[confcom] Remove the dependency on OPA#9464
Conversation
️✔️Azure CLI Extensions Breaking Change Test
|
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
|
There was a problem hiding this comment.
Pull request overview
This pull request removes the dependency on the OPA (Open Policy Agent) binary by rewriting the policy_deserialize() function to directly parse Rego policy files using Python's standard library instead of invoking the external OPA binary. This simplification reduces external dependencies and improves the package installation process.
- Implemented custom Rego policy parser in
policy_deserialize()using regex and JSON parsing - Removed
azext_confcom/lib/opa.pyand all OPA-related code - Bumped extension version from 1.4.4 to 1.4.5
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/confcom/setup.py | Removed OPA import and download call; bumped version to 1.4.5 |
| src/confcom/azext_confcom/lib/serialization.py | Replaced OPA-based parsing with custom line-by-line parser using regex and bracket/brace counting |
| src/confcom/azext_confcom/lib/opa.py | Deleted entire file containing OPA binary download and execution logic |
| src/confcom/HISTORY.rst | Added version 1.4.5 entry documenting OPA dependency removal |
| for char in line: | ||
| if char in ['{', '[', '(']: | ||
| delta += 1 | ||
| elif char in ['}', ']', ')']: | ||
| delta -= 1 |
There was a problem hiding this comment.
The _brace_delta function counts all braces, brackets, and parentheses in the line, including those inside JSON string literals. This will cause incorrect depth tracking when string values contain these characters.
For example, if a JSON field contains "pattern": "prefix(tail", the opening parenthesis would incorrectly increment the depth counter, causing the parser to continue reading lines even after the JSON structure is complete, potentially including unrelated lines in the expression.
To fix this, track whether you're currently inside a quoted string and skip delimiter counting while inside strings. Consider using a state machine or a more robust JSON-aware parser for multi-line expressions. Example approach:
def _brace_delta(line: str) -> int:
delta = 0
in_string = False
escape_next = False
for char in line:
if escape_next:
escape_next = False
continue
if char == '\\':
escape_next = True
continue
if char == '"':
in_string = not in_string
continue
if not in_string:
if char in ['{', '[', '(']:
delta += 1
elif char in ['}', ']', ')']:
delta -= 1
return delta| for char in line: | |
| if char in ['{', '[', '(']: | |
| delta += 1 | |
| elif char in ['}', ']', ')']: | |
| delta -= 1 | |
| in_string = False | |
| escape_next = False | |
| for char in line: | |
| if escape_next: | |
| escape_next = False | |
| continue | |
| if char == '\\': | |
| escape_next = True | |
| continue | |
| if char == '"': | |
| in_string = not in_string | |
| continue | |
| if not in_string: | |
| if char in ['{', '[', '(']: | |
| delta += 1 | |
| elif char in ['}', ']', ')']: | |
| delta -= 1 |
|
[Release] Update index.json for extension [ confcom ] : https://dev.azure.com/msazure/One/_build/results?buildId=146293397&view=results |
* Remove the depedency on OPA * Bump version * Organise imports
Why
We currently have code which uses the OPA binary to parse policy, this is much more than we strictly need to parse simple rego policies. Fewer dependencies is always better
How
policy_deserialize()to directly parse policiesThis checklist is used to make sure that common guidelines for a pull request are followed.
Related command
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)