Open Policy Agent
Built-in match_schema seems to ignore string patterns #544
Unanswered
jimfdavies
asked this question in
OPA and Rego
Replies: 1 comment 1 reply
-
|
OK. Found this: open-policy-agent/opa#6089 |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Yeah, that's an annoying issue :/ |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We use string match patterns to check our config values are as expected.
We have three in-house tools, each using different JSON schema validation libraries and pattern matching works no problem.
We would like to replace these tools with OPA (or Conftest) but evaluation seems to show that 'pattern' for strings is not being caught by json.match_schema.
I can see 'pattern' is supported by the upstream gojsonschema lib and it seems to have been carried forward into the internal opa code.
Anyway, here's a Playground to demonstrate:
https://play.openpolicyagent.org/p/ozUbc415n9
If pattern matching was used, you should see the error in the returned 'msg' document.
Please help. I don't want to do the pattern matching in Rego and want to leave that for the more nuanced policies we have.
Thanks in advance
Beta Was this translation helpful? Give feedback.
All reactions