chore: Update druid-opa-authorizer for 25.11.0 (#134)

* chore: Update druid-opa-authorizer for 25.11.0

* update PR template

* add changelog entry

Author: xeniape

.github/pull_request_template.md

@@ -7,16 +7,11 @@
 - Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
 - Please make sure all these things are done and tick the boxes
 
-```[tasklist]
 # Reviewer
 - [ ] Code contains useful comments
 - [ ] (Integration-)Test cases added
 - [ ] Documentation added or updated
 - [ ] Changelog updated
-```
 
-```[tasklist]
 # Acceptance
 - [ ] Proper release label has been added
-```
-

.github/workflows/maven.yml

@@ -21,8 +21,8 @@ jobs:
       matrix:
         profile:
           - {druid: druid-30.0.1, java: '17'}
-          - {druid: druid-31.0.1, java: '17'}
           - {druid: druid-33.0.0, java: '17'}
+          - {druid: druid-34.0.0, java: '17'}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 

.github/workflows/release.yml

@@ -10,8 +10,8 @@ on:
         type: choice
         options:
           - druid-30.0.1
-          - druid-31.0.1
           - druid-33.0.0
+          - druid-34.0.0
       stackable-version:
         description: 'The stackable "patch" version to use for this release (e.g., "0").'
         required: true

CHANGELOG.md

@@ -2,6 +2,16 @@
 
 ## [Unreleased]
 
+### Added
+
+- Add support for Druid 34.0.0 ([#134]).
+
+### Removed
+
+- Remove support for Druid 31.0.1 ([#134]).
+
+[#134]: https://github.com/stackabletech/druid-opa-authorizer/pull/134
+
 ## [0.7.0] - 2025-05-31
 
 ### Added

README.md

@@ -7,14 +7,14 @@ An Apache Druid extension to request policy decisions from [Open Policy Agent](h
 This project was tested against these Druid versions:
 
 - 30.0.1
-- 31.0.1
 - 33.0.0
+- 34.0.0
 
 ## Building
 
 This repository uses Maven and requires at least Java 11 to build:
 
-        mvn -P druid-33.0.0 clean package
+        mvn -P druid-34.0.0 clean package
 
 Please check that the Druid version you are building for is supported and adapt the profile accordingly.
 The result of this is a JAR file in the `target` directory.

pom.xml

@@ -95,6 +95,12 @@
       <version>${druid.version}</version>
       <scope>provided</scope>
     </dependency>
+    <dependency>
+      <groupId>org.apache.druid</groupId>
+      <artifactId>druid-processing</artifactId>
+      <version>${druid.version}</version>
+      <scope>provided</scope>
+    </dependency>
   </dependencies>
 
   <build>
@@ -154,12 +160,10 @@
         <version>${maven-enforcer-plugin.version}</version>
         <configuration>
           <rules>
-            <banDuplicatePomDependencyVersions />
-            <banDynamicVersions />
             <banDuplicatePomDependencyVersions />
             <banDynamicVersions />
             <requireActiveProfile>
-              <profiles>druid-30.0.1,druid-31.0.1,druid-33.0.0</profiles>
+              <profiles>druid-30.0.1,druid-33.0.0,druid-34.0.0</profiles>
               <all>false</all>
             </requireActiveProfile>
             <requireJavaVersion>
@@ -333,24 +337,17 @@
           <version>2.12.7.1</version>
           <scope>provided</scope>
         </dependency>
-        <dependency>
-          <groupId>org.apache.druid</groupId>
-          <artifactId>druid-processing</artifactId>
-          <version>${druid.version}</version>
-          <scope>provided</scope>
-        </dependency>
       </dependencies>
     </profile>
     <profile>
-      <!-- LTS version as of 25.3 -->
-      <id>druid-31.0.1</id>
+      <id>druid-33.0.0</id>
       <properties>
         <java.version>17</java.version>
-        <druid.version>31.0.1</druid.version>
+        <druid.version>33.0.0</druid.version>
         <guava.version>32.0.1-jre</guava.version>
         <guice.version>4.1.0</guice.version>
         <!--
-        jackson.version in 31.0.1 is actually specified as 2.12.7.20221012 but according to the release notes
+        jackson.version in 33.0.0 is actually specified as 2.12.7.20221012 but according to the release notes
         https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12#micro-patches that is "only" the BOM which
         specifies almost all dependencies to be 2.12.7 with the exception of jackson-databind which is at 2.12.7.1:
         https://repo1.maven.org/maven2/com/fasterxml/jackson/jackson-bom/2.12.7.20221012/jackson-bom-2.12.7.20221012.pom
@@ -365,44 +362,44 @@
           <version>2.12.7.1</version>
           <scope>provided</scope>
         </dependency>
-        <dependency>
-          <groupId>org.apache.druid</groupId>
-          <artifactId>druid-processing</artifactId>
-          <version>${druid.version}</version>
-          <scope>provided</scope>
-        </dependency>
       </dependencies>
     </profile>
     <profile>
-      <id>druid-33.0.0</id>
+      <id>druid-34.0.0</id>
       <properties>
         <java.version>17</java.version>
-        <druid.version>33.0.0</druid.version>
-        <guava.version>32.0.1-jre</guava.version>
-        <guice.version>4.1.0</guice.version>
-        <!--
-        jackson.version in 33.0.0 is actually specified as 2.12.7.20221012 but according to the release notes
-        https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12#micro-patches that is "only" the BOM which
-        specifies almost all dependencies to be 2.12.7 with the exception of jackson-databind which is at 2.12.7.1:
-        https://repo1.maven.org/maven2/com/fasterxml/jackson/jackson-bom/2.12.7.20221012/jackson-bom-2.12.7.20221012.pom
-        so we override that here
-        -->
-        <jackson.version>2.12.7</jackson.version>
+        <druid.version>34.0.0</druid.version>
+        <guava.version>32.1.3-jre</guava.version>
+        <guice.version>5.1.0</guice.version>
+        <jackson.version>2.18.4</jackson.version>
       </properties>
       <dependencies>
+        <!--
+        In druid-server 34.0.0 all the jackson dependencies are specified to be 2.18.4 with the exception of jackson-core which is at 2.18.4.1:
+        https://github.com/apache/druid/blob/druid-34.0.0/pom.xml#L103, so we override that here
+        -->
         <dependency>
           <groupId>com.fasterxml.jackson.core</groupId>
-          <artifactId>jackson-databind</artifactId>
-          <version>2.12.7.1</version>
-          <scope>provided</scope>
-        </dependency>
-        <dependency>
-          <groupId>org.apache.druid</groupId>
-          <artifactId>druid-processing</artifactId>
-          <version>${druid.version}</version>
+          <artifactId>jackson-core</artifactId>
+          <version>2.18.4.1</version>
           <scope>provided</scope>
         </dependency>
       </dependencies>
+      <!--
+        We need to override the guice version using <dependencyManagement> here, otherwise maven chooses the highest
+        possible version in the range given by https://github.com/FasterXML/jackson-modules-base/blob/jackson-modules-base-2.18.4/guice/pom.xml#L30
+        which for some reason also wins in the conflict resolution, resulting in another version of the dependency than druid uses
+      -->
+      <dependencyManagement>
+        <dependencies>
+          <dependency>
+            <groupId>com.google.inject</groupId>
+            <artifactId>guice</artifactId>
+            <version>${guice.version}</version>
+            <scope>provided</scope>
+          </dependency>
+        </dependencies>
+      </dependencyManagement>
     </profile>
   </profiles>