/opa

Latest release
v0.10.2
Latest release

@tsandall tsandall released this Dec 10, 2018 · 1 commit to master since this release

Assets 5

Fixes

  • Add manifest metadata to bundle data (#1079) (#1062)
  • Add profile command to REPL (#838)
  • Add decision ID note in API docs (#1061)
  • Fix formatting of trailing comments in composites (#1060)
  • Fix panic caused by input being set incorrectly (#1083)
  • Fix partial eval to apply saved terms (#1074)

Miscellaneous

  • Add Stringer implementation for expr values
  • Add Stringer implementation on metrics object
  • Add helper function to compile strings
  • Add note to configuration reference about -c flag
  • Add support for configuration discovery
  • Add support for multiple tracers
  • Add trace helper to rego package
  • Add code coverage percentage
  • Fix REPL to check number of assignment operands
  • Fix bug in test runner rule name dedup
  • Fix security link in REST API reference
  • Fix formatting of empty sets
  • Fix incorrect reporting of module parse time
  • Fix out of range errors for eq/assign in compiler
  • Fix parser to limit size of exponents
  • Update compiler to iterate over modules in sort order
  • Update OPA front page
  • Mark diagnostics feature as deprecated
v0.10.1

@tsandall tsandall released this Oct 30, 2018 · 37 commits to master since this release

Assets 5

Fixes

  • Add show debug command to REPL (#750)

Miscellaneous

  • Add glob built-ins for easier path matching (thanks @aeneasr)
  • Add support for specifying services as object
v0.10.0

@tsandall tsandall released this Oct 25, 2018 · 44 commits to master since this release

Assets 5

Major Features

  • Wasm compiler. This release adds initial/experimental support for
    compiling Rego policies into Wasm executables. Wasm executables can be loaded
    and executed in compatible Wasm runtimes like V8 (nodejs). You can try this
    out by running opa build.

  • Data mocking. This release adds support for replacing/mocking the data
    document using the with keyword. In the past, with only supported the
    input document. This made it tricky to test context-dependent policies. With
    the new with keyword support, it's easier to write tests against contextual
    policies.

  • Negation Optimization. This release includes an optimization in partial
    evaluation for dealing with negated statements (not keyword). In the past,
    OPA would generate a support rule for negated statements. This is harder for
    clients to consume and not readily optimized. The optimization computes the
    necessary cross-product of the negated query and inlines it into the caller.
    This leads to simpler partial evaluation results that are readily optimized,
    translated into other query languages (e.g., SQL and Elasticsearch),
    or compiled into Wasm.

Fixes

  • Add builtin to verify and decode JWT (#884)
  • Add GoDoc sample for using rego.Tracer (#1002)
  • Add built-in function to get runtime info (#420)
  • Add support for YAML encoded input values (#290)
  • Add support for client certificates (#684)
  • Add support for non-zero exit code in eval subcommand (#981)
  • Fix == rewriting on embedded terms (#995)
  • Fix copy propagation panic in comprehensions (#1012)
  • Implement regex.find_n (#1001) (#747)
  • Improve with modifier target error (#343)
  • Iterate over smaller set when intersecting (#531)
  • Only write one trailing newline at end of file (#1032)
  • Redirect HTTP requests with trailing slashes (#972)
  • Update bundle reader to allow relative data.json (#1019)
  • Expose version information via REST API (#277)

Miscellaneous

  • Add default decision configuration
  • Add extra helpers to loader result
  • Add indentation to trace in failure output
  • Add router option to the HTTP server
  • Add support for headers in http.send (thanks @repenno)
  • Deprecating --insecure-addr flag (thanks @repenno)
  • Add POST v1/query API for large inputs (thanks @rite2nikhil)
  • Remove heap allocations from AST set with open addressing
  • Replace siphash with xxhash in AST
  • Output traces on failures in verbose mode (thanks @srenatus)
  • Rewrite duplicate test rule names (thanks @srenatus)
Oct 3, 2018

v0.9.3-rc3 

Prepare v0.9.3-rc3 release
Signed-off-by: Torin Sandall <torinsandall@gmail.com>
Oct 3, 2018

v0.9.3-rc2 

Prepare v0.9.3-rc2 release
Signed-off-by: Torin Sandall <torinsandall@gmail.com>
Oct 3, 2018

v0.9.3-rc1 

Add skip_cleanup: true to .travis.yml
This should prevent the linux executable from being deleted (it's
require by the image build.)

Signed-off-by: Torin Sandall <torinsandall@gmail.com>
v0.9.2

@tsandall tsandall released this Sep 24, 2018 · 113 commits to master since this release

Assets 5

Miscellaneous Fixes

  • Add option to enable http redirects (#921)
  • Add copy propagation to support rules (#911)
  • Add support for inlining negated expressions in partial evaluation
  • Add deps subcommand to analyze base and virtual document dependencies
  • Add partial evaluation support to eval subcommand
  • Add net.cidr_overlap built-in function (thanks @aeneasr)
  • Add regex.template_match built-in function (thanks @aeneasr)
  • Add external security audit information (thanks @caniszczyk)
  • Add initial support for plugin loading (thanks @vrnmthr)
  • Fix copy propagator type assertion panic (#912)
  • Fix panic in parser error detail construction (#948)
  • Fix with value rewriting for call terms (#916)
  • Fix coverage flag for test command (thanks @johscheuer)
  • Fix compile operation timing in REPL
  • Fix to indent 4 spaces instead of a tab (thanks @superbrothers)
  • Fix REPL output in policy guide (thanks @ttripp)
  • Multiple fixes in the Kubernetes admission controller tutorial (thanks @johscheuer)
  • Improve formatting of empty ast.Body (#909)
  • Improve Kubernetes admission control policy loading explanation (thanks @rite2nikhil)
  • Update http.send test to work without internet access (#945)
  • Update test runner to set Fail to true (#954)

Security Audit Fixes

  • Improve token authentication docs and handler (#901)
  • Link to security docs in tutorials (#917)
  • Update bundle reader to cap buffer size (#920)
  • Validate queries by checking unsafe builtins (#919)
  • Fix XSS in debug page (#918)
v0.9.1

@tsandall tsandall released this Aug 16, 2018 · 163 commits to master since this release

Assets 5

Fixes

  • Add io.jwt.verify_es256 and io.jwt.verify_ps256 built-in functions (@optnfast)
  • Add array.concat built-in function (#851)
  • Add support for command line bundle loading (#870)
  • Add regex split built-in function
  • Fix incorrect AST node in Index events (#859)
  • Fix terraform tutorial type check errors (#888)
  • Fix CONTRIBUTING.md to include sign-off step (@optnfast)
  • Improve save set performance (#860)
v0.9.0

@tsandall tsandall released this Jul 31, 2018 · 184 commits to master since this release

Assets 5

Major Features

This release adds two major features to OPA itself.

  • Query Profiler: the opa eval subcommand now supports a --profiler option
    to help policy authors understand the performance profile of their policies.
    Give it a shot and let us know if you find it helpful or if you find cases
    that could be improved!

  • Compile API: OPA now exposes Partial Evaluation with first-class interfaces.
    In prior releases, Partial Evaluation was only used for optimizations
    purposes. As of v0.9, callers can use Partial Evaluation via HTTP or Golang to
    obtain conditional decisions that can be evaluated on the client-side.

Fixes

  • Add ADOPTERS.md file (#691)
  • Add time.weekday builtin (#789)
  • Fix REPL output for multiple bool exprs (#850)
  • Remove support rule if default value is not needed (#820)

Miscellaneous

Here is a shortlist of notable miscellaenous improvements.

  • Add any/all built-in functions (thanks @vrnmthr)
  • Add built-in function to parse Rego modules
  • Add copy propagation optimization to partial evaluation output
  • Add docs for exercising policies with test framework
  • Add extra output formats to eval subcommand
  • Add support for providing input to eval via stdin
  • Improve parser error readability
  • Improve rule index to support unknown values
  • Rewrite == with = in compiler
  • Update build to enable CGO

...along with 30+ other fixes and improvements.

v0.8.2

@tsandall tsandall released this Jun 26, 2018 · 237 commits to master since this release

Assets 5

Fixes

  • Fix virtual document cache invalidation (#736)
  • Fix partial cache invalidation for data changes (#589)
  • Fix query to path conversion in decision logger (#783)
  • Fix handling of pointers to structs (#722, thanks @srenatus)
  • Improve sprintf number handling (#748)
  • Reduce memory overhead of decision logs (#705)
  • Set bundle status in case of HTTP 304 (#794)

Miscellaneous

  • Add docs on best practices around identity
  • Add built-in function to verify JWTs signed with HS246 (thanks @hbouvier)
  • Add built-in function to URL encode objects (thanks @vrnmthr)
  • Add query parameters to authorization policy input (#786)
  • Add support for listening on a UNIX domain socket (#692, thanks @JAORMX)
  • Add trace event for rule index lookups (#716)
  • Add support for multiple listeners in server (thanks @JAORMX)
  • Remove decision log buffer size limit by default
  • Update codebase with various go-fmt/ineffassign/mispell fixes (thanks @srenatus)
  • Update REPL command to set unknowns
  • Update subcommands to support loader filter (#782)
  • Update evaluator to cache storage reads
  • Update object to keep track of groundness