-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump OPA version from v0.68.0 to v0.69.0 and Set new accepted minimum to v0.69.0 #1348
Conversation
@buidav Do we want to prevent use of previous versions of OPA and start anew with 0.69? Our NoBOM fixes means ScubaGear is still compatible with previous versions, and 0.69 wasn't a security fix release. |
Yes. From a previous discussion, the thought there was to start anew with the new version as an extra layer of assurance that the BOM issue will never appear again. |
@buidav During testing/review I also noticed a small error (not directly from this update) that caused the error message from Install-OPAforSCuBA to not correctly list acceptable versions if asked to install a specific version outside the list due to a variable name typo. Added that fix to this PR as it is straightforward and related. Hope you don't mind. |
huh that's probably been there for a while. Good find! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ran Install-OPAforSCuBA
with default options and -ExpectedVersion
outside the acceptable list. Worked as expected (after fixing error message with commit).
Also ran Initialize-SCuBA
which calls same function to confirm it would update older OPA versions as expected as well. Worked as expected.
Invoke-SCuBA
and unit tests all ran and passed as expected with 0.69 version of OPA Rego engine as well.
Seems reasonable to cut the acceptable list to the latest at this time to prevent further issues with the BOM and to trim support for older releases at this time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ran Invoke-Scuba
before upgrading my OPA, then ran Initialize-SCuBA
to upgrade, then ran Invoke-Scuba
again. Results of the two runs matched.
I also ran Invoke-ScubaCached
with an old provider output JSON I had that had the BOM. Our favorite unable to parse input: yaml
error happened when run with the old OPA executable but ran successfully with the latest version!
@nanda-katikaneni ready to merge |
92f06d4
to
9ee9bfc
Compare
🗣 Description
💭 Motivation and context
🧪 Testing
Currently a human should still check if bumping the OPA version affects ScubaGear.Import-Module .\PowerShell\ScubaGear
runInstall-OPAforSCuBA
to download the latest version.`Invoke-SCuBA
against a few of the tenants no issues.📷 Screenshots
Passing unit tests.
✅ Pre-approval checklist
✅ Pre-merge checklist
PR passed smoke test check.
Feature branch has been rebased against changes from parent branch, as needed
Use
Rebase branch
button below or use this reference to rebase from the command line.Resolved all merge conflicts on branch
Notified merge coordinator that PR is ready for merge via comment mention
✅ Post-merge checklist