Skip to content

Commit

Permalink
Prepare v0.64.0 release
Browse files Browse the repository at this point in the history
Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
  • Loading branch information
ashutosh-narkar committed Apr 25, 2024
1 parent a400281 commit 10cc29c
Show file tree
Hide file tree
Showing 5 changed files with 5,088 additions and 9 deletions.
62 changes: 55 additions & 7 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,18 @@
All notable changes to this project will be documented in this file. This
project adheres to [Semantic Versioning](http://semver.org/).

## Unreleased
## 0.64.0

The `go` stanza of OPA's `go.mod` had become out of sync: Projects importing OPA as a Go library would see their `go` stanza moved to 1.21 (if it wasn't that before).
This was introduced with v0.63.0, but the main branch's `go.mod` still claimed to be a `go 1.20` compatible.
Now, it states the true state of affairs: OPA, used as Go dependency, requires at least Go 1.21, and thus works with all officially supported Go versions (1.21.x and 1.22.x).
> **_NOTES:_**
>
> * The minimum version of Go required to build the OPA module is **1.21**
#### Breaking Change
This release contains a breaking change in the behaviour of the `Discovery` plugin, mix of features, a new builtin function (`json.marshal_with_options()`),
performance improvements, and bugfixes.

##### Bootstrap configuration overrides Discovered configuration
### Breaking Change

#### Bootstrap configuration overrides Discovered configuration

Previously if Discovery was enabled, other features like bundle downloading and status reporting could not be configured manually.
The reason for this was to prevent OPAs being deployed that could not be controlled through discovery. It's possible that
Expand All @@ -25,7 +28,52 @@ configuration fields. For example, if the discovered configuration changes the `
additional compared to the bootstrap configuration are used, all other changes are ignored. This implies labels in the
bootstrap configuration override those in the discovered configuration. But for fields such as `default_decision`, `default_authorization_decision`,
`nd_builtin_cache`, the discovered configuration would override the bootstrap configuration. Now the behavior is more consistent
for the entire configuration and helps to avoid accidental configuration errors.
for the entire configuration and helps to avoid accidental configuration errors. ([#5722](https://github.com/open-policy-agent/opa/issues/5722)) authored by @ashutosh-narkar

### Add `rego_version` attribute to the bundle manifest

A new global `rego_version` attribute is added to the bundle manifest, to inform the OPA runtime about what Rego version (`v0`/`v1`) to
use while parsing/compiling contained Rego files. There is also a new `file_rego_versions` attribute which allows individual
files to override the global Rego version specified by `rego_version`.

When the version of the contained Rego is advertised by the bundle through this attribute, it is not required to run OPA with the
`--v1-compatible` (or future `--v0-compatible`) flag in order to correctly parse, compile and evaluate the bundle's modules.

A bundle's `rego_version` attribute takes precedence over any applied `--v1-compatible`/`--v0-compatible` flag. ([#6578](https://github.com/open-policy-agent/opa/issues/6578)) authored by @johanfylling

### Runtime, Tooling, SDK
- compile: Fix panic from CLI + metadata entrypoint overlaps. The panic occurs when `opa build` was provided an entrypoint from both a CLI flag, and via entrypoint metadata annotation. ([#6661](https://github.com/open-policy-agent/opa/issues/6661)) authored by @philipaconrad
- cmd/deps: Improve memory footprint and execution time of `deps` command for policies with high dependency connectivity ([#6685](https://github.com/open-policy-agent/opa/issues/6685)) authored by @johanfylling
- server: Keep default decision path in-sync with manager's config ([#6697](https://github.com/open-policy-agent/opa/issues/6697)) authored by @ashutosh-narkar
- server: Remove unnecessary AST-to-JSON conversions ([#6665](https://github.com/open-policy-agent/opa/pull/6665)) and ([#6669](https://github.com/open-policy-agent/opa/pull/6669)) authored by @koponen-styra
- sdk: Allow customizations of the plugin manager via SDK ([#6662](https://github.com/open-policy-agent/opa/issues/6662)) authored by @xico42
- sdk: Fix issue where active parser options aren't propagated to module reload during bundle activation resulting in errors while activating bundles with `v1` syntax ([#6689](https://github.com/open-policy-agent/opa/pull/6689)) authored by @xico42
- plugins/rest: Close response body in OAuth2 client credentials flow ([#6708](https://github.com/open-policy-agent/opa/pull/6708)) authored by @johanneslarsson

### Topdown and Rego
- ast: Import `rego.v1` in `v0` support modules when applicable ([#6450](https://github.com/open-policy-agent/opa/issues/6450)) authored by @johanfylling
- rego: Set query Rego version from configured imports ([#6701](https://github.com/open-policy-agent/opa/issues/6701)) authored by @johanfylling
- topdown: New `json.marshal_with_options()` builtin for indented/"pretty-printed" and/or line-prefixed JSON ([#6630](https://github.com/open-policy-agent/opa/issues/6630)) authored by @sean-r-williams

### Docs, Website, Ecosystem
- Add Raygun to ecosystem projects ([#6712](https://github.com/open-policy-agent/opa/pull/6712)) authored by @johndbro1
- Add env0 to ecosystem projects ([#6658](https://github.com/open-policy-agent/opa/pull/6658)) authored by @yarivg
- Add Rego Language Comparisons to ecosystem projects ([#6663](https://github.com/open-policy-agent/opa/pull/6663)) authored by @charlieegan3
- docs/configuration: Tidy up headers in Services section ([#6695](https://github.com/open-policy-agent/opa/pull/6695)) authored by @tsandall
- docs: Use cuboid rather than cube to explain concepts of sets and composite values in policy-language section of documentation ([#6691](https://github.com/open-policy-agent/opa/pull/6691)) authored by @kd-labs

### Miscellaneous
- go.{mod,sum}: Update the `go` stanza of OPA's `go.mod` to `go 1.21`. OPA, used as Go dependency, requires at least `go 1.21`, and thus works with all officially supported Go versions (`1.21.x` and `1.22.x`) ([#6678](https://github.com/open-policy-agent/opa/pull/6678)) authored by @srenatus
- ci: Update Github Actions for Node 20. This change updates the `upload-artifact` and `download-artifact` Github actions to the latest version (v4) ([#6670](https://github.com/open-policy-agent/opa/pull/6670)) authored by @philipaconrad
- build: Update WASM Rego test generation docker command to address CVE-2022-24765 in Git ([#6703](https://github.com/open-policy-agent/opa/issues/6703)) authored by @ashutosh-narkar
- Dependency updates; notably:
- build(go): bump 1.22.1 -> 1.22.2 ([#6672](https://github.com/open-policy-agent/opa/pull/6672)) authored by @srenatus
- build(deps): bump aquasecurity/trivy-action from 0.18.0 to 0.19.0
- build(deps): bump github.com/containerd/containerd from 1.7.14 to 1.7.15
- build(deps): bump github.com/prometheus/client_model from 0.5.0 to 0.6.1
- build(deps): bump golang.org/x/net from 0.22.0 to 0.24.0
- build(deps): bump google.golang.org/grpc from 1.62.1 to 1.63.2


## 0.63.0

Expand Down
7 changes: 7 additions & 0 deletions ast/version_index.json
Original file line number Diff line number Diff line change
Expand Up @@ -686,6 +686,13 @@
"PreRelease": "",
"Metadata": ""
},
"json.marshal_with_options": {
"Major": 0,
"Minor": 64,
"Patch": 0,
"PreRelease": "",
"Metadata": ""
},
"json.match_schema": {
"Major": 0,
"Minor": 50,
Expand Down
Loading

0 comments on commit 10cc29c

Please sign in to comment.