[Question] Failed to load bundle from disk: verification key not provided #2824
Labels
investigating
Issues being actively investigated
Comments
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Oct 28, 2020
Earlier when loading bundles from disk, we weren't providing the bundle verification config that would be needed to read a signed bundle that may have been persisted to disk in the past. This changes adds support for loading signed bundles from disk by providing the bundle verification config (if any) to the bundle reader. Fixes: open-policy-agent#2824 Signed-off-by: Ashutosh Narkar <[email protected]>
ashutosh-narkar
added a commit
that referenced
this issue
Oct 28, 2020
Earlier when loading bundles from disk, we weren't providing the bundle verification config that would be needed to read a signed bundle that may have been persisted to disk in the past. This changes adds support for loading signed bundles from disk by providing the bundle verification config (if any) to the bundle reader. Fixes: #2824 Signed-off-by: Ashutosh Narkar <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When opa client loads bundle from bundle server for the first time, there is no problem. In the second boot, when reading from the disk, an error was reported
Expected Behavior
Load bundle from disk successfully
Actual Behavior
First startup
➜ Opa-binary ./opa run -s -c config.yml{"addrs":[":8181"],"diagnostic-addrs":[],"insecure_addr":"","level":"info","msg":"Initializing server.","time":"2020-10-27T15:35:21+08:00"} {"level":"info","msg":"Starting bundle downloader.","name":"authz","plugin":"bundle","time":"2020-10-27T15:35:21+08:00"} {"level":"info","msg":"Bundle downloaded and activated successfully. Etag updated to f1d76bb13c76f117aa9da5523d09766b.","name":"authz","plugin":"bundle","time":"2020-10-27T15:35:21+08:00"}Second startup
➜ Opa-binary ./opa run -s -c config.yml{"addrs":[":8181"],"diagnostic-addrs":[],"insecure_addr":"","level":"info","msg":"Initializing server.","time":"2020-10-27T15:36:35+08:00"}{"level":"error","msg":"Failed to load bundle from disk: verification key not provided","name":"authz","plugin":"bundle","time":"2020-10-27T15:36:35+08:00"}{"err":"verification key not provided","level":"error","msg":"Failed to start plugins.","time":"2020-10-27T15:36:35+08:00"}But when I run this commad
./opa run -s --verification-key "my-signing-hash-key" --signing-alg HS256 --bundle .opa/bundles/authz/bundle.tar.gz, it can load bundle well. It may not be able to use the key when loading the configuration fileSteps to Reproduce the Problem
This is my config.yml file
The text was updated successfully, but these errors were encountered: