Proposal/discussion: Schemas: JSON Schema and maybe more...

[liamg]

I've been discussing this with @srenatus and we thought it best to open it up for global discussion...

Currently the JSON Schema parsing in OPA is done by forking/internalising the xeipuuv/gojsonschema module. There is then a conversion function in opa which takes a data structure from the module and spits out a types.Type for validation use.

This module appears to no longer be maintained, and has many open issues. It also doesn't support drafts 2020-12 and 2019-09.

Recently there have been a couple of missing features/bugs (see link, link) in JSON Schema functionality that have revealed the above to be a potential issue.

The required functionality in OPA, currently can be split into two areas:

1. Parse a JSON Schema into a meaningful data structure
   a. ...with the caveat that we must be able to avoid network access during parsing as per the specified capabilities
2. Convert the parsed schema into a types.Type to be used for policy validation.

My proposal is:

1. Switch to a better-maintained library for area (1) - such as santhosh-tekuri/jsonschema which also provides API to cater for (1a) above.
2. Write a default schema parsing function to handle converting the santhosh-tekuri/jsonschema data structure to a types.Type- i.e. replacing parseSchema
3. Allow a consumer to customise behaviour by overriding the internal schema parsing function (therefore handling (1), (1a) and (2)), perhaps by implementing the below interface:

type SchemaParser interface {
  Parse(schema interface{}, allowNet bool) (*types.Type, error)
}

...and calling compiler.WithSchemaParser(myCustomParser). This would also have the advantage of allowing for other schema/validation formats in other consuming projects if required, without OPA having to know about them in advance.

WDYT?

[anderseknert]

Sounds good to me! Do you see any risks with the approach?