Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct time comparison in Envoy Authorization tutorial doc #2395

Closed
pvsone opened this issue May 11, 2020 · 2 comments · Fixed by #2397
Closed

Correct time comparison in Envoy Authorization tutorial doc #2395

pvsone opened this issue May 11, 2020 · 2 comments · Fixed by #2397
Assignees
@princespaghetti
Labels
bug docs good first issue

Comments

@pvsone
Copy link
Contributor

pvsone commented May 11, 2020

Expected Behavior

In the Envoy tutorial (https://www.openpolicyagent.org/docs/latest/envoy-authorization/), the is_token_valid rule in policy.rego should evaluate to true for the sample tokens

Actual Behavior

It evaluates to false, as the time comparison is comparing time.now_ns() (a value in nanoseconds) to the token nbf and exp fields which are values in seconds.

Steps to Reproduce the Problem

Open the policy from Step 3 in the Rego Playground via the playground link (https://play.openpolicyagent.org/p/252FCEX43z). Evaluate the selection fo is_token_valid

To workaround, I updated the policy to:

is_token_valid {
  token.valid
  now := time.now_ns() / 1000000000
  token.payload.nbf <= now
  now < token.payload.exp
}
@princespaghetti
Copy link
Contributor

I'll grab this one!

@ashutosh-narkar
Copy link
Member

Thanks @princespaghetti !

@princespaghetti princespaghetti mentioned this issue May 13, 2020
Merged
patrick-east pushed a commit that referenced this issue May 14, 2020
@princespaghetti @patrick-east
docs/website: correct is_token_valid logic on envoy page
b5c1587 
Fixes: #2395
Signed-off-by: Anthony Barbieri <anthonyabarbieri@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@princespaghetti princespaghetti

Labels
bug docs good first issue
Projects
Open Policy Agent
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs/website: correct is_token_valid logic on envoy page fixes: #2395
3 participants
@princespaghetti @pvsone @ashutosh-narkar