Using opa http.send with conftest

2.9k views Asked by At

I have a question about data importing and the execution of built-in opa function when using conftest. In the below code sample I have two modules abc and main. I've conveniently left out some of the set up for abc all that matters is that it's a working https call.

Working from the repl my code executes exactly as I intended, fetch data on the fly i.e. available and check if stuff is in that list. opa run -b . then hitting data.abc executes the https call i.e. I can see packets leave my interface and a response body containing the list I need is pulled in. I then get the expected result from deny. The same thing happens when running opa test . -v.

However running conftest verify -p . or conftest test abc/main.json -p . never executes http.send i.e. packets never leave my interface for the expected host.

I could use a static list rather than using the https call but I don't control when the list is updated. Is this expected/intended limitation of conftest? Can I execute these functions to build my data document and am I importing it correctly?

package abc

available = http.send(
  {
  "method": "get",
  "url": request.url,
  "headers": headers
  }
)
package main
import data.abc.available

deny[msg] {
    stuff := input.stuff
    not available.body[stuff]
    msg := sprintf("%v is not available", [stuff])
}
1

There are 1 answers

0
b0bu On BEST ANSWER

I feex. https://gist.github.com/b0bu/67d60fc0dbc5a9ae36406188117dfb36

The issue was import data.token as auth

auth was undefined, by extension subscirptionid was never populated. This was working in opa run -b . because of a slight difference in how the data document is structured. data.token.stuff was a thing which translated to data.stuff in conftest.