Merge branch 'master' into PER-9644-cicd

.github/workflows/on_release.yml

@@ -113,43 +113,26 @@ jobs:
       # pushes the *same* docker images that were previously tested as part of e2e sanity test.
       # each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well.
       - name: Build & Push client
-        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
         id: build_push_client
         uses: docker/build-push-action@v4
         with:
           file: docker/Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: true
+          push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
           target: client
           cache-from: type=registry,ref=permitio/opal-client:latest
           cache-to: type=inline
           tags: |
             permitio/opal-client:latest
             permitio/opal-client:${{ env.opal_version_tag }}
 
-#      - name: Build & Push client cedar
-#        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
-#        id: build_push_client_cedar
-#        uses: docker/build-push-action@v4
-#        with:
-#          file: docker/Dockerfile
-#          platforms: linux/amd64,linux/arm64
-#          push: true
-#          target: client-cedar
-#          cache-from: type=registry,ref=permitio/opal-client-cedar:latest
-#          cache-to: type=inline
-#          tags: |
-#            permitio/opal-client-cedar:latest
-#            permitio/opal-client-cedar:${{ env.opal_version_tag }}
-
       - name: Build client-standalone
-        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
         id: build_push_client_standalone
         uses: docker/build-push-action@v4
         with:
           file: docker/Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: true
+          push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
           target: client-standalone
           cache-from: type=registry,ref=permitio/opal-client-standalone:latest
           cache-to: type=inline
@@ -158,20 +141,33 @@ jobs:
             permitio/opal-client-standalone:${{ env.opal_version_tag }}
 
       - name: Build server
-        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
         id: build_push_server
         uses: docker/build-push-action@v4
         with:
           file: docker/Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: true
+          push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
           target: server
           cache-from: type=registry,ref=permitio/opal-server:latest
           cache-to: type=inline
           tags: |
             permitio/opal-server:latest
             permitio/opal-server:${{ env.opal_version_tag }}
 
+      - name: Build & Push client cedar
+        id: build_push_client_cedar
+        uses: docker/build-push-action@v4
+        with:
+          file: docker/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
+          target: client-cedar
+          cache-from: type=registry,ref=permitio/opal-client-cedar:latest
+          cache-to: type=inline
+          tags: |
+            permitio/opal-client-cedar:latest
+            permitio/opal-client-cedar:${{ env.opal_version_tag }}
+
       - name: Python setup
         if: github.event_name == 'release' && github.event.action == 'created'
         uses: actions/setup-python@v5

docker/Dockerfile

@@ -1,7 +1,7 @@
 # BUILD STAGE ---------------------------------------
 # split this stage to save time and reduce image size
 # ---------------------------------------------------
-FROM python:3.10-bookworm as BuildStage
+FROM python:3.10-bookworm AS build-stage
 # from now on, work in the /app directory
 WORKDIR /app/
 # Layer dependency install (for caching)
@@ -15,19 +15,17 @@ RUN pip install --no-cache-dir --upgrade pip && pip install --no-cache-dir -r ./
 # CEDAR AGENT BUILD STAGE ---------------------------
 # split this stage to save time and reduce image size
 # ---------------------------------------------------
-FROM rust:1.69.0 as cedar-builder
-COPY cedar-agent /tmp/cedar-agent/
-ARG cargo_flags="-r"
-RUN cd /tmp/cedar-agent && \
-	cargo build ${cargo_flags} && \
-	cp /tmp/cedar-agent/target/*/cedar-agent /
+FROM rust:1.79 AS cedar-builder
+COPY ./cedar-agent /tmp/cedar-agent
+WORKDIR /tmp/cedar-agent
+RUN CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse cargo build --release
 
 # COMMON IMAGE --------------------------------------
 # ---------------------------------------------------
-FROM python:3.10-slim-bookworm as common
+FROM python:3.10-slim-bookworm AS common
 
-# copy libraries from build stage (This won't copy redundant libraries we used in BuildStage)
-COPY --from=BuildStage /usr/local /usr/local
+# copy libraries from build stage (This won't copy redundant libraries we used in build-stage)
+COPY --from=build-stage /usr/local /usr/local
 
 # Add non-root user (with home dir at /opal)
 RUN useradd -m -b / -s /bin/bash opal
@@ -61,7 +59,7 @@ CMD ["./start.sh"]
 
 # STANDALONE IMAGE ----------------------------------
 # ---------------------------------------------------
-FROM common as client-standalone
+FROM common AS client-standalone
 # uvicorn config ------------------------------------
 # install the opal-client package
 RUN cd ./packages/opal-client && python setup.py install
@@ -88,7 +86,7 @@ VOLUME /opal/backup
 
 # IMAGE to extract OPA from official image ----------
 # ---------------------------------------------------
-FROM alpine:latest as opa-extractor
+FROM alpine:latest AS opa-extractor
 USER root
 
 RUN apk update && apk add skopeo tar
@@ -106,7 +104,7 @@ RUN skopeo copy "docker://${opa_image}:${opa_tag}" docker-archive:./image.tar &&
 # OPA CLIENT IMAGE ----------------------------------
 # Using standalone image as base --------------------
 # ---------------------------------------------------
-FROM client-standalone as client
+FROM client-standalone AS client
 
 # Temporarily move back to root for additional setup
 USER root
@@ -123,13 +121,13 @@ USER opal
 # CEDAR CLIENT IMAGE --------------------------------
 # Using standalone image as base --------------------
 # ---------------------------------------------------
-FROM client-standalone as client-cedar
+FROM client-standalone AS client-cedar
 
 # Temporarily move back to root for additional setup
 USER root
 
 # Copy cedar from its build stage
-COPY --from=cedar-builder /cedar-agent /bin/cedar-agent
+COPY --from=cedar-builder /tmp/cedar-agent/target/*/cedar-agent /bin/cedar-agent
 
 # enable inline Cedar agent
 ENV OPAL_POLICY_STORE_TYPE=CEDAR
@@ -142,7 +140,7 @@ USER opal
 
 # SERVER IMAGE --------------------------------------
 # ---------------------------------------------------
-FROM common as server
+FROM common AS server
 
 RUN apt-get update && apt-get install -y openssh-client git && apt-get clean
 

packages/opal-client/opal_client/__init__.py

@@ -1 +1 @@
-from .client import OpalClient
+from opal_client.client import OpalClient

packages/opal-client/opal_client/callbacks/reporter.py

@@ -5,7 +5,7 @@
 from opal_client.callbacks.register import CallbackConfig, CallbacksRegister
 from opal_client.data.fetcher import DataFetcher
 from opal_common.fetcher.providers.http_fetch_provider import HttpFetcherConfig
-from opal_common.http import is_http_error_response
+from opal_common.http_utils import is_http_error_response
 from opal_common.logger import logger
 from opal_common.schemas.data import DataUpdateReport
 

packages/opal-client/opal_client/data/updater.py

@@ -26,7 +26,7 @@
 from opal_common.async_utils import TakeANumberQueue, TasksPool, repeated_call
 from opal_common.config import opal_common_config
 from opal_common.fetcher.events import FetcherConfig
-from opal_common.http import is_http_error_response
+from opal_common.http_utils import is_http_error_response
 from opal_common.schemas.data import (
     DataEntryReport,
     DataSourceConfig,

packages/opal-client/opal_client/main.py

@@ -1,4 +1,4 @@
-from .client import OpalClient
+from opal_client.client import OpalClient
 
 client = OpalClient()
 # expose app for Uvicorn

packages/opal-client/opal_client/policy_store/mock_policy_store_client.py

@@ -3,13 +3,15 @@
 from typing import Any, Dict, List, Optional
 
 import jsonpatch
+from opal_client.policy_store.base_policy_store_client import (
+    BasePolicyStoreClient,
+    JsonableValue,
+)
 from opal_client.utils import exclude_none_fields
 from opal_common.schemas.policy import PolicyBundle
 from opal_common.schemas.store import JSONPatchAction, StoreTransaction
 from pydantic import BaseModel
 
-from .base_policy_store_client import BasePolicyStoreClient, JsonableValue
-
 
 class MockPolicyStoreClient(BasePolicyStoreClient):
     """A naive mock policy and policy-data store for tests."""

packages/opal-client/opal_client/policy_store/opa_client.py

@@ -20,7 +20,7 @@
 from opal_client.policy_store.schemas import PolicyStoreAuth
 from opal_client.utils import exclude_none_fields, proxy_response
 from opal_common.engine.parsing import get_rego_package
-from opal_common.git.bundle_utils import BundleUtils
+from opal_common.git_utils.bundle_utils import BundleUtils
 from opal_common.paths import PathUtils
 from opal_common.schemas.policy import DataModule, PolicyBundle, RegoModule
 from opal_common.schemas.store import JSONPatchAction, StoreTransaction, TransactionType

packages/opal-common/opal_common/authentication/casting.py

@@ -5,7 +5,6 @@
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
 from opal_common.authentication.types import EncryptionKeyFormat, PrivateKey, PublicKey
-from opal_common.logging.decorators import log_exception
 
 logger = logging.getLogger("opal.authentication")
 

packages/opal-common/opal_common/cli/typer_app.py

@@ -1,6 +1,5 @@
 import typer
-
-from .commands import all_commands
+from opal_common.cli.commands import all_commands
 
 
 def get_typer_app():

packages/opal-common/opal_common/confi/__init__.py

@@ -1 +1 @@
-from .confi import *
+from opal_common.confi.confi import *

packages/opal-common/opal_common/confi/cli.py

@@ -2,10 +2,9 @@
 
 import click
 import typer
+from opal_common.confi.types import ConfiEntry
 from typer.main import Typer
 
-from .types import ConfiEntry
-
 
 def create_click_cli(confi_entries: Dict[str, ConfiEntry], callback: Callable):
     cli = callback

packages/opal-common/opal_common/confi/confi.py

@@ -15,13 +15,12 @@
 from decouple import Csv, UndefinedValueError, config, text_type, undefined
 from opal_common.authentication.casting import cast_private_key, cast_public_key
 from opal_common.authentication.types import EncryptionKeyFormat, PrivateKey, PublicKey
-from opal_common.logging.decorators import log_exception
+from opal_common.confi.cli import get_cli_object_for_config_objects
+from opal_common.confi.types import ConfiDelay, ConfiEntry, no_cast
+from opal_common.logging_utils.decorators import log_exception
 from pydantic import BaseModel, ValidationError
 from typer import Typer
 
-from .cli import get_cli_object_for_config_objects
-from .types import ConfiDelay, ConfiEntry, no_cast
-
 
 class Placeholder(object):
     """Placeholder instead of default value for decouple."""

packages/opal-common/opal_common/config.py

@@ -2,8 +2,7 @@
 from sys import prefix
 
 from opal_common.authentication.types import EncryptionKeyFormat, JWTAlgorithm
-
-from .confi import Confi, confi
+from opal_common.confi import Confi, confi
 
 _LOG_FORMAT_WITHOUT_PID = "<green>{time}</green> | <blue>{name: <40}</blue>|<level>{level:^6} | {message}</level>\n{exception}"
 _LOG_FORMAT_WITH_PID = "<green>{time}</green> | {process} | <blue>{name: <40}</blue>|<level>{level:^6} | {message}</level>\n{exception}"

packages/opal-common/opal_common/engine/__init__.py

@@ -1,2 +1,2 @@
-from .parsing import get_rego_package
-from .paths import is_data_module, is_policy_module
+from opal_common.engine.parsing import get_rego_package
+from opal_common.engine.paths import is_data_module, is_policy_module

packages/opal-common/opal_common/fetcher/__init__.py

@@ -1,3 +1,3 @@
-from .engine.fetching_engine import FetchingEngine
-from .events import FetcherConfig, FetchEvent
-from .fetcher_register import FetcherRegister
+from opal_common.fetcher.engine.fetching_engine import FetchingEngine
+from opal_common.fetcher.events import FetcherConfig, FetchEvent
+from opal_common.fetcher.fetcher_register import FetcherRegister

packages/opal-common/opal_common/fetcher/engine/base_fetching_engine.py

@@ -1,8 +1,8 @@
 from typing import Coroutine
 
-from ..events import FetcherConfig, FetchEvent
-from ..fetcher_register import FetcherRegister
-from .core_callbacks import OnFetchFailureCallback
+from opal_common.fetcher.engine.core_callbacks import OnFetchFailureCallback
+from opal_common.fetcher.events import FetcherConfig, FetchEvent
+from opal_common.fetcher.fetcher_register import FetcherRegister
 
 
 class BaseFetchingEngine:

packages/opal-common/opal_common/fetcher/engine/core_callbacks.py

@@ -1,4 +1,4 @@
-from ..events import FetchEvent
+from opal_common.fetcher.events import FetchEvent
 
 
 # Callback signatures

packages/opal-common/opal_common/fetcher/engine/fetch_worker.py

@@ -1,10 +1,10 @@
 import asyncio
 from typing import Coroutine
 
-from ..events import FetchEvent
-from ..fetcher_register import FetcherRegister
-from ..logger import get_logger
-from .base_fetching_engine import BaseFetchingEngine
+from opal_common.fetcher.engine.base_fetching_engine import BaseFetchingEngine
+from opal_common.fetcher.events import FetchEvent
+from opal_common.fetcher.fetcher_register import FetcherRegister
+from opal_common.fetcher.logger import get_logger
 
 logger = get_logger("fetch_worker")
 

packages/opal-common/opal_common/fetcher/engine/fetching_engine.py

@@ -2,13 +2,13 @@
 import uuid
 from typing import Coroutine, Dict, List, Union
 
-from ..events import FetcherConfig, FetchEvent
-from ..fetch_provider import BaseFetchProvider
-from ..fetcher_register import FetcherRegister
-from ..logger import get_logger
-from .base_fetching_engine import BaseFetchingEngine
-from .core_callbacks import OnFetchFailureCallback
-from .fetch_worker import fetch_worker
+from opal_common.fetcher.engine.base_fetching_engine import BaseFetchingEngine
+from opal_common.fetcher.engine.core_callbacks import OnFetchFailureCallback
+from opal_common.fetcher.engine.fetch_worker import fetch_worker
+from opal_common.fetcher.events import FetcherConfig, FetchEvent
+from opal_common.fetcher.fetch_provider import BaseFetchProvider
+from opal_common.fetcher.fetcher_register import FetcherRegister
+from opal_common.fetcher.logger import get_logger
 
 logger = get_logger("engine")
 

packages/opal-common/opal_common/fetcher/fetch_provider.py

@@ -1,8 +1,7 @@
+from opal_common.fetcher.events import FetchEvent
+from opal_common.fetcher.logger import get_logger
 from tenacity import retry, stop, wait
 
-from .events import FetchEvent
-from .logger import get_logger
-
 logger = get_logger("opal.providers")
 
 

packages/opal-common/opal_common/fetcher/fetcher_register.py

@@ -1,11 +1,10 @@
 from typing import Dict, Optional, Type
 
+from opal_common.config import opal_common_config
+from opal_common.fetcher.events import FetchEvent
+from opal_common.fetcher.fetch_provider import BaseFetchProvider
 from opal_common.fetcher.logger import get_logger
-
-from ..config import opal_common_config
-from .events import FetchEvent
-from .fetch_provider import BaseFetchProvider
-from .providers.http_fetch_provider import HttpFetchProvider
+from opal_common.fetcher.providers.http_fetch_provider import HttpFetchProvider
 
 logger = get_logger("opal.fetcher_register")
 
@@ -30,7 +29,7 @@ def __init__(self, config: Optional[Dict[str, BaseFetchProvider]] = None) -> Non
         if config is not None:
             self._config = config
         else:
-            from ..emport import emport_objects_by_class
+            from opal_common.emport import emport_objects_by_class
 
             # load fetchers
             fetchers = []

packages/opal-common/opal_common/fetcher/providers/__init__.py

@@ -1,3 +1,3 @@
-from ...emport import dynamic_all
+from opal_common.emport import dynamic_all
 
 __all__ = dynamic_all(__file__)