chore(deps): bump github.com/open-policy-agent/opa from 0.34.2 to 0.35.0

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps github.com/open-policy-agent/opa from 0.34.2 to 0.35.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.35.0

This release contains a number of fixes and enhancements.

Early Exit Optimization

This release adds an early exit optimization to the evaluator. With this optimization, the evaluator stops evaluating rules when an answer has been found and subsequent evaluation would not yield any new answers. The optimization is automatically applied to complete rules and functions that meet specific requirements. For more information see the Early Exit in Rule Evaluation section in the docs. #2092

Built-in Functions

• The net.lookup_ip_addr function was added to allow policies to resolve hostnames to IPv4/IPv6 addresses (#3993)
• The http.send function has been improved to close TCP connections quickly after receiving the HTTP response and avoid creating HTTP clients unnecessarily when a cached response exists (#4015). This change reduces the number of open file descriptors required in high-throughput environments and prevents OPA from encountering ulimit errors.

Rego

• print() calls in the head of rules no longer cause runtime errors (#3967)
• Type errors for calls to undefined functions no longer contain rewritten variable names (#4031)
• The rego.SkipPartialNamespace option now correctly sets the flag on the partial evaluation queries (previously it would always set the value to true) (#3996) authored by @thomascoquet
• The internal set implementation has been updated to insert elements in sorted order rather than lazily sorting during comparisons.
• Fixed import alias parsing bug identified by fuzzer (#3988)

WebAssembly

• The Golang SDK will now issue a grow() call if the input document exceeds the available memory space.
• The malloc() implementation will now call opa_abort if the grow() call fails.

Server

• The decision logger adapts upload chunk sizes based on previous outputs. This allows the decision loggger to encode significantly more decisions into each upload chunk, thereby reducing heap usage for buffered decisions. For more information on the adapative chunking behaviour, see the Decision Logs page in the docs.
• The decision logger can be configured to send records to a custom plugin as well as an HTTP endpoint at the same time (#4013)
• print() calls from the system.authz policy are now included in the logs (#4048)
• OPA can use an Azure Managed Identities Token to authenticate with control plane services (#3916) authored by @Scowluga.
• The logging configuration will be correctly applied to service clients so that DEBUG logs are surfaced (#4071)

Tooling

• The opa fmt command will not generate a line-break when there are generated variables in a function call (#4018) reported by @torsrex
• The opa inspect command no longer prints a blank namespace when a data.json file is included at the root (#4022)
• The opa build command will output debug messages if an optimized entrypoint is discarded.

Website and Documentation

• The website has been updated to build with Hugo 0.88.1 (#3787)
• The version picker in the documentation is now scrollable (#3955) authored by @orweis
• The description of the urlquery built-in functions have been clarified (#1592) reported by @klarose
• The decision logger documentation has been improved to cover controls for large-scale environments (#3976)
• The "strict built-in errors" mode is now covered in the docs along with built-in function error behaviour (#3686)
• The OAuth2 and OIDC examples around key rotation and caching have been improved

CI

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.35.0

This release contains a number of fixes and enhancements.

Early Exit Optimization

This release adds an early exit optimization to the evaluator. With this optimization, the evaluator stops evaluating rules when an answer has been found and subsequent evaluation would not yield any new answers. The optimization is automatically applied to complete rules and functions that meet specific requirements. For more information see the Early Exit in Rule Evaluation section in the docs. #2092

Built-in Functions

• The net.lookup_ip_addr function was added to allow policies to resolve hostnames to IPv4/IPv6 addresses (#3993)
• The http.send function has been improved to close TCP connections quickly after receiving the HTTP response and avoid creating HTTP clients unnecessarily when a cached response exists (#4015). This change reduces the number of open file descriptors required in high-throughput environments and prevents OPA from encountering ulimit errors.

Rego

• print() calls in the head of rules no longer cause runtime errors (#3967)
• Type errors for calls to undefined functions no longer contain rewritten variable names (#4031)
• The rego.SkipPartialNamespace option now correctly sets the flag on the partial evaluation queries (previously it would always set the value to true) (#3996) authored by @thomascoquet
• The internal set implementation has been updated to insert elements in sorted order rather than lazily sorting during comparisons.
• Fixed import alias parsing bug identified by fuzzer (#3988)

WebAssembly

• The Golang SDK will now issue a grow() call if the input document exceeds the available memory space.
• The malloc() implementation will now call opa_abort if the grow() call fails.

Server

• The decision logger adapts upload chunk sizes based on previous outputs. This allows the decision loggger to encode significantly more decisions into each upload chunk, thereby reducing heap usage for buffered decisions. For more information on the adapative chunking behaviour, see the Decision Logs page in the docs.
• The decision logger can be configured to send records to a custom plugin as well as an HTTP endpoint at the same time (#4013)
• print() calls from the system.authz policy are now included in the logs (#4048)
• OPA can use an Azure Managed Identities Token to authenticate with control plane services (#3916) authored by @Scowluga.
• The logging configuration will be correctly applied to service clients so that DEBUG logs are surfaced (#4071)

Tooling

• The opa fmt command will not generate a line-break when there are generated variables in a function call (#4018) reported by @torsrex
• The opa inspect command no longer prints a blank namespace when a data.json file is included at the root (#4022)
• The opa build command will output debug messages if an optimized entrypoint is discarded.

Website and Documentation

• The website has been updated to build with Hugo 0.88.1 (#3787)
• The version picker in the documentation is now scrollable (#3955) authored by @orweis
• The description of the urlquery built-in functions have been clarified (#1592) reported by @klarose
• The decision logger documentation has been improved to cover controls for large-scale environments (#3976)
• The "strict built-in errors" mode is now covered in the docs along with built-in function error behaviour (#3686)
• The OAuth2 and OIDC examples around key rotation and caching have been improved

CI

... (truncated)

Commits

• a54537a Prepare v0.35.0 release
• 7efa40b cmd/inspect: Update inspect to pretty print by default (#4021)
• d7a762d rego: add EvalPrintHook() EvalOption
• 0649fe9 plugins: Fix logger initialization on plugin manager
• 6e7f271 build: Improve CHANGELOG mentions and token usage
• 7f73ac1 wasm: Update generated binaries
• 6663765 wasm: opa_abort if memory grow fails (#4055)
• c30494e plugins/rest/aws: debug log metadata error (#4061)
• 1cb8349 Improve OAuth2 / OIDC examples
• 2b25dc0 docs/content: Make spacing consistent (#4057)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codeclimate]

Code Climate has analyzed commit bfe57d5 and detected 0 issues on this pull request.

View more on Code Climate.

[coveralls]

Coverage decreased (-0.1%) to 65.638% when pulling bfe57d5 on dependabot/go_modules/github.com/open-policy-agent/opa-0.35.0 into 5be2bf0 on master.