Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/open-policy-agent/opa from 0.26.0 to 0.27.0 #134

Closed
wants to merge 1 commit into from
Closed

Bump github.com/open-policy-agent/opa from 0.26.0 to 0.27.0 #134

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2021

Bumps github.com/open-policy-agent/opa from 0.26.0 to 0.27.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.27.0

This release contains a number of enhancements and bug fixes.

Tooling

  • The eval subcommand now supports a -s/--schema flag that accepts a JSON schema for the input document. The schema is used when type checking the policy so that invalid references to (or operations on) input data are caught at compile time. In the future, the schema support will be expanded to accept multiple schemas and rule-level annotations. See the new Schemas documentation for details. Authored by @aavarghese and @vazirim.
  • The eval, test, bench and REPL subcommands now supports a -t/--target flag to set the evaluation engine to use. The default engine is rego referring to the standard Rego interpreter in OPA. Users can now select wasm to enable Wasm compilation and execution of policies (#2878).
  • The eval subcommand now supports a raw option for -f/--format that is useful in bash scripts. Authored by @jaspervdj-luminal.
  • The test framework now supports "skippable" tests. Prefix the test name with todo_ to have the test runner skip the test, e.g., todo_test_allow { ... }.
  • The eval subcommand now correctly supports the --ignore flag. Previously the flag was not being applied.

Server

  • The POST /v1/compile API now supports a ?metrics query parameter similar to other APIs. Authored by @jkbschmid.
  • The directory used for persisting downloaded bundles can now be configured. See the Configuration page for details.
  • The HTTP Decision Logger plugin no longer blocks server shutdown for the grace period when there are no logs to upload.
  • The Bundle plugin now unregisters listeners correctly. This issue would cause listeners to be invoked when bundle updates were dispatched even if the listener was unregistered (#3190).
  • The server now correctly decodes policy IDs in the HTTP request URL. Authored by @mattmahn (#2116).
  • The server now configures the http_request_duration_seconds metric (for all of the server endpoitns) with smaller, more granular buckets that better map to actual response latencies from OPA. Authored by @luong-komorebi (#3196).

Security

  • PKCS8 keys are now supported when signing bundles and communicating with control plane services. Previously only PKCS1 keys were supported (#3116).
  • The built-in OPA HTTP API authorizer policy can now return a reason to explain why a request to the OPA API is denied (#3056). See the Security documentation for details. Thanks to @ajanthan for helping improve this.

Compiler

  • The compiler can be configured to emit debug messages that explain comprehension indexing decisions. Debug messages can be enabled when running opa build with --debug.
  • A panic was fixed in one of the rewriting stages when comprehensions were used as object keys (#2915)

Evaluation

  • A bug in big integer comparison was fixed. This issue was discovered when comparing serial numbers from X.509 certificates. Authored by @andrehaland (#3147).
  • The io.jwt.decode_verify function now uses the environment supplied time-of-day value instead of calling time.Now() (#3105).

Documentation

WebAssembly

  • The data document no longer needs to be initialized to an empty object (#3130).
  • The mpd library is now initalized by the module's Start function (#3110).
  • The planner now longer re-plans rules blindly when with statements are encountered (#3150).
  • The planner and compiler now support dynamic dispatch. Previously the planner would enumerate all functions and invocation was controlled at runtime (#2936).
  • The compiler now inserts memoization instructions into function bodies instead of at callsites. This reduces the number of wasm instructions in the resulting binary (#3169).
  • The wasmtime runtime is now the default runtime used by OPA to execute compiled policies. The new runtime no longer leaks memory when policies are reloaded.
  • The planner and compiler now intern strings and booleans and implement a few micro-optimizations to reduce the size of the resulting binary.
  • The capabilities support has been updated to include an ABI major and minor version for tracking backwards compatibility on compiled policies (#3120).

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.27.0

This release contains a number of enhancements and bug fixes.

Tooling

  • The eval subcommand now supports a -s/--schema flag that accepts a JSON schema for the input document. The schema is used when type checking the policy so that invalid references to (or operations on) input data are caught at compile time. In the future, the schema support will be expanded to accept multiple schemas and rule-level annotations. See the new Schemas documentation for details. Authored by @aavarghese and @vazirim.
  • The eval, test, bench and REPL subcommands now supports a -t/--target flag to set the evaluation engine to use. The default engine is rego referring to the standard Rego interpreter in OPA. Users can now select wasm to enable Wasm compilation and execution of policies (#2878).
  • The eval subcommand now supports a raw option for -f/--format that is useful in bash scripts. Authored by @jaspervdj-luminal.
  • The test framework now supports "skippable" tests. Prefix the test name with todo_ to have the test runner skip the test, e.g., todo_test_allow { ... }.
  • The eval subcommand now correctly supports the --ignore flag. Previously the flag was not being applied.

Server

  • The POST /v1/compile API now supports a ?metrics query parameter similar to other APIs. Authored by @jkbschmid.
  • The directory used for persisting downloaded bundles can now be configured. See the Configuration page for details.
  • The HTTP Decision Logger plugin no longer blocks server shutdown for the grace period when there are no logs to upload.
  • The Bundle plugin now unregisters listeners correctly. This issue would cause listeners to be invoked when bundle updates were dispatched even if the listener was unregistered (#3190).
  • The server now correctly decodes policy IDs in the HTTP request URL. Authored by @mattmahn (#2116).
  • The server now configures the http_request_duration_seconds metric (for all of the server endpoitns) with smaller, more granular buckets that better map to actual response latencies from OPA. Authored by @luong-komorebi (#3196).

Security

  • PKCS8 keys are now supported when signing bundles and communicating with control plane services. Previously only PKCS1 keys were supported (#3116).
  • The built-in OPA HTTP API authorizer policy can now return a reason to explain why a request to the OPA API is denied (#3056). See the Security documentation for details. Thanks to @ajanthan for helping improve this.

Compiler

  • The compiler can be configured to emit debug messages that explain comprehension indexing decisions. Debug messages can be enabled when running opa build with --debug.
  • A panic was fixed in one of the rewriting stages when comprehensions were used as object keys (#2915)

Evaluation

  • A bug in big integer comparison was fixed. This issue was discovered when comparing serial numbers from X.509 certificates. Authored by @andrehaland (#3147).
  • The io.jwt.decode_verify function now uses the environment supplied time-of-day value instead of calling time.Now() (#3105).

Documentation

WebAssembly

  • The data document no longer needs to be initialized to an empty object (#3130).
  • The mpd library is now initalized by the module's Start function (#3110).
  • The planner now longer re-plans rules blindly when with statements are encountered (#3150).
  • The planner and compiler now support dynamic dispatch. Previously the planner would enumerate all functions and invocation was controlled at runtime (#2936).
  • The compiler now inserts memoization instructions into function bodies instead of at callsites. This reduces the number of wasm instructions in the resulting binary (#3169).
  • The wasmtime runtime is now the default runtime used by OPA to execute compiled policies. The new runtime no longer leaks memory when policies are reloaded.
  • The planner and compiler now intern strings and booleans and implement a few micro-optimizations to reduce the size of the resulting binary.

... (truncated)

Commits
  • 43a12ec Prepare v0.27.0 release
  • ad3d677 Update the CHANGELOG in preparation for next release
  • f6c30e7 Internal/prometheus: Add smaller buckets
  • 968d49d Injectable logging implementation
  • ef9814c Add a --format=raw option for eval (#3207)
  • 0557c5f wasm: Update generated binaries
  • bd5c572 wasm: misc optimizations (less locals, blocks, interning strings and booleans...
  • dc820b5 tests: fix wasm tests
  • 7cdef1d fix eval command ignore flag support (#3215)
  • b14464c Adding PHP Symfony middleware
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 9, 2021
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 15, 2021

Superseded by #137.

@dependabot dependabot bot closed this Mar 15, 2021
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/open-policy-agent/opa-0.27.0 branch March 15, 2021 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants