This release rolls in security fixes from recent patch releases, along with a number of bugfixes, and a new builtin function.
Improved error reporting available in opa eval
A common frustration when writing policies in OPA is when an error happens, causing a rule to unexpectedly return undefined. Using --strict-builtin-errors would allow finding the first error encountered during evaluation, but terminates execution immediately.
To improve the debugging experience, it is now possible to display all of the errors encountered during normal evaluation of a policy, via the new --show-builtin-errors option.
Consider the following error-filled policy, multi-error.rego:
package play
this_errors(number) := result {
result := number / 0
}
this_errors_too(number) := result {
result := number / 0
}
res1 := this_errors(1)
res2 := this_errors_too(1)
Using --strict-builtin-errors, we would only see the first divide by zero error:
2 errors occurred:
multi-error.rego:4: eval_builtin_error: div: divide by zero
multi-error.rego:8: eval_builtin_error: div: divide by zero
By showing more errors up front, we hope this will improve the overall policy writing experience.
New Built-in Function: time.format
It is now possible to format a time value from nanoseconds to a formatted timestamp string via a built-in function. The builtin accepts 3 argument formats, each allowing for different options:
This release rolls in security fixes from recent patch releases, along with
a number of bugfixes, and a new builtin function.
Improved error reporting available in opa eval
A common frustration when writing policies in OPA is when an error happens,
causing a rule to unexpectedly return undefined. Using
--strict-builtin-errors would allow finding the first error encountered
during evaluation, but terminates execution immediately.
To improve the debugging experience, it is now possible to display all of
the errors encountered during normal evaluation of a policy, via the new
--show-builtin-errors option.
Consider the following error-filled policy, multi-error.rego:
package play
this_errors(number) := result {
result := number / 0
}
this_errors_too(number) := result {
result := number / 0
}
res1 := this_errors(1)
res2 := this_errors_too(1)
Using --strict-builtin-errors, we would only see the first divide by zero
error:
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
bcho
commented
1 year ago
Bumps github.com/open-policy-agent/opa from 0.47.4 to 0.48.0.
Release notes
Sourced from github.com/open-policy-agent/opa's releases.
... (truncated)
Changelog
Sourced from github.com/open-policy-agent/opa's changelog.
... (truncated)
Commits
572e5c7Prepare v0.48.0 release (#5547)f510d80Fix: Correct the spelling of forbidden in the future.keywords.contains sectio...00152cbcmd: Copy the loop variable into a new variable79700cebuild(deps): bump github.com/containerd/containerd from 1.6.14 to 1.6.15 (#5549)4e66158topdown: cache undefined rule evaluations (#5523)eccfa95topdown: Specify host verification policy for http redirects9036b00topdown: fix re-wrapping of ndb_cache errors (#5543)43be06eUpdate base images for non debug builds (#5540)d8d7de1build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 (#5541)8bb23ba[rego] Check store modules before skipping parsing (#5520)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)