Ashutosh Narkar
Ashutosh Narkar
@krissell closing this for now. Once we have more information on this feel free to re-open. If you'd like to submit a fix that would be great too. Thanks!
Great, thanks for following up on this! I'll re-open the issue. If you'd like to submit a fix please feel free to do so.
> File-reads could be allowed through a capabilities attribute (but might be an unnecessary addition). Are you suggesting extending the `capabilities` support to specify file refs?
Sounds good. I think it would be better if we specify the refs in the new field instead of a boolean attribute imo.
> so by default, $refs with the file:// scheme should not be allowed @johan could this be part of strict type checking?
Can you please provide an example of this case?
I've opened a CNCF Service Desk ticket to get the doc converted and published. I'll keep y'all posted about updates from the CNCF. Thanks.
Not yet. I have asked for an update. Once I hear back, I'll post here.
@gdlg the changes look fine. Have you tested this with an actual ECR-S3 scenario as described in https://github.com/open-policy-agent/opa/issues/6580?
> In our use case, it's very crucial to load all bundles on OPA startup. Whenever error happens, we need to handle it the way we want, and not just...