Now
MAIN commitmail json YAML
pkgsrc/devel/opa/Makefile@1.6
/
diff
pkgsrc/devel/opa/distinfo@1.3 / diff
pkgsrc/devel/opa/go-modules.mk@1.3 / diff
pkgsrc/devel/opa/patches/patch-runtime_check__user__unix.go@1.1 / diff
pkgsrc/devel/opa/distinfo@1.3 / diff
pkgsrc/devel/opa/go-modules.mk@1.3 / diff
pkgsrc/devel/opa/patches/patch-runtime_check__user__unix.go@1.1 / diff
opa: Update to 0.42.2
Changes:
## 0.42.2
This is a bug fix release that addresses the following:
- storage/disk: make symlinks work with relative paths
- bundle: Normalize paths before bundle root check
## 0.42.1
This is a bug fix release that addresses the following:
1. An issue while writing data to the in-memory store at a non-root
nonexistent path
2. Policies owned by a bundle could be replaced via the REST API because of a
missing bundle scope check
3. Adds missing `future.keywords` import for the examples in the policy
testing section of the docs
## 0.42.0
This release contains a number of fixes and enhancements.
### New built-in function: `object.subset`
This function checks if a collection is a subset of another collection.
It works on objects, sets, and arrays.
If both arguments are objects, then the operation is recursive, e.g.
`{"c": {"x": {10, 15, 20}}` is considered a subset of
`{"a": "b", "c": {"x": {10, 15, 20, 25}, "y": "z"}`.
See the built-in functions docs for all details:
<https://www.openpolicyagent.org/docs/v0.42.0/policy-reference/#builtin-object-objectsubset>
### New keywords: "contains" and "if"
These new keywords let you increase the expressiveness of your policy code:
Before
```rego
package authz
allow { not denied } # `denied` left out for presentation purposes
deny[msg] {
count(violations) > 0
msg := sprintf("there are %d violations", [count(violations)])
}
```
After
```rego
package authz
import future.keywords
allow if not denied # one expression only => no { ... } needed!
deny contains msg if {
count(violations) > 0
msg := sprintf("there are %d violations", [count(violations)])
}
```
Note that rule bodies containing only one expression can be abbreviated when using `if`.
To use the new keywords, use `import future.keywords.contains` and
`import future.keywords.if`; or import all of them at once via
`import future.keywords`. When these future imports are present, the pretty
printer (`opa fmt`) will introduce `contains` and `if` where
applicable.
`if` is allowed in all places to separate the rule head from the body, like
```rego
response[key] = value if { key := "open", y := "sesame" }
```
_but_ not for partial set rules, unless also using `contains`:
```rego
deny[msg] if msg := "forbidden" # INVALID
deny contains msg if msg := "forbidden" # VALID
```
## 0.41.0
This release contains a number of fixes and enhancements.
### GraphQL Built-in Functions
A new set of built-in functions are now available to validate, parse
and verify GraphQL query and schema! Following are the new built-ins:
graphql.is_valid: Checks that a GraphQL query is valid against a given schema
graphql.parse: Returns AST objects for a given GraphQL query and schema
graphql.parse_and_verify: Returns a boolean indicating success or failure alongside the parsed ASTs for a given GraphQL query and schema
graphql.parse_query: Returns an AST object for a GraphQL query
graphql.parse_schema: Returns an AST object for a GraphQL schema
### Built-in Function Metadata
Built-in function declarations now support additional metadata to
specify name and description for function arguments and return values.
The metadata can be programmatically consumed by external tools such as
IDE plugins. The built-in function documentation is created using the
new built-in function metadata. Check out the new look of the
Built-In Reference:
<https://www.openpolicyagent.org/docs/latest/policy-reference/#built-in-functions>
Under the hood, a new file called `builtins_metadata.json` is generated via `make generate` which can be consumed by
external tools.
Changes:
## 0.42.2
This is a bug fix release that addresses the following:
- storage/disk: make symlinks work with relative paths
- bundle: Normalize paths before bundle root check
## 0.42.1
This is a bug fix release that addresses the following:
1. An issue while writing data to the in-memory store at a non-root
nonexistent path
2. Policies owned by a bundle could be replaced via the REST API because of a
missing bundle scope check
3. Adds missing `future.keywords` import for the examples in the policy
testing section of the docs
## 0.42.0
This release contains a number of fixes and enhancements.
### New built-in function: `object.subset`
This function checks if a collection is a subset of another collection.
It works on objects, sets, and arrays.
If both arguments are objects, then the operation is recursive, e.g.
`{"c": {"x": {10, 15, 20}}` is considered a subset of
`{"a": "b", "c": {"x": {10, 15, 20, 25}, "y": "z"}`.
See the built-in functions docs for all details:
<https://www.openpolicyagent.org/docs/v0.42.0/policy-reference/#builtin-object-objectsubset>
### New keywords: "contains" and "if"
These new keywords let you increase the expressiveness of your policy code:
Before
```rego
package authz
allow { not denied } # `denied` left out for presentation purposes
deny[msg] {
count(violations) > 0
msg := sprintf("there are %d violations", [count(violations)])
}
```
After
```rego
package authz
import future.keywords
allow if not denied # one expression only => no { ... } needed!
deny contains msg if {
count(violations) > 0
msg := sprintf("there are %d violations", [count(violations)])
}
```
Note that rule bodies containing only one expression can be abbreviated when using `if`.
To use the new keywords, use `import future.keywords.contains` and
`import future.keywords.if`; or import all of them at once via
`import future.keywords`. When these future imports are present, the pretty
printer (`opa fmt`) will introduce `contains` and `if` where
applicable.
`if` is allowed in all places to separate the rule head from the body, like
```rego
response[key] = value if { key := "open", y := "sesame" }
```
_but_ not for partial set rules, unless also using `contains`:
```rego
deny[msg] if msg := "forbidden" # INVALID
deny contains msg if msg := "forbidden" # VALID
```
## 0.41.0
This release contains a number of fixes and enhancements.
### GraphQL Built-in Functions
A new set of built-in functions are now available to validate, parse
and verify GraphQL query and schema! Following are the new built-ins:
graphql.is_valid: Checks that a GraphQL query is valid against a given schema
graphql.parse: Returns AST objects for a given GraphQL query and schema
graphql.parse_and_verify: Returns a boolean indicating success or failure alongside the parsed ASTs for a given GraphQL query and schema
graphql.parse_query: Returns an AST object for a GraphQL query
graphql.parse_schema: Returns an AST object for a GraphQL schema
### Built-in Function Metadata
Built-in function declarations now support additional metadata to
specify name and description for function arguments and return values.
The metadata can be programmatically consumed by external tools such as
IDE plugins. The built-in function documentation is created using the
new built-in function metadata. Check out the new look of the
Built-In Reference:
<https://www.openpolicyagent.org/docs/latest/policy-reference/#built-in-functions>
Under the hood, a new file called `builtins_metadata.json` is generated via `make generate` which can be consumed by
external tools.