failed" for Kafka broker in docker-compose?
ULTIMATE GOAL:
I make a research trying to understand how Kafka and OPA Plugin integrated between each other and how easy it will be to use OPA Plugin in production.
STEPS:
I followed OPA Policy Agent ...
Score of 0
1 answer
340 views
OPA doesn't find key if its value is false
I have noticed that if a certain key has false as a value, OPA ignores it. Take this policy code:
package play
violation[{"msg": msg}] {
provided := {context | input.securityContext[...
Score of 0
2 answers
542 views
Opa eval command line - always evaluates to false
Attempting to evaluate opa via command line but for some reason the evaluation output is always set to false. In this case, the rego policy is just validating the input checking if the RoleID has ...