Skip to content

Include eopa_dl plugin in opa #3792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wisinghe wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Include eopa_dl plugin in opa #3792

wisinghe wants to merge 8 commits into from
+786 −95

Conversation

@wisinghe
Copy link
Collaborator

@wisinghe wisinghe commented Dec 15, 2025

This PR introduces the eopa_dl plugin (documentation) into the open policy agent instance running in skipper filter. eopa_dl plugin allows multiple types of outputs. AWS S3 is one of the allowed output types. If the running skipper instance has an already assumed role with correct permission to a S3 bucket, opa can use the same credentials to upload decision logs to the S3.

The eopa_dl plugin configuration can be either provided by opaconfig.yaml or discovery

Old PR: #3739 (had to close due to messed up git history)

@wisinghe wisinghe added the minor no risk changes, for example new filters label Dec 15, 2025
@wisinghe wisinghe mentioned this pull request Dec 15, 2025
Closed
torwunder
torwunder reviewed Jan 7, 2026
View reviewed changes
@wisinghe wisinghe marked this pull request as ready for review January 7, 2026 17:32
szuecs
szuecs reviewed Jan 7, 2026
View reviewed changes
go.mod Outdated
github.com/aws/aws-sdk-go-v2/config v1.32.6 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.19.6 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.20.17 // indirect
Copy link
Member

@szuecs szuecs Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we merge it we can also add some AWS specific filters, because here we import many cloud provider dependencies.
I wonder how big the binary will be, can you build the binary and share the MB, please ?

Copy link
Collaborator Author

@wisinghe wisinghe Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The binary is actually 156.9MB in this case. While master branch built one is 80.2.

What would be a recommended way to add AWS specific filters?

Copy link
Member

@szuecs szuecs Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, that's huge.
The question is if we want to have build tags in order to reduce the binary size.
It's not really something you should care about, but we should care.

So from my side it's not a blocker, but I may create some build tag to also have a non OPA build for people who care about binary size.

cc @MustafaSaber

@wisinghe wisinghe marked this pull request as draft January 14, 2026 08:55
minor change
c6e2a79 
Signed-off-by: wisinghe <[email protected]>
Merge branch 'master' into eopa_dl
d5d3d85 
# Conflicts:
#	go.mod
#	go.sum
@wisinghe wisinghe marked this pull request as ready for review January 14, 2026 11:09
@szuecs
Copy link
Member

szuecs commented Jan 26, 2026

@wisinghe there is a conflict

@szuecs szuecs mentioned this pull request Jan 27, 2026
Open
wisinghe added 2 commits February 3, 2026 09:44
Merge branch 'master' into eopa_dl
bcac719 
# Conflicts:
#	filters/openpolicyagent/openpolicyagent.go
#	go.mod
#	go.sum
update dependencies
acf152e 
Signed-off-by: wisinghe <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@szuecs szuecs szuecs left review comments

+1 more reviewer

@torwunder torwunder torwunder left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

documentation minor no risk changes, for example new filters

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wisinghe @szuecs @torwunder