Bump github.com/open-policy-agent/opa from 0.31.0 to 0.34.0

[dependabot]

Bumps github.com/open-policy-agent/opa from 0.31.0 to 0.34.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.34.0

This release includes a number of enhancements and fixes. In particular, this release adds a new keyword for membership and iteration (in) and a specialized built-in function (print) for debugging.

The in operator

This release adds a new in operator that provides syntactic sugar for references that perform membership tests or iteration on collections (i.e., arrays, sets, and objects.) The following table shows common patterns for arrays with the old and new syntax:

Pattern	Existing Syntax	New Syntax
Check if 7 exists in array	7 == arr[_]	7 in arr
Check if 7 does not exist in array	n/a (requires helper rule)	not 7 in arr
Iterate over the elements of array	x := arr[_]	some x in arr

For more information on the in operator see Membership and iteration: in in the docs.

The print function

This release adds a new print function for debugging purposes. The print function can be used to output any value inside of the policy. The print function has special handling for undefined values so that execution does not stop if any of the operands are undefined. Instead, a special marker is emitted in the output. For example:

package example
default allow = false
allow {
print("the subject's username is:", input.subject.username)
input.subject.username == "admin"
}

Given the policy above, we can see the output of the print function via STDERR when using opa eval:

echo '{"subject": {"username": "admin"}}' | opa eval -d policy.rego -I -f pretty 'data.example.allow'

Output:

</tr></table> 

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.34.0

This release includes a number of enhancements and fixes. In particular, this release adds a new keyword for membership and iteration (in) and a specialized built-in function (print) for debugging.

The in operator

This release adds a new in operator that provides syntactic sugar for references that perform membership tests or iteration on collections (i.e., arrays, sets, and objects.) The following table shows common patterns for arrays with the old and new syntax:

Pattern	Existing Syntax	New Syntax
Check if 7 exists in array	7 == arr[_]	7 in arr
Check if 7 does not exist in array	n/a (requires helper rule)	not 7 in arr
Iterate over the elements of array	x := arr[_]	some x in arr

For more information on the in operator see Membership and iteration: in in the docs.

The print function

This release adds a new print function for debugging purposes. The print function can be used to output any value inside of the policy. The print function has special handling for undefined values so that execution does not stop if any of the operands are undefined. Instead, a special marker is emitted in the output. For example:

package example
default allow = false
allow {
print("the subject's username is:", input.subject.username)
input.subject.username == "admin"
}

Given the policy above, we can see the output of the print function via STDERR when using opa eval:

echo '{"subject": {"username": "admin"}}' | opa eval -d policy.rego -I -f pretty 'data.example.allow'

Output:

... (truncated)

Commits

• e009c66 Prepare v0.34.0 release
• 4ac7a22 docs: Add example of using sdk package
• a7099b5 ast/parser: fix 'some x in xs' edge case via hinting (#3934)
• 0aaf70a workflow/nightly: dump all crashers to stdout
• dc2019d topdown/eval: conflict errors in functions when output not captured (#3920)
• 5263d63 types: Fix Arity function to return zero when type is known (#3932)
• 4c6d791 planner: guard "naked" input refs with IsDefinedStmt (#3892)
• 1090186 docs/content: Update kubernetes tutorial and envoy tutorials (#3931)
• e460718 website/index: fix footer, remove commented html (#3929)
• 9e4ddd1 ast: forbid dynamic recursion with hidden document (#3876)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #64.