opa
opa copied to clipboard
annotations: allow URL pointer to JSON schema
Annotations may currently point to a JSON schema on disk, and requires this location to be provided by the tool, e.g. opa eval
. It would be very handy if we as an alternative to this allowed a schema to be retrieved from an URL pointed out in the annotation.
# METADATA
# schemas:
# - input: https://json.schemastore.org/github-action.json
package github.actions
Some thoughts:
- Should this be enabled by default or require a flag? I'm leaning towards the former, with capabilites extended to disable it.
- Caching? The
opa eval
development cycle can be quite intensive, and you wouldn't want to have the same schema fetched again and again. Additionally, while I doubt this will DDOS any service provider, it would be courteous to not hammer them with requests.
@aavarghese @vazirim thoughts on this? 😃
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.
@anderseknert missed responding to this earlier but this does seem very useful and practical - not all schemas especially Kubernetes related need to be loaded on disk. So +1 for this feature!
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.
So, this is actually possible already, using the undocumented inline format.
# METADATA
# schemas:
# - input: {"$ref": "http://localhost:8000/schema.json"}
As this is about to be both documented, and properly supported ( see https://github.com/open-policy-agent/opa/pull/5689 ) I think we're good to close this :)