I have a question about data importing and the execution of built-in opa function when using conftest. In the below code sample I have two modules abc and main. I've conveniently left out some of the set up for abc all that matters is that it's a working https call.
Working from the repl my code executes exactly as I intended, fetch data on the fly i.e. available and check if stuff is in that list. opa run -b . then hitting data.abc executes the https call i.e. I can see packets leave my interface and a response body containing the list I need is pulled in. I then get the expected result from deny. The same thing happens when running opa test . -v.
However running conftest verify -p . or conftest test abc/main.json -p . never executes http.send i.e. packets never leave my interface for the expected host.
I could use a static list rather than using the https call but I don't control when the list is updated. Is this expected/intended limitation of conftest? Can I execute these functions to build my data document and am I importing it correctly?
package abc
available = http.send(
{
"method": "get",
"url": request.url,
"headers": headers
}
)
package main
import data.abc.available
deny[msg] {
stuff := input.stuff
not available.body[stuff]
msg := sprintf("%v is not available", [stuff])
}
I feex. https://gist.github.com/b0bu/67d60fc0dbc5a9ae36406188117dfb36
The issue was import data.token as auth
auth was undefined, by extension subscirptionid was never populated. This was working in opa run -b . because of a slight difference in how the data document is structured. data.token.stuff was a thing which translated to data.stuff in conftest.