From 208253b3096fcc53ee2b0c9b94cc5ceee3e451de Mon Sep 17 00:00:00 2001
From: roekatz <roe@roekatz.com>
Date: Wed, 10 Jul 2024 19:45:41 +0300
Subject: [PATCH 1/3] Fix opal-server addr to opal-server rather than
 host.docker.internal

---
 docker/docker-compose-api-policy-source-example.yml | 2 +-
 docker/docker-compose-with-callbacks.yml            | 2 +-
 docker/docker-compose-with-kafka-example.yml        | 2 +-
 docker/docker-compose-with-rate-limiting.yml        | 2 +-
 docker/docker-compose-with-security.yml             | 2 +-
 docker/docker-compose-with-statistics.yml           | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docker/docker-compose-api-policy-source-example.yml b/docker/docker-compose-api-policy-source-example.yml
index 466689a5a..a91997e4e 100644
--- a/docker/docker-compose-api-policy-source-example.yml
+++ b/docker/docker-compose-api-policy-source-example.yml
@@ -37,7 +37,7 @@ services:
       # configures from where the opal client should initially fetch data (when it first goes up, after disconnection, etc).
       # the data sources represents from where the opal clients should get a "complete picture" of the data they need.
       # after the initial sources are fetched, the client will subscribe only to update notifications sent by the server.
-      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://host.docker.internal:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
+      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://opal-server:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
       - OPAL_LOG_FORMAT_INCLUDE_PID=true
     ports:
       # exposes opal server on the host machine, you can access the server at: http://localhost:7002
diff --git a/docker/docker-compose-with-callbacks.yml b/docker/docker-compose-with-callbacks.yml
index 7ce3eacce..b47e39bcb 100644
--- a/docker/docker-compose-with-callbacks.yml
+++ b/docker/docker-compose-with-callbacks.yml
@@ -32,7 +32,7 @@ services:
       # configures from where the opal client should initially fetch data (when it first goes up, after disconnection, etc).
       # the data sources represents from where the opal clients should get a "complete picture" of the data they need.
       # after the initial sources are fetched, the client will subscribe only to update notifications sent by the server.
-      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://host.docker.internal:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
+      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://opal_server:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
       - OPAL_LOG_FORMAT_INCLUDE_PID=true
     ports:
       # exposes opal server on the host machine, you can access the server at: http://localhost:7002
diff --git a/docker/docker-compose-with-kafka-example.yml b/docker/docker-compose-with-kafka-example.yml
index 99b4129c7..ec4f113e2 100644
--- a/docker/docker-compose-with-kafka-example.yml
+++ b/docker/docker-compose-with-kafka-example.yml
@@ -70,7 +70,7 @@ services:
       # configures from where the opal client should initially fetch data (when it first goes up, after disconnection, etc).
       # the data sources represents from where the opal clients should get a "complete picture" of the data they need.
       # after the initial sources are fetched, the client will subscribe only to update notifications sent by the server.
-      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://host.docker.internal:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
+      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://opal-server:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
       - OPAL_LOG_FORMAT_INCLUDE_PID=true
     ports:
       # exposes opal server on the host machine, you can access the server at: http://localhost:7002
diff --git a/docker/docker-compose-with-rate-limiting.yml b/docker/docker-compose-with-rate-limiting.yml
index a0fd3bbcc..b5fb169b4 100644
--- a/docker/docker-compose-with-rate-limiting.yml
+++ b/docker/docker-compose-with-rate-limiting.yml
@@ -31,7 +31,7 @@ services:
       # configures from where the opal client should initially fetch data (when it first goes up, after disconnection, etc).
       # the data sources represents from where the opal clients should get a "complete picture" of the data they need.
       # after the initial sources are fetched, the client will subscribe only to update notifications sent by the server.
-      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://host.docker.internal:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
+      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://opal-server:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
       - OPAL_LOG_FORMAT_INCLUDE_PID=true
       # Turns on rate limiting in the server
       # supported formats documented here: https://limits.readthedocs.io/en/stable/quickstart.html#rate-limit-string-notation
diff --git a/docker/docker-compose-with-security.yml b/docker/docker-compose-with-security.yml
index 8a80ad2a6..ad3ae6186 100644
--- a/docker/docker-compose-with-security.yml
+++ b/docker/docker-compose-with-security.yml
@@ -46,7 +46,7 @@ services:
       # after the initial sources are fetched, the client will subscribe only to update notifications sent by the server.
       # please notice - since we fetch data entries from the OPAL server itself, we need to authenticate to that endpoint
       # with the client's token (JWT).
-      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://host.docker.internal:7002/policy-data","config":{"headers":{"Authorization":"Bearer ${OPAL_CLIENT_TOKEN}"}},"topics":["policy_data"],"dst_path":"/static"}]}}
+      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://opal-server:7002/policy-data","config":{"headers":{"Authorization":"Bearer ${OPAL_CLIENT_TOKEN}"}},"topics":["policy_data"],"dst_path":"/static"}]}}
       - OPAL_LOG_FORMAT_INCLUDE_PID=true
       # --------------------------------------------------------------------------------
       # the jwt audience and jwt issuer are not typically necessary in real setups
diff --git a/docker/docker-compose-with-statistics.yml b/docker/docker-compose-with-statistics.yml
index 0c15d5a95..daf10fa02 100644
--- a/docker/docker-compose-with-statistics.yml
+++ b/docker/docker-compose-with-statistics.yml
@@ -32,7 +32,7 @@ services:
       # configures from where the opal client should initially fetch data (when it first goes up, after disconnection, etc).
       # the data sources represents from where the opal clients should get a "complete picture" of the data they need.
       # after the initial sources are fetched, the client will subscribe only to update notifications sent by the server.
-      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://host.docker.internal:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
+      - OPAL_DATA_CONFIG_SOURCES={"config":{"entries":[{"url":"http://opal-server:7002/policy-data","topics":["policy_data"],"dst_path":"/static"}]}}
       - OPAL_LOG_FORMAT_INCLUDE_PID=true
       # turning on statistics collection on the server side
       - OPAL_STATISTICS_ENABLED=true

From ba89632f9ab6a6079dfada51c7eebeecc8973544 Mon Sep 17 00:00:00 2001
From: roekatz <roe@roekatz.com>
Date: Thu, 18 Jul 2024 12:41:47 +0300
Subject: [PATCH 2/3] CI test-docker: Also make sure opal-client fetched data
 sources

---
 .github/workflows/tests.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 610cdd05d..d708b16e0 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -105,7 +105,8 @@ jobs:
       - name: Output container logs
         run: docker-compose -f docker/docker-compose-test.yml logs
 
-      - name: check if opal-client was brought up
+      - name: check if opal-client was brought up successfully
         run: |
           docker-compose -f docker/docker-compose-test.yml logs opal_client | grep "Connected to PubSub server"
           docker-compose -f docker/docker-compose-test.yml logs opal_client | grep "Got policy bundle"
+          docker-compose -f docker/docker-compose-test.yml logs opal_client | grep 'PUT /v1/data/static -> 204'

From 8c30c89b90171274f855f639e3667466cd6794ed Mon Sep 17 00:00:00 2001
From: roekatz <roe@roekatz.com>
Date: Thu, 18 Jul 2024 12:44:52 +0300
Subject: [PATCH 3/3] Docker-compose: Remove obsolete `version` field

---
 docker/docker-compose-api-policy-source-example.yml              | 1 -
 docker/docker-compose-example-cedar.yml                          | 1 -
 docker/docker-compose-example.yml                                | 1 -
 docker/docker-compose-git-webhook.yml                            | 1 -
 docker/docker-compose-scopes-example.yml                         | 1 -
 docker/docker-compose-with-callbacks.yml                         | 1 -
 docker/docker-compose-with-kafka-example.yml                     | 1 -
 docker/docker-compose-with-oauth-initial.yml                     | 1 -
 docker/docker-compose-with-rate-limiting.yml                     | 1 -
 docker/docker-compose-with-security.yml                          | 1 -
 docker/docker-compose-with-statistics.yml                        | 1 -
 .../quickstart/docker-compose-config/overview.mdx                | 1 -
 .../quickstart/opal-playground/updating-the-policy.mdx           | 1 -
 13 files changed, 13 deletions(-)

diff --git a/docker/docker-compose-api-policy-source-example.yml b/docker/docker-compose-api-policy-source-example.yml
index a91997e4e..219381598 100644
--- a/docker/docker-compose-api-policy-source-example.yml
+++ b/docker/docker-compose-api-policy-source-example.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   # When scaling the opal-server to multiple nodes and/or multiple workers, we use
   # a *broadcast* channel to sync between all the instances of opal-server.
diff --git a/docker/docker-compose-example-cedar.yml b/docker/docker-compose-example-cedar.yml
index a3170e575..38e5509a6 100644
--- a/docker/docker-compose-example-cedar.yml
+++ b/docker/docker-compose-example-cedar.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   # When scaling the opal-server to multiple nodes and/or multiple workers, we use
   # a *broadcast* channel to sync between all the instances of opal-server.
diff --git a/docker/docker-compose-example.yml b/docker/docker-compose-example.yml
index 13855734b..36c52db58 100644
--- a/docker/docker-compose-example.yml
+++ b/docker/docker-compose-example.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   # When scaling the opal-server to multiple nodes and/or multiple workers, we use
   # a *broadcast* channel to sync between all the instances of opal-server.
diff --git a/docker/docker-compose-git-webhook.yml b/docker/docker-compose-git-webhook.yml
index c5a394270..388ced755 100644
--- a/docker/docker-compose-git-webhook.yml
+++ b/docker/docker-compose-git-webhook.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   # When scaling the opal-server to multiple nodes and/or multiple workers, we use
   # a *broadcast* channel to sync between all the instances of opal-server.
diff --git a/docker/docker-compose-scopes-example.yml b/docker/docker-compose-scopes-example.yml
index 789ebea5a..9a3c1f162 100644
--- a/docker/docker-compose-scopes-example.yml
+++ b/docker/docker-compose-scopes-example.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   redis:
     image: redis
diff --git a/docker/docker-compose-with-callbacks.yml b/docker/docker-compose-with-callbacks.yml
index b47e39bcb..ca75903e6 100644
--- a/docker/docker-compose-with-callbacks.yml
+++ b/docker/docker-compose-with-callbacks.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   # When scaling the opal-server to multiple nodes and/or multiple workers, we use
   # a *broadcast* channel to sync between all the instances of opal-server.
diff --git a/docker/docker-compose-with-kafka-example.yml b/docker/docker-compose-with-kafka-example.yml
index ec4f113e2..1289e0592 100644
--- a/docker/docker-compose-with-kafka-example.yml
+++ b/docker/docker-compose-with-kafka-example.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 
 services:
   # Based on: https://developer.confluent.io/quickstart/kafka-docker/
diff --git a/docker/docker-compose-with-oauth-initial.yml b/docker/docker-compose-with-oauth-initial.yml
index 98b647e88..6a121e719 100644
--- a/docker/docker-compose-with-oauth-initial.yml
+++ b/docker/docker-compose-with-oauth-initial.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   # When scaling the opal-server to multiple nodes and/or multiple workers, we use
   # a *broadcast* channel to sync between all the instances of opal-server.
diff --git a/docker/docker-compose-with-rate-limiting.yml b/docker/docker-compose-with-rate-limiting.yml
index b5fb169b4..6f10caf5e 100644
--- a/docker/docker-compose-with-rate-limiting.yml
+++ b/docker/docker-compose-with-rate-limiting.yml
@@ -1,5 +1,4 @@
 # This docker compose example shows how to configure OPAL's rate limiting feature
-version: "3.8"
 services:
   # When scaling the opal-server to multiple nodes and/or multiple workers, we use
   # a *broadcast* channel to sync between all the instances of opal-server.
diff --git a/docker/docker-compose-with-security.yml b/docker/docker-compose-with-security.yml
index ad3ae6186..2c27a711f 100644
--- a/docker/docker-compose-with-security.yml
+++ b/docker/docker-compose-with-security.yml
@@ -1,6 +1,5 @@
 # this docker compose file is relying on external environment variables!
 # run it by running the script: ./run-example-with-security.sh
-version: "3.8"
 services:
   # When scaling the opal-server to multiple nodes and/or multiple workers, we use
   # a *broadcast* channel to sync between all the instances of opal-server.
diff --git a/docker/docker-compose-with-statistics.yml b/docker/docker-compose-with-statistics.yml
index daf10fa02..eb26daef4 100644
--- a/docker/docker-compose-with-statistics.yml
+++ b/docker/docker-compose-with-statistics.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   # When scaling the opal-server to multiple nodes and/or multiple workers, we use
   # a *broadcast* channel to sync between all the instances of opal-server.
diff --git a/documentation/docs/getting-started/quickstart/docker-compose-config/overview.mdx b/documentation/docs/getting-started/quickstart/docker-compose-config/overview.mdx
index 1d11235e3..f404a6c3b 100644
--- a/documentation/docs/getting-started/quickstart/docker-compose-config/overview.mdx
+++ b/documentation/docs/getting-started/quickstart/docker-compose-config/overview.mdx
@@ -11,7 +11,6 @@ This example is running three containers that we have mentioned at the beginning
 Here is an overview of the whole `docker-compose.yml` file, but don't worry, we will be referring to each section separately.
 
 ```yml showLineNumbers
-version: "3.8"
 services:
   broadcast_channel:
     image: postgres:alpine
diff --git a/documentation/docs/getting-started/quickstart/opal-playground/updating-the-policy.mdx b/documentation/docs/getting-started/quickstart/opal-playground/updating-the-policy.mdx
index f0c632f58..24e9a3461 100644
--- a/documentation/docs/getting-started/quickstart/opal-playground/updating-the-policy.mdx
+++ b/documentation/docs/getting-started/quickstart/opal-playground/updating-the-policy.mdx
@@ -35,7 +35,6 @@ opal_server:
 You can also simply change the tracked repo in the example `docker-compose.yml` file by editing these variables:
 
 ```yml {7,9,11} showLineNumbers
-version: "3.8"
 services:
   ...
   opal_server: