opa icon indicating copy to clipboard operation
opa copied to clipboard

Published 20 hours ago verified publisher icon open-policy-agent

Not able to access rego policies from other drive in windows

Open Punithckaccionlabs opened this issue 1 year ago • 7 comments

Not able to access rego policies from other drive in windows. Error while integrate with Golang. Ex: If go-binary/main.go is in the D drive and tries to access Rego policies located in the C drive(or vice-versa), an error occurs. loading policies: load: 1 error occurred during loading: CreateFile \Users\pck\AppData\Local\Temp\temp_dir_12342789295736: The system cannot find the path specified.

opa loader should identify windows C, D drives and load files

Quick fix has been added below.

Short description

OPA version = v0.67.0 Environment = windows 11 Error = loading policies: load: 1 error occurred during loading: CreateFile \Users\pck\AppData\Local\Temp\temp_dir_12342789295736: The system cannot find the path specified. System type = x64 based PC

Steps To Reproduce

  1. Place Rego policy files in the C drive.
  2. LoadPolicy from the D drive.
package main

import (
	"fmt"
	"os"

	opaPolicy "github.com/open-policy-agent/conftest/policy"
)
// Keep this code in D drive
// Create a directory in D drive and add dummy rego policies ex: D:\punith\opa-bug-reproduce
// Create a directory in C drive and add dummy rego policies ex: C:\Users\pck\AppData\Local\Temp\temp_dir_12342789295736
// go mod init opa-bug
// go get "github.com/open-policy-agent/conftest"
// go mod tidy
// go run main.go

func main() {
	currentWorkingDirectory, _ := os.Getwd()
	fmt.Println("Current Working Directory:", currentWorkingDirectory) // D:\punith\opa-bug-reproduce

	cDir := `C:\Users\pck\AppData\Local\Temp\temp_dir_12342789295736`
	dir := cDir
	_, err := opaPolicy.LoadWithData([]string{dir}, []string{dir}, "", false)
	if err != nil {
		fmt.Println("Error: error during loading with data", err)
		return
	}
	fmt.Println("successfully loaded")
}

Expected behavior

Code should be able to load rego policies from other drives(C or D or E drives) in windows

Additional context

  • Bug in code: https://github.com/open-policy-agent/opa/blob/main/loader/loader.go#L575

    • Current: if len(parts) == 2 && len(parts[0]) > 0 {
    • New: if len(parts) == 2 && len(parts[0]) > 1 {
    • Description: It should not separate the prefix if it detects C/D/E drives

  • New test case to be added: https://github.com/open-policy-agent/opa/blob/main/loader/loader_test.go#L825

{

  input:    `C:\foo\bar`,

  wantParts: []string{"foo", "bar"}

  wantPath: `C:\foo\bar`,
}

Punithckaccionlabs avatar Aug 05 '24 07:08 Punithckaccionlabs

Hi there, and thanks for filing an issue! It looks like you're pulling in a conftest module to load your policies.

opaPolicy "github.com/open-policy-agent/conftest/policy"

While this may very well be a bug in OPA, could you try and reproduce this with example code that only depends on OPA modules?

(or of course, file a bug in the conftest project if that's what you're using)

anderseknert avatar Aug 05 '24 07:08 anderseknert

We are using github.com/open-policy-agent/conftest/policy I Raised this issue in conftest project: https://github.com/open-policy-agent/conftest/issues/979 Thanks @anderseknert for quick reply

Punithckaccionlabs avatar Aug 05 '24 07:08 Punithckaccionlabs

👍 Yeah, again, this might very well be something we'll need to fix in OPA too. But let's first see what the conftest folks have to say :)

anderseknert avatar Aug 05 '24 08:08 anderseknert

I encountered a similar issue with OPA. Issue: Unable to retrieve Rego policies from other directories in windows

Sample Commands tried in my local with screenshot

  1. List example.rego and input.json file in D drive
  2. Evaluating policy[Success]
  3. List example.rego policy in C drive
  4. Evaluating policy[Failed, Error = CreateFile \\Users\\pck\\AppData\\Local\\Temp\\temp_dir_12342318055089\\example.rego: The system cannot find the path specified] Screenshot 2024-08-11 at 9 10 42 PM_Edited

To reproduce the issue:

  1. Create a Rego policy file on the C drive with the following content:

    File: example.rego

    package example.authz

default allow = false

allow {
    input.action == "merge"
    input.user == "admin"
}

  2. Create an input file with the following content:

    File: input.json

    {
  "action": "merge",
  "user": "admin"
}

  3. Run the following OPA eval command:

    .\opa.exe eval --input "D:\punith\opa-bug-reproduce\opa-library\test\input.json" --data "C:\Users\pck\AppData\Local\Temp\temp_dir_12342318055089\example.rego" "data.example.authz.allow"

pckvcode avatar Aug 11 '24 16:08 pckvcode

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue.

stale[bot] avatar Sep 11 '24 03:09 stale[bot]

@Punithckaccionlabs can you confirm that #7094 resolved this issue for you?

edit: unfortunately I don't think it does unless I am doing something wrong, but I tried the example from the issue and I got the same error.

sspaink avatar Mar 25 '25 14:03 sspaink

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue.

stale[bot] avatar Apr 24 '25 16:04 stale[bot]