Robinyo opened a new issue, #12374: URL: https://github.com/apache/apisix/issues/12374
### Current Behavior I have followed the steps in the [documentation](https://apisix.apache.org/docs/apisix/plugins/opa/) to configure the OPA plugin. For example: ``` - name: provider-directory-api-organization-read uri: /fhir/Organization* methods: [ "GET" ] upstream_id: 1 plugins: opa: host: "http://opa:8181"; ssl_verify: false with_route: true policy: "organization/allow" ``` Sample policy: ``` package organisation import input.request default allow := false allow if { request.method == "GET" } ``` OPA logs: ``` { "client_addr": "172.18.0.1:59868", "level": "info", "msg": "Received request.", "req_body": "package organisation\n \n result := true", "req_id": 6, "req_method": "PUT", "req_params": {}, "req_path": "/v1/policies/organization", "time": "2025-06-23T22:58:41Z" } { "client_addr": "172.18.0.1:59868", "level": "info", "msg": "Sent response.", "req_id": 6, "req_method": "PUT", "req_path": "/v1/policies/organization", "resp_body": "{}\n", "resp_bytes": 3, "resp_duration": 13.674417, "resp_status": 200, "time": "2025-06-23T22:58:41Z" } { "client_addr": "172.18.0.4:39134", "level": "info", "msg": "Received request.", "req_body": "{\"input\":{\"type\":\"http\",\"request\":{\"method\":\"GET\",\"host\":\"provider-directory.au.localhost\",\"query\":{\"_id\":\"adv-hearing-care\"},\"headers\":{\"host\":\"provider-directory.au.localhost\",\"user-agent\":\"curl/8.7.1\",\"authorization\":\"Bearer \",\"content-type\":\"application/fhir+json\",\"accept\":\"*/*\"},\"path\":\"/fhir/Organization\",\"port\":9443,\"scheme\":\"https\"},\"var\":{\"server_port\":\"9443\",\"remote_port\":\"61984\",\"timestamp\":1750719539,\"server_addr\":\"172.18.0.4\",\"remote_addr\":\"172.18.0.1\"},\"route\":{\"id\":\"routes#5\",\"name\":\"provider-directory-api-organization-read\",\"status\":1,\"priority\":0,\"plugins\":{\"opa\":{\"with_service\":false,\"with_consumer\":false,\"keepalive\":true,\"keepalive_timeout\":60000,\"host\":\"http://opa:8181\",\"policy\":\"organization/allow\",\"timeout\":3000,\"ssl_verify\":false,\"with_route\":true,\"keepalive_pool\":5}},\"methods\":[\"GET\"],\"upstream_id\":1,\"uri\":\"/fhir/Organi zation*\"}}}", "req_id": 7, "req_method": "POST", "req_params": {}, "req_path": "/v1/data/organization/allow", "time": "2025-06-23T22:58:59Z" } { "decision_id": "e880f001-f87a-492f-9432-f97fb9c96e35", "input": { "request": { "headers": { "accept": "*/*", "authorization": "Bearer ", "content-type": "application/fhir+json", "host": "provider-directory.au.localhost", "user-agent": "curl/8.7.1" }, "host": "provider-directory.au.localhost", "method": "GET", "path": "/fhir/Organization", "port": 9443, "query": { "_id": "adv-hearing-care" }, "scheme": "https" }, "route": { "id": "routes#5", "methods": [ "GET" ], "name": "provider-directory-api-organization-read", "plugins": { "opa": { "host": "http://opa:8181";, "keepalive": true, "keepalive_pool": 5, "keepalive_timeout": 60000, "policy": "organization/allow", "ssl_verify": false, "timeout": 3000, "with_consumer": false, "with_route": true, "with_service": false } }, "priority": 0, "status": 1, "upstream_id": 1, "uri": "/fhir/Organization*" }, "type": "http", "var": { "remote_addr": "172.18.0.1", "remote_port": "61984", "server_addr": "172.18.0.4", "server_port": "9443", "timestamp": 1750719539 } }, "labels": { "id": "22821c9e-13a1-42b8-a2bd-41c7c7b156b6", "version": "1.5.1" }, "level": "info", "metrics": { "counter_server_query_cache_hit": 0, "timer_rego_external_resolve_ns": 250, "timer_rego_input_parse_ns": 735875, "timer_rego_query_compile_ns": 551500, "timer_rego_query_eval_ns": 367375, "timer_server_handler_ns": 2341709 }, "msg": "Decision Log", "path": "organization/allow", "req_id": 7, "requested_by": "172.18.0.4:39134", "time": "2025-06-23T22:58:59Z", "timestamp": "2025-06-23T22:58:59.809873053Z", "type": "openpolicyagent.org/decision_logs" } { "client_addr": "172.18.0.4:39134", "level": "info", "msg": "Sent response.", "req_id": 7, "req_method": "POST", "req_path": "/v1/data/organization/allow", "resp_body": "{\"decision_id\":\"e880f001-f87a-492f-9432-f97fb9c96e35\"}\n", "resp_bytes": 55, "resp_duration": 8.198584, "resp_status": 200, "time": "2025-06-23T22:58:59Z" } { "headers": { "Content-Type": [ "application/json" ], "User-Agent": [ "Open Policy Agent/1.5.1 (linux, arm64)" ] }, "level": "debug", "method": "POST", "msg": "Sending request.", "time": "2025-06-23T23:04:19Z", "url": "https://telemetry.openpolicyagent.org/v1/version"; } { "headers": { "Content-Type": [ "application/json" ], "User-Agent": [ "Open Policy Agent/1.5.1 (linux, arm64)" ] }, "level": "debug", "method": "POST", "msg": "Sending request.", "time": "2025-06-23T23:04:19Z", "url": "https://telemetry.openpolicyagent.org/v1/version"; } { "headers": { "Content-Length": [ "213" ], "Content-Type": [ "application/json" ], "Date": [ "Mon, 23 Jun 2025 23:04:20 GMT" ] }, "level": "debug", "method": "POST", "msg": "Received response.", "status": "200 OK", "time": "2025-06-23T23:04:20Z", "url": "https://telemetry.openpolicyagent.org/v1/version"; } { "current_version": "1.5.1", "level": "debug", "msg": "OPA is up to date.", "time": "2025-06-23T23:04:20Z" } { "headers": { "Content-Length": [ "213" ], "Content-Type": [ "application/json" ], "Date": [ "Mon, 23 Jun 2025 23:04:20 GMT" ] }, "level": "debug", "method": "POST", "msg": "Received response.", "status": "200 OK", "time": "2025-06-23T23:04:20Z", "url": "https://telemetry.openpolicyagent.org/v1/version"; } ``` The APISIX logs show the following error: ``` 2025/06/23 22:58:59 [error] 33#33: *228928 [lua] opa.lua:115: phase_func(): invalid OPA decision format: {"decision_id":"e880f001-f87a-492f-9432-f97fb9c96e35"} err: `result` field does not exist, client: 172.18.0.1, server: _, request: "GET /fhir/Organization?_id=adv-hearing-care HTTP/2.0", host: "provider-directory.au.localhost" 2025/06/23 22:58:59 [warn] 33#33: *228928 [lua] plugin.lua:1210: run_plugin(): opa exits with http status code 503, client: 172.18.0.1, server: _, request: "GET /fhir/Organization?_id=adv-hearing-care HTTP/2.0", host: "provider-directory.au.localhost" 172.18.0.1 - - [23/Jun/2025:22:58:59 +0000] provider-directory.au.localhost "GET /fhir/Organization?_id=adv-hearing-care HTTP/2.0" 503 269 0.026 "-" "curl/8.7.1" - - - "http://provider-directory.au.localhost"; ``` Sample project: https://github.com/Robinyo/provider-directory ### Expected Behavior To evaluate the policy and allow access to the API endpoint. ### Error Logs ``` 2025/06/23 22:58:59 [error] 33#33: *228928 [lua] opa.lua:115: phase_func(): invalid OPA decision format: {"decision_id":"e880f001-f87a-492f-9432-f97fb9c96e35"} err: `result` field does not exist, client: 172.18.0.1, server: _, request: "GET /fhir/Organization?_id=adv-hearing-care HTTP/2.0", host: "provider-directory.au.localhost" 2025/06/23 22:58:59 [warn] 33#33: *228928 [lua] plugin.lua:1210: run_plugin(): opa exits with http status code 503, client: 172.18.0.1, server: _, request: "GET /fhir/Organization?_id=adv-hearing-care HTTP/2.0", host: "provider-directory.au.localhost" 172.18.0.1 - - [23/Jun/2025:22:58:59 +0000] provider-directory.au.localhost "GET /fhir/Organization?_id=adv-hearing-care HTTP/2.0" 503 269 0.026 "-" "curl/8.7.1" - - - "http://provider-directory.au.localhost"; ``` ### Steps to Reproduce A sample project, see: https://github.com/Robinyo/provider-directory ### Environment - APISIX version - FROM apache/apisix:3.12.0-debian - Operating system : Darwin Kernel Version 24.1.0: Thu Oct 10 21:05:14 PDT 2024; root:xnu-11215.41.3~2/RELEASE_ARM64_T8103 arm64 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
