opal
opal copied to clipboard
Published
20 hours ago •
permitio
permitio
Cedar agent data update failure with git repo source
Hi.
Trying to have data.json and cedar policies in github instead of pointing to hosted file with OPAL_DATA_CONFIG_SOURCES.
Policies got imported into cedar agent with no issue. Data file seems to be detected in git repo but failing to PUT into cedar agent:
Got policy bundle with 3 rego files, 1 data files, commit hash: '75e829e3f52de49602367863444329c04b56cf43' (see client logs below)
To Reproduce docker-compose.yml
version: "3.8"
services:
opal_server:
image: permitio/opal-server:latest
environment:
- UVICORN_NUM_WORKERS=1
- OPAL_POLICY_REPO_URL=https://github.com/permitio/opal-cedar.git
- OPAL_POLICY_REPO_MAIN_BRANCH=main
- OPAL_POLICY_REPO_POLLING_INTERVAL=60
- OPAL_LOG_FORMAT_INCLUDE_PID=true
- OPAL_FILTER_FILE_EXTENSIONS=.json,.cedar
- OPAL_POLICY_REPO_POLICY_EXTENSIONS=.cedar
ports:
- "7002:7002"
opal_client:
# by default we run opal-client from latest official image
image: permitio/opal-client-cedar:latest
environment:
- OPAL_SERVER_URL=http://opal_server:7002
- OPAL_LOG_FORMAT_INCLUDE_PID=true
- OPAL_INLINE_OPA_LOG_FORMAT=http
ports:
- "7766:7000"
- "8180:8180"
depends_on:
- opal_server
command: sh -c "exec ./wait-for.sh opal_server:7002 --timeout=20 -- ./start.sh"
volumes:
opa_backup:
Opal_client logs:
docker-opal_client-1 | [2023-10-11 22:06:43 +0000] [1] [INFO] Starting gunicorn 20.1.0
docker-opal_client-1 | [2023-10-11 22:06:43 +0000] [1] [INFO] Listening at: http://0.0.0.0:7000 (1)
docker-opal_client-1 | [2023-10-11 22:06:43 +0000] [1] [INFO] Using worker: uvicorn.workers.UvicornWorker
docker-opal_client-1 | [2023-10-11 22:06:43 +0000] [17] [INFO] Booting worker with pid: 17
docker-opal_client-1 | 2023-10-11T22:06:43.804213+0000 | 17 | opal_client.policy_store.cedar_client | INFO | Authentication mode for policy store: PolicyStoreAuth.NONE
docker-opal_client-1 | 2023-10-11T22:06:43.807155+0000 | 17 | opal_common.fetcher.fetcher_register | INFO | Loading FetcherProvider 'FastApiRpcFetchProvider' found at: <class 'opal_common.fetcher.providers.fastapi_rpc_fetch_provider.FastApiRpcFetchProvider'>
docker-opal_client-1 | 2023-10-11T22:06:43.807338+0000 | 17 | opal_common.fetcher.fetcher_register | INFO | Loading FetcherProvider 'HttpFetchProvider' found at: <class 'opal_common.fetcher.providers.http_fetch_provider.HttpFetchProvider'>
docker-opal_client-1 | 2023-10-11T22:06:43.807448+0000 | 17 | opal_common.fetcher.fetcher_register | INFO | Fetcher Register loaded
docker-opal_client-1 | 2023-10-11T22:06:43.807882+0000 | 17 | opal_client.callbacks.register | INFO | Callbacks register loaded
docker-opal_client-1 | 2023-10-11T22:06:43.808388+0000 | 17 | opal_client.client | INFO | API authentication disabled (public encryption key was not provided)
docker-opal_client-1 | 2023-10-11T22:06:43.859824+0000 | 17 | opal_client.engine.runner | INFO | Launching engine runner
docker-opal_client-1 | 2023-10-11T22:06:43.860776+0000 | 17 | opal_client.engine.runner | INFO | Running policy engine inline: cedar-agent --addr 0.0.0.0 --port 8180
docker-opal_client-1 | 2023-10-11T22:06:44.869497+0000 | 17 | opal_client.engine.runner | INFO | Running policy engine initial start callbacks
docker-opal_client-1 | 2023-10-11T22:06:44.870854+0000 | 17 | opal_client.policy.updater | INFO | Launching policy updater
docker-opal_client-1 | 2023-10-11T22:06:44.871190+0000 | 17 | opal_client.data.updater | INFO | Launching data updater
docker-opal_client-1 | 2023-10-11T22:06:44.871432+0000 | 17 | opal_client.policy.updater | INFO | Subscribing to topics: ['policy:.']
docker-opal_client-1 | 2023-10-11T22:06:44.871974+0000 | 17 | opal_client.data.updater | INFO | Subscribing to topics: ['policy_data']
docker-opal_client-1 | 2023-10-11T22:06:44.872360+0000 | 17 | fastapi_websocket_pubsub.pub_sub_client | INFO | Trying to connect to Pub/Sub server - ws://opal_server:7002/ws
docker-opal_client-1 | 2023-10-11T22:06:44.872945+0000 | 17 | fastapi_websocket_rpc.websocket_rpc_c...| INFO | Trying server - ws://opal_server:7002/ws
docker-opal_client-1 | 2023-10-11T22:06:44.875457+0000 | 17 | fastapi_websocket_pubsub.pub_sub_client | INFO | Trying to connect to Pub/Sub server - ws://opal_server:7002/ws
docker-opal_client-1 | 2023-10-11T22:06:44.875861+0000 | 17 | fastapi_websocket_rpc.websocket_rpc_c...| INFO | Trying server - ws://opal_server:7002/ws
docker-opal_client-1 | 2023-10-11T22:06:44.907699+0000 | 17 | opal_client.policy.updater | INFO | Connected to server
docker-opal_client-1 | 2023-10-11T22:06:44.908358+0000 | 17 | opal_client.policy.updater | INFO | Refetching policy code (full bundle)
docker-opal_client-1 | 2023-10-11T22:06:44.908960+0000 | 17 | opal_client.policy.fetcher | INFO | Fetching policy bundle from http://opal_server:7002/policy
docker-opal_client-1 | 2023-10-11T22:06:44.911169+0000 | 17 | opal_client.data.updater | INFO | Connected to server
docker-opal_client-1 | 2023-10-11T22:06:44.911423+0000 | 17 | opal_client.data.updater | INFO | Performing data configuration, reason: Initial load
docker-opal_client-1 | 2023-10-11T22:06:44.911635+0000 | 17 | opal_client.data.updater | INFO | Getting data-sources configuration from 'http://opal_server:7002/data/config'
docker-opal_client-1 | 2023-10-11T22:06:44.937654+0000 | 17 | opal_client.policy.fetcher | INFO | Fetched valid bundle, id: 75e829e3f52de49602367863444329c04b56cf43
docker-opal_client-1 | 2023-10-11T22:06:44.938497+0000 | 17 | opal_client.policy.updater | INFO | Got policy bundle with 3 rego files, 1 data files, commit hash: '75e829e3f52de49602367863444329c04b56cf43'
docker-opal_client-1 | 2023-10-11T22:06:44.940555+0000 | 17 | opal_client.data.updater | INFO | Triggering data update with id: 706aa231c548413299e114acad4562d0
docker-opal_client-1 | 2023-10-11T22:06:44.940848+0000 | 17 | opal_client.data.updater | INFO | Fetching policy data
docker-opal_client-1 | 2023-10-11T22:06:44.941465+0000 | 17 | opal_client.data.fetcher | INFO | Fetching data from url: http://host.docker.internal:7002/policy-data
docker-opal_client-1 | 2023-10-11T22:06:44.943655+0000 | 17 | fastapi_websocket_pubsub.pub_sub_client | INFO | Connected to PubSub server ws://opal_server:7002/ws
docker-opal_client-1 | 2023-10-11T22:06:44.955497+0000 | 17 | opal_client.data.updater | INFO | Saving fetched data to policy-store: source url='http://host.docker.internal:7002/policy-data', destination path='/'
docker-opal_client-1 | 2023-10-11T22:06:44.956107+0000 | 17 | opal_client.policy_store.cedar_client |WARNING | OPAL client was instructed to put something that is not a list on Cedar. This will probably not work.
docker-opal_client-1 | 2023-10-11T22:06:44.961146+0000 | 17 | opal_client.policy_store.cedar_client |WARNING | Cedar Agent connection error: ContentTypeError(RequestInfo(url=URL('http://localhost:8180/v1/data'), method='PUT', headers=<CIMultiDictProxy('Host': 'localhost:8180', 'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate', 'User-Agent': 'Python/3.10 aiohttp/3.8.4', 'Content-Length': '2', 'Content-Type': 'application/json')>, real_url=URL('http://localhost:8180/v1/data')), (), message='Attempt to decode JSON with unexpected mimetype: text/html; charset=utf-8', headers=<CIMultiDictProxy('Content-Type': 'text/html; charset=utf-8', 'Server': 'Rocket', 'permissions-policy': 'interest-cohort=()', 'x-frame-options': 'SAMEORIGIN', 'x-content-type-options': 'nosniff', 'Content-Length': '444', 'Date': 'Wed, 11 Oct 2023 22:06:44 GMT')>)
docker-opal_client-1 | 2023-10-11T22:06:44.966446+0000 | 17 | fastapi_websocket_pubsub.pub_sub_client | INFO | Connected to PubSub server ws://opal_server:7002/ws
docker-opal_client-1 | 2023-10-11T22:06:46.963546+0000 | 17 | opal_client.policy_store.cedar_client |WARNING | OPAL client was instructed to put something that is not a list on Cedar. This will probably not work.
docker-opal_client-1 | 2023-10-11T22:06:46.966623+0000 | 17 | opal_client.policy_store.cedar_client |WARNING | Cedar Agent connection error: ContentTypeError(RequestInfo(url=URL('http://localhost:8180/v1/data'), method='PUT', headers=<CIMultiDictProxy('Host': 'localhost:8180', 'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate', 'User-Agent': 'Python/3.10 aiohttp/3.8.4', 'Content-Length': '2', 'Content-Type': 'application/json')>, real_url=URL('http://localhost:8180/v1/data')), (), message='Attempt to decode JSON with unexpected mimetype: text/html; charset=utf-8', headers=<CIMultiDictProxy('Content-Type': 'text/html; charset=utf-8', 'Server': 'Rocket', 'permissions-policy': 'interest-cohort=()', 'x-frame-options': 'SAMEORIGIN', 'x-content-type-options': 'nosniff', 'Content-Length': '444', 'Date': 'Wed, 11 Oct 2023 22:06:46 GMT')>)
docker-opal_client-1 | 2023-10-11T22:06:46.967160+0000 | 17 | opal_client.data.updater |ERROR | Failed to save data update to policy-store
docker-opal_client-1 | Traceback (most recent call last):
docker-opal_client-1 |
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/tenacity/_asyncio.py", line 50, in __call__
docker-opal_client-1 | result = await fn(*args, **kwargs)
docker-opal_client-1 | │ │ └ {'transaction_id': '706aa231c548413299e114acad4562d0', 'path': ''}
docker-opal_client-1 | │ └ (<opal_client.policy_store.cedar_client.CedarClient object at 0x7fa1fe6a74f0>, {})
docker-opal_client-1 | └ <function CedarClient.set_policy_data at 0x7fa1fe63c280>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/opal_client-0.7.0-py3.10.egg/opal_client/policy_store/cedar_client.py", line 187, in set_policy_data
docker-opal_client-1 | response = await proxy_response_unless_invalid(
docker-opal_client-1 | └ <function proxy_response_unless_invalid at 0x7fa1fe64c820>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/opal_client-0.7.0-py3.10.egg/opal_client/policy_store/opa_client.py", line 69, in proxy_response_unless_invalid
docker-opal_client-1 | error = await raw_response.json()
docker-opal_client-1 | │ └ <function ClientResponse.json at 0x7fa1feb85e10>
docker-opal_client-1 | └ <ClientResponse(http://localhost:8180/v1/data) [422 Unprocessable Entity]>
docker-opal_client-1 | <CIMultiDictProxy('Content-Type': 'text/html; char...
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/aiohttp/client_reqrep.py", line 1104, in json
docker-opal_client-1 | raise ContentTypeError(
docker-opal_client-1 | └ <class 'aiohttp.client_exceptions.ContentTypeError'>
docker-opal_client-1 |
docker-opal_client-1 | aiohttp.client_exceptions.ContentTypeError: 0, message='Attempt to decode JSON with unexpected mimetype: text/html; charset=utf-8', url=URL('http://localhost:8180/v1/data')
docker-opal_client-1 |
docker-opal_client-1 |
docker-opal_client-1 | The above exception was the direct cause of the following exception:
docker-opal_client-1 |
docker-opal_client-1 |
docker-opal_client-1 | Traceback (most recent call last):
docker-opal_client-1 |
docker-opal_client-1 | File "/usr/local/bin/gunicorn", line 33, in <module>
docker-opal_client-1 | sys.exit(load_entry_point('gunicorn==20.1.0', 'console_scripts', 'gunicorn')())
docker-opal_client-1 | │ │ └ <function importlib_load_entry_point at 0x7fa201216dd0>
docker-opal_client-1 | │ └ <built-in function exit>
docker-opal_client-1 | └ <module 'sys' (built-in)>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/gunicorn/app/wsgiapp.py", line 67, in run
docker-opal_client-1 | WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
docker-opal_client-1 | └ <class 'gunicorn.app.wsgiapp.WSGIApplication'>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/gunicorn/app/base.py", line 231, in run
docker-opal_client-1 | super().run()
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/gunicorn/app/base.py", line 72, in run
docker-opal_client-1 | Arbiter(self).run()
docker-opal_client-1 | │ └ <gunicorn.app.wsgiapp.WSGIApplication object at 0x7fa2011f7ee0>
docker-opal_client-1 | └ <class 'gunicorn.arbiter.Arbiter'>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/gunicorn/arbiter.py", line 202, in run
docker-opal_client-1 | self.manage_workers()
docker-opal_client-1 | │ └ <function Arbiter.manage_workers at 0x7fa2006fb1c0>
docker-opal_client-1 | └ <gunicorn.arbiter.Arbiter object at 0x7fa200217820>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/gunicorn/arbiter.py", line 551, in manage_workers
docker-opal_client-1 | self.spawn_workers()
docker-opal_client-1 | │ └ <function Arbiter.spawn_workers at 0x7fa2006fb2e0>
docker-opal_client-1 | └ <gunicorn.arbiter.Arbiter object at 0x7fa200217820>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/gunicorn/arbiter.py", line 622, in spawn_workers
docker-opal_client-1 | self.spawn_worker()
docker-opal_client-1 | │ └ <function Arbiter.spawn_worker at 0x7fa2006fb250>
docker-opal_client-1 | └ <gunicorn.arbiter.Arbiter object at 0x7fa200217820>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/gunicorn/arbiter.py", line 589, in spawn_worker
docker-opal_client-1 | worker.init_process()
docker-opal_client-1 | │ └ <function UvicornWorker.init_process at 0x7fa1ff2c2710>
docker-opal_client-1 | └ <uvicorn.workers.UvicornWorker object at 0x7fa200fdc760>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/uvicorn/workers.py", line 66, in init_process
docker-opal_client-1 | super(UvicornWorker, self).init_process()
docker-opal_client-1 | │ └ <uvicorn.workers.UvicornWorker object at 0x7fa200fdc760>
docker-opal_client-1 | └ <class 'uvicorn.workers.UvicornWorker'>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/gunicorn/workers/base.py", line 142, in init_process
docker-opal_client-1 | self.run()
docker-opal_client-1 | │ └ <function UvicornWorker.run at 0x7fa1ff2c2950>
docker-opal_client-1 | └ <uvicorn.workers.UvicornWorker object at 0x7fa200fdc760>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/uvicorn/workers.py", line 98, in run
docker-opal_client-1 | return asyncio.run(self._serve())
docker-opal_client-1 | │ │ │ └ <function UvicornWorker._serve at 0x7fa1ff2c28c0>
docker-opal_client-1 | │ │ └ <uvicorn.workers.UvicornWorker object at 0x7fa200fdc760>
docker-opal_client-1 | │ └ <function run at 0x7fa200281c60>
docker-opal_client-1 | └ <module 'asyncio' from '/usr/local/lib/python3.10/asyncio/__init__.py'>
docker-opal_client-1 | File "/usr/local/lib/python3.10/asyncio/runners.py", line 44, in run
docker-opal_client-1 | return loop.run_until_complete(main)
docker-opal_client-1 | │ │ └ <coroutine object UvicornWorker._serve at 0x7fa1fe635310>
docker-opal_client-1 | │ └ <method 'run_until_complete' of 'uvloop.loop.Loop' objects>
docker-opal_client-1 | └ <uvloop.Loop running=True closed=False debug=False>
docker-opal_client-1 | > File "/usr/local/lib/python3.10/site-packages/opal_client-0.7.0-py3.10.egg/opal_client/data/updater.py", line 410, in update_policy_data
docker-opal_client-1 | await store_transaction.set_policy_data(
docker-opal_client-1 | │ └ <function AbstractPolicyStore.set_policy_data at 0x7fa1fe7a44c0>
docker-opal_client-1 | └ <opal_client.policy_store.base_policy_store_client.PolicyStoreTransactionContextManager object at 0x7fa1fe597f40>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/tenacity/_asyncio.py", line 88, in async_wrapped
docker-opal_client-1 | return await fn(*args, **kwargs)
docker-opal_client-1 | │ │ └ {'transaction_id': '706aa231c548413299e114acad4562d0', 'path': ''}
docker-opal_client-1 | │ └ (<opal_client.policy_store.cedar_client.CedarClient object at 0x7fa1fe6a74f0>, {})
docker-opal_client-1 | └ <function CedarClient.set_policy_data at 0x7fa1fe63c310>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/tenacity/_asyncio.py", line 47, in __call__
docker-opal_client-1 | do = self.iter(retry_state=retry_state)
docker-opal_client-1 | │ │ └ <RetryCallState 140333733739248: attempt #2; slept for 2.0; last result: failed (ContentTypeError 0, message='Attempt to deco...
docker-opal_client-1 | │ └ <function BaseRetrying.iter at 0x7fa1fe87db40>
docker-opal_client-1 | └ <AsyncRetrying object at 0x7fa1fe6654b0 (stop=<tenacity.stop.stop_after_attempt object at 0x7fa1fe666650>, wait=<tenacity.wai...
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/tenacity/__init__.py", line 326, in iter
docker-opal_client-1 | raise retry_exc from fut.exception()
docker-opal_client-1 | │ │ └ <function Future.exception at 0x7fa200283ac0>
docker-opal_client-1 | │ └ <Future at 0x7fa1fe596260 state=finished raised ContentTypeError>
docker-opal_client-1 | └ RetryError(<Future at 0x7fa1fe596260 state=finished raised ContentTypeError>)
docker-opal_client-1 |
docker-opal_client-1 | tenacity.RetryError: RetryError[<Future at 0x7fa1fe596260 state=finished raised ContentTypeError>]
docker-opal_client-1 | 2023-10-11T22:06:46.980088+0000 | 17 | opal_client...base_policy_store_client |ERROR | OPA transaction failed, transaction id=706aa231c548413299e114acad4562d0, actions=['set_policy_data'], error=RetryError(<Future at 0x7fa1fe596260 state=finished raised ContentTypeError>)
docker-opal_client-1 | 2023-10-11T22:06:46.980436+0000 | 17 | asyncio.runners |ERROR | Task exception was never retrieved
docker-opal_client-1 | future: <Task finished name='Task-50' coro=<DataUpdater.update_policy_data() done, defined at /usr/local/lib/python3.10/site-packages/opal_client-0.7.0-py3.10.egg/opal_client/data/updater.py:305> exception=RetryError(<Future at 0x7fa1fe596260 state=finished raised ContentTypeError>)>
docker-opal_client-1 | Traceback (most recent call last):
docker-opal_client-1 |
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/tenacity/_asyncio.py", line 50, in __call__
docker-opal_client-1 | result = await fn(*args, **kwargs)
docker-opal_client-1 | │ │ └ {'transaction_id': '706aa231c548413299e114acad4562d0', 'path': ''}
docker-opal_client-1 | │ └ (<opal_client.policy_store.cedar_client.CedarClient object at 0x7fa1fe6a74f0>, {})
docker-opal_client-1 | └ <function CedarClient.set_policy_data at 0x7fa1fe63c280>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/opal_client-0.7.0-py3.10.egg/opal_client/policy_store/cedar_client.py", line 187, in set_policy_data
docker-opal_client-1 | response = await proxy_response_unless_invalid(
docker-opal_client-1 | └ <function proxy_response_unless_invalid at 0x7fa1fe64c820>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/opal_client-0.7.0-py3.10.egg/opal_client/policy_store/opa_client.py", line 69, in proxy_response_unless_invalid
docker-opal_client-1 | error = await raw_response.json()
docker-opal_client-1 | │ └ <function ClientResponse.json at 0x7fa1feb85e10>
docker-opal_client-1 | └ <ClientResponse(http://localhost:8180/v1/data) [422 Unprocessable Entity]>
docker-opal_client-1 | <CIMultiDictProxy('Content-Type': 'text/html; char...
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/aiohttp/client_reqrep.py", line 1104, in json
docker-opal_client-1 | raise ContentTypeError(
docker-opal_client-1 | └ <class 'aiohttp.client_exceptions.ContentTypeError'>
docker-opal_client-1 |
docker-opal_client-1 | aiohttp.client_exceptions.ContentTypeError: 0, message='Attempt to decode JSON with unexpected mimetype: text/html; charset=utf-8', url=URL('http://localhost:8180/v1/data')
docker-opal_client-1 |
docker-opal_client-1 |
docker-opal_client-1 | The above exception was the direct cause of the following exception:
docker-opal_client-1 |
docker-opal_client-1 |
docker-opal_client-1 | Traceback (most recent call last):
docker-opal_client-1 |
docker-opal_client-1 | > File "/usr/local/lib/python3.10/site-packages/opal_client-0.7.0-py3.10.egg/opal_client/data/updater.py", line 410, in update_policy_data
docker-opal_client-1 | await store_transaction.set_policy_data(
docker-opal_client-1 | │ └ <function AbstractPolicyStore.set_policy_data at 0x7fa1fe7a44c0>
docker-opal_client-1 | └ <opal_client.policy_store.base_policy_store_client.PolicyStoreTransactionContextManager object at 0x7fa1fe597f40>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/tenacity/_asyncio.py", line 88, in async_wrapped
docker-opal_client-1 | return await fn(*args, **kwargs)
docker-opal_client-1 | │ │ └ {'transaction_id': '706aa231c548413299e114acad4562d0', 'path': ''}
docker-opal_client-1 | │ └ (<opal_client.policy_store.cedar_client.CedarClient object at 0x7fa1fe6a74f0>, {})
docker-opal_client-1 | └ <function CedarClient.set_policy_data at 0x7fa1fe63c310>
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/tenacity/_asyncio.py", line 47, in __call__
docker-opal_client-1 | do = self.iter(retry_state=retry_state)
docker-opal_client-1 | │ │ └ <RetryCallState 140333733739248: attempt #2; slept for 2.0; last result: failed (ContentTypeError 0, message='Attempt to deco...
docker-opal_client-1 | │ └ <function BaseRetrying.iter at 0x7fa1fe87db40>
docker-opal_client-1 | └ <AsyncRetrying object at 0x7fa1fe6654b0 (stop=<tenacity.stop.stop_after_attempt object at 0x7fa1fe666650>, wait=<tenacity.wai...
docker-opal_client-1 | File "/usr/local/lib/python3.10/site-packages/tenacity/__init__.py", line 326, in iter
docker-opal_client-1 | raise retry_exc from fut.exception()
docker-opal_client-1 | │ │ └ <function Future.exception at 0x7fa200283ac0>
docker-opal_client-1 | │ └ <Future at 0x7fa1fe596260 state=finished raised ContentTypeError>
docker-opal_client-1 | └ RetryError(<Future at 0x7fa1fe596260 state=finished raised ContentTypeError>)
docker-opal_client-1 |
docker-opal_client-1 | tenacity.RetryError: RetryError[<Future at 0x7fa1fe596260 state=finished raised ContentTypeError>]
opal_server logs:
docker-opal_server-1 | [2023-10-11 22:06:42 +0000] [1] [INFO] Starting gunicorn 20.1.0
docker-opal_server-1 | [2023-10-11 22:06:42 +0000] [1] [INFO] Listening at: http://0.0.0.0:7002 (1)
docker-opal_server-1 | [2023-10-11 22:06:42 +0000] [1] [INFO] Using worker: uvicorn.workers.UvicornWorker
docker-opal_server-1 | 2023-10-11 22:06:42.602 | WARNING | __config__:when_ready:34 - Finished pre loading scopes...
docker-opal_server-1 | [2023-10-11 22:06:42 +0000] [9] [INFO] Booting worker with pid: 9
docker-opal_server-1 | 2023-10-11T22:06:42.686067+0000 | 9 | opal_server.server | INFO | OPAL was not provided with JWT encryption keys, cannot verify api requests!
docker-opal_server-1 | 2023-10-11T22:06:42.686581+0000 | 9 | opal_server.pubsub | INFO | Pub/Sub broadcaster is off
docker-opal_server-1 | 2023-10-11T22:06:42.789356+0000 | 9 | opal_server.server | INFO | *** OPAL Server Startup ***
docker-opal_server-1 | 2023-10-11T22:06:42.789855+0000 | 9 | opal_server.server | INFO | leadership lock acquired, leader pid: 9
docker-opal_server-1 | 2023-10-11T22:06:42.790182+0000 | 9 | opal_server.policy.watcher.factory | INFO | Policy repo will be cloned to: /opal/regoclone/opal_repo_clone
docker-opal_server-1 | 2023-10-11T22:06:42.790433+0000 | 9 | opal_server.policy.watcher.task | INFO | Launching policy watcher
docker-opal_server-1 | 2023-10-11T22:06:42.791083+0000 | 9 | opal_server.data.data_update_publisher | INFO | [9] Starting Polling Updates
docker-opal_server-1 | 2023-10-11T22:06:42.791241+0000 | 9 | opal_server.policy.watcher.task | INFO | listening on webhook topic: 'webhook'
docker-opal_server-1 | 2023-10-11T22:06:42.791574+0000 | 9 | fastapi_websocket_pubsub.event_notifier | INFO | New subscription {'id': 'fca79695e9dd444bb486859d96e2e939', 'subscriber_id': '6eb7e0282cc7497a9d38c469ced6e125', 'topic': 'webhook', 'callback': <bound method BasePolicyWatcherTask._on_webhook of <opal_server.policy.watcher.task.PolicyWatcherTask object at 0x7ff326246a40>>, 'notifier_id': None}
docker-opal_server-1 | 2023-10-11T22:06:42.793203+0000 | 9 | opal_common.git.repo_cloner | INFO | Cloning repo from 'https://github.com/permitio/opal-cedar.git' to '/opal/regoclone/opal_repo_clone' (branch: 'main')
docker-opal_server-1 | 2023-10-11T22:06:43.717110+0000 | 9 | opal_common.git.repo_cloner | INFO | Clone succeeded
docker-opal_server-1 | 2023-10-11T22:06:43.726942+0000 | 9 | opal_common.sources.base_policy_source | INFO | Launching polling task, interval: 60 seconds
docker-opal_server-1 | 2023-10-11T22:06:43.728191+0000 | 9 | opal_common.sources.git_policy_source | INFO | Pulling changes from remote: 'origin'
docker-opal_server-1 | 2023-10-11T22:06:44.211314+0000 | 9 | opal_common.sources.git_policy_source | INFO | No new commits: HEAD is at '75e829e3f52de49602367863444329c04b56cf43'
docker-opal_server-1 | 2023-10-11T22:06:44.893050+0000 | 9 | fastapi_websocket_rpc.websocket_rpc_e...| INFO | Client connected
docker-opal_server-1 | 2023-10-11T22:06:44.894768+0000 | 9 | websockets.legacy.server | INFO | connection open
docker-opal_server-1 | 2023-10-11T22:06:44.897425+0000 | 9 | fastapi_websocket_rpc.websocket_rpc_e...| INFO | Client connected
docker-opal_server-1 | 2023-10-11T22:06:44.898380+0000 | 9 | websockets.legacy.server | INFO | connection open
docker-opal_server-1 | 2023-10-11T22:06:44.904518+0000 | 9 | fastapi_websocket_pubsub.event_notifier | INFO | New subscription {'id': '7a9d0b1a1b204ad2a8db18f7f504f9a5', 'subscriber_id': '6c5083514eef481cb34019aa50ddc28e', 'topic': 'policy:.', 'callback': <function RpcEventServerMethods.subscribe.<locals>.callback at 0x7ff32618b7f0>, 'notifier_id': None}
docker-opal_server-1 | 2023-10-11T22:06:44.907471+0000 | 9 | fastapi_websocket_pubsub.event_notifier | INFO | New subscription {'id': '39f793442c214debb9e189a283f908f8', 'subscriber_id': '9972790b106e4b98bb894530d6a108c0', 'topic': 'policy_data', 'callback': <function RpcEventServerMethods.subscribe.<locals>.callback at 0x7ff32618b910>, 'notifier_id': None}
docker-opal_server-1 | 2023-10-11T22:06:44.916540+0000 | 9 | opal_server.data.api | INFO | Serving source configuration
docker-opal_server-1 | 2023-10-11T22:06:44.917983+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.19.0.3:57564 - "GET /data/config HTTP/1.1" 200
docker-opal_server-1 | 2023-10-11T22:06:44.928880+0000 | 9 | opal_common.git.bundle_maker | INFO | Using root manifest dir path (new-fashioned): '.'
docker-opal_server-1 | 2023-10-11T22:06:44.929151+0000 | 9 | opal_common.git.bundle_maker | INFO | Compiling manifest file .manifest
docker-opal_server-1 | 2023-10-11T22:06:44.931315+0000 | 9 | opal_common.git.bundle_maker | INFO | Manifest file .manifest not found, assuming empty
docker-opal_server-1 | 2023-10-11T22:06:44.936421+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 172.19.0.3:57560 - "GET /policy?path=. HTTP/1.1" 200
docker-opal_server-1 | 2023-10-11T22:06:44.952194+0000 | 9 | opal_server.data.api |WARNING | Serving default all-data route, meaning DATA_CONFIG_SOURCES was not configured!
docker-opal_server-1 | 2023-10-11T22:06:44.952924+0000 | 9 | uvicorn.protocols.http.httptools_impl | INFO | 192.168.65.1:37987 - "GET /policy-data HTTP/1.1" 200
docker-opal_server-1 | 2023-10-11T22:07:44.178535+0000 | 9 | opal_common.sources.git_policy_source | INFO | Pulling changes from remote: 'origin'
docker-opal_server-1 | 2023-10-11T22:07:44.731852+0000 | 9 | opal_common.sources.git_policy_source | INFO | No new commits: HEAD is at '75e829e3f52de49602367863444329c04b56cf43'
docker-opal_server-1 | 2023-10-11T22:08:44.696416+0000 | 9 | opal_common.sources.git_policy_source | INFO | Pulling changes from remote: 'origin'
docker-opal_server-1 | 2023-10-11T22:08:45.239101+0000 | 9 | opal_common.sources.git_policy_source | INFO | No new commits: HEAD is at '75e829e3f52de49602367863444329c04b56cf43'
docker-opal_server-1 | 2023-10-11T22:09:45.197922+0000 | 9 | opal_common.sources.git_policy_source | INFO | Pulling changes from remote: 'origin'
docker-opal_server-1 | 2023-10-11T22:09:45.700202+0000 | 9 | opal_common.sources.git_policy_source | INFO | No new commits: HEAD is at '75e829e3f52de49602367863444329c04b56cf43'
docker-opal_server-1 | 2023-10-11T22:10:45.663637+0000 | 9 | opal_common.sources.git_policy_source | INFO | Pulling changes from remote: 'origin'
docker-opal_server-1 | 2023-10-11T22:10:46.190948+0000 | 9 | opal_common.sources.git_policy_source | INFO | No new commits: HEAD is at '75e829e3f52de49602367863444329c04b56cf43'
Expected behavior
Data.json file from imported into cedar agent and available via curl -X GET "http://localhost:8180/v1/data" -H "Accept: application/json"
OPAL version
- permitio/opal-server:latest
- permitio/opal-client-cedar:latest
@roekatz Unfortunately I won't be able to take a look at it this week. Can you open a ticket for that so I won't forget it. CC: @obsd
