Giters

permitio / opal

Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)

Home Page:https://opal.ac

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Cannot configure opal-client from /opal/.env correctly

WellyHong opened this issue · comments

commented

Describe the bug

upgrade from opal-client-standalone:0.1.21 to 0.7.0, the .env file cannot be loaded correctly.
With 0.1.21, I mount /opal volume and put .env under it,
but 0.7.0 does not work normally.
I searched the document and found this topic, it doesn't instruct the .env path.

To Reproduce

  1. run opal-client-standalone image
  2. mount /opal volume
  3. pass .env to /opal
    • .env includes OPAL_CLIENT_TOKEN, OPAL_DATA_TOPICS
  4. it logs fastapi_websocket_pubsub.pub_sub_client | ERROR | Connection failed with an invalid status code - 403 -- Won't try to reconnect.

Please also include:

[1] [INFO] Starting gunicorn 20.1.0
[1] [INFO] Listening at: http://0.0.0.0:7000 (1)
[1] [INFO] Using worker: uvicorn.workers.UvicornWorker
[8] [INFO] Booting worker with pid: 8
opal_client.policy_store.opa_client     | INFO  | Authentication mode for policy store: PolicyStoreAuth.NONE
opal_common.fetcher.fetcher_register    | INFO  | Loading FetcherProvider 'FastApiRpcFetchProvider' found at: <class 'opal_common.fetcher.providers.fastapi_rpc_fetch_provider.FastApiRpcFetchProvider'>
opal_common.fetcher.fetcher_register    | INFO  | Loading FetcherProvider 'HttpFetchProvider' found at: <class 'opal_common.fetcher.providers.http_fetch_provider.HttpFetchProvider'>
opal_common.fetcher.fetcher_register    | INFO  | Fetcher Register loaded
opal_client.callbacks.register          | INFO  | Callbacks register loaded
... omit ...
fastapi_websocket_pubsub.pub_sub_client | INFO  | Trying to connect to Pub/Sub server - ws://opal-server-sandbox.opal-test.svc.cluster.local/ws
fastapi_websocket_rpc.websocket_rpc_c...| INFO  | Trying server - ws://opal-server-sandbox.opal-test.svc.cluster.local/ws
fastapi_websocket_rpc.websocket_rpc_c...| INFO  | RPC Websocket failed - with invalid status code 403
fastapi_websocket_pubsub.pub_sub_client | ERROR  | Connection failed with an invalid status code - 403 -- Won't try to reconnect.
Traceback (most recent call last):
... omit ...
websockets.exceptions.InvalidStatusCode: server rejected WebSocket connection: HTTP 403
fastapi_websocket_rpc.websocket_rpc_c...| INFO  | RPC Websocket failed - with invalid status code 403
fastapi_websocket_pubsub.pub_sub_client | ERROR  | Connection failed with an invalid status code - 403 -- Won't try to reconnect.
Traceback (most recent call last):

Expected behavior

opal-client connect to opal-server normally

OPAL version

  • opal-client-standalone 0.7.0