Add --stdin-input flag to opa exec command #6538
Comments
|
Sounds like a good addition to me. I was hoping something like this would work: echo '{"foo": "bar"}' | opa exec -b bundle/ --decision foo/bar /dev/stdinAnd it "works", but not really, as apparently we filter out any file which doesn't have a |
|
Sounds like a good one. @humbertoc-silva if you'd like to contribute that would be great! |
|
Yes @ashutosh-narkar, I would. I will see how things work on the |
|
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue. |
|
@humbertoc-silva have you had a chance to work on this? If not, I can give it a shot. |
|
I know @humbertoc-silva is a busy man, so go for it @colinjlacy 👍 |
|
Hi guys, I am so sorry but I did not have a chance to look at it. But you can count on me to do some tests. |
|
@anderseknert I was thinking this should support both JSON and YAML, since that's the current support for input files. I was also thinking there should probably be a timeout on stdin, with an exit 1 when the timeout expires. Maybe 20 or 30 seconds. Thoughts? |
|
We don't really have a precedence on timeouts for stdin I think, but I like the idea of having that. I always found it confusing that |
|
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue. |
|
Checking back in here. I'll be able to get back to this issue this coming week. Code is mostly done, just needs verification. Sorry for the delay! |
|
Welcome back, @colinjlacy 😃 |
What is the underlying problem you're trying to solve?
I am trying to figure out how to execute OPA inside a standard AWS Lambda. The requirements are:
So I'm working in a POC to see if the
opa execcommand is a good fit, but in my tests, I saw that theopa execcommand executes against input files. I can write an input.json file on the filesystem before invoking the command, but it would be cheaper if it were possible to pass input data from stdin, so I could dynamically build my input together command and invoke OPA.For example:
echo my_input | opa exec --stdin-input ...Describe the ideal solution
Adding the new flag, as we have on the
opa evalcommand, will make the use of OPA more flexible when using OPA as a command inside scripts.Describe a "Good Enough" solution
Maybe creating an input.json before invoking the OPA command, but this solution is not so efficient and more expensive.
Additional Context
There is an OPA integration with AWS API Gateway, but in my case, I'm trying to enforce authorization policies inside a standard AWS Lambda that could be written in any language. WebAssembly will not work because I need to use any kind of built-in function from Rego code.
The text was updated successfully, but these errors were encountered: