OPA conflicting policy - open-policy-agent

I have written a sample rego code
default allow = false
allow {
some username
input.method = "GET"
input.path =["example", username]
input.user = username
}
allow {
some username
input.method = "GET"
input.path = ["example", username]
input.user != username
}
When I try to validate the policy using http://localhost:8181/v1/data/http/authz/allow API with Parameters
{
"input": {
"method": "GET",
"path": ["example", "sara"],
"user": "sara"
}
}
and
{
"input": {
"method": "GET",
"path": ["example", "sara"],
"user": "notsara"
}
}
I get the response : {"decision_id":"xxxxx","result":true}
Is this the expected result? Shouldn't there be an error if conflicting policies exist?

When you have multiple definitions for a rule, you are expressing a logical OR. As such, they are not conflicting; they are both evaluated, and if any of the rules matches, your result is positive.
A rule conflict happens when you try defining the same rule as a partial rule and as a complete rule:
allow {
some username
input.user = username
}
allow[id] {
some username
input.user != username
}
1 error occurred: module.rego:3: rego_type_error: conflicting rules named allow found
(the example wasn't very nice and doesn't really make sense, but I guess it works as an example)

Related

Firebase realtime DB rule based on data.child do not work

I like to retrieve the list of items only the ones its delete flag is false. but this setting does not work.
{
"rules": {
"items": {
".read": "data.child('isDelete').val() == false",
"$uid": {
".write": "auth != null && !data.exists()"
}
}
}
}
Here's a result from Rules playground request I tried.
Request details
{
"auth": null,
"resource": {
"key": "value"
},
"path": "/items",
"method": "get",
"time": "2022-07-07T09:24:31.042Z"
}
Result details
Line 4 (/items)
read: "data.child('isDelete').val() == false"
The data structure
items
- 1xxxxxxxxxx
title:"title text 1"
createdAt:"2022-06-05T04:21:57.322Z"
isDelete:false
- 2xxxxxxxxxxxxx
title:"title text 2"
createdAt:"2022-06-05T04:21:50.322Z"
isDelete:true
What is wrong?
I think you may be missing that rules are not filters on their own. All the rules do is check for any incoming operation whether it is allowed, and in your try from the playground you are trying to read all of /items, rather than just the items with isDelete set to false, to that isn't allowed.
There is no way to perform the necessary query from the playground, but in code you can get the items with this query:
ref.orderByChild("isDelete").equalTo(false)
Now the operation matches the condition in your rules, and is only trying to read data that it is allowed to, so the rules will allow the operation.
Update: I forgot that query-based rules in the Realtime Database actually require that you write the rule as this:
{
"rules": {
"items": {
".read": "query.orderByChild === 'isDelete' && query.equalTo === false",
...
Now the query only tries to retrieve non-deleted data, and the security rules correctly validate this.

Google Slides API reports Invalid requests[0].updateTableCellProperties: Invalid field: table_cell_properties

Trying to troubleshoot an error message my app gets after sending a batchUpdate request to Google Slides API
Invalid requests[19].updateTableCellProperties: Invalid field: table_cell_properties
The 19th request in the batch is the only updateTableCellProperties request I have. If I removing the 19th request from the batch, everything works fine.
Other requests which I run in this batchUpdate with no issues are are insertTableRows, deleteTableRow, insertText, updateParagraphStyle, updateTextStyle, updateTableColumnProperties. They all work on the same table, so I use the same objectId, but depending on the request I have to specify it as tableObjectId instead of objectId.
Unsure if I am generating a wrong request for the only updateTableCellProperties request I have, or if there is a problem in the Google Slides ruby gem itself, I tried sending just this updateTableCellProperties request from the Google Slides API explorer which has some validation on the request structure. So I sent this updateTableCellProperties batchUpdate request
{
"requests": [
{
"updateTableCellProperties": {
"objectId": "gf9d8fea71f_22_1",
"tableRange": {
"location": {
"columnIndex": 0,
"rowIndex": 1
}
},
"fields": "tableCellProperties",
"tableCellProperties": {
"tableCellBackgroundFill": {
"solidFill": {
"color": {
"themeColor": "LIGHT1"
}
}
}
}
}
}
]
}
And I got this error:
{
"error": {
"code": 400,
"message": "Invalid requests[0].updateTableCellProperties: Invalid field: table_cell_properties",
"status": "INVALID_ARGUMENT"
}
}
Why is this updateTableCellProperties request reported as invalid? I am also confused by the output of the error message as it mentions table_cell_properties in snake case, while the documentation only mentions tableCellProperties in camel case, and my request also only mentions tableCellProperties in camel case. I am only aware of the ruby gems translating between snake case and camel case, but this is not relevant to the API Explorer.
The error Invalid field: table_cell_properties originates from the erroneously specified fields property
See documentation:
fields
At least one field must be specified. The root tableCellProperties is implied and should not be specified. A single "*" can be used as short-hand for listing every field.
So you need to modify fields
from
"fields": "tableCellProperties"
to
"fields": "tableCellBackgroundFill.solidFill.color"
or to
"fields": "*"
There is a second problem with your request:
When specifying the table range, it is required to set the properties rowSpan and columnSpan.
A complete, correct request would be:
{
"requests": [
{
"updateTableCellProperties": {
"objectId": "gf9d8fea71f_22_1",
"tableRange": {
"location": {
"columnIndex": 0,
"rowIndex": 1
},
"rowSpan": 1,
"columnSpan": 1
},
"fields": "tableCellBackgroundFill.solidFill.color",
"tableCellProperties": {
"tableCellBackgroundFill": {
"solidFill": {
"color": {
"themeColor": "LIGHT1"
}
}
}
}
}
}
]
}

Wiremock disable response when matching fails

I am using Wiremock Standalone 2.21 and am using query parameters matching at requests. I want Wiremock to not to respond (or maybe customize the response if possible) when the matching fails. Is this possible? Thanks!
This can be achieved using Stub Priority in WireMock.
In the below example there are two rules. One Specific and one Generic Catch All. Both rules will match your input, but through setting the right priority you can make sure the application follows your desired sequence of matching. In this case if the URL is /api/specific-resource then the first rule will map. If the url is /api/some-other then the second rule will apply.
the Specific Rule:
{
"priority": 1,
"request": {
"method": "GET",
"url": "/api/specific-resource"
},
"response": {
"status": 200
}
}
The Generic Rule:
{
"priority": 10,
"request": {
"method": "GET",
"urlPattern": "/api/*"
},
"response": {
"status": 200
}
}

How to get a sub-field of a struct type map, in the search response of YQL query in Vespa?

Sample Data:
"fields": {
"key1":0,
"key2":"no",
"Lang": {
"en": {
"firstName": "Vikrant",
"lastName":"Thakur"
},
"ch": {
"firstName": "维克兰特",
"lastName":"塔库尔"
}
}
}
Expected Response:
"fields": {
"Lang": {
"en": {
"firstName": "Vikrant",
"lastName":"Thakur"
}
}
}
I have added the following in my search-definition demo.sd:
struct lang {
field firstName type string {}
field lastName type string {}
}
field Lang type map <string, lang> {
indexing: summary
struct-field key {
indexing: summary | index | attribute
}
}
I want to write a yql query something like this (This doesn't work):
http://localhost:8080/search/?yql=select Lang.en from sources demo where key2 contains 'no';
My temporary workaround approach
I have implemented a custom searcher in MySearcher.java, through which I am able to extract the required sub-field and set a new field 'defaultLang', and remove the 'Lang' field. The response generated by the searcher:
"fields": {
"defaultLang": {
"firstName": "Vikrant",
"lastName":"Thakur"
}
}
I have written the following in MySearcher.java:
for (Hit hit: result.hits()) {
String language = "en"; //temporarily hard-coded
StructuredData Lang = (StructuredData) hit.getField("Lang");
Inspector o = Lang.inspect();
for (int j=0;j<o.entryCount();j++){
if (o.entry(j).field("key").asString("").equals(language)){
SlimeAdapter value = (SlimeAdapter) o.entry(j).field("value");
hit.setField("defaultLang",value);
break;
}
}
hit.removeField("Lang");
}
Edit-1: A more efficient way instead is to make use of the Inspectable interface and Inspector, like above (Thanks to #Jo Kristian Bergum)
But, in the above code, I am having to loop through all the languages to filter out the required one. I want to avoid this O(n) time-complexity and make use of the map structure to access it in O(1). (Because the languages may increase to 1000, and this would be done for each hit.)
All this is due to the StructuredData data type I am getting in the results. StructureData doesn't keep the Map Structure and rather gives an array of JSON like:
[{
"key": "en",
"value": {
"firstName": "Vikrant",
"lastName": "Thakur"
}
}, {
"key": "ch",
"value": {
"firstName": "维克兰特",
"lastName": "塔库尔"
}
}]
Please, suggest a better approach altogether, or any help with my current one. Both are appreciated.
The YQL sample query I guess is to illustrate what you want as that syntax is not valid. Picking a given key from the field Lang of type map can be done as you do in your searcher but deserializing into JSON and parsing the JSON is probably inefficient as StructuredData implements the Inspectable interface and you can inspect it directly without the need to go through JSON format. See https://docs.vespa.ai/documentation/reference/inspecting-structured-data.html

What am I doing wrong in this QBO v3 Reports API query?

When I use the following query, I get a good response (with only the first 5 days of May, so apparently the default is not 'This Fiscal Year-to-date' as the documentation suggests, but I digress):
https://quickbooks.api.intuit.com/v3/company/0123456789/reports/CustomerSales
When I add parameters, I get an oauth exception. For example:
https://quickbooks.api.intuit.com/v3/company/0123456789/reports/CustomerSales?start_date='2013-01-01'&end_date='2014-05-06'
Gives me this:
{
"Fault": {
"type": "AUTHENTICATION",
"Error": [
{
"Message": "message=Exception authenticating OAuth; errorCode=003200; statusCode=401",
"code": "3200"
}
]
},
"requestId": "[redacted]",
"time": "[redacted]"
}
This gives me the same result:
https://quickbooks.api.intuit.com/v3/company/0123456789/reports/CustomerSales?date_macro='This Fiscal Year'
So does this:
https://quickbooks.api.intuit.com/v3/company/148305798/reports/CustomerSales?accounting_method='Accrual'
I figure I'm missing something small. I'm not changing any of the headers or any of the other request details...just the url.
I tried without the single quotes around the dates and other params too.
What am I breaking?
Are you including the data to the right of the ? in the URL in the "base" string and are you sorting it with the other parameters?
I've tried this report using java devkit.
It worked fine for me. PFB details.
Request URI - https://quickbooks.api.intuit.com/v3/company/1092175540/reports/CustomerSales?accounting_method=Accrual&start_date=2014-01-01&requestid=61234ddb7e14ce2a5fe4e2f0318b31c&minorversion=1&
My test company file is empty.. That's why got the following JSON response.
{
"Header":{
"Time":"2014-05-06T20:42:08.783-07:00",
"ReportName":"CustomerSales",
"ReportBasis":"Accrual",
"StartPeriod":"2014-05-01",
"EndPeriod":"2014-05-06",
"SummarizeColumnsBy":"Total",
"Currency":"USD"
},
"Columns":{
"Column":[
{
"ColTitle":"",
"ColType":"Customer"
}
]
},
"Rows":{
"Row":[
{
"ColData":[
{
"value":"TOTAL"
}
],
"group":"GrandTotal"
}
]
}
}
JAVA code
void testCustomerSalesReport(Context context) {
Config.setProperty(Config.SERIALIZATION_RESPONSE_FORMAT, "json");
ReportService service = new ReportService(context);
service.setStart_date("2014-01-01");
service.setAccounting_method("Accrual");
Report report = null;
try {
report = service.executeReport(ReportName.CUSTOMERSALES.toString());
} catch (FMSException e) {
e.printStackTrace();
}
}
API Doc Ref - https://developer.intuit.com/docs/0025_quickbooksapi/0050_data_services/reports/customersales
Hope it will be useful.
Thanks

Resources