opa icon indicating copy to clipboard operation
opa copied to clipboard
verified publisher icon open-policy-agent

bug: Panic when using a JSON schema with recursive elements

Open liamg opened this issue 3 years ago • 0 comments

Short description

I'm using the Go API to apply some policies to a variety of different inputs. I'm using a JSON schema for each input type to validate rules and have come across a panic when using a schema with recursive elements. Minimal example below.

  • OPA version: v0.44.0

The example below is simplified for readability but we need this feature to parse tree structures etc.

Steps To Reproduce

  1. Use the following schema (schema.json):
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://github.com/open-policy-agent/opa/issues/5166",
  "type": "object",
  "properties": {
    "Something": {
      "$ref": "#/$defs/X"
    }
  },
  "$defs": {
    "X": {
      "type": "object",
      "properties": {
        "Y": {
          "$ref": "#/$defs/Y"
        }
      }
    },
    "Y": {
      "type": "object",
      "properties": {
        "X": {
          "$ref": "#/$defs/X"
        }
      }
    }
  }
}
  1. Run opa check -s schema.json input.json (where input.rego is pretty much anything)
  2. KABOOM

Expected behavior

The input.rego should be validated against the input schema.

Happy to have a go at fixing this if I can manage it :crossed_fingers:

liamg avatar Sep 21 '22 15:09 liamg