Bump github.com/open-policy-agent/opa from 0.35.0 to 0.39.0

[dependabot]

Bumps github.com/open-policy-agent/opa from 0.35.0 to 0.39.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.39.0

This release contains a number of fixes and enhancements.

Disk Storage

The on-disk storage backend has been fully integrated with the OPA server, and can now be enabled via configuration:

storage:
  disk:
    directory: /var/opa # put data here
    auto_create: true   # create directory if it doesn't exist
    partitions:         # partitioning is important for data storage,
    - /users/*          # please see the documentation

It is intended to enable the use of OPA in scenarios where the data needed for policy evaluation exceeds the available memory.

The on-disk contents will persist among restarts, but should not be used as a single source of truth: there are no backup mechanisms, and certain data partitioning changes will require a start-over. These are things that may get improved in the future.

For all the details, please refer to the configuration and detailled Disk Storage section of the documentations.

Tooling, SDK, and Runtime

• Server: Add warning when input attribute is missing in POST /v1/data API (#4386) authored by @​aflmp
• SDK: Support partial evaluation (#4240), authored by @​kroekle; with a fix to avoid using different state (authored by @​Iceber)
• Runtime: Suppress payloads in debug logs for handlers that compress responses (/metrics and /debug/pprof) (authored by @​christian1607)
• opa test: Add file path to failing tests to make debugging failing tests easier (#4457), authored by @​liamg
• opa fmt: avoid whitespace mixed with tabs on with statements (#4376) reported by @​tiwood
• Coverage reporting: Remove duplicates from coverage report (#4393) reported by @​gianna7wu
• Plugins: Fix broken retry logic in decision logs plugin (#4486) reported by @​iamatwork
• Plugins: Update regular polling fallback mechanism for downloader
• Plugins: Support for adding custom parameters and headers for OAuth2 Client Credentials Token request (authored by @​srlk)
• Plugins: Log message on unexpected bundle content type (#4278)
• Plugins: Mask Authorization header value in debug logs (#4495)
• Docker images: Use GID 1000 in -rootless images (#4380); also warn when using UID/GID 0.
• Runtime: change processed file event log level to info

Rego and Topdown

• Type checker: Skip pattern JSON Schema attribute compilation (#4426): These are not supported, but could have caused the parsing of a JSON Schema document to fail.
• Topdown: Copy without modifying expr, fixing a bug that could occur when running multiple partial evaluation requests concurrently.
• Compiler strict mode: Raise error on unused imports (#4354) authored by @​damienjburks

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.39.0

This release contains a number of fixes and enhancements.

Disk Storage

The on-disk storage backend has been fully integrated with the OPA server, and can now be enabled via configuration:

storage:
  disk:
    directory: /var/opa # put data here
    auto_create: true   # create directory if it doesn't exist
    partitions:         # partitioning is important for data storage,
    - /users/*          # please see the documentation

It is intended to enable the use of OPA in scenarios where the data needed for policy evaluation exceeds the available memory.

The on-disk contents will persist among restarts, but should not be used as a single source of truth: there are no backup mechanisms, and certain data partitioning changes will require a start-over. These are things that may get improved in the future.

For all the details, please refer to the configuration and detailled Disk Storage section of the documentations.

Tooling, SDK, and Runtime

• Server: Add warning when input attribute is missing in POST /v1/data API (#4386) authored by @​aflmp
• SDK: Support partial evaluation (#4240), authored by @​kroekle; with a fix to avoid using different state (authored by @​Iceber)
• Runtime: Suppress payloads in debug logs for handlers that compress responses (/metrics and /debug/pprof) (authored by @​christian1607)
• opa test: Add file path to failing tests to make debugging failing tests easier (#4457), authored by @​liamg
• opa fmt: avoid whitespace mixed with tabs on with statements (#4376) reported by @​tiwood
• Coverage reporting: Remove duplicates from coverage report (#4393) reported by @​gianna7wu
• Plugins: Fix broken retry logic in decision logs plugin (#4486) reported by @​iamatwork
• Plugins: Update regular polling fallback mechanism for downloader
• Plugins: Support for adding custom parameters and headers for OAuth2 Client Credentials Token request (authored by @​srlk)
• Plugins: Log message on unexpected bundle content type (#4278)
• Plugins: Mask Authorization header value in debug logs (#4495)
• Docker images: Use GID 1000 in -rootless images (#4380); also warn when using UID/GID 0.
• Runtime: change processed file event log level to info

Rego and Topdown

• Type checker: Skip pattern JSON Schema attribute compilation (#4426): These are not supported, but could have caused the parsing of a JSON Schema document to fail.
• Topdown: Copy without modifying expr, fixing a bug that could occur when running multiple partial evaluation requests concurrently.

... (truncated)

Commits

• cc965f6 Prepare v0.39.0 release (#4524)
• 5171a6e docs: Add CloudFormation Hook tutorial (#4525)
• 7aef477 website/style: fix code block bottom margin (#4526)
• 51181a8 storage/disk: wildcard partition validation, docs caveat (#4519)
• 068a297 integrations: Add Emissary-Ingress (#4523)
• 0e4d875 website: fix community site (#4522)
• b0ca278 docs/management-bundles: remove quotations with info boxes (#4517)
• 516dd47 runtime+storage: integrate disk storage
• fc49420 storage: allow implementations to override MakeDir
• ac7bb1f storage: code cosmetics
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #1696 (fe6a9bc) into main (b099136) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1696   +/-   ##
=======================================
  Coverage   29.43%   29.43%           
=======================================
  Files         141      141           
  Lines        8413     8413           
=======================================
  Hits         2476     2476           
  Misses       5668     5668           
  Partials      269      269           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b099136...fe6a9bc. Read the comment docs.

[cpanato]

blocked on #1448 (comment)

will close

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.